Radians EOOD, registered in the Commercial Register of the Registry Agency with UIC 123618900, is a personal data administrator (PDA) within the meaning of Regulation (EU) 2016/679 and other applicable acts of the EU and the Republic of Bulgaria.
For accommodation in the complex, personal documents showing the client’s identification are required.
The customer’s data is protected in accordance with the Personal Data Protection Act and the regulations governing information protection, and is processed only in connection with the implementation of the Tourism Act’s established requirements.
This information will only be used in connection with the reservations made and will not be shared for other purposes.
Briz Beach Apartments has the right to collect and use information about its customers when they make a registration or reservation.
The information through which a user of the website www.briz-beach.com can be identified may include name, surname, family name, address, telephone number, e-mail address for correspondence and any other information provided by the user when making a reservation, and any other that the user enters or provides when ordering, receiving or using the services delivered by Briz Beach Apartments, participating in promotions, giveaways and competitions, filling out questionnaires, surveys, forms and others.
Briz Beach Apartments protects the privacy of its customers’ personal data, stating that it will not be used for any other purpose than that for which it was collected, namely:
– establishing contact with the client to clarify details about the reservation and payment options
– assisting with the completion of a reservation if you are unable to do so yourself
– providing price or service information
– providing service and assistance
– providing notification about new services or products
– providing personalized promotional offers, etc.
Briz Beach Apartments takes reasonable precautions and is responsible for protecting the information about the user obtained during the reservation process on the website www.briz-beach.com, except in cases of force majeure or an accidental event.
The reservation form that the user fills out indicates whether the provision of data is mandatory or voluntary, as well as the consequences of refusing to provide it. By agreeing to the General Terms and Conditions, the user consents to the processing of personal data about him/her in the manner specified therein.
The restrictions do not apply if the user or persons under his control have committed malicious acts as defined in the General Terms and Conditions or violated the rights or legitimate interests of third parties. Briz Beach Apartments has the right, in this case, to provide personal information about the user to the relevant competent state authorities in accordance with the applicable law.
Briz Beach Apartments commits to not disclosing any personal data about the user and not providing the collected data to third parties – companies, individuals, and others – except in the following circumstances:
– it has obtained the user’s explicit consent at the time of reservation or later
– the data is requested by state bodies or officials who are authorized by the current legislation to request and collect such information in accordance with the legally established procedures.
– in other cases specified by the legislation
PERSONAL DATA PROTECTION POLICY OF RADIANS EOOD
In connection with the provision of our services and the performance of our activities, we process the personal data of our customers – individuals, our employees, and other individuals listed below – as an administrator and in accordance with the rules and principles outlined in this Personal Data Protection Policy.
What is personal data –
Personal data is any information about an identified individual or information through which an individual can be identified.
What is processing of personal data –
Processing of personal data refers to any operation performed on your personal data that is automated or manual, such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing, transmitting, distributing, or other means by which the data becomes available, stacking or combining, restricting, deleting, or destroying.
The Data Protection Officer –
The Data Protection Officer is the single point of contact for all Data Subjects regarding the exercise of their rights under this Policy and the applicable data protection legislation. You can address all your requests and questions regarding the exercise of your personal data protection rights to the designated data protection officer.
The contact details of the Administrator’s data protection officer are the following:
Name: S. Uzunov
E-mail address: email@example.com
Address for correspondence: Stara Zagora, 16 U Gladstone Str.
Phone: 042 628 802
As personal data administrator, we have the right to collect and process information about the following categories of individuals (Data subjects)
• Former, current, or potential customers who have used, are using, or want to use any of our services;
• Former, current, or potential employees;
• Persons other than those listed above who come into contact with us or claim anything, directly or indirectly, from us.
What types of personal data do we collect from you
• Identification data;
• Contact data;
• Data collected when making payments;
• Information about submitted complaints and other correspondence with us;
• Information related to the type and parameters of the services you use;
• Any other data provided by you in connection with the services used;
• We do not collect or store information about your Internet browsing history via our wireless Internet network, and we do not collect or store information about devices that have been connected to the network.
To the extent permitted by law, we conduct video surveillance to ensure the safety of our customers and employees, as well as to protect our property. Video surveillance is only used in public areas that are clearly marked with notice boards. Video surveillance is not used in guest rooms, sanitary and hygienic rooms, or employee recreation rooms. We only provide videos to competent authorities who have the legal right to request them. Videos are stored for up to two months. In cases of legal disputes, inspections by competent authorities, and other similar cases, they can be stored and used for longer than the specified period until the final completion of the relevant proceedings.
Direct marketing –
When we receive your explicit and voluntary consent, we may process personal data for direct marketing purposes such as: offering services; conducting consultations, surveys, etc., in order to improve the quality of services provided, according to the scope of the specific consent. You have the right to object to or withdraw your consent to the processing of personal data at any time. In such cases, the processing of personal data is terminated.
