Personal Data Protection Policy of THE CLIFF HOTEL OBZOR BAY
Information about us
L HOTELS EOOD (hereinafter referred to as the "Hotel" and/or "Controller") is a company entered in the Trade Register and the Register of the Non-profit Legal Entities, kept at the Registry Agency under UIC:147045373, with headquarters and business address: town of Burgas,31 Slivnica., +359 56 8 46297 Email: info@thecliff-obzorbay.com ;
Our Data Protection Officer's Contact Details:
Data Protection Officer:
Phone+359 878671225
Email: info@thecliff-obzorbay.com
The hotel as a data controller collects and processes certain information on natural persons.
This information may refer to hotel employees, managers, clients and guests, suppliers, contractors, business contacts and other natural persons whom the Controller has relations with or would like to establish any business contact.
This Personal Data Protection Policy settles how personal data should be collected, processed and kept to meet the standards of the Controller's organization and be in compliance with legal requirements.
This Personal Data Protection Policy is issued on the basis of the Personal Data Protection Act and its regulations of its usage as amended (“Bulgarian Legislation”) and General Data Protection Regulation (GDPR) (EU) 2016/679.
What is meant by "personal data" and "processing of personal data"?:
"Personal data" means any information which a natural person can be identified with, directly or indirectly, by one or more attributes typical of the person such as: name, identification number/Civil ID number, contact details: location / mailing address, phone number, email address, online identifier / IP address, video images, and etc. These attributes may be a part of the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity of the natural person.
"Processing of personal data" means sum of operations executed with personal data or set of personal data such as collecting, recording, arranging, structuring, keeping, adapting or modifying, extracting, advising, using, disclosing through submitting, distributing or other means by which data becomes available, fixing or combining, limiting, deleting or destroying;
Our attitude towards your personal data
The hotel attaches great importance to the personal data protection and collects and processes personal data in compliance with the requirements of national and European legislation only. The purpose of this Personal Data Protection Policy is to inform you in what way we are processing your data and what kind of personal data we are collecting about you; for what purpose, period and what your rights are.
Your data security is very important to us. That’s why we protect your data by applying all proper and adequate technical and organizational means regarding potential risks to the rights and freedoms of natural persons in order to prevent unauthorized access, unauthorized or malicious use, loss or untimely deletion of information.
What kind of information do we collect and why?
We may collect personal data about you when using our website or when selecting our services. In most cases we require your personal data for the purpose of signing a contract, complying with a legal obligation or protecting our legal interest. In certain cases we process data based on your consent.
o Depending on the services used, we may collect and process the following information about you;
o Name of person, Civil ID number (for hotel registration and invoice issuance, upon request), date of birth and sex;
o Contact details - mailingaddress, phone number and email address (email);
o Recordings on video cameras to ensure our and your security;
Our guiding principles:
We strictly observe some basic mandatory principles when processing your personal data:
o Personal data is processed lawfully, in good faith and in a transparent way;
o Personal data is collected for specific, explicit and legitimate purposes and is not further processed in a way incompatible with these purposes;
o Personal data is relevant, related and limited to what is needed in relation to the purposes which they are being processed for;
o Personal data is accurate and up-to-date, if needed;
o Personal data is kept in form allowing the persons concerned to be identified for a period no longer than is needed for the purposes which the personal data is processed for;
o Personal data is processed in a way providing with an adequate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss,
o destruction or damage by applying proper technical or organizational measures.
What is the purpose of personal data processing?
We process personal data collected most frequently with the following objectives:
When signing and executing a contract – with regard to guest registration at the hotel, preparation of accounting documents such as a bill or an invoice for the services provided to you; for the purpose of notifications related to our services.
When performing a legal obligation - for the purpose of obligations provided by Tourism Act, Accountancy Act and Tax-Insurance Procedure Code and other related regulations with regard to the proper and legal accounting; in information obligations to all state commissions and regulating authorities, as well as court; when performing online booking (distance selling) and selling outside our hotel facility;
With your consent - for direct marketing of our products and services.
Based on our legitimate interest - making video surveillance in our retail outlets;
What is the purpose of personal data processing?
We process personal data collected most frequently with the following objectives:
When signing and executing a contract – with regard to guest registration at the hotel, preparation of accounting documents such as a bill or an invoice for the services provided to you; for the purpose of notifications related to our services.
When performing a legal obligation - for the purpose of obligations provided by Tourism Act, Accountancy Act and Tax-Insurance Procedure Code and other related regulations with regard to the proper and legal accounting; in information obligations to all state commissions and regulating authorities, as well as court; when performing online booking (distance selling) and selling outside our hotel facility;
With your consent - for direct marketing of our products and services.
Based on our legitimate interest - making video surveillance in our retail outlets;
What are your rights:
When collecting and processing your personal data, you are entitled to:
Information on your personal data processed and access to your personal data collected;
Correction/completion if the data is inaccurate/incomplete - on your own initiative or on the initiative of the hotel;
Deletion of personal data, if there are legal grounds for doing so;
Restriction on the processing of your personal data by the hotel, provided there are legal grounds for doing so;
Portability of personal data between separate controllers- this entitles you to receive your data from the hotel and to transfer it to another controller in a format suitable for use;
Objection to the processing of your personal data, provided there are legal grounds for doing so;
Right to judicial or administrative defence if your rights have been violated;
You can protect your rights by emailing us at: info@\thecliff-obzorbay.com or by mail/courier at: town of Burgas, 12 D office4 ul.Luben Karavelov;
We keep your personal data in accordance with the purpose which they were collected for and within the statutory deadlines.
