Privacy Policy

PRIVACY POLICY OF HOTEL SPS OOD.

The purpose of this document is, in accordance with the information requirements under Articles 13 and 14 of the GDPR, to provide information about the personal data processing activities carried out by HOTEL SPS OOD., the purposes for which the data is processed, the measures and safeguards for the protection of the data being processed, the data subjects’ rights and how they can be exercised, in accordance with the requirements of Regulation (EU) 2016/679 of the EU of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “Regulation 2016/679” or “GDPR”) and other applicable acts of the European Union and the Republic of Bulgaria.

1. Information about the administrator and how to contact them.

HOTEL SPS OOD is the administrator of the personal data processed in connection with the Company’s commercial activities in line with the law, and its registered office and management address are: Plovdiv, 3 Osvobozhdenie Blvd. Correspondence with the Company should be addressed to Plovdiv, 3 Osvobozhdenie Blvd, and requests to the Company as data controller can be sent by post. Requests can also be addressed to [email protected] or by fax, with the relevant identification and contact information for feedback.

2. Purposes and grounds for processing personal data, categories of data processed.

HOTEL SPS OOD carries out its activities in accordance with national legislation, processing personal data in connection with the following main activities:
– Personnel administration;
– Financial and accounting reporting;
– Video surveillance.

The Company processes personal data on job applicants, employees/workers, natural persons who are parties to contracts, and representatives of legal entities who are parties to contracts/customers or suppliers for the purposes of personnel administration (human resources management) and financial and accounting reporting under Articles 6, paragraph 1, item “c” and 9, paragraph 2, item “b” of the Regulation. Individuals’ physical and social, family and economic identities, criminal records, and health status are among the kinds of data analysed.

HOTEL SPS OOD collects personal information from all employees/workers and visitors to the Company’s building/premises for video surveillance reasons. The categories of personal data collected relate to persons’ bodily identities as depicted in photos.

When the Company processes data with the consent of the data subject, personal data will only be handled if the individuals have freely, expressly, informed, and unambiguously indicated their consent to the processing.

Data processing is carried out for specific and precisely defined reasons, as required by law, and the data is treated legitimately and in good faith, and it may not be further processed in a manner that contradicts those aims.

3. Categories of data recipients outside HOTEL SPS OOD

The company does not reveal personal data to third parties or receivers unless there is a legal basis for doing so or the data is publicly available because it is included in a public register. Except in circumstances of public availability of data contained in a public register, recipients of data may, depending on the specific case, be:
– State authorities and bodies charged with public functions within their jurisdiction (National Revenue Agency, National Social Security Institute, Ministry of Interior, etc.);
– Banks, for the purposes of making payments of remuneration;
Courier companies and postal operators – for the purposes of correspondence with natural persons who are data subjects.

4. Data retention period.

As a data controller, HOTEL SPS OOD processes data for a minimal period of time in accordance with the processing purposes and the provisions of applicable legislation, in accordance with the storage restriction principle. Data relating to labour and social security connections must be retained for 50 years, while other data must be stored for 2 months to 10 years, depending on the kind of data and the legal duty for processing, including storage.

5. Rights of natural persons who are data subjects.

The steps implemented to secure personal data in line with the requirements of Regulation 2016/679 are aimed at ensuring the rights of data subjects whose personal data is processed, which include:
– Right of access;
– Right to correct inaccurate or incomplete data;
– Right to erasure (right to be forgotten) if the conditions of Article 17 of REGULATION 2016/679 apply;
– Right to restriction of processing;
– Right to data portability, if the conditions for portability under Article 20 of REGULATION 2016/679 are met;
– Right to object, if the conditions of Article 21 of REGULATION 2016/679 are met.
– Right of the data subject not to be subject to a decision based solely on automated processing, including profiling.

The aforesaid rights can be exercised by submitting a request to HOTEL SPS OOD (in writing or electronically). The request should be signed and sent to the Company’s address.

6. Right to lodge a complaint with the Personal Data Protection Commission.

If a data subject believes his or her rights under Regulation 2016/679 have been violated, he or she can file a complaint with the Personal Data Protection Commission.

Transfer of personal data to third countries or international organizations.

HOTEL SPS OOD does not transfer the processed personal data to third countries or international organizations.

7. Measures introduced by HOTEL SPS EOOD for the protection of personal data.

The Internal Rules of HOTEL SPS OOD on personal data protection measures, adopted by Order No. 32/06.12.2018, provide for the effective protection of personal data processed and allow data subjects to exercise their rights under REGULATION 2016/679.