Quinta hotel chatbot

PRIVACY POLICY

Hotel Policies

Please read this document carefully. It contains the Policy for the protection of personal data of customers of „PMK-1 EOOD“ („Policy/ta”) and aims to explain the practices related to the processing of personal data in the context of the services provided and the activities performed.

This Policy has been prepared in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC (the Regulation).

POLICY FOR THE PROTECTION OF PERSONAL DATA OF CUSTOMERS OF B1 BOUTIQUE HOTEL SOFIA

General provisions

Art. 1. In connection with the provision of its services and the performance of its activities, „PMK-1 EOOD („B1 BOUTIQUE HOTEL SOFIA“) processes as an administrator the personal data of its customers – individuals, as well as the personal data of other individuals specified below („Data subjects“/ „You“), in accordance with the rules and principles provided for in this Policy.

Art. 2. „PMK-1 EOOD is a company with EIK 206446851, with headquarters and management address in. Sofia 1229, Vrabnitsa district gh. Vrabnitsa“, st. „Vladimir Zografov “ №86, phone: +359 877 810 010, e-mail address reservations@b1hotel.bg

 VAT number: BG206446851

Data subjects

Art. 3. (1) In connection with the services provided, B1 Boutique Hotel Sofia processes information about the following Data Subjects:

(a) natural persons visiting the website https://b1hotel.bg/bg/contact-us-bg/ (Website);

(b) natural persons who make reservations on their own behalf or on behalf of another natural or legal person through the Website;

(c) natural persons using the services provided by B1 BOUTIQUE HOTEL SOFIA , including but not limited to hotel accommodation services, catering and related services, providing premises for organizing conference and other events, etc. sub. as well as natural persons representing or otherwise acting on behalf of legal entities that use these services;

(d) natural persons who have made, on their own behalf or on behalf of another person they represent, inquiries (including but not limited to by e-mail, by fax, by calling, using the Instant Messaging functionality of the Website, etc.), requests, signals, complaints or other correspondence to B1 BOUTIQUE HOTEL SOFIA;

(e) natural persons, information about which is contained in inquiries (including by calling or using the Instant Messaging functionality of the Website), requests, signals, complaints or other correspondence to B1 BOUTIQUE HOTEL SOFIA .

(2) The services of B1 BOUTIQUE HOTEL SOFIA can only be requested by persons with legal capacity who have reached the age of 18.  

Categories of personal data

Art. 4. The information (categories of personal data) that B1 BOUTIQUE HOTEL SOFIA processes regarding the Data Subjects in accordance with this Policy may include:

  1. In connection with the provision of hotel accommodation services:

(a) Identification data: names of guest; date of birth; gender; nationality; national identification number (as social security number for Bulgarian citizens) and/or identity document number; date of issuance of an identity document; validity of identity documents; country that issued the identity document; signature.

(b) Contact details: telephone; e-mail address; address.

(c) Information related to hotel accommodation: room number; floor; dates of stay (arrival date and departure date); length of stay (number of nights spent); use of travel package; room type preference (smokers/non-smokers); VIP guest status;

(e) Additional information related to hotel accommodation upon express request by the user of the services: special requirements and preferences, incl. for type of press, for food and beverages; special requirements related to food products, beverages and other substances with which there is an obstacle for the guest to come into contact/contact (regardless of the reason).

  1. Data relating to payments and issuing of invoices: information on method of payment (in cash, by bank transfer, by credit card, etc.); information on payments due and made; information on payment term and on arrears/unpaid debts; bank information (bank, IBAN, bank account holder); currency of payment made; number, validity and credit/debit card holder; CVC code; data, contained in an authorization form for payment (slip); name of a legal entity; address of a legal entity; VAT number and/or other identification, tax or registration number (TIN for natural persons); authorization forms (signed).
  2. In connection with the provision of restaurant services:

(a) Identification data: names.

(b) Contact details: telephone; e-mail address; address.

