Privacy policy – web

Privacy Policy at www.royalcastlehotel.bg

This Privacy Policy applies to the Royal Castle Design & SPA Hotel Web Site and the Online Booking Module. It does not concern the collection of information through other channels. By using our website, you consent to the collection, use and disclosure of your information as stated below in this policy. If you do not agree, please do not use this website.

The policy covers the processing and protection of personal data in accordance with the requirements of Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ).

We emphasize the importance of privacy and committed to gaining the trust of our customers by adopting high standards of privacy protection. Our policies describe the type of personal information we collect and receive, the circumstances in which we collect or receive personal information, the rules and procedures we have established, outlining its use and storage, and the sharing of certain types of personal information under certain limited circumstances, which you should follow if you have any questions or requests regarding your personal information or our policies and procedures as well as details of the person to whom they should be directed such questions or requests, as well as the means by which you can communicate with that person.

Below you will find information:

about the person responsible for processing your data;
what categories of personal data we process;
Under what conditions we process data
the objectives and legal bases for the processing;
storage deadlines and data security measures;
how to exercise your rights under the ARRD,
as well as in which cases and in what order we share your data with third parties.

In this policy This document constitutes a confidentiality notice within the meaning of the General Data Protection Regulation (ARRD). It was prepared by “FIRST LINE HOTELS” EOOD, registered in the Commercial Register kept by the Registry Agency of the Ministry of Justice, with UIC: 205481600, having its registered office and registered address in Plovdiv 4000, Central District, Blvd. Princess Maria Louisa # 8, represented by Nely Ivanova

In this policy, personal information means information about you that can personally identify you, such as your name, personal identification number and identity document, home address, e-mail address, or phone number, and which is not publicly available. It also includes information about customer preferences when such information is provided or recorded by us in the process of providing services to individuals.

TYPES OF INFORMATION WHICH WE CAN COLLECT

Contact information: name, email address, phone number or postal address if you send us a request or if you subscribe to our newsletter
Information about guest stay and loyalty: dates of arrival and departure, purchased services, special desires and preferences, use of loyalty discounts in case you make a reservation.
Payment information: credit card number in case you book online.
Business or business information: contact or other relevant information about your business if an event is organized or if your employees or intermediaries use their company profile to work with us.
Information you provide: inquiries, reviews of hotel services, job applications, and more.
Site Usage Information: You can learn more about your site interaction information, as well as about its settings and management in our Cookie Policy.

WHAT INFORMATION DO WE RECEIVE FOR YOU?

In the context of our business, it is normally necessary to collect and process information about our customers. The information is collected directly and in particular affects your name and other credentials, contact details (email, address, telephone), etc.

WAYS OF COLLECTING INFORMATION

Information you provide: in case you book online or contact us.
Automatically through cookies: We use tracking technologies, such as cookies, to collect information about you on an anonymous basis, in accordance with current legislation.
From third parties: from people authorized to act on your behalf – if they make a reservation for you, from social networks, advertising and analysis service providers.

WHY DO WE COLLECT YOUR DATA?

In the event that you express your explicit consent, your data will be used to provide information about promotions and other interesting information related to our services.
We use the information to respond to your inquiries: We will use the information to provide the services you have requested, such as executing a request for a hotel reservation.
We use information to improve the site and services: We may use your information to improve our services. We may also use your information to personalize your tourist experience.
We use information to analyze site performance: We can process your information on an anonymous basis to improve site performance.
We use information for marketing purposes: We may send you information about new services and offers. We may also use your information to provide you with advertisements for our offers. In case you sign up for our newsletter, you will receive our promotional emails. Before we begin marketing, we receive your consent under current legislation. Below you can read more about your consent and how you can control it.
We use information to communicate with you: We may be contacted on your future booking or event.
We also use information in other ways permitted under current law.

WHAT LEGAL BASIS PROCESS YOUR DATA?

The implementation of the forms of e-marketing processing requires your explicit consent to be informed by email, call and / or SMS for discounts, promotions, lotteries and other marketing activities. Your consent can be given by ticking the appropriate box at the end of this notice. The site uses more forms and tools to provide service and sales (such as bookings).

WHAT MEASURES TO PROTECT COLLECTED DATA WE DO?

The protection and security of your data is important to us. To prevent loss, misuse or unauthorized access, we apply all reasonable measures and remedies. However, if you suspect a violation, we ask you to contact us immediately through the contact details.

