Sentido Bellevue Beach

Privacy Policy

HOTEL “BELVUE” – SUNNY BEACH

Organization: Aspikor Ltd., UIC 115325125, Plovdiv, 6A Slivnitsa St.

For us, the protection of personal data is a fundamental issue, and therefore we have taken the necessary measures to provide you with summarized information about the processing and protection of personal data by “ASPIKOR” Ltd., part of ASPIGROUP.

This Policy aims to ensure that the employees, contractors, and customers of Hotel “BELVUE” (“the Organization”), in its capacity as Data Controller, are informed about their personal data processed by the Organization and to guarantee the lawful, diligent, and transparent processing of personal data.

Personal data means any information relating to an identified or identifiable natural person. Such information may include name, date of birth, personal identification number (EGN), address, identity document number, phone number, email address, health status, online identifiers, electronic communication data, and others.

The general personal data protection policy of Hotel “BELVUE” and the Data Protection Policies (“Policies”) and Procedures for processing personal data in specific processing cases (“Procedures”) are intended to guarantee the rights of individuals regarding the protection of their personal data processed by the Organization.

The general personal data protection policy of Hotel “BELVUE” contains the basic rules and provides information about:

  1. Purposes of personal data processing;

  2. Means of collecting and processing personal data;

  3. Disclosure of personal data;

  4. Access to personal data, modification, correction, restriction of processing, and deletion of data; the right to appeal to supervisory authorities;

  5. Protection of personal data;

  6. Use of children’s personal data;

  7. Transfer of personal data;

  8. Methods of contacting the Organization;

  9. Retention and processing periods;

  10. Consequences of not providing your personal data;

  11. Updates and changes to this general personal data protection policy and its current version.

Hotel “BELVUE” collects and uses your personal data only for the purposes stated in this Policy.

1. Purposes of Processing Personal Data

1.1 Purposes of processing personal data of Hotel “BELVUE” customers

  • Hotel “BELVUE” processes personal data for the purpose of offering goods and services to its potential guests. In this context, Hotel “BELVUE” may process data related to names, personal identification numbers (EGN), identification numbers, addresses, and/or email addresses, etc.;

  • Hotel “BELVUE” processes personal data of its guests for the purposes of fulfilling the contract(s) concluded between Hotel “BELVUE” and the travel or tour operator agency, including accounting purposes related to the legal obligations of the controller. For this purpose, the personal data that may be processed includes: name, identity document or date of birth, identification number, address, email, phone number, etc.;

  • Hotel “BELVUE” processes the following personal data with the explicit consent of the individual for marketing research and delivery of additional goods and services to its guests: name, email address, phone number, technical details of the individual’s devices, and others;

  • Hotel “BELVUE” processes the personal data of its guests for the purpose of pursuing their legitimate interests, including in connection with the execution of a specific contract with a tour operator, including for debt collection purposes, as well as obligations of the controller arising from a legal act or ordered by a competent authority. For this purpose, the Organization processes names, personal identification numbers, identification numbers, contract/client numbers, address, phone number, email address, etc.;

  • Processing of personal data: Hotel “BELVUE” may delegate a third party to process personal data outside the controller’s structure, which provides sufficient guarantees for compliance with the applicable legal framework in the field of personal data protection. Activities for personal data processing that the Organization may delegate include, for example: accounting and legal services, security and video surveillance, development, delivery and maintenance of software products, computer systems, websites, including delegation of debt collection; as well as selling the debt through an assignment agreement. In this regard, it must provide the personal data of the individual to the respective party to the assignment agreement.

1.2 Purposes of Processing Personal Data of Partners of Hotel “BELVUE” Who Are Data Controllers or Processors

  • Hotel “BELVUE” processes personal data of its potential contractors, who act as data controllers or processors, for the purpose of establishing contractual relationships, offering goods and services, outsourcing activities to external contractors, or taking actions on behalf of its potential partners with the clear intention to enter into a contract. In this regard, Hotel “BELVUE” may process data that identifies the person or their representatives, such as names, phone numbers, addresses, and/or email addresses, etc.

