Please read this document carefully. It contains the Policy for the Protection of Personal Data of Clients of ZEFIR MANAGEMENT LTD (the “Policy(s)”) and aims to explain the practices related to the processing of personal data in the context of the services provided and the activities performed.

This Policy has been prepared in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the Regulation).
Policy for the protection of personal data of clients of "ZEFIR MANAGEMENT" Ltd.

 

GENERAL PROVISIONS

In connection with the provision of its services and the performance of its activities, "ZEFIR MANAGEMENT" Ltd. ("ZEFIR HOTEL") processes as an administrator the personal data of its clients - individuals, as well as the personal data of other individuals specified below ("Data Subjects"/ "You"), in accordance with the rules and principles set forth in this Policy.
"ZEFIR MANAGEMENT" Ltd. is a company with UIC 205180127, with its registered office and management address in the town of Sveti Vlas, 6 "G.S. Rakovski" Str., tel.: +359886497722, e-mail address: bookings@hotelzefir.com

 

DATA SUBJECTS

(1) In connection with the services provided, HOTEL ZEFIR processes information regarding the following Data Subjects:

(a) individuals visiting the website https://www.hotelzefir.com (the Website);

(b) individuals who make reservations on their own behalf or on behalf of another individual or legal entity through the Website;

(c) individuals using the services provided by HOTEL ZEFIR, including, but not limited to, hotel accommodation services, restaurant services and related services, provision of premises for organizing events, etc., as well as individuals representing or otherwise acting on behalf of legal entities that use these services;

(d) individuals who have sent, on their own behalf or on behalf of another person they represent, inquiries (including, but not limited to, by e-mail, by fax, by call, using the functionality of the Website, etc.), requests, signals, complaints or other correspondence to HOTEL ZEFIR;

(e) individuals whose information is contained in inquiries (including by calling or using the functionality of the Website), requests, signals, complaints or other correspondence to HOTEL ZEFIR.

(2) The services of HOTEL ZEFIR can only be requested by legally capable persons who have reached the age of 18.

 

CATEGORIES OF PERSONAL DATA AND PURPOSES OF PROCESSING

1. For the needs of the hotel reservation, the following personal data is collected:
Name, surname, telephone number and email address. The purpose is to identify the person who made the reservation upon arrival at the hotel.

2. In relation to the services and functionalities of the Website:

Data processed in connection with making a hotel accommodation reservation: names; email address; telephone number; country; number, validity and holder of a credit/debit card; CVC code; number of rooms; number of guests, including number of adults and number of children; reservation number; special offers and preferences of the guest (if explicitly indicated in the reservation form.

Information from account login logs, server logs, and logs from security devices (Web Application Firewalls) and other devices falling into this category: date and time, IP address, URL, browser and device information.

Use of Cookies: The use of cookies is necessary for the functioning of the Website.

Cookies are files containing an identifier (a string of letters and numbers) that is sent from a web server to a web browser and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies do not typically contain any personally identifiable information about the user, but the personal information we store about you may be linked to the information collected and stored by the cookies.

The types of cookies we use on our website are:
- cookies used for session logging into the site. They do not apply to site visitors, but only to the administrative team;
- cookies to protect web forms (reservation form, contact form).

Cookies help HOTEL ZEFIR to understand the preferences and interests of its customers, based on their previous and/or current activity on the site. The information obtained as a result of the use of cookies helps to improve the service and offers that HOTEL ZEFIR provides to its customers during their future visits to the site and use of the services. The information used in this way also helps in selecting appropriate offers and offers (including for advertising or direct marketing purposes) to its customers.

Most browsers allow you to accept or reject cookies. Declining cookies may limit the functionality of websites.