WHAT DURATION DO WE STORE YOUR DATA?

Data processed for e-marketing, based on the customer’s explicit consent, is retained until the agreement is withdrawn but not more than a year after it has been granted unless you renew your consent to receive marketing information.

WHAT RIGHTS DO YOU USE IN THE PROCESSING OF YOUR DATA?

The ARRD provides for a number of options for the protection of individuals with regard to the collection and processing of data, in particular:

right of access and information on the processing of your data;
the right to object to the processing when the data are processed on the legitimate interest of the company;
the right to withdraw your consent to processing the data when it is processed only on your explicit consent;
the right of portability of the data processed on your explicit consent, depending on your instructions, we will provide you with a copy of the same or will automatically transfer it to another organization;
Right of rectification in case the data we store for you is not accurate;
the right to ask for “to be forgotten” when the data is processed on the basis of your consent or the processing is, at first, illegal.
right to file a complaint with a supervisor (see below).

WHAT WILL YOUR SHARES WITH THIRD PARTIES SELL YOUR DATA?

With a view to providing our services, providing the hotel security and obtaining up-to-date information, we may provide your data to third parties as well as to the following for the purposes listed below:

other hotels of the WG group, when necessary and legally permissible;
competent tax authorities and other state bodies during inspection;
partners of the BG (eg tour operators, accountants, external archives or lawyers), including through the Opera S & C and Opera PMS platforms; Clock Evolution, Travelclick, Clientrix, BookOnlineNow
when merged or merged, your data can be shared with the new owner (s) you will be notified of.
In any case, your data will not be shared with third parties established outside the EEA (EU, Norway, Iceland and Liechtenstein), unless expressly permitted by local law and adequate safeguards are in place.
We share your information with third-party processing data that performs selected services on our behalf. We share your information with service providers who send emails to us, such as Mailchimp. We also share information with companies that help us manage our site, analytics, search engines that work on our behalf, partners like social networks that promote and advertise.

YOU HAVE THE RIGHT TO REMOVE YOUR AGREEMENT

You may opt out of receiving marketing emails. To stop receiving our promotional emails, you can unsubscribe from the newsletter in any promotional message you receive from us. Even unsubscribing from your advertising messages, you may receive transaction-related messages, including answers to your inquiries.

You can manage cookies and tracking technologies. To learn how to manage cookies and other similar tools, please review our Cookies Policy.

You can control the tools on your mobile devices. You can turn off the location or send notifications from the mobile device you are using. These settings depend on the type of the device.

Standard security measures

Users under 18: The site is for adults only. We do not intend to collect information about children under the age of 18, with whom they can be identified without the permission of their parent or guardian.
SSL certificate: Your information is encrypted using the SSL certificate on the site. However, we can not guarantee that your use of the site will be completely secure. Any transmission of your data on our site is at your own risk.
Links to third-party sites: We are not responsible for third-party sites that we link to or for their policies. If you click a link to a third-party site, please read the privacy policy of the other site carefully and choose whether to continue using it or not.
Data retention: we keep information, as required by law, within the timeframe required to perform the activities described in this Privacy Policy.

IN WHAT WAY CAN YOU CONCENT WITH THE COMPETENT SUPERVISORY AUTHORITY?

Notwithstanding the foregoing, in complaints you have the right to contact the Personal Data Protection Commission (CPDP):

personally, at: “Prof. Tsvetan Lazarov “№ 2;
by letter, to the address: Sofia, pk. 1592, “Prof. Tsvetan Lazarov “№ 2;
by fax – 029153525;
the e-mail of the CPDP – kzld@cpdp.bg;
through the CPDP website at: https://www.cpdp.bg/.
We reserve the right to periodically update this policy, which is why we encourage you to periodically review it to determine how we process and protect your personal information.

If you have questions about our Privacy Policy or wish to make a claim and exercise rights with respect to your personal data, please contact our

Data Protection Officer:

e-mail: dpo.flh@victoriagroup.bg

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	session	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	session	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
PHPSESSID	session	This cookie is native to PHP applications. The cookie is used to store and identify a users' unique session ID for the purpose of managing user session on the website. The cookie is a session cookies and is deleted when all the browser windows are closed.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	session	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_L6CH1F1KEH	session	This cookie is installed by Google Analytics and is used to track website performance and visits.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.