PRINCIPLES OF PROCESSING PERSONAL DATA
“SUNRISE HOLIDAYS” EAD, UIC: 131428046, with registered office and registered address: Sofia, 6 Sultan Tepe Str., 1st floor, in its capacity as a personal data controller, processes personal data in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation).
This policy aims to inform about the processing of personal data and the rights of individuals.
“SUNRISE HOLIDAYS” EAD processes personal data of individuals only in the following cases:
• processing is necessary for compliance with a legal obligation of “SUNRISE HOLIDAYS” EAD;
• the processing is necessary for the performance of a contract (including an order) with ”SUNRISE HOLIDAYS” EAD to which a natural person is a party, or to take steps at the request of a natural person prior to entering into a contract where his or her identification is required;
• the natural person has given his or her unambiguous consent for a clear and transparently defined purpose by ”SUNRISE HOLIDAYS” EAD for which the processing of his or her personal data is necessary;
• the processing is necessary to protect the vital interests of the natural person whose personal data are processed or of another natural person;
• the processing is necessary for the purposes of the legitimate interests of ”SUNRISE HOLIDAYS” EAD or of a third party, in accordance with the provisions of the Regulation;
• the other cases provided for in the Regulation.
”SUNRISE HOLIDAYS” EAD does not collect or process personal data of natural persons that go beyond its legal obligations or its business needs.
In all cases where it is necessary to use collected and processed personal data of individuals for purposes other than the original ones, SUNRISE HOLIDAYS EAD notifies the relevant individuals, requests their consent and proceeds to process their personal data for other purposes only after their explicit consent.
SUNRISE HOLIDAYS EAD collects and processes only the minimum necessary personal data of individuals that:
• are provided for by law;
• are necessary for the performance of a contract;
• are necessary for the fulfillment of the purposes for which they are collected.
SUNRISE HOLIDAYS EAD ensures that the processing of personal data of individuals is carried out with maximum accuracy and, if possible, always up-to-date.
SUNRISE HOLIDAYS EAD ensures that access to and processing of personal data of individuals is carried out by the minimum necessary number of persons (operators) who have the necessary competence for their processing and the necessary commitment to their protection.
STORAGE PERIODS
“SUNRISE HOLIDAYS” EAD stores personal data for the following periods:
• Data for the register of accommodated tourists within the meaning of Art. 116 of the Tourism Act, which include identification data of the accommodated persons and data related to hotel accommodation – In accordance with the procedure and period provided for in the Tourism Act and the by-laws
• Information related to requested and used hotel accommodation services, for events and for restaurant services, incl. for canceled hotel accommodation reservations (insofar as they are related to the refund of prepaid amounts and/or withholding of amounts due) – From the making of the relevant reservation/request up to 5 /five/ years from the provision of the service/completion of the contract/cancellation of the reservation. In cases where the services are requested and used on the basis of a contract with continuous performance, the period begins to run from the final performance and/or termination of the contract.
• Financial and accounting documents; invoices; authorization forms; other information related to tax and social security control – Up to 10 /ten/ years, starting from the beginning of the year following the one in which payment of the obligation for the relevant year is due.
• Unstructured communication, correspondence, complaints, signals, etc. similar – 5 years.
• Video data – up to 1 week
• Data processed based on the explicit consent of the Data Subject – From the moment of granting consent until its withdrawal by the Data Subject.
• Until a request from the individual for their deletion, when there is a basis for such a request
The personal data specified in this Policy may be processed for a longer period than those specified above, if this is necessary to achieve the purposes provided for therein or to protect the rights and/or legitimate interests (including in court) of “SUNRISE HOLIDAYS” EAD or if the current legislation provides for the processing of data for a longer period.
In all cases, SUNRISE HOLIDAYS EAD ensures that at least once a year a review of the collected and processed personal data is carried out and that any of them that fall into any of the above hypotheses are deleted without undue delay.
RULES FOR PROCESSING PERSONAL DATA
Personal data are processed with the necessary levels and measures for protection
“SUNRISE HOLIDAYS” EAD provides the necessary levels of physical, organizational and technological protection in view of:
• the nature, scope, context and purpose of the processed personal data;
• the probability, levels of impact and severity of the risk to the rights and freedoms of individuals in the event of a breach of the security of the processed personal data;
• its financial and organizational capabilities.
“SUNRISE HOLIDAYS” EAD also provides all necessary measures for the timely recovery of collected and processed personal data in the event of their loss as a result of accidental, malicious or force majeure events.
• Personal data are processed with controlled and traceable access
“SUNRISE HOLIDAYS” EAD provides the necessary and appropriate technical, organizational and technological measures for controlled and traceable access to the personal data of individuals.
• Personal data is processed with the necessary accountability to comply with the Regulation
“SUNRISE HOLIDAYS” EAD provides the necessary accountability and records to be able to prove that the provisions of the Regulation have been complied with.