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are:
•    Browser type and browser version
•    operating system used
•    Referrer URL
•    The hostname of the access computer
•    Server request time
•    IP address

3. For the purposes of registering guests at a hotel, the following personal data is collected:
From foreigners who are not citizens of a Member State of the European Union (EU) or a state party to the Agreement on the European Economic Area, or of the Swiss Confederation, on the basis of Art. 116, para. 2 of the Tourism Act and Order No. T-RD-04-10/11.06.2019 of the Minister of Tourism, the following personal data are collected: the person's full name, personal identification code (if any), date of birth, gender, citizenship, number and series of the identity document, country of issue, country of issue.
The following personal data is collected from Bulgarian citizens, citizens of a Member State of the European Union (EU) or of a state party to the Agreement on the European Economic Area, or of the Swiss Confederation on the basis of Art. 116, para. 2 of the Tourism Act and Order No. T-RD-04-10/11.06.2019 of the Minister of Tourism: the person's full name, personal identification number/personal identification number (if any), date of birth, gender, citizenship, identity document number, country that issued the identity document.
Data collected during guest registration at a hotel is kept for two years, after which it is destroyed or deleted.

4. The following personal data is collected from the company's counterparties, natural persons: Names of the counterparty, natural person, personal identification number, address, contact telephone number. Collected for the needs of social security and tax purposes. Legal basis Art. 7, para. 6 CSR and Art. 73 Personal Income Tax Act. The following personal data is collected from the legal representatives and authorized representatives of legal entities: names, personal identification number and address (in cases provided for by law) and contact telephone number.

 

COLLECTION OF PERSONAL DATA THROUGH VIDEO SURVEILLANCE AND VIDEO RECORDING

It is carried out in the common areas of the hotels and in the area around them, in the common areas of the central office, for which the relevant information signs are placed. Grounds: Art. 5, para. 2, item 4 of Regulation No. 8121z-1225 of September 27, 2017 on the types of facilities under Art. 23, para. 1 of the Law on Countering Terrorism, whose owners and users develop and implement measures to counter terrorism, the minimum requirements for these measures and the procedure for exercising control, issued by the Minister of Interior and the Chairman of SANS. Upon request, they are provided to the bodies of the Ministry of Interior and SANS in accordance with the relevant procedure. The ground for carrying out video surveillance in the common areas of the hotels and the area around them is also the Regulation on the requirements for accommodation and catering and entertainment establishments and on the procedure for determining the category, refusal, downgrading, suspension of the action and termination of the category.
According to the requirements for service in hotels of all categories, the hotelier has an obligation to ensure the safety and security of tourists through hired or own security and technical means. Video surveillance is one of these technical means. They are provided to the bodies of the Ministry of Internal Affairs upon request in accordance with the relevant procedure. The recordings of the video surveillance carried out are kept for 2 months after their preparation (Art. 56, para. 4 of the Private Security Act).

 

DIRECT MARKETING

(1) With the explicit consent of the Data Subject, HOTEL ZEFIR, or other companies affiliated with or partners of HOTEL ZEFIR, may process the following personal data: names; telephone number; address; e-mail address; information about the type and volume of the used and preferred services provided by HOTEL ZEFIR and other data explicitly mentioned in the relevant consent, for the purposes of direct marketing such as offering other goods and services, including offering goods and/or services offered by other persons, conducting surveys, polls with a view to improving the quality of the services provided, etc., in accordance with the scope of the specifically given consent.

(2) Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to such processing of personal data. In such cases, the processing of personal data for such purposes shall cease.

(3) The data subject has the right to withdraw consent to the processing of his or her personal data for direct marketing purposes at any time. In such cases, the processing of personal data based on the consent shall cease.

 

PROVISION OF PERSONAL DATA AND CONSEQUENCES OF REFUSAL TO PROVIDE THEM

(1) HOTEL ZEFIR clearly indicates, where applicable and in an appropriate manner, whether the indication/provision of the relevant data and/or documents is mandatory or constitutes a requirement necessary for the conclusion or performance of a contract, as well as the consequences of refusal to provide it.

(2) Refusal to provide data and documents specified as mandatory may constitute an insurmountable obstacle to the provision of service by HOTEL ZEFIR, to the satisfaction and fulfillment of the submitted requests, applications, requests, signals, etc., which releases HOTEL ZEFIR from liability for non-performance.

