- Arapya Resort
- Our rooms
- All inclusive
- Animation for children
- Conference room
- Personal data protection policy
- general terms
- Contact Details
Eurograde BG EOOD recognizes and complies with the established policies and general conditions for the protection of personal data.
Information about the Administrator of personal data
Eurograde BG EOOD (hereinafter referred to as Administrator, Eurograde, We, Us, the Company) is a limited liability company, registered in the Commercial Register with EIK 131220682, with registered office and correspondence address: city of Sofia, g.k. Lozenets, Momin Kladenets Street No. 1, Floor 3, contact phone: +359 886 050 318 and email: email@example.com
Personal data protection officer:
Name: Georgi Danchev
Address for correspondence: city of Sofia, g.k. Lozenets, Momin Kladenets St. No. 1, 3rd floor
Phone: +359 898 621 679;
Contact information for the Supervisory Authority
Commission for the Protection of Personal Data
Address: Sofia, P.K. 1592, Prof. Tsvetan Lazarov Blvd. No. 2
Personal Data is any information relating to an identified or identifiable natural person, including but not limited to: (a) first or initial and last name; (b) uniform civil number; (c) permanent or current address; (d) telephone number; (e) an email address or online identifier associated with the individual; (f) financial, health or professional experience data; (g) behavioral or demographic characteristics when linked to personal identifiers; (h) voice data and video image or (i) any other information relating to an individual that is combined with any of the above.
Other data, as determined by applicable law, which may be anonymized and/or aggregated information, as well as any other information that does not reveal the identity of the individual or is not directly linked to him. Other data may be, but is not limited to: cookies, IP address and information derived from an IP address, information contained in HTTP headers. Other data stored in Internet protocols, browsers or different devices, operating systems and information used by "APPS" applications on your mobile device, screen resolution, behavioral data about your use of the sites and preferred languages.
Processing of personal and other data, means any operation or set of operations performed on personal or other data, by automatic or other means, such as collection, recording, organization, storage, adaptation or modification, retrieval, consultation, use, disclosure or distribution and deletion or destruction.
Sensitive personal data is a type of personal data that may include, but is not limited to - data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the sole purpose of identifying a natural person, data on the state of health or data on the sex life or sexual orientation of the natural person.
Suppliers of goods and services, third parties that we use contractually to fulfill our legal obligations and carry out our business and to provide you with many of our services, features and aspects of the Website.
What personal and other data we collect
Our privacy policies depend on the type of relationship you have with Eurograde and the legal requirements. We aim to collect personal and other data only to the extent necessary to provide you with the products, services or information you have requested or the recruitment of necessary personnel for the normal function
Your personal data may also be collected in connection with Customer programs and games that Eurograde organizes. Each Customer Program and Game has its own individual terms and conditions, with a detailed description of the rules of participation, the prize funds, the necessary personal data that will be collected, the methods of collection, storage periods and purposes of processing.
When organizing such Customer programs and games, Eurograde also complies with the general rules for the protection of personal data determined by the specific social platform on which the Game is distributed. Usually, but not exclusively - Facebook, Twitter, Instagram.
Eurograde collects user data in various ways. In all cases, we only collect personal data that you have voluntarily provided to us and we do not collect any other data that has not been provided to us without your voluntary consent.
3.1.1. Personal data that you have provided voluntarily
You may choose to communicate with us and provide personal data, such as your:
names, postal and email address, telephone and/or mobile number, city, postal code, age, bank account and other information.
3.1.2. For what purpose we use your personal data
Eurograde uses the above-described data, when provided by Users, in the cases of:
performance of a contract concluded with a client, including delivery of goods and services;
submission by customers of opinions, complaints, suggestions, objections, etc.;
customer satisfaction survey;
providing a response;
connection to the Wi-fi network provided by Eurograde restaurants and accommodations;
contacting us by phone, email or mail with a question, suggestion or complaint.
to respond to your inquiries and complaints related to the quality of the goods offered;
in connection with Client Programs and in case you are a winning participant in the Games organized by Eurograde.
Eurograde does not collect personal data from its customers unless they contact us directly. In order to be able to adequately respond to customer inquiries, personal data may be shared with third parties.
3.1.3. Other data collected automatically
We collect data automatically through the Website. However, if we combine your personal data with those we collect automatically (eg geographic location from your IP address and combine, with the behavioral information about your use of the Website, with your name) we treat the information as personal.
Eurograde and its online advertising and marketing partners may use various technologies to collect information, including:
Like many other websites, we use devices that collect data, such as cookies. We collect this data in order to analyze traffic to our page and to measure the effectiveness of the promotions we offer. A cookie is a text string of information that the Website sends to the cookie file from the browser on your computer's hard drive so that the Website can remember you.
A cookie usually contains the name of the domain from which the cookie came, the "lifecycle" of the cookie, and a value, which is usually a randomly generated unique code.
This helps us provide you with a better use of our Website and also allows us to improve the services we offer.
A few important things to know about cookies:
are used to improve the use of the Website.
most cookies are "session cookies", meaning they are automatically deleted from your hard drive at the end of the session.
3.1.4. Internet Protocol (“IP”) Addresses
The IP address is associated with your computer or your mobile device. Eurograde may use your IP address to help diagnose problems with Eurograde's server, administer the Website, and keep in touch with you while you are using the Website.
3.2. Potential employees
If you wish to be part of the Eurograde team and submit an application or apply your resume, we process and store the personal data entered in the specified documents for a period of no longer than 6 months after the end of the selection. Personal data collected may include, but is limited to:
Identification: names, address, telephone number, email address, date of birth, nationality, bank account;
Education and professional qualification
ia: data related to education, work experience, professional and personal qualifications and skills, when necessary and required for the position held.
This personal data is stored according to the personal data privacy rules provided when applying for a job at Eurograde.
Regarding its employees, Eurograde processes the following personal data:
Identification: three names, social security number, date of birth, permanent address, education and professional qualification; professional experience, bank account number;
Health data, including a medical certificate in respect of all employees and data from the personal health records of employees working directly with food;
Data concerning the criminal history - certificate of criminal record.
This personal data is stored in accordance with Eurograde's internal personal data protection rules and the Employee Personal Data Privacy Notice.
3.4. Counterparts and suppliers
Regarding our suppliers of goods and services who are natural persons/as freelancers/ and the representatives or contact persons of our suppliers of goods and services who are legal entities Eurograde processes the following personal data:
Identification: names, social security number, address, phone number, email address, date of birth;
Professional activity: position, official position;
This personal data is stored according to Eurograde's internal rules for the protection of personal data and the Privacy Notice of suppliers and partners.
3.5. Visitors to premises
Regarding persons who visit Eurograde premises where video surveillance is carried out, Eurograde processes the following personal data:
Identification: voice data and video image;
This personal data is stored according to the rules for the protection of personal data in video surveillance and monitoring of Eurograde.
How we collect the data
The company usually collects and processes the personal data of customers in the preparation, preparation and provision of reservation and accommodation at Eurograde sites.
The Company generally does not process the personal data of customers in the preparation and sale of drinks and food in its establishments.
Personal data of customers is processed when the customer decides to participate in any of the programs or games organized by the Company. In such case, the personal data of the customers (the personal data processed may include, depending on the specific case, the customer's first and last name, current address, email address, date of birth, telephone number, payment details and, where applicable , information about the order and places of purchases) are processed only with the consent of the client, provided voluntarily in accordance with the rules of the relevant program and game.
Customers' personal data is processed within the framework of customer programs for the purposes of facilitating the fulfillment of the respective customer's orders, for marketing (for example, as part of the company's marketing campaigns, to provide information about new products, to deliver commercial messages to the Company or to notify the customer of winning prizes or other profits) and for the purposes of tracking customer satisfaction.
Personal data of customers (personal data processed may include, depending on the specific case, the customer's first and last name, current address, email address, date of birth, telephone number, payment details and, where applicable, order information and places of purchases) are also processed in cases of actual contact by a customer with the company in connection with expressing opinions, complaints, suggestions, objections, etc.
Users of the Website
The company uses two types of cookies - temporary (session) and permanent cookies. Session cookies are used temporarily and are stored on the User's device until he/she exits the Website or closes the application (web browser). In contrast, persistent cookies remain on the User's device for the time specified in the parameters of the respective cookie or until the User deletes them.
Typically, the application used to view the Website allows the files to be stored on
cookies on the User's device according to the initial settings. This mode can be changed either by completely blocking cookies in the web browser settings, or by partially blocking them - in this case, the User is notified every time the device stores cookies. More detailed information about the options and ways to manage cookies is available in the application (web browser) settings.
The Website collects information about the User's IP address (ie, the number that uniquely identifies the network interface of the User's computer network), the domain name, as well as the type of web browser and operating system. The purposes of processing this data are similar to those of cookies, which means that this data is used by the Company to collect statistics to analyze the use of the Website and to personalize advertisements.
Users' personal data is processed in the presence of consent voluntarily provided by the User by loading the Website or by default expected in connection with the use of the Website.
The personal data of Users who register or send an inquiry on the website are processed in the presence of consent voluntarily provided by the User when registering or enquiring.
Employees and Potential Employees
The company processes the personal data of employees and potential employees within the framework necessary for the selection and appointment of personnel and the fulfillment of legal obligations (for example, the obligation to withhold or impose taxes, to keep files for the purposes of health and social insurance, etc. ). The employee undertakes to provide the Company with this data. Failure to provide this data should be considered a violation of legal requirements by the employee and/or the Company and may lead to the imposition of sanctions by the competent state authorities.
The Company processes the personal data of employees separately from the legal requirements only with their consent and as part of the certification of the Company's legitimate interests or the fulfillment of the contract concluded by and between the Company and the employee, specifically for the purposes of processing personal data in CV- recruitment of candidates for the Company, preparation of advertising materials, management of the Company's profiles in social networks, keeping records of the use of the Company's company cars, provision of information on Company events, protection of the Company's property (mainly the use of video surveillance systems) or when providing access to the Company's premises for authorized persons.
What we do with the personal and other data we collect
First, we use the data you provide us or that we collect to provide you with the products, services or information you have requested. We also use the data to improve the functionality when using our Website.
We may use your data to provide you with information regarding Eurograde products or services that may be of interest to you. In order to automatically address customer inquiries and to provide the services offered through our Website, we may share information with our service providers.
You have the right to opt out of certain uses and disclosures of your personal data as set forth in this Policy. Before disclosing sensitive data to a third party or processing sensitive data for a purpose other than the original or for a purpose subsequently authorized by you, Eurograde will make reasonable efforts to obtain your express consent. When consent to data processing is required by law or contract.
If you participate in any promotion, the personal data you provide will be processed in accordance with the privacy policies applicable to that promotion to the extent that they differ from this Policy.
Where do we store lich
All personal data submitted and collected through the websites are stored on our servers, on shared servers, on the servers of other controllers or processors of personal data with whom Eurograde has recruitment contracts, or on the servers of our suppliers of goods and services . By using our websites, you consent to us storing your data in the locations indicated.
7.1. Provision of data to third parties
The company provides already processed personal data only to partners with established technical and organizational measures for data protection and fulfillment of other obligations arising from Regulation (EU) 2016/679 of the EU of 27.04.2016 and the GDPR on data protection. The Company's partners have access to personal data only to the extent necessary to fulfill their duties. Therefore, the Company, in certain cases, provides personal data to other companies and third parties that provide services to the Company related to hosting personal data on shared servers, managing applications for loyalty programs, securing payments for purchases from the Company and analyzing of marketing research. The personal data of the Company's employees is provided to the external accounting firm that collects the Company's accounting and tax records and statements and, in some cases, to companies providing the Company with services that allow the Company's employees to report cases of violation of the legal regulations or in cases where the Company, its partners or employees act unethically.
Under no circumstances does the Company provide personal data to third parties for payment.
7.2. Transfer of personal data to third countries
The Company may transfer personal data to countries outside the European Union and in certain cases to third countries (USA), regardless of whether there is a decision of the European Commission on the level of protection of personal data in these third countries equal to that existing in the European Union.
Personal data transferred to other companies and third parties is carried out, if necessary, on the basis of a contract according to which the recipient of personal data undertakes to maintain high standards of personal data protection (the transfer of personal data is based on the "standard clauses " for the protection of personal data, according to Article 46, paragraph 2, item c of the General Regulation on data protection) and/or subject to the consent of the person whose personal data is transferred.
Storage period. The personal data provided by you will be stored for a period no longer than is necessary to achieve the purposes for which they are processed.
How we protect your data
Eurograde implements organizational, physical, information technology and other necessary measures to ensure the security and protection of your personal data and the monitoring of the processing of personal data.
Among other things, such security measures include the following activities:
- Eurograde has established the requirements for processing, registration and storage of personal data with the internal procedures, compliance with which is constantly monitored;
- the access of Eurograde employees to personal data and the permission to process personal data in the Eurograde database is limited, depending on their duties;
- Eurograde has established confidentiality obligations for its employees;
- access to Eurograde's office equipment and the computers of each employee is limited.
- we implement all the necessary organizational and technical measures provided for in the Personal Data Protection Act, as well as the best practices of international standards
- For the purpose of maximum security when processing, transferring and storing your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.
The security measures we apply are subject to constant improvement and adaptation to the latest technologies.
Where permitted by law, you may use any of the methods in Section 13 of this Policy to obtain confirmation that Eurograde is processing personal data about you and to request access, correction or deletion of personal data processed by us, including when the data were processed in violation of the principles of Regulation (EU) 2016/679 of the EU of 27.04.2016 and the GDPR. Such requests will be processed in accordance with Eurograde's internal rules, in accordance with EU Regulation (EU) 2016/679 of 04/27/2016 and the GDPR.
Eurograde respects and takes the necessary care to respect the rights of legal entities, but there may be cases where it is impossible to provide the requested information, for example, but not limited to:
when the law takes precedence over the rights of the subjects of the information;
when it posed a risk to the security of legal entities;
when it would interfere with the privacy of other persons or when it is commercial property.
If the Administrator determines that access should be restricted, in any particular
case, Eurograde will make the necessary efforts to notify you of the reasons that led to the restriction of access to the information you requested, as well as provide you with contacts for further inquiries.
If necessary, Eurograde's Data Protection Officer will contact another person to cooperate and complete the process of providing the data you requested. To protect your data, the Administrator will take the necessary steps to verify your identity before providing access to or before making any changes related to your data.
Data Integrity - Purpose Limitation
Eurograde processes the personal data it receives while you use the Sites or as long as it is necessary to complete the purpose(s) for which it was collected, for example, but not limited to: to complete the services provided, to resolve disputes, for legal protection, when performing of audits, in the presence of legitimate business interests, to fulfill agreements and to comply with applicable laws. Your consent for these purposes is not required.
Eurograde does not provide personal data to third parties unless a customer or potential employee requests or has consented to such disclosure, or disclosure is required by law. The Administrator may share personal data with its service providers, consultants and affiliates for internal, business purposes or to provide you with a product or service that you have requested.
Payment information will only be processed to fulfill the order, it may be stored by our service provider, for the purposes of future orders or for accounting purposes.
The Administrator requires from its suppliers or other persons processing personal data, written consent for confidentiality and to ensure the protection of personal data that they maintain on behalf of the Administrator, including ensuring at least the minimum level of protection required by the principles of the Regulation (EU ) 2016/679 of the EU of 27.04.2016, the data shall not be used for any other purposes, except for the purposes determined by the Administrator. Providers must notify the Administrator if they find that they are no longer able to fulfill their obligations. With regard to further transfers of data provided to third parties, the Administrator monitors the way personal data is processed, requesting a guarantee from the processing party that it complies with the principles of Regulation (EU) 2016/679 of the EU of 27.04.2016 Mr.
Your personal data is considered an asset of the company and may be disclosed or transferred to a third party in the event of a change in the legal organizational structure of Eurograde, for example in any reorganization, sale, merger, division, joint venture, transfer, merger or other any acquisition, disposal, or financing of all or part of our business, or any of our business assets or shares (including in connection with bankruptcy or similar proceedings). In these cases, your data is transferred to the third party so that you can continue to receive the same products and services or to maintain the same relationship with the third party.
Although we make every effort to maintain the confidentiality of the personal data we collect, Eurograde reserves the right to disclose personal data to third parties under certain limited circumstances, which include: (a) compliance with law, search warrant, subpoena, legal proceedings, judicial or administrative order; (b) responding to a legal request by public authorities, including to fulfill national security requirements or in fulfillment of law enforcement requirements; (c) enforcing the Administrator's policies or contracts; (d) collection of amounts due; (e) protect users of the Sites from fraud or abuse; (f) during emergencies where safety is at risk, as determined by the Administrator; (g) where necessary to establish, exercise or defend legal claims.
At the Administrator's discretion, server logs may be viewed for security purposes, for example, to detect unauthorized activity on the Sites. In these cases, server data containing IP addresses will be shared with law enforcement authorities so that they can identify users in connection with their investigation of unauthorized activities.
Although there is no "guaranteed security", we and our partners use commercially reasonable measures (including any steps required by applicable law) that are designed to protect your personal information from loss, unauthorized access, use, alteration, disclosure or other abuses.
Rights of data subjects
You can also submit a complaint to your Supervisory Authority, for Bulgaria it is the Commission for the Protection of Personal Data, at the addresses indicated in this Policy. Eurograde will fully comply with
the recommendations given by the Supervisory Authorities, and will take the necessary steps to eliminate any non-compliance with the regulatory principles.
Personal Data Protection Commission,
address: Sofia 1592, Prof. Blvd. Tsvetan Lazarov" No. 2;
If you suspect a violation of legal requirements, you have the right to file a complaint with the supervisory authority for personal data protection:
Your legal rights are:
To request information about whether we process your personal data, what they are and for what purpose they are processed.
To request access to your personal data ("Data Access Request"). It allows you to obtain a copy of the personal data we hold and check whether we are processing it in accordance with the established legal order.
To request correction of your personal data held by us. You have the opportunity to correct any incomplete or inaccurate information we hold about you.
Request deletion of your personal data. Allows you to ask us to delete or remove personal data if:
- the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
- the data subject objects to the processing, including profiling, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing for direct marketing purposes;
- the personal data were processed illegally;
- personal data must be deleted in order to comply with a legal obligation under Union law or Bulgarian legislation;
- the personal data were collected in connection with the provision of information society services.
To object to processing against certain types of processing, such as direct marketing (unsolicited advertising messages), as well as when processing is based solely on a legal interest for the Administrator.
To object to automated decision-making, including profiling, i.e. not to be subject to any automated decision-making by us using your personal data or profiling.
To request the restriction of the processing of your personal data when:
- disputes the accuracy of the personal data, for a period that allows the Administrator to verify the correctness of the personal data;
- the processing is unlawful, but the data subject does not wish the personal data to be deleted, but instead requests the limitation of its use;
- The administrator no longer needs the personal data for the purposes of processing, but the data subject requires that they be preserved for the establishment, exercise or defense of his legal claims;
- has objected to the processing of the data based on the existence of a legal interest for the Administrator, while the verification lasts whether the legal interests of the company take precedence over those of the data subject.
To request the transfer of your personal data in an electronic and structured form to you or another person (commonly known as the right of "data portability"). This allows you to receive your data from us in a usable electronic format and to transmit it to another person in a usable electronic format.
To withdraw your consent. In the rare cases where you may have consented to the collection, processing and transfer of personal data for a specific purpose, you have the right to withdraw your consent to that particular type of processing at any time. Once we receive notification that you have withdrawn your consent, we will stop processing your information for the purposes for which you originally consented, unless there is another good reason for us to do so by law.
The request can be made by completing a Request Form and sending it to the e-mail address of the Personal Data Protection Officer or to the address of Eurograde.
To ensure that we have identified the correct person, we may contact you to confirm your request.
Eurograde undertakes to consider your request without undue delay and in any case within 30 days of receipt of the request. In cases representing legal and factual complexity, this term can be extended by another 30 days. You do not need to pay a fee to exercise the above rights. A fee may be charged in the case of a repeated request on the same grounds, in the case of an obviously unfounded or excessive request.
In order to provide complete, accurate and clear information in the Request, we may ask you for specific, identifying data to help us confirm your identity. This is an additional security measure, ensuring that your personal data will not be disclosed to persons who do not have the right to receive it.
Information affecting children
We do not knowingly collect personal information from children under the age of 16. If we learn that we have collected personal information of a child e.g
If you are under 16, we will take steps to delete the information as soon as possible or obtain the consent of the person with parental responsibility for the child.
If you are the parent or legal guardian of a child who you believe has provided us with personal data, please contact our Data Protection Officer and he will take immediate action to delete the information in accordance with applicable law.
Links to third party sites
Your continued use of the Website after the posting or amendment of the Policy will be deemed your agreement to be bound by it and any such changes to it.
Other related policies
This Policy may be supplemented by one or more special privacy policies or notices. In the event of a conflict between this Policy and any special policy, the applicable special policy shall prevail.
How to contact us
If you wish to exercise your rights or have other questions regarding this policy, you can contact us at phone: +359 886 050 318 and email: firstname.lastname@example.org, address: city of Sofia, g.k. Lozenets, Momin Kladenets St. No. 1, floor 3,
Personal data protection officer: Georgi Danchev, phone: +359 898 621 679, email: email@example.com.
In addition, you have the right to appeal to the Commission for the Protection of Personal Data: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2 or in electronic form on the Commission's website https://www.cpdp.bg.
This policy has been approved and is effective as of September 2019.