Purposes of personal data processing –
We collect, use, and process information for the purposes specified in this Policy, which may include, depending on the legal basis for processing, the following:
• Purposes relating to meeting our legal obligations: activities relating to maintaining a Customer accommodation register; activities relating to tourist tax payment; activities relating to invoicing, accounting, and reporting of received and made payments; complaints and signal processing activities; and other activities relating to the fulfillment of our legal obligations;
Purposes relating to and/or required for the execution of the contracts we have signed: activities relating to the reservations made by the Customer; activities relating to customer registration during accommodation; administration and management of services; customer payment processing activities; activities relating to creating and maintaining a user account on our website and other activities relating to the implementation of the contract;
• Purposes relating to our legitimate interest: exercising and protecting our legal rights and interests; assisting Customers and Employees, individuals processing personal data on our behalf and our business partners in exercising and protecting their legal rights and interests, analysis, and planning of our policy regarding customer relations and improving service quality
How long do we store the data –
We process and store information about the Data Subject for a period of up to 5 (five) years after the service is provided, unless longer retention of relevant information is required by the applicable law or this Policy.
What are the consequences of refusing to provide personal data?
Refusing to provide data and documents, or providing false ones, may result in our inability to provide the relevant services. We do not collect or process special categories of data as defined in Articles 9 and 10 of the Regulation (namely: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data, health data or data about the sexual life or sexual orientation of the individual; and personal data related to convictions and offenses or related security measures).
Processing of information by third parties – processors of personal data –
For the purposes set out in this Policy, we may delegate the processing of your personal data to third parties – processors of personal data, in accordance with the requirements of the Regulation and other applicable rules for personal data protection. This will only be done to the extent and in the manner required to carry out the tasks we delegate to them. The processors process personal data on our behalf and are required to process your personal data only in strict accordance with our instructions, and they will not be permitted to use or process the information for any purpose other than those specified in this Policy.
Who else can receive your data?
We are obligated not to disclose your personal data or provide the collected information to third parties, except in the following circumstances:
• this is required in order to fulfill our legal obligations to the competent state and municipal authorities;
• this is explicitly stated in the Policy;
• this is required in order to provide the desired service;
• the Data Subject has given explicit consent;
• To protect our rights or legitimate interests, as well as those of third parties or of the Data Subject;
• in other cases specified by law.
What are your rights regarding personal data-
In relation to the processing of personal data, the Regulation grants you the following rights:
• Right to information – you have the right to receive information about the processing of your personal data;
• Right of access:
– You have the right to receive confirmation whether or not your personal data is being processed;
– You have the right to access the personal data that has been processed as well as detailed information about the processing.
• The right to correct – You have the right to request the correction or completion of your personal data if it is inaccurate or incomplete;
• The right to delete – You have the right to request the deletion of your personal data if there are compelling reasons to do so;
• Right to restrict the processing of personal data – You have the right to request a restriction on the processing of your personal data within the scope of the Regulation, if there are compelling reasons to do so provided in the Regulation
• Notification of third parties – You have the right to request that we notify any third parties to whom your personal data has been disclosed of any corrections, deletions, or restrictions on the processing of your personal data.
• Right to Data Portability – You have the right to receive your personal data concerning you and provided to us by you in a structured, commonly used, and machine-readable format, as well as to transfer this data to another administrator without our intervention. The right to data portability applies when both of the following conditions are met simultaneously:
– the processing is based on consent or a contractual obligation;
– the processing is performed in an automated manner.
• Rights related to automated individual decision-making, including profiling – You have the right not to be subjected to an automated decision based solely on automated processing (i.e., processing without human intervention), including profiling within the meaning of the Regulation, which has legal consequences for you, unless the Regulation’s grounds are met and appropriate safeguards are in place to protect your rights and freedoms and legitimate interests.
• Right to withdraw the consent for processing – when the processing of personal data is solely based on your consent, you have the right to withdraw your consent at any time. Such withdrawal shall have no effect on the legality of the processing carried out on the basis of the consent given until its withdrawal.
• Right to object – You have the right to object at any time to the processing of personal data about you, including profiling under the Regulation that is justified by the public interest, the exercise of official authority, or the legitimate interests of the Administrator or a third party. In such cases, we cease processing personal data unless it can be proved that there are compelling legal grounds for the processing that outweigh your interests, rights, and freedoms, or for the establishment, exercise, or protection of legal claims.
How can you exercise your rights-
You can exercise your personal data protection rights by sending a written request to the personal data protection officer, either personally or through a notarized mail request. The request can also be made electronically, in which case it must be signed by you with a qualified electronic signature and e-mailed to the Personal Data Protection Officer at firstname.lastname@example.org.
Right to lodge a complaint with a supervisory authority
Everyone has the right to lodge a complaint with a data protection supervisory authory if they believe that the processing of their personal data violates the provisions of the Regulation or other applicable data protection requirements.
The supervisory authority in the Republic of Bulgaria is:
Commission for Personal Data Protection
Address: 1592 Sofia, 2, Prof. Tsvetan Lazarov Blvd.