BOOK NOW
INQUIRY

Principles for processing personal data

The policy of D AND P HOTELS LTD with EIK:203907154 and address BULGARIA, gr. Sofia, Lozenets district, ul. John Exarch, 47, in. А, stage 1, aims to ensure compliance with the provisions of the Regulation.

D&P HOTELS LTD collects and processes personal data lawfully, in good faith and in accordance with the principles and rights of natural persons in relation to the processing of their personal data.

D&P HOTELS LTD processes personal data of individuals only in the following cases:

  • processing is necessary to comply with a legal obligation of D&P HOTELS LTD;
  • the processing is necessary for the performance of a contract (including an order) with D AND P HOTELS LTD, to which an individual is a party, or to take steps at the request of an individual before entering into a contract, where his identification is required;
  • the individual has given his or her unambiguous consent to an intelligible and transparently defined purpose on the part of D&P HOTELS LTD for which the processing of his or her personal data is necessary;
  • the processing is necessary to protect the vital interests of the natural person whose personal data is being processed or of another natural person;
  • the processing is necessary for the purposes of the legitimate interests of D AND P HOTELS LTD or of a third party in accordance with the provisions of the Regulation;
  • the other cases provided for in the Regulation.

D&P HOTELS LTD does not collect or process personal data of individuals beyond its legal obligations or its needs for doing business.

In all cases where it is necessary to use collected and processed personal data of natural persons for purposes other than the original ones, D AND P HOTELS LTD shall notify the natural persons concerned, request their consent and proceed to the processing of their personal data for other purposes only after their explicit consent.

D&P HOTELS LTD collects and processes only the minimum necessary personal data of individuals who:

  • are provided by law;
  • are required for the performance of a contract;
  • are necessary to fulfil the purposes for which they are collected.

D&P HOTELS LTD shall ensure that the processing of personal data of individuals is carried out with the utmost accuracy and, where possible, always up to date.

D&P HOTELS LTD shall ensure that the access and processing of personal data of natural persons is carried out by the minimum number of persons (operators) who have the necessary competence for their processing and the necessary commitment to their protection.

STORAGE PERIODS

D AND P HOTELS LTD stores personal data for the following periods:

  • Data for the register of accommodated tourists within the meaning of Article 116 of the Law on Tourism, which include identification data of the accommodated persons and data related to the hotel accommodation – In accordance with the procedure and time limit provided for in the Law on Tourism and by-laws.
  • Information relating to hotel accommodation, event and catering services requested and used, including cancellations of hotel accommodation bookings (insofar as they relate to refunds of prepaid amounts and/or deductions of amounts due) – From the time of the relevant booking/request until 5 /five/ years from the provision of the service/completion of the contract/cancellation of the booking. In cases where the services are requested and used on the basis of a contract with continuous performance, the time limit starts from the final performance and/or cancellation of the contract.
  • Financial and accounting documents; invoices; authorization forms; other information related to tax and insurance control – Up to 10 /10/ years from the beginning of the year following the year in which payment of the liability for the respective year is due.
  • Unstructured communication, correspondence, complaints, alerts, etc. – 5 years.
  • Video data – up to 1 week
  • Data processed on the basis of the data subject’s explicit consent – From the time the consent is provided until it is withdrawn by the data subject.
  • Until the individual requests their deletion, where there is a basis for such a request

The personal data referred to in this Policy may be processed for a longer period than specified above if this is necessary to achieve the purposes set out herein or for the protection of the rights and/or legitimate interests (including in legal proceedings) of DI END PI HOTELS LTD or if the legislation in force provides for data processing for a longer period.

In all cases, D AND P HOTELS LTD shall ensure that the personal data collected and processed are reviewed at least once a year and those that fall under any of the above hypotheses shall be deleted without undue delay.

Personal data processing rules

  • Personal data is processed with the necessary levels and measures of protection

D AND P HOTELS LTD provides the necessary levels of physical, organizational and technological protection with regard to:

  • the nature, scope, context and purpose of the personal data processed;
  • the likelihood, impact levels and severity of the risk to the rights and freedoms of natural persons in the event of a breach of the security of the personal data processed;
  • its financial and organisational capabilities.

D&P HOTELS LTD shall also ensure all necessary measures for the timely recovery of collected and processed personal data in case of their loss as a result of accidental, malicious or force majeure events.

  • Personal data is processed with controlled and traceable access

D&P HOTELS LTD provides the necessary and appropriate technical, organizational and technological measures for controlled and traceable access to the personal data of individuals.

  • Personal data is processed with the necessary accountability to comply with the Regulation

D&P HOTELS LTD shall provide the necessary records and registers to be able to prove that the provisions of the Regulation have been complied with.

DATA SUBJECTS

In connection with the services provided, D&P PI HOTELS LTD processes information about the following Data Subjects:

  • individuals visiting the hotel website;
  • individuals who make bookings on their own behalf or on behalf of another natural or legal person through the Website;
  • natural persons using the services provided by D&P HOTELS LTD, including but not limited to hotel accommodation, catering and related services, the provision of premises for the organisation of other events , as well as natural persons representing or otherwise acting on behalf of legal entities using these services;
  • The services of DI END HOTELS LTD may only be requested by persons of legal capacity who are at least 18 years of age.

RIGHTS OF NATURAL PERSONS WHOSE DATA ARE PROCESSED

D&P HOTELS LTD shall ensure compliance with the rights of individuals whose personal data is collected and processed, which includes:

  • the right to be informed about the processing of personal data;
  • right of access to personal data – what data is held;
  • the right to rectification of inaccurate personal data;
  • the right to erasure – the right to be forgotten;
  • the right to restriction of the processing of personal data;
  • the right to be informed of action resulting from a request for rectification, erasure or restriction of the processing of personal data;
  • the right to data portability;
  • the right to object to processing of personal data;
  • the right not to be subject to automated decision-making involving profiling.

Processing of personal data

Processed Personal Data as controller:

  • of employees;
  • of individuals;
  • to suppliers individuals;


Purposes for processing personal data

D&P HOTELS LTD as Controller performs the following operations and processes only the necessary personal data for the following purposes:

  • for the conclusion, performance and termination of employment contracts and the calculation of employees’ salaries and benefits;
  • acceptance, administration and processing of reservations and cancellations;
  • administration, fulfilment and delivery of purchases made through the Website;
  • administering and receiving payments for services provided, including remotely;
  • to provide services to clients;
  • Ensuring an individual approach to the provision of services, in line with users’ stated preferences
  • for the conclusion and performance of contracts with suppliers of natural persons;
  • for direct marketing for sales purposes;


RECIPIENTS AND CATEGORIES OF RECIPIENTS

In connection with the fulfilment of the purposes set out above, DI END PI HOTELS LTD provides personal data of individuals to the following recipients:

  • NRA in connection with the calculation of staff salaries;
  • NSSI in relation to the calculation of staff benefits;
  • Occupational Medicine Society in relation to the obligation to keep staff health status up to date and carry out periodic medical examinations;
  • General Labour Inspectorate, NSSI and Ministry of Interior – in connection with work accidents;
  • Ministry of Interior – in connection with the transmission of information about the guests of the hotels;
  • Other state and municipal authorities and/or institutions – in connection with legal obligations to them or in connection with legal requests from them for information containing personal data;
  • Subcontractors for contractual obligations.


VIDEO SURVEILLANCE AND SECURITY

In accordance with the requirements of the applicable legislation, DI END PI HOTELS Ltd. applies security measures that include the following technical and organizational means to control access and to ensure physical security against attacks on buildings and facilities and to protect the life and health of citizens: a video surveillance system, carrying out 24-hour video surveillance and consisting of recording and storage devices.

Video surveillance and video recording may be carried out in publicly accessible areas and premises in the buildings of D&P PI HOTELS LTD and in those for which a special access regime is provided. Video surveillance shall not be carried out in guest rooms, sanitary facilities, recreation rooms, etc. under.

Data Subjects and other visitors who may be filmed shall be informed of the use of technical means of surveillance and control and of any other relevant information in connection with the surveillance carried out, by means of information boards placed in a prominent position.

Contact details of the company

If you have any questions or concerns about the processing of your personal data or wish to exercise any of your rights, you can contact:

  • E-mail: office@hotelgrami.com
  • Phone: +359889666584
  • address. 6 Vasil Drumev Street

Competent supervisory authority

On the territory of the Republic of Bulgaria, the competent supervisory authority is the Commission for Personal Data Protection.

If you suspect that your rights related to the protection of your personal data have been violated, you can report to:

  • Address. Address: 1592 Sofia Blvd. “Prof. No. 2 Tsvetan Lazarov
  • E-mail: kzld@cpdp.bg
  • Phone: 02 / 91-53-518

GUARANTEED

THE LOWEST PRICES FOR RESERVATIONS VIA THE WEBSITE

THE LOWEST PRICE