Hot call

Privacy Policy

Information about the Personal Data Administrator:

The website ourplacezornitsa.bg is owned by “AISMONYA” EOOD, UIC 208238087, with its registered office and management address in the village of Zornitsa, Chepelare Municipality, Smolyan Region.

The website is fully compliant with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“the Regulation”), effective as of 25.05.2018, and the Bulgarian Personal Data Protection Act (“PDPA”).

By using the Platform, you accept and agree to comply with this Privacy Policy, the Cookies Policy, and the General Terms and Conditions of the Website.

How We Process Your Personal Data

We process your personal data on the following legal grounds:

  1. Required by law
  2. Your explicit consent – the purpose will be indicated in each specific case
  3. Statutory obligation

In the sections below, you will find detailed information about how your data is processed depending on the legal basis for that processing.

FOR THE EXECUTION OF A CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS

We process your personal data to fulfill contractual and pre-contractual obligations and to exercise rights under agreements concluded with you.

Purposes of processing:

  1. As described in the website’s general terms of use
  2. To meet statutory obligations

We do not share your personal data with third parties. Our main goal is to offer you quality, fast, and comprehensive service.

We use SSL certificates to ensure secure shopping for our clients. The certificate provides an encrypted connection between you and the site when you enter your personal data.

FOR COMPLIANCE WITH LEGAL OBLIGATIONS

There may be a legal requirement for us to process your data, such as:

  • Tourism Law and the Ordinance on categorized accommodation and entertainment facilities (adopted on 26.06.2020, promulgated in State Gazette on 03.07.2020)
  • Anti-Money Laundering Measures Act
  • Consumer Protection Law obligations regarding distance selling
  • Providing information to the Consumer Protection Commission or third parties under the Consumer Protection Law
  • Providing data to the Personal Data Protection Commission under GDPR
  • Accounting Act and Tax-Insurance Procedure Code obligations
  • Providing data to courts or competent authorities in legal proceedings
  • Verifying age for online purchases

Retention Periods:

  • Accounting and financial records – 11 years
  • Legal compliance and third-party sharing – 5 years

BASED ON YOUR CONSENT

Consent is a separate basis for processing. If you give it, we will use your contact information to send offers related to your interests.

Data retention: deleted upon your request or 1 year after collection.

You may receive emails, messages, or other electronic communications (e.g., Messenger, SMS) only after giving explicit consent.

We collect and use data that identifies you:

  • Full name
  • Address
  • Phone number
  • Email
  • Personal ID number (EGN)
  • ID card number
  • Any other information voluntarily provided for the service

We also require completion of a registration card for accommodation, which is submitted to the Unified Tourist Information System (ESTI) and then destroyed, complying with data protection regulations including GDPR.

We do not store card details like name, number, or CVV.

PROCESSING ANONYMIZED DATA

We use your data for statistical purposes – only in aggregated, anonymous formats that cannot identify any individual.

How We Protect Your Personal Data

We implement all necessary technical and organizational measures as required by the PDPA. These may include encryption, pseudonymization, and more.

Your Rights

You have all rights under Bulgarian and EU law, including the right to:

  • Be informed
  • Access your data
  • Correct inaccuracies
  • Delete (“Right to be Forgotten”)
  • Restrict processing
  • Data portability
  • Object to processing
  • Not be subject to automated decisions including profiling
  • Judicial or administrative remedy if your rights are violated

You may request deletion if:

  • The data is no longer needed
  • You withdraw consent
  • You object and there is no overriding legal reason
  • Data has been processed unlawfully
  • Data must be deleted under EU or Bulgarian law

You may restrict processing if:

  • You dispute accuracy
  • Processing is unlawful, but you prefer restriction
  • We no longer need it, but you do for legal claims
  • You have objected and a verification is pending

Right to Data Portability

You can request to receive your personal data in a structured, commonly used, machine-readable format, and transfer it to another controller.

Right to Object

You may object to data processing. If it’s for direct marketing, the processing must stop immediately.

Filing a Complaint

Registered office and management addressYou can lodge a complaint with the Commission for Personal Data Protection:

Organization name

Commission for Personal Data Protection

Registered office  address

2 Prof. Tsvetan Lazarov Blvd., Sofia 1592

Mailing address

2 Prof. Tsvetan Lazarov Blvd., Sofia 1592

Phone

+3592 91-53-518

Website

www.cpdp.bg

Date
April 15, 2025