GDPR Privacy Policy

Please read this document carefully. It contains the Policy for the protection of personal data of customers of “IV 73” OOD in Nassi Hotel (“Policy”) and aims to explain the practices related to the processing of personal data in the context of the services provided and the activities performed.
This Policy has been prepared in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95 /46/EO (Regulation).

Policy for the protection of the personal data of customers of “IV 73” OOD and Hotel Nassi

In connection with the provision of its services and the performance of its activities, “IV 73” OOD (“Nassi Hotel”) processes as an administrator the personal data of its customers – natural persons, as well as the personal data of other natural persons, specified below (“Data Subjects”/”You”), in accordance with the rules and principles provided for in this Policy.

Who we are

Our website address is: https://nassihotel.com

Data Subjects

(1) In connection with the services provided, Hotel Nassi processes information regarding the following Data Subjects:
(a) individuals visiting the https://nassihotel.com/ website (the Website);
(b) individuals who make reservations on their own behalf or on behalf of another individual or legal entity through the Website;
(c) individuals using the services provided by Hotel Nassi, including but not limited to hotel accommodation, catering and related services, provision of premises for organizing conferences and other events, etc. sub., as well as natural persons representing or otherwise acting on behalf of legal entities that use these services;
(d) individuals who, on their own behalf or on behalf of another person they represent, have sent inquiries (including but not limited to e-mail, by calling, etc.), requests, signals, complaints or other correspondence to Hotel Nassi ;
(e) individuals, information about which is contained in inquiries through forms on the Website, calls, requests, signals, complaints or other correspondence to Hotel Nassi.
(2) The services of the Nassi Hotel can only be requested by able-bodied persons who have reached the age of 18.

Categories of personal data

The information (categories of personal data) that Nassi Hotel processes regarding Data Subjects in accordance with this Personal Data Policy may include:
1. In connection with the provision of hotel accommodation services:
(a) Identification data: guest names; date of birth; gender; nationality; national identification number (such as EGN for Bulgarian citizens) and/or identity document number; date of issue of identity document; validity of identity documents; country that issued the identity document.
(b) Contact details: telephone; email address; address.
(c) Information related to hotel accommodation: room number; floor; dates of stay (arrival date and departure date); length of stay (number of overnight stays); use of a travel package; room type preference.
(e) Additional information related to hotel accommodation upon explicit request by the user of the services: special requirements and preferences, incl. for type of food and drink; special requirements related to food products, drinks and other substances with which there is an obstacle for the guest to come into contact/touch (regardless of the reason).
2. Data related to payments and invoicing: information on payment method (cash, bank transfer, credit card, etc.); information on payments due and made; currency of the payment made; name of legal entity; address of a legal entity; VAT number and/or other identification, tax or registration number (TIN for natural persons);
3. In connection with the provision of restaurant services:
(a) Identification data: names.
(b) Contact details: telephone; email address; address.
(c) Information related to preferences (when expressly requested by the user): food and beverage preferences; preferred payment method; special requirements related to food products, drinks and other substances with which there is an obstacle for the guest to come into contact/touch (regardless of the reason).
4. In cases where the Data Subject represents another person (e.g. a company): information about which person and in what capacity (including workplace, position), as well as information about the requested services/orders made in this capacity. Accordingly, in cases where the services are requested by a person other than the Data Subject for the benefit of the Data Subject – in what capacity the Data Subject will use the services, by whom they are requested, by whom the payment will be made, etc. under. (e.g. for accommodations organized by the Data Subject’s employer or business partner, etc.).
the cases when the Data Subject represents another person (e.g. a company): information about which person and in what capacity (including workplace, position), as well as information about the requested services/orders made in this capacity. Accordingly, in cases where the services are requested by a person other than the Data Subject for the benefit of the Data Subject – in what capacity the Data Subject will use the services, by whom they are requested, by whom the payment will be made and the like. (e.g. for accommodations organized by the Data Subject’s employer or business partner and the like).
5. In connection with the issuance of customer discount cards:
(a) Identification data: names.
(b) information about the discount that can be used with the relevant customer card.
6. In relation to the services and functionalities of the Website:
(a) Data processed in connection with making a reservation for hotel accommodation: names; email address; telephone; country; number of rooms; number of guests, including number of adults and number of children; corporate code/access code; event and/or group accommodation participant code; number of reservation; special offers and preferences of the guest (when explicitly stated in the reservation form).
(b) Information from account login logs, from server logs and from logs of security protection devices (Web Application Firewalls), etc. devices falling into this category: date and time, IP address, URL, browser and device information.
In connection with customer-submitted complaints, applications, requests, requests and signals (including in free text): unstructured information contained in the respective complaints, applications, requests, requests and signals.

