HOTEL GUESTS PRIVACY STATEMENT
This document constitutes a Privacy Statement within the meaning of the General Data Protection Regulation (GDPR). It is designed specifically for the guests of Devin Spa Hotel (hereinafter referred to as the Hotel or the Controller). Below you will find information:
- regarding the controller who processes your personal data;
- which categories of personal data we process;
- under what conditions we process data;
- on the purposes and legal bases of processing;
- deadlines for retaining data and data security measures;
- how to exercise your rights under the General Data Protection Regulation;
- as well as in which cases and in what order we provide your personal data to third parties.
WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?
Devin-Sharlopov Hotels Ltd., which is the owner of Devin Spa Hotel, with the registration in the Commercial Register kept by the Registry Agency with UIC: 830163887 and headquarters in 4800 Devin, 2A Druzhba Street, tel: +359 899 972 904 , email: officespadevin [hop] com () is responsible for the processing of your data as a data controller.
In case you wish to access, rectify or erase the data collected for you, you suspect unauthorized access, you want to object or withdraw your consent to processing, or if you have questions and comments related to this Statement , you can contact both the company and the hotel at the above mentioned addresses as well as the appointed Data Protection Officer Amatas EAD, at 141 Tsarigradsko shose Blvd., tel.: + 359 899 911911 and e-mail: dpoamatas [hop] eu
WHAT INFORMATION DO WE COLLECT FOR YOU?
Within the context of our activities, it is normal and necessary to collect and process information about our guests. The information is collected directly from our guests and in particular concerns:
- Your identity date - Names, Personal Identification Number/ Personal Number of Foreign National, Date of Birth, Sex, Citizenship, Number, Validity, and Issuing State of a Personal Identity Document;
- Contact details - email, address, telephone;
- Video image, insofar as video surveillance is carried out in certain places on the territory of the hotel, which is marked with the relevant information boards and signs.
WHY DO WE COLLECT YOUR DATA?
The primary reason for collecting your personal data is to be able to provide you with a quality service by identifying you so that:
- We can fulfill commitments made to you - as our guests, related to your reservation and stay on the territory of the hotel;
- We can fulfill the statutory accounting requirements for the services provided;
- You can lodge a complaint or objection about our services;
- We can ensure your security, the security of our staff and hotel equipment;
- If you consent, your data may also be used to provide information about promotions and other interesting information related to our services.
ON WHAT LEGAL BASIS WE PROCESS YOUR DATA?
The Hotel processes personal data only on a valid legal basis. The legal basis for processing your data is the fulfillment of the commitments made to you under the hotel service agreement you are a party to, in particular, to identify you as a guest on the territory of the hotel. Like any merchant, we process your personal data also for accounting of the services we provide to you by referring to the Accountancy Act and the Tax and Social Security Procedure Code.
On second place, data processing is also necessary to protect your rights as a user when lodging a complaint or an objection about our services.
On third place, as a guest of the hotel, we are obliged to collect certain categories of personal data which, under our obligation under the Civil Registration Act, we provide to the Ministry of Interior.
The video surveillance at the hotel is done with for a security reason based on our legitimate interest in protecting the security of the facility, the hotel equipment therein, our employees, and your own security. Video surveillance is done only at public places marked with the relevant signs. To ensure at maximum level your peace, we inform you that video surveillance is not done in any way in guest rooms, toilets and rest and relaxation rooms.
The implementation of the forms of direct marketing processing requires your explicit consent to be informed by email, by telephone call and/or short messages about discounts, promotions, lotteries and other marketing activities. Your consent about this may be withdrawn at any time.
WHAT PROTECTION MEASURES DO WE TAKE FOR DATA COLLECTED?
The preservation and security of your data is important to us because we want to keep your trust. In order to prevent loss, misuse or unauthorized access, we apply all reasonable measures and protection means. However, if there is any doubt about an infringement, we ask you to contact us or the Data Protection Officer immediately by using the contact details.
FOR WHAT PERIOD OF TIME DO WE RETAIN YOUR DATA?
The data related to your stay on the territory of the hotel are kept for a period not longer than necessary and in any case for no longer than three years, taking into account also the statutory terms within the meaning of the tax legislation. Video recordings in the hotel are kept for a period not longer than 2 months, by analogy with the Private Security Act. Data processed for direct marketing purposes, based on the customer's explicit consent, will be retained until withdrawal of consent but no more than two years after they have been granted unless you renew your consent to receive marketing information.
WHAT RIGHTS DO YOU HAVE CONCERNING THE PROCESSING OF YOUR DATA?
The General Data Protection Regulation provides for a number of options for the protection of individuals with regard to the collection and processing of data, in particular:
- the right to access and information regarding your data processing;
- the right to object to the processing when the data are processed based on the legitimate interest of the company;
- the right to withdraw your consent to processing the data when it is processed solely on the basis of your explicit consent;
- the right to portability of the data processed on your explicit consent or contract, depending on your instructions, we will provide you with a copy of the same or will automatically transfer it to another organization;
- the tight to rectification in case the data we retain for you is not accurate;
- the right to ask for "to be forgotten" when the data is processed on the basis of your consent or the processing is illegal;
- the right to lodge a complaint to a supervisory body (see below).
WHO CAN WE PROVIDE YOUR DATA?
In order to provide our services, provide hotel security and obtain up-to-date information, we may provide your data to third parties as well as to the following persons for the purposes listed below:
- other hotels of the Sharlopov Group, where necessary and lawful;
- competent tax and other public authorities in case of inspection, the authorities competent to establish and investigate crimes, as well as the bodies of the judiciary system;
- hotel partners (e.g. tour operators, accountants, an external archives company, or lawyers in case of litigation dispute) in connection with the performance of the agreement under which we provide you our services;
- in case of merging or acquisition, your data may be shared with the new owner(s) in their capacity of legal successors and you will be notified thereof.
In all cases, your data will not be shared with third parties established outside the EEA (EU, Norway, Iceland and Liechtenstein) unless explicitly permitted by local law and adequate safeguards measures and means are in place.
HOW YOU CAN LODGE A COMPLAINT TO THE COMPETENT SUPERVISORY BODY?
Notwithstanding the foregoing, you have the right to lodge a complaint to the Supervisory Authority - the Commission for Personal Data Protection (CPDP):
- personally, at address: 2, Prof. Tsvetan Lazarov Blvd., Sofia;
- by letter, at address: 2, Prof. Tsvetan Lazarov Blvd., 1592 Sofia;
- by email of CPDP - kzldcpdp [hop] bg In this case your complaint must be drafted as an electronic document signed by qualified electronic signature (not scanned!).;
- through the website of CPDP at address: https://www.cpdp.bg/ In this case your complaint must be drafted as an electronic document signed by qualified electronic signature.
In view of the requirements of the legislation, the above information may be changed by the controller. For questions and up-to-date information about processing your data, please contact us through the contact details.