Privacy policy GDPR


The management of HOTEL TRACIA ("HOTEL TRACIA", "the company", "we", "the administrator") is committed to ensuring compliance with EU and Republic of Bulgaria legislation regarding the processing of personal data and the protection of "rights and freedoms" of the persons whose personal data the company collects and processes.

Regulation (EU) 2016/679 and this policy apply to all processing functions of personal data, including those performed on personal data of customers, employees, suppliers and partners and any other personal data that we process from various sources. .

This policy applies in all cases to the processing of personal data. Any breach of the General Regulation will be considered a breach of labor discipline and, if a crime is suspected, the matter will be referred for consideration to the relevant public authorities as soon as possible.

Partners and third parties who work with or for HOTEL TRACIA, as well as who have or may have access to personal data, will be expected to familiarize themselves with, understand and comply with this policy. No third party may have access to personal information stored by the company without having previously concluded a data confidentiality agreement, which imposes on the third party obligations no less burdensome than those we have assumed and which gives us the right to carry out checks on compliance with the obligations undertaken by the agreement.

Obligations and roles under Regulation (EU) 2016/679

HOTEL TRAKIA is a personal data controller according to Regulation (EU) 2016/679.

The senior management and all members of the management or supervisory bodies of HOTEL TRACIA are responsible for developing and promoting good practices in the field of information processing.

Compliance with data protection laws is the responsibility of all HOTEL TRAKIA employees who process personal data.

Data protection principles

All processing of personal data is carried out in accordance with the principles of data protection. The Company's policies and procedures are intended to ensure compliance with these principles.

HOTEL TRACIA is committed to processing personal data lawfully, in good faith and in a transparent manner. The personal information we collect is only used for specific, explicit and legitimate purposes. We will in no way sell your personal information and in no way will we pass on or disclose it to any third party unless we are legally required to do so.

Objectives, legal bases and time limits for processing personal data

The Company processes your personal data for purposes related to administrative reporting, financial accounting activities, banking and insurance activities and accountability, ensuring the safety of holiday makers and protecting their legitimate interests.

The entire processing of your personal data is carried out solely in connection with legal obligations imposed on the company under Bulgarian law (Social Security Code, Labor Code, Law on the Ministry of Interior, Law on Tourism, Law on Foreigners in the Republic of Bulgaria and others).

The personal data of individuals processed in connection with employment, civil and / or contractual relationship with the company are stored for the terms determined in accordance with the Bulgarian legislation.

The personal data of individuals clients of the company are stored for eighteen months and then destroyed and / or deleted according to the rules adopted by the company.

Rights of data subjects

Data subjects have the following rights in relation to the processing of data and the data that is recorded for them:

- Make requests to confirm whether personal data relating to you is being processed and, if so, to access the data as well as who is the recipient of that data.

- Request a copy of your personal information from the administrator;

- Ask the administrator to correct personal data when it is inaccurate or when it is no longer up to date;

- Ask the controller to restrict the processing of personal data, in which case the data will only be stored but not processed, and in the absence of a legal ban on this;

- To object to the processing of personal data relating to you for direct marketing purposes.

- Complain to a supervisory authority if you believe that any of the provisions of the CPD have been violated;

- Don't be subject to automated decisions that affect you.

We provide conditions to ensure that you exercise these rights by you:

- Data subjects may request data access.

- Data subjects have the right to file complaints with the company concerning the processing of their personal data, the processing of a request by the data subject and a complaint by the data subject regarding the manner in which the complaints are processed.