(3) Refusal to provide data and documents or the provision of false data may lead to the inability to provide the relevant services or to suspension of access to services.

 

SHARING PERSONAL DATA

HOTEL ZEFIR does not disclose personal data about the Data Subject to third parties, except in cases where:

1. this is necessary to fulfill a legal obligation of HOTEL ZEFIR:

(a) competent state, municipal or judicial authorities;

(b) auditors;

2. this is explicitly provided for in the Policy and/or in the general terms and conditions (contract) for the use of the relevant services that HOTEL ZEFIR provides:

(a) processing personal data on behalf of HOTEL ZEFIR;

(b) debt collection companies.

3. this is necessary for the provision of the services of HOTEL ZEFIR:

(a) banks and payment service providers;

(b) postal and courier service providers;

(c) commercial partners of HOTEL ZEFIR such as: reservation sites; travel agencies and other providers of tourist or other auxiliary services such as rental cars, taxi and other transport services and the like

4. The data subject has given his/her explicit consent - the persons provided for in the relevant consent (e.g. related to HOTEL ZEFIR, business partners of HOTEL ZEFIR and the like);

5. this is necessary to protect the rights or legitimate interests of HOTEL ZEFIR, third parties or the Data Subject:

(a) state, municipal and judicial authorities;

(b) private and public bailiffs;

(c) lawyers;

(d) notaries.

6. in other cases provided for by law.

 

PERIODS FOR STORAGE OF PERSONAL DATA

HOTEL ZEFIR processes and stores information about the Data Subject until the relevant purposes for which it was collected and processed are achieved.

HOTEL ZEFIR, in accordance with its internal rules and procedures and applicable legislation, processes and stores information about the Data Subject within the following timeframes:

Data type Shelf life
Data for the register of accommodated tourists within the meaning of Article 116 of the Tourism Act, which includes identification data of accommodated persons and data related to hotel accommodation In accordance with the procedure and deadline provided for in the Tourism Act and the by-laws
Information related to requested and used hotel accommodation, event and restaurant services, including cancelled hotel accommodation reservations (to the extent they are related to refunds of prepaid amounts and/or withholding of amounts due) From the date of the relevant reservation/request up to 5 /five/ years from the provision of the service/completion of the contract/cancellation of the reservation. 
In cases where the services are requested and used on the basis of a contract with continuous performance, the period begins to run from the final performance and/or termination of the contract.
Financial and accounting documents; invoices; authorization forms; other information related to tax and social security control. Up to 10 /ten/ years, starting from the beginning of the year following the one in which payment of the obligation for the relevant year is due.
Unstructured communication, correspondence, complaints, signals and 5 years 
In cases where the correspondence relates to a contract with continuous performance, the period begins to run from the final performance and/or termination of the contract.
Data related to the registration of an account in the Website's e-store For the entire period of registration and up to 5 years after its termination.
Data related to reservations for restaurant services made by telephone Up to 1 year
System logs. Logs related to security, technical support, etc. (may contain information such as: date and time, IP address, URL, browser version and device information) 1 year
Log of actions on requests for account registration or for purchasing goods with or without a registered account on the Website (information is stored such as: action/content of the request, date and time, IP address, etc.) For the entire period of maintaining a registered account on the Website and up to 5 /five/ years after its termination (if any) 
Up to 5 /five/ years from the execution of the requested purchase (if made without a registered account).
Video data 2 months
Data contained in feedback cards The information from the feedback cards is entered in an anonymized form (only the feedback; the reviews and recommendations received) without any information about the person who gave this feedback into the internal systems of HOTEL ZEFIR, after which the cards are destroyed immediately. 
Within 30 days of their completion.
Data processed based on the explicit consent of the Data Subject From the moment of granting consent until its withdrawal by the Data Subject.
  The personal data specified in this Policy may be processed for a longer period than specified above, if this is necessary to achieve the goals set forth therein or to protect the rights and/or legitimate interests (including in court) of HOTEL ZEFIR or if the applicable legislation provides for the processing of data for a longer period.

