Hotel Rusalka hereinafter referred to as „ THE HOTEL “ is a personal data controller and processes the personal data provided in accordance with the Personal Data Protection Act and REGULATION ( EU ) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the cancellation of Directive 95/46 / EC General Regulation on the protection of personal data, hereinafter „ ORZD “.
This Privacy Policy is implemented by HOTEL and can be found on its official website.
We, as a Personal Data Administrator and as a professional, with many years of experience in the field of tourism, respect the privacy of users. This security policy aims to inform you about the process of collecting, processing, storing, using and redirecting personal data. Therefore, please read its contents carefully. In case you have questions, you can ask them through the Contact Form of the site.
I. DEFINITIONS
Within the meaning of this Policy and according to the definitions given in Art. 4 of the ORZD, the following terms will have the following meaning:
1. „ Personal data “ means any information related to an identified natural person or natural person that can be identified („ data subject “);
2. „ Data subject “ – is a natural person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, an online identifier or one or more signs specific to the physical, physiological, genetic, mental, mental, economic, cultural or social identity of that individual;
3. „ Personal Data Administrator “ is a natural or legal person, public authority, agency or other body that alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the administrator or the special criteria for its determination may be laid down in Union law or in the law of a Member State;
4. „ Processing of personal data “ is any operation or set of operations performed with personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adapting or modifying, retrieving, consulting, using, disclosing by transmission, disseminating or otherwise making the data available, arranging or combining, restricting, deleting or destroying.
In order to provide and improve the services we provide and for the needs of administering the resources to them, we store, we use and process personal data as described in this Privacy Policy in compliance with applicable legal requirements.
II. TYPES OF PERSONAL DATA PROCESSED
The types of personal data that the Administrator collects and processes are different, according to the purposes for which they are collected and the reasons for their processing:
1. For realization, application and confirmation of a reservation, the HOTEL collects and processes the following types of data:
a / When booking, through a website:
-
Name and surname of the contact person;
-
e-mail address and telephone number of the contact person;
-
bank card for reservation guarantee;
b / When booking by phone:
-
contact phone and e-mail address to confirm the reservation
-
Name and surname of the contact person;
2. For the purpose of accommodating guests in HOTEL, the administrator processes and stores the following data:
-
PIN / LNCH;
-
Name of the person ( for Bulgarian citizens – in Cyrillic, for foreigners – in Latin, according to the national document );
-
Date of birth;
-
Gender;
-
Citizenship;
-
ID number / valid national identity document;
-
Country that issued the national document.
The data, which are collected for the purposes of registration in the hotel, shall be collected on the grounds of Art. 116, para 2 of the Tourism Act and are necessary for keeping a register for the accommodated tourists. The data is stored for a period of 5 / five / calendar years.
3. For the purposes of implementing corporate or personal events in HOTEL, the following data are processed and stored:
-
Two names of the person organizer of the event. In case of corporate events, contact person designated by the legal entity, organizer of the event;
-
e-mail address and telephone number of the contact person
These data are stored for up to 5 / five / calendar years after the realization of the event in order to realize rights in court claims or defense in filed claims.
4. In order to ensure safety on the premises of the Hotel and in order to prevent illegal actions in HOTEL, the following data are processed and stored - video image of the individuals who visited HOTELA. Video surveillance is performed only in the common parts of HOTEL. Video surveillance data help to investigate anti-government events and acts against public order. These data are stored on DVR or NVR devices with limited access to the data of persons solely authorized to access and process personal data. Individual video images are stored for up to one month from the date of filming, after which they are destroyed automatically, unless storage for a longer period is necessary in order to fulfill a legal obligation of HOTEL.
III. GROUNDS FOR PROCESSING
The HOTEL processes your personal data on the grounds of Art. 6 (1) and (b. „ a “ b. „ b. “ c “ and b “ e „ from ORZD, namely:
Art. 6 (1), b. „ a “ of ORZD – the data subject has given consent to the processing of his personal data for the receipt of commercial messages for marketing purposes.
