• Check-in at the hotel requires the presenting of personal documents proving the guests’ identity.
• The data you provide is protected in accordance with the Personal Data Protection Act and the normative acts governing information protection, and it is processed solely in connection with the implementation of the requirements established by the Tourism Act.
• This information will be used exclusively in connection with the reservations made and will not be used for any other reason.
• Marina City Aparthotel has the right to collect and use information about its Users when they register or make a reservation.
• The information that can be used to identify a User of the www.marinacity.eu website may include first name, last name, address, telephone, e-mail address for correspondence, and any other information that the User provides during his reservation and any other information which is introduced or provided by the User when requesting, receiving, or using the services provided by Marina City Aparthotel, when participating in promotions, raffles, and contests, filling out survey cards, questionnaires, forms and others.
• Marina City Aparthotel guarantees the confidentiality of its Users’ personal data, declaring that they will not be used for purposes other than intended, namely:
  – establishing contact with the User when specifying details about the reservation and payment methods
  – invoicing
  – assistance with filling out a reservation form if you are unable to do it yourself
  – providing information about prices or services
  – providing services and assistance
  – announcing new services
  – providing personalized promotional offers, and so on.
• Marina City Aparthotel takes reasonable precautions and is responsible for protecting the information about the User obtained during the reservation process on the website www.marinacity.eu, except in circumstances of force majeure or an unexpected event.
• The necessary or voluntary nature of providing the data, as well as the consequences of refusing to do so, are specified in the reservation form completed by the User. By agreeing to these General Terms and Conditions, the User accepts that his/her information will be handled in accordance with them.
• The restrictions do not apply if the User or individuals under his/her control commit malicious acts within the meaning of these General Terms and Conditions or violate third-party rights or legitimate interests. In this event, according to current legislation, Marina City Aparthotel has the right to submit personal information about the User to the relevant competent state authorities.
• Marina City Aparthotel agrees not to disclose any personal information about the User or to reveal the gathered information to third parties – commercial companies, persons, and others – except in the cases where:
  – the User’s affirmative consent was received at the time of booking or later
  – the information is requested by state entities or officials who are permitted by current legislation to request and collect such information in accordance with legally established procedures.
  – in other cases specified by law.

PRIVACY POLICY
OF KEY PROPERTY MANAGEMENT EOOD

In connection with the provision of our services and the performance of our activities, we process as an administrator the personal data of our clients – natural persons, our employees, as well as the personal data of other natural persons specified below in accordance with the rules and principles specified in the current Privacy Policy.

What is personal data?
Personal data is any information relating to an identified natural person or information by which a natural person can be identified.

What is personal data processing?
Personal data processing refers to any operation performed on your personal data by automated or manual means, such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution, or otherwise, in which the data becomes accessible, arrangement or combination, limitation, erasure, or destruction.

Data Protection Officer
The Data Protection Officer is the single point of contact for all Data Subjects in relation to exercising their rights under this Policy and applicable data protection legislation. You can submit all requests and questions regarding exercising your rights to personal data protection to the email address: manager@marinacity.eu

Correspondence address: Balchik, 8 Primorska St., Marina City Aparthotel.

We, as data administrators, have the authority under the General Regulation (EU) 2016/679 to collect and process information regarding the following categories of natural persons (Data Subjects):
• Former, present, or potential clients who have used, are using, or would like to use any of our services;
• Former, present or potential employees;
• Other persons, other than those mentioned above, who come into contact with us or bring claims against us, either directly or indirectly.

What categories of personal data do we collect?
• Identification data;
• Contact data;
• Data collected during payments;
• Information regarding complaints and other correspondence with us;
• Information regarding the type and parameters of the services you use;
• Any additional data provided by you in connection with the services used;
• We do not collect or store information via our wireless Internet network about your Internet surfing history, nor do we collect or store information about the devices that have been connected to the network.

What is our Cookie Policy
When you visit our website, we use “cookies” to improve the quality of our services, for statistical purposes, for market research, and other such cases. This is only done with your explicit consent. “Cookies” allow the website to save activities and preferences for a set period of time, eliminating the necessity to enter them each time you visit the webpage or navigate from one page to another. Information related to cookies is not used to identify you.

Video surveillance
Within the limits permitted by law, we use video surveillance to ensure the security of our clients and employees, as well as to protect our property. Video surveillance is only used in public areas that are clearly marked with notice boards. Video surveillance is not used in the guest rooms, sanitary-hygienic rooms, or employee recreation rooms. We only provide video recordings to competent authorities having the legal right to request them. Video recordings are retained for up to two months. They can be stored and used for a longer period of time in the event of legal disputes, inspections by competent authorities, and so on, up until the ultimate completion of the relevant proceedings.

Direct marketing
With your explicit and willing consent, we may process personal data for direct marketing purposes such as: offering services; conducting surveys, questionnaires, and so on, in order to improve the quality of the services provided, in accordance with the scope of the specifically given consent. . You have the right to object to or withdraw your consent to the processing of personal data at any time. In such case, the processing of personal data is terminated.

Photo and video recording
We carry out photo and video recording for the purpose of marketing and advertising our activities, including but not limited to sites, printed publications, the internet, and social media, with your written consent. We use photo and video images for which there is no consent only after the data subjects have been anonymized.

