Blue Bay Hotel & Sunny Flower Family Hotel
Dear Blue Bay Hotel & Sunny Flower Family Hotel guests,
Article 116 of the Tourism Act states that we are administrators of personal data provided by you. The administration of your personal data is linked to a single purpose for us – the provision of a high-quality and secure travel service. We take care of the confidentiality of the information you share with us and make every effort to protect it, in accordance with the General Data Protection Regulation (GDPR) and Bulgarian law for Personal Data Protection.
What kind of data do we collect?
• Personal information provided by you about you or other people
When you make a reservation through our website or use our services, we collect personal information about you, which may include:
1. your name and contact information (as a minimum to make your reservation);
2. postal address, information about your stay, nationality, data from your identity document (without taking a copy of it), such as the identity document number, date and place of issue, permanent address, and history of stay;
3. payment information – invoice address, bank card information, and bank account number (when we receive payments from you); .
4. geolocation – when you use our website’s navigation through Google Maps;
5. Upon request, you can specify your preferences and specific requirements for your stay.
If you disclose sensitive personal data with us, such as information about your health, we will only use this information to provide you with the requested services and to suit your specific needs.
We will also process the personal data you provide to us in connection with your request for a complaint, grievance, or praise for the services we provide – for as long as it takes us to react to them
If you use additional services on the territory of our sites (other than hotel accommodation services), we will process only the personal data that we or the providers of these services require in order to provide them, such as your names and where you go when you use our travel and transportation services.
In limited situations, we collect personal information from persons under the age of 18 who accompany you in order to fill up address cards for accommodation (the information collected is identical to that of adults and no contact information, bank and other financial information is collected).
In addition, we employ video monitoring at our premises to ensure the safety of our guests and their valuables. We do not employ technologies to identify you, nor do we gather biometric data about you in any other way (e.g., recognising your facial features). The signposts placed at the entrances of the rooms that are under video surveillance will inform you of the locations where we perform video surveillance.
We retain the videos in a secure location, allowing only a small number of persons access to them and only when this is absolutely necessary.
• Automatically collected personal data
We collect information from your device when you use our website (computer, phone, tablet, etc.). This information may include your IP address, browser type, and language preferences. Most of the time, this information is anonymous and cannot be used to identify you.
• Personal information obtained from third-party sources
Additionally, we need to inform you that we obtain information about you from third parties, including our partners, such as various booking platforms when you make your reservation through them, travel agencies and tour operators, and others. The information gathered from these sources may be combined with the information you supply. This information is used for the purposes outlined in this Policy.
If you visit an event or gathering organized by a third party on our premises, we may acquire and process your personal data in order to provide access to or participation in the event, as requested by the organizers, or for another reason.
Why do we collect personal data?
We use your personal information for a variety of purposes, including:
1. To process your booking request – whether obtained through our website or from a third party;
2. To provide you with services related to your reservation and to ensure your stay at our sites;
3. To contact you regarding your reservation or stay;
4. To retain our registers (for example, a registration of accommodated tourists, which we are required to keep under the Tourism Act) and to meet our other legal duties;
5. To provide you with a service that is suited to your specific requirements and interests;
6. To react to your inquiries and complaints;
7. For your safety and for the security of our and your property at the premises;
8. For statistical purposes;
9. Marketing and advertising;
When we process your data for our legitimate purposes, you have the right to object by contacting us at the email or postal address listed at the end of this Policy.
How long do we store your personal data?
We only keep your personal data for as long as is necessary to achieve the goals outlined in this Policy, unless we are compelled by law or have the right to keep it for a longer period.
The retention period is determined by several factors, including the length of service, in case it is necessary to establish, exercise, or defend our and/or your legal claims and inquiries, or in case we are required by law to retain data (e.g. accounting documents for a period of five or ten years.)
Data relating to video surveillance at our sites are typically stored for a short period – generally one month – unless a longer processing time is required to safeguard our legal claims, such as for the purpose of further investigation of accidents.
Who do we share your personal information with?
We provide various of the above data to government agencies in order to fulfil legal obligations, as well as to our trusted partners (insofar as this is required for the services we use, such as technical support services on our site, courier and transport services, and so on), with whom we have ensured compliance with the highest standards of information security and confidentiality.
Other third parties who obtain parts of your personal data are legal companies with whom we collaborate to provide certain services, such as financial and payment institutions when making payments, booking platforms, and others.
The disclosure of data to our partners is required in order for us to provide you with better service.
How do we protect your rights?
We only process your personal data in accordance with the aforementioned objectives, grounds, and deadlines.
When we collect personal data, we do so in minimum amounts for specific and well-defined purposes and retention periods. We only provide data access to a small number of persons who have been pre-trained and instructed on how to operate with it.
What are your rights?
You have the right, as a data subject, to receive confirmation and/or detailed information, including a copy of the personal data processed for you (right of access).
You may also object to the gathering and use of your personal information, as well as request that it be corrected (updated) or deleted (when we do not have a valid legal basis to continue processing it).
It is important to understand that you have the right to withdraw your consent to the processing of personal data at any time by calling +359 888 731868 or using our contact form.
If you believe that your data protection rights have been violated, you have the right to file a complaint with the Commission for Personal Data Protection: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., tel. 02 / 91-53-518, e-mail: firstname.lastname@example.org and/or another supervisory / regulatory body, when you believe that there is a violation in connection with our company’s processing of your personal data.
If you have any questions regarding your rights or want to exercise any of them, please contact us at the numbers indicated in this Policy: +359 888731868 or using our contact form.
We shall respond to any of your requests within 30 days of receiving them, without undue delay. If we are unable to do so due to circumstances beyond our control, we will notify you promptly, stating the reasons for the delay.
Changes in current policy
Any changes to this policy will be announced on the hotel’s website.
What are cookies and why are they necessary?
A cookie is a small text file that is downloaded to an “end device” (such as a computer or smartphone) when the user accesses a website. It enables the site to function properly, recognize the user’s device, and store some information about the user’s preferences or previous actions (for example, language selection, font size, login, etc.) for a specific amount of time so that you do not have to enter information again.
You do not need to register or enter any personal information in order to browse our website. Cookies are used to allow the website www.bluebay-hotel.com to work properly when it is accessed and browsed.
How to manage cookies?
You must configure your browser to be able to manage the cookies used on our website. This is determined by the browser you are using and its settings.
To learn more about cookies, we recommend that you visit aboutcookies.org, as well as www.whatarecookies.com and www.cookiechoices.org.
You can manage and/or delete cookies at any time using the methods described above. You can delete any cookies that are already on your computer, and you can also set most browsers to block them in the future.
However, if you do this, you may need to manually update some settings each time you visit a website, and some services and features, including our website, may not operate.