Privacy policy

Please read this Privacy Policy (“Policy”) carefully. It describes how PLOVDIV HILLS 2019 EOOD, acting as a personal data controller and the company managing Best Western Premier Plovdiv Hills Hotel, processes and protects your personal data in connection with your use of our services, your stay at the hotel, your visit to our website, and your communication with us through various channels.

Our priority is to ensure a high level of protection for the personal information of our guests, visitors, partners, and users of our online services.

The purpose of this Policy is to inform you about the types of personal data we process, the purposes and legal grounds for processing, the storage periods, the conditions under which we may share your data with third parties, as well as your rights and how you can exercise them.

This Policy has been prepared in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, as well as the Personal Data Protection Act of the Republic of Bulgaria.

By making a reservation, using our services, staying at the hotel, or by accessing and using our website and online platforms, you confirm that you have been informed about this Policy. Where the law requires your explicit consent for certain data-processing activities, we will request it separately and transparently.

I. GENERAL PROVISIONS

1. Personal Data Controller Information

Art. 1. In connection with the provision of its services and the performance of its activities, PLOVDIV HILLS 2019 EOOD processes, as a data controller, the personal data of its clients – natural persons, as well as the personal data of other natural persons indicated below (“Data Subjects” / “You”), in accordance with the rules and principles set out in this Policy.

Art. 2. PLOVDIV HILLS 2019 EOOD is a company registered under Unified Identification Code (UIC) 208289039 and VAT number BG208289039, with its registered office and address of management at:
127 “Brezovsko Shose” Str., Northern District, Plovdiv, Bulgaria.
Tel.: +359 894 539 185
Email: sales@hotelpremierplovdiv.com

II. Data Subjects

In connection with the services provided, Best Western Premier Plovdiv Hills processes information regarding the following Data Subjects:

(a) Natural persons visiting the website https://hotelpremierplovdiv.com/

(b) Natural persons making reservations on their own behalf or on behalf of another natural or legal person via the Website.

(c) Natural persons using the services provided by Best Western Premier Plovdiv Hills, including, but not limited to, hotel accommodation services, restaurant services and related services, provision of facilities for conferences and other events, as well as natural persons representing or acting on behalf of legal entities using these services.

(d) Natural persons submitting inquiries (including, but not limited to, by email, fax, phone, or via the hotel’s social media channels), requests, notifications, complaints, or other correspondence to Best Western Premier Plovdiv Hills, either on their own behalf or on behalf of another person they represent.

(e) Natural persons whose information is included in inquiries (including phone calls), requests, notifications, complaints, or other correspondence sent to Best Western Premier Plovdiv Hills.

Services provided by Best Western Premier Plovdiv Hills may only be requested by persons who are 18 years of age or older.

III. Categories of Personal Data

The information (categories of personal data) that Best Western Premier Plovdiv Hills processes regarding Data Subjects in accordance with this Policy may include:

1. In connection with hotel accommodation services:

(a) Identification data: guest names; date of birth; gender; nationality; national identification number (e.g., UIC for Bulgarian citizens) and/or identity document number; date of issue of the identity document; validity of identity documents; country of issue of the identity document; signature.

(b) Contact information: phone number; email address; postal address.

(c) Accommodation-related information: room number; floor; dates of stay (arrival and departure dates); duration of stay (number of nights); use of travel packages.

2. Data related to payments and invoicing:
Information about the payment method (cash, bank transfer, credit card, etc.); information about due and completed payments; information on payment deadlines and overdue/unpaid obligations; bank information (bank, IBAN, account holder); currency of payment; credit/debit card number, validity, and holder; data contained in payment authorization forms (slips); legal entity name; legal entity address; VAT number and/or other identification, tax, or registration numbers (UIC for individuals); signed authorization forms.

3. In connection with restaurant services:

(a) Identification data: names.

(b) Contact information: phone number; email address; postal address.

(c) Data related to payments and invoicing: credit/debit card number, validity, and holder; legal entity name; legal entity address; VAT number and/or other tax or registration number (for sole proprietorships and individuals); signed authorization forms.

(d) Preference-related information (if explicitly provided by the user): food and beverage preferences; preferred payment method; special requirements related to food, beverages, or other substances that the guest cannot come into contact with (for any reason).

