Personal Data Protection

CONFIDENTIALITY AND PERSONAL DATA PROTECTION POLICY

of

“MPM HOTELS” LTD

 

We, MPM HOTELS Ltd., are aware of the importance of protecting the personal data of our clients and partners by striving to maintain good policies and practices that maximize the protection of your personal data processed during and / and / or additional tourist accommodation and catering services, as well as other services provided on-site in the hotels operated by us.

This Privacy Policy is based on the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing of Directive 95/46 / EC (“Regulation (EC) 2016/679”).

All amendments and additions to the Privacy Policy will be applied after publishing its current content, available through our website:

www.mpmhotels.bg

The Privacy Policy applies to your personal data if you are a natural person or a legal entity that uses or wishes to use the services provided in the hotel complexes managed by MPM HOTELS Ltd., including those offered online via a specialized platform on our website, including through social networks.

1.Who processes and is responsible for your personal data:

“MPM HOTELS” Ltd. (“us”) is a trade company registered in the Commercial Register at the Registry Agency under UIC 201502890 which collects, processes and stores your personal data under the terms of this Policy and the applicable legislation of the European Union and the Republic of Bulgaria .

“MPM HOTELS” Ltd. is a data controller within the meaning of Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and the Personal Data Protection Act.

For any questions relating to the processing of your personal information, you may contact us at our address: Sofia, Prof. Dr. Ivan Stranski, №3J, 3rd floor or the following contact details

https://mpmhotels.bg/bg/contacts/

e-mail: gdpr@mpmhotels.bg;

2. What data, for what purposes and on what basis we are processing:

2.1 Depending on the specific purposes and grounds, MPM HOTELS Ltd. processes the following data individually or in combination with each other, namely .

A) Data, provided by you, which are necessary for the identification and execution of reservations you have made and confirmed in any of our Hotels:

  • three names, telephone and / or e-mail address to contact you, or contact person you specify, date and time of arrival and departure, children and their age;
  • data collected on payment made to us – credit or debit card number, bank account, and other information collected and processed in connection with making the payment by bank transfer through direct debit or via the POS terminals of MPM HOTEL, Ltd;
  • data from your account to access our online booking platform – username, booking history, and payments
  • information about the services you use and the information you receive about your preferred destinations, hotels and services offered by us;
  • other information you provide to us about the services we use or about your preferences for our hotels.

B) Data provided by you and stored by MPM HOTELS Ltd. in the process of providing on-site accommodation services in any hotel which data are collected, processed and stored in accordance with the applicable statutory requirements for keeping a register of accommodated tourists by persons performing hotel business activity, namely:

  • names of the person; UCN / for Bulgarian citizens / or PNF / for foreign citizens with a residence permit in BG / or date of birth / in all other cases /;
  • sex;
  • nationality;
  • ID card / valid national identity document, country issuing the national document,

C) Other:

  • Digital video recordings. These are the data collected through the video surveillance systems used by MPM HOTELS in all public places in each of our hotels (lobby, reception, restaurant, lobby bar, fitness, corridors, staircases, entrances) for security purposes, monitoring, control and protection of public order,
  • IP address when visiting our website / online booking platform,
  • Claim-related data in relation to a tourist service we provide and used by you;
  • information about the type and content of your booking, and any other information related to it, including email, letters, requests, requests, complaints, complaints and other feedback we receive from you;

2.2. Objectives and legal bases for the processing of personal data:

A leading basis for the processing and storage of personal data is the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to the conclusion of such a contract. At the same time, the processing of certain personal data is necessary for compliance with the legal obligations of the company under the Tourism Act, the Civil Registration Act, the Accountancy Act and other applicable regulations, as well as the protection of the legitimate interests of the administrator or a third party:

A) We process and store personal data that is minimally necessary and legally required for the purpose of providing accommodation and catering services as well as all other services provided on site in our hotels as:

  • Customer identification for: making, modifying and terminating a reservation, as well as providing accommodation and boarding services, as well as any other services provided on-site in our hotels. Client identification is done on all trade and communication channels – at the reception desk at the hotels by providing an identity document, by phone, on our online platform via electronic contact form, by e-mail, etc .;
  • Updating your personal data or service information in our Hotels on your request for correction / modification of data / services;
  • Service and response to customer complaints / inquiries / complaints. Adjustments of amounts due on booked reservations already made on accommodation and meals if there is reason to do so;

B) In fulfillment of its legal obligations, MPM HOTELS Ltd. processes your data for the following purposes:

  • Provision of information to the Ministry of the Interior, the competent local authority of the hotel, the Consumer Protection Commission and the Personal Data Protection Commission in connection with the fulfillment of our obligations as a hotelier, arising from the existing regulations in this field;
  • processing your data in invoices issued on your behalf for other purposes that are compatible with the original purpose of collecting them
  • Performing tax-insurance control by the respective competent state bodies;
  • Providing information to the court and third parties in court proceedings in order to protect their legitimate interests, including the recovery of claims by clients through court proceedings;

C) MPM HOTELS Ltd. processes your data for the purposes of our legitimate interests as well:

  • for direct marketing purposes – making offers containing information about our current offers, promotions and discounts on accommodation in our hotels and / or changing the terms of the already used ones;
  • to include your name, photos, videos and other data in promotional brochures, web site, and other publications of “MPM HOTELS” LTD as a result of your participation in group activities and activities organized in our hotels (dancing, sports and other entertainment);
  • to protect, exercise or preserve the legal rights, privacy, safety or property of the controller, users of the services of the administrator and members of the public.