Art. 6, paragraph 1, b. „ a “ of ORP – the processing is necessary for compliance with a legal obligation that applies to the Administrator;
Art. 6, paragraph 1, b. „ b “ of the ORD - the processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at the request of the data subject before concluding a contract;
Art. 6 (1), b. „ e “ of ORZD – processing is necessary for the legitimate interests of HOTELA, except where such interests are preceded by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child.
IV. PRINCIPLES OF PROCESSING
When processing personal data, we respect the following principles:
-
legality in the collection, processing and storage of your data - we comply with the provisions of the applicable Bulgarian and European legislation;
-
good faith and transparency – the data we collect, process and in accordance with this Privacy Policy, which is available to each user;
-
relevance of the treatment with the purposes and minimizing the data – the types of data we collect are minimized according to the purposes for which they are processed. The purposes for which your data is processed are those for which we are legally disadvantaged, for which we have a contractual relationship or for their collection we have received your consent;
-
storage restriction – we process and store the received data for a period of time according to the purposes for which they are needed and according to your consent.
-
user consent for data processing – in order to use your data for marketing purposes, in order to improve the services we provide to you, we must obtain your explicit consent.
Please note that when sending an inquiry to HOTEL (for price conditions, for booking, for clarification on a reservation already made, for an event and/or other issues related to the services provided by HOTEL) You give your consent to the HOTEL to store and process the personal data provided by you for the purposes of the request.
In this case, your data will be deleted in accordance with current regulations and current privacy policies.
Personal data obtained in connection with an inquiry shall be processed and stored within 6 / six / months of processing the request and then destroyed, except in cases where the Administrator has the right to store the data on a legal or contractual basis for a longer period.
V. PERSONAL DATA PROTECTION MEASURES
We use electronic methods for processing personal data in order to ensure accurate and fast provision of services and to assist users.
The process of processing your personal data provided to HOTEL is carried out in accordance with the applicable legislation in the field of personal data protection, and the HOTEL respects your privacy. The HOTEL shall ensure that the persons authorized by it to process personal data have undertaken confidentiality or are required by law to keep the personal data entrusted to them in confidentiality.
The HOTEL shall apply technical and organizational security measures in order to protect the personal data you have provided from accidental or unlawful destruction, accidental loss, unlawful access, alteration or dissemination, as well as other illegal forms of processing by unauthorized persons. The security measures we implement are subject to constant improvement and adaptation to state-of-the-art technologies.
Personal data collected may be provided to HOTEL partners, who act as processors of personal data on behalf of HOTEL and have undertaken to comply with all applicable data protection standards. We comply with the condition that the relevant information can only be used within the limits, placed by the legal basis on which they are collected or by your personal consent regarding the processing carried out on behalf of HOTEL, and that this information should be treated as confidential.
The HOTEL may disclose and provide personal information in accordance with applicable law, if a court or administrative body orders or requests this or if the provision of personal data is related to the fulfillment of a legal obligation of HOTELA.
The data collected for the purposes of accommodation in HOTEL is available to the third parties defined in the Tourism Act – Ministry of Tourism, Municipalities, Ministry of Interior, National Revenue Agency and the National Statistical Institute.
VI. STORAGE OF PERSONAL DATA
The data we collect from you are stored within the European Economic Area („ EEA “) in compliance with national and European legislation, and in particular the ORD.
VII. RIGHTS OF PERSONAL DATA SUBJECTS
Users of services provided by HOTEL have the following rights as personal data subjects:
1. Right of access and right of rectification: In accordance with current regulations, you have the right and access to the data you have provided for processing. With a written application through the Contact Form of the site, you can receive information about the type of personal data provided and the purpose of their processing. By accessing your data, you may request that it be corrected if you find errors or inconsistencies.
2. Right to object to the processing on the basis of a legitimate interest: Users have the right to object to the processing of their data. The objection is addressed to HOTEL through the Contact Form of the site from this section. The HOTEL undertakes to consider your objection within 30 calendar days of its receipt and to inform you of the result of the internal inspection.