(c) Data related to payments and issuing invoices: credit/debit card number, validity and holder; CVC code; name of legal entity; address of legal entity; VAT number and/or other tax or registration number (for ET and for individuals); authorization forms (signed).

(d) Information related to preferences (when explicitly requested by the user): food and beverage preferences; preferred payment method; special requirements related to food products, beverages and other substances with which there is an obstacle for the guest to come into contact/contact (regardless of the reason).

 

 

  1. In cases where the Data Subject represents another person (e.g. company): information about which person and in what capacity (including workplace, position), as well as information about the services requested/orders placed in this capacity. Accordingly, in cases where the services are requested by a person other than the Data Subject in favor of the Data Subject – in what capacity the Data Subject will use the services, by whom they are requested, by whom the payment will be made, etc. under. (e.g. in the case of accommodations organized by an employer or business partner of the Data Subject, etc. under).

cases where the Data Subject represents another person (e.g. company): information about which person and in what capacity (including workplace, position), as well as information about the services requested/orders placed in this capacity. Accordingly, in cases where the services are requested by a person other than the Data Subject in favor of the Data Subject – in what capacity the Data Subject will use the services, by whom they are requested, by whom the payment will be made and the like. (e.g. for accommodations organized by an employer or business partner of the Data Subject and the like).

  1. In connection with the issuance of customer discount cards:

(a) Identification data: names.

(b) discount information that can be used with the relevant customer card.

  1. In relation to the services and functionalities of the Website:

(a) Data processed in connection with making a reservation for hotel accommodation: names; e-mail address; telephone; country; credit/debit card number, validity and holder; CVC code; number of rooms; number of guests, including number of adults and number of children; corporate code/access code; event participant code and/or group accommodation; reservation number; special offers and guest preferences (when explicitly indicated in the reservation form); package details (eg. Honeymoon package, special occasion package, Explore Sofia weekend package, etc.).

(b) Data processed in connection with making purchases in an electronic store on the Website, available at https://b1hotel.bg/bg/contact-us-bg//: registration data (names; e-mail address; telephone; fax; name of a legal entity; address; town; postal code; area; country; password); order history; data on purchased vouchers (number; requested personal message); history of payments made; credit/debit card number, validity and holder; CVC code; bank account details; order number;

(c) Unstructured content from conversations with and inquiries to a booking agent through the Instant Messaging functionality of the Website.

 

(d) Information from logins to log in to an account, from server logs and from logs of security protection devices (Web Application Firewalls), etc. devices falling into this category: date and time, IP address, URL, browser and device information.

(e) „Cookies“: The use of „cookies“ is necessary for the functioning of the Website. A detailed description of the „cookies“ used, their purpose and the information processed through them can be found in the „cookies“ Policy of B1 BOUTIQUE HOTEL SOFIA, available at: https://b1hotel.bg/bg/contact-us-bg/

In relation to complaints, applications, requests, requests and signals submitted by customers (including in free text): unstructured information contained in the relevant complaints, applications, requests, requests and signals.

Video surveillance and security

Art. 5. (1) In accordance with the requirements of the applicable legislation, B1 BOUTIQUE HOTEL SOFIA implements security measures, which include the following technical and organizational means to control access and to ensure physical security against encroachments on buildings and objects and to protect the life and health of citizens: physical security, security alarm systems and video control system, performing 24-hour video surveillance and consisting of recording and storage devices.

(2) Video surveillance and video recording can be carried out in publicly accessible areas and premises in the buildings of B1 BOUTIQUE HOTEL SOFIA and in those for which a special access regime is provided. No video surveillance is carried out in the guest rooms, sanitary and hygienic rooms, recreation rooms, etc. under. Data from video surveillance activities are stored in a restricted monitoring room and 24-hour security.

(3) Through information boards placed in a prominent place, Data Subjects and other visitors who may be photographed shall be notified of the use of technical means of monitoring and control and of any other relevant information in relation to the monitoring carried out.

