NOTICE OF CONFIDENTIAL TREATMENT OF PERSONAL DATA
"DDM HOTELS" EOOD entered in the Commercial Register at the Registration Agency under the UIC 207428322 is a personal data controller (PDD) within the meaning of Regulation (EU) 2016/679 and other applicable acts of the European Union and the Republic of Bulgaria.
As such, it treats the privacy of individuals with utmost responsibility and guarantees to the maximum extent the protection of their personal data in the process of processing in connection with its activity.
The purpose of this announcement is, in accordance with the information requirements under Art. 13 and Art. 14 of the GDPR, to inform you about the personal data processing activities carried out by "DDM HOTELS" EOOD as ALD, the purposes for which the data are processed, the measures and guarantees for the protection of the processed data, your rights and the way in which it can you exercise them.
What personal data do we collect, for what purposes and on what legal basis do we process it?
As a limited liability company "DDM HOTELS" EOOD collects personal data for specific, precisely defined by law purposes and processes them lawfully and in good faith.
In carrying out its activities, ALD processes the personal data of individuals for the following purposes:
- For the purposes of his legal (legitimate) interest;
- Fulfillment of obligations under a contract or to take steps at the request of the client before the conclusion of a contract;
- Compliance with a legal obligation that applies to the company;
- Express consent received from you as a customer;
The grounds that give us the right to process your data are described in detail in the Law on Tourism, the Law on Civil Registration (mandatory hotel registration in the place where you will stay), the Law on Electronic Documents, electronic authentication services (when paying through POS terminals) and other relevant regulations acts.
In the performance of its activities, the company processes personal data of individuals for the performance of the contracts it concludes. In connection with their implementation, the data administrator collects and processes personal data of natural persons, limited to what is necessary, sufficient for the exact performance of the obligations under the relevant contract. Access to this information is provided to third parties only when this is specified in a special law.
When we process personal data based on the subject's consent, the data is processed only if the individuals have freely, specifically, informed and unequivocally expressed their consent to the processing.
Video surveillance is carried out in the objects for the purpose of protecting, exercising or preserving the legal rights, inviolability, safety or property of the administrator, his employees and/or counterparties, as well as ensuring the safety, inviolability and security of the hotel's guests and members of the public. Video surveillance records are stored for a period of one month. Certain employees have access to the data within the scope of their official duties. The purpose of collecting personal data is identification of a natural person, with the purpose of controlling access.
"DDM HOTELS" EOOD processes Visa data only for the purposes for which it was collected, and does not use it for other purposes. This purpose is entirely related to the use of tourist services offered by the association.
As ALD "DDM HOTELS" EOOD stores your personal data on paper and technical media and implements the necessary technical and organizational measures to guarantee an appropriate level of security, including protection against unauthorized access, accidental loss, destruction or damage.
Different types of personal data are collected according to the purposes:
1. To request or confirm a reservation, "DDM HOTELS" EOOD collects the following types of data:
- Pre-reservation, via website – Name and surname of the contact person; e-mail address of the contact person;
- Reservation by phone – phone number for feedback and e-mail address for confirmation of the reservation; Name and surname of the contact person.
These data are stored until the reservation is made. After that, the data is destroyed and their subsequent processing is impossible.
2. Accommodation of guests, as an administrator we process and store the following data:
- EGN/ LNCH;
- Name of the person (data are written according to the national document);
- Date of birth;
- Gender;
- Citizenship;
- Identity card number/valid national identity document;
- Country that issued the national document.
On the basis of Article 116, Paragraph 2 of the Law on Tourism, the data entered in the register for accommodated tourists are stored for the period of five calendar years.
3. To realize corporate or personal events, the following data is processed and stored by ALD:
- Two names of the event organizer. For corporate events - contact person indicated by the legal entity, organizer of the event;
- E-mail address and telephone number of the contact person.
These data are stored for a period of up to three calendar years after the event.
02/11/2023, 16:51 Privacy Policy - The Wall https://stenata.bg/privacy-policy/ 5/7
Transfer of personal data to a non-EU country or international
The company does not provide personal data to a third party outside the EU or to an international organization without first obtaining your consent.
How long do we store personal Views?
As ALD "DDM HOTELS" EOOD OOD stores your personal data for a period no longer than the requirements of the applicable legislation for the relevant deadline.
What are your rights?
As ALD, we have taken measures to protect personal data in accordance with the requirements of Regulation 2016/679, which are aimed at ensuring the rights of the subjects whose personal data are processed, namely:
– Right of access;
– Right to correct inaccurate or incomplete data;
- Right to erasure (the right to be forgotten), if the conditions of Art. 17 of REGULATION 2016/679;
– Right to restriction of processing;
- Right to data portability, if the conditions for portability under Art. 20 of REGULATION 2016/679;
- Right to object, if the conditions of Art. 21 of REGULATION 2016/679.
- The right of the data subject not to be subject to a decision based solely on automated processing, including profiling.
How can you exercise your rights?
You can exercise the above rights by submitting a written application (in person or by an authorized person through a notarized power of attorney) to the administrator of personal data ("STENATA PROPERTY MANAGEMENT" OOD), in which you should specify your specific request. The request should be signed and sent to the ALD address. The application can be submitted electronically in accordance with the Law on electronic documents and electronic signature.
You have the right to appeal to the supervisory authority
You have the right to file a complaint with the supervisory body, as the competent body for this is the Commission for the Protection of Personal Data, address: Sofia 1592, "Prof. TsvetanLazarov" No. 2 (www.cpdp.bg).
In the event that you wish to file a complaint regarding the processing of personal data via ALD (recipients, including non-EU and international organizations), you can do so at the specified contact details of the company or directly to the Data Protection Officer
We offer you the unique opportunity to descend from the front door to the winter adventures of Pamporovo.
Welcome!
Tel. +359 877 100 906, +359 885 100 906
Email: reservation.stenata@gmail.com
Address: Studenets 2, 4703 Pamporovo, Bulgaria
GPS coordinates: 41.641860, 24.689932