CONFIDENTIALITY AND PERSONAL DATA PROTECTION POLICY
of Danish Development EOOD
Information about us:
The No13 Boutique House is operated by Danish Development EOOD (hereinafter referred to as the "Controller" or the "Guest House") is a company entered in the Trade Register and the Register of the Non-profit Legal Entities, kept at the Registry Agency under UIC: 147029369, with headquarters and business address: town of Burgas, 64 Gladston, Phone.: +359 885 445 700 Email: firstname.lastname@example.org;
Our Data Protection Officer's Contact Details:
Phone +359 885 445 700
The controller collects and processes certain information on natural persons.
This information may refer to employees, managers, clients and guests, suppliers, contractors, business contacts and other natural persons whom the Controller has relations with or would like to establish any business contact.
This Personal Data Protection Policy settles how personal data should be collected, processed and kept to meet the standards of the Controller's organization and be in compliance with legal requirements.
This Personal Data Protection Policy is issued on the basis of the Personal Data Protection Act and its regulations of its usage as amended (“Bulgarian Legislation”) and General Data Protection Regulation (GDPR) (EU) 2016/679.
What is meant by "personal data" and "processing of personal data"?:
"Personal data" means any information which a natural person can be identified with, directly or indirectly, by one or more attributes typical of the person such as: name, identification number/Civil ID number, contact details: location / mailing address, phone number, email address, online identifier / IP address, video images, and etc. These attributes may be a part of the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity of the natural person.
"Processing of personal data" means sum of operations executed with personal data or set of personal data such as collecting, recording, arranging, structuring, keeping, adapting or modifying, extracting, advising, using, disclosing through submitting, distributing or other means by which data becomes available, fixing or combining, limiting, deleting or destroying;
Our attitude towards your personal data
The guest house attaches great importance to the personal data protection and collects and processes personal data in compliance with the requirements of national and European legislation only. The purpose of this Personal Data Protection Policy is to inform you in what way we are processing your data and what kind of personal data we are collecting about you; for what purpose, period and what your rights are.
Your data security is very important to us. That’s why we protect your data by applying all proper and adequate technical and organizational means regarding potential risks to the rights and freedoms of natural persons in order to prevent unauthorized access, unauthorized or malicious use, loss or untimely deletion of information.
What kind of information do we collect and why?
We may collect personal data about you when using our website or when selecting our services. In most cases we require your personal data for the purpose of signing a contract, complying with a legal obligation or protecting our legal interest. In certain cases we process data based on your consent.
Depending on the services used, we may collect and process the following information about you;
Name of person, Civil ID number (for guest house registration and invoice issuance, upon request), date of birth and sex;
Contact details - mailingaddress, phone number and email address (email);
Recordings on video cameras to ensure our and your security;
Our guiding principles:
We strictly observe some basic mandatory principles when processing your personal data:
Personal data is processed lawfully, in good faith and in a transparent way;
Personal data is collected for specific, explicit and legitimate purposes and is not further processed in a way incompatible with these purposes;
Personal data is relevant, related and limited to what is needed in relation to the purposes which they are being processed for;
Personal data is accurate and up-to-date, if needed;
Personal data is kept in form allowing the persons concerned to be identified for a period no longer than is needed for the purposes which the personal data is processed for;
Personal data is processed in a way providing with an adequate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss,
destruction or damage by applying proper technical or organizational measures.
What is the purpose of personal data processing?
We process personal data collected most frequently with the following objectives:
When signing and executing a contract – with regard to guest registration at the guest house, preparation of accounting documents such as a bill or an invoice for the services provided to you; for the purpose of notifications related to our services.
When performing a legal obligation - for the purpose of obligations provided by Tourism Act, Accountancy Act and Tax-Insurance Procedure Code and other related regulations with regard to the proper and legal accounting; in information obligations to all state commissions and regulating authorities, as well as court; when performing online booking (distance selling) and selling outside our guest house facility;
With your consent - for direct marketing of our products and services.
Based on our legitimate interest - making video surveillance in our retail outlets;
What are your rights:
When collecting and processing your personal data, you are entitled to:
Information on your personal data processed and access to your personal data collected;
Correction/completion if the data is inaccurate/incomplete - on your own initiative or on the initiative of the guest house;
Deletion of personal data, if there are legal grounds for doing so;
Restriction on the processing of your personal data by the guest house, provided there are legal grounds for doing so;
Portability of personal data between separate controllers- this entitles you to receive your data from the guest house and to transfer it to another controller in a format suitable for use;
Objection to the processing of your personal data, provided there are legal grounds for doing so;
Right to judicial or administrative defence if your rights have been violated;
You can protect your rights by emailing us at: email@example.com or by mail/courier at: town of Burgas, 64 Gladston;
We keep your personal data in accordance with the purpose which they were collected for and within the statutory deadlines.
