Legal, organizational and technical solutions in “REGNUM SERVICE MANAGEMENT” Ltd.

(REGNUM - Bansko Hotel & Spa – Banya Thermal ) for processing and protection of personal data

/ Privacy Policy /

This policy enters into force with effect from 01.01.2018.

Our views on privacy

"REGNUM SERVICE MANAGEMENT" Ltd., with UIC 200562500, with headquarters and management address in Blagoevgrad district, Municipality of Bansko, Town of Bansko,3 Banski Suhodol str., Regnum Bansko Hotel & SPA and Regnum Banya Thermal complex, represented by the manager Kenan Ozkan (hereinafter referred to as REGNUM, the administrator) accepts that when collecting and processing information about an individual, we must do it so responsibly with due care for privacy by observing data protection laws and privacy principles.

This Privacy Policy ("Policy") describes the main types of personal information we collect within the company, how we handle and use that information and our obligations to the data we process. The policy explains how we intend to comply with data privacy laws and regulations, including but not limited to the Regulation (EU) 2016/679 (GDPR).


REGNUM as an administrator of personal data has implemented internal policies (instructions), procedures, and training programs designed to ensure compliance with these laws. Our policies, procedures, and training programs are updated regularly and are controlled by a team of privacy of personal life professionals.

What categories of personal data collect and process REGNUM and for what purposes?

Personal data of employees and job seekers. 

REGNUM collects information from job applicants, incl. personal data - names, addresses, age, education, and work experience. These data are collected for the purposes of staff selection. Our company would only process the data for the purposes of verifying a past record if this is provided in an explicit legal text that refers to the position for which the person applies. 


Once appointed REGNUM will process the employee's personal data for the purposes of managing and administering the human resources of the organization - performance level, salary scales, tax, and social security purposes.

REGNUM also processes data for its consultants - individuals with whom civil contracts have been concluded (if any).

Personal data of clients - individuals (hotel guests)

REGNUM collect the personal data of individuals-clients / guest REGNUM in the volume provided by the Law on Tourism. 

These data are collected for the purpose of concluding and implementing the contract for hotel accommodation and are processed for the term of the contract and up to two - five years after termination.

It is possible for REGNUM to request additional information from its guests, for example - about health status. This is necessary when the administrator has the obligation to accommodate a guest with special needs.


Disclosure of personal data

Only if needed, the personal data of our guests can be disclosed by REGNUM on the reservation system through which the booking will be requested and executed; (for the purpose of successful payment of the service under the contract), insurance companies, a company carrying out accounting, and possibly investigating and other institutions, on the basis of a legal text that obliges us to disclose guest information.

Inside the company, only authorized persons duly prepared to work with personal data have access to personal data. 

REGNUM does not trade and sells databases, incl. anonymized or pseudonymized data, for any occasion and for any purpose, incl. statistics.

With the REGNUM processors, the above concludes confidentiality agreements, in this way is committing them to collect and process only personal data in accordance with the objectives of the specific goals and to implement appropriate organizational and technical security measures.

Transfer of personal data (disclosure to persons outside the country) 

When the fulfillment of the contract for the tourist service requires this, REGNUM transfers personal data outside the country. 


Notification and Agreements

At the time of data collection, REGNUM (or its processing agent - touristic agent, for example) notifies the individuals in a clear and uncontroversial manner how exactly the information about them will be processed, disclosed, stored, and deleted; what rights they have with regard to the protection of personal data or under this Policy, as well as what are the ways of exercising these rights. This notification fully complies with the requirements of the Regulation and aims at ensuring its maximum fulfillment, including but not limited to the principle of transparency and legality of the processing of personal data of individuals. 

REGNUM guarantees that individuals can exercise all of their rights regarding the personal data, processed by the company, including but not limited to the right of access, updating and correction, the right to data portability, the right to suspend the processing, and the deletion of data and everything provided by law. REGNUM will make every effort to consider and respect the person's request. A possible denial by REGNUM would be possible only on a legal basis (when a legal text forbids this).

In cases where this is required by law and also as an expression of good practice, REGNUM may request the consent of the individual to collect, use and disclose his data for specific purposes. 


The actuality of data. Terms of storage.

Our privacy policy provides that each person whose data we collect has the full rights to request correction and update of the data. 

The right to be forgotten is also one of the provided in our privacy policy, and every person can claim to delete their data.

REGNUM done the deletion of personal data immediately after dropping the grounds for processing and storage, after consideration of the specific legal requirements. 

Security and data protection

REGNUM maintains a comprehensive information security policy with maximum emphasis on technical and organizational security measures to protect personal information from unauthorized access or loss. In accordance with regulatory requirements, REGNUM also supports practice for dealing with breaches of security concerning the protection of personal data, including making all required notifications to individuals or supervisory bodies.


Personal data of minors

REGNUM collects and processes data on minors only when they are provided by an adult accompanying the child for the purpose of concluding a hotel accommodation contract in which the child is a user. 

Inquiries, alerts, complaints, and requests for exercising rights

Any communication, inquiries, alerts, complaints, and requests for the exercise of personal data rights should be addressed to the headquarters of the “ ‘’REGNUM SERVICE MANAGEMENT” Ltd, with EIK 200562500, with headquarters and management address at Blagoevgrad district, Municipality of Bansko, Town of Bansko, 3 Banski Suhodol str., complex Regnum Bansko Hotel & SPA and Regnum Banya Thermal, at the attention of our data protection person: ...................................................., phone number. .................................... and email: .........................

Legal status of this Policy. Changes and action

This Privacy Policy is not a contract and has no binding effect. REGNUM reserves the right to update the Policy (for example - when changing the legislation on personal data).


Share by: