Personal data protection policy
As an administrator of personal data Sunset Aquapark collects and processes some information about natural persons.
Such information may refer to employees, managers, customers and guests of Sunset Aquapark, suppliers, contractors, business contacts and other natural persons with whom the Administrator has connection or wants to establish business contact.
This personal data protection policy regulates the collection, processing and storage of personal data in compliance with the standards of the Administrator’s organization and the applicable legal regulations and requirements.
This personal data protection policy is issued on the grounds of the Bulgarian Personal Data Protection Act and the related bylaws regulating its application, as amended (the Bulgarian legislation) and the General Data Protection Regulation (ЕU) 2016/679 (GDPR).
What do we refer under “personal data“ and “personal data processing“?
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number/personal number, contact data location/postal address, phone number, email address, an online identifier/IP address or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
‘personal data processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Our attitude to your personal data
Sunset Aquapark treats personal data protection with utter diligence and collects and processes personal data only by strictly adhering to the applicable provisions of the national and European legislation. This Personal Data Protection Policy aims to keep you informed how we process your personal data and what type of personal data we would collect from you, the particular purpose and terms and respectively what rights you have on that.
The safety of all data you have entrusted to us is very important to us. Therefore, we protect your data by applying all relevant technical and organizational methods which are adequate to answer the possible risks for the rights and freedoms of natural persons so we do not allow unauthorized access or misuse, loss or premature deletion of information.
What type of information we collect and why?
It is possible to collect personal data for you when you use our site or opt to use our services. In most of the cases, we require your personal data for the purpose of signing a contract, meeting an obligation by law or protecting our legitimate interest. In certain cases, we process personal data based on your prior consent.
Depending on the services you use we may collect and process the following information about you:
- Name of person;
- Contact details – phone number or electronic address (email).
Guiding principles we follow
We strictly adhere to the basic principles introduced as obligatory when processing personal data:
- Personal data is processed lawfully, fairly and in a transparent manner;
- Personal data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Personal data is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Personal data is accurate and, where necessary, kept up to date;
- Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Most often we process the personal data we collect for the following purposes:
- Conclusion or performance of contract – for the purchase of electronic voucher, preparation of accounting documents such as a receipt or invoice for the provided services; notices related to our services;
- Fulfillment of legitimate obligations – for the goals and objectives of obligations stipulated in the Accounting Act and the Tax Insurance Procedure Code and related bylaws regarding the proper and legitimate bookkeeping; obligations to provide information for the provision of information to all state commissions and regulatory bodies, including the court; within the fulfilment of obligations related to online purchase of vouchers (distant sales);
- Upon your prior consent – for direct marketing of product and services we offer.
When we collect and process your personal data you have the following rights:
- To receive information about your personal data we process and access to the personal data that has been collected;
- To correct/ fill in, if data is incorrect/ incomplete – at your initiative or at the initiative of Sunset Aquapark;
- To have your personal data deleted if there are legal grounds for that;
- To require limitation of the processing of your personal data by Sunset Aquapark, if there are legal grounds for that;
- To have your personal data transferred between the different administrators – this right enables you to receive your data from Sunset Aquapark and transfer it to another administrator in any format suitable for its use;
- To object the processing of your personal data if there are legal grounds for that;
- To have proper defense in any court or administrative proceedings, provided your rights have been violated;
- You may protect your rights by writing to us to the following e-mail: [email protected] or address: Sunset Aquapark, Krotirya area, Pomorie, Pomorie Municipality, Burgas District;
- We store your personal data in accordance with the specific goal for which it has been collected and within the terms provided by the law.
When do we have the right to disclose your personal data?
We apply complex of measures to protect your personal data against loss, theft or misuse, including unauthorized access, disclosure, modification or destruction. We do not disclose your personal data to third parties before we are sure that all technical and organizational measures have been taken to protect such data and always try to exercise strict control to achieve this goal.
Some of the entities receiving personal data may be: couriers, outsourced consultants and experts, debt collecting companies, lawyer’s offices, banks, security companies, trade agents and representatives, etc.
It is possible, under circumstances provided by the law, that your personal data would be disclosed. For example, if there is express consent from you or if there is permit given by the Commission for Personal Data Protection, your personal data may be disclosed and provided to third parties. In some cases, provision and disclosure of personal data is obligatory so we may fulfil our legal obligations to: regulatory bodies, incl. state commissions, institutions and agencies, National Revenue Agency, National Social Security Institute, courts, prosecutor’s office, etc., to which we are obliged to provide personal data by virtue of the applicable law. It is possible, when necessary and reasonable, that your personal data would be provided for the needs of the national security or if problems of public significance have occurred.
Sunset Aquapark takes all measures for the protection of your personal data against accidental loss or unauthorized access, use, modification or disclosure. We have adopted policies and procedures aimed to protect information against loss, misuse and unlawful disclosure. Furthermore, we take additional measures for data safety, including access control, strict physical protection and reliable practices for data collection, storage and processing.
On the other side, we apply technical measures such as encrypting, pseudonymization and anonymization of the collected personal data.
When do we delete your personal data?
We store the whole information we have collected for you and delete it within the terms provided by the law, and if the law does not provide such term, we delete it within the terms we have determined after we have fully settled all our financial relations. We do not keep your data indefinitely.
The transfer, storage and processing of personal data is secured with modern technical equipment. Sunset Aquapark will not transfer your data outside EEA without adhering to the legal provisions, and we will introduce protection measures to keep your information confidential.
Once the storage term expires, all data is destroyed as soon as possible. Hard copies are destroyed in shredders, while soft copies are destroyed by deleting and erasing the respective files from the company computers and systems.
Amendments in this Personal Data Protection Policy
This procedure for personal data protection may be amended from time to time. Such changes will become effective immediately after they are disclosed. Reviewing this page regularly will guarantee you that you will always be aware of the information we collect, how and for what exact purposes Sunset Aquapark uses it and under what circumstances (if any) we will share it with third parties.