Privacy policy

Please read carefully the present document. It contains the Privacy Policy for customers of MD ENGINEERING OOD (“the Policy”) and is aimed to explain the practices related to personal data processing in the context of the services provided and activities performed by the hotel. The Policy is drafted in compliance with the requirements under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the Regulation).

PRIVACY POLICY FOR CUSTOMERS OF MD ENGINEERING OOD

GENERAL PROVISIONS

Art. 1. In connection with the provision of its services and performance of its activities, MD ENGINEERING OOD, in its capacity as data controller, processes personal data of its customers – natural persons, as well as personal data of other individuals specified below (“Data Subjects”/ “you”), in compliance with the rules and principles under the present Policy.
Art. 2. MD ENGINEERING OOD is a company with UIC 831023916, head office and registered address: 81 Tsarigradsko shosse Blvd.,Sofia 1113, Bulgaria tel.:  +359 2 4215800 email address: FrontDesk@HotelBudapest.bg,
VAT number: BG831023916.

DATA SUBJECTS

Art. 3. (1) In connection with the provided services MD ENGINEERING OOD processes information regarding the following Data Subjects:

  • (a) Natural persons visiting the website http://www.hotelbudapest.bg/ (the Website);
  • (b) Natural persons making reservations through the Website, in their name or on behalf of another natural person or legal entity;
  • (c) Natural persons using the services provided by MD ENGINEERING OOD, including, but not limited to, hotel accommodation, restaurant and related services, provision of conference and event halls, etc., as well as natural persons representing or acting in another manner on behalf of legal persons using the said services;
  • (d) Natural persons who, on their own behalf or on behalf of another person, have addressed inquiries (including, but not limited, by email, fax, phone, using the Instant Messaging functionality on the Website and others), requests, signals, complaints or other correspondence to MD ENGINEERING OOD;
  • (e)Natural persons concerning whom information is contained in inquiries, requests, signals, complaints or other correspondence addressed to MD ENGINEERING OOD (including by phone or using the Instant Messaging functionality on the Website).

(2) Services provided by MD ENGINEERING OOD may be ordered only by legally capable persons who are 18 years old or older.

PERSONAL DATA CATEGORIES

Art. 4. The information (categories of personal data) concerning Data Subjects which is processed by MD ENGINEERING OOD pursuant to the present Policy may include:

1. 1.In connection with the provision of hotel accommodation services:

  • (a) Identification data: guest’s full name; date of birth; gender; nationality; national identification number (such as PIN for Bulgarian citizens) and/or ID document number; ID document date of issue; ID document date of expiry; country issuing the ID document; signature.
  • (b) Contact details: telephone number; email address; address.
  • (c) Information related to hotel accommodation: room number; floor; dates of stay (check-in date, check-out date); duration of stay (number of nights spent at the hotel); tourist package, if used; type of room preferences (smokers/non-smokers); VIP guest’s status;
  • (d) Additional information related to hotel accommodation at the customer’s explicit request: special requirements and preferences, including type of press, food and drinks; special requirements related to food products, drinks and other substances which should be avoided by the guest (regardless of the reason).

2. Data relating to payments and issuance of invoices: information regarding the payment method (in cash, by bank transfer, by credit card, etc.); information regarding due and effected payments; information regarding the due date of payment and overdue/outstanding debts; bank details (bank, IBAN, account holder); currency of the payment; number, expiry date and holder of the credit/ debit card; CVC code; data contained in the payment authorization slip; name of the legal person; address of the legal person; VAT number and/or other identification, tax or registration number (PIN for natural persons); authorization slips (signed).

3. In connection with the provision of restaurant services:

  • (a) Identification data: full name.
  • (b) Contact details: telephone number; email address; address.
  • (c) Data relating to payments and issuance of invoices: number, expiry date and holder of the credit/debit card; CVC code; name of the legal person; address of the legal person; VAT number and/or other tax or registration number (for sole traders and natural persons); authorization slips (signed).
  • (d) Information of preferences (at the customer’s explicit request): food and drink preferences; preferred payment method; specific requirements related to food products, drinks and other substances which should be avoided by the guest (regardless of the reason).

