Apartment rental in the heart of the city. Stylishly furnished real estates in Sofia and Bansko
VIEW MOREApartment rental in the heart of the city. Stylishly furnished real estates in Sofia and Bansko
VIEW MORE
I. Information on processing of personal data
By way of introduction, we would like to draw your attention to our extensive
information on creating transparency according to Articles 13 and 14 GDPR.
1. Controller for data processing
The controller for data processing on this website pursuant to Article 4 No 7
GDPR and the provider of the website (service provider) within the meaning of
the Bulgarian Laws is
Sofia Residence Boutique Hotel
1504 Sofia, Bulgaria
Tel.: +359 2 814 48 88
Fax: +359 2 846 82 44
E-mail: reservations@sofiare.com
2. Contact details of the Data Protection Officer
You can reach our Data Protection Officer at
Sofia Residence Boutique Hotel
63 Oborishte Str.
1504 Sofia, Bulgaria
E-mail address: s.ivanova@sofiare.com
3. Purposes and legal basis for processing personal data
We process your personal data in accordance with the provisions of the EU
General Data Protection Regulation (GDPR) as well as all other relevant legislation
for the purposes and on the legal basis as set out below:
(a) For processing and managing reservation inquiries and
reservations as well as for providing our services under the accommodation
agreement, including execution of your hotel stay and payments processing (in
particular also for tracking your use of our services (telephone, bar, spa, pay
TV programmes, etc.), for performing check-in and managing access to the rooms)
– the legal basis for this is the first sentence of Article 6(1)(b)) GDPR.
(b) For fulfilling a legal obligation to which our company is
subject as controller (e.g. by reason of reporting legislation, tax laws,
accounting obligations, etc.) – the legal basis for this is the first sentence
of Article 6(1)(c)) GDPR.
(c) For sending our e-mail newsletter including managing your
subscription to the newsletter – the legal basis for this is your consent
pursuant to the first sentence of Article 6(1)(a)) GDPR.
(d) For executing and managing your participation in our loyalty
programme – the legal basis for this is your consent pursuant to the first
sentence of Article 6(1)(a)) GDPR.
(e) For maintaining, safeguarding and improving the quality
of our products and services, in particular by performing and analysing satisfaction
surveys and guest comments, by processing your personal data in our centralised
guest database enabling us to recognise you as a returning guest, to better
appreciate your expectations and wishes, to improve the quality and individual
character of our communication with you and to create offerings tailored to you
– the legal basis for this is the first sentence of Article 6(1)(f)) GDPR. Our
overriding legitimate interests arise from the accommodation agreement entered
into with you representing a relative and appropriate relationship within the
meaning of Recital 47 of the GDPR, as well as from the fact that this type of
data processing is standard industry practice with international hotel chains
and is in keeping with the reasonable expectations of the majority of guests.
As an operating hotel our company moreover has a legitimate interest, pursuant
to Recital 48 of the GDPR, in transmitting personal data of the guests within
the group of undertakings for internal administrative purposes.
(f) For advertising of our offerings and services to existing
customers – the legal basis for this is Art. 6 (1) lit. f of the GDPR. More
details on advertising to existing customers can be found under part II, no. 2
of this data protection information.
(g) For ensuring compliance with house rules, for preventing
and clarifying criminal acts (in particular also by video monitoring), for
establishing and defending against legal claims and for safeguarding interests
in legal disputes, for ensuring IT security and IT operation, for identifying
credit risks – the legal basis for this is the first sentence of Article
6(1)(f) GDPR. Our overriding legitimate interests following from our obligation
to ensure that our guests have a safe stay in the hotel as well as from our
interest in enforcing our tangible and intangible claims and safeguarding our
rights as well as defending against unjustified claims. Furthermore, the
processing of personal data in the scope which is absolutely required to
prevent fraud pursuant to Recital 47 of the GDPR likewise constitutes a
legitimate interest of our company.
Minors
Minors may not send any personal data to us without the consent of their
parents or guardians. Through our website, we do not process any personal data
knowingly acquired from minors.
4. Categories of personal data recipients
If and to the extent required for the purposes as set out above under item 3,
we also disclose your personal information to the following recipients or
categories of recipients pursuant to Article 4 No 9 GDPR:
Within our company only those persons or entities are permitted to view or
access your data (to the extent required in each case) who need such data for
performance of our contractual and statutory duties.