Purposes of personal data processing
We collect, use, and process information for the purposes specified in this Policy, which may include, depending on the legal basis for the processing, the following:
• Purposes related to compliance with our legal obligations: activities linked to maintaining a registry of accommodated Clients; activities related to tourist tax payment; activities related to invoicing, accounting, and reporting of payments received and made; complaint and whistleblowing activities and other activities to fulfill our legal duties; Purposes related to and/or required for the fulfilment of contracts concluded with us: reservation activities by the Client; Client registration activities for accommodation, administration, and management of services; payment processing activities by the Client; registration and account maintenance activities on our website; and other actions relating to contract execution;
• Purposes of our legitimate interest: exercising and protecting our legal rights and interests; assisting clients and employees, individuals processing personal data on our behalf, and business partners in exercising and protecting their legal rights and interests; analysis and planning of our policies regarding client relations and enhancing service quality;
• Purposes for which the Data Subject has consented to the processing of his/her data: activities of sending marketing messages and advertisements; use of cookies when visiting our website; other activities for which the Client has given his/her express consent.

How long do we store the information?
We process and store information about the Data Subject for up to 5 (five) years after the service has been provided except in cases where extended retention of relevant information is required in compliance with the requirements of the current law or this Policy.

What are the consequences of refusing to provide personal data?
The refusal to provide data and documents, or the provision of incorrect ones, may result in our inability to provide the relevant services. We do not collect or process special categories of data as defined by Articles 9 and 10 of the Regulation (namely: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data, data on the state of health or data on the sexual life or sexual orientation of the natural person; and personal data related to convictions and offenses or related security measures).

Information processing by third parties – personal data processors
For the purposes specified in this Policy, we may outsource the processing of your personal data to third-party processors, in compliance with and within the context of the requirements of the Regulation and other applicable legislation for the protection of personal data. This will only occur to the extent and volume required for the completion of the responsibilities assigned to them by us. Personal data processors operate on our behalf and are obliged to use your personal data solely and strictly in accordance with our instructions, and will not be permitted to use or process the information for reasons other than those specified in this Policy.

Who else has access to your data?
We are obliged not to disclose your personal information or provide the gathered information to third parties, except in the cases where:
• this is required to meet our legal obligations to state and local authorities;
• this is expressly stated in the Policy;
• this is required in order to provide the service you request;
• the Data Subject has given his/her express consent;
• To protect our rights or legitimate interests, as well as those of third parties or the Data Subject;
• in other instances specified by law

What are your rights regarding personal data?
In connection with the processing of personal data, the Regulation grants you the following rights:
• Right to information – you have the right to be informed about how your personal data is being processed.
• Right of access:
– You have the right to be informed whether personal data about you is being processed;
– You have the right to access the processed personal data and the detailed information about the processing;
• Right to rectification – You have the right to request the correction or completion of your personal data if it is inaccurate or incomplete;
• Right to erasure – You have the right to request that your personal data be erased if you have grounds to do so.
• Right to restrict personal data processing – You have the right to request that the processing of your personal data be restricted within the scope of the Regulation if the grounds for doing so are present in the Regulation.
• Notice to third parties – You have the right to request that We notify third parties to whom Your personal data has been disclosed of any correction, deletion, or restriction of Your personal data processing.
• Right to data portability – You have the right to receive your personal data concerning you and that you have submitted to us in a structured, widely used, and machine-readable format, and to transfer this data to another controller without restriction from us. The right to data portability applies when both of the following conditions are met:
– the processing is based on consent or a contractual obligation; and
– the processing is carried out in an automated way.
• Rights related to automated individual decision-making, including profiling – You have the right not to be subjected to an automated decision based solely on automated processing (i.e. processing without human intervention), including profiling within the meaning of the Regulation, that has legal consequences for you, unless the Regulation provides grounds for this and appropriate safeguards are established to protect your rights, freedoms, and legitimate interests.
• Right to withdraw consent to processing – when the processing of personal data is solely based on your consent, you have the right to withdraw your consent at any time. Such withdrawal has no bearing on the legality of the processing based on the consent given up until the time of withdrawal;
• Right to object – You have the right to object at any time to the processing of personal data concerning you, including profiling within the meaning of the Regulation, that is based on public interest, the exercise of official powers, or the Administrator’s or a third party’s legitimate interests. In these cases, We stop processing personal data unless it can be proved that there are compelling legal grounds for processing that outweigh your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

How can you exercise your rights?
You can exercise your personal data protection rights by submitting an appropriate written request to the responsible officer for personal data protection – submitted either directly or by a notarized request delivered by post. The request can also be executed electronically, in which case it must be signed by you with a valid electronic signature and e-mailed to manager@marinacity.eu.

Right to lodge a complaint with a supervisory authority

If you believe that the processing of your personal data violates the provisions of the Regulation or other applicable requirements for the protection of personal data, you have the right to lodge a complaint with a supervisory authority for personal data protection.

Supervisory authority in the Republic of Bulgaria

Supervisory authority in the Republic of Bulgaria is:
The Commission for Personal Data Protection
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov blvd.
Webpage: https://www.cpdp.bg/.