4. In cases where the Data Subject represents another person (e.g. a company): information regarding the represented person and the capacity of the representative (incl. workplace, position), as well as information of ordered services/ submitted orders in such capacity. Respectively, in cases where the services are ordered by a person other than the Data Subject on behalf of the Data Subject – in what capacity the Data Subject will use the services, who has ordered the services, who will make the payment, etc. (for instance, in case of accommodations organized by an employer or a business partner of the Data Subject, etc.).

5. In connection with the issuance of loyalty cards:

  • (a) Identification data: full name.
  • (b) Information regarding the discount which can be used with the respective loyalty card.

6. In connection with the services and functionalities of the Website:

  • (a) Data processed in connection with accommodation booking: full name, email address; telephone number; country; number, expiry date and holder of the credit/ debit card; CVC code; number of rooms; number of guests, including number of adults and number of children; corporate code/ access code; code of the participant in an event and/or group accommodation; booking number; special offers and preferences (with explicit indication in the booking form); package data (e.g. Honeymoon package, special occasion package, Explore Sofia weekend package, etc.).
  • (b) Non-structured content from conversations with and inquiries to a booking agent through the Instant Messaging functionality on the Website.
  • (c) Information from log-in logs, server logs, Web Application Firewalls, and other devices falling in this category: date and time, IP address, URL, browser and device information.

Cookies: The operation of the Website requires the use of cookies. You can find a detailed description of the cookies used, their designation and the information which is processed by means of cookies in the Cookies Policy of MD ENGINEERING OOD as follows:

The website uses cookies to enhance Your browsing experience and to analyse the website performance, traffic and audience.

Session Cookie, Persistent Cookie

Cookies are text files that let the website server store information on your device (computer, tablet, smartphone, etc.) during your visit (session cookies) and for following visits (persistent cookies). Cookies are stored by the browser according to the settings you select. The latter improve your experience during subsequent website visits. For example, if on a certain website, a popup ad show up and You close it, a cookie is being created to prevent the ad from popping up again on next pages (or next site visits) because You opted to close it. These cookies are deleted after a specified period of time or after deletion of your browsing history.

Third Party Cookies

We use cookies of third-party suppliers so as to maintain a proper functioning of their services.

Google Inc.

We use Google Analytics to track the overall website performance and to analyse the audience. You can deactivate GA cookies here: https://tools.google.com/dlpage/gaoptout

Cookies management

You can refine the settings of You browser so as to accept, deactivate or reject cookies. For more info please visit: www.allaboutcookies.org/ and www.youronlinechoices.eu/.

7. In connection with complaints, applications, requests and signals (including in free text): non-structured information contained in the respective complaints, applications, requests and signals.

SURVEILLANCE AND SECURITY

Art. 5. (1)Under the requirements of the applicable legislation, MD ENGINEERING OOD applies security measures including the following technical and organizational means for access control, for ensuring the physical security against violations on the buildings and sites, and for protection of the life and health of citizens: security guards, alarm systems, a 24-hour video surveillance system of recording and storage devices.

(2) Video surveillance and video recording may be performed in publicly accessible zones and premises in the buildings of MD ENGINEERING OOD, and in zones and premises with an exclusive access regime. There is no video surveillance in the guest rooms, WCs, recreation rooms, etc. The data of video surveillance activities are stored in a monitoring room with limited access and 24-hour security.

(3) Information boards are available at visible places to notify Data Subjects and other visitors that technical means for surveillance and control are used, and provide any other related information.