3. Categories of third persons that may access and process your personal data: In connection with the performance of our business activities and the performance of our contractual commitments with our clients, we provide your data to the following groups of „recipients“, namely:

  • to the data subject – whenever they exercise this right;
  • to the users / customers to which the data relate;
  • to business partners – for the purposes of implementing your reservations: travel agents and agents in Bulgaria and abroad, transport companies and airlines, suppliers of relevant basic and additional tourist services and other subcontractors with whom we have contracts;
  • to payment service providers for on-line payment via credit cards
  • to insurance companies when declaring an insurance event with a tourist staying in our hotels;
  • to IT companies supporting information systems, our company website, software and platforms for managing our customers’ reservations, etc .;
  • to the public authorities (MoI, municipality, NRA, the Commission for Consumer Protection, the Commission for Personal Data Protection, judicial and other control bodies);
  • to other data controllers to whom “MPM HOTELS” Ltd. provides your personal data on a legal basis and / or on the basis of a contract signed bilaterally.

It may be necessary – by law, in a litigation and / or on request by public and governmental bodies in or outside your country of residence, and for national security, law enforcement or other issues of public concern, we disclose your personal data when such disclosure is necessary or appropriate.

We may also disclose information to you if we find that such disclosure is warranted and necessary to the application of our Company Terms and Conditions or to protect our activities, legitimate interests and the rights and legitimate interests of other users. Additionally, in case of reorganization, merger or sale, it is possible to transfer any and all the collected database to the respective third party.

4. For how long your personal data is stored. Security:

The length of time that your personal data is stored depends on the processing purposes for which it was collected:

Your personal data processed for the purpose of providing and implementing accommodation and catering services in our Hotels is stored for up to 3 (three) years from the date of your departure from the hotel as well as for the final settlement of all financial relations between the parties, observing the statutory deadlines, where applicable;

Personal data processed for the purpose of issuing accounting / financial documents for tax and social security controls, as well as not only – invoices, debit notes, credit notes, are kept for at least 3 (three) years unless the applicable legislation provides for longer term.

Pictures (Videos) – within 30 days of recording creation.

The storage of personal data for longer periods is possible to protect the legitimate interests of MPM HOTELS Ltd. and the expiration of the respective limitation period in order to protect any claims of clients in connection with execution / termination of the provided tourist services under lodging and meals in our hotels as well as for a longer period in the event of a legal dispute that has already arisen – the documents are kept until the final decision has been reached with a court / arbitration decision in force.

As a Personal Data Controller, “MPM HOTELS” Ltd. shall take due care and take appropriate administrative and technical measures, as well as personnel / training, information, etc., required by the regulations to protect the information, including the protection of customers’ personal data from loss, theft and unauthorized use, disclosure, modification, and any other unlawful forms of processing. We have physical, electronic and procedural safeguards that comply with our legal obligations with respect to the protection of personal data and which we maintain in line with the state of the art.

We are responsible for the protection of the customer’s personal data that has become known to us in the performance of our activity as a hotelier and in the provision of our tourist services specified in the subject of the General Terms and Conditions of this Policy except in cases of force majeure accidentally event or malicious actions of third parties, as well as in cases where the client himself has made this information available to a third personа.

5. Video surveillance

The common areas of each of our hotels are subject to 24-hour video surveillance, which is carried out by means of fixed security cameras.

Video surveillance is performed to protect, exercise or preserve the legal rights, privacy, safety or ownership of the controller, its employees and / or contractors, and to ensure the safety, privacy and security of hotel guests and members of the public.

Video surveillance is organized and controlled by administrators specially trained for data protection.

The recordings are stored on video servers for a period of 30 days, except for registered violations of the rights of the administrator, tourists or third parties, in which case the record keeping may be extended according to the specific needs.

You have the right to request a review of records if you claim a violation of rights that apply to you or to a person you are supervising, and your request will be reviewed within the time limits provided in Section 6 of this policy.

The company may refuse to consider requests that are unreasonably duplicated, require disproportionate technical efforts, or jeopardize the confidentiality of other users.