DATA SUBJECTS
In connection with the services provided, “SUNRISE HOLIDAYS” EAD processes information about the following Data Subjects:
• individuals visiting the hotel website;
• individuals who make reservations on their own behalf or on behalf of another individual or legal entity through the Website;
• individuals using the services provided by “SUNRISE HOLIDAYS” EAD, including, but not limited to, hotel accommodation services, restaurant services and related services, provision of premises for organizing other events, as well as individuals representing or otherwise acting on behalf of legal entities that use these services;
• The services of ”SUNRISE HOLIDAYS” EAD can only be requested by legally capable persons who have reached the age of 18.
RIGHTS OF NATURAL PERSONS WHOSE DATA ARE PROCESSED
”SUNRISE HOLIDAYS” EAD ensures compliance with the rights of natural persons whose personal data are collected and processed, which includes:
• right to be informed about the processing of personal data;
• right to access personal data – what data is available;
• right to correct inaccurate personal data;
• right to delete personal data – the right to “be forgotten”;
• right to restrict the processing of personal data;
• right to be informed about actions as a result of a request for correction, deletion or restriction of the processing of personal data;
• right to data portability;
• right to object to the processing of personal data;
• right not to be subject to automated decision-making, including profiling.
PROCESSED PERSONAL DATA
Personal Data Processed in the Capacity of Administrator:
• of employees;
• of clients, individuals;
• of suppliers, individuals;
PURPOSES OF PROCESSING PERSONAL DATA
“SUNRISE HOLIDAYS” EAD as Administrator performs the following operations and processes only the necessary personal data for the following purposes:
• for concluding, executing and terminating employment contracts and calculating employee salaries and benefits;
• accepting, administering and processing reservations and canceling them;
• administering, executing and delivering purchases made through the Website;
• administering and receiving payments for the services provided, incl. remotely;
• for providing services to customers;
• ensuring an individual approach to providing services, consistent with the preferences stated by the users.
• for concluding and executing contracts with suppliers who are individuals;
• for direct marketing for sales purposes;
RECIPIENTS AND CATEGORIES OF RECIPIENTS
In connection with the implementation of the purposes specified above, SUNRISE HOLIDAYS EAD provides personal data of individuals to the following recipients:
• NRA in connection with the calculation of staff salaries;
• NSSI in connection with the calculation of staff benefits;
• Occupational Medicine Company in connection with the obligation to maintain an up-to-date health status of staff and conduct periodic medical examinations;
• General Labor Inspectorate, NSSI and Ministry of Interior – in connection with occupational accidents;
• Ministry of Interior – in connection with the transmission of information about hotel guests;
• Other state and municipal authorities and/or institutions – in connection with legal obligations to them or in connection with legal requests from them for information containing personal data;
• Subcontractors for the fulfillment of contractual obligations.
VIDEO SURVEILLANCE AND SECURITY
In accordance with the requirements of applicable legislation, SUNRISE HOLIDAYS EAD applies security measures that include the following technical and organizational means of access control and physical security against encroachments on buildings and facilities and to protect the life and health of citizens: a video surveillance system that provides 24-hour video surveillance and consists of recording and storage devices.
Video surveillance and video recording may be carried out in publicly accessible areas and premises in the buildings of SUNRISE HOLIDAYS EAD and in those for which a special access regime is provided. Video surveillance is not carried out in guest rooms, sanitary and hygienic premises, recreation rooms, etc. etc. Data from video surveillance activities are stored for a period of seven days.
Through information boards placed in a prominent place, Data Subjects and other visitors who may be photographed are informed about the use of technical means of surveillance and control and about any other relevant information in connection with the surveillance carried out.
PROCESSING OF PERSONAL DATA FOR MARKETING PURPOSES
We collect and process personal data for marketing purposes in order to provide personalized offers, news and promotions that may be of interest to you. This includes sending marketing messages via email, SMS, telephone calls or other communication channels.
Categories of personal data The personal data processed may include:
Name and surname
Email address
Telephone number
Legal basis for processing The processing of personal data for marketing purposes is based on your explicit consent. You have the right to withdraw your consent at any time by contacting us or using the unsubscribe option provided in each marketing message.
Data storage period Personal data will be stored until you withdraw your consent or until the expiry of the legally prescribed period.
Your rights You have the right to access, rectify, erase, restrict processing and object to the processing of your personal data, as well as the right to data portability. For more information, please contact us.
COMPANY CONTACT DETAILS
If you have any questions or concerns regarding the processing of your personal data or wish to exercise any of your rights, you can contact:
• e-mail: reservations@hotelsunrise-bg.com
• telephone: +359886286802
• correspondence address: Varna 9007, Golden Sands Resort, Sunrise Hotel
COMPETENT SUPERVISORY AUTHORITY
On the territory of the Republic of Bulgaria, the competent supervisory authority is the Personal Data Protection Commission.
In case of doubt that your rights related to the protection of your personal data have been violated, you can file a report to:
• Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
• E-mail: kzld@cpdp.bg
• Phone: 02 / 91-53-518
