The Policy reflects the requirements of Regulation (EU)2016/679, the Personal Data Protection Act and its implementing regulations in relation to the receipt, processing, storage and destruction of individuals’ personal data
Information about us
“INI Ltd (INI and/or the Administrator), is a company registered in the Commercial Register of the Registry Agency with UIC 204871768, with registered office and registered address. registered office and registered address:. registered office and registered address: Sozopol, registered office and registered address: 5 Yani Popov, tel. +359 550 22235, e-mail.
gr. Sozopol, ul. Yani Popov 5
Data Protection Officer: Proletina Chora – Hotel Manager
INI EOOD processes your personal data in order to provide you with better, higher quality and more varied hotel services. We protect your data by implementing all appropriate technical and organisational means at our disposal to prevent unauthorised access, unauthorised or malicious use, loss or premature deletion of information.
We only collect and process personal data in compliance with local and European law. We are aware that the processing of your data is linked to a specific reason and cannot be carried out without restriction.
This “Privacy and Data Protection Policy” is intended to explain how and why we process your personal data.
How and why we use your personal data
The processing of your personal data is carried out in order to:
establishing the identity of the client in case of inquiry, preliminary reservation and/or accommodation in the hotel “Villa List”, gr. In case of reservation or reservation of a reservation at the request of the customer, please contact
preparing and sending a bill/invoice for the provided hotel services
to collect the amounts due for the services used by you;
We process your identification data and other personal data in order to comply with legal obligations, for example:
provision of information to the Commission for Personal Data Protection in relation to obligations under the legal framework for personal data protection – Personal Data Protection Act, Regulation (EU) 2016/679 of 27 April 2016, etc.;
obligations provided for in the Accounting Act and the Tax and Social Security Procedural Code and other related regulations in relation to the keeping of proper and lawful accounting records;
provision of information to the court and third parties, in the framework of proceedings before a court, in accordance with the requirements of procedural and substantive regulations applicable to the proceedings;
Categories of personal data we process:
identification details :
full name, unique citizenship number or identity number of the foreigner, permanent address; passport details
personal contact details – contact address, phone number and contact information (email, phone number), age group; nationality
credit or debit card information, bank account number or other banking and payment information in relation to payments made to and from INI Ltd. in the event of cancellation of a booking;
For children under the age of 16, the processing of personal data is lawful to the extent that consent is given by the person with parental responsibility for the child.
Where we process your basic personal data and the other data described for the purposes of providing hotel services and their payment, for responding to your service requests, and in order to comply with our legal obligations, this processing is mandatory. If you do not provide us with identification data, we cannot provide you with our hotel services.
How we protect your personal data
In order to ensure adequate protection of the data of INI EOOD and its guests, we apply all necessary measures provided for in Regulation (EU) 2016/679 of 27 April 2016 and Bulgarian legislation.
We make every effort to ensure that personal data collected from you is protected from loss and/or unauthorised access. This protection applies to information stored electronically and on paper. Access to your personal information is limited to selected employees or representatives. In addition, we use generally accepted information security techniques, such as firewalls, access control procedures, etc., to protect personal information against loss and/or unauthorized access.
Storage and protection of personal information:
We store the personal information provided to us for as long as necessary to fulfil the purpose for which the personal data was collected and processed, in accordance with Regulation (EU) 2016/679 of 27 April 2016 and Bulgarian law. Once the purpose for which it was collected has been achieved, the personal data will be destroyed.
How are cookies used?
Depending on the browser you are using, you have the option to allow or refuse the storage of cookies from all sources or set up a notification that will ask for permission to accept or refuse each new cookie.
Most browsers are set to accept cookies by default. Cookies can be deleted by the user at any time. Acceptance or rejection of these cookies can be enabled or disabled by you through your browser settings. The settings required for this can be found in the relevant menu section of your internet browser. Details can be found in the “Help” menu of your internet browser. You can control
and/or delete cookies whenever you wish – see aboutcookies.org for more information.
All cookies used on our Website are automatically deleted after a certain period of time. This period varies up to 365 days depending on the purpose of the specific cookie.
Categories of recipients to whom personal data may be disclosed:
-to individuals to whom the data relate;
-to persons for the protection of the life and health of the data subject;
-to persons if provided for in a legal act
-to persons in the performance of a task in the protection of the public interest;
-to persons under contract;
-to persons processing personal data
We do not disclose your personal data to third parties, foreign countries or international organisations.
You have the following rights when processing your personal data:
Right to information:
You have the right to request:
Information about whether data relating to you is being processed, information about the purposes of that processing, the categories of data and the recipients or categories of recipients to whom the data is disclosed;
a communication in an intelligible form containing the personal data which is being processed and any available information about its source;
Right of rectification:
In the event that we process incomplete or erroneous/incorrect data, you have the right, at any time, to request:
delete, correct or block your personal data, the processing of which does not comply with the requirements of the law;
Right to object:
At any time you have the right to:
object to the processing of your personal data where there is a lawful basis for doing so; where the objection is justified, the personal data of the individual concerned may no longer be processed;
The right to restrict processing:
You may request restriction of the processing of personal data if:
you dispute the accuracy of the data for the period in which we need to verify its accuracy; or
the processing of the data is without legal basis, but instead of erasure you request limited processing; or
we no longer need the data (for the specified purpose) but you need it to establish, exercise or defend legal claims; or
you have objected to the processing of the data, pending verification that the controller’s grounds are lawful.
Right to data portability:
You may request that we provide the personal data you have entrusted to our care in an organized, orderly, structured, commonly accepted electronic format.
Right to complain:
In the event that you believe that we are in breach of applicable law, please contact us to clarify the matter. You can protect your rights by filing a complaint with the CPD www.cpdp.bg. Sofia , bul. Prof. Tsvetan Lazarov 2 ‘ e-mail firstname.lastname@example.org or to the court.
Withdrawal of consent:
You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.
Relevance and policy changes