In the extent to which your personal data are processed in our centralized
guest database, the data are also disclosed to the other undertakings which
operate one or more of the hotels of the brands belonging to Municipality in
the city. They use our centralized guest database, which is updated on a
regular basis
In the execution of advertising to existing customers measures, your personal
data will only be made available to those people in our company who have access
to our central guest database.
The service providers (e.g. as part of contract processing pursuant to Article
28 GDPR) and agents engaged by us may receive personal data for these purposes.
These are undertakings from the categories credit services and payments
processing, IT services, cleaning services, logistics, printing services,
telecommunications, collecting, advising and consulting as well as distribution
and marketing.
Furthermore, a disclosure of data
may be made to public bodies and institutions if a statutory obligation to do
so exists (e.g. financial authorities, criminal prosecution authorities).
Further data recipients may be those entities for which you have given us your
consent to data transfer.
5. Transfer of personal data to a third country
A transfer of personal data to entities in countries outside the European Union
(third countries) takes place if
(a) it is required to carry out your reservations or execute
your hotel stay,
(b) it is prescribed by law, or
(c) you have given us your consent.
A transfer of personal data to such service providers is permissible if the
European Commission has decided that the third country in question ensures an
adequate level of protection (pursuant to Article 45 GDPR). If the Commission
has not made such decision, our company or the service provider may transfer
personal data to a third country or an international organization only if
appropriate safeguards are provided for and enforceable data rights and
effective legal remedies are available (Article 46(1) GDPR).
Beyond the cases mentioned above, our company does not transfer personal data
to entities in third countries or to international organizations.
6. Period of storage of personal data and criteria for
defining such period
We process and store your personal data for as long as required for us to fulfill
our contractual and legal duties. If the data are no longer required for fulfillment
of contractual duties, they are normally deleted unless their further
processing for a limited term is required by retention periods prescribed by
commercial or tax legislation. The periods prescribed for storage and/or
documentation purposes range from two to ten years.
7. Your rights as a data subject
Every data subject whose personal data are processed has the right to obtain
information from the controller about the personal data in question pursuant to
Article 15 GDPR, the right to rectification pursuant to Article 16 GDPR, the
right to erasure pursuant to Article 17 GDPR, the right to restriction of
processing pursuant to Article 18 GDPR, the right to object to the processing
pursuant to Article 21 GDPR as well as the right to data portability pursuant
to Article 20 GDPR. The right to obtain information and the right to erasure
are further subject to the restrictions pursuant to sections 34 and 35
BDSG-new.
Further information on your right to object to processing pursuant to Article
21 GDPR.
If the processing of your personal data is based on a consent granted to us,
you have the right to revoke your consent at any time without the legality of
the processing performed on the basis of such consent up to revocation being
affected thereby.
Your also have the right to lodge a complaint with the competent data
protection supervisory authority pursuant to Article 77 GDPR in conjunction
with section 19 BDSG-new.
8. Obligation to provide data
As part of our contractual relationship, you are required provide such personal
data which are required to establish and perform the accommodation agreement or
which we are legally required to collect. Without such data, we will generally
not be able to conclude the agreement with you or to execute the same. We are
particularly required to record certain personal data about you on the
registration card. In the event you should not provide us with the necessary
information, we might not be able to provide you with the requested services or
might not be able to do so completely.
9. Automated decision-making and profiling
When establishing and executing our contractual relationship, you will not be
subjected to a decision based solely on automated processing, including
profiling, pursuant to Article 22 GDPR, which produces legal effects concerning
you or similarly affects you in a serious way.
10. Additional information on your right to object
pursuant to Article 21 GDPR
You have the right to object, on grounds relating to your particular situation,
at any time to processing of personal data concerning yourself which are based
on the first sentence of Article 6(1)(e)) GDPR (data processing in the public interest)
or the first sentence of Article 6(1)(f)) GDPR (data processing based on a
balancing of interests), including profiling based on those provisions pursuant
to Article 4(4) GDPR.
