Website with address: www.hotel-zdravets.com is owned and managed by ARENA HOTELS EOOD, with UIC 201648965, Address: Velingrad, 1, Nikolay Gyaurov Square, Liable Person: Maher Hourani,

This privacy policy (the “Policy”) applies to Zdravets Hotel.

At Zdravets Hotel, we strive to provide exceptional products, services and experiences around the world. We value our business, but more importantly, your loyalty. We know that privacy is an important issue. We have created this policy to explain our practices regarding the personal data we collect from or about you on this site or through our applications, through written or oral communications with us when you visit our site, or from other sources

By using any of our products or services and/or by accepting this Policy, such as in the course of registering for any of our products or services, you consent to the collection and use of Personal Data, as described in this document.

 PERSONAL DATA WE COLLECT

At every point of contact or interaction with guests and in carrying out all aspects of our business, we may collect personal data. This personal data may include: your contact information; information related to your booking, stay or visit; participation in a contest, lottery or marketing program (even if you are not staying at one of our hotels); information related to the purchase and receipt of products or services; personal characteristics, nationality, income, passport number and date and place of its issuance; travel history; payment information, such as your payment card number and other information about it, as well as authentication information and other billing and payment account details related to mobile payments; guest preferences; communication and marketing preferences; information about vehicles you can bring into our facility; other information that you choose to provide to us or that we may receive about you.

We also collect other personal data in certain cases, such as:

* Collection of on-site information: We collect additional personal data when registering at our sites, including data that may be required under the Tourism Act. We may also use covert surveillance and other security measures at our properties that may capture or record photographs of guests and visitors in public areas, as well as location-related information about you during your stay at our properties (via maps for access and other technologies). We may also use a video surveillance system with audio or video recording to ensure the protection of our employees, guests and visitors to our facilities when permitted by law. There is also a video recording with sound at the reception. This recording (surveillance) is carried out only for the protection and security of our guests, only in the public parts of the hotel (and not in your room), and you should be informed that the recording does not concern the processing and storage of personal data and is not carried out for such a purpose, which is why the records are also deleted within the statutory period. In addition, we may also collect personal information in connection with services at the sites, such as concierge services, fitness clubs, spa centers, events, babysitting services, rent of equipment

* Event Profiles: If you plan an event with us, we collect event details, event date, number of guests, guest room details, and for corporate events, information about your organization (name, annual budget and number of sponsored events per year ). We also collect information about guests who are part of your group or event. If you visit us as part of a group, we may have personal data provided to us by the group about you and you may receive suggestions from us as a result of your stay in a group or attending an event depending on your preferences and to the extent permitted by law. If you visit us as a participant in an event, we may share your personal data with the organizers of the event to the extent permitted by law. If you are an event organizer, we may also share information about your event with third-party service providers who may offer their event services to you, to the extent permitted by law.

* Social media: If you choose to participate in activities or offers on social media sponsored by Zdravets Hotel, we, as a co-administrator of personal data with the social networks in question, may receive certain information from your social network account in accordance with your settings in the social network service, such as location, registrations, activities, interests, photos, status update and friends list. We may also provide you with the opportunity to enter photo contests, such as those taken during your stay with us, that you can share with your social media contacts for voting, share offers, or other promotions. The photos in question are not processed by us in the hypothesis of personal data and should not be considered as such.

In addition to the information we collect directly from you, we may also infer information about you from the data you provide to us or from Other Information we receive. In this case, we will explicitly notify you by email about the additional personal data collected and about their source, as well as the fact that they will be used only for the purposes of providing our travel services.

USE OF PERSONAL DATA WE COLLECT ABOUT YOU

We use your personal data in many ways, including for the purpose of providing and personalizing the services you request and expect from Zdravets Hotel, providing the hospitality you expect in the room and everywhere in our properties, conducting marketing promotions and sales and as described in – detailed below

Planning meetings and events: We may use your personal data to provide you with information about planning meetings and events.

** Marketing and communications: As permitted, we may use your personal data to provide or offer you newsletters, promotions and current special offers, as well as other marketing communications depending on your preferences for receiving communications. We use your personal information to provide downtime messages, account notifications and reservation confirmations, send you marketing messages, and conduct surveys, sweepstakes, and other contests. We may provide these communications via email, mail, social media, telephone, text message (including SMS and MMS), push notifications, in-app messages, and other means (including on-site messages, such as through your in-room television). With your consent, we also use user-generated content (for example, photos) from social networking services to serve visual advertisements or on our websites and in our applications in case of co-administration with these third parties.