DIRECT MARKETING

Art. 6. (1) Subject to the Data Subject’s explicit consent, MD ENGINEERING OOD, respectively other companies related to or partners of MD ENGINEERING OOD, may process the following personal data: names; telephone number; address; email address; information of the type and number of used and preferred services provided by MD ENGINEERING OOD, and other data explicitly specified in the respective consent for the purposes of direct marketing, such as offering of goods and services, including goods and/or services offered by other persons, conducting inquiries and polls for the purpose of improving the quality of the services provided, etc., within the scope of the respective consent.

(2)Where personal data are processed for direct marketing purposes, the Data Subject shall be entitled at any time to object to such processing. In such cases, the processing of personal data for such purposes is terminated.

(3) The Data Subject shall be entitled at any time to withdraw his/her consent to the processing of his/her personal data for direct marketing purposes. In such cases, the personal data processing based on that consent is terminated.

(4) Profiling for the purposes of direct marketing may be carried out only based on the Data Subject’s explicit consent, subject to at least the following additional guarantees for their rights and interests: the right to human intervention by the data controller; the right to express their point of view and the right to challenge the decisions based on profiling. At present, MD ENGINEERING OOD does not perform such processing of personal data.

PURPOSES OF PERSONAL DATA PROCESSING

Art. 7. MD ENGINEERING OOD collects, stores, and processes the information described in Art. 4, 5, and 6 above for the purposes provided for in the present Policy and in the General Terms (the contract) for use of the services provided. Depending on the legal grounds for the processing, those purposes may be:

  • (a) purposes related to the compliance with legal obligations of MD ENGINEERING OOD;
  • (b) purposes related to and/or necessary for the performance of the contracts concluded with MD ENGINEERING OOD or for taking steps at the request of the Data Subject prior to entering into a contract;
  • (c) purposes related to the legitimate interest of MD ENGINEERING OOD and third parties;
  • (d) purposes for which the Data Subject has given his/her consent to the processing of his/her data.

Art. 8. The purposes of personal data processing carried out by MD ENGINEERING OOD related to the compliance with legal requirements include:

1. keeping a register of accommodated guests and providing information from that register to the competent authorities, as legally required;
2. address registration of foreigners in compliance with the requirements of the applicable legislation;
3. deduction and payment of tourist tax;
4. activities related to the development and implementation of counter-terrorism measures;
5. handling of signals, complaints, requests for exercising of rights, etc., as well as claims and commercial guarantees (if applicable), including preparation of the relevant replies thereto;
6. bookkeeping, invoicing and accounting of incoming and outgoing payments in compliance with the applicable tax and accountancy legislation;
7. other activities related to the fulfilment of MD ENGINEERING OOD’s legal obligations (tax, accounting, regulatory, licensing, etc.) requiring the provision of information to and cooperation with the competent state and judicial authorities upon performance of inspections.

Art. 9. The purposes of personal data processing carried out by MD ENGINEERING OOD related to and/or necessary for the performance of contracts or for taking steps at the request of the Data Subject prior to entering into a contract with MD ENGINEERING OOD include:

1. receipt, administration and processing of bookings, including cancelled bookings;
2. customer services, including provision of online services through the Website;
3. ensuring the possibility to register an account and administration and maintenance of the registered accounts in the e-shop, available on the Website;
4. administration, completion and delivery of purchases made through the Website;
5. communication related to the provision of services;
6. administration and receipt of payments for the services provided, including remotely;
7. ensuring a guarantee for bookings and payments of hotel accommodation and any extra services requested;
8. financial and accounting activity and administration, processing and collection of due payments for the services provided;
9. refunding of incorrectly transferred amounts;
10. ensuring an individual approach in the provision of the services, taking account of the explicitly specified preferences of the customer.