4. When the data subject is represented by another person (e.g., a company):

If services are requested by a person other than the Data Subject for the benefit of the Data Subject – the capacity in which the Data Subject will use the services, by whom the services are requested, by whom the payment will be made, and similar information (e.g., for bookings organized by an employer or business partner of the Data Subject).

5. In connection with the services and functionalities of the Website:

(a) Data processed for making a hotel reservation: names; email address; phone number; country; credit/debit card number, validity, and holder; number of rooms; number of guests, including number of adults and children; corporate/access/discount code; event and/or group booking code; reservation number; special offers and guest preferences (if explicitly provided in the reservation form).

(b) Unstructured content from conversations and inquiries directed to hotel staff via the hotel’s social media profiles (Facebook, Instagram, LinkedIn, TikTok, etc.).

(c) Cookies: The use of cookies is necessary for the operation of the Website. A detailed description of the cookies used, their purpose, and the information processed via cookies can be found in the Best Western Premier Plovdiv Hills Cookie Policy.

6. In connection with submitted complaints, statements, requests, petitions, and notifications (including in free text):
Unstructured information contained in the respective complaints, statements, requests, petitions, and notifications.

IV. ВИДЕОНАБЛЮДЕНИЕ И СИГУРНОСТ

(1) In accordance with the requirements of applicable law, Best Western Premier Plovdiv Hills implements security measures that include technical and organizational means for access control and to ensure physical security against intrusions into buildings and facilities, as well as to protect the life and health of individuals. These measures include security alarm systems and a video monitoring system that operates 24/7, consisting of recording and storage devices.

(2) Video surveillance and recording may be carried out in publicly accessible areas and premises of Best Western Premier Plovdiv Hills buildings, as well as in areas with restricted access. Video surveillance is not conducted in guest rooms, sanitary facilities, leisure rooms, and other similar areas.

V. Legal Grounds for Personal Data Processing

Best Western Premier Plovdiv Hills processes personal data on the following legal grounds:

Performance of a contract or taking steps prior to entering into a contract – to enable the execution of your reservation, accommodation, and provision of hotel services.

Compliance with a legal obligation – including obligations under the Tourism Act, Accounting Act, and tax legislation.

3. Легитимен интерес на администратора или на трети страни – включително защита на сигурността, видеонаблюдение, обработване на жалби, защита на права и интереси.
Legitimate interest of the controller or third parties – including security protection, video surveillance, handling complaints, and safeguarding rights and interests.

4. Consent of the data subject – for specific purposes such as marketing, newsletters, loyalty programs, and other cases where consent is required. The data subject may withdraw consent at any time.

VI. RETENTION PERIODS OF PERSONAL DATA

Personal data is retained for periods determined by the purposes of processing and applicable law, including:

• Data from the register of accommodated tourists – in accordance with the Tourism Act.

• Financial and accounting documents – 10 years (Accounting Act).

• Data related to reservations and stay – until the contract is fulfilled and the statute of limitations for claims has expired.

• Data processed based on consent – until the consent is withdrawn.

• Video recordings from CCTV systems – up to 60 days, unless longer retention is required for investigations or other legal processes.

• Correspondence, complaints, and signals – up to 5 years.

After the respective retention periods expire, personal data is securely deleted or destroyed, unless another legal basis for retention applies.

VII. Purposes of Personal Data Processing

We use your personal data for the following purposes:

1. Accepting, administering, and processing reservations and cancellations.

2. Providing services for confirmed reservations.

3. Administering and receiving payments for the provided services, including remote payments.

4. Ensuring guarantees for completed reservations and for payment of hotel accommodation and any additional requested services.

5. Maintaining a register of accommodated guests and providing information from it to competent authorities as required by law.

6. Address registration of foreigners in accordance with applicable legislation.

7. Handling complaints, requests for exercising rights, and similar cases, including processing claims and commercial guarantees (if applicable) and preparing responses.

8. Accounting, invoicing, and reporting received and executed payments in accordance with applicable tax and accounting legislation.

9. Other activities to fulfill legal obligations (tax, accounting, regulatory, licensing, etc.), including providing information to competent state and judicial authorities and assisting in inspections by competent authorities.

