Галеон Резидънс & СПА - лого
Book now
Book now

PRIVACY POLICY

The HOTEL is a data controller registered with the Commission for Personal Data Protection and processes the provided data and personal information in accordance with the Personal Data Protection Act and the General Data Protection Regulation (EU) 2016/679.

This Privacy Policy applies to the HOTEL and its official website.

As a data controller and a company with long-standing experience in the tourism industry, we respect our clients’ right to privacy. This security policy aims to inform you about the process of collecting, processing, storing, using, and transferring personal data. Please read it carefully. If you have any questions, you may contact us through the contact form.

Definitions

For the purposes of this policy and in accordance with Regulation (EU) 2016/679:

Personal data is any information relating to an individual who is identified or can be identified, directly or indirectly, by an identification number or by one or more specific characteristics. The data may refer to facts (for example—name, email address, location, or date of birth) or opinions regarding the actions or behavior of the data subject.

A data controller is a natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data. When the purposes and means of processing are determined by EU law or the law of a Member State, the controller or the specific criteria for its designation may be provided for in that legislation.

Processing of personal data is any operation or set of operations that can be performed on personal data, whether by automated means or otherwise, such as collecting, recording, organizing, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination, provision, updating or combining, blocking, erasing, or destroying.

PROCESSING OF PERSONAL DATA

In order to provide and improve our services and administrative activities, we store, use, and process personal data in compliance with applicable legal requirements.

TYPES OF PERSONAL DATA SUBJECT TO PROCESSING

The types of personal data that the controller collects and processes depend on the purposes of the processing:

    1. For making a booking request and confirming a reservation, the HOTEL collects and processes the following data:

a/ When booking through the website:

  • First and last name of the contact person;
  • Email address and phone number of the contact person;

b/ When booking by phone:

  • Phone number and email address for reservation confirmation;
  • First and last name of the contact person;

This data is stored until the reservation is completed, after which it is deleted and not subject to further processing.

  1. For guest check-in at the HOTEL, the following data is processed and stored:
  • Personal Identification Number (PIN) / Foreigner’s Personal Number;
  • Name of the person (in Cyrillic for Bulgarian citizens, in Latin for foreigners);
  • Date of birth;
  • Gender;
  • Citizenship;
  • Identity card / valid national identification document;
  • Country of document issuance.

The data is collected on the basis of Article 116, paragraph 2 of the Tourism Act and is stored for a period of 5 calendar years.

  1. For organizing corporate or private events at the HOTEL, the following data is processed and stored:
  • First and last name of the organizer. For corporate events—a contact person;
  • Email and phone number of the contact person.

This data is stored for up to three years after the event has taken place.

PRINCIPLES OF PROCESSING

When processing personal data, we adhere to the following principles:

  • Lawfulness – we comply with the applicable Bulgarian and European legislation;
  • Fairness and transparency;
  • Relevance and data minimization;
  • Storage limitation according to the purposes and duration;
  • Consent – we require explicit consent for processing data for marketing purposes.

By submitting an inquiry to the HOTEL, you give consent for the storage and processing of the personal data you provide, for the purpose of fulfilling your request.

Personal Data Protection

The HOTEL uses electronic methods for processing personal data, in compliance with the legislation. Authorized personnel processing the data are required to maintain confidentiality.

Security

The HOTEL implements technical and organizational measures to protect personal data from accidental or unlawful destruction, loss, unauthorized access, and other risks. Data may be shared with partners acting on behalf of the HOTEL as data processors, while ensuring confidentiality.

Data disclosure is permitted by legal obligation or by order of a judicial/administrative authority. Accommodation data may be provided to: the Ministry of Tourism, municipalities, the Ministry of Interior, the National Revenue Agency, and the National Statistical Institute.

USER RIGHTS

  1. You have the right to access and correct your personal data through a written request;
  2. You have the right to object to the processing;
  3. You have the right to lodge a complaint with the Commission for Personal Data Protection;
  4. You have the right to receive your data in a structured, machine-readable format and to transfer it to another controller.

CHANGES TO THE POLICY

This policy may be unilaterally amended by the HOTEL for improvements, new services, or legal changes. In case of updates, users will be notified via the HOTEL’s website. If no objection is made within a reasonable period, it is considered that you accept the new terms. Contacting the HOTEL team
If you have any questions regarding this policy, please use the contact form.

Галеон Резидънс & СПА - лого в бяло
Facebook Instagram