fbpx
RESORTS IN EUROPE

Privacy Policy

Privacy and Personal Data Protection Policy
  1. Introduction

1.1 This Privacy and Personal Data Protection Policy (the “Policy”) governs the way in which Foundation ANTO collects (in short Spa & Wellness), processes and stores your personal data in accordance with the requirements of the General Data Protection Regulation – Regulation (EU) 2016/679, the Personal Data Protection Act of the Republic of Bulgaria, and other statutory Bulgarian or international acts.

1.2 The privacy of information about our users is a main priority for us. Spa & Wellness in its capacity of Personal Data Administrator, and in compliance with the legislation and good practices, applies the required technical and organizational measures for protection of the personal data of natural persons. Spa & Wellness meets all the requirements of the new regulation, collecting only the data of the persons, to the extent that they are necessary, respectively: for the performance of the company’s activity; to provide our services; for the use of our websites and for the purposes of marketing.

1.3 This Policy provides information about how and what types of personal data we collect from and for you, why we need it, whom we can provide or disclose it, and how it is protected.

1.4 Definitions:

1.4.1 “personal data” means any information relating to an identified natural person or a natural person (“data subject”) who can be identified; a natural person who can be identified is a person that can be identified directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more features specific for the physical, physiological, genetic, psychic, mental, economic, cultural or social identity of that individual;

1.4.2 “Processing” means any operation or a set of operations performed with personal data, or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission, dissemination or other means by which data becomes available, arrangement or combination, restriction, deletion or destruction;

1.4.3 “Regulation” refers to General Data Protection Regulation, i.e. Regulation (ЕU) 2016/679.

Please read this Policy carefully. By providing your personal data to Spa & Wellness, whether electronically or on paper, you accept and agree with the practices described in this Privacy and Personal Data Protection Policy.

Please, in case you have any questions about this Policy, contact us, in particular with the Data Protection Officer, and if you do not agree to any of the terms contained in the privacy policy, we recommend you not to use products and services provided by Spa & Wellness, for which you are required to provide your personal data.

  1. Contacts and links

2.1. Information about Spa & Wellness.eu in its capacity of Personal Data Administrator. 

In connection with the processing of your personal data, you can contact us on the following contacts:

Foundation ANTO
UIC: 206073092
Headquarters and address of management: 7 Sveti Gorazd str., 4002 Plovdiv, Bulgaria
Correspondence address: 7 Sveti Gorazd str., 4002 Plovdiv, Bulgaria
Telephone
: +359 887322367
E-mail: info@spawellnessresorts.eu
Website: https://spawellnessresorts.eu

Data Protection Officer Contact details:
Address: 7 Sveti Gorazd str., 4002 Plovdiv, Bulgaria
Telephone: +359 887322367
E-mail: info@spawellnessresorts.eu

2.2 Information about the competent supervisory authority:

Commission for Personal Data Protection
Headquarters and address of management: Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd.
Address for correspondence: Bulgaria, Sofia 1592, 2, Prof.  Tsvetan Lazarov Blvd.
Telephone: +359 2 915 3518
E-mail: kzld@government.bg; kzld@cpdp.bg
Websitewww.cpdp.bg

If you believe that we are violating your rights with respect to the processing of your personal data and in accordance with the requirements of the General Data Protection Regulation – Regulation (EU) 2016/679, you have the right to file a complaint with the Data Protection Officer, file a complaint with a supervisory authority, and seek legal protection as follows:

Right to appeal to a supervisory authority

If you wish to file a complaint about the processing of your personal data by us, or about the way we have dealt with your complaint, you have the right to file a complaint with the Commission for Personal Data Protection, and the Data Protection Officer (if such is available).

You can file a complaint in one of the following ways:

  1. Personally, on paper in the registry office of CPDP at: 1592 Sofia, 2, Prof. Tsvetan Lazarov Blvd.
  2. By letter to the following address: 1592 Sofia, 2, Prof. Tsvetan Lazarov Blvd., Commission for Personal Data Protection.
  3. By fax at: 029153525
  4. Electronically to the e-mail address of CPDP (kzld@cpdp.bg). In this case, your complaint must be formatted as an electronic document signed with an electronic signature (not scanned).
  5. On the CPDP website at https://cpdp.bg/?p=pages&aid=6 in the manner described on the respective page. In this case, your complaint must be formatted as an electronic document signed with an electronic signature.

In each of these cases, the complaint should contain:

  • details of the complainant – names, address, contact telephone number, e-mail address (if available)
  • the nature of the complaint
  • other information and documents that you consider relevant to the complaint
  • date and signature (for electronic documents – electronic signature, for paper documents – handwritten)

CPDP provides a Complaint form to the Commission (to assist and guide citizens) about the misuse of the processing of personal data in voter lists supporting the registration of political subjects. The form can be downloaded from the following page:

https://cpdp.bg/userfiles/file/Documents_2017/Forma_jalba_politicheski subekti.doc

  1. Principles and Guidelines for collecting, processing and storing personal data
  • 3.1 In order to process personal data in accordance with legal requirements, personal data are collected and used lawfully, the necessary security of the processing operations is ensured and Spa & Wellness has taken the necessary measures to ensure that the personal data processed are not subject to unauthorized disclosure. According to the basic principles observed by Spa & Wellness, your personal data are:
    • 3.1.1 processed in a lawful, in good faith, and transparent way with regard to the data subject (“legality, good faith and transparency”);
    • 3.1.2 collected for specific, explicit, and legitimate purposes, and not further processed in a way inconsistent with those objectives (“limitation of objectives”);
    • 3.1.3 appropriate, relevant and limited to what is necessary in relation to the purposes for which they are being processed (“minimize data”);
    • 3.1.4 accurate and up-to-date; Spa & Wellness.eu has taken all reasonable steps to ensure the timely erasure or correction of inaccurate personal data, taking into account the purposes for which they are being processed (“accuracy”);
    • 3.1.5 stored in a form that allows the data subject to be identified for a period no longer than is necessary for the purposes for which the personal data are processed; (“Storage limitation”);
    • 3.1.6 processed in such a way as to ensure an adequate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures (“integrity and confidentiality”);
    • 3.1.7 Spa & Wellness.eu is responsible and able to prove that it complies with the basic principles related to the processing of personal data (“accountability”).
  • 3.2 Grounds for collecting personal data:
    • 3.2.1 Spa & Wellness collects and processes your personal data in connection with the use of the company’s website and the subsequent provision of information, based on Art. 6, paragraph 1 of Regulation (EU) 2016/679, and in particular, based on your explicit consent as a customer/potential customer. You have no obligation and we do not require you to register or provide personal information to view our website or to access most of its content. The provision of personal data through our website is done through the enquiry form. By providing your personal data in the enquiry form you must give your consent for providing the data that automatically means a consent to us to process them in order to respond to your enquiry;
    • 3.2.2 Spa & Wellness collects and processes your personal data in case you agree to receive communications from us related to our projects, events, campaigns, offers, offers related to our activity, and news about the company;
    • 3.2.3 Spa & Wellness collects and processes your personal data also on the occasion of the conclusion (including negotiations that didn’t lead to the conclusion of a contract) and/or implementation of a contract – contracts for use of our services, contracts for purchase, contracts by which we assign a particular job or the performance of services and/or orders, etc.)
    • 3.2.4 Spa & Wellness collects and processes personal data in connection with the observance of legal obligations that apply to the administrator – in fulfilment of our obligations to NRA (National Revenue Agency), NSSI (National Social Security Institute), and other state and municipal authorities;
    • 3.2.5 Spa & Wellness.eu administers personal data and for the purposes of the legitimate interests of the administrator or of a third party, except where the interests or the fundamental rights and freedoms of the data subject, which require the protection of the personal data, have priority over such interests;
    • 3.2.6 Spa & Wellness collects and processes personal data in connection with the selection of staff for various vacancies announced by the company. The vacancies can be announced in the “Careers” section of our site, with the possibility of applying for a position through a special contact form or by sending us a message and necessary documents to a specified email;

as well as in other legally established hypotheses.

  1. Purposes of the processing of personal data

4.1 Spa & Wellness collects, processes and stores personal data for the following purposes:

4.2 According to the requirements of Section I – Transparency and conditions of Regulation (EU) 2016/679, Spa & Wellness provides transparent information, communication and conditions for the exercise of the rights of the data subjects under Article 12 of the Regulation.

