DECLARATION – NOTICE OF CONFIDENTIAL PROCESSING OF PERSONAL DATA

When you use the services of Hotel “Laguna Medical SPA” – Sveti Vlas, provided by „Venid Home“ EOOD , hereinafter referred to as Venid, or „we“, you entrust us with your personal information.

This privacy notice is intended to help you understand what data we collect, why we collect it, and what we do with it. This is important, and we hope you will take the time to read the information carefully.

What is personal data?

According to the General Data Protection Regulation (“GDPR”), personal data is defined as:
“Any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.”

Other key terms:

„Controller“ means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

„Processor“ means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

„Recipient“ means a natural or legal person, public authority, agency, or another body to which personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as “recipients”; the processing of such data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

„Third party“ means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

„Consent of the data subject“ means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

Why does “Venid Home” EOOD collect and store personal data?

To provide you with one of our services—such as hotel accommodation, or online reservations and payments via bank transfer or credit/debit card; to register you as a hotel guest; to deliver the information you have requested; or to identify you prior to entering into a contract with you.

We guarantee that the information we collect and use is relevant to one of the above-mentioned purposes and is not intended to invade your privacy or personal space.

For the purposes of communication with advertising and marketing intent, “Venid Home” EOOD will request your explicit consent to receive such messages, which you may withdraw at any time.

What categories of personal data do we collect and process?

The categories of personal data we process include the following: full name, phone number, email address, personal identification number (EGN), ID document details – number and date of issue, bank account number, and IP address.

We receive your personal data, as our clients, either online or offline, based on your voluntarily given consent, on the basis of a contract concluded between us, or in accordance with legal regulations.

What types of cookies does the website of Hotel Laguna Medical SPA use?

We use our own cookies and third-party cookies to manage website content, create personalized ads, measure performance, and analyze traffic. Learn more in our Cookie Policy.

The personal data we collect will be used solely for one or more of the following purposes:

  • To provide the information you have requested;
  • Correspondence prior to entering into a contract;
  • Identification when preparing documents for contract conclusion;
  • Identification when preparing documents for concluding a contract for the provision of hotel services;
  • Marketing and/or advertising information;
  • Creating personalized ads, remarketing, and measuring performance — which you can always choose to opt out of receiving;

If we need to use your personal data for a new purpose not covered by this privacy notice, we will provide you with a new notice and, where required, request your prior consent for the new processing activity.

Legal basis for collecting and storing personal data:

The basis that gives us the right to process your data is one or more of the following:

– your consent;

– for the performance of a contract with you or our intention to enter into such a contract;

– when the processing is necessary for us to comply with a legal obligation;

– to protect your interests or the interests of another person, as well as to safeguard our legitimate interest.

Children’s personal data:

We do not collect personal data from children under the age of 16. If we become aware that we are processing personal information of a child under the age of 16, we will take steps to delete the information as soon as possible. If parents and/or legal guardians discover that children under their care have provided data to Venid Home EOOD, please contact us using the contact details provided in this notice. We will delete the information promptly.

Disclosure of your personal data to third parties:

The following organizations may receive your personal data from us, but only when necessary:

  • The banking institution we work with
  • The accounting firm that provides our services;
  • Our partner-operated offices;
  • Google, Facebook, and other advertising networks and platforms

When Venid Home EOOD shares information about you with third parties — subcontractors of Venid Home EOOD — we enter into agreements with these subcontractors and take measures to ensure that they provide a level of data protection in accordance with the agreed standards and the requirements of Regulation (EU) 2016/679 (“GDPR”) and applicable legislation. Your data is considered confidential by our partners as well.

It may be necessary—by law, in the course of legal proceedings, during a legal dispute, and/or at the request of public and governmental authorities within or outside your country of residence—for Venid Home EOOD to disclose your personal information. We may also disclose information about you if we determine that such disclosure is necessary or appropriate for purposes of national security, law enforcement, or other issues of public importance.

Transfer of personal data to a country outside the EU or to an international organization

We do not intend to transfer your personal data to third parties without first informing you and obtaining your consent.

Data retention period:

We process and store personal data for a period necessary to fulfill the purposes outlined in this Privacy Statement, unless a longer retention period is required by law. Depending on the type of data and the purposes for which it was collected, a specific retention period is defined, after which the information is deleted.

Your rights as a data subject are as follows:

At any time while we store or process your personal data, you, as the data subject, have the following rights:

  • You have the right to request a copy of your personal data from Venid Home EOOD and the right to access your personal data at any time.
  • You have the right to request that Venid Home EOOD correct your inaccurate personal data without undue delay, as well as update any data that is no longer current.
  • You have the right to request that Venid Home EOOD erase your personal data without undue delay where one of the following grounds applies:
    • the personal data are no longer necessary for the purposes for which they were collected;
    • when you have withdrawn your consent, in cases where the legal basis for processing and storing the personal data is consent;
    • when you have objected to the processing;
    • when the processing is unlawful;
    • when the personal data must be erased in order to comply with a legal obligation under EU law or the law of a Member State that applies to us as the data controller;
    • when the personal data have been collected in connection with the offering of information society services.
  • We have the right to refuse to erase your personal data for the following reasons:
    • for the exercise of the right to freedom of expression and the right to information;
    • to comply with a legal obligation on our part or for the performance of a task carried out in the public interest;
    • for reasons of public interest in the area of public health;
    • for archiving purposes in the public interest or for statistical purposes, insofar as erasure is likely to render impossible or seriously impair the achievement of the objectives of such processing;
    • or for the establishment, exercise, or defense of legal claims.
  • You have the right to request that Venid Home EOOD restrict the processing of your personal data, in which case the data will be stored but not processed. Any refusal to restrict processing will be made explicitly in writing and must be justified with a lawful reason.
  • You have the right to withdraw your consent to the processing of your personal data at any time by submitting a separate request to Venid Home EOOD, in cases where the legal basis for processing and storing your personal data is consent.
  • You have the right to object at any time to the processing of your personal data, where there are legitimate grounds for doing so.
  • You have the right to data portability in a structured, commonly used, and machine-readable format.
  • You have the right to lodge a complaint with the Commission for Personal Data Protection if you believe that your data protection rights have been violated.

Policy for the voluntary resolution of arising disputes:

Our policy is to voluntarily resolve any disputes that may arise in connection with the processing of your personal data, and we encourage you to first contact our Data Protection Officer before submitting a complaint directly to the supervisory authority.

How will we store and protect your personal data that we collect?

Venid Home EOOD will process (collect, store, and use) the information you provide in a manner consistent with the requirements of the General Data Protection Regulation (GDPR) and the Personal Data Protection Act in force in the country. We will strive to keep the information accurate and up to date.

We will not retain your information for longer than is reasonably necessary to fulfill the specific purposes for which it was collected and of which you have been informed herein.

Some data retention periods are determined by legal obligations to retain documents and information for certain minimum durations, such as those required by the Accounting Act or the Anti-Money Laundering Act. We will take all foreseeable technical and organizational measures to protect your data from unauthorized access, including encryption, anonymization, masking, and deletion once the retention period has expired.

Update

We have the right to periodically update this Statement, and you will be informed of any such updates. In the event of changes to this Statement, a notification will be published on our website, along with the updated Privacy Statement.