If you make an objection, we will no longer process your personal data unless
we can demonstrate compelling legitimate grounds for the processing which
override your interests, rights and freedoms, or for the establishment,
exercise or defense of legal claims.
If your personal data are processed by us for advertising to existing customers
purposes, you have the right to object at any time to processing of personal
data concerning yourself for such marketing, which includes profiling to the
extent that it is related to such advertising to existing customers.
The objection may be made without any particular form and should be directed to
our Data Protection Officer under the contact details specified in item 2
above.
If we perform video surveillance of the hotel visited by you, the following applies to the processing of personal data relating thereto:
(a) Purposes of
data processing:Ensuring compliance with house
rules, preventing criminal acts (e.g. damage to property or theft), ensuring
criminal prosecution
(b) Legal basis for data processing: First sentence of
Article 6(1)(f)) GDPR
The overriding legitimate interests of our Company follow from our obligation
to ensure that our guests have a safe stay in the hotel as well as from our
interest in enforcing our tangible and intangible claims and safeguarding our
rights as well as defending against unjustified claims.
(c) Categories of personal data recipients:
Potential recipients of the data are the criminal prosecution authorities as
well as persons or entities which we entrust with safeguarding our rights (such
as lawyers).
We do not intend to try or an international organization.
(d) Period of storage of personal data:
Where the
surveillance footage is recorded, the recordings concerned will be deleted
after 72 hours at the latest; after expiry of this storage period, only such
data will be stored which are necessary for clarifying specific incidents or
enforcing claims based on a specific event (e.g. a criminal offence). Such data
will likewise be deleted after the purpose for the continued storage no longer
exists.
1. E-mail newsletter and advertising to existing customers
E-mail newsletter
With the e-mail newsletter we keep you regularly informed about the offerings and services of the Residence in accordance with the preferences stated by you.
If you wish to receive the e-mail newsletter, we will need a valid email address for you. For those registering for our newsletter, we use what is known as the double-opt-in procedure. That means that after your registration we send you an e-mail to the e-mail address specified in which we ask you to confirm that you wish to be sent the newsletter. If you do not confirm your registration within two weeks, your information is blocked and after one month automatically deleted. Moreover, we store in each case your IP addresses used and times of log-on and confirmation. The purpose of the procedure is to be able to prove your registration and where necessary to clarify any potential misuse of your personal data.
As a subscriber to the e-mail newsletter, you may at any time revoke your consent to the processing of your e-mail address for sending the newsletter. Consent may be revoked via the link provided for this purpose in each e-mail newsletter or by sending an e-mail with the subject "unsubscribe" to reservations@sofiare.com
2.Advertising to existing customers
We reserve the right to send our guests offers from our range of services by means of advertising to existing customers via e-mail. Our legitimate interest in conducting advertising to existing customers consists of being able to offer our guests target-group-oriented individual offers that are created on the basis of a previous booking and/or an existing customer relationship.
The personal data you share with us in the case of a booking can be processed by us for the purposes of sending advertising to you as an existing customer for a period of 12 months. If you do not make any further bookings of any other kind within this time frame, your personal data will no longer be processed for the purposes of advertising to you as an existing customer and will be deleted accordingly, provided that you have not subscribed to a newsletter or your personal data do not have to be stored further due to any other regulations.
You can object to the use of your e-mail address for the purpose of sending advertising to you as an existing customer at any time without incurring anything other than the transmission costs according to basic tariffs. You can find more details on exercising your right of objection to the use of your e-mail address for direct advertising measures in Part I, Section 10 of this Privacy Policy.
3. Cookies and similar technologies
We use cookies on our website. These are small files that your browser automatically creates and that are stored on your end device (laptop, tablet, smart phone, etc.) when you visit our site. Cookies do no damage to your end device and do not contain viruses, trojans or other malware. Information is stored in the cookie which is generated in connection with the specific end device used. However, this does not mean that we are directly aware of your identity.
The use of cookies serves on the one hand to make the use of our offer more pleasant for you. On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our service.
We use cookies for the following purposes:
• Necessary
features:
These cookies make a significant
contribution towards improving the surfing and reservation experience on our
website. Basic functions and applications, such as the shopping cart or
electronic settlement processes, are optimized as a result of this, and
handling is also made easier. These cookies do not collect any information
about you that could be used for marketing activities or statistical analyses.