 

Direct Marketing

Art. 6. (1) In the presence of express consent from the Data Subject B1 BOUTIQUE HOTEL SOFIA , resp. other companies related to or partners B1 BOUTIQUE HOTEL SOFIA may process the following personal data: names; telephone; address; e-mail address; information about the type and volume of used and preferred services provided by B1 BOUTIQUE HOTEL SOFIA and other data expressly mentioned in the relevant consent, for the purposes of direct marketing such as offering other goods and services, including offering goods and/or services offered by other persons, conducting surveys, surveys with a view to improving the quality of the services provided, etc. under. according to the scope of the specifically given consent.

(2) When personal data are processed for direct marketing purposes, the Data Subject has the right at any time to object to this processing of personal data. In these cases, the processing of personal data for these purposes is terminated.

(3) The data subject has the right at any time to withdraw his consent to the processing of his personal data for direct marketing purposes. In these cases, the processing of personal data based on the given consent is terminated.

(4) Profiling for direct marketing purposes can only be carried out with the express consent of the Data Subject, applying at least the following additional guarantees for their rights and interests: right to human intervention by the administrator; the right to express their point of view and the right to challenge decisions based on profiling. At the moment, B1 BOUTIQUE HOTEL SOFIA does not carry out such personal data processing activities.

Purposes for processing personal data

Art. 7. B1 BOUTIQUE HOTEL SOFIA collects, stores and processes the information described in articles 4, 5 and 6 above, for the purposes provided for in this Policy and in the general conditions (contract) for the use of the relevant services it provides. Depending on the legal basis for the processing, these purposes can be:

(a) purposes related to compliance with legal obligations of B1 BOUTIQUE HOTEL SOFIA;

(b) purposes related to and/or necessary for the performance of contracts concluded with B1 BOUTIQUE HOTEL SOFIA or for taking steps at the request of the Data Subject before concluding a contract;

(c) purposes of the legitimate interest of B1 BOUTIQUE HOTEL SOFIA or third parties;

(d) purposes for which the Data Subject has consented to the processing of his data.

Art. 8. The purposes for processing personal data by B1 BOUTIQUE HOTEL SOFIA  related to compliance with legal obligations include:

  1. keeping a register for the accommodated tourists and submitting information from it to the competent authorities according to the statutory procedure;
  2. address registration of foreigners according to the requirements of the applicable legislation;
  3. withholding and payment of tourist tax;
  4. activities related to the development and introduction of measures to counter terrorism;
  5. servicing signals, complaints, requests to exercise rights and the like, as well as complaints and commercial guarantees (if applicable), including the preparation of responses to them;
  6. accounting, invoicing and reporting of payments received and made in accordance with the current tax and accounting legislation;
  7. other activities in fulfilling legal obligations (tax, accounting, regulatory, licensing, etc.) of B1 BUTKK HOTEL SOFIA ‘, related to providing information to competent state and judicial authorities and to providing assistance in inspections by competent authorities.

Art. 9. The purposes for processing personal data by B1 BOUTIQUE HOTEL SOFIA  related to and/or necessary for the performance of contracts or for taking steps at the request of the Data Subject before concluding a contract with B1 BOUTKK HOTEL SOFIA  include:

  1. acceptance, administration and processing of reservations and cancellations;
  2. customer service, including the provision of online services through the Website;
  3. providing the possibility of registering an account and administering and maintaining the registered accounts in the online store accessible through the Website;
  4. administration, execution and delivery of purchases made through the Website;
  5. carrying out communication related to the services provided;
  6. administration and receipt of payments for the services provided, incl. remotely;
  7. providing a guarantee for reservations made and for the payment of hotel accommodation and additional requested services;

 

  1. financial and accounting activity and administration, processing and collection of due payments for the services provided;
  2. recovery of wrongly transferred amounts;
  3. ensuring an individual approach to the provision of services, tailored to the preferences stated by their users.