10. Direct Marketing:

With the explicit consent of the data subject, we may process the following personal data: names, telephone numbers, addresses, email addresses; information regarding the type and volume of services used and preferred, and other data explicitly mentioned in the respective consent, for the purposes of direct marketing, such as offering other goods and services (including those offered by third parties), conducting surveys and questionnaires to improve the quality of services, and similar purposes within the scope of the given consent.

When personal data is processed for direct marketing purposes, the data subject has the right to object at any time to such processing. In such cases, processing of personal data for these purposes ceases. The data subject also has the right to withdraw consent for processing of their personal data for direct marketing purposes at any time. In such cases, processing of personal data based on the given consent is terminated.

11.Ensuring the proper functioning and use of the Website.

VIII. Categories of Recipients of Personal Data

The personal data of the data subjects may be shared with the following categories of recipients when necessary to achieve the purposes of processing, based on legal grounds, or with valid consent:

1. State and regulatory authorities, when required by law, including:

• Ministry of Interior
• Municipal administration / tourist register
• National Revenue Agency
• Judicial and law enforcement authorities, when necessary
  

2. Partners and service providers acting as data processors on behalf of the controller, including:

• Hotel and reservation system providers (e.g., Oracle/Opera PMS and others)
• Online booking platforms (e.g., Booking.com, Expedia, etc.)
• Payment service providers and banks
• IT service providers, hosting, and system maintenance providers
• Accounting and auditing services
  
• Security and video surveillance companies (if applicable)

3. Corporate partners within the hotel chain, when necessary to implement loyalty programs, reservations, or guest services (e.g., Best Western Hotels & Resorts and Best Western Rewards).

4. Legal consultants and contractors, when necessary to protect the legitimate interests of the controller.

5. Other persons, to whom the data may be disclosed based on the explicit consent of the data subject or when necessary for the performance of contractual obligations.

IX. Rights of Data Subjects Regarding Their Personal Data

Every data subject has the following rights under Regulation (EU) 2016/679 (GDPR):

1. Right of Access

Every data subject has the right to obtain confirmation as to whether their personal data is being processed, as well as access to the relevant information.

2. Right to Rectification

Every data subject has the right to request the correction of inaccurate or incomplete personal data.

3. Right to Erasure

Every data subject has the right to request the deletion of their personal data under the conditions of the GDPR, except in cases where the law requires its retention (e.g., under the Tourism Act and accounting legislation).

4. Right to Restrict Processing

Every data subject has the right to request restriction of the processing of their data in certain circumstances.

5. Right to Object

Every data subject has the right to object to the processing of their personal data when the basis for processing is the legitimate interest of the controller.

6. Right to Data Portability

Every data subject has the right to receive their personal data in a structured, commonly used, and machine-readable format and to transfer it to another controller, where applicable.

7. Right to Withdraw Consent

In cases where processing is based on consent, the data subject has the right to withdraw this consent at any time, without affecting the lawfulness of processing carried out prior to the withdrawal.

To exercise the above rights, the data subject may contact the controller using the contact details provided in this Policy. The controller shall process requests in accordance with applicable legal requirements.

X. Right to Lodge a Complaint with a Supervisory Authority in the Republic of Bulgaria

Every data subject has the right to lodge a complaint with a data protection supervisory authority, in particular in the EU/EEA Member State of their habitual residence, place of work, or the place of the alleged infringement, if they consider that the processing of their personal data violates the provisions of the Regulation or other applicable data protection requirements.

The supervisory authority in the Republic of Bulgaria is:

Commission for Personal Data Protection

Address: 2 Prof. Tsvetan Lazarov Blvd, Sofia 1592, Bulgaria

Website: https://www.cpdp.bg/.

IX. Contacts

A data subject may obtain clarifications regarding the content and legal grounds for processing, the exercise of rights under this Policy, as well as any additional information concerning the processing of personal data by BEST WESTERN PREMIER PLOVDIV HILLS at:

Address:127 “Brezovsko Shose” Str., Northern District, Plovdiv, Bulgaria.

Email: sales@hotelpremierplovdiv.com

Phone: +359 894 539 185

XII. Additional Information

This Privacy Policy has been prepared by PLOVDIV HILLS 2019 EOOD in its capacity as data controller in order to fulfill its obligations to provide information to data subjects pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR).

Last updated: 01.11.2025