  • Provision of services;
  • Making sales;
  • For marketing activities – related to our projects, events, campaigns, offers, offers related to our activity, and news about the company and (if expressly requested to receive such information), etc.
  • For communication with you – about contractual relationships and non-contractual relations
  • For legal purposes – to resolve legal disputes and protect the rights and legitimate interests of the company;
  • For the implementation of employment and social insurance relationships, including for the purposes of staff recruitment;
  1. Types of data collected, processed and stored by Spa & Wellness.

5.1 In order to achieve the objectives set forth in item 4 of this policy, Spa & Wellness collects, processes and stores the following categories of data:

Identification data of persons: name, father’s name, surname;

Contact details: address, phone, email, position, etc.;

Data about IP used (when signing in)

Data required for employment relations (according to company procedures), etc.;

Data depending on the specifics of the services used, respectively the type of legal relations in which you participate;

5.2 Spa & Wellness does not collect: personal data referring to racial or ethnic origin; such that reveal political, religious or philosophical belief; genetic and biometric data;

  1. Period for the storage of personal data:
  • 6.1 Spa&Wellness keeps your personal data for the period necessary for the fulfilment of the purposes described in this Policy, unless a longer period of storage is required or permitted by the applicable legislation. The storage is in compliance with the statutory time limits for a certain category of documents (payrolls, financial statements, accounting registers, etc.) as well as statutory limitation periods in the Tax and Social Insurance Procedure Code (TSIPC), the Accountancy Act, the Social Insurance Code, Obligations and Contracts Act. After the expiry of the term of storage, Spa & Wellness shall take the necessary care to erase and destroy all data without undue delay, according to the internal company procedure for destruction of personal data;
  • 6.2 Spa & Wellness informs you if the period for storing the data needs to be extended in order to meet the objectives, implementation of the contract, in view of the legitimate interests of Spa & Wellness or otherwise.
  1. Destruction

Spa & Wellness will destroy your personal data as soon as possible and in such a way that it cannot be reproduced or restored.

  1. Sources of personal data

The personal data collected by Spa & Wellness are collected from the persons to whom they refer, through the contact forms on the company’s sites, by third parties, such as our contractors and/or intermediaries, subject to the requirements of the Regulation.

  1. Rights of persons whose data are processed by Spa&Wellness
  • 9.1 Right of access: You have the right to require and obtain from Spa & Wellness a confirmation about the processing of personal data relating to you; To access the data relating to you as well as the information relating to the collection, processing and the storage of your personal data; Spa & Wellness provides you with a copy of the processed personal data relating to you on request, in electronic or other appropriate form; Providing access to the data is free of charge but Spa & Wellness reserves the right to impose an administrative fee in case of repeatability or excessive demand;
  • 9.2 Right of Correction: You may correct or fill in inaccurate or incomplete personal data related to   you directly by requesting so from Spa & Wellness;
  • 9.3 Right to Delete (Right “to be forgotten”): You have the right to request from Spa & Wellness the deletion of your personal data, and Spa&Wellness is obliged to delete them without undue delay when the grounds provided for by the law exist, and if there is no other ground for lawful processing, or a legitimate reason for the administrator’s refusal to delete the data; Spa & Wellness does not delete data for which it is legally obliged to store, including for protection, in connection with claims against it or proof of its rights.
  • 9.4 Right to restriction: You have the right to require Spa & Wellness to restrict the processing of your personal data when: you contest the accuracy of your personal data for a period that allows Spa & Wellness to verify the accuracy of your personal data; the processing is unlawful, but you do not want your personal data to be deleted, but only their use to be restricted; Spa & Wellness no longer needs the personal data for the purposes of the processing, but you require them to establish or defend your legal claims; You have objected against the processing pending verification if the legal grounds of Spa & Wellness have priority over your interests;
  • 9.5 Right to portability: You may at any time withdraw the data stored and processed for you in connection with your relationship with Spa & Wellness by sending a written request to the Administrator. When technically feasible, you may request a direct transfer of your personal data to an administrator you specify;
  • 9.6 Right to information: You have the right to request to be notified in the event of any action related to correcting, deleting or restricting the processing;
  • 9.7 Right to objection: You may object at any time against the processing by Spa & Wellness of your personal data when the processing is on the grounds of: performing a task of public interest or on the basis of official authority; the purposes of the legitimate interests of the administrator; for purposes of scientific or historical research or for statistical purposes, including profiling or processing for direct marketing purposes;
  • 9.8 You have the right to refuse to be the subject of a decision based solely on automated processing, including profiling, which has legal consequences for you or concerns you considerably. Spa & Wellness does not carry out automated decision making with data.
  • 9.9 Right to file a complaint: You have the right to complain to the Commission for Personal Data Protection in case of violations of Regulation (EU) No. 2016/679 of 27 April 2016, and the right to effective protection against CPDP, administrator or processor of your personal data;
  • 9.10 Right to compensation: You are entitled to compensation for material or immaterial damages suffered as a result of a breach of Regulation (EU) No. 2016/679.
  • 9.11 In order to exercise the above rights, you should make a request to Spa & Wellness, as well as to certify your identity with the data subject.
  • 9.12 You have the opportunity to exercise your rights in the following way:
  • By post box of Foundation ANTO at the address: 7 Sveti Gorazd str.; 4002 Plovdiv
  • By phone: +359 887322367
  • On the Internet at: email address: info@spawellnessresorts.eu

