Bansko, "Gramadeto" district, “Donchovi Karauli” street, 3

Coordinates: 41.824113, 23.483346

Phone: 00359-74950494 Reception
Phone/fax 00359-74950495
Manager: 00359-895 123 133
Email :

PERSONAL DATA PROTECTION POLICY for Aparthotel "7 Pools SPA & Apartments"

"KAMCHIYSKI PLODOVE" Ltd., with UIC BG103964656, with headquarters and management address: 9000 Saborni Blvd., is the administrator of personal data to the CPC and processes the provided data and personal information according to the requirements of the Regulation (EC) No 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (CRD or Regulation) .
Privacy Policy for Aparthotel "7 Pools SPA & Apartments"
and for his official website
1. "Personal data" means any information relating to an identifiable natural person or a natural person ('data subject'); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more signs specific to the physical, physiological, genetic, mental, mental, economic, cultural or social identity of that individual.
2. "Processing" means any operation or set of operations performed with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing through transmission, distribution or other means by which data becomes available, arranged or combined, restricted, deleted or destroyed.
3. "Restriction of processing" means the marking of stored personal data in order to limit its processing in the future;
4. "Personal data record" means any structured set of personal data accessed in accordance with certain criteria, whether centralized, decentralized or distributed according to a functional or geographic basis;
5. "Recipient" means a natural or legal person, a public authority, an agency or other entity to which personal data is disclosed, whether or not a third party. The Regulation provides for an exception to the transfer of data to public authorities in the framework of a specific investigation where they are not considered as recipients of personal data.
6. "Data subject consent" means any free expression, specific, informed and unambiguous indication of the will of the data subject, by means of a statement or a clear confirmatory act expressing the consent of the data subject to be processed;
7. "Personal data breach" means a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed;
8. "Personal Data Administrator" is a natural or legal person, public body, agency or other entity which, by itself and / or together with others, defines the means and means of processing personal data.
The reference to concepts / definitions / here is not exhaustive, in the case of ambiguities, the definitions under Article 4 of the Regulation in relation to LPDP apply.
 1. Ordinary personal data - data relating to an individual who is identified or can be identified, directly or indirectly, by an identification number or by one or more specific features. Data may refer to facts (for example - name, e-mail address, location, or date of birth).
2. Special personal data - personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership of trade unions as well as the processing of genetic data, biometric data for the sole purpose of identifying an individual, health data or data about the sexual life or sexual orientation of the individual.
In principle, the Regulation prohibits the processing of special personal data except in the presence of explicit and exhaustive preconditions (Article 9 of the Regulation). For the purpose of the activity of the Company as a personal data controller, the processing of special data is only applicable to: explicit consent to the processing of special personal data for one or more specific purposes, except where EU or RB law provides that the said prohibition may be canceled by the data subject; processing is necessary for the purpose of performing the duties and exercising the special rights of the controller or the data subject under labor and social security and social protection law, to the extent permitted by the relevant legal act and the interests of the data subject ; processing is related to personal data that is manifestly made public by the data subject; processing is necessary for the purpose of establishing, exercising or protecting legal claims; processing is necessary for the purposes of preventive or occupational medicine, assessment of the employee's ability to work, medical diagnosis, provision of health or social care or treatment, or for the purposes of managing health and social care services or systems based on a statutory instrument or under a contract with a medical practitioner and subject to the following terms and conditions:
processing by or under the direction of a professional worker bound by the obligation of professional secrecy under Union law or the law of the Republic of Bulgaria established by the national competent authorities or by another person also bound by the obligation of secrecy under a statutory instrument.
In order to ensure the provision of services and the administration needs - we store, use and process personal data by complying with the applicable legal requirements.
Personal data according to their purpose:
1. For requesting and confirming reservations -
when booking via web site: name and surname of the person, e-mail address and / or telephone of the contact person;
when booking by phone - name and surname of the person the contact telephone number and / or e-mail address to confirm the reservation
This data is stored until the reservation is made. The data are then destroyed by a particular official and their subsequent processing is impossible.
2. For the purpose of accommodating guests, the Administrator (or his / her designated person) processes and stores the following data: Personal Identification Number (PIN), ID card or valid national identity document; foreigners - in Latin according to the national document), citizenship, date of birth, sex
The data collected for the purposes of registration shall be collected on the basis of Art. 116, para 2 of the Law on Tourism and are necessary for keeping a register for accommodated tourists. The data is stored for a period of 5 (five) calendar years. The data for the provision of MoI organs after processing in these organs is destroyed by flash memory / disk formatting.
3. For the purposes of the realization of corporate or personal events, the following data are processed: names of the organizer (with the legal person, the person responsible for the conduct), e-mail address and / or telephone. Storage period for this type of data - three calendar years after the event.
When processing personal data we comply with the following principles:
we comply with the relevant legislation of the Republic of Bulgaria and the EU;
the data we collect is minimally necessary for the purposes of processing for which we have obtained your consent;
process and store the received data for a period of time, according to the purposes for which it is required and subject to the express consent of our clients.
User consent for data processing - In order to use your data for marketing purposes, in order to improve the services we provide to you, we must obtain your explicit consent to this.
When sending a request / inquiry to our e-mail addresses or telephone numbers on prices, reservations, clarifications, events and / or other niche issues, you should keep in mind that you consent to the storage and processing of personal data provided by you for the purposes of the inquiry.
 We use electronic methods for processing personal data to ensure accurate and fast service delivery and user assistance.
The process of processing your personal data is processed in accordance with the applicable privacy laws and we respect your privacy.
We apply technical and organizational security measures to protect the personal data you have provided, from destruction, accidental loss, unauthorized access, alteration or dissemination, as well as other illegal forms of processing by unauthorized persons. The security measures we apply are subject to constant improvement and adaptation to state-of-the-art technologies.
The collected personal data can be provided to our partners who act as personal data processors on our behalf and who are committed to complying with all applicable privacy standards.
We have the right to disclose and provide the received personal data only by order of the court or administrative body or if this is related to the fulfillment of the legal obligation of Kamchiiski Plodove Ltd. - Ministry of Tourism, Municipality of Bansko, Internal Ministry authorities, NRA, NSSI and NSI.
Users have the right to ownership and access to the data that has been provided for processing. By written application at e-mail address: they can receive information about the personal data provided and the purpose of their processing requires the destruction of any personal information records without the possibility of further processing. Users can also request data corrections for detected errors or inconsistencies.
The written application can be made personally (or by a person authorized by notary attorney) at the specified contact address or electronically from the e-mail address that was provided for processing the data.
Contact Address: 7 POOLS SPA & Apartments, Bansko, 3 Donchov Karauli Str.
Users have the right to object to the processing of their personal data. The objection is directed to the address indicated, Kamchijski Fruits Ltd. will examine the objection within 30 calendar days of its receipt and will inform you about the outcome of the internal check.
Kamchia Fruit Ltd.'s privacy policy can be changed unilaterally with the goal of improving it, offering new services, changing the way it is served and communicating with customers, and in connection with legislative changes.
In making changes to our current privacy policy, we will bring to your attention the changes made through our website www., giving you a reasonable time to become acquainted with them after which they begin to apply to the processing of your personal information without further notice. If you declare that you reject the changes within that period, you will be deemed to have withdrawn your consent to processing your personal information.