• Bulgaria, 1404 Sofia, Bulgaria 83 A blvd.

Privacy Policy

RULES FOR COLLECTION AND PROCESSING OF PERSONAL DATA IN FESTA HOTELS AD

 

These rules have been developed in the implementation of Art. 12 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016

 

I. ADMINISTRATIVE INFORMATION

 

Festa Hotels AD, UIC 175286794, with registered office and address of management: Sofia, 83A Bulgaria Blvd., represented by Executive Director Kaloyan Nikolov. Personal Data Protection Officer: Ralitsa Spasova. Contacts with the company: Sofia, 83A Bulgaria Blvd., tel. 028189750, e-mail: office@festahotels.com; Contacts with the personal data protection official: Sofia, 83A Bulgaria Blvd., tel. 02 902 37 96, e-mail: gdpr@festahotels.com

 

II. CATEGORIES OF PERSONAL DATA AND PURPOSES OF PROCESSING

 

1. For the needs of the hotel reservation the following personal data are collected:


Name, surname, telephone and e-mail address. The purpose is for the person who made the reservation to be recognized upon arrival at the hotel.


2. For the needs of the registration of hotel guests the following personal data are collected:


From foreigners who are not citizens of a Member State of the European Union (EU) or a state party to the Agreement on the European Economic Area, or of the Swiss Confederation, under Art. 116, para. 2 of the Tourism Act and Order № Т-РД-04-10 / 11.06.2019 of the Minister of Tourism the following personal data are collected: full name of the person, personal identification code (if any), date of birth, sex, citizenship, number and series of the identity document, the country that issued the country that issued the identity document.
From Bulgarian citizens, citizens of a Member State of the European Union (EU) or of a state party to the Agreement on the European Economic Area, or of the Swiss Confederation on the grounds of Art. 116, para. 2 of the Tourism Act and Order № Т-РД-04-10 / 11.06.2019 of the Minister of Tourism the following personal data are collected: full name of the person, PIN / PIN, personal identification number (if any), date of birth, sex, citizenship, identity document number, the country that issued the identity document.
The data collected during the registration of hotel guests are kept for two years, after which they are destroyed or deleted.


3. When applying for a job, the following personal data shall be collected:


Name and surname, education, telephone, email and professional experience with previous employers. The term for the storage of the personal data of candidates and participants in recruitment and selection procedures is 6 months from the date of completion of the selection. The provision of this data is voluntary and implies its provision. This is the minimum necessary information for the employer to decide on an employment contract with a particular candidate. After this date, the documents of the candidates and participants are deleted or destroyed. If the applicant has given his consent, his personal data may be stored for a period longer than 6 months. In this case, the purpose and deadline for data retention shall be indicated.


4. The types of personal data for the employment relationship are defined in the Rules of Procedure of the company.


5. The following personal data are collected from the contractors of the company natural person:  

 Names of the contractor natural person, PIN, address, contact phone. They are collected for the needs of social security and tax purposes. Legal basis of Art. 7, para. 6 CSR and Art. 73 of the Personal Income Tax Act. The following personal data are collected from the legal representatives and authorized representatives of the legal entities: names, PINs and addresses (in the cases provided by law) and contact telephone numbers.

 

III. COLLECTION OF PERSONAL DATA THROUGH VIDEO SURVEILLANCE AND VIDEO RECORDING

 

It is carried out in the common areas of the hotels and the area around them, in the common areas of the central office, for which the relevant information boards are placed. Grounds: Art. 5, para. 2, item 4 of Ordinance № 8121h-1225 of 27 September 2017 on the types of sites under Art. 23, para. 1 of the Counter-Terrorism Act, whose owners and users develop and implement counter-terrorism measures, the minimum requirements for these measures and the procedure for exercising control, issued by the Minister of Interior and the Chairman of SANS. Upon request, they are provided to the bodies of the Ministry of Interior and the State Agency for National Security according to the respective order. The grounds for video surveillance in the common parts of the hotels and the area around them is the Ordinance on the requirements for accommodation and catering establishments and on the procedure for determining the category, refusal,
According to the requirements for service in hotels of all categories, the hotelier must ensure the safety and security of tourists through hired or own security and technical means. Video surveillance is one of these technical means. They are provided to the bodies of the Ministry of Interior upon request by the respective order. The records of the performed video surveillance shall be kept for 2 months after their preparation (Art. 56, para 4 of the Private Security Activity Act).