Art. 10. The purposes for processing personal data related to the realization of the legitimate interests of GRAND HOTEL SOFIA or third parties include:

  1. Legitimate interest – (1.1.) exercise and protection of the legal rights and interests of B1 BOUTIQUE HOTEL SOFIA ; and (1.2.) assistance in exercising and protecting the legal rights and interests of customers; of other persons related to B1 BOUTIQUE HOTEL SOFIA ; of employees of B1 BOUTIQUE HOTEL SOFIA; of persons processing personal data on behalf of B1 BOUTIQUE HOTEL SOFIA; and to commercial partners of B1 BOUTIQUE HOTEL SOFIA:

(a) establishing, exercising or defending legal claims of the above-mentioned persons under item. (1.1) etc. (1.2), incl. and by court order, including submission of complaints, signals, etc. under to the competent state and judicial authorities;

(b) video surveillance and access control in order to protect the property of B1 BOUTIQUE HOTEL SOFIA, prove the fulfillment of the applicable requirements, ensure physical security against encroachments on buildings and objects and protect the life and health of citizens;

(b) taking actions to suspend the provision of services in case of refusal of payment, violation of the rules and policies established by B1 BOUTIQUE HOTEL SOFIA, etc. under;

(c) administration and servicing of received complaints, signals, requests, etc. under;

(d) collection of receivables owed to B1 BOUTIQUE HOTEL SOFIA, including by compulsory order and/or by assignment to third parties, as well as transfer of receivables to third parties (assignments) in accordance with the procedure established by law;

(e) issuing notarial invitations.

 

  1. Legitimate interest – analysis, planning and increasing the quality of services provided by B1 BOUTIQUE HOTEL SOFIA:

(a) maintaining a copy of the data from the internal information system, in connection with the current state of the hotel (employment, obligations, etc.) in the event of a breakdown of the information systems;

(b) receiving, processing and preparing responses to submitted applications, requests, etc. sub. unrelated to complaints and complaints from the Services used;

(c) customer and service user satisfaction survey;

(d) control, analysis and optimization of business processes to improve the quality of services.

  1. Legitimate interest – ensuring the normal functioning and use of the Website:

(a) maintenance and administration of the Website;

(b) detecting and resolving technical issues with the functionalities of the Website;

(c) taking measures against malicious actions against the security and normal functioning of the Website.

  1. Legitimate interest – carrying out hotel and restaurant activities and providing quality hotel and restaurant services:

(a) administration and management of the services provided by B1 BOUTIQUE HOTEL SOFIA;

(b) management and quality control of the services provided;

(c) receiving feedback on the services provided.

Art. 11. The purposes for processing personal data on the basis of consent given by the Data Subject include:

  1. Sending marketing and advertising messages about services, special offers, packages, events and the like;
  2. Research and receive feedback on the quality of services;
  3. Sending newsletters;
  4. Other purposes for which consent has specifically been provided by the Data Subject.

Provision of personal data and consequences for refusal to provide them to B1 BOUTIQUE HOTEL SOFIA

Art. 12. (1) GRAND HOTEL SOFIA clearly indicates, where applicable and in an appropriate way, whether the indication/provision of the relevant data and/or documents is mandatory or constitutes a requirement necessary for the conclusion or performance of a contract, as well as the consequences of refusal to provide.

(2) If additional clarifications are needed, any Data Subject may request such clarifications at the sites of B1 BOUTIQUE HOTEL SOFIA or make an inquiry to the contacts specified in Article 23 of this Policy.

(3) Refusal to provide data and documents specified as mandatory may constitute an insurmountable obstacle to the provision of a service by B1 BOUTIQUE HOTEL SOFIA, to the satisfaction and fulfillment of submitted requests, applications, requests, signals, etc. sub. which exempts B1 BOUTIQUE HOTEL SOFIA from liability for non-performance.

