CONFIDENTIALITY AND PERSONAL DATA PROTECTION POLICY
In the processing of personal data, "NEPTUN" OOD, with headquarters and address of management: Varna, kk. "St. St. Konstantin and Elena Hotel Neptun as a personal data controller processes the provided data and personal information in accordance with the Personal Data Protection Act and Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of personal data of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation).
We, as a personal data administrator, know that privacy is an important issue for which we respect the integrity of the personality of the users. We have developed this policy to clarify our practices regarding the personal data we collect, process and store.
The following definitions of the terms used in this document are defined in the General Data Protection Act of the European Union:
"Personal data" means any information relating to an identified natural person or natural person that can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more specific features related to the physical, physiological, genetic, mental, mental, economic, cultural or social identity of that individual.
"Processing of personal data" means any operation or set of operations performed with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or changing, retrieving, consulting, using, disclosing by transmission, dissemination or other means by which data becomes available, arranged or combined, restricted, deleted or destroyed.
"Data controller" means a natural or legal person, a public authority, an agency or other entity which, alone or jointly with others, defines the purposes and means of processing personal data; where the objectives and means of such processing are determined by Union or Member State law, the controller or the specific criteria for determining it may be established in Union law or in the law of a Member State.
BASIC PRINCIPLES RELATING TO THE PROCESSING OF PERSONAL DATA
- Legitimacy, good faith and transparency - The processing of personal data must be lawful, in good faith and in a transparent manner with regard to the data subject
- Goal limitation - must be collected for specific, explicit and legitimate purposes and not further processed in a manner inconsistent with those objectives;
- Data collection to a minimum - collected personal data must be appropriate, relevant and limited to what is necessary in relation to the purposes for which it is being processed;
- Accuracy - The data must be accurate and, if necessary, kept up to date, taking all reasonable steps to ensure the timely erasure or correction of inaccurate personal data;
- Restriction of storage - data must be stored in a form that allows the data subject to be identified for a period no longer than is necessary for the purposes for which they are being processed;
- Integrity and confidentiality - data must be processed in a manner that ensures an appropriate level of security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage.
PROCESSING OF PERSONAL DATA
For the purposes of the services provided, NEPTUN Ltd. processes and stores the following data:
a) When booking - name and surname of the contact person, e-mail and contact telephone number for the contact person.
b) when accommodated in the hotel - name, surname and surname of the person, PIN, date of birth, gender, nationality, identity card number or other identity document, date of issue of the document. In addition, bank payment information, deposit information and invoice data are provided.
Customer personal data is provided only in so far as it is necessary to perform a service contract at the request of the client as a party to the contract and prior to the performance of the contract. Upon registration at the hotel, the introduction of personal data is mandatory and is carried out under a statutory provision and the data are collected in order to be provided to state or municipal institutions in connection with their official statutory functions (Ministry of Tourism, Ministry of Interior National Revenue Agency, National Statistical Institute, Varna Municipality). The data required to be provided are such that it is not possible to provide the service or part thereof.
In the absence of a legal or contractual ground for the provision of personal data, client consent is required, which must be expressed freely, unambiguously and specifically after the person has received clear, accurate and comprehensive information about the purposes for which this consent is given and the rights in processing and storage of data. Personal data is processed only for the purposes for which it was provided.
In addition, the purpose of processing personal data also includes communication with customers, including by email, necessary in connection with the provision of services and / or notification of changes in the services provided. For this purpose, it may be necessary to process part or all of the data provided.
When making a reservation electronically through the hotel's website www.hotel-neptunbg.com, a client requesting the hotel is filed a request, which is a document of legal significance, in accordance with the Law on Electronic Document and Electronic Certification Services (ZEDEUU). "NEPTUN" Ltd. has the obligation to keep a log of the fact of sending the application (and its contents) for a period of 1 (one) year. The log contains the date of the sender's statement, name, ID, address, and email address, and details of the requested service.
STORAGE AND PRESERVATION OF PERSONAL DATA
Personal data are stored by Neptun Ltd. in the statutory minimum periods according to the applicable legislation.
Neptun Ltd. introduces and maintains ongoing organizational and technical security measures that are complex and are applied adequately and proportionately to the data protection risk.
The processing of personal data to the extent strictly necessary and proportionate to the objectives of ensuring network and information security.
Individualization and cookies
When you visit our website www.hotel-neptunbg.com, called the Site, we automatically collect data through so-called "cookies". It also allows us to improve our services and make sure you can easily find what you are looking for. We want to inform you that cookies can not harm your files or increase the risk of viruses on your computer or mobile device.
More information about the cookies you use can be found in the Cookies Policy.
Personal data collected at Neptune Hotel are not provided to third parties in any other way except in the cases provided for by the law, namely state and municipal institutions, judicial authorities.
Documents stored in electronic or paper form are only accessible to authorized employees with access subject to confidentiality and a clear responsibility for this.
USERS 'RIGHTS CONCERNING PERSONAL DATA
1. Right to information - this Policy aims to inform all interested parties in detail about the processing of personal data in connection with the activity of Neptun OOD.
2. Right of access - Persons have the right to receive confirmation that their personal data are being processed, accessed, and information on their processing and rights in connection therewith. This information can be provided by request to Neptune OOD.
3. Right of rectification - Customers are entitled to correct their personal data if they are incomplete or inaccurate. This applies only to the data stored in the registers.
4. Right of wiping (the right to be forgotten) - each client has the right to request the deletion of data, except where there is an essential reason and / or a legal obligation to process them.
5. Right to data portability - Individuals have the right to receive the personal data they have provided and which relate to them in a structured, popular format, and to use this data for another administrator at their discretion.
The responsibility for the storage and processing of data sent by Neptun Ltd. to another Administrator, as well as for all consequences of the provision thereof, lies entirely with the person who requested the transfer of his data.
6. Right to withdraw consent - Customer may at any time withdraw its consent to the processing of personal data, which is based on consent given by him / her. Such withdrawal shall not affect the lawfulness of the processing on the basis of consent until the time of withdrawal.
7. Right of objection - each client has the right to object to data processed on the basis of a legitimate interest. In the event of such an objection, Neptune Ltd will examine the claim and, if justified, will do so. If it is judged that there are convincing legal grounds for the processing or is necessary for the establishment, exercise or protection of legal claims, the person making the objection will be informed accordingly.
8. Right to complaints to a supervisor - each client has the right to appeal to a supervisor if he considers that the processing of personal data relating to him / her violates the applicable data protection legislation.
The Supervisory Authority of the Republic of Bulgaria is the Commission for the Protection of Personal Data with the address: Sofia 1592, "Prof. 2 Tsvetan Lazarov.
Data protection rules are subject to periodic updates in accordance with adopted legislation.