Personal Data Protection Policy
“BIRS” LTD, registered in the Commercial Register through a Registry agency, with UIC: 020951471, and headquarters and address of management: Varna, kk. “Golden Sands” Hotel, Marina Grand Beach Hotel, website: www.marinagrandbeach.bg is the administrator of personal data with CPDP and processes the provided data and personal information in compliance with the Personal Data Protection Act and the General Regulation for Protection of Personal Data ) 2016/679.
We, as personal data administrators and as professionals, with years of experience in the field of tourism, respect the privacy of our users. This security policy aims to inform you about the process of collecting, processing, storing, using and rerouting personal data. Therefore, please read carefully and get to know the policy. If you have any questions, feel free to email them to us at the following e-mail address: firstname.lastname@example.org
For the purposes of this policy and in accordance with Regulation (EC) 2016/679:
Personal data is any information pertaining to an individual who is identified or can be identified directly or indirectly by an identification number or by one or more specific features. The data may refer to facts (for example – name, e-mail address, location or date of birth) or to an opinion on the actions or behavior of the Data Substance.
A Personal Data Administrator is a natural or legal person, public body, agency or other entity which, alone or jointly with others, defines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or national law, the controller or the specific criteria for determining such treatment may be laid down in Union law or in the law of a Member State;
Processing of personal data is any action or set of actions that may be performed on personal data by automatic or other means such as collecting, recording, organizing, storing, adapting or modifying, restoring, consulting, using, disclosing by transmission , disseminating, providing, updating or combining, blocking, deleting or destroying.
PROCESSING OF PERSONAL DATA
In order to secure and improve the services we provide and the need for resource management, we store, use and process personal data in compliance with the applicable legal requirements.
TYPES OF PERSONAL DATA TO BE TREATED
The types of personal data the administrator collects and processes are different according to the purposes for which they are collected and the reasons for processing them:
The types of data collected according to their purpose are as follows:
1. For the realization of booking and confirmation of reservation, BIRS Ltd. collects and processes the following data types:
a / When booking via web site:
– Name and surname of the contact person;
– e-mail address and contact person’s phone;
b / When booking by phone:
– a contact phone number and an e-mail address to confirm the reservation
– Name and surname of the contact person;
This data is stored until the reservation is made. The data is then destroyed and their subsequent processing is impossible.
2. For the purpose of accommodating guests at Boutique Hotel Marina Residence, the administrator processes and stores the following data:
– PIN / PNH;
– Name of the person (for Bulgarian citizens – in Cyrillic alphabet, for foreigners – in Latin, according to the national document);
– Date of birth;
– ID card / valid national identity document;
– Country that issued the national document.
The data collected for registration at the hotel is collected on the basis of Art. 116, para 2 of the Law on Tourism and are necessary for keeping a register for accommodated tourists. The data is stored for a period of 5 / five / calendar years.
3. For the purposes of the realization of corporate or personal events at Boutique Hotel Marina Residence, the following data are processed and stored:
– Two names of the organizer of the event. For corporate events, a contact person designated by the organizer of the event;
– email address and phone of the contact person
These data are stored up to three (three) calendar years after the event is realized.
PRINCIPLES OF PROCESSING
When processing personal data we comply with the following principles:
– legality – we collect, process and store your data, we comply with the applicable Bulgarian and European legislation;
PERSONAL DATA PROTECTION
Privacy of Personal Data
We use electronic methods for processing personal data to ensure the accurate and rapid provision of services and assistance to users. The process of processing your personal data provided to BIRS LTD is done in accordance with the applicable data protection legislation, such as BIRS LTD, respects your privacy.
PERSONAL DATA SECURITY
“BIRS” LTD. applies technical and organizational security measures in order to protect your personal data from accidental or unlawful destruction, accidental loss, unauthorized access, alteration or distribution as well as other illegal forms of processing by unauthorized persons. The security measures we apply are subject to constant improvement and adaptation to state-of-the-art technologies. Collected personal data can be provided to partners of BIRS LTD. acting as personal data processors on behalf of BIRS LTD and have undertaken to comply with all applicable data protection rules. We comply with the condition that the relevant information may only be used within the limits set by the legal basis on which it is collected or by your personal consent with respect to the processing performed on behalf of BIRS LTD and that such information “BIRS” LTD may disclose and provide personal information in accordance with the applicable law if a court or an administrative authority orders or requests it or if the provision of personal data is related to the fulfillment of a legal obligation of BIRS LTD. The data collected for the purposes of accommodation in Boutique hotel Marina Residence are accessible to the third persons designated by the Law on Tourism – Ministry of Tourism, Municipality of Varna and the Minister of Interior, National Revenue Agency and National Statistical Institute.