We collect information about your payment card, which can be added to personal data and used by Zdravets Hotel to present and/or send you  targeted marketing messages based on your payment method and depending on your preferences for receiving messages. We may also partner with third parties to find out if a visitor to our site has an instant payment discount offer associated with his/her payment card and provide the visitor with advertisements and information explaining how to take advantage of this offer during your stay at Zdravets Hotel.

* Service improvements: We may use your personal data to make improvements to Zdravets Hotel services and to ensure that our sites, products and services are of interest to you. We also use your personal data to provide you with the expected level of hospitality in the room and on the grounds of our properties. This may include enabling you to control the technology in your room through our website or apps from your personal devices.

* Data accuracy, analysis and personalization: We may also aggregate your personal data with information from third-party sources for the purpose of keeping the information current and for analysis. We may also rely on information from third parties in order to provide better and more personalized service. For example, if you connect your social media services or other accounts to our Services, we may use that information to provide you with a more personal and social experience with us, or share and use it as described elsewhere in this Statement.

PERSONAL INFORMATION WE SHARE

In order to offer you the expected level of hospitality and the best service, we may share your personal data with our service providers and other third parties as detailed below:

* Group events and meetings: If you visit Zdravets Hotel as part of a group event or meeting, the information collected for planning the meeting and event will be shared with the organizers of those meetings and events and, when necessary, with the guests who organize or participate in the meeting or the event.

* Trading Partners: We may collaborate with other companies to provide you with products, services or offers based on your experience at our sites, and accordingly may share your data with our trading partners. For example, we may help arrange a rental car or other services from our business partners, and we may share personal data with our business partners to provide those services. We may also share your personal data, such as your email address, with our corporate tourism partners, or engage in co-branded marketing activities with our corporate tourism partners. In this type of co-administration, in order to protect your personal data, we require the third parties to comply with the same level of protection offered by Zdravets Hotel.

* On-Site Services: We may share personal data with third-party providers who provide on-site services such as concierge, spa treatments, golf or restaurant services. In this type of co-administration, in order to protect your personal data, we require the third parties to comply with the same level of protection offered by Zdravets Hotel.

* Service Providers: We rely on third parties to provide services and products on our behalf and may share your personal data with them as appropriate. In general, our service providers are contractually obligated to protect your personal data and may not use or share your personal data in any way other than as may be required by law. However, our fraud detection service providers may use your personal data without sharing it for fraud detection purposes. We may use service providers to communicate news to you or provide you with promotional and transactional materials on our behalf, including personalized online and mobile advertisements depending on your preferences and applicable laws. In this type of co-administration, in order to protect your personal data, we require the third parties to comply with the same level of protection offered by Zdravets Hotel.

* Other: In addition, Zdravets Hotel may disclose personal data in order to: (a) comply with applicable laws, (b) respond to government inquiries or requests from public bodies, (c) comply with available legal procedures, (d) protect the rights, privacy, safety or property of Zdravets Hotel, site visitors, guests, employees or the public, (e) allow us to seek available remedies or limitations of damages that may be caused to us, ( f) enforce the terms and conditions of our websites and (g) respond to emergency situations.

OTHER INFORMATION

When you visit and use the Zdravets Hotel website, we collect other data that do not directly reveal your identity (pseudonymization) about your use of the site, such as a catalog of the sites you visit and the number of times you visit our sites (” Other information”). We use Other information and data obtained from third parties to provide you with email, online (on our sites or other sites), and mobile advertisements.

We use cookies and other technologies (such as “pixel tags”, “web beacons”, “clear GIFs”, links in emails, JavaScript, device IDs assigned by Google or Apple, or similar technologies) to obtain this information . If you want to remove or block Cookies at any time from your device, you can update your browser settings (see your browser’s help menu to learn how to delete or block Cookies). Zdravets Hotel is not responsible for your browser settings. You can find good and easy to understand instructions on managing cookies for different types of web browsers at www.allaboutcookies.org.