  • Hotel “BELVUE” processes personal data of its contractors for the purposes of fulfilling the contract(s) concluded between Hotel “BELVUE” and the contractor, including accounting purposes related to the legal obligations of the controller. For this purpose, personal data processed may include name, identity document or date of birth, identification number, address, email, phone number, etc.

  • Hotel “BELVUE” processes personal data with the explicit consent of the individual for marketing research and the provision of additional goods and services to its colleagues: name, email address, phone number, technical details of the person’s devices, and others.

  • Hotel “BELVUE” processes the personal data of its counterparties to pursue its legitimate interests, including in connection with the execution of a specific contract, including for debt collection purposes, as well as obligations of the controller arising from a legal act or ordered by a competent authority. For this purpose, the Organization processes names, personal identification numbers (EGN), identification numbers, contract/client numbers, address, phone number, email address, etc.

  • For the purposes of section 2.2 of the General Personal Data Protection Policy, Hotel “BELVUE” may process personal data of employees of its counterparties or delegate to them the processing of personal data of its own employees, with the delegating party providing sufficient guarantees for informing and obtaining valid consent from the employees.

  • Processing of personal data: Hotel “BELVUE” may assign a third party to process personal data outside the controller’s structure, providing sufficient guarantees for compliance with the applicable legal framework in the field of personal data protection. Activities delegated in the processing of personal data may include, for example: accounting and legal services, security and video surveillance, development, delivery, and maintenance of software products, computer systems, websites, including delegation of debt collection or selling the debt through an assignment agreement. In this regard, the Organization must provide the personal data of the individual to the respective party under the assignment agreement.

1.3 Purposes of Processing Personal Data of Workers/Employees Hired Under Civil Law Contracts with Hotel “BELVUE”

  • Hotel “BELVUE” processes personal data of its potential employees or individuals engaged under civil law contracts for recruitment purposes, job advertisement, and conducting a recruitment process, as well as applications by the individual for employment with the controller, with the clear intention to conclude a contract. In this context, Hotel “BELVUE” may process data identifying the individual, such as name, phone, address and/or email address, work and professional experience, information on acquired educational qualifications, and others.

  • Hotel “BELVUE” processes personal data of its workers/employees engaged under civil law contracts for the purposes of labor, social, and health insurance legislation, including maintaining employment records, as well as paying salaries and benefits for temporary incapacity and disability. Also, for the purposes of fulfilling concluded contracts, including accounting purposes related to the legal obligations of the controller, and for modification, continuation, and termination of employment relationships. For this purpose, personal data such as name, personal identification number (EGN) or date of birth, identity document number, address, email, phone number, etc., may be processed.

  • Hotel “BELVUE” processes the personal data of its employees engaged under civil law contracts for the purpose of pursuing their legitimate interests, including in connection with the execution of a specific contract, including obligations of the controller arising from legal acts or orders from competent authorities. For this purpose, the controller processes name, personal identification number (EGN), identification number, contract number, address, phone number, email address, etc.

  • Processing of personal data: Hotel “BELVUE” may assign a third party to process personal data outside the controller’s structure, which provides sufficient guarantees for compliance with the applicable legal framework in personal data protection. Activities delegated may include accounting and legal services, security and video surveillance, development, delivery, and maintenance of software products, computer systems, websites, and others.

2. Means of Collecting and Processing Personal Data

Hotel “BELVUE” collects your personal data in the ways specified in this Policy.

2.1. Personal data of our potential and actual guests, contractors, employees/workers, and persons hired under civil law contracts may be obtained or collected directly from the individual to whom the data relates; from another person whom Hotel “BELVUE”, its representative, or authorized person will notify the data subject about; or from an authority or institution, provided there is a valid legal basis for receiving the data. With a clear intention to conclude a contract or to realize the legitimate interests of the controller, we may also obtain your personal data by accessing public registers.

2.2. Personal data and information about the individual may be submitted to us in the form of documents, forms, templates, applications, letters, and correspondence. Subsequently, your personal data may be processed during your visit to our hotel, which has an access control system and/or video surveillance system.