Video Surveillance and Security

(1) In accordance with the requirements of the applicable legislation, Hotel Nassi implements security measures, which include the following technical and organizational means for access control and for ensuring physical security against encroachments on the buildings and objects and for protecting the life and health of citizens: physical security , security alarm systems and a video control system, performing 24-hour video surveillance and consisting of recording and storage devices.
(2) Video surveillance and video recording can be carried out in publicly accessible areas and premises in the buildings of Hotel Nassi and in those for which a special access regime is provided. There is no video surveillance in the guest rooms, sanitary and hygiene rooms, recreation rooms, etc. under. Data from video surveillance activities are stored in a server room with controlled access.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Direct Marketing

(1) In the presence of express consent on the part of the Data Subject Hotel Nassi, resp. other companies associated with or partners of Hotel Nassi may process the following personal data: names; telephone; address; email address; information about the type and volume of used and preferred services provided by Hotel Nassi and other data expressly mentioned in the relevant consent, for the purposes of direct marketing such as the offer of other goods and services, including the offer of goods and/or services offered by other persons , carrying out surveys, surveys with a view to improving the quality of the services provided, etc. under. according to the scope of the specifically given consent.
(2) When personal data are processed for the purposes of direct marketing, the Data Subject has the right to object to this processing of personal data at any time. In these cases, the processing of personal data for these purposes is terminated.
(3) The data subject has the right at any time to withdraw his consent to the processing of his personal data for the purposes of direct marketing. In these cases, the processing of personal data based on the given consent is terminated.

Purposes for the processing of personal data

Hotel Nassi collects, stores and processes the information described above for the purposes provided for in this Policy and in the general terms and conditions (agreement) for the use of the relevant services it provides. Depending on the legal basis for the processing, these purposes can be:
(a) purposes related to compliance with legal obligations of Hotel Nassi;
(b) purposes related to and/or necessary for the performance of the contracts concluded with Hotel Nassi or for taking steps at the request of the Data Subject prior to the conclusion of a contract;
(c) purposes of the legitimate interest of Hotel Nassi or of third parties;
(d) purposes for which the Data Subject has consented to the processing of his data.

Provision of P.D. and consequences of refusal to provide it

(1) Hotel Nassi clearly indicates, where applicable and in an appropriate manner, whether the indication/provision of relevant data and/or documents is mandatory or constitutes a requirement necessary for the conclusion or performance of a contract, as well as the consequences of refusal to provide.
(2) If additional clarifications are needed, any Data Subject may request them at the Nassi Hotel sites or send an inquiry to gdpr@nassihotel.com
(3) The refusal to provide data and documents specified as mandatory may constitute an insurmountable obstacle to the provision of service by Hotel Nassi, to the satisfaction and fulfillment of submitted requests, applications, requests, signals, etc. sub., which exempts Nassi from liability for non-performance.
(4) The refusal to provide data and documents or the provision of incorrect ones may lead to the impossibility of providing the relevant services or to the suspension of access to services provided by Hotel Nassi.
(5) Data subjects should not provide Nassi Hotel with any special categories of data within the meaning of Art. 9 and Art. 10 of the Regulation (namely: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data, health data or data on the sex life or sexual orientation of the natural person ; and personal data relating to convictions and offences).

Third parties that might collect your personal data

(1) For the purposes specified in this Policy, Nassi Hotel may outsource personal data processing activities to third parties – personal data processors, in accordance with and within the framework of the requirements of the Regulation and other applicable rules for the protection of personal data.
(2) When personal data is disclosed to and processed by personal data processors, this will be done only to the extent and in the volume that is necessary for the performance of the tasks assigned to them by Hotel Nassi.
(3) The processors of personal data act on behalf of Hotel Nassi and are obliged to process personal data only and only in strict compliance with the instructions of Hotel Nassi and will not have the right to use or process the information in any other way for other purposes except for the purposes set forth in this Policy.