Note for EU citizens: If you are located in Europe, you can also change your cookie preferences by making changes to “Cookie Settings”.

We may use the information we collect and aggregate, or anonymized personal data obtained from third parties, to learn more about our users (for example, we may use aggregated information to determine the percentage of our users with a particular phone code). This includes demographic information such as date of birth, gender and marital status, implied commercial interests such as favorite products or activities, and other information we may collect from you or from third parties.

Because Other Information does not identify you, we may disclose this information for any purpose where permitted by law. In some cases, we may combine Other Information with Personal Data. If we combine Other Information with Personal Data, the combined information will be treated as Personal Data in accordance with this Statement.

CONFIDENTIAL INFORMATION

The term “sensitive information” refers to information related to your race or ethnicity, political views, religious or philosophical beliefs, trade union membership, health status, sex life or sexual orientation, genetic information, criminal history and any biometric data used for the purpose of establishing identity. We do not collect confidential information unless you voluntarily provide it to us. We may use health information you provide to better serve you and meet your specific needs (for example, to provide access for people with disabilities). Regarding this type of information (if it is collected or processed), special technological processes for storing class two personal data and their encryption are applied.

PERSONAL DATA FROM CHILDREN

As a parent or legal guardian, do not allow your children to send personal data without your permission. If we do receive, process and store personal data of persons under the age of 14, they use a special solution to encrypt and process children’s personal data.

LINKS TO THIRD PARTY WEBSITES AND SERVICES

Our site may contain links to third party websites. Please note that we are not responsible for the collection, use, maintenance, sharing or disclosure of data and information by such third parties. If you provide information to and use third-party sites, those sites’ privacy policies and terms of service apply. We recommend that you read the privacy policies of the websites you visit before submitting personal data.

PROTECTION OF PERSONAL DATA

Zdravets Hotel will take reasonable measures to: (a) protect personal information against unauthorized access, disclosure, alteration or destruction and (b) keep personal information accurate and up-to-date as appropriate. We also require service providers with whom we share personal data to make similar efforts to ours to ensure the confidentiality of your personal data. For online transactions, we use special technological means to protect the personal data that you send to us through our site. However, unfortunately, there is no security system or system for transferring data over the Internet that is guaranteed to be completely secure, and in the case of violations, we undertake the obligation within 72 hours of their individualization to refer the case to the Commission for the Protection of Personal Data.

We will contact you via mobile/text message or email to ask you to provide us with your confidential personal or payment card details.

CHANGE AND ACCESS TO YOUR PERSONAL INFORMATION

Within the framework of applicable laws, you may request that we inform you about your personal data that we hold and, where appropriate, request the updating, correction and/or deletion (“the right to be forgotten”) of your personal data that we maintain in our active database. We will make any necessary updates and changes within the time specified in applicable laws and, where permitted by law, may charge a specified fee to cover the costs associated with the request. Such requests must be sent in writing to reservation@hotel-zdravets.com. To protect the privacy of your personal data, we can only respond to these requests to the email address you have registered or otherwise provided to us. Please remember that if you make such a request, we may not be able to provide you with the same quality and variety of services that you are used to.

In addition, under certain circumstances based on applicable law, you may request that we stop sharing your personal data with our business partners or that Zdravets Hotel delete, restrict or anonymize your personal data by contacting us at the email address above. We will endeavor to respond to these requests in accordance with the General Data Protection Regulation (GDPR).

STORAGE OF PERSONAL DATA

We store your personal data for the period necessary to fulfill the purposes described in this Policy and/or one year after the travel service provided to you, unless a longer storage period is required or permitted by applicable laws.

We will delete your personal data as soon as possible and in such a way that it cannot be reproduced or restored immediately after you request it or after we no longer need it for the travel service provided to you.

If it exists printed on paper, the personal data will be destroyed in a secure way, for example by machine cutting into small parts or burning the paper documents or by other such means, and if it is in electronic form, the personal data will be destroyed by technical means to that they may not be reproduced or restored.

CHANGES IN POLICY

We may change this Policy from time to time. You will know when this document has been updated by checking the link and date at the beginning. Any changes to our Policy will be effective upon posting of the amended Policy on the Site. By using the site and/or any of our products and services, you accept the then-current amended Policy.