Art. 10. The purposes related to the legitimate interests of MD ENGINEERING OOD and third parties include:

1. Legitimate interest – (1.1.) exercise and protection of the rights and legitimate interests of MD ENGINEERING OOD; and (1.2.) assistance in the exercise and protection of the rights and legitimate interests of customers; of other persons related to MD ENGINEERING OOD; of employees of MD ENGINEERING OOD; of data processors processing personal data on behalf of MD ENGINEERING OOD; and of business partners of MD ENGINEERING OOD:

  • (a) establishment, exercise or defence of legal claims of the persons specified above under items (1.1) and (1.2), including by legal proceedings and filing of complaints, signals, etc. with the competent state and judicial authorities;
  • (b) video surveillance and access control ensuring the security of MD ENGINEERING OOD’s property, proving the compliance with applicable requirements, ensuring the physical security against violations on the buildings and objects, and protection of the life and health of citizens;
  • (b) taking actions for suspending the services provision in case of refusal of payment, violations of MD ENGINEERING OOD’s established rules and policies, etc.;
  • (c) administration and handling of submitted complaints, signals, requests, etc.;
  • (d) collection of debts due to MD ENGINEERING OOD, including by MD ENGINEERING OOD’s property, proving the compliance with applicable requirements, ensuring the physical security against violations on the buildings and objects, and protection of the life and health of citizens;
  • (b) taking actions for suspending the services provision in case of refusal of payment, violations of MD ENGINEERING OOD’s established rules and policies, etc.;
  • (c) administration and handling of submitted complaints, signals, requests, etc.;
  • (d) collection of debts due to MD ENGINEERING OOD, including by execution proceedings and/or through assignment to third parties, as well as by transfer of debts to third parties (cessions) following the statutory procedure;
  • (d) submission of notary invitations.

2. Legitimate interest – analysis, planning and improving the quality of services provided by MD ENGINEERING OOD:

  • (a) keeping a backup copy of the data in the internal information system regarding the current state of the hotel (occupation/ availability of rooms, obligations, etc.) in case of information systems failure;
  • (b) receipt, handling, and preparation of replies to submitted applications, requests, etc. which are not related to claims and complaints concerning the services used;
  • (c) survey of the customers’ satisfaction with the s execution proceedings and/or through assignment to third parties, as well as by transfer of debts to third parties (cessions) following the statutory procedure;
  • (d) submission of notary invitations.

2. Legitimate interest – analysis, planning and improving the quality of services provided by MD ENGINEERING OOD:

  • (a) keeping a backup copy of the data in the internal information system regarding the current state of the hotel (occupation/ availability of rooms, obligations, etc.) in case of information systems failure;
  • (b) receipt, handling, and preparation of replies to submitted applications, requests, etc. which are not related to claims and complaints concerning the services used;
  • (c) survey of the customers’ satisfaction with the services;
  • (d) control, analysis, and optimization of the business processes for improvement of the quality of services.

3. Legitimate interest – ensuring the normal functioning and use of the Website:

  • (a) maintenance and administration of the Website;
  • (b) detection and repair of technical problems in the Website’s functionalities;
  • (c) taking measures against malicious actions against the security and normal functioning of the Website.

4. Legitimate interest – hotel accommodation and restaurant activities, provision of professional hotel and restaurant services:

  • (a) administration and management of the services provided by MD ENGINEERING OOD;
  • (b) quality management and control of the services provided;
  • (c) receiving feedback on the services provided.

Art. 11. The purposes of personal data processing based on consent given by the Data Subject include:

1. Sending marketing and advertising communications regarding services, exclusive offers, packages, events, etc.
2. Surveys and receiving feedback on the quality of services;
3. Sending newsletters;
4. Other purposes for which the Data Subject has explicitly given his/her consent.

PROVISION OF PERSONAL DATA AND CONSEQUENCES FROM REFUSAL TO PROVIDE SUCH DATA TO GRAND HOTEL MILLENNIUM SOFIA

Art. 12. (1)MD ENGINEERING OOD clearly indicates, where applicable and in the appropriate manner, whether the provision of the respective data and/ or documents is mandatory or constitutes a requirement necessary for the conclusion or performance of a contract, as well as the consequences from the refusal to provide such data.

(2) If needed, any Data Subject may request further clarifications at the premises of MD ENGINEERING OOD or by addressing respective query to the contact details specified in Art. 23 of the present Policy.

