As a legal entity established on the territory of the Republic of Bulgaria and as a member of Victoria Group, CITY HOTEL MANAGEMENT EAD (hereinafter referred to as the “Hotel Keeper”) is a controller of personal data and processes such data in accordance with GDPR and the acts regarding the implementation thereof, the national legislation in force and all group policies and internal rules, procedures, standards, best practices and data protection impact assessments.

In view thereof the Hotel Keeper makes available to its employees this privacy notice containing the following information in accordance with article 13 of GDPR:

• about the controller in charge of processing of personal data;
• about the categories personal data being processed;
• about the conditions under which personal data are being processed;
• about the purposes and legal grounds for processing;
• about the periods of storage and the data security measures being applied;
• about the employees’ rights according to GDPR,
• and in what cases and under what procedure we share your data with third parties.

WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA?

CITY HOTEL MANAGEMENT EAD, registered with the Trade Register kept by the Registry Agency under company ID number [EIK] BG205411096, having its domicile and registered office at Sofia, 100 James Boucher Blvd., represented by Executive Director  Kaloyan Ivanov Nikolov, is responsible for the processing of the categories of personal data stated below.

If you want to receive more information about what data we have collected regarding you, to obtain a copy of the documents containing your personal data or to exercise any of your rights under GDPR as well as if you have doubts that your data are being used in a wrongful manner, you can contact the data protection officer: Yoan Yamalieve-mail: dpo@hotel-marinela.com

WHAT INFORMATION ABOUT YOU WE COLLECT

In the context of our business related to the running of the Marinela hotel it is normal necessary to collect and process information about our clients. The information is collected directly and it concerns, in particular, your name and other identification data, contact data (e-mail, address, telephone).

WHY WE COLLECT YOUR DATA

In case that you give your explicit consent your data will be used to provide information concerning promotions and other interesting information related to our services.

ON WHAT LEGAL GROUND WE PROCESS YOU DATA

The forms of processing related to e-marketing require your explicit consent to be informed by e-mail, calls and/or SMS of discounts, promotions, lotteries and other marketing activities. You can give your consent by ticking the respective box in the end of this notice.

WHAT MEASURES FOR PROTECTION OF COLLECTED DATA WE APPLY

Protection and security of your data are important for us. In order to avoid any loss, abuse or unauthorized access we apply all reasonable measures and means of protection. Nevertheless, if you suspect any breach we are asking you to contact us immediately by using the stated contact details.

WHAT PERIOD WE KEEP YOUR DATA FOR

Data processed for e-marketing on the grounds of client’s explicit consent are stored until the consent is withdrawn but for not more than one year after such data are provided unless you have renewed your consent to receive marketing information.

WHAT RIGHTS YOU HAVE UPON PROCESSING OF YOUR DATA

GDPR stipulates a number of opportunities for protection of persons in relation to collection and processing of data and, in particular:

• right to access and information concerning the processing of your data;
• right to object to the processing where data are being processed on the grounds of company’s legitimate interest;
• right to withdraw your consent to the processing of the data where the latter are processed solely on the grounds of your explicit consent;
• right to portability of the data being processed on the basis of your right to as depending on your instructions we will provide you with a copy of the same or will automatically transmit them to another organization;
• right to rectification in case that the data we store are inaccurate;
• right to request “to be forgotten” where the data are processed on the grounds of your consent or the processing is unlawful in principle.
• right to file a complaint to a supervisory authority (see more information below).

HOW WE SHARE YOUR DATA WITH THIRD PARTIES

We may make your data available to third parties as follows:

○ to other hotel keepers of Victoria Group where necessary and where permitted according to the law;

○ to competent tax and other state authorities in case of inspection;

○ to our partners (e.g. tour operators, accountants, companies for external archive or lawyers and consultants, including in case of litigation);

○ upon merger or amalgamation your data may be shared with the new owner(s) and you will be given notice of that. In any case your data will not be shared with third parties established outside the territory of the European Economic Area (European Union, Norway, Iceland and Lichtenstein) unless such sharing is expressly permitted by the local legislation and there are adequate protection measures in place.

HOW YOU CAN CONTACT THE COMPETENT SUPERVISORY AUTHORITY

Regardless of the aforesaid in case of complaints you have the right to approach the Personal Data Protection Commission (PDPC):

• in person at the following address: 2 Prof. Tsvetan Lazarov Street, city of Sofia;
• by mail to the following address: 2 Prof. Tsvetan Lazarov Street, city of Sofia, postal code 1592;
• by facsimile at 029153525;
• at PDPC’s e-mail: kzld@cpdp.bg;
• via PDPC’s website at: https://www.cpdp.bg/.