Rights of the data subjects regarding your personal data

(1) In connection with the processing of the personal data related to him, each Data Subject has the following rights:
1. Right to information – to receive information about the processing of his personal data by Hotel Nassi;
2. Right of access:
(a) to obtain confirmation as to whether personal data relating to him are being processed;
(b) to obtain access to the processed personal data and to the detailed information about the processing and his rights.
3. The right to rectification – to request the correction or completion of his personal data, if the same are inaccurate or incomplete;
4. The right to erasure – to demand the erasure of his personal data, if the grounds for this provided for in the Regulation are present;
5. Right to limit the processing of personal data – to demand from Nassi Hotel to limit the processing of its personal data within the framework of the provisions of the Regulation, if the grounds for this provided for in the same are present;
6. Notification of third parties – right to require Hotel Nassi to notify the third parties to whom his personal data were disclosed of any correction, deletion or restriction of the processing of his personal data, unless this is impossible or requires disproportionately large efforts by Hotel Nassi;
7. Right to data portability – to receive the personal data concerning him and which he has provided to Hotel Nassi in a structured, widely used and machine-readable format, and to transfer this data to another administrator without hindrance from Hotel Nassi .
The right to data portability applies when the following two conditions are simultaneously met:
(a) the processing is based on consent or a contractual obligation; and
(b) the processing is carried out in an automated manner.
If it is technically feasible, the Data Subject has the right to obtain a direct transfer of personal data from Nassi Hotel to another controller. The right to data portability can be exercised in a way that does not adversely affect the rights and freedoms of others.
8. Right to withdraw consent for processing – when the processing of personal data is based solely on the consent given by the Data Subject, the same can withdraw his consent at any time. Such withdrawal does not affect the lawfulness of the processing based on the consent given until the time of its withdrawal;

Where we send your data

Our forms may be checked through an automated spam detection service.

Right of objection

The data subject has, at any time and on grounds related to his particular situation, the right to object to the processing of personal data concerning him, including profiling within the meaning of the Regulation, which is based on public interest, exercise of official powers or the legitimate interests of Hotel Nassi or a third party. In these cases, Hotel Nassi shall terminate the processing of personal data, unless it proves that there are compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or defense of legal claims.
(1) The data subject can exercise his rights related to the protection of personal data by personally making a corresponding written request to Nassi Hotel – submitted personally by the Subject to the address specified in this Policy or by a notarized request sent by mail.
(2) The request can also be exercised electronically, and for this purpose it must be signed by the Data Subject with a qualified electronic signature within the meaning of the Law on Electronic Documents and Electronic Authentication Services and Art. 3, item 12 of Regulation (EU) No. 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and authentication services in electronic transactions on the internal market and repealing Directive 1999/93/EC, and to be sent to Nassi Hotel at gdpr@nassihotel.com
(3) The data subject may exercise the rights related to his personal data, personally or through a person expressly authorized by him (with a notarized power of attorney).
(4) Part of the rights can be exercised through the functionalities available on the Website.

Right of complaint to a supervisory authority

Each Data Subject has the right to lodge a complaint with a supervisory authority for the protection of personal data, in particular in the Member State (of the EU/EEA) of their habitual residence, their place of work or the place of the alleged infringement, if they consider that the processing of his personal data violates the provisions of the Regulation or other applicable requirements for the protection of personal data.

Supervisory authority in the Republic of Bulgaria

The supervisory authority in the Republic of Bulgaria is:
Commission for the Protection of Personal Data
Address: Sofia 1592, Prof. Blvd. Tsvetan Lazarov” No. 2
Website: https://www.cpdp.bg/

This Policy for the protection of personal data has been drawn up by “IV 73” OOD in its capacity as a personal data administrator with a view to fulfilling its obligations to provide information to data subjects under Art. 13 and Art. 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC ( General Data Protection Regulation).

This Privacy Policy is effective from 01.03.2022. Last updated on 01.03. 2023.

For more questions please fill in the form below.

If you’d like to unsubscribe from our newsletter, or if you have any additional questions about how we store your personal data, please use the form below.