Guest Privacy Notice
This notice contains necessary information about the processing of personal data of guests of Royal Castle Design & Spa (Elenite)and all adjacent dining and tourist facilities and related services, other than accommodation, operated by FIRST LINE HOTELS LTD. The notification has been developed in accordance with the General Data Protection Regulation (GDPR) and other relevant legislation.
Who is responsible for the processing?
Responsible for processing your information is the hotel company “FIRST LINE HOTELS” Ltd., registered in the Commercial Register kept by the Registry Agency of the Ministry of Justice, with UIC: 205481600, having its registered office in Plovdiv 4000, district 8, Princess Maria Louisa Blvd., represented by Manager Nely Ivanova (hereinafter referred to as “we” or “us”).
You can contact us by email at:
Data Protection Officer: Diana Bancheva
Email: dpo.flh@victoriagroup.bg
Phone +359 (0) 700 18 411 or by mail to the specified management address.
What personal data do we process?
When registering and staying at the hotel, we collect personally identifiable information, such as:
- name and other credentials;
- contact information – incl. address, phone, email;
- identification information – a picture if you provided one;
- video image, as long as during your visit and stay, there is video surveillance in the hotel video surveillance;
- for the fulfillment of the obligations stipulated by the legislation in the field of tourism, we collect the personal identification number, names, date of birth, sex, citizenship, and number, validity and issuing country of a personal identity document;
- car registration number;
- IP addresses;
- MAC address of computers, telephones and other personal devices;
- credit / debit card details.
For what purpose do we process data?
The main reason for collecting your personal information is to identify you as guests or visitors to the hotel in order to organize your stay and planned events; to fulfill our mutual obligations under and in connection with the contract between us; to fulfill our legal obligations as a hotelier; accept and review requests, alerts or recommendations regarding our services; to ensure your security as well as that of our staff and hotel property; for administrative support for the purposes stated above.
FIRST LINE HOTELS EOOD does not carry out automated decision making, including profiling.
On what legal basis do we process your data?
We only process personal data on a valid legal basis. The legal basis for the processing of your data is the fulfillment of the commitments made to you under the service contract, between us, as well as the pre-contractual relations for its conclusion. Next, data processing is also necessary to protect your rights as a user when you file a complaint or complaint about our services. We also process your data when fulfilling our obligations under applicable law, including, but not limited to, the Tourism Act, the Accounting Act and the Foreigners Act in the Republic of Bulgaria and others.
If you consent to this, your personal data may also be used for e-marketing and providing up-to-date information on promotions, discounts and reductions related to our services.
Surveillance as a security activity is based on our legitimate interest in protecting the security of the site, the hotel property in it, and our employees, as well as your security. The same is done only in public places marked with appropriate signs. To ensure your peace of mind, we inform you that there is no video surveillance in the restrooms and relaxation areas.
Sources of information
When collecting personal data, the Administrator uses the following sources – publicly available sources of information; information provided personally by the data subject on a physical medium or presented verbally, in writing or electronically, provided information by contract with another Personal Data Administrator, as a Processing or Joint Administrator.
How long do we keep the data?
Unless otherwise required by law or regulation, data relating to your stay at the hotel are stored for no longer than necessary and in any case for no more than three years after your stay.
Videos at the Hotel shall be stored for no more than one month after the date on which they were made unless otherwise required by law or regulation.
Data processed based on your consent for e-marketing purposes shall be retained until the consent is withdrawn, but for no more than one year, unless the consent is renewed.
What measures do we take to protect the data we collect?
The protection and security of your data is important to us. To prevent loss, misuse or unauthorized access, we apply the technical and organizational security measures outlined in our organization’s internal rules and our privacy policy, available at:
What rights do you have when processing your data?
We guarantee our visitors and guests the following rights regarding the protection of their data:
- The right to know whether we currently store your personal data as well as access to the documents and records containing them, including the right to request a copy of your personal data processed by us;
- The right to withdraw your consent to the processing of personal data in the order in which it is given (by written declaration or other free text statement) sent to the following email address: dpo.flh@victoriagroup.bg);
- The right to object to processing based on our legitimate interests and / or the public interest; we will terminate processing unless there are legal grounds for it and / or the latter is not necessary to defend legal claims;
- The right to ask us to correct your personal data if the data being processed is incorrect, outdated or inaccurate;
- Right to request restriction of the processing of your personal data due to objection and contestation of the accuracy of the data, We may refuse a restriction in writing only for a legitimate reason;
- Right to request deletion of your personal data (right to “be forgotten”);
- The right to request your personal data from us in the form of transferable data to another data controller, or to request that we do so without being hindered by us;
- Right to lodge a complaint with a supervisory authority (see more below).
All of the above requests will also be forwarded to third parties if they received your data when processing your personal data.
At any time you want to practice any of the above
rights (Articles 15 to 22 of the CPDP) you should contact the Data Protection Officer through the above contacts and submit an Application regarding your request as a data subject.
How do we share data with third parties?
In providing our services, we may disclose your information to third parties as well as to the following persons for the purposes set out below:
- Competent tax and other state and municipal authorities when verifying or receiving a valid request for information disclosure;
- With our partners (hoteliers, tour operators) in case you agree to provide you with up-to-date information;
- With our consultants, e.g. accountants or lawyers in litigation;
- All our authorized employees who hold a position allowing the processing of personal data;
- Upon merger or merger, your data may be shared with the new owners, which will be notified.
In any case, your data will not be shared with third parties located outside the territory of the European Union, the European Economic Area and the Swiss Confederation, unless there is a European Commission decision on an adequate level of data protection or adequate measures have been taken to Protection. All third parties, who may receive your data in certain cases, will be explicitly obliged to keep and process it in accordance with the requirements of the Regulation and, where applicable, the Personal Data Protection Act and regulations
How can you contact the competent supervisory authority?
At any time you have the right to contact the competent supervisory authority – the Commission for Personal Data Protection:
- personally, at the address: Sofia, Blvd. Tsvetan Lazarov ”№ 2;
- by letter, to the address: Sofia, pk. 1592, Prof. Tsvetan Lazarov ”№ 2;
- by fax – 029153525;
- to CPDP’s email – kzld@cpdp.bg;
- through the CPDP website at: https://www.cpdp.bg/.
In view of the requirements of the legislation, the above information may be amended and updated.