Хотел Фамил
Хотел Фамил
Facebook
BOOK NOW
  1. Home
  2. Privacy policy

Privacy policy

Политика за поверителност

NOTIFICATION OF CONFIDENTIAL TREATMENT OF PERSONAL DATA

RHEOS EOOD registered in the Commercial Register at the Registry Agency with UIC 204226600 is a personal data administrator (PDA) within the meaning of Regulation (EU) 2016/679 and other applicable acts of the European Union and the Republic of Bulgaria.

As such, it takes a very responsible attitude towards the privacy of individuals and ensures the protection of their personal data to the maximum extent possible in the processing of personal data in connection with its activities.

This Communication aims, in accordance with the information requirements of Art. 13 and Art. 14 of the GDPR, to inform you about the personal data processing activities carried out by RHEOS EOOD as an ALD, the purposes for which the data are processed, the measures and safeguards for the protection of the processed data, your rights and the way you can exercise them.

For all questions related to the processing of your personal data, you can contact the data protection officer of RHEOS EOOD at e-mail: familbansko@gmail.com, in your message you should provide the necessary data for your individualization and contact for feedback.

You can also contact us at our address of management: Bansko, 30 Han Asparuh Str.

What personal data do we collect, for what purposes and on what legal basis do we process it?

As ALD RHEOS EOOD collects personal data for specific, precise purposes defined by law and processes them lawfully and in good faith.

In the performance of its activities, ALD processes personal data of individuals for the following purposes:

  • For the purposes of his legitimate interest;
  • Performance of obligations under a contract or to take steps at the request of the customer before entering into a contract;
  • Compliance with a legal obligation that applies to the company;
  • Explicit consent obtained from you as a customer;

The grounds that give us the right to process your data are detailed in the Tourism Act, the Civil Registration Act (mandatory hotel registration in the place where you will stay), the Electronic Document and Electronic Authentication Services Act (for payments via POS terminals) and other relevant regulations.

In the performance of its activities, the company processes personal data of individuals for the performance of the contracts it concludes. In connection with their performance, the data controller collects and processes personal data of natural persons limited to what is necessary and sufficient for the accurate performance of the obligations under the relevant contract. Access to this information shall only be granted to third parties where this is specified in a specific law.

For the performance of its obligations under a contract, the company sometimes also processes data of children under the age of 18, which is provided by their legal representatives – a party to a contract with us. Children’s details for hotel accommodation are necessary as far as required by regulations.

Where we process personal data on the basis of the subject’s consent, the data shall only be processed if the individuals have freely, specifically, informed and unambiguously consented to the processing.

Video surveillance is conducted on our premises to protect, exercise or preserve the legal rights, privacy, safety or property of the Administrator, its employees and/or contractors, and to ensure the safety, privacy and security of hotel guests and members of the public. CCTV footage shall be retained for a period of one month. Access to the data is granted to certain employees within the scope of their duties. The purpose of collecting personal data is to identify individuals for access control purposes.

RHEOS Ltd processes your data only for the purposes for which it was collected and does not use it for other purposes. These objectives are entirely related to the use of tourist services offered by the company.

As ALD RHEOS Ltd stores your personal data on paper and technical media and implements the necessary technical and organizational measures to ensure an appropriate level of security, including protection against unauthorized access, accidental loss, destruction or damage.

Different types of personal data are collected according to the purposes:

  1. To request or confirm a reservation, RHEOS Ltd. collects the following types of data:
  • When booking via website – Name and surname of the contact person; e-mail address of the contact person;
  • When booking by phone – phone number for feedback and e-mail address to confirm the reservation; Name and surname of the contact person.

This data is stored until the reservation is realized. The data is then destroyed and no further processing is possible.

  1. When accommodating guests, as the administrator we process and store the following data:
  • SSN/IDN;
  • Name of the person (data to be written according to the national document);
  • Date of birth;
  • Paul;
  • Citizenship;
  • Identity card number/valid national identity document;
  • State issuing the national document.

On the basis of Article 116, paragraph 2 of the Tourism Act, the data in the register of the accommodated tourists shall be kept for a period of five calendar years.

  1. The following data is processed and stored by ALD for the purpose of corporate or personal events:
  • Two names of the person organizing the event. For corporate events – contact person designated by the legal entity organizing the event;
  • E-mail address and telephone number of the contact person.

This data is stored for a period of one to three calendar years after the event.

  1. For direct marketing purposes, including analyzing and profiling target audiences to track our customers’ satisfaction, we process the following data:
  • E-mail address;
  • IP address;
  • Location;
  • Language;
  • Years;
  • Paul;
  • Interests;
  • User behavior on the website of RHEOS Ltd

The processing and storage of this data requires the explicit consent of the data subject. The data processed for direct marketing purposes is stored for a period of three years or until the consent is withdrawn.

The purpose of collecting this data is to provide you with personalized offers and services that meet your needs and expectations.

Transfer of personal data to a non-EU country or international organisation?

The Company does not provide personal data to third parties outside the EU or to an international organisation without first obtaining your consent.

How long do we keep your personal data?

As ALD REOS EOOD stores your personal data for a period no longer than the requirements of the applicable legislation for the relevant period provided for.

What are your rights?

As ALD, we have taken measures to protect your personal data in accordance with the requirements of Regulation 2016/679, which are aimed at ensuring the rights of the subjects whose personal data are processed, namely:

Right of access;

Right to rectification of inaccurate or incomplete data;

Right to erasure (right to be forgotten) if the conditions of Art. 17 of REGULATION 2016/679;

Right to restriction of processing;

Right to data portability if the conditions for portability under Art. 20 of REGULATION 2016/679;

Right to object, if the conditions of Art. 21 of REGULATION 2016/679.

The right not to be subject to a decision based solely on automated processing, including profiling..

How can you enforce your rights?

You may exercise the above rights by submitting a written application (in person or through an expressly authorized person by notarized power of attorney) to the personal data controller (RHEOS Ltd.), in which you should specifically indicate your request. The request should be signed and sent to the address of the ALD. The application may also be submitted electronically under the Electronic Document and Electronic Signature Act.

You have the right to complain to the supervisory authority

You have the right to lodge a complaint with the supervisory authority, the competent authority being the Commission for Personal Data Protection, address. 1592 Sofia Blvd. “Prof. Tsvetan Lazarov” No. 2 (www.cpdp.bg).

In case you wish to lodge a complaint regarding the processing of your personal data through the DPA (recipients including non-EU and international organisations), you can do so at the contact details of the company or directly to the Data Protection Officer.