2.3. We may collect or receive your personal data from our own websites www.hotelbellevue-bg.com or websites of our partners (including “cookies”), according to the terms of this Policy, from the devices you use, pages and brands in social media, and other sources, as well as other sources, provided there is a valid legal basis and compliance with data protection rules.

Hotel “BELVUE” processes your personal data by the means specified in this Policy.

2.4. Non-automated means of personal data processing: These include all means where the decision to process personal data or perform a certain processing activity involves human intervention. In a non-automated way and with non-automated means, we process received documents in paper and electronic form, including contracts, written or oral correspondence, data subjects’ statements, and others. This type of data processing is carried out on paper and other physical media and in electronic environments, using computer systems and configurations, multifunction devices such as printers, scanners, copiers, and fax machines, as well as specialized software such as accounting software.

2.5. Automated means of personal data processing: These are all means where the decision to process personal data or perform a certain action in the processing is made without human intervention. Our organization usually does not use fully automated means of processing personal data. However, this type of processing may include, for example, obtaining information through “cookies.”

3. Disclosure of Personal Data

Hotel “BELVUE” will disclose, including by providing, your personal data only in the cases specified in this Policy.

3.1. Where there is a legal obligation or at the discretion of a competent authority or institution, the controller will disclose and/or provide your personal data to the respective authority or institution or to another person.

3.2. After you provide your explicit consent, when concluding or negotiating a contract with Hotel “BELVUE.”

3.3. In case of the legitimate interest of the controller arising from a legal provision or other valid legal basis. Also, in situations where the life, health, fundamental rights, and freedoms of the data subject, a third party, and/or groups of persons, as well as public health and the security of public order, are endangered.

4. Ensuring Access to Personal Data, Modification, Correction, Restriction, and Deletion, Right to Appeal to Supervisory Authority

4.1. You have the right to request and obtain from Hotel “BELVUE” confirmation that the personal data related to you is being processed by the controller.

4.2. You have the right to access data and information related to the collection, processing, and storage of your personal data by the controller.

4.3. You have the right to receive information about the logic of the processing of your personal data, the purposes and duration of the processing and storage of the data, information about the categories of recipients to whom your personal data may have been or have been disclosed or provided for processing on behalf of the controller.

4.4. If you do not want all or some of your personal data to continue to be processed and/or stored by Hotel “BELVUE” in cases where the controller has no obligation to continue processing and/or storing the data or where the controller lacks a legitimate interest to continue the processing and/or storage, you may object to the processing or request to restrict or stop it and delete your data. Such objection may be made with respect to all or some of the processing cases, and for the entire scope of personal data or part of it.

4.5. You have the right to request the controller to update, correct, or supplement your processed personal data.

4.6. You may request deletion, restriction of processing, or return of your personal data, and the controller shall be obliged to fulfill your request if:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;

  • you withdraw your consent on which the processing is based and there is no other legal basis for the processing;

  • your personal data is processed unlawfully;

  • your personal data must be deleted to comply with a legal obligation under EU law or the law of a Member State applicable to Hotel “BELVUE”.

4.7. The controller is not obliged to delete, restrict the processing, or return your personal data in cases where it is stored and processed:

  • for exercising the right to freedom of expression and information;

  • to comply with a legal obligation under EU law or the law of a Member State applicable to the controller, or in the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

  • for reasons of public interest in the area of public health;

  • for archiving purposes in the public interest, scientific or historical research, or statistical purposes;

  • for the establishment, exercise, or defense of legal claims;

  • for exercising rights of data controllers which override the legal interests of the data subject.

4.8. To exercise the above rights, you must submit a written request to Hotel “BELVUE” verifying your identity and precisely describing the basis of your request, which categories of personal data your request concerns, and which actions regarding the processing and storage of your personal data you are requesting. The request may be submitted in writing to an employee at the controller’s office or electronically, complying with the requirements of the Electronic Document and Electronic Signature Act.

4.9. You have the right to file a complaint regarding violations of your personal data protection rights to the Commission for Personal Data Protection, address: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov” No. 2 (www.cpdp.bg).

