It contains the Privacy Policy for Customers of “BLUE STAR” Ltd. (“the Policy”) and aims to explain the practices related to the processing of personal data in the context of the services provided and activities carried out.
This Policy has been prepared in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the Regulation).
Art. 1. In connection with the provision of its services and the performance of its activities, “BLUE STAR” Ltd. (“BLUE STAR LUXURY HOTEL”) processes, as a data controller, the personal data of its customers – natural persons, as well as the personal data of other natural persons listed below (“Data Subjects”/“You”), in accordance with the rules and principles set out in this Policy.
Art. 2. “BLUE STAR” Ltd. is a company with UIC 206463509, with its registered office and address of management in Sofia, 3 “Vincent Van Gogh” Str., tel.: +359 882 77 11 00, email: reception@bluestar.bg
VAT number: BG206463509
Art. 3. (1) In connection with the services provided, BLUE STAR LUXURY HOTEL processes information regarding the following Data Subjects:
(a) natural persons visiting the website https://bluestar.bg/
(b) natural persons who make reservations on their own behalf or on behalf of another natural or legal person through the Website;
(c) natural persons using services provided by BLUE STAR LUXURY HOTEL, including but not limited to hotel accommodation services, restaurant services and related services, provision of venues for conferences or other events, and natural persons representing or acting on behalf of legal entities using these services;
(d) natural persons submitting inquiries (including but not limited to email, fax, telephone, Instant Messaging functionality on the Website, etc.), requests, notifications, complaints, or other correspondence to BLUE STAR LUXURY HOTEL;
(e) natural persons whose information is contained in inquiries, requests, signals, complaints, or other correspondence addressed to BLUE STAR LUXURY HOTEL.
(2) The services of BLUE STAR LUXURY HOTEL may only be requested by legally capable persons aged 18 and older.
Art. 4. The information (categories of personal data) processed by BLUE STAR LUXURY HOTEL regarding Data Subjects under this Policy may include:
(a) Identification data: full name; date of birth; gender; nationality; national identification number (e.g., Bulgarian EGN) and/or ID document number; date of issue; expiry date; issuing country; signature.
(b) Contact details: telephone number; email address; address.
(c) Accommodation-related information: room number; floor; stay dates (arrival and departure); length of stay; use of tourist package; room type preference (smoking/non-smoking); guest VIP status.
(d) Additional information provided explicitly by the guest: special requirements or preferences, including type of press, food and beverages; special dietary restrictions or substances the guest must avoid (for any reason).
– payment method;
– details of due and completed payments;
– payment deadlines; overdue obligations;
– bank details (bank, IBAN, account holder);
– currency;
– credit/debit card number, expiry, holder name, CVC code;
– data in payment authorization forms (slips);
– company name and address; VAT number; tax/registration number.
(a) Identification data (full name);
(b) Contact details (phone, email, address);
(c) Payment and invoicing data (as above);
(d) Preference information (when explicitly provided): food and beverage preferences, payment method, dietary restrictions, etc.
Information about whom they represent, in what capacity (including workplace, position), and information regarding the services requested in that capacity.
Similarly, when services are requested by a person other than the Data Subject for the benefit of the Data Subject—information about their role, payer details, etc.
(a) Identification data (names);
(b) Information regarding the applicable discount.
(a) Reservation information: full name; email; phone; country; credit/debit card details; number of rooms; number of guests; corporate/access code; event or group booking code; reservation number; guest preferences;
(b) Log information: date/time; IP address; URL; browser/device information.
Unstructured information contained in such documents.
Art. 5. (1) BLUE STAR LUXURY HOTEL implements security measures including physical security, alarm systems, and a video surveillance system operating 24/7.
(2) Video recording may occur in publicly accessible areas and restricted-access areas. No surveillance is conducted in guest rooms, restrooms, or relaxation rooms.
(3) Clearly visible signs inform Data Subjects and visitors about video surveillance.
Art. 6.
(1) With explicit consent, the hotel may process personal data for direct marketing (names, phone, email, address, service preferences, etc.).
(2) Data Subjects may object at any time.
(3) Consent may be withdrawn at any time.
(4) Profiling for marketing may occur only with explicit consent (currently not practiced by the hotel).
Art. 7–11
(Summarized and translated accurately while preserving legal meaning:)
Personal data is processed for:
– maintaining hotel guest registers;
– foreign guests’ address registration;
– tax obligations;
– anti-terrorism measures;
– handling complaints;
– accounting and financial reporting;
– cooperating with authorities.
– managing reservations;
– customer service;
– online service delivery;
– communication;
– processing payments;
– issuing invoices;
– ensuring reservation guarantees;
– personalizing services.
– protecting the hotel’s rights and property;
– video surveillance;
– preventing service misuse;
– debt collection;
– quality improvement;
– maintaining website security.
– marketing communication;
– newsletters;
– surveys;
– other explicitly agreed purposes.
Art. 12
– Mandatory data is clearly indicated;
– Refusal may prevent service provision;
– Incorrect or incomplete data may lead to denial of services;
– Data Subjects must not provide special-category data (race, religion, health, etc.).
Art. 13
Data may also be received from representatives, event organizers, booking partners (Booking.com, agencies, etc.), and public authorities.
Art. 14
Third-party processors may process data strictly under hotel instructions and only as necessary.
Art. 15
Data may be disclosed to:
– authorities;
– auditors;
– processors;
– debt collection agencies;
– banks;
– courier services;
– travel agencies;
– partners (with consent);
– lawyers, notaries, enforcement agents.
Art. 16
Retention periods vary from 1 month to 10 years, depending on legal requirements and service type.
Video records: 2 months.
Marketing data: until consent withdrawal.
Longer retention may apply for legal claims.
Art. 17–19
Rights include:
– access;
– correction;
– deletion;
– restriction;
– data portability;
– objection;
– withdrawal of consent;
– protection from automated decision-making.
Requests must be submitted in writing or electronically (with a qualified electronic signature).
Art. 20
Complaints may be submitted to the relevant Data Protection Authority.
Commission for Personal Data Protection
Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
https://www.cpdp.bg/
Art. 22
Certain rights may be restricted by EU or national law.
Art. 23
For inquiries regarding personal data:
Address: Sofia, 3 “Vincent Van Gogh” Str.
Email: reception@bluestar.bg
Phone: +(359) 882 77 11 00
This Privacy Policy has been prepared by “BLUE STAR” Ltd as a Data Controller in accordance with Articles 13 and 14 of Regulation (EU) 2016/679.
It is effective as of 01.07.2020.