CUSTOMER PERSONAL DATA PROTECTION POLICY
GRAFIT GALLERY EOOD, entered in the Commercial Register at the Registry Agency with UIC 103812011, with registered office and management address: Varna, 65 Knyaz Boris I Blvd, administrative building, www.graffithotel.com, is a personal data administrator to the Commission for Personal Data Protection and processes the provided data and personal information in accordance with the Personal Data Protection Act and the General Data Protection Regulation (EU) 2016/679.
For the purposes of this Policy:
Personal Data means any information relating to a natural person identified or identifiable directly or indirectly by an identification number or by one or more specific features. The data may relate to facts (e.g. name, e-mail address, location or date of birth) or to an opinion on the actions or behaviour of the data subject.
Personal Data Administrator is a natural or legal person, a public authority, an agency or other entity which, severally or jointly with others, defines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union or national law, the administrator or the specific criteria for determining the administrator may be laid down in Union law or in the law of a Member State;
Processing of Personal Data shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or other wise making available, alignment or combination, blocking, erasure or destruction.
Marketing is a set of activities aimed at improving the quality of our services and their compliance with the exact needs and interests of our guests, as well as an analysis of their satisfaction. This includes activities such as online advertising campaigns, e-mail marketing, surveys, user profiling, and more. PROCESSING OF PERSONAL DATA
To secure and improve our services and for the purposes of the administration of resources to them, we store, use and process personal data under the applicable legal requirements.
TYPES OF PERSONAL DATA WE PROCESS
Art. 4. (1) The types of personal data the administrator collects and processes are different according to the purposes for which they are collected and the reasons for processing them:
(2) The types of data collected according to their purposes are as follows:
4.2.1. For realization of booking and confirmation of booking, GRAFIT GALLERY EOOD collects and processes the following types of data:
A) When making an online reservation (via website): - Contact person's name and surname; - Contact person's e-mail address and phone number. 65 Knyaz Boris I Blvd., 9000 Varna, Bulgaria, phone +359 52 989 900, fax +359 52 989 902 email@example.com, www.graffithotel.com
B) When making a reservation by phone: - Phone number and an e-mail address to confirm the reservation; - Contact person's name and surname. This data is stored until the reservation is made. The data is then destroyed and their subsequent processing is impossible.
4.2.2. For the purpose of accommodating guests at Graffit Gallery Hotel, the administrator processes and stores the following data: - Personal number/ Personal number of a Foreign citizen; - Name of the person (for Bulgarian citizens - in Cyrillic alphabet, for foreign citizens - in Latin, according to their national document); - Date of birth; - Sex; - Nationality; - Identity card/ Valid national identity document number; - Country of issue. The data collected for registration at the hotel is collected on the basis of Art. 116, para. 2 of the Law on Tourism and are necessary for keeping a register for accommodated tourists. The data is stored for a period of 5 (five) calendar years.
4.2.3. For the purpose of conducting corporate or personal events in Graffit Gallery Hotel, the following data are processed and stored: - Two names of the organizer of the event. For corporate events, a contact person designated by the organizer of the event; - Contact person's e-mail address and phone number. These data are stored up to 3 (three) calendar years after the event.
4.3.4. For marketing purposes, including analysing and profiling target audiences and tracking the satisfaction of our customers, we process the following data: - E-mail address - IP address - Location - Language - Age - Sex - Interests - Behaviour on the site www.graffithotel.com
For the processing and storage of these data, the data subject's consent is explicitly required. Data processed for direct marketing purposes is kept for a period of 26 (twenty-six) months or until withdrawal of consent. The purpose of collecting this data is to provide you with personalized offers and services tailored to your needs and expectations.
Principles of Processing
PROTECTION OF PERSONAL DATA
Personal Data Privacy
We use electronic methods of processing personal data to ensure accurate and fast service delivery and user assistance. The processing of your personal data provided to GRAFIT GALLERY EOOD is performed in accordance with the applicable data protection legislation, and GRAFIT GALLERY EOOD respects your privacy. Individualization and cookies New technologies enable us to customize our website for each individual customer. Cookies are text files containing information that allows the identification of returning users. Cookies are stored locally on the device you use to access our website (http://www.graffithotel.com) and do not cause harm to your system. Thanks to cookies, you won't need to enter data more than once, they facilitate the delivery of specific content, and help identify your preferences (viewability and usability settings). Accumulating and analyzing this information enables us to improve our e-services and overall consumer experience so that they fit as closely as possible to your needs. You can learn about the cookies and the other technologies we use from our Cookies Policy
SECURITY OF PERSONAL DATA
GRAFIT GALLERY EOOD takes technical and organisational security measures in order to protect the personal data that you provided against accidental or unlawful destruction, accidental loss, unauthorised access, modification or disclosure, and other illegal forms of illegal processing. The security measures we apply are subject to constant improvement and adaptation to state-of-the-art technologies. The collected personal data may be made available to the partners of the GRAFIT GALLERY EOOD, which act as processors of personal data on behalf of GRAFIT GALLERY EOOD and I are committed to comply with all applicable standards for the protection of personal data. We take into account the condition that the information can only be used within the limits set by the legal basis on which it is collected or by your personal consent in respect of the processing carried out on behalf of GRAFIT GALLERY EOOD, and that this information should be treated as confidential.
GRAFIT GALLERY EOOD may disclose and provide personal information in accordance with applicable law, if the Court or an administrative body has ordered or requested or if the provision of personal data is related to the performance of a legal obligation of GRAFIT GALLERY EOOD. Data to be collected for the purposes of accommodation at Graffit Gallery Hotel is available to the third parties laid down in the Law on Tourism – the Ministry of Tourism, Varna Municipality and the Minister of the Interior, the National Revenue Agency and the National Statistical Institute.
USERS RIGHTS CONCERNING THEIR DATA
- In accordance with the applicable regulations, you have the right to ownership and access to the data you have provided for processing. By sending a written application to firstname.lastname@example.org, you can obtain information about the type of personal data provided and the purpose of processing it, as well as require that we remove any records of your personal information without the possibility of further processing. By accessing your data, you can ask for them to be corrected in case you find errors or discrepancies. The written application can be made personally (or by a person authorized by a notarized power of attorney) at the specified contact address or electronically from the e-mail address you provided as processing details. Address for contact and for exercising the rights described above: GRAFIT GALLERY EOOD, address: Varna, St. St. Constantine and Helena Resort, administrative building, e-mail: email@example.com
- Users are entitled to object to the processing of their data. The objection shall be addressed to GRAFIT GALLERY EOOD under i. 1 of this Section. GRAFIT GALLERY EOOD undertakes to consider your objection and to inform you about the outcome of the internal review within 30 calendar days of its receipt.
- Users are entitled to complaints to the competent supervisory authority. According to the current legislation, the competent supervisory authority in the Republic of Bulgaria is the Commission for Personal Data Protection.