General Terms of Use and Privacy Policy

Paradiso Dreams Hotel is registered as a personal data controller with the CPPD and is entitled to receive and process the personal data of its guests for the purpose of accommodation at the hotel. We are obliged to and will strictly comply with all requirements for the protection of your personal data.

How and why we use your personal data

We collect and process your personal data and other personal data in order to fulfill obligations assigned to us under a legal act such as the Tourism Act.

• SSN, name, sex, nationality, permanent address;
• emails, information about services, complaints, requests, grievances;
• video recordings that are made to improve security;
• information about payments made in cash, by bank or by debit/credit card.

Payment by debit or credit card is made via a licensed MyPos online service without the need to provide a CVV code.

• The security of card data entry and transmission is ensured by using SSL protocol to encrypt the connection between our server and the payment page of our servicing bank.
• В допълнение, за идентифицирането ви като картодържател, платежният сървър за електронна търговия на обслужващата ни банка поддържа схемите за автентикация на международните картови организации – Verified by VISA и MasterCard SecureCode, в случай, че сте регистрирани да ги използвате.”

Processing is carried out in order to:

• establishing the identity of the client upon check-in;
• preparing and sending a bill/invoice for the services you use with us.

To whom we provide your personal data:

We process your personal data in order to comply with legal obligations, such as:

• providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;
• provision of information to the Commission for Personal Data Protection in relation to obligations under the legal framework for personal data protection – Personal Data Protection Act, Regulation (EU) 2016/679 of 27 April 2016, etc.;
• obligations provided for in the Accounting Act and the Tax and Social Security Procedural Code and other related regulations in connection with the keeping of proper and lawful accounting;
• provision of information to the court and third parties in court proceedings, in accordance with the requirements of the applicable procedural and substantive legislation;
• payment verification for online registrations.

How we protect your personal data

To ensure adequate data protection for the company and its customers, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act and its implementing regulations.

When we delete your personal data

We discontinue the use of your personal data after your departure from the hotel, but we retain it until the expiry of the limitation period under various regulations such as the Accountancy Act for the storage and processing of accounting data (5 years), the expiry of the limitation periods for making claims set out in the Obligations and Contracts Act (5 years), obligations to provide information to the court, competent state authorities and other grounds provided for in applicable legislation (5 years). Please note that we will not delete or anonymise your personal data if it is necessary for pending judicial, administrative or complaint proceedings before us.

Your data may also be anonymised. Anonymisation is an alternative to data erasure. In the case of anonymization, all personally identifiable elements / elements allowing your identification are irreversibly deleted. There is no statutory obligation to delete anonymised data as it does not constitute personal data.

Your rights in relation to the processing of your personal data

You have the right to ask:

• information about whether data relating to you is being processed;
• information on automated processing of personal data.

The right to erasure /the right “to be forgotten”/:

At any time you have the right to request the erasure of personal data processed by us if:

• the personal data is not necessary for the purposes for which it was collected and processed;
• you withdraw your consent and there is no other legal basis for processing them;
• personal data have been unlawfully processed

Right to object:

At any time you have the right to:

• object to the processing of your personal data where there is a legal basis for doing so; where the objection is justified, the personal data of the individual concerned may no longer be processed;
• object to the processing of your personal data for direct marketing purposes.

Right to data portability*:

You may ask us to provide the personal data you have entrusted to our care in an organized, orderly, structured, commonly accepted electronic format if:

• process the data in accordance with the contract and based on the declaration of consent, which may be withdrawn, or on a contractual obligation; and
• the processing is carried out automatically

Right of appeal:

In the event that you believe that we are in breach of applicable law, please contact us to clarify the matter. Of course, you have the right to lodge a complaint with the Data Protection Commission. After 25 May 2018, you will also be able to lodge a complaint with a regulatory authority, within the EU.

Relevance and policy changes

In order to implement the most up-to-date protection measures and to comply with current legislation, we will regularly update this Privacy Policy. We invite you to regularly review the current version of this Privacy Policy, to keep informed about how we are protecting the personal data we collect.