USERS ‘RIGHTS CONCERNING THEIR DATA.
In accordance with applicable regulations, you have the right to property and access to the data you have provided for processing. By writing to e-mail: email@example.com, you can obtain information about the type of personal information provided and the purpose of processing it, as well as require that we remove any records of your personal information without the possibility of further processing. By accessing your data, you can ask for them to be corrected if you find any errors or discrepancies. The written application can be made personally (or by a person authorized by notary attorney) at the specified contact address or electronically from the e-mail address you provided to us as processing details. Contact details and exercise the rights described above: BIRS LTD, Address: city of Varna, к.к. Golden Sands Hotel, Marina Grand Beach Hotel, E-mail: firstname.lastname@example.org 2. Consumers have the right to object to the processing of their data. The objection is addressed to BIRS LTD, as per item 1 of this section. BIRS LTD has undertaken to examine your objection and to inform you about the outcome of the internal review within 30 calendar days of its receipt. 3. Users are entitled to complaints to the competent supervisory authority. According to the current legislation, the competent supervisory authority in the Republic of Bulgaria is the Commission for the Protection of Personal Data. 4. Users are entitled to receive their data that BIRS LTD. stores when delivered in a structured, widely used and machine-readable format. Users are also entitled to transfer this data to another data administrator without obstruction by BIRS LTD, in the cases and on regard of the data provided by consent in the case of data provided under a contract to which the consumer is a party or data provided in the course of the consumer’s steps and a request for the conclusion of a contract.
CHANGES TO PERSONAL DATA PROTECTION RULES
The BIRS Personal Data Protection Regulations may be changed unilaterally by BIRS LTD with a view to their improvement, offering new services, changes in the way of service and communication with our customers, as well as in connection With changes in the current data protection rules, BIRS LTD brings to your attention the changes made by publishing them on our website www.marinaresidence.bg, giving you a reasonable time to get acquainted with which, after the expiration of which, will begin to apply to the processing of your personal information without further notice. If within this period you declare that you reject the changes, you will be deemed to have withdrawn your consent to the processing of your personal data and BIRS LTD. will cease processing it for future reference. This may also be related to the termination of your registrations of our games, services, newsletters, etc. for which you initially provided us with your personal information.
Birs OOD entered in the Commercial Register at the Registry Agency under UIC 020951471 is a personal data controller (PDC) within the meaning of Regulation (EC) 2016/679 and other applicable acts of the European Union and of the Republic of Bulgaria.
In this capacity, the company is extremely responsible to the privacy of individuals and ensures as far as possible the protection of their personal data in the process of processing in connection with their activities.
This privacy statement aims, in accordance with the information requirements of Article 13 and Article 14 of the GDPR, to inform you about activities performed by Birs OOD as a personal data controller related to data processing, the purposes for which the data is being processed, the measures and guarantees for protection of processed data, your rights and how you can exercise them.
For any questions relating to the processing of your personal data, you may contact the Data Protection Officer at Birs OOD at e-mail: email@example.com, and in your message you should provide the necessary data for your identification and contact details for feedback.
You can also contact us at the address of our registered office: Varna, Golden Sands Resort, Marina Grand Beach Hotel.
What personal data do we collect, for what purposes and on what basis do we process them?
In its capacity as PDC, Birs OOD collects personal data for specific, precisely defined by law purposes and processes them legally and in good faith.
In the course of its activities, the PDC processes personal data of individuals for the following purposes:
- For the purposes of its lawful (legitimate) interest;
- Execution of contractual obligations or taking steps at the request of the client prior to the conclusion of a contract;
- Compliance with a legal obligation that applies to the company;
- Your explicit consent as a client;
The grounds that entitle us to process your data are detailed in the Tourism Act, the Civil Registration Act (the mandatory hotel registration at the place where you will be staying), the Electronic Document and Electronic Certification Services Act (upon payment by POS terminals) and other relevant statutory instruments.
In carrying out its activities, the company processes personal data of individuals for the execution of the contracts it concludes. In connection with their implementation, the personal data controller collects and processes personal data of individuals limited to what is necessary, sufficient for the proper performance of the obligations under the relevant contract. Access to this information is provided to third parties only when this is specified in a special law.