3. Users have the right to complain to the competent supervisory authority. According to the current regulations, the competent supervisory body in the Republic of Bulgaria is the Commission for Personal Data Protection.
4. Right of portability: When the HOTEL processes your personal data in an automated manner on the basis of your consent or on the basis of a contract, you have the right to receive your data in a structured way, widely used and machine-readable format. Users are also entitled to transfer this data to another personal data controller without obstruction by HOTEL, in respect of data provided by consent, in the case of data provided under a contract, to which the consumer is a party or data provided when taking steps by the consumer and requesting a contract.
5. Right to delete / right „ to be forgotten “ /: You have the right to delete all personal data processed by HOTEL and its personal data processors at any time, except where the processing is necessary for at least one of the following purposes, namely:
-
(a) to exercise the right to freedom of expression and the right to information;
-
(b) to comply with a legal obligation which requires processing provided for in Union law or the law of the Member State applicable to HOTELS;
-
(c) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1) of the ORD, in so far as the right of erasure is likely to make it impossible or seriously difficult to achieve the objectives of such processing, or
-
(d) for the establishment, exercise or defense of legal claims.
6. Right to restriction: You have the right to request that the HOTEL restrict the processing of your personal data in the following circumstances:
-
(a) the accuracy of the personal data is contested by the data subject for a period which allows the Administrator to verify the accuracy of the personal data;
-
(b) the processing is unlawful, but the data subject does not wish the personal data to be deleted, but requires that their use be restricted instead;
-
(c) The controller no longer needs personal data for the purposes of the processing, but the data subject shall request it for the establishment, exercise or protection of legal claims;
-
d) the data subject has objected to the processing according to art. 21, paragraph 1 of the ORD and pending verification that the legal grounds of the controller take precedence over the interests of the data subject.
7. Right to be informed about an violation under Art. 34 of the ORD:
Where the personal data breach is likely to pose a high risk to your rights and freedoms, the HOTEL shall, without undue delay, inform you of the personal data breach, a communication describing the nature of the personal data breach and indicating at least:
-
the name and contact details of a person on the HOTEL team from which more information can be obtained;
-
the possible consequences of the personal data breach;
-
a description of the measures taken or proposed by the controller to address the personal data breach, including, where appropriate, measures to reduce any adverse effects.
The above information will not be sent in person to any user in the event of a security breach when the HOTEL has fulfilled any of the following conditions:
-
(a) has taken appropriate technical and organizational protection measures and these measures have been applied to personal data affected by the personal data breach, in particular the measures, which make personal data incomprehensible to any person who does not have permission to access them, such as encryption or
-
(b) has subsequently taken measures to ensure that the high risk to the rights and freedoms of the data subjects mentioned above is no longer likely to materialize, or
-
(c) the notification would lead to a disproportionate effort.
In the hypotheses described above, the HOTEL will publish a message on its website so that data subjects are equally effectively informed.
VIII. CHANGES IN THE PERSONAL DATA PROTECTION POLICY
HOTEL's privacy policy can be changed unilaterally by HOTEL in order to improve, offer new services, change the way we service and communicate with our customers, as well as in connection with legislative changes.
In making changes to this Privacy Policy, the HOTEL brings to your attention the changes made by publishing them on our website, giving you a reasonable period of time to read them, after which they begin to apply to the processing of your personal data, without further notice.
If you state within this period that you reject the changes, it will be considered that you have withdrawn your consent to the processing of your personal data and the HOTEL will suspend their processing in the future, when the grounds for collecting and processing your personal data are given your consent. This may also be related to the termination of your registrations for our games, services, e-newsletters, etc., for the purposes of which you initially provided us with your personal data.
IX. Contact the HOTEL team
If you have any questions regarding our measures and rules regarding the protection of personal data, please send a message via Contact form to the site.
Exercising the above rights does not deprive you of the right to appeal. You can submit one to the supervisory body of Bulgaria – the Commission for Personal Data Protection. More information can be found at: www.cpdp.bg