When can we disclose your personal data:
We enforce a set of measures to protect your personal data from loss, theft and misuse, and from unauthorized access, disclosure, modification or destruction. The guest house uses third parties to support certain contract activities or upon performing a legal obligation. We do not provide third parties with your personal data before we are sure that all technical and organizational measures have been taken to protect this data by trying to execute strict control to reach this goal. Some of the recipients of personal data can be: courier companies, external consultants and experts, collection companies and law firms, banks, security companies, sales agents and representatives, and etc.
Your personal data may be disclosed in certain circumstances stipulated by law. For example, your personal data may be disclosed to third parties with your explicit consent or with the authorization of the Data Protection Commission. In certain cases providing of personal data is mandatory in order to comply with our legal requirements such as: Regulating authorities, including state commissions, institutions and agencies, NRA, NSSI, courts, prosecutor's office, and etc. where we must provide personal data in accordance with the valid legislation. If needed or appropriate we may provide your personal data for the national security purposes or for issues of public concern.
We use "cookies" to make your visit to our website more pleasant and to provide use of certain features on different pages. These are small text files which are saved on the end device by which you visit our website. Some cookies, "session cookies", are deleted when you close your browser. Other cookies remain on your end device and allow us or our affiliates to recognize your browser on a subsequent visit ("permanent cookies"). You can set your browser in such a way allowing you be aware of the cookies setting and decide to accept them individually or turn off the acceptance of cookies for particular cases or as a whole. You can find additional information in the help section of your Internet browser. Cookies disclaimer may restrict the functionality of our website. We distinguish system “cookies” and promotional “cookies”. System cookies are required for the proper functioning of our website. Cookies disclaimer will change your browsing experience on our website and certain services on our website will not be usable. Promotional cookies are saved by loading the website and help us analyze the aggregated data regarding our visitors, for example how they reach our website, how much time they spend on it, if this is their first visit, how they review the content of our wesite. We also may reach a conclusion regarding the success of our marketing campaigns.
We use Google Analytics, a web analytics service of Google LLC. The information generated by the “cookies” for your use on this website is usually sent to Google servers in the USA and kept there. Google shortens in advance your IP address within the Member States of the European Union or other countries - parties to the Agreement on the European Economic Community. On behalf of the operator of this website, Google uses this information to evaluate the use of the website, compile reports on the website activity and provide other services related to the website and Internet use to the website operator. IP address sent through your browser in the context of Google Analytics is not connected to other data available to Google. You can refuse the use of “cookies” by selecting the proper settings in your browser. You may also prevent the data collection by Google through “cookies” and their connection with the website use (including IP address), as well as their processing by Google by downloading and installing plug - in for your browser here:
The guest house take due measures to protect your personal data from accidental loss and unauthorized access, use, modification or disclosure. There are policies and procedures designed to protect information from loss, misuse and unauthorized disclosure. In addition, we take extra measures regarding information security, including access control, strict physical protection and reliable practices for collecting, keeping and processing information.
On the other hand, we apply technical measures such as encryption, pseudonymization and anonymization of personal data collected.
When do we delete your personal data?
We keep all the information we have collected about you and destroy it within the statutory time limits and if where there are no such ones, destruction is done within the time limits set by us (30 days in video surveillance) and after the final arrangement of all our financial issues. We do not keep your data for an indefinite period.
The guest house keeps the accounting and commercial information as well as all other information and documents relevant to the taxation and mandatory social security payments within the following time limits:
payrolls - 50 years;
accounting records and financial reports - 10 years;
tax and social security control documents - 5 years after the expiration of the limitation period for repayment of the public obligation which they are related to;
all other carriers - 5 years if any shorter time limit is not stipulated by the legislation;
When the storage period expires, carriers of information (paper or technical) which are not subject to submission to the National Archives Fund may be destroyed.
When the storage period expires, data is destroyed as soon as possible through the medium of destroying the hard carriers by shredding. Technical carrier is destroyed by erasing and deleting relevant files from the Company’s computers and systems.
Changes to this Personal Data Protection Policy
This Personal Data Protection Procedure can be amended over time. Such amendments will be valid immediately after their disclosure. Regular review of this page ensures that you will always be aware of what kind of information we are collecting, how and for what purposes the guest house uses it and under what circumstances (if any) we will share it with other parties.
This Personal Data Protection Policy was approved by the Managing Director on July 16, 2019 and last updated on July 16, 2019.