(3) Any refusal to provide data and documents indicated as mandatory may prove an impediment to the provision of a service by MD ENGINEERING OOD, to the satisfaction and execution of submitted requests, applications, signals, etc., which releases MD ENGINEERING OOD from liability for default.

(4) Any refusal to provide data and documents or any provision of false data may entail failure to provide the respective services or suspension of the access to services provided by MD ENGINEERING OOD.

(5) Data Subjects shall not provide MD ENGINEERING OOD with any special categories of data within the meaning of Art. 9 and Art. 10 of the Regulation (namely: personal data revealing racial or ethnic origin, political opinion, religion or philosophical beliefs, trade union membership, genetic data, biometric data, health status, or sexual life or orientation of the natural person; and personal data related to criminal convictions and offences).

OTHER SOURCES OF PERSONAL DATA

Art. 13. (1) In certain cases, the personal data processed by MD ENGINEERING OOD are not collected and received directly from the Data Subject of the relevant data, but from third parties, such as:

  • 1. Persons representing, working for or otherwise cooperating with the Data Subject;
  • 2. Event organizers – with respect to information concerning the participants in the event;
  • 3. Business partners (e.g. booking sites as booking.com; tourist agencies, other persons that provide intermediary services in the context of booking or ordering of other services, etc.) of MD ENGINEERING OOD;
  • 4. Competent state and judicial authorities.

(2) The persons under Para. 1, items 1-3 shall inform the Data Subjects whose data are provided to MD ENGINEERING OOD of the fact of the data provision, the purposes and scope of such data provision, shall introduce the Data Subjects to the present Policy, and shall guarantee that they provide the data on valid legal grounds.

PROCESSING OF INFORMATION BY THIRD PARTIES – DATA PROCESSORS

Art. 14. (1)For the purposes specified in the present Policy, MD ENGINEERING OOD may assign data processing activities to third parties – data processors, in compliance with the requirements under the Regulation and the other applicable personal data protection rules.

(2) Where personal data are disclosed to and processed by data processors, such disclosure and processing will be carried out only to the extent and in the amount necessary for the performance of the tasks assigned by MD ENGINEERING OOD.

(3) Data processors act on behalf of MD ENGINEERING OOD and are obliged to process personal data only in strict compliance with MD ENGINEERING OOD’s instructions. Data processors shall not be entitled to use or otherwise process the information for purposes other than for the purposes specified in the present Policy.

CATEGORIES OF RECIPIENTS OF PERSONAL DATA

Art. 15. MD ENGINEERING OOD does not disclose personal data concerning the Data Subject to third parties except where:

1. this is necessary for compliance with a legal obligation of MD ENGINEERING OOD:

  • (a) competent state, municipal or judicial authorities;
  • (b) auditor;

2. this is explicitly provided for in the Privacy policy and/or the general terms (the contract) for use of the relevant services, which provided by MD ENGINEERING OOD:

  • (a) data processors as assigned by MD ENGINEERING OOD;
  • (b) companies for accounts receivable collection.

3. this is necessary for the provision of the services of MD ENGINEERING OOD:

  • (a) banks and payment services providers;
  • (b) postal and delivery services providers;
  • (c) MD ENGINEERING OOD business partners such as: booking sites; travel agencies and other providers of tourist services or other supportive services such as car rental, taxi and other transport services, etc.

4. the Data Subject has given his/her explicit consent – the persons provided for in the relevant consent (e.g. MD ENGINEERING OOD related parties, MD ENGINEERING OOD business partners, etc.);

5. this is necessary to protect the rights and legitimate interests of MD ENGINEERING OOD, third parties or Data Subject:

  • (a) state, municipal and judicial authorities;
  • (b) private and public judicial enforcement officers;
  • (c) lawyers;
  • (d) notaries public.

6. in other cases provided by law.

Art. 16. (1) MD ENGINEERING OOD processes and stores information about the Data Subject until achieving the relevant purposes it is collected and processed for.

