Obligatory information on the rights of persons regarding personal data protection (Privacy Policy)

General information

As of 25 May 2018, a new General Data Protection Regulation has taken effect, adopted by the European Union. The Regulation aims to guarantee the protection of natural persons with regard to the processing of personal data, and unify the regulations on such processing within the EU Member-States.

In its capacity of Controller of personal data for the provision of tourist services AISIS LTD meets all requirements of the new Regulation by collecting data about the natural persons only to the extent required for providing of the service, and stores such data  responsibly and legally.

Information regarding the Controller of personal data

  1. Name: AISIS LTD
  2. Company ID number: 103285462
  3. Registered office and address of management: Makedonia Street 149, Varna
  4. Address of performance of the activity: Hotel AquaView, Varna
  5. Address for correspondence: Makedonia Street 149, Varna
  6. E-mail: todor.i.slavov@gmail.com

Information regarding the competent supervisory authority

  1. Name: Data Protection Commission
  2. Registered office and address of management: Sofia 1592, Prof. Tsvetan Lazarov blvd. No. 2
  3. Address for correspondence: Sofia 1592, Prof. Tsvetan Lazarov blvd. No. 2
  4. Telephone number: 02 915 3 518
  5. E-mail: kzld@government.bg, kzld@cpdp.bg
  6. Website: www.cpdp.bg

AISIS LTD realizes its activity in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Basis for collection, processing and storage of your personal data

Art. 1. (1) AISIS LTD collects and processes your personal data in relation to the provision of tourist services based on the following:

  • Observance of a statutory obligation as regulated under the Tourism Act of the Republic of Bulgaria.
  • Observance of the obligations of AISIS LTD under an agreement executed with you;
  • Your explicit consent given with your booking request through the website of AquaView Hotel, http://www.aquaviewhotel.com
  • For the purposes of the legitimate interest of AISIS LTD.

Purpose and principles in collection, processing and storage of your personal data

Art. 2. (1) AISIS LTD collects and processes the personal data provided by you in relation to using our tourist services and for signing of an agreement with the Company, as well as for online hotel booking enquiries through the website of AquaView Hotel, for the following purposes:

  • Registration of guests at AquaView Hotel, for the provision of tourist services
  • Observance of the statutory requirements under the Tourism Act and other relevant legislative acts relating to realization of management and control in tourism and co-operation of the state and the municipalities for the realization of tourism-related activities.
  • Identification of a contracting party;
  • Reporting purposes;
  • Protection of information security;
  • Securing the performance of the agreement executed for provision of the relevant service;

(2) AISIS LTD observes the following principles of the processing of your personal data:

  • Lawfulness, fairness and transparency;
  • Limitation of the purposes of the processing;
  • Relevance of the purposes of the processing, and minimization of the data to be collected;
  • Accuracy and current relevance of the data;
  • Restrictions to storage in view of achieving the purposes;
  • Integrity and confidentiality of the processing, and guaranteeing of appropriate security level of the personal data.

(3) With regard to the processing and storage of personal data, AISIS LTD may process and store the personal data for the purpose of protecting its legitimate interest, namely:

  • Performance of its obligations to the National Revenue Agency, the Ministry of the Interior and other state and municipal authorities.

What type of personal data does AISIS LTD collect, process and store?

Art. 3. (1) AISIS LTD performs the following operations with the personal data, for the following purposes:

  • Registration of the guests at AquaView Hotel – the purpose of this operation is creation of tourist profile related to the provision of specific tourist services.
  • Conclusion and performance of a business deal with a client or a partner – the purpose of this operation is conclusion and performance of a business deal with a trading partner or a client, and its administration;

(2) AISIS LTD processes the following categories of personal data and information,   for the following purposes and based on the following grounds:

  • Data: Your identification data, namely: names as they appear on your ID card or passport, Personal Id. Number/Id. Number of a foreigner, date of birth, sex, citizenship, ID card number or number of a valid identity document, country issuing the national document

○    Purpose for which the data is collected: 1) registration and servicing of guests at AquaView Hotel;

○    Basis for processing of your personal data – statutory obligation: Art. 116, Tourism Act

  • Additional data provided by you – In case you wish to make an enquiry for an online booking through the website of  AquaView Hotel, at http://www.aquaviewhotel.com, you need to complete an online form with your full name, e-mail address and your country.