(4) Refusal to provide data and documents or the provision of incorrect ones may lead to the impossibility of providing the relevant services or to the suspension of access to services provided by B1 BOUTIQUE HOTEL SOFIA

 

(5) Data subjects should not provide B1 BOUTIQUE HOTEL SOFIA any special categories of data within the meaning of Art. 9 and Art. 10 of the Regulation (namely: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data, data on the state of health or data on the individual’s sex life or sexual orientation; and personal data relating to convictions and offences).

Other sources of personal data

Art. 13. (1) In some cases, the personal data processed by B1 BOUTIQUE HOTEL SOFIA are not collected or received directly from the Data Subject to whom they refer, but from third parties such as:

  1. Persons representing, working for or otherwise cooperating with a Data Subject;
  2. Event organizers – regarding information about event participants;
  3. Commercial partners (e.g. reservation sites such as com; travel agents, other persons who provide intermediary services when making reservations or when requesting other services and the like) B1 BOUTIQUE HOTEL SOFIA;
  4. Competent state and judicial authorities.

(2) The persons referred to in paragraphs 1, items 1-3 undertake to inform the Data Subjects whose data they provide to and to ensure that they provide the data on the basis of a valid legal basis.

Information processing by third parties – personal data processors

Art. 14. (1) For the purposes specified in this Policy, B1 BOUTIQUE HOTEL SOFIA may outsource personal data processing activities to third parties – personal data processors, in accordance with and within the framework of the requirements of the Regulation and other applicable rules for the protection of personal data.

(2) When personal data is disclosed to and processed by personal data processors, this will only be done to the extent and in the volume necessary for the performance of the tasks assigned to them by B1 BOUTIQUE HOTEL SOFIA.

(3) The processors of personal data act on behalf of B1 BOUTIQUE HOTEL SOFIA and are obliged to process the personal data only and only in strict compliance with the instructions of B1 BOUTIQUE HOTEL SOFIA and will not have the right to use or process in any other way the information for purposes other than for the purposes specified in this Policy.

Categories of recipients of personal data

Art. 15. B1 BOUTIQUE HOTEL SOFIA does not disclose personal data about the Data Subject to third parties, except in cases where:

  1. this is necessary to fulfill a legal obligation of B1 BOUTIQUE HOTEL SOFIA:

(a) competent state, municipal or judicial authorities;

(b) auditors;

  1. this is expressly provided for in the Policy and/or in the general conditions (contract) for the use of the relevant services that B1 BOUTIQUE HOTEL SOFIA provides:

(a) processors of personal data on assignment from B1 BOUTIQUE HOTEL SOFIA;

(b) debt collection companies.

  1. this is necessary to provide the services of B1 BOUTIQUE HOTEL SOFIA:

(a) banks and payment service providers;

(b) postal and courier service providers;

 

(c) commercial partners of B1 BOUTIQUE HOTEL SOFIA such as: reservation sites; travel agencies and other providers of tourist or other auxiliary services such as rental cars, taxi and other transport services and the like

  1. The data subject has given his express consent – the persons provided for in the relevant consent (e.g. related to B1 BOUTIQUE HOTEL SOFIA, commercial partners of B1 BOUTIQUE HOTEL SOFIA and the like);
  2. this is necessary to protect the rights or legitimate interests of B1 BOUTIQUE HOTEL SOFIA, third parties or the Data Subject:

(a) state, municipal and judicial authorities;

(b) private and government bailiffs;

(c) lawyers;

(d) notaries.

  1. in other cases provided for by law.

Art. 16. (1) B1 BOUTIQUE HOTEL SOFIA processes and stores information about the Data Subject until the achievement of the relevant purposes for which it was collected and processed.

(2) B1 BOUTIQUE HOTEL SOFIA, in accordance with its internal rules and procedures and applicable legislation, processes and stores information about the Data Subject in the following terms:

 

Data types Storage period

Register data on tourists staying within the meaning of Article 116 of the Tourism Act, which include identification data on persons staying and data relating to hotel accommodation

 In accordance with the procedure and term provided for in the Tourism Act and the by-laws

Information related to requested and used hotel accommodation services, events and restaurant services, incl. for canceled hotel accommodation reservations (to the extent related to reimbursement of prepaid amounts and/or withholding of amounts due) From the performance of the relevant reservation/ request up to 5 /five/ years from the provision of the service/completion of the performance of the contract/ cancellation of the reservation.