In order to fulfill its obligations under a given contract, the company sometimes also processes data of children under the age of 18, provided by their legal representatives – a party to a contract with us. Personal data of children for the purposes of hotel accommodation are required to the extent required by regulatory requirements.
When processing personal data based on the consent of the data subject, the data are processed only if the persons have freely, specifically, informed and unambiguously expressed their consent to the processing.
In order to protect, exercise or preserve the legal rights, privacy, safety or property of the personal data controller, its employees and/or contractors, and to ensure the safety, privacy and security of hotel guests and members of the public, video surveillance is carried out on our sites. Video surveillance records are kept for a period of one month. Certain employees have access to these data within the scope of their official duties. The purpose of collecting personal data is to identify individuals for the purposes of access control.
Birs OOD processes your data only for the purposes for which it was collected and does not use it for any other purposes. These purposes are entirely related to the use of tourist services offered by the company.
In its capacity as PDC, Birs OOD keeps your personal data on paper and technical media and applies the necessary technical and organizational measures to ensure an appropriate level of security, including protection against unauthorized access, accidental loss, destruction or damage.
Different types of personal data are collected according to the purposes:
- For booking or confirming a reservation, Birs OOD collects the following types of data:
- For booking made via web site – name and surname of the contact person; e-mail address of the contact person;
- For booking made by phone – telephone number and e-mail address for confirmation of reservation; name and surname of the contact person.
This data is stored until the booking is realized. The data is then destroyed and its subsequent processing is impossible.
- When accommodating guests as a personal data controller, we process and store the following data:
- Personal Identification Number/ Personal Number of Foreign National;
- Name of person (data to be written according to national identification document);
- Date of birth;
- Number of identity card/valid national identification document;
- Country that issued the national identification document.
On the grounds of Article 116, paragraph 2 of the Tourism Act, the data recorded in the register of the accommodated tourists are retained for a period of five calendar years.
- The following data shall be processed and stored for the realization of corporate or personal events by the PDC:
- Two names of the person organizing the event. For corporate events – a contact person designated by the legal entity organizing the event;
- E-mail address and phone number of the contact person.
This data shall be retained for a period of 2 up to three calendar years after the occurrence of the event.
- For direct marketing purposes, including analyzing and profiling target audiences to track the satisfaction of our clients, we process the following data:
- E-mail address;
- IP address;
- Behavior of the users of the Birs website .
Processing and storage of these data requires the explicit consent of the data subject. Data processed for direct marketing purposes shall be retained for a period of 2 years or until withdrawal of consent.
The purpose of collecting this data is to provide you with personalized offers and services tailored to your needs and expectations.
Transfer of personal data to a non-EU country or to an international organization?
The Company does not provide personal data to third parties outside the EU or to an international organization without your prior consent.
How long do we retain your personal data?
In its capacity as PDC, Birs OOD shall retain your personal data for a term not longer than the requirements of the applicable legislation for the respective envisaged term.
What are your rights?
In its capacity as PDC, we have taken measures to protect your personal data in accordance with the requirements of Regulation 2016/679, which are aimed at ensuring the rights of the individuals whose personal data are processed, namely:
– Right of access;
– Right to rectify inaccurate or incomplete data;
– Right to erasure (the right to be forgotten), if the conditions of Article 17 of REGULATION 2016/679 are applicable;
– Right to restriction of processing;
– Right to data portability if the portability conditions under Article 20 of REGULATION 2016/679 are present;
– Right of objection, if the conditions of Article 21 of REGULATION 2016/679 are present.
– Right for the data subject not to be the subject of a decision based solely on automated processing involving profiling.
How can you exercise your rights?
The above rights may be exercised by submitting a written application (personally or through an expressly authorized person by a notarized power of attorney) to the Personal Data Controller (Birs OOD), in which you should specify your request. The request should be signed and sent to the PDC address. The application may also be submitted electronically in accordance with the Electronic Document and Electronic Signature Act.
You have a right to file a complaint to the supervisory authority
You have the right to file a complaint to the supervisory authority and the relevant competent authority is the Commission for Personal Data Protection, address: 2, Prof. Tsvetan Lazarov Blvd., 1592 Sofia (www.cpdp.bg).
In case you wish to file a complaint about the processing of your personal data through the PDC (recipients, including outside the EU and international organizations), you can do so by contacting the company at the details specified above or contacting the Data Protection Officer directly.