At Hotel Sofia, we respect your privacy and carefully store your personal data.
In this Personal Data Protection Policy (hereinafter the Policy) we determine the ways of collecting your personal data, the purposes for which we collect it, the security measures we use to protect it, the persons with whom we share it, as well as your rights in connection with the protection of personal data. This policy applies to: all users of our website, subscriptions and execution of subscription contracts for services provided by Hotel Sofia
This Policy applies to all personal data collected and stored about you by Hotel Sofija, Budva. As a personal data controller, Hotel Sofia is responsible for processing and storing your personal data.
Hotel Sofia acts as a contractual processor in relation to the users of the services it provides. For all questions related to the protection of personal data, users of personal data should contact their employer.
Here you will find an explanation of the basic terms we use in our Policy. Each individual term defined below has a purpose within this Policy, as defined in this chapter. Personal data means any information on the basis of which an individual can be determined (this includes, for example, name, surname, email address, telephone number, etc.). Controller means a legal entity that determines the purposes and means of processing your personal data. Processor means a legal or natural person, which processes personal data on behalf of the controller. Processing means the collection, storage, access and all other forms of use of personal data. EPP stands for European Economic Area, which includes all the member states of the European Union, Iceland, Norway and Liechtenstein.
At Hotel Sofia, we process your personal data only on the basis of clearly expressed intentions, safely and transparently. We receive your personal data when you provide it to us (e.g. by using our website, subscribing to our services, registering for our events or webinars, by making inquiries by email, telephone or in writing to our address or in any other way , with which you provide us with your personal data). We also provide your personal data from publicly available data records (such as APR). We also provide your personal data based on the use of cookies on our website. You can read more about the use of cookies in Chapter 7 of this Policy.
Basic personal data (name, surname),
Basic contact information (phone number, email address), Basic information about the company you work for (name of the company, function you perform in the company, number of employees),
Basic data on the subscription relationship for the services of Hotel Sofija Information about your computer (IP address, type of device, type of browser), data regarding the use of our website (the content you viewed, the time you spent on our website, what you clicked ) and data regarding responses to our e-mail messages,
Data about the partner company with which you cooperate (you will find more about partner companies in Chapter 6 of this Policy, Data that we need to carry out the delivery of the ordered goods (address, postal code, city). We carefully respect the principle of the smallest volume of data, which determines legislation, therefore we collect only those data that are appropriate, relevant and limited to what is necessary for the purposes for which they are processed.The purposes for which we collect personal data are specified in chapter 4.3 of this Policy.
In accordance with the legislation, which regulates the protection of personal data, we can process your personal data on the following legal bases:
when the processing of your personal data is necessary for the fulfillment of the contract, which you have entered into; when you have given your consent to the processing of your personal data for a specific processing purpose, whereby you have the right to withdraw your consent at any time; when Hotel Sofija has a legitimate interest in processing your personal data (when we process data on the basis of a legitimate interest, we will expressly determine this within the framework of this Policy. when it is necessary, due to the fulfillment of certain obligations imposed on us by the legislation (this includes in particular data that we store for tax obligations).
It is mandatory to submit only those personal data that we collect based on the requirements of the legislation. Providing personal data, which we need to fulfill the contract, is voluntary.
We warn you that in the event that you do not provide us with all the personal data that we need to perform the service we provide (e.g. concluding a contract, registering for a webinar, etc.), such service
we will not be able to provide. Giving consent is always voluntary and without any negative consequences. We warn you that certain services (such as e-notification and advertising customization so that it suits your needs) without your consent, i.e. after withdrawing your consent, we will not be able to provide.
Hotel Sofia will process your data exclusively for specific, explicit and lawful purposes. We undertake not to process your personal data in a way that is incompatible with the purposes specified in this Policy. The purposes for which we may use your personal data are set out below. Hotel Sofia may use your personal data for one or more specific purposes. The purposes for which we will use your personal data are the following:
Communication with you regarding the provision of our services and responding to your inquiries (this includes, in particular, notifications regarding the PANTHEON program, responses to your inquiries, submitted online or on printed forms, completion of satisfaction surveys).
Conclusion of the contract and fulfillment of the obligations arising from the concluded contract. This includes, in particular, the execution of applications and orders submitted through our website (in this way, we can provide you with a successful application to our events, webinars and enable the execution of orders, such as e-business, orders through the online store). All personal data, which we process in connection with orders in our online store, are processed for the purpose of concluding and executing the contract concluded with you. In the event that you do not provide us with all the data necessary to execute the order, we reserve the right to postpone or cancel the order. For market communication purposes (this includes notifications about new services or updates to existing services and events organized by Datalab, as well as subscription to our blog news). For the purposes of market communication, based on customized or individualized offers. The use of some personal data helps us to tailor our communication with you so that it is as interesting and useful as possible for you. Based on certain personal data, we classify individuals into groups, which means that each group thus created receives marketing messages from us with different content. During the classification itself, we also monitor the activity of the individual. We will carry out market communication with customized or individualized offers only on the basis of your express consent. Provision of personal data to third parties. We will provide personal data only to those third parties, which are specified in chapter 6. We will provide your data only when it is justified by our legitimate interest in ensuring safe and legal business and fulfilling legal obligations (such as tax obligations, which may include providing your personal data to tax authorities). The exception is contractual partners, which we use for remarketing purposes; in this case, we will provide your personal data solely on the basis of your express consent. To fulfill any legal requirements and resolve disputes. To protect our business and exercise and/or protect our rights, personal data may be disclosed. We will disclose your personal data only in the manner and under the conditions required by law. For statistical analysis purposes. To improve the user experience, we conduct analyzes of the use of our website, which represents our legitimate interest in maintaining and/or improving our business success. You have the right to withdraw any processing of your personal data based on your consent. You can notify us of withdrawal of consent through any point of contact specified in Chapter 2 of this Policy.
We store your personal data in accordance with applicable legislation and (i) only for as long as is necessary to achieve the purposes for which we process the data, or (ii) for the period prescribed by law (such as, for example, 5 years for storage of issued invoices) or (iii) for the period required to fulfill the contract, which includes warranty periods and periods in which any claims can be made based on the concluded contract (e.g. 5 years from the fulfillment of the contractual obligations). we store your consent permanently, i.e. until you withdraw it
consent on your part (read more about how you can withdraw consent in chapter 9 of this Policy). Data collected on the basis of consent will be deleted even before your withdrawal in the event that the purpose for which we collected the data has been achieved. We will delete, destroy or anonymize personal data for which the storage period has expired (e.g. because the purpose for which they were collected was fulfilled, because the legally determined period has expired, etc.) in such a way that the reconstruction of personal data is no longer possible. in case you need any additional information regarding the retention period of your personal data
information, please contact us at any of the contact points set out in Section 2 of this Policy.
For the security of your personal data, we have adopted the answer at Hotel Sofia improving technical and organizational measures, which include in particular:
regular and efficient updating of software and computer equipment, where we store your personal information
data,
protection of access to personal data,
making backup copies,
education of employees who process personal data as part of their work,
informed and careful action when choosing a processor of your personal data,
supervising employees and other processors of your personal data, including
conducting audits,
supervision and taking appropriate measures in case of possible security incidents,
with which we prevent or limit the occurrence of damage to personal data