When can we disclose your personal data:
We enforce a set of measures to protect your personal data from loss, theft and misuse, and from unauthorized access, disclosure, modification or destruction. The hotel uses third parties to support certain contract activities or upon performing a legal obligation. We do not provide third parties with your personal data before we are sure that all technical and organizational measures have been taken to protect this data by trying to execute strict control to reach this goal. Some of the recipients of personal data can be: courier companies, external consultants and experts, collection companies and law firms, banks, security companies, sales agents and representatives, and etc.
Your personal data may be disclosed in certain circumstances stipulated by law. For example, your personal data may be disclosed to third parties with your explicit consent or with the authorization of the Data Protection Commission. In certain cases providing of personal data is mandatory in order to comply with our legal requirements such as: Regulating authorities, including state commissions, institutions and agencies, NRA, NSSI, courts, prosecutor's office, and etc. where we must provide personal data in accordance with the valid legislation. If needed or appropriate we may provide your personal data for the national security purposes or for issues of public concern.
Tracking Cookies
We use "cookies" to make your visit to our website more pleasant and to provide use of certain features on different pages. These are small text files which are saved on the end device by which you visit our website. Some cookies, "session cookies", are deleted when you close your browser. Other cookies remain on your end device and allow us or our affiliates to recognize your browser on a subsequent visit ("permanent cookies"). You can set your browser in such a way allowing you be aware of the cookies setting and decide to accept them individually or turn off the acceptance of cookies for particular cases or as a whole. You can find additional information in the help section of your Internet browser. Cookies disclaimer may restrict the functionality of our website. We distinguish system “cookies” and promotional “cookies”. System cookies are required for the proper functioning of our website. Cookies disclaimer will change your browsing experience on our website and certain services on our website will not be usable. Promotional cookies are saved by loading the website and help us analyze the aggregated data regarding our visitors, for example how they reach our website, how much time they spend on it, if this is their first visit, how they review the content of our website. We also may reach a conclusion regarding the success of our marketing campaigns.
Facebook Pixel
We use Facebook Pixel, a Facebook service. This service uses “cookies” stored on your device allowing ad targeting through the Facebook ad platform to its users as well as users of Facebook partner companies such as Instagram who have already visited our website in the last 180 days. This service also provides extra opportunities for creating general and anonymous public of visitors based on the website's content, as well as tracking the success of advertisement campaigns executed through the Facebook ad platform. More information can be found in the Facebook Privacy Policy here: https://www.facebook.com/about/privacy/. If you do not want to take part in the tracking process, you can disclaim the “cookie” setting needed for that by using your browser settings and disable the general and automatic cookie saving.
Links to social media
Our website also contains links to Facebook and Instagram. In this case, the data transfer to the social media operators mentioned happens only when pressing the relevant button of the icon illustrating the link. Clicking on such a button opens the page of the respective social media. There you can post information on our services in accordance with the rules of the social media operator . You can use our official contact profiles in the various social media as well as other official public accounts of the company. These are our: Facebook page Instagram page https://www.instagram.com/the_cliffhotel.
Your personal data sent via a private message shall only be processed for the purposes of the reply to your inquiry. We are not responsible for the information and personal data which you voluntarily share in our official profiles without expressly being requested by you.
Security
The hotel take due measures to protect your personal data from accidental loss and unauthorized access, use, modification or disclosure. There are policies and procedures designed to protect information from loss, misuse and unauthorized disclosure. In addition, we take extra measures regarding information security, including access control, strict physical protection and reliable practices for collecting, keeping and processing information.
On the other hand, we apply technical measures such as encryption, pseudonymization and anonymization of personal data collected.
When do we delete your personal data?
We keep all the information we have collected about you and destroy it within the statutory time limits and if where there are no such ones, destruction is done within the time limits set by us (30 days in video surveillance) and after the final arrangement of all our financial issues. We do not keep your data for an indefinite period.
Transfer between countries
Transfer, keeping and processing of personal data is provided by modern technical resources. The hotel will not transfer your data outside of the EEA without complying with the legal opportunities and will introduce proper precautions to keep the confidentiality of your information.
Destruction
Hotel keeps the accounting and commercial information as well as all other information and documents relevant to the taxation and mandatory social security payments within the following time limits:
o payrolls - 50 years;
o accounting records and financial reports - 10 years;
o tax and social security control documents - 5 years after the expiration of the limitation period for repayment of the public obligation which they are related to;
o all other carriers - 5 years if any shorter time limit is not stipulated by the legislation;
o video surveillance records - 30 days;
When the storage period expires, carriers of information (paper or technical) which are not subject to submission to the National Archives Fund may be destroyed.
When the storage period expires, data is destroyed as soon as possible through the medium of destroying the hard carriers by shredding. Technical carrier is destroyed by erasing and deleting relevant files from the Company’s computers and systems.
Changes to this Personal Data Protection Policy
This Personal Data Protection Procedure can be amended over time. Such amendments will be valid immediately after their disclosure. Regular review of this page ensures that you will always be aware of what kind of information we are collecting, how and for what purposes the Hotel uses it and under what circumstances (if any) we will share it with other parties.
This Personal Data Protection Policy was approved by the Managing Director on May 20, 2018 and last updated on Mar 4 , 2022.