Privacy Policy

March 19, 2021 2021-12-11 18:38

Privacy Policy

This PERSONAL DATA POLICY is an integral part of the GENERAL TERMS AND CONDITIONS OF USE of the site (the Site), administered by BOKORODO Ltd (the Company).

I. What information is collected from the Site?

When you use the services of the Site, it needs certain information about you, with which you can be identified directly or indirectly.

1. Information that the User provides voluntarily:

a. In cases where a certain service on the site is required, we may ask you with the following categories of personal data:

  1. Your personal names
  2. A valid email address
  3. Telephone
  4. Physical address for correspondence
  5. Possible preferences
  6. Additional data that the user enters for himself

2. Information that the Site collects from the User

a. For the implementation of certain functionalities of our site and the services you access through it, we collect information about you from your computer automatically. For example, when using the online booking tab, the site’s built-in information system, which allows this functionality, collects your personal information, which includes:

  1. IP address
  2. The browser you are using
  3. Preferred language settings
  4. Type of device
  5. Reporting the time of use of the site
  6. Reporting the time of leaving the site
  7. Information about the operating system of your device
  8. In addition, data may be collected on:
    a. The number of clicks you make while browsing the site
    b. Which pages of our site you have viewed
    c. From which pages you are redirected to our site
    d. Keywords when searching the site
    e. Number of users who have seen a banner on a site publication.

When making online reservations and related payments, the services of BORICA BANKSERVICE AD are used through the Verified by Visa schemes for VISA cards and MasterCard Secure Code for MasterCard cards.

b. Sometimes we may receive information about you from our partners and / or social networks:

If you want to contact us through channels other than those provided through the site (eg social networks) we collect data from where you accessed the site. We do not collect your publicly available information.

c. Voluntary sharing of publicly available information

At your discretion, you can share information about yourself on the site. It may be publicly available through other websites, including information about who you are connected to there. The collection, storage, protection and processing of this information is subject to the terms and conditions of these other websites.

3. Personal data of children. How do we treat them?

The services of the site are not aimed at persons less than 18 years of age. The company does not aim and does not want to collect personal data of children in connection with the services provided through the site.
If, however, the Company receives information about a minor in connection with the services of the Site, we will not process it and delete it, unless a legal act obliges the Company to process this data in the prescribed manner.

II. From whom is information collected?

In connection with the following purposes, the Site collects information from its end users – data subjects.

III. How is the information collected?

The personal information that is processed through the site can be collected in the following ways, together and separately:

  1. Provided personally and voluntarily by the user;
  2. Collected automatically from and through the site
  3. Through “Cookies” to optimize its presentation and analysis.

If you would like to learn more about these technologies, how they work and how we use them, please visit our COOKIES POLICY.

IV. Why is data collected and processed, and on what legal basis?

The Company uses the information described above for various purposes, based on the relevant legal grounds, namely:

Data category Purpose of processing Legal basis under the General Data Protection Regulation (GDPR)
1. Personal names
2. Phone and / or email address
3. Payment information
4. Form of contact
5. Preferences
1. For the provision of services and the conclusion of contracts, including in the period of pre-contractual relations
2. For customer service
Art. 6, para 1 b) - the processing is not necessary for the performance of a contract
1. IP address
2. Used browser
3. Language settings
1. To serve end customers and provide the full functionality of the Site 1. Art. 6, para 1 b) - the processing is necessary for the performance of a contract
1. Personal names
2. Email address
For information, sales and promotion activities 1. Art. 6, para. 1 f) - legitimate interest
2. Art. 6, para. 1 a) - consent
Information about the time and period of accommodation For marketing research 1. Art. 6, para. 1 f) - legitimate interest
1. Personal names
2. Phone and / or email
3. Physical address for correspondence
Personal communication with end users 1. Art. 6, para 1 b) - the processing is necessary for the performance of a contract
1. Personal names
2. Phone and / or email
3. Physical address for correspondence
Official, legal and / or systemic warnings, legal purposes 1. art. 6, para. 1 c) - for the observance of a legal obligation applicable to the personal data controller
Analytical data Improving the services and statistics provided by the site 1. Art. 6, para. 1 f) - legitimate interest
1. Personal names
2. Email address
Promotions, organization of surveys, inquiries, promotional games and statistical goals 1. Art. 6, para. 1 a) - consent

V. Period of storage of personal data

The collected user information within each tourist season of the hotel of the Company is kept until the end of the respective tourist season, after which it is deleted. There are also the following exceptions:

Data categories Method of collection Purpose of use Expiration date
1. Personal names
2. Have an address
Through the section of the site for online reservations and payment for hotel services Promotions, surveys, inquiries, games and information materials about the merchant's services. Until the withdrawal of the consent by the user
Accounting data After payments by bank transfer and / or cash For compliance with a legal obligation applicable to the controller of our personal data According to the normatively determined term for the Republic of Bulgaria - 10 years.

VI. Measures to ensure lawful and conscientious processing. What measures have we taken to protect your data?

In accordance with the European legislation, the Company maintains appropriate and necessary technical and organizational measures for the protection of users’ data, including the prevention of unauthorized access to them and / or their improper use.
The company uses business systems, procedures and information technologies with which we adequately protect your personal data and ensure their safety.
Only authorized personnel have access to personal data in our information systems.

VII. How do we ensure security?

The data collected by the users of the Site are systematized in registers, which are subject to encryption and pseudonymization. The data registers themselves are located on the hard memory of computer systems with limited technical and physical access, only by qualified and trained personnel.

