Information about us:

BSA EOOD

Unique identifier: 202317713

ID/Value Added Tax Law: BG202317713

Our primary concern when dealing with personal data

BSA EOOD processes your personal data in order to provide its guests with better, better quality and more diverse services. In view of this, data security is important to the success of our business and to our public image as a first-class hotel. That is why we strive to protect your data by applying all appropriate technical and organizational means at our disposal to prevent unauthorized access, unauthorized or malicious use, loss or premature deletion of information.

This “Personal Data Protection Policy” aims to explain to you how and why we process your personal data.

How and why we use your personal data

To fulfill statutory and contractual obligations

We collect and process your personal data and other personal data in order to fulfill obligations assigned to us by virtue of a legal act such as the Tourism Act

We collect and process your personal data and other personal data in order to fully provide the services that you have requested and that you want to use with us, as well as to fulfill our contractual obligations to you.

• Social security number, names, gender, citizenship, permanent address
• email, letters, information about your troubleshooting requests, complaints, requests, complaints;
• other feedback we receive from you;
• video recordings that are made to improve security
• preferences for the services we provide to you;

• credit or debit card information, bank account number or other banking and payment information in connection with payments made to the hotel

Other information such as:

• data provided through the hotel website;
• IP address when visiting our website;
• demographic data, household information when you agree to participate in our surveys, prize draws or other feedback you provide us in connection with the services used;

The processing is carried out for the purpose of:

• establishing the client’s identity upon check-in at the hotel;
• managing and fulfilling your requests for services;
• preparing and sending a bill/invoice for the services you use with us;
• to provide you with the comprehensive service you need, as well as to collect the amounts due for the services used;
• analysis of customer history and creation of a user profile in order to determine a suitable offer for you;
• research and analyze customer usage of our services, based on anonymous or personalized information, to identify key trends, improve our understanding of our customers’ behavior and collaborate with third parties to develop new services for our customers;
• processing by a data processor upon conclusion of a contract, assignment, reporting, acceptance, payment;

With your consent

In some cases, we process your personal data only after your prior written consent. Consent is a separate basis for processing your personal data and the purpose of the processing is stated in it, and is covered by the purposes listed in this policy.

Consents may be withdrawn at any time. Withdrawal of consent will have an impact on the offer of the respective services for the provision of the respective programs.

We have a large portfolio of programs and services offered. When you give us consent to process data, that consent applies to all programs and services you use.

To withdraw the given consent, you only need to use our site or simply our contact details.

To whom we provide your personal data:

We process your identification data and other personal data in order to comply with legal obligations, such as:

• provision of information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;
• provision of information to the Commission for the Protection of Personal Data in relation to obligations provided for in the legal framework for the protection of personal data – Personal Data Protection Act, Regulation (EU) 2016/679 of April 27, 2016, etc.;
• obligations provided for in the Accounting Act and the Tax-Insurance Procedure Code and other related legal acts, in connection with keeping correct and lawful accounting;
• provision of information to the court and third parties, within the framework of proceedings before a court, in accordance with the requirements of the procedural and substantive legal acts applicable to the proceedings;

How we protect your personal data

To ensure adequate data protection of the company and its customers, we implement all necessary organizational and technical measures provided for in the Personal Data Protection Act and the by-laws on its implementation.

The company has appointed a Data Protection Officer who supports the processes of protecting and ensuring the security of your data.

For the purpose of maximum security in the processing, transfer and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.

When we delete your personal data

As a rule, we stop using your personal data, for the purposes related to the contractual relationship, after the termination of the contract, but we do not delete it before the expiration of one year from the termination of the contract or until the final settlement of all financial obligations and expiration of statutory obligations to store the data, such as obligations under the Accounting Act for storage and processing of accounting data (5 years), expiration of the specified in The Law on Obligations and Contracts, limitation periods for making claims (5 years), obligations to provide information to the court, competent state authorities, etc. grounds provided for in the current legislation (5 years). Please note that we will not delete or anonymize your personal data if it is necessary for pending legal, administrative or complaint proceedings before us.

Your data can also be anonymized. Anonymization is an alternative to data deletion. Upon anonymization, all personally identifiable elements / elements that enable your identification are irreversibly deleted. For anonymized data, there is no legal obligation to delete it, as it does not constitute personal data.

Your rights in relation to the processing of your personal data

Right to information:

You have the right to request:

• information about whether data concerning you is processed, information about the purposes of this processing, about the categories of data and about the recipients or categories of recipients to whom the data is disclosed;
• a message in an understandable form containing your personal data that is being processed, as well as any available information about its source;
• information about the logic of any automated processing of personal data concerning you, at least in the case of automated decisions.

Right of correction:

In the event that we process incomplete or wrong/wrong data, you have the right, at any time, to request:

• to delete, correct or block your personal data, the processing of which does not meet the requirements of the law;
• to notify the third parties to whom his personal data has been disclosed of any deletion, correction or blocking, except in cases where this is impossible or involves excessive efforts.

Right to erasure /the right to be forgotten/:

At any time, you have the right to request the erasure of personal data processed by us if:

• the personal data are not necessary for the purposes for which they were collected and processed;
• withdraw your consent and there is no other legal basis for their processing;
• personal data has been processed unlawfully

Right to object:

At any time you have the right to:

• objections to the processing of your personal data if there is a legal basis for this; when the objection is justified, the personal data of the individual concerned can no longer be processed;
• objections to the processing of your personal data for direct marketing purposes.

Right to restriction of processing*:

You can request the restriction of personal data being processed if:

• you dispute the accuracy of the data, for the period in which we have to verify its accuracy; or
• the processing of the data is without legal basis, but instead of deleting them, you want their limited processing; or
• we no longer need this data (for the specified purpose), but you need it for the establishment, exercise or defense of legal claims; or
• you have filed an objection to the processing of the data, pending verification of whether the controller’s grounds are lawful.

Right to data portability*:

You can ask us to provide the personal data you have entrusted to our care in an organized, orderly, structured, generally accepted electronic format if:

• we process the data according to the contract and based on the declaration of consent which can be withdrawn or on a contractual obligation and
• processing is done automatically

Right of appeal:

In the event that you believe that we are violating applicable regulations, please contact us to clarify the matter. Of course, you have the right to file a complaint with the Commission for Personal Data Protection. After May 25, 2018, you will also be able to file a complaint with a regulatory authority within the EU.

Updates and policy changes

In order to apply the most up-to-date protection measures and in order to comply with current legislation, we will regularly update this Privacy Policy. We invite you to regularly review the current version of this Privacy Policy, to be constantly informed about how we take care of the protection of the personal data we collect.