 

IV. RIGHTS OF THE PERSONS WHO PROVIDED PERSONAL DATA TO FESTA HOTELS AD

 

1. Access to personal data. 

 Everyone has the right to access their own personal data. An application is submitted. Within 7 days from the submission of the application, Festa Hotels AD provides the requested information or informs the person that the data have been deleted or the media on which they are contained have been destroyed.


2. Correction of personal data.  

Everyone has the right to request the correction of their personal data if the data is inaccurate. An application is submitted. Within 7 days from the submission of the application, Festa Hotels AD shall correct and inform the person that his data have been corrected or have been deleted or the media on which they are contained have been destroyed.


3. Restrictions on the processing of personal data.

 Everyone has the right to request that the processing by the controller or processor be restricted. An application is submitted. within 7 days from the submission of the application Festa Hotels AD performs the requested restriction of processing and informs the person that the processing of his personal data is limited or they have been deleted or the media they contain are destroyed. If the processing of personal data cannot be restricted, the legal basis for this shall be stated.


4. Exercise the right to be forgotten.  

Anyone who has provided personal data to Festa Hotels AD may exercise their right to be "forgotten" and their personal data to be deleted by applying.


5. The application for access, restriction of the processing, correction and deletion of personal data shall be submitted personally by the person or by his / her proxy with a power of attorney with notarized signatures or by a lawyer with an explicit power of attorney and shall contain: 1. name, address, unique civil number or personal number or another similar identifier, or other identification data of the natural person, determined by the administrator, in connection with the activity performed by him, description of the request; preferred form for receiving information when exercising the rights under Art. 15 - 22 of Regulation (EU) 2016/679, signature, date of application and address for correspondence. The application is submitted by mail, courier or address of the management of the company. When applying by an authorized person, the power of attorney shall be attached to the application.
Within 14 days from the submission of the application, Festa Hotels AD informs the person that:
- His request has been granted.
- His request was not granted and the legal basis for this was stated. It is indicated when the obligation of Festa Hotels AD to store and process the data is terminated.


6. The above-mentioned terms regarding access, correction, restriction of the processing and exercise of the right to be forgotten do not run during the days of the official holidays under art. 154 of the Labor Code.


7. Data portability.

 The data subject has the right to receive personal data concerning him and which he has provided to Festa Hotels AD, in a structured, widely used and machine-readable format and has the right to transfer this data to another administrator under Art. . 20 of Regulation 2016/679.


8. Right to object. 

The data subject has the right, at any time and on grounds relating to his specific situation, to object to the processing of personal data relating to him under the terms of Art. 21 of Regulation 2016/679.


9. Automated individual decision making, including profiling.

 The data subject has the right not to be the subject of a decision based solely on automated processing, including profiling, which has legal consequences for the data subject or similarly affects him significantly in the application of Art. 22 of Regulation 2016/679. 

 

V. COMMUNICATION OF THE DATA SUBJECT ON BREACH OF PERSONAL DATA SECURITY

If the breach of personal data security is likely to pose a high risk to the rights and freedoms of individuals, Festa Hotels AD without undue delay shall notify the data subject of the breach of personal data security under the terms of Art. 34 of Regulation 2016/679.

 

VI. SUBMITTING A COMPLAINT IN THE EVENT OF VIOLATED RIGHTS IN THE PROCESSING OF PERSONAL DATA

Anyone can file a complaint if they believe that the processing of their personal data "Festa Hotels" AD has violated the Personal Data Protection Act and Regulation 2016/679. The complaint shall be submitted to the Commission for Personal Data Protection within six months of learning of the violation, but not later than two years from its commission.

 

VII. PROVISION OF PERSONAL DATA TO PERSONS OUTSIDE THE COMPANY

Under Art. 116 of the Tourism Act, the Ordinance on the organization of the Unified Tourist Information System and Order № Т-РД-04-10 / 11.06.2019 of the Minister of Tourism personal data are provided to the Service for Administrative Control of Foreigners or in the regional administration of the Ministry of Interior at the location of the hotel.

 

October 2019 version