VIII. Who do we share your information with?

The company does not share personal data of users of the Site.
However, in certain situations we may share your personal information with third parties in the following cases:

Subject of sharing Description Grounds under the General Data Protection Regulation (GDPR)
Accounting and Control For fulfillment of obligations under accounting law or approved international accounting standards. Art. 6, para 1, item “c”
Special body of power - administrative, judicial and / or body of the executive power 1. If necessary and obligation to disclose a trade secret;
2. In connection with the resolution of legal disputes before a competent court and / or arbitration;
3. Sharing information with law enforcement bodies and financial institutions, which is required by law or is absolutely necessary for the prevention, establishment or prosecution of criminal activity or fraud.
Art. 6, para 1, item “c”
Third parties processing personal data who perform a secondary service, on the occasion and in connection with the performance of a contract between the Company and the User.

For example: 1. Tour operators that provide services in connection with the accommodation of end users in the company's facilities; 2. Couriers; 3. providers of payment methods and other financial institutions.
1. When the nature of the service provided by the site requires it;
2. When it is absolutely necessary for the fulfillment of the contract concluded between us.
Art. 6, para 1, item “b”

IX. Users' rights in relation to personal data

Below we present the rights of each end user – data subject, guaranteed by European legislation on personal data protection:

Kind of right Description Relevance to the Site
Right to information Upon providing his personal data or before they are collected by the controller for processing, the User has the right to be informed about the following main circumstances:
1. Who is the controller;
2 . What are the purposes of processing;
3. What is the legal basis and / or legal interests;
4. Who can receive the data;
5. What is the term for their storage;
6. What are the rights of consumers;
7. Whether automatic decision-making, including profiling, is performed .
Right of access The user has the right to access his personal data, which the Site processes. This includes the Right to Information data, as well as the source of personal data and the categories of data being processed. Where personal data are not collected directly by the User , the User should also provide information on the method of collection, the type of processing, the available legal basis. Yes
Right of adjustment The user has the right to ask the administrator to correct without undue delay inaccurate personal data related to the user - subject of personal data. Yes
Right to delete The user has the right to ask the administrator to delete the personal data related to him without undue delay. Yes
The right to be forgotten Where the controller has made the personal data public and is obliged to delete them, he should take reasonable steps to inform the other controllers of the personal data that the data subject has requested the deletion of these links, copies or replicas of this personal data. No
Right to limit the processing of personal data The user has the right to request from the administrator restriction of processing in the presence of at least one of the following hypotheses:
1. The accuracy of the data is disputed by the user;
2. The processing is illegal, but the User does not want to delete them;
3. The Administrator no longer needs the personal data for the purposes of processing, but the User requires them for the exercise or protection of his legal claims;
4. The user has objected to the processing of the data and the verification by the controller is expected to be completed.
During the processing restriction period, the data may continue to be stored by the administrator.
Right to data transfer The User has the right to receive from the administrator the personal data, which affect him and which the User has provided to the administrator, if:
1. The processing is performed in an automated way; and
2. Processing shall be based on consent or in performance of a contractual obligation.
This right includes the obligation of the administrator to transfer to another administrator the personal data specified by the User.
Right to object to the processing of personal data The user has the right to object to the processing of his personal information, which is provided to the administrator in connection with the performance of a task of public interest, necessary for the purposes of the legitimate interests of the administrator, profiling or direct marketing.
By exercising this right, the user's personal data may be deleted from the administrator's devices.
Right not to be subject to processing, including profiling The user has the right not to be the subject of a decision based solely on automated processing, including profiling. No
Right to appeal The user has the right to lodge a complaint with a supervisory authority (Data Protection Commission) if he considers that the processing of personal data concerning him infringes the provisions of the General Data Protection Regulation.

The data subject may exercise this right in the Member State of his habitual residence, place of work or place of the alleged infringement.

If you want to learn more about the rights granted to you, how to exercise them and the procedures for this, you can visit the information website of the European Data Protection Supervisor or the Supervisory Authority for the Republic of Bulgaria – Commission for Personal Data Protection.

X. How can you exercise your rights?

The user can always and at any time exercise his rights. In order to be as useful as possible in this process, you need to send us an inquiry by standard mail or e-mail to the addresses below.

XI. Who is responsible for the processing of personal data?

In connection with the processing of personal data through the Site, the Company acts in its capacity of personal data administrator and administrator of the Site.

Contact details of the data controller

Management address Bulgaria, Pleven, 5800, 25 Angel Kanchev Str
Unique Identification Code (UIC) 114112262
Manager / Representative Rozalina Koleva
E-mail address

Contact details of the supervisory authority in relation to the protection of personal data

Name Commission for Personal Data Protection
Address Bulgaria, Sofia, 1592, “Prof. Tsvetan Lacharov ”№2
E-mail address
Contact phone + 359 2 9153518

If you have any questions or comments about this privacy policy, you can send an inquiry by mail or e-mail to the following email address:

This PERSONAL DATA POLICY has been accepted and approved by the manager of BOKORODO Ltd – Rosalina Borisova Koleva on April 20, 2018/

The policy is in line with the legislation in force at the time of approval, as well as with the pan-European and national legal framework in the field of personal data protection.

Prepared / approved and accepted by: Rosalina Koleva
Date of publication: April 20, 2018


Tripadviser Reviews

Copyright 2021 Hotel Palace