These cookies are necessary for the use of the website. The legal basis for
these cookies is Art. 6 (1) (b) of the GDPR.
• Statistical analysis: Statistical analysis is the
processing and presentation of data about user actions and interactions on
websites and apps (e.g. number of page visits, number of unique visitors,
number of returning visitors, entry and exit pages, length of stay, bounce
rate, activation of buttons) and, if applicable the division of users into
groups based on technical data about the software settings used (e.g. browser
type, operating system, language setting, screen resolution). The legal basis
for these cookies is consent given pursuant to Art. 6 (1) (a) of the GDPR.
• Reach measurement: Reach measurement is the evaluation of visitor actions by analyzing usage behavior in relation to determining certain user actions and measuring the effectiveness of online advertising. Actions measured include the number of visitors that reach websites or apps by clicking on ads. The rate of users performing a specific action (e.g. registration for the newsletter, ordering goods) can also be measured. The legal basis for these cookies is consent given pursuant to Art. 6 (1) (a) of the GDPR.
• Personalized advertising: Certain features of websites and apps are used to show users personalized advertising material (ads or commercials) in other contexts, such as on other websites, platforms or apps. To this end, conclusions are drawn about the interests of users from demographic information, search terms used, contextual content, user behavior on websites and in apps or from the location of users. On the basis of these interests, advertising material is chosen and displayed on online content of other providers in the future. The legal basis for these cookies is consent given pursuant to Art. 6 (1) (a) of the GDPR.
Setting cookies using our cookie consent tool
You can use our cookie consent tool
at any time to adjust your cookie settings. To do this, you can use the link
below to access the tool and set the above-mentioned categories of cookies by giving
or not giving consent to the use of these cookies in your browser.
Under Section II (4) of this Privacy Policy, you can see which partner
companies and third-party providers set cookies on our website and which of the
categories under Section II (3) are assigned to them.
» Cookie Consent Tool
Setting cookies via the browser
You can configure your browser so
that cookies can only be accepted with your specific permission. Most browsers
accept cookies automatically. However, you can configure your browser so that
no cookies are stored on your computer or that a message always appears before
a new cookie is created. However, the complete deactivation of cookies may mean
that you will not be able to use all of the features of our website. In the
menu bar of your browser, you will find a help function that will show you how
to reject new cookies and deactivate existing ones. When using a shared
computer, which accepts cookies and so-called flash cookies, we recommending
logging out completely after you have finished surfing.
4. Providers of cookies
provider/Tool |
category |
period of storage |
purpose |
AWIN |
necessary features |
necessary features |
reimbursement |
Criteo |
personalized advertising |
13 months |
advertising |
|
personalized advertising |
max. 90 days |
profiling, |
|
necessary features |
30 days |
reimbursement |
|
personalized advertising |
28 days |
advertising |
Mapp Intelligence |
statistical |
6 months |
evaluation |
|
personalized advertising |
max. 24 months |
advertising |
|
personalized advertising |
max. 24 months |
advertising |
Ignition One |
personalized advertising |
1 year |
advertising |
Microsoft Advertising / Bing Ads |
personalized advertising |
13 months |
advertising |
Tripadvisor |
personalized advertising |
max 24 months |
advertising |
Triptease |
personalized advertising |
8 hours / 5 years |
marketing-automation |
Functionality: Since marketing tools for personalized advertising all work in a similar way technically, the following text refers to this functionality for all of the aforementioned providers as a whole.
Personalized advertising providers use technologies such as cookies, tracking pixels and device fingerprinting to display ads relevant to users and to improve reports on campaign performance. With the help of these providers, interest-based advertisements can be displayed on the websites of the providers and on our website. Information that is stored on users’ end devices is also processed.
To this end, the providers provide features that are generally referred to as “remarketing.” Remarketing enables users of websites to be recognized on other websites within an advertising network of the provider so that ads tailored to these users’ interests can be shown. The ads can also refer to products and services that users have already viewed on our website. To this end, the interaction of the users on our website, e.g. which offers users are interested in, is analyzed in order to display targeted advertising to users on other pages after they visit our website. If users visit our website, the respective provider will store a cookie on the user’s end device. With the help of cookies and tracking pixels, the provider processes the information generated by the users’ end devices about the use of our website and interactions with our website, as well as access data, in particular the IP address, browser information, the website previously visited and the date and time of the server request, for the purpose of displaying and analyzing personalized ads.