Website: https://spawellnessresorts.eu

  1. Withdrawal of consent to process your personal data

When you have consented to the processing of your personal data for one or more specific purposes, if you do not want all or part of the data to continue to be processed by Spa & Wellness for specific or for all processing purposes, you may any time withdraw your consent to processing by request to Spa & Wellness in a freely formulated text.

  1. Transmission of personal data to third countries or international organizations
  • 11.1 Transmission of personal data processed or intended to be processed after the submission to a third country or to an international organization outside the EU is carried out by Spa&Wellness.eu only under the terms of the General Data Protection Regulation – Regulation (EU) 2016/679, subject to the conditions set forth in Chapter V of the Regulation. Spa & Wellness applies all the provisions of the Regulation so as not to jeopardize the required level of protection of individuals provided by the Regulation.
  • 11.2 In the event that Spa & Wellness will transfer personal data to a third country or to an international organization outside the EU, this transfer is made in accordance with the Company’s Data Transfer Procedure outside the EU, and the data subjects are notified in advance as their consent for the transmission of personal data is required.
  1. Individuals to whom your personal data is provided

The persons – employees of Spa & Wellness, who have access to your personal data are strictly defined in the Internal Company Rules, and in the procedures for personal data processing, by determining the level of access to the various personal data registers.

It is possible that Spa & Wellness will transmit your personal data to third persons who are related to the processing of or are processors of personal data, administrative structures and bodies of the executive authority, etc. In any case, the transmission of personal data by Spa & Wellness is carried out for the purposes of the fulfilment of the processing objectives and while strictly observing the requirements of Regulation (EU) 2016/679.

  1. Infringements and Notification of infringements
  • 13.1 “Personal data security infringement” means a security infringement that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that is transmitted, stored or otherwise processed by Spa & Wellness.
  • 13.2 In the case of a personal data security infringement, where there is a possibility of arising a risk to the rights and freedoms of individuals, without undue delay and where feasible, not later than 72 hours after it has understood about it, Spa & Wellness shall inform about the violation The Commission for the Protection of Personal Data.
  • 13.3 If Spa&Wellness establishes an infringement of the security of your personal data, which may pose a high risk to your rights and freedoms, we shall notify you without undue delay of the infringement as well as of the measures taken or to be taken.

Spa & Wellness may not notify you if it:

  • has taken appropriate technical and organizational protection measures with respect to the data affected by such a security infringement;
  • has subsequently taken measures to ensure that the infringement will not lead to a high risk for your rights;
  • Notification would require disproportionate efforts.
  1. Changes to privacy policy

Spa & Wellness has the right to update by amending and completing the Personal Data Protection Policy at any time in the future when the circumstances require it.

EnglishFrançaisDeutschItalianoEspañolРусскийالعربية简体中文עִבְרִית