6. What are your rights in relation to the processing of your personal data by MPM HOTELS Ltd and what actions should you take to exercise them:

  • right of access to the data relating to you – the customer is at any time entitled to ask us for confirmation of the processing of data relating to him / her, information for the purposes of such processing, the categories of data and the recipients or categories of recipients, to which data is disclosed;
  • the right to correct and update your personal data when it is inaccurate or incomplete for the purposes of its processing;
  • the right to deletion (the right to be forgotten) when its data are processed illegally or on a faulty basis (the original purpose for which they were collected and processed, the storage period has expired (including legal), withdrawn consent for processing, you have objected to their processing, etc.), there is no other reason to process them or national or European legislation requires this;
  • the right to limit processing – in the event of a legal dispute between MPM HOTELS Ltd and the individual until its resolution and / or for the establishment, exercise or protection of legal claims; when the processing is illegal, but the data subject does not want the personal data to be deleted but instead requires a limitation of their use; in your objection to the processing of your personal data for the duration of the verification of its merits;
  • the right to data portability – the data subject may request us to transfer his or her personal data in a machine-readable format to another person explicitly designated by the administrator without impeding;
  • the right to be notified of correction or deletion of personal data or limitation of processing – the client has the right to require us to notify third parties whose personal data have been disclosed of any deletion, correction or blocking of such data, except in the cases where this is impossible or is associated with excessive efforts for MPM HOTELS Ltd..
  • the right to be notified of a personal data breach – in cases where the data security breach is likely to pose a high risk to the rights and freedoms of individuals. We are not required to notify you if: we have taken appropriate technical and organizational safeguards with respect to the data affected by the security breach and if we have subsequently taken measures to ensure that the violation will not lead to a high risk for your rights and if the notification would require a disproportionate effort.
  • the right to object to the processing of your personal data – at any time and on grounds relating to the particular situation of the person, provided that there are no compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the person data, or trial.

When processing personal data for direct marketing purposes, the User is entitled at any time to object to the processing of personal data relating to him / her for this type of marketing, including profiling insofar as it relates to direct marketing. At the latest at the time of first contact with the consumer, it shall be expressly informed of the existence of the right of objection described above, which shall be provided by means of a notice in a clear and separate manner from any other information.

  • the right to a judicial and administrative remedy – the right to appeal to a supervisory authority, the right to effective judicial protection against a supervisory authority, the right to effective judicial protection against an administrator or a processor of personal data; right to compensation for damages suffered.

Procedure for exercising the rights: You may exercise all of your rights to protect your personal data through the forms enclosed with this Policy which you may download from here. Of course, these forms are not mandatory and you can make your claim in any form that contains a statement about it and identifies you as the data holder.

MPM HOTELS Ltd. shall examine and pronounce on the User’s request in accordance with the requirements of the applicable legislation as soon as possible and in any case up to 1 / one / month from the receipt of the application. If necessary, this period may be extended by a further 2 (two) months, given the complexity and number of applications. MPM HOTELS Ltd. shall inform the consumer of any such extension within one month of receipt of the application, indicating the reasons for the delay.

Data on the supervisory authority:

COMMISSION FOR PERSONAL DATA PROTECTION /CPDP/,

Sofia 1592, 2 „Prof. Tsvetan Lazarov” Blvd.,

phone.: 02/91-53-518, fax: 02/91-53-525,

e-mail: kzld@cpdp.bg

www.cpdp.bg

7. Can you refuse to provide personal data to MPM HOTELS Ltd and what are the consequences?

In order to fulfill the reservation you have made and in order to provide you with the accommodation services you have requested in our hotels, we need certain data that is legally determined by the legislation in force in the Republic of Bulgaria.

Failure to provide the items listed in 2.1. personal data prevents the “MPM HOTELS” Ltd. from accepting your reservation and accordingly providing you with the requested services on the spot in our hotels.

8. Cookie Policy

“MPM HOTELS” Ltd. uses the so-called “cookies” on its site www.mpmhotels.bg, which are important for its correct operation. By visiting our site, you accept the use of cookies.

Types of cookies we use:

  • Required Cookies – These cookies are required for the correct operation of the website. For example, with these cookies, we show you information on our site, photos, videos, etc., and help the search engine to function properly so you do not have to enter the same information on the different pages. These cookies are temporary and will be deleted when you close your browser.
  • Analytical cookies – Thanks to these cookies, we monitor the visit to our site and we can analyze how easy our users are doing with it (Google Analytics cookies). These cookies do not give us any information about your personal data. They show us which pages of our site have been reviewed, whether our site has been visited via a mobile or desktop device and other anonymous data.

You can make the cookie settings you get from our site in the browser you are using. Keep in mind that if you restrict certain types of cookies, our site may not work properly and you can not use its full functionality.

 9. CHANGES IN THE CONFIDENTIALITY POLICY

“MPM HOTELS Ltd. is entitled, when circumstances require, to unilaterally update, amend and supplement the privacy policy at any time in the future. Any addition or change to this Policy will be posted on the Company’s website

www.mpmhotels.bg and / or will be provided upon request to the customer.

This policy was last updated on 21.05.2018.

 

Downloads

MPM_Confidentiality and personal data protection policy

MPM_Provision of access to personal data

MPM_Correction of personal data

MPM_Withdraw consent

MPM_Portability of personal data

MPM_To be forgotten