(2)MD ENGINEERING OOD, in accordance with its internal rules and procedures, as well as the applicable legislation, processes and stores information about the Data Subject for the periods as follows:

Type of dataStorage period
Data relating to the register for accommodated tourists within the meaning of Art. 116 of the Tourism Act, including identification data of the accommodated persons as well as data related to the hotel accommodationIn accordance with the procedures and time limits stipulated in the Tourism Act and the relevant regulations
Information relating to requested and used hotel accommodation services, events and restaurant services, including such relating to cancellation of bookings for hotel accommodation (as far as they involve a refund of pre-paid amounts and/or a deduction of amounts due)

From making the respective booking/ request up to 5 /five/ years from the provision of the service/ completion of the contract/ cancellation of the booking.

In cases where the services are requested and used based on a long-term contract, the period starts running from the complete performance and/ or termination of the contract.

Financial and accounting documents; invoices; authorisation slips; other information related to tax and insurance control.Up to 10 /ten/ years from the beginning of the year following the one in which payment of the amount for the relevant year is due.
Unstructured communication, correspondence, complaints, signals, etc.

5 years

In cases where the correspondence concerns a long-term contract, the period starts running from the complete performance and/ or termination of the contract.

Data relating to the registration of an account in the e-shop on the WebsiteFor the entire registration period and up to 5 years after its termination.
Data relating to reservation of restaurant services by phoneUp to 1 year
System logs. Logs related to security, technical support, etc. (these may contain information such as: date and time, IP address, URL, information about the browser version and device)1 year
Log of actions relating to requests for account registration or for purchase of goods with or without an account registered on the Website (the information stored may include action/ content of the request, date and time, IP address, etc.)

For the entire period of maintaining an account registration on the Website and up to 5 /five/ years after its termination (if applicable)

Up to 5 /five/ years from completing a requested purchase (if purchase is made without a registered account).

Data from video recordings2 months
Data from feedback cardsThe information from the feedback cards is filled in the internal systems of MD ENGINEERING OOD in a fully anonymized form (only the feedback, comments and recommendations) without any information regarding the person who has given this feedback. After that the feedback cards are destroyed immediately. Up to 30 days after they have been filled in
Data processed on the grounds of Data Subject’s explicit consentAs of the moment of obtaining the consent till its withdrawal by the Data Subject
 The personal data referred to in this Policy may also be processed for a longer period than the ones specified above if this is necessary to achieve the objectives set forth therein or to protect the rights and/or legitimate interests (including in legal proceedings) of MD ENGINEERING OOD or if the current legislation provides for data processing for a longer period.

RIGHTS OF THE DATA SUBJECTS REGARDING THEIR PERSONAL DATA

Art. 17. (1) In relation to the processing of the personal data concerning him/her, each Data Subject has the following rights:

1. Right of information – to be provided with information on the processing of his/her personal data from MD ENGINEERING OOD;
2. Right of access:

  • (a) to obtain confirmation as to whether personal data concerning him/her are being processed;
  • (b) to have access to the processed personal data and detailed information about its processing and his/her rights.

3. Right of rectification – to require his/her personal data to be rectified and completed if the data are inaccurate or incomplete;
4. Right of erasure – to require his/her personal data to be erased if there are the grounds for this provided for in the Regulation;
5. Right of restriction of personal data processing – to require that MD ENGINEERING OOD restricts the processing of his/her personal data within the limits provided for the Regulation if there are the grounds for this set forth therein;
6. Right to notify third parties – to require that MD ENGINEERING OOD notifies the third parties to whom his/her personal data have been disclosed of any rectification, erasure or restriction of the processing of his/her personal data unless this proves impossible or involves disproportionate effort from MD ENGINEERING OOD;
7. Right of data portability – to receive the personal data concerning him/her and which he/she has provided, in a structured, commonly used, machine-readable format, as well as to have the right to transmit such data to another controller without any hindrance from MD ENGINEERING OOD.