In cases where the services are requested and used on the basis of a contract with long-term performance, the term begins to run from the final performance and/or termination of the contract.

 

Financial and accounting documents; invoices; authorization forms; other information related to tax and insurance control.Up to 10 /ten/ years, counted from the beginning of the year following that in which payment of the obligation is due for the relevant year.

Unstructured communication, correspondence, complaints, signals and 5 years

In cases where the correspondence refers to a contract with long-term performance, the term begins to run from the final performance and/or termination of the contract.

Data related to the registration of a profile in the electronic store of the Website For the entire period of registration and up to 5 years after its termination.

Data related to reservations for restaurant services made by phone Up to 1 year

System logs. Security related logs, technical support, etc. (may contain information such as: date and time, IP address, URL, browser and device version information) 1 year

Log of actions on requests for registration of an account or for the purchase of goods with or without a registered account on the Website (information such as: action/content of the request, date and time, IP address, etc) is storedFor the entire period of maintaining the registration of an account on the Website and up to 5 /five/ years after its termination (if any)

Up to 5 /five/ years from the execution of the requested purchase (if it was made without a registered profile).

Video footage data 2 months

Data contained in feedback cards Information from feedback cards is entered in an anonymized form (only the feedback; feedback and recommendations received) without any information about the person from whom this feedback was given in the internal systems of GRAND HOTEL SOFIA, after which the cards are destroyed immediately.  

Up to 30 days from their filling.

Data processed on the basis of the express consent of the Data Subject From the moment of granting the consent until its withdrawal by the Data Subject.

 The personal data specified in this Policy may also be processed for a longer period than those specified above, if this is necessary to achieve the goals provided for in it or to protect the rights and/or legal interests (including by court order) of GRAND HOTEL SOFIA or if the current legislation provides for data processing for a longer period.

 

Rights of Data Subjects in relation to their personal data

Art. 17. (1) In connection with the processing of personal data related to him, each Data Subject has the following rights:

  1. Right to information – to receive information about the processing of his personal data by B1 BOUTIQUE HOTEL SOFIA;
  2. Right of access:

(a) to obtain confirmation as to whether personal data relating to him is being processed;

(b) to gain access to the processed personal data and to the detailed information about the processing and his rights.

  1. The right to rectification – to require the correction or completion of his personal data if the same is inaccurate or incomplete;
  2. The right to erasure – to require the erasure of his personal data if the grounds for this provided for in the Regulation are present;
  3. Right to limit the processing of personal data – to require B1 BOUTIQUE HOTEL SOFIA to limit the processing of his personal data within the framework provided for in the Regulation, if the grounds for this provided for in the same are present;
  4. Notification of third parties – right to require B1 BOUTIQUE HOTEL SOFIA to notify the third parties to whom his personal data has been disclosed of any correction, deletion or restriction of the processing of his personal data, unless this is impossible or requires disproportionately large efforts from B1 BOUTIQUE HOTEL SOFIA;
  5. Right to data portability – to receive the personal data concerning him and which he has provided to B1 BOUTIQUE HOTEL SOFIA, in a structured, widely used and machine-readable format, and to transfer this data to another administrator without hindrance from B1 BOUTIQUE HOTEL SOFIA.

The right to data portability applies when the following two conditions are met simultaneously:

(a) processing is based on consent or a contractual obligation; and

(b) processing is carried out in an automated manner.

If technically feasible, the Data Subject has the right to receive a direct transfer of personal data from B1 BOUTIQUE HOTEL SOFIA to another administrator. The right to data portability may be exercised in a way that does not adversely affect the rights and freedoms of others.  