○    Purpose for which the data is collected: Enquiry for booking at AquaView Hotel.

○    Basis for processing of your personal data: With your acceptance of the general terms and conditions of the website, you give your clearly expressed consent to have your data processed for the relevant purpose.

  • Other data to be processed by AISIS LTD – With your visiting our website, AISIS LTD collects data about the IP address used by you.

○    Purpose for which the data is collected: Improving the service security and localization of the interface, and statistical and marketing research.

○    Basis for processing of your personal data: the IP address is collected on the basis of realization of the legitimate interest of the Controller – Art. 6, par. 1, letter (е) GDPR (General Data Protection Regulation);

  • Your data, for issuance of an invoice to a natural person – In case you wish to be issued an invoice in your capacity of a natural person you need to provide your Personal Identification Number.

○    Purpose for which the data is collected: Issuance of invoice for payments made under an agreement for the provision of services.

○    Basis for processing of your personal data – with regard to execution of an agreement in writing between AISIS LTD and you, contractual relations are created based on which we process your personal data – Art. 6, par. 1, letter (б) GDPR.

(3) AISIS LTD does not collect and does not process personal data, which reveal:

  • racial or ethnic origin;
  • political opinions, religious or philosophical beliefs or trade-union membership;
  • genetic or biometric data, and data concerning health or sex life or sex orientation.

(4) The personal data is collected by AISIS LTD from the persons concerned (the data subjects).

(5) The Company does not apply automatic decision-making based on data.

Period for storage of your personal data

Art. 4. (1) AISIS LTD stores your personal data for a period of time not longer than the relevant one required under the applicable legislation. Upon expiration of this period, AISIS LTD takes the necessary measures in order to erase and destroy all your personal data, without undue delay.

(2) AISIS LTD notifies you in case the period for storage of the data needs to be extended in view of performance of the purposes, performance of the agreement, or in view of the legitimate interest of AISIS LTD, or others.

Transmission for processing of your personal data

Art. 5. (1) AISIS LTD may at its discretion transmit part or all of your personal data to data processing officers in view of performance of the purposes of the processing, by observance of the requirements provided under Regulation (ЕO) 2016/679.

(2) AISIS LTD will notify you in case it intends to transmit part or all of your personal data to any third countries or international organizations.

 

Your rights as regards collection, processing and storage of your personal data

Withdrawal of the consent for processing of your personal data

Art. 6. (1) In case you do not wish to have part or all of your personal data continue to be processed by AISIS LTD for a specific purpose or for all purposes of the processing, you may at any time withdraw your consent for the processing of your personal data by completing an online form or by submitting a request in narrative description.

(2) AISIS LTD may request you to verify that your identity is the same as the identity of the data subject.

Right of access

Art. 7. (1) You are entitled to request and receive confirmation from AISIS LTD as to whether your personal data are being processed.

(2) You have the right of access to the personal data relating to you, and to the information relating to its collection, processing and storage.

(3) Upon request, AISIS LTD will provide you with a copy of the personal data relating to you, either electronically or in another appropriate form.

(4) Provision of access to data is free of charge but AISIS LTD preserves the right to impose an administrative fee in the event or repeat or excessive requests made.

Right of rectification or completion

Art. 8. You may rectify or complete inaccurate or incomplete personal data relating to you, by a request submitted to AISIS LTD.

Right of erasure (“Right to be forgotten”)

Art. 9.(1) You may request from AISIS LTD the erasure of the personal data relating to you, and AISIS LTD is obliged to erase the data without undue delay in the availability of one of the grounds listed below:

  • the personal data is no longer needed for the purposes for which it had been collected or otherwise processed;
  • you withdraw your consent, based on which the data had been processed, and there are no other legal grounds for the processing;
  • you object to the processing of the personal data relating to you, inclusive for direct marketing purposes, and there are no legal grounds for the processing, which override the grounds for your objection;
  • the personal data has been processed illegally;
  • the personal data must be erased to ensure compliance with Community law or the law of an EU Member-State applicable to AISIS LTD;
  • the personal data has been collected in relation to the offering of information society services.