The right of data portability shall apply where both of the following conditions are met:

  • (a) processing is based on consent or contractual obligation;
  • (b) processing is carried out by automated means.

The Data Subject shall have the right to have the personal data transmitted directly from MD ENGINEERING OOD to another controller, where technically feasible. The right of data portability shall be exercised in a manner which does not adversely affect the rights and freedoms of other persons.

8. Rights with regard to automated decision-making, including profiling – not to be subject to an automated decision which is based solely on automated processing (i.е. processing without human intervention), including profiling within the meaning of the Regulation which produces legal effects for the Data Subject or similarly significantly affects him/her, unless there are grounds for this as set forth in the Regulation as well as suitable measures to safeguard the Data Subject’s rights and freedoms and legitimate interests. Such measure shall at least include the right to obtain human intervention on the part of MD ENGINEERING OOD, the right of the Data Subject to express his/her point of view and to contest the decision.

If such a decision, including profiling has been made with regard to the Data Subject, the latter shall be entitled to and shall separately be provided by MD ENGINEERING OOD with meaningful information about the logic involved, the significance and the envisaged consequences of such processing for him/her, as well as how to exercise the rights under this item.

9. Right to withdraw consent for processing – where personal data processing is based solely on consent given by the Data Subject, the latter shall have the right to withdraw his/her consent at any time. Such withdrawal shall not affect the lawfulness of the processing based on consent before its withdrawal.

RIGHT TO OBJECT

Art. 18. The Data Subject shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her, including profiling within the meaning of the Regulation, based on public interest, exercise of official authority and the legitimate interests of MD ENGINEERING OOD or a third party. In these cases, MD ENGINEERING OOD shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or where necessary for establishing, exercising or defending legal claims.

Art. 19. (1) The Data Subject may exercise his/her personal data protection rights by personally submitting a written request at the address specified in Art. 23 of this Policy or by sending a notary certified request by post.

(2)The request under Para 1 may also be exercised via electronic means, and for this purpose the same shall be signed by the Data Subject with a qualified electronic signature within the meaning of the Electronic Document and Electronic Certification Services Act and Art. 3 (12) of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC; which is to be sent to MD ENGINEERING OOD at the electronic address referred to in Art. 23 of this Policy.

(3)The Data Subject may exercise the rights relating to his/her personal data either personally or through an explicitly authorised person (with a power of attorney certified by a notary).

(4)Part of the rights may also be exercised through the functionalities available on the Website.

RIGHT TO LODGE A COMPLAINT WITH A SUPERVISORY AUTHORITY

Art. 20. Any Data Subject has the right to lodge a complaint with a supervisory authority, in particular in the Member State (EU/EEA) of his/her habitual residence, place of work or place of the alleged infringement if the Data Subject considers that the processing of his/her personal data infringes the Regulation or any other applicable data protection requirements.

Supervisory authority in the Republic of Bulgaria

Art. 21. Supervisory authority in the Republic of Bulgaria is:
Commission for Personal Data Protection
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Website: https://www.cpdp.bg/.

RESTRICTION OF THE RIGHTS

Art. 22. The scope of the rights of the Data Subjects as well as the obligations of MD ENGINEERING OOD in relation to these rights may be restricted by way of a legislative measure under Union or Member State law to which MD ENGINEERING OOD is subject.

EXPLANATIONS AND ADDITIONAL INFORMATION

Art. 23. The Data Subject may seek clarifications regarding the content, the grounds and the way of exercising his/her rights under this Policy, as well as any additional information regarding his/her rights regarding the processing of personal data by MD ENGINEERING OOD on the following contacts:
Address: 92 A Budapeshta street, 1202 Sofia, Bulgaria
Email: FrontDesk@HotelBudapest.bg
Telephone: +359 2 4215800

This Privacy Policy has been drafted by MD ENGINEERING OOD in its capacity as data controller to fulfill its obligations to provide information to the data subjects under Art. 13 and Art. 14 of Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).