  1. Rights in automated individual decision-making, including profiling – not to be subject to an automated decision based solely on automated processing (ie processing without human intervention), including profiling within the meaning of the Regulation, which gives rise to legal consequences for the Data Subject or similarly significantly affects him unless the grounds provided for in the Regulation are present and appropriate guarantees are provided to protect the rights and freedoms and legitimate interests of the Data Subject. Such guarantees are at least the right to human intervention by B1 BOUTIQUE HOTEL SOFIA, the right of the Data Subject to express his point of view and challenge the decision.

 

If such a decision, including profiling, is made against the Data Subject, for each specific case the Data Subject has the right and will receive from B1 BOUTIQUE HOTEL SOFIA separately essential information about the logic used, the meaning and intended consequences of this processing for him, as well as for the manner of exercising the rights under this point.

  1. Right to withdraw consent to processing – where the processing of personal data is based solely on consent given by the Data Subject, he may withdraw his consent at any time. Such withdrawal does not affect the lawfulness of processing based on the consent given until the moment of its withdrawal;

Right to object

Art. 18. The data subject has at any time and on grounds related to his specific situation, the right to object to the processing of personal data concerning him, including profiling within the meaning of the Regulation, which is based on public interest, exercise of official powers or the legitimate interests of B1 BOUTIQUE HOTEL SOFIA or a third party. In these cases, B1 BOUTIQUE HOTEL SOFIA terminates the processing of personal data, unless it proves that there are compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or defense of legal claims.

Art. 19. (1) The data subject may exercise his rights related to the protection of personal data by personally making a corresponding written request to B1 BOUTIQUE HOTEL SOFIA – submitted personally by the Subject at the address specified in Art. 23 of this Policy or through a notarized request sent by post.

(2) The request under paragraph 1 may also be exercised electronically, for which purpose the same must have been signed by the Data Subject with a qualified electronic signature within the meaning of the Electronic Document and Electronic Certification Services Act and Article 3, item 12 of Regulation (EU) № 910/2014 of the European Parliament and of the Council of 23 July 2014. regarding electronic identification and authentication services in electronic transactions on the internal market and for the repeal of Directive 1999/93/EC, and to send to B1 BOUTIQUE HOTEL SOFIA at the e-mail address specified in Art. 23 of this Policy.

(3) The data subject may exercise the rights related to his personal data, personally or through a person expressly authorized by him (with a notarized power of attorney).

(4) Part of the rights can also be exercised through the functionalities available on the Website.

 

Right to complain to a supervisory authority

Art. 20. Each Data Subject has the right to lodge a complaint with a personal data protection supervisory authority, in particular in the Member State (EU/EEA) of his habitual residence, place of work or place of alleged infringement, if he considers that the processing of his personal data violates the provisions of the Regulation or other applicable requirements for the protection of personal data.

Supervisory authority in the Republic of Bulgaria

Art. 21. Supervisory authority in the Republic of Bulgaria is:

Commission for the Protection of Personal Data

Address:. Sofia 1592, blvd. „Prof. Tsvetan Lazarov” № 2

Website: https://www.cpdp.bg/.

Restrictions on rights

Art. 22. The scope of the rights of the Data Subjects and the obligations of B1 BOUTIQUE HOTEL SOFIA in relation to these rights may be limited by a legislative measure of EU or Member State law that applies to B1 BOUTIQUE HOTEL SOFIA.

Clarifications and additional information

Art. 23. The data subject may receive clarifications regarding the content and grounds for data processing, the way of exercising the rights under this Policy, as well as any additional information in connection with his rights when processing personal data from B1 BOUTIQUE HOTEL SOFIA at:

Address: Sofia, str. Gurko 1

Email address: n.rusev@grandhotelsoifa.bg

Phone: +(3592) 811 0 880

This Privacy Policy is compiled by „B1 BOUTIQUE HOTEL SOFIA in its capacity as a personal data controller with a view to fulfilling its obligations to provide information to data subjects under Art. 13 and Art. 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

This Privacy Policy is effective from 03.03.2026