Processing of Personal Data

REGNUM EOOD

Last updated: 23.07.2025

At Regnum Hospitality Bulgaria, which includes Regnum Bansko Mountain Resort, Regnum Bansko Aquapark Complex, Regnum Banya Thermal Hotel and Regnum Banya Thermal Complex, we are committed to protecting the privacy and personal data of our guests, partners, employees and website visitors. We handle all personal information in full compliance with the General Data Protection Regulation (EU 2016/679) (GDPR) and the Personal Data Protection Act of the Republic of Bulgaria (Закон за защита на личните данни – ZZLD).


This page outlines how we collect, use, store and protect personal data across our group’s operations.

1. DATA CONTROLLER

The data controller responsible for the processing of personal data is:
Regnum Hospitality Bulgaria
UIC: Regnum EOOD
Registered address: Sofia, zh.k. “Gradina,” Bl. 10, Fl. 4, Apt. 18.
Email: gdpr@regnum.bg

2. TYPES OF PERSONAL DATA WE PROCESS

Depending on the nature of your interaction with our group (guest, employee, supplier, website visitor), we may process the following