Furthermore, the providers mentioned
also use the “conversion” function to draw attention to our attractive offers
with the help of advertising material on external websites. In relation to the
data from the advertising campaigns, we can determine how successful the
individual advertising measures are. These advertising materials are delivered
by the providers via “ad servers.” To do so, we use ad server cookies, through
which certain parameters for range measurement, e.g. display of ads, duration
of viewing or clicks by users, can be measured. Information that is stored on
users’ end devices is also processed. If users access our website via an ad
from the provider, the provider will stores a cookie on the user’s end device.
With the help of cookies and tracking pixels, the provider processes the
information generated by the users’ end devices about interactions with our
advertising material (accessing a specific website or clicking on an advertising
medium) and users’ access data, in particular IP address, browser information,
the website previously visited and the date and time of the server request, for
the purpose of analyzing and visualizing the reach of our ads. Due to the
marketing tools used, users’ browsers automatically establish a direct
connection with the provider’s server.
Google Analytics
This website also uses Google Analytics, a web analytics service of Google Inc.
based in Mountain View, USA (“Google”). Google Analytics uses cookies. These
are text files that are saved to your computer that allow your usage of the
website to be analyzed. The information generated by the cookie about your use
of this website will generally be transmitted to and stored by Google on a
server in the United States.
recipient: Google Ireland Ltd style="border:1px solid black;"., Gordon House, Barrow Street, Dublin 4, Ireland,
Fax: +353 (1) 436 1001).
Functionality: The web analytics service Google Analytics uses technologies
such as cookies, tracking pixels and device fingerprinting to understand
certain user behavior on websites. Information is also processed that is stored
on users’ end devices. With the help of the tracking pixels integrated into
websites and the cookies stored on users’ end devices, Google processes the
information generated about the use of our website by users’ end devices, e.g.
that a certain website was accessed, and access data for the purpose of reach
measurement pertaining to website use. The access data includes, in particular,
the IP address, browser information, the website previously visited and the
date and time of the server request. Google Analytics is used with the
“anonymizeIp()” extension. As a result, IP addresses are processed in shortened
form to make it significantly more difficult to identify them. According to
Google, the IP addresses are shortened beforehand within member states of the
European Union.
Google provides IP anonymization
(so-called IP masking) and this is activated on this website (by extending
Google Analytics by the code "gat._anonymizeIp();"); Google will
therefore shorten and anonymize your IP address within the European Union or in
another member state of the European Economic Area. Only in exceptional cases
will a full IP address be transmitted to a Google server in the USA and be
shortened there.
On behalf of the operator of this website, Google will use the information
collected through Google Analytics to analyze your use of the website, to
compile reports on website activities and to render other services related to
the use of the website and of the Internet in general to the website operator.
The IP address transmitted by your browser in the context of Google Analytics
will not be mixed with other Google data.
You’ll find more information on the terms and conditions of usage and data
protection of Google Analytics at http://www.google.com/analytics/terms/de.html and https://www.google.de/intl/de/policies/.
5. Embedding of services and content of third-party providers (e.g. registration of the IP address by third-party services)
Third-party content (hereinafter referred to as “third-party providers”) is integrated into the website. In order to use these contents, transmission of the user’s IP address to the respective third-party provider is technically necessary. This is because without an IP address the third-party providers are unable to send the contents embedded in the website to the respective user’s browser. We have no control over whether a third-party provider uses the IP address e.g. for statistical purposes or otherwise. We use the following third-party providers on our website:
Current version and updating of this
Private Policy
This Private Policy shall apply with effect from 27 July 2020.
We will update this Private Policy from time to time to reflect relevant
changes to our website, changes in the processing of personal data or
amendments to legislation. The revised version shall apply as of the published
effective date. In the event of any material amendments to this Private Policy,
we will inform you in good time prior to the effective date of such amendments
by posting a notice on our website. Where applicable, we will also inform our
guests of the amendments by e-mail or other means.