(2) AISIS LTD is not obliged to erase the personal data in case it stores and processes  such data:

  • in order to exercise the right of freedom to expression and right to information;
  • is necessary for compliance with a legal obligation which  requires processing compliance with Community law or the law of an EU Member-State applicable to the Controller or where processing is necessary for the performance of a task carried out in the public interest or in the exercise of an official authority conferred on it;
  • for reasons of public interest in the area of public health;
  • for reasons of archiving of public interest, for historical, statistical and scientific research purposes;
  • is necessary for the establishment, exercise or defense of legal claims.

(3) In order to exercise your right “to be forgotten” you need to submit a request in writing addressed to  AISIS LTD, and to verify that your identity is the same as the identity of the data subject by presenting your ID card on the spot for identification purposes.

(4) AISIS LTD does not erase data, about which it has the statutory obligation to store in order to be used for defense against claims brought or as proof of its rights.

Right to limitation

Art. 10. You have the right to request from AISIS LTD to limit the processing of the data relating to you, where:

  • you contest the accuracy of the personal data, for a period of time, which allows AISIS LTD to verify the accuracy of the personal data;
  • the processing is illegal, but you do not wish your personal data to be erased, and you only wish its use to be limited;
  • AISIS LTD no longer needs the personal data for the purposes of processing, but requests them for establishing, exercising or protection of its legal claims;
  • you have objected to the processing, pending verification whether the legal grounds of AISIS LTD override your interests.

Right to portability

Art. 11. (1) You may at any time withdraw the data that is being stored or processed about you in relation to using  the services of AISIS LTD, by an e-mailed request.

(2) You may request from AISIS LTD to transfer directly your personal data to another Controller specified by you, wherever technically feasible.

Right to receive information

Art. 12. You may request from AISIS LTD to inform you about all recipients to whom personal data about which you have requested amendment, erasure or limitation of the processing has been disclosed. AISIS LTD may refuse to provide such information in case this proves impossible or involves a disproportionate effort.

Right to object

Art. 13. You may object at any time to AISIS LTD processing of personal data relating to you, inclusive in case such data is being processed for the purposes of profiling or direct marketing.

Your rights in case of personal data breach

Art. 14. (1) Where AISIS LTD has established a breach to your personal data that may lead to high risk for your rights and freedoms AISIS LTD shall notify you of such breach without undue delay, and it shall also notify you of the measures taken or planned.

(2) AISIS LTD shall not notify you, where:

  • it has taken appropriate technical and organizational measures applied to the data concerned by the personal data breach;
  • it plans to take measures guaranteeing that the breach will not lead to high risk for your rights;
  • such notification involves a disproportionate effort.

Persons to whom your personal data are made available

 

Art. 15. The Controller does not carry out any transfer of your personal data to third countries.

Other provisions

Art. 16. In case of violation of your rights under the legislation cited above or the relevant legislation for personal data protection, you have the right to lodge a complaint with the Data Protection Commission, as follows:

  1. Name: Data Protection Commission
  2. Registered office and address of management: Sofia 1592, Prof. Tsvetan  Lazarov blvd. No. 2
  3. Address for correspondence: Sofia 1592, Prof. Tsvetan Lazarov blvd. No. 2
  4. Telephone number: 02 915 3 518
  5. E-mail: kzld@government.bg, kzld@cpdp.bg
  6. Website: www.cpdp.bg

Art. 17. You can exercise all your rights relating to your personal data protection by using the forms enclosed herein. Certainly, these forms are not mandatory and you can submit your requests in any form whatsoever, which contains a statement thereof, and identifies you as the data subject.

Art. 18. Where the consent refers to a transfer the Controller shall describe the possible risks associated with the transfer of data to third countries in the absence of an adequacy decision and appropriate safeguards.