 

RIGHTS OF DATA SUBJECTS IN RELATION TO THEIR PERSONAL DATA

1. Access to personal data. Everyone has the right to access their own personal data. An application is submitted. Within 30 days of submitting the application, HOTEL ZEFIR provides the requested information or informs the person that the data has been deleted or the media on which it is contained have been destroyed.

2. Correction of personal data. Everyone has the right to request correction of their personal data if the data is inaccurate. An application is submitted. Within 30 days of submitting an application, HOTEL ZEFIR makes the correction and informs the person that their data has been corrected or deleted or the media on which they are contained have been destroyed.

3. Restriction of processing of personal data. Everyone has the right to request that the processing by the administrator or processor of personal data be restricted. An application is submitted and within 30 days of submitting the application, HOTEL ZEFIR carries out the requested restriction of processing and informs the person that the processing of his personal data has been restricted or that the same has been deleted or the media on which they are contained have been destroyed. In the event that the processing of personal data cannot be restricted, the legal basis for this shall be indicated.

4. Exercising the right to “be forgotten”. Anyone who has provided personal data to HOTEL ZEFIR may exercise their right to “be forgotten” and have their personal data deleted by submitting an application.

5. The application for access, restriction of processing, correction and deletion of personal data shall be submitted personally by the person or by his/her authorized representative with a power of attorney with notarized signatures or by a lawyer with an explicit power of attorney and shall contain: 1. name, address, unique civil number or personal number of a foreigner or other similar identifier, or other identification data of the natural person, determined by the administrator, in connection with the activity performed by him/her, description of the request; preferred form for receiving information when exercising the rights under Art. 15 – 22 of Regulation (EU) 2016/679, signature, date of submission of the application and correspondence address. The application shall be submitted by post, by courier or to the address of the company's management. When submitting an application by an authorized person, the power of attorney shall be attached to the application.

Within 30 days of submitting the application, HOTEL ZEFIR informs the person that:
– His request has been granted.
– His request is not satisfied and the legal basis for this is indicated. It is indicated when the obligation of HOTEL ZEFIR to store and process the data ceases.

6. Data portability. The data subject has the right to receive the personal data concerning him or her, which he or she has provided to HOTEL ZEFIR, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller in accordance with Article 20 of Regulation 2016/679.

7. Right to object. The data subject has the right, at any time and on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her pursuant to Article 21 of Regulation 2016/679.

8. Automated individual decision-making, including profiling. The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects him or her in application of Article 22 of Regulation 2016/679.

9. The scope of the rights of the Data Subjects and the obligations of HOTEL ZEFIR in relation to these rights may be limited by a legislative measure of EU or Member State law applicable to HOTEL ZEFIR.

10. Each Data Subject has the right to lodge a complaint with a data protection supervisory authority, in particular in the Member State (EU/EEA) of his/her habitual residence, place of work or place of the alleged infringement, if he/she considers that the processing of his/her personal data infringes the provisions of the Regulation or other applicable data protection requirements.

The supervisory authority in the Republic of Bulgaria is:
Personal Data Protection Commission
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
Website: https://www.cpdp.bg/ .

Clarifications and additional information
The data subject may receive explanations regarding the content and grounds for data processing, the manner of exercising the rights under this Policy, as well as any additional information regarding their rights in the processing of personal data from HOTEL ZEFIR at: 
Address: Sunny Beach Resort, Hotel Zefir Email address: bookings@hotelzefir.com
Phone: +(359)886497722 

This Personal Data Protection Policy has been drawn up by "ZEFIR MANAGEMENT" Ltd. in its capacity as a personal data controller in order to fulfill its obligations to provide information to data subjects under Art. 13 and Art. 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 

This Personal Data Protection Policy is in force from 01.03.2025

Hotel Zefir

Want to book?

Use the booking form.

Make a reservation

Contacts

Hotel Zefir, Bulgaria, 8240 Sunny beach

Phone
+359 55 422 833
Write to us
WhatsApp Viber
Email
bookings@hotelzefir.com
Location
Google Map Link
Call us Chat With Us