Guest Privacy Notice

This notice contains necessary information about the processing of personal data of guests of Royal Castle Design & Spa (Elenite)and all adjacent dining and tourist facilities and related services, other than accommodation, operated by FIRST LINE HOTELS LTD. The notification has been developed in accordance with the General Data Protection Regulation (GDPR) and other relevant legislation.

Who is responsible for the processing?

Responsible for processing your information is the hotel company “FIRST LINE HOTELS” Ltd., registered in the Commercial Register kept by the Registry Agency of the Ministry of Justice, with UIC: 205481600, having its registered office in Plovdiv 4000, district 8, Princess Maria Louisa Blvd., represented by Manager Nely Ivanova (hereinafter referred to as “we” or “us”).

You can contact us by email at:

Data Protection Officer: Diana Bancheva

Email: dpo.flh@victoriagroup.bg

Phone +359 (0) 700 18 411 or by mail to the specified management address.

What personal data do we process?

When registering and staying at the hotel, we collect personally identifiable information, such as:

name and other credentials;
contact information – incl. address, phone, email;
identification information – a picture if you provided one;
video image, as long as during your visit and stay, there is video surveillance in the hotel video surveillance;
for the fulfillment of the obligations stipulated by the legislation in the field of tourism, we collect the personal identification number, names, date of birth, sex, citizenship, and number, validity and issuing country of a personal identity document;
car registration number;
IP addresses;
MAC address of computers, telephones and other personal devices;
credit / debit card details.

For what purpose do we process data?

The main reason for collecting your personal information is to identify you as guests or visitors to the hotel in order to organize your stay and planned events; to fulfill our mutual obligations under and in connection with the contract between us; to fulfill our legal obligations as a hotelier; accept and review requests, alerts or recommendations regarding our services; to ensure your security as well as that of our staff and hotel property; for administrative support for the purposes stated above.

FIRST LINE HOTELS EOOD does not carry out automated decision making, including profiling.

On what legal basis do we process your data?

We only process personal data on a valid legal basis. The legal basis for the processing of your data is the fulfillment of the commitments made to you under the service contract, between us, as well as the pre-contractual relations for its conclusion. Next, data processing is also necessary to protect your rights as a user when you file a complaint or complaint about our services. We also process your data when fulfilling our obligations under applicable law, including, but not limited to, the Tourism Act, the Accounting Act and the Foreigners Act in the Republic of Bulgaria and others.

If you consent to this, your personal data may also be used for e-marketing and providing up-to-date information on promotions, discounts and reductions related to our services.

Surveillance as a security activity is based on our legitimate interest in protecting the security of the site, the hotel property in it, and our employees, as well as your security. The same is done only in public places marked with appropriate signs. To ensure your peace of mind, we inform you that there is no video surveillance in the restrooms and relaxation areas.

Sources of information

When collecting personal data, the Administrator uses the following sources – publicly available sources of information; information provided personally by the data subject on a physical medium or presented verbally, in writing or electronically, provided information by contract with another Personal Data Administrator, as a Processing or Joint Administrator.

How long do we keep the data?

Unless otherwise required by law or regulation, data relating to your stay at the hotel are stored for no longer than necessary and in any case for no more than three years after your stay.

Videos at the Hotel shall be stored for no more than one month after the date on which they were made unless otherwise required by law or regulation.

Data processed based on your consent for e-marketing purposes shall be retained until the consent is withdrawn, but for no more than one year, unless the consent is renewed.

What measures do we take to protect the data we collect?

The protection and security of your data is important to us. To prevent loss, misuse or unauthorized access, we apply the technical and organizational security measures outlined in our organization’s internal rules and our privacy policy, available at:

FLH Privacy Policy

What rights do you have when processing your data?

We guarantee our visitors and guests the following rights regarding the protection of their data:

The right to know whether we currently store your personal data as well as access to the documents and records containing them, including the right to request a copy of your personal data processed by us;
The right to withdraw your consent to the processing of personal data in the order in which it is given (by written declaration or other free text statement) sent to the following email address: dpo.flh@victoriagroup.bg);
The right to object to processing based on our legitimate interests and / or the public interest; we will terminate processing unless there are legal grounds for it and / or the latter is not necessary to defend legal claims;
The right to ask us to correct your personal data if the data being processed is incorrect, outdated or inaccurate;
Right to request restriction of the processing of your personal data due to objection and contestation of the accuracy of the data, We may refuse a restriction in writing only for a legitimate reason;
Right to request deletion of your personal data (right to “be forgotten”);
The right to request your personal data from us in the form of transferable data to another data controller, or to request that we do so without being hindered by us;
Right to lodge a complaint with a supervisory authority (see more below).

All of the above requests will also be forwarded to third parties if they received your data when processing your personal data.

At any time you want to practice any of the above

rights (Articles 15 to 22 of the CPDP) you should contact the Data Protection Officer through the above contacts and submit an Application regarding your request as a data subject.

How do we share data with third parties?

In providing our services, we may disclose your information to third parties as well as to the following persons for the purposes set out below:

Competent tax and other state and municipal authorities when verifying or receiving a valid request for information disclosure;
With our partners (hoteliers, tour operators) in case you agree to provide you with up-to-date information;

With our consultants, e.g. accountants or lawyers in litigation;
All our authorized employees who hold a position allowing the processing of personal data;
Upon merger or merger, your data may be shared with the new owners, which will be notified.

In any case, your data will not be shared with third parties located outside the territory of the European Union, the European Economic Area and the Swiss Confederation, unless there is a European Commission decision on an adequate level of data protection or adequate measures have been taken to Protection. All third parties, who may receive your data in certain cases, will be explicitly obliged to keep and process it in accordance with the requirements of the Regulation and, where applicable, the Personal Data Protection Act and regulations

How can you contact the competent supervisory authority?

At any time you have the right to contact the competent supervisory authority – the Commission for Personal Data Protection:

personally, at the address: Sofia, Blvd. Tsvetan Lazarov ”№ 2;
by letter, to the address: Sofia, pk. 1592, Prof. Tsvetan Lazarov ”№ 2;
by fax – 029153525;
to CPDP’s email – kzld@cpdp.bg;
through the CPDP website at: https://www.cpdp.bg/.

In view of the requirements of the legislation, the above information may be amended and updated.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	session	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	session	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	session	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_L6CH1F1KEH	session	This cookie is installed by Google Analytics and is used to track website performance and visits.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.