Rapid technological development and globalization have created new challenges for the protection of personal data.

We, at Kalina and Milan Guest Rooms – Yambol, respect the privacy of our guests.

We, at Kalina and Milan Guest Rooms – Yambol, respect the privacy of our guests. This policy is in line with the Personal Data Protection Act, the Charter of Fundamental Rights of the European Union, and Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR). Its purpose is to provide you with comprehensive information in a clear, accessible, and unambiguous language about what actions are taken with your personal data when you visit our website, make a reservation, or choose to stay at Kalina and Milan Guest Rooms – Yambol.

I. DEFINITIONS

For the purposes of this policy, according to Regulation (EU) 2016/679:

1. "Personal data“ means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
2. "Processing“ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organizing, structuring, storing, adapting or altering, retrieving, consulting, using, disclosing by transmission, dissemination or otherwise making available, aligning or combining, restricting, erasing, or destroying;
3. "Pseudonymization“ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such information is kept separately and is subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person;
4. "Controller“ means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for by Union or Member State law;
5. "Personal data breach“ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed;
6. "Erasure" means the irreversible deletion of information from the relevant medium;
7. "Destruction" means the irreversible physical destruction of the material medium of information.

II. WHAT DATA WE COLLECT AND PROCESS

Kalina and Milan Guest Rooms – Yambol is the administrator of personal data within the meaning of Regulation (EU) 2016/679.

1. For reservations made through the website Kalinaimilan.com, we collect and process: the name of the person (first and last name), email address, and phone number;
2. For reservations made by phone, we collect and process: the name of the person (first and last name) and phone number;
3. For reservations made via email: we collect and process: the name of the person (first and last name), email address, and phone number;
4. Upon guest check-in: we collect the following information: full name (in Cyrillic for Bulgarian citizens and in Latin for foreign or EU citizens, according to the national identity document), personal identification number (PIN), gender, nationality, date of birth, document number, issuance date, and country of issuance of the identity document. This data is entered into the Unified Tourist Information System, a register managed by the Ministry of Tourism, and access to it is granted to the Yambol Municipality, the National Revenue Agency, the Ministry of the Interior, the National Statistical Institute, and the State Agency "National Security";
5. For marketing purposes - processing of data only after receiving your explicit consent.

Data is retained for a period of 5 years.

You have the ability to access the Kalinaimilan.com website without providing personal data by browsing its content.

In the common areas of Kalina and Milan Guest Rooms – Yambol, 24/7 video surveillance is conducted using security cameras. Video surveillance is intended to protect the rights, privacy, safety, and property of the administrator, guests, and other individuals. The storage of security camera recordings is for a period of 15 days unless necessary due to a violation of public order and/or the rights of the administrator, guests, or others, in which case the recording may be retained for a longer period. Any of our guests may request to view the security camera recordings. After the administrator’s assessment, the request may be granted or denied if it is repeated without reason, requires disproportionate technical effort, or threatens the privacy of other guests or other legal requirements.

III. PRINCIPLES OF DATA PROCESSING

In processing personal data, we adhere to the principles of lawfulness, fairness, and transparency regarding the data subject. Lawfulness – when collecting, processing, and storing the data in compliance with Bulgarian and European legislation. Fairness and transparency – processing of personal data follows this Personal Data Protection Policy. The data we collect is minimized and processed solely for the purpose of the guest's accommodation. We process and store the received data only for the period necessary for the purposes of the guest's accommodation, and after that, it is destroyed.

We do not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership in trade unions, nor do we process genetic data, biometric data for the sole purpose of identifying a natural person, health data, or data regarding the sexual life or sexual orientation of the individual.

IV. YOUR RIGHTS REGARDING THE PERSONAL DATA YOU HAVE PROVIDED

1. Right of access to your data - the person has the right to request, in writing to us at our email – office@kalinaimilan.com, information about whether their provided data is being processed, the purpose of processing, the type of data, the expected period for which personal data will be stored, and if this is not possible, the criteria used for determining that period and the recipients or categories of recipients to whom personal data have been or will be disclosed;
2. Right to rectification, if you identify inaccuracies in your data after accessing them, you can request their update in writing by emailing us at office@kalinaimilan.com;
3. Right to erasure of personal data or restriction of processing, or to object to such processing if the conditions for this are met – you can request this in writing by emailing us at office@kalinaimilan.com;
4. Right to data portability - to receive personal data concerning you and which you have provided to the controller, in a structured, commonly used, and machine-readable format if the conditions for this are met – you can request this in writing by emailing us at office@kalinaimilan.com;
5. Right to lodge a complaint with a supervisory authority - if the conditions are met: Commission for Personal Data Protection, address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. 2, email: kzld@cpdp.bg, website: www.cpdp.bg.

The administrator provides a copy of the personal data being processed. For additional copies requested by the individual, the administrator may charge a reasonable fee based on administrative costs. When the request is submitted electronically, the information is provided in electronic form unless otherwise requested. You can exercise all of the above rights at any time..

The administrator applies appropriate technical and organizational measures to ensure a high level of security of the collected, processed, and stored personal data, ensuring continuous confidentiality, integrity, availability, and resilience of services for processing personal data, along with the ability to promptly restore availability and access to personal data in the event of a physical or technical incident.