5. Personal Data Protection

5.1. In accordance with the requirements of the General Data Protection Regulation and relevant legislation in the field of personal data protection, Hotel “BELVUE” regularly conducts audits and analyses of its activities, as well as risk and impact assessments regarding personal data protection and the legal sphere of data subjects.

5.2. In this regard, Hotel “BELVUE” introduces and maintains an adequate level of security and personal data protection through the implementation of appropriate technical and organizational measures for data protection and information security.

5.3. Hotel “BELVUE” regularly conducts briefings and training for its employees to raise their awareness about their rights and obligations related to personal data processing, as well as developments in legal frameworks and technological progress.

6. Use of Children’s Personal Data

6.1. Hotel “BELVUE” does not intentionally collect or process children’s personal data for purposes other than those related to labor and social security legislation concerning the administrator’s employees. In these cases, the employee/workers give consent for processing.

6.2. Hotel “BELVUE” collects and processes personal data of children, which may occur during visits to the administrator’s premises, where video surveillance systems are installed. In such cases, the rules and requirements of the General Data Protection Regulation and relevant legal frameworks are observed.

7. Transfer of Personal Data

7.1. Hotel “BELVUE” generally does not transfer personal data outside the Republic of Bulgaria.

7.2. Hotel “BELVUE” may provide your personal information to the relevant tourist or tour operator agency through which you requested the use of our services, in case of contractual or legal liability of the controller or to realize the legitimate interests of the Organization, and also when necessary for exercising your rights.

7.3. The controller may provide your personal data to an insurance company outside the Republic of Bulgaria in case of an insurance claim or to exercise other rights of yours or due to legal obligations or preferential interests of the controller.

8. How to Contact the Data Protection Officer:

Organization contacts:
“Aspikor” Ltd.
City of Plovdiv
6A Slivnitsa Street
Company ID: 115325125

Hotel “BELVUE” 4*
Sunny Beach Resort 8240
Phone: 0554 2 5575
Website: www.hotelbellevue-bg.com
Data Protection Officer: Yanko Yankov, e-mail: dpo@hotelbellevue-bg.com

9. Processing and Storage Periods

Hotel “BELVUE” processes and stores your personal data for the periods specified in this General Data Protection Policy or in terms agreed between the parties under the contract or given consent for data processing.

9.1. Hotel “BELVUE” processes and stores your personal data for no longer than strictly necessary to achieve the purposes of processing your personal data.

9.2. The controller processes personal data within legally prescribed periods where such exist.

9.3. Processing and storage periods may also be defined between the parties to the contract with the data controllers, according to the processing purposes and legal requirements.

10. If you do not provide us with the necessary personal data required for the processing purpose due to the need and/or obligation of Hotel “BELVUE” to process it, we will not be able to conclude a contract with you and/or provide you with the requested goods or services.

11. Update and Change of the Current General Personal Data Protection Policy and Current Version

11.1. All changes to the General Data Protection Policy made in the future will be published on the website of Hotel “BELVUE”.

11.2. According to contact possibilities with individuals and the nature of the relationship between the controller, changes to the General Data Protection Policy, as well as the creation and updating of individual personal data processing policies, will be communicated to data subjects timely.

Last update: 25.05.2018

I acknowledge and understand the General Data Protection Policy of Hotel “BELVUE”

Mr. Valcho Valchev – General Manager
Sunny Beach
Date: 25.05.2018

Additional info:
ASPICOR Ltd. is part of ASPI GROUP. Established in 1999, the company operates in tourism and services. It owns Hotel Bellevue (4*) in the famous Black Sea resort Sunny Beach.

Website: http://www.hotelbellevue-bg.com/

 

Dear clients and partners,

For us, the protection of personal data is a fundamental matter, and therefore we have taken the necessary measures to provide you with summarized information about the processing and protection of personal data by Aspikor Ltd., as part of ASPIGROUP.

I have the responsibility to perform the functions of data protection officer in the company Aspikor Ltd., part of ASPIGROUP, and I believe that the information provided will help you find answers to all questions related to your personal data. You can contact my team for any questions related to the processing of personal data and the observance of your rights.

In the provided information, you will find answers to frequently asked questions, explanations of terms related to data protection, and other useful information related to the processing of your personal data.

Data Protection Officer: Yanko Yankov, e-mail: dpo@hotelbellevue-bg.com

Who can contact the Data Protection Officer?

The Data Protection Officer is appointed in accordance with the provisions of Article 37 of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), in the company Aspikor Ltd., part of ASPIGROUP.

The duties of the Data Protection Officer include the obligation to protect the rights and interests of data subjects.

All data subjects can contact the Data Protection Officer. A data subject is any person to whom personal data relate. These are all citizens of the European Union (EU), whose rights are protected by the General Data Protection Regulation. Data protection applies only to living persons, as the general rules exclude data about deceased persons. In view of the activities of Aspikor Ltd., part of ASPIGROUP, these are primarily our clients, employees, and business partners.

The Data Protection Officer is responsible for compliance with the requirements regarding the exercise of data subjects’ rights in Aspikor Ltd., part of ASPIGROUP.

What are the responsibilities of the Data Protection Officer?

The Data Protection Officer organizes communication and assistance to data subjects in cases where their rights regarding the processing of their personal data have been violated and, in the exercise of their rights according to Regulation 2016/679 (General Data Protection Regulation).

These fundamental rights include:

  • The right of access to personal data;

  • The right to correction of personal data;

  • The right to receive information about the processing of personal data;

  • The right to restriction of processing of personal data;

  • The right to data portability;

  • The right to object to the processing of personal data;

  • The right to refuse automated processing of data, including profiling;

  • The right to erasure (“the right to be forgotten”);

  • The right to receive information in case of security breaches related to personal data;

  • The right to withdraw consent for personal data processing.

Each of these rights can be exercised by the data subject by submitting an application.

Submitting an application related to personal data

You can submit your application to the Data Protection Officer. Your applications will be considered as soon as possible. The person receiving your application (the controller or the Data Protection Officer) will provide you with information about the measures taken within one month of receiving your precise and comprehensible application, provided that the sender of the application is clearly identified. This period may be extended by an additional two months if necessary due to the complexity of the case and the number of applications. The controller (or the Data Protection Officer) is obliged to inform you of any possible extension within one month of receiving the application, stating the reasons for such delay.

If your application cannot be identified or is not formulated clearly and understandably, the controller or the Data Protection Officer will contact you and request it to be completed, and from that moment the one-month period for considering your application will stop until the day of its completion. Please note that if you do not complete your application within a reasonable time, it will not be considered and will be rejected based on Article 12 of the regulation.

Applications can be submitted by one of the following ways:

  • In person at the reception of Hotel Bellevue 4*, Sunny Beach Resort

  • By mail;

  • By email.

The response will be sent to you by the method specified in your application.

If the controller cannot take the requested measures, you will be informed no later than one month after receiving your application.

Providing the requested information, as well as fulfilling your requests, is free of charge. In case of unjustified or unreasonable requests, mainly because they are repetitive, the controller has the right to:

(a) charge a reasonable fee, including administrative costs incurred in providing the requested information or taking action; or

(b) reject the application.

How to contact the Data Protection Officer:

Hotel Bellevue 4*
Sunny Beach Resort 8240
Bulgaria

Data Protection Officer: Yanko Yankov, e-mail: dpo@hotelbellevue-bg.com

Please note the following information regarding the processing of personal data you provide in connection with your request, complaint, or inquiry:

The processing of personal data is carried out in order to comply with the legal provisions related to the exercise of your rights under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC. We will use your personal information to verify your identity and properly review your request. Your data and media will be stored in our personal data protection system for the duration of your request and then retained for 5 years after reviewing your application to provide relevant evidence in the event of legal or administrative proceedings. Your personal data will be accessible to the companies involved in processing your request, as well as to Aspikor Ltd., part of ASPIGROUP, to which the Data Protection Officer is appointed.