The Policy reflects the requirements of Regulation (EU)2016/679, the Personal Data Protection Act and its implementing regulations in relation to the receipt, processing, storage and destruction of individuals’ personal data
Information about us
“INI Ltd (INI and/or the Administrator), is a company registered in the Commercial Register of the Registry Agency with UIC 204871768, with registered office and registered address. registered office and registered address:. registered office and registered address: Sozopol, registered office and registered address: 5 Yani Popov, tel. +359 550 22235, e-mail.
“INI LTD.
gr. Sozopol, ul. Yani Popov 5
villalist@mail.bg
Personal data protection officer: Kiril Iliev – Hotel manager
INI EOOD processes your personal data in order to provide you with better, higher quality and more varied hotel services. We protect your data by implementing all appropriate technical and organisational means at our disposal to prevent unauthorised access, unauthorised or malicious use, loss or premature deletion of information.
We only collect and process personal data in compliance with local and European law. We are aware that the processing of your data is linked to a specific reason and cannot be carried out without restriction.
This “Privacy and Data Protection Policy” is intended to explain how and why we process your personal data.
How and why we use your personal data
The processing of your personal data is carried out in order to:
establishing the client’s identity when enquiring, making a reservation and/or staying at the Villa List hotel, Sozopol
preparing and sending a bill/invoice for the provided hotel services
to collect the amounts due for the services you use;
We process your identification data and other personal data in order to comply with legal obligations, for example:
provision of information to the Commission for the Protection of Personal Data in connection with obligations provided for in the normative framework for the protection of personal data – Personal Data Protection Act, Regulation (EU) 2016/679 of April 27, 2016, etc.;
obligations stipulated in the Accounting Act and the Tax and Insurance Procedural Code and other related legal acts, in connection with keeping correct and lawful accounting;
provision of information to the court and third parties, within the framework of proceedings before a court, in accordance with the requirements of the procedural and substantive legal acts applicable to the proceedings;
Categories of personal data we process:
identification details :
the three names, uniform civil number or personal number of a foreigner, permanent address; passport data
other data:
personal contact details – contact address, phone number and contact information (email, phone number), age group; nationality
credit or debit card information, bank account number or other bank and payment information in connection with payments made to INI EOOD and by INI EOOD in case of cancellation of a reservation;
For children up to 16 years of age, the processing of personal data is lawful to the extent that consent is given by the person bearing parental responsibility for the child.
Where we process your basic personal data and the other data described for the purposes of providing hotel services and their payment, for responding to your service requests, and in order to comply with our legal obligations, this processing is mandatory. If you do not provide us with identification data, we cannot provide you with our hotel services.
How we protect your personal data
In order to ensure adequate protection of the data of INI EOOD and its guests, we apply all necessary measures provided for in Regulation (EU) 2016/679 of 27 April 2016 and Bulgarian legislation.
We make every effort to ensure that personal data collected from you is protected from loss and/or unauthorised access. This protection applies to information stored electronically and on paper. Access to your personal information is limited to selected employees or representatives. In addition, we use generally accepted information security techniques, such as firewalls, access control procedures, etc., to protect personal information against loss and/or unauthorized access.
Storage and protection of personal information:
We store the personal information provided to us for as long as necessary to fulfil the purpose for which the personal data was collected and processed, in accordance with Regulation (EU) 2016/679 of 27 April 2016 and Bulgarian law. Once the purpose for which it was collected has been achieved, the personal data will be destroyed.
Cookie Policy
Use of cookies
“Cookies are small text files created by the websites you visit. The cookie will help the website recognise your device the next time you visit and so store your preferences and actions for a certain period of time. The use of so-called “cookies” or “cookies” is solely for the convenience and ease of users when working online. “Cookies do not contain information that can identify a person (such as first name, last name, email address, phone number), but a combination of a computer and a web browser. As a prime example of information stored in a cookie, whether you have responded “ok” about this site’s cookie policy so that you will not be asked again.
How are cookies used?
We use cookies primarily to facilitate the usability of the site, improve its performance and store information about user behaviour. No personal data is stored in this process, i.e. the cookies on the INI Ltd website cannot identify you as an individual and therefore the Data Protection Act does not apply to the collection of this information. The information collected from cookies is generally used in aggregate form to analyse user behaviour on the Website, enabling us to improve the functionality of the Website, user journeys and content used.
How can I manage my use of cookies?
Depending on the browser used, you have the option to allow or refuse the storage of cookies from all sources or to set a notification that will ask for permission to accept or refuse with each new “cookie”.
Most browsers are set to accept cookies by default. Cookies can be deleted by the user at any time. Accepting or refusing these cookies can be enabled or disabled by you through your browser settings. You can see the necessary settings in the relevant part of the menu of your internet browser. Details can be found in the “Help” menu of your Internet browser. Details can be found in the “Help” menu of your internet browser. You can control
and/or delete cookies whenever you wish – see aboutcookies.org for more information.
All cookies used on our Website are automatically deleted after a certain period of time. This period varies up to 365 days depending on the purpose of the specific cookie.
Categories of recipients to whom personal data may be disclosed:
-to individuals to whom the data relate;
-to persons for the protection of the life and health of the data subject;
-to persons if provided for in a legal act
-to persons in the performance of a task in the protection of the public interest;
-to persons under contract;
-to persons processing personal data
We do not disclose your personal data to third parties, foreign countries or international organisations.
You have the following rights when processing your personal data:
Right to information:
You have the right to request:
information about whether data concerning you is processed, information about the purposes of this processing, about the categories of data and about the recipients or categories of recipients to whom the data is disclosed;
a message in an understandable form containing your personal data that is being processed, as well as any available information about its source;
Right to rectification:
In the event that we process incomplete or erroneous/incorrect data, you have the right, at any time, to request:
to delete, correct or block your personal data, the processing of which does not meet the requirements of the law;
Right to object:
At any time you have the right to:
objections to the processing of your personal data if there is a legal basis for this; when the objection is justified, the personal data of the individual concerned can no longer be processed;
Right to restriction of processing:
You may request restriction of the processing of personal data if:
you dispute the accuracy of the data, for the period in which we have to verify its accuracy; or
the processing of the data is without legal basis, but instead of deleting them, you want their limited processing; or
we no longer need this data (for the specified purpose), but you need it for the establishment, exercise or defense of legal claims; or
you have filed an objection to the processing of the data, pending verification of whether the controller’s grounds are lawful.
Right to data portability:
You may request that we provide the personal data you have entrusted to our care in an organized, orderly, structured, commonly accepted electronic format.
Right to complain:
In the event that you believe that we are in breach of applicable law, please contact us to clarify the matter. You can protect your rights by filing a complaint with the CPD www.cpdp.bg. Sofia , bul. Prof. Tsvetan Lazarov 2 ‘ e-mail kzld@cpdp.bg or to the court.
Withdrawal of consent:
You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.
Relevance and policy changes
In order to implement the most up-to-date protection measures and to comply with current legislation, we will regularly update this Privacy Policy. We invite you to regularly review the current version of this Privacy and Data Protection Policy, to keep informed about how we are protecting the personal data we collect.