Personal Data Protection Policy of
Marina Cape, Aheloy
Marina Cape (hereinafter referred to as the “Hotel” and/or “Controller”) is a company entered in the Trade Register and the Register of the Non-profit Legal Entities, kept at the Registry Agency located at: 8217 Aheloy, Phone: +359 596 20 000 Email: firstname.lastname@example.org;
The hotel as a data controller collects and processes certain information on natural persons.
This information may refer to hotel employees, managers, clients and guests, suppliers, contractors, business contacts and other natural persons whom the Controller has relations with or would like to establish any business contact.
This Personal Data Protection Policy settles how personal data should be collected, processed and kept to meet the standards of the Controller’s organization and be in compliance with legal requirements.
This Personal Data Protection Policy is issued on the basis of the Personal Data Protection Act and its regulations of its usage as amended (“Bulgarian Legislation”) and General Data Protection Regulation (GDPR) (EU) 2016/679.
What personal data we collect and why we collect it
We may collect personal data about you when using our website or when selecting our services. In most cases we require your personal data for the purpose of signing a contract, complying with a legal obligation or protecting our legal interest. In certain cases we process data based on your consent.
- Depending on the services used, we may collect and process the following information about you:
- Name of person, Civil ID number (for hotel registration and invoice issuance, upon request), date of birth and sex;
- Contact details – mailingaddress, phone number and email address (email);
- Recordings on video cameras to ensure our and your security;
Our guiding principles:
We strictly observe some basic mandatory principles when processing your personal data:
- Personal data is processed lawfully, in good faith and in a transparent way;
- Personal data is collected for specific, explicit and legitimate purposes and is not further processed in a way incompatible with these purposes;
- Personal data is relevant, related and limited to what is needed in relation to the purposes which they are being processed for;
- Personal data is accurate and up-to-date, if needed;
- Personal data is kept in form allowing the persons concerned to be identified for a period no longer than is needed for the purposes which the personal data is processed for;
- Personal data is processed in a way providing with an adequate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss,
- destruction or damage by applying proper technical or organizational measures.
What is the purpose of personal data processing?
We process personal data collected most frequently with the following objectives:
When signing and executing a contract – with regard to guest registration at the hotel, preparation of accounting documents such as a bill or an invoice for the services provided to you; for the purpose of notifications related to our services.
When performing a legal obligation – for the purpose of obligations provided by Tourism Act, Accountancy Act and Tax-Insurance Procedure Code and other related regulations with regard to the proper and legal accounting; in information obligations to all state commissions and regulating authorities, as well as court; when performing online booking (distance selling) and selling outside our hotel facility;
With your consent – for direct marketing of our products and services.
Based on our legitimate interest – making video surveillance in our retail outlets;
What are your rights:
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
When collecting and processing your personal data, you are entitled to:
Information on your personal data processed and access to your personal data collected;
Correction/completion if the data is inaccurate/incomplete – on your own initiative or on the initiative of the hotel;
Deletion of personal data, if there are legal grounds for doing so;
Restriction on the processing of your personal data by the hotel, provided there are legal grounds for doing so;
Portability of personal data between separate controllers- this entitles you to receive your data from the hotel and to transfer it to another controller in a format suitable for use;
Objection to the processing of your personal data, provided there are legal grounds for doing so;
Right to judicial or administrative defence if your rights have been violated;
You can protect your rights by emailing us at: email@example.com
We keep your personal data in accordance with the purpose which they were collected for and within the statutory deadlines.
When can we disclose your personal data:
We enforce a set of measures to protect your personal data from loss, theft and misuse, and from unauthorized access, disclosure, modification or destruction. The hotel uses third parties to support certain contract activities or upon performing a legal obligation. We do not provide third parties with your personal data before we are sure that all technical and organizational measures have been taken to protect this data by trying to execute strict control to reach this goal. Some of the recipients of personal data can be: courier companies, external consultants and experts, collection companies and law firms, banks, security companies, sales agents and representatives, and etc.
Your personal data may be disclosed in certain circumstances stipulated by law. For example, your personal data may be disclosed to third parties with your explicit consent or with the authorization of the Data Protection Commission. In certain cases providing of personal data is mandatory in order to comply with our legal requirements such as: Regulating authorities, including state commissions, institutions and agencies, NRA, NSSI, courts, prosecutor’s office, and etc. where we must provide personal data in accordance with the valid legislation. If needed or appropriate we may provide your personal data for the national security purposes or for issues of public concern.
We use “cookies” to make your visit to our website more pleasant and to provide use of certain features on different pages. These are small text files which are saved on the end device by which you visit our website. Some cookies, “session cookies”, are deleted when you close your browser. Other cookies remain on your end device and allow us or our affiliates to recognize your browser on a subsequent visit (“permanent cookies”). You can set your browser in such a way allowing you be aware of the cookies setting and decide to accept them individually or turn off the acceptance of cookies for particular cases or as a whole. You can find additional information in the help section of your Internet browser. Cookies disclaimer may restrict the functionality of our website. We distinguish system “cookies” and promotional “cookies”. System cookies are required for the proper functioning of our website. Cookies disclaimer will change your browsing experience on our website and certain services on our website will not be usable. Promotional cookies are saved by loading the website and help us analyze the aggregated data regarding our visitors, for example how they reach our website, how much time they spend on it, if this is their first visit, how they review the content of our wesite. We also may reach a conclusion regarding the success of our marketing campaigns.
When do we delete your personal data?
We keep all the information we have collected about you and destroy it within the statutory time limits and if where there are no such ones, destruction is done within the time limits set by us (30 days in video surveillance) and after the final arrangement of all our financial issues. We do not keep your data for an indefinite period.
Transfer between countries
Transfer, keeping and processing of personal data is provided by modern technical resources. The hotel will not transfer your data outside of the EEA without complying with the legal opportunities and will introduce proper precautions to keep the confidentiality of your information.
- payrolls – 50 years;
- accounting records and financial reports – 10 years;
- tax and social security control documents – 5 years after the expiration of the limitation period for repayment of the public obligation which they are related to;
- all other carriers – 5 years if any shorter time limit is not stipulated by the legislation;
- video surveillance records – 30 days;
When the storage period expires, carriers of information (paper or technical) which are not subject to submission to the National Archives Fund may be destroyed.
When the storage period expires, data is destroyed as soon as possible through the medium of destroying the hard carriers by shredding. Technical carrier is destroyed by erasing and deleting relevant files from the Company’s computers and systems.
Changes to this Personal Data Protection Policy
This Personal Data Protection Procedure can be amended over time. Such amendments will be valid immediately after their disclosure. Regular review of this page ensures that you will always be aware of what kind of information we are collecting, how and for what purposes the Hotel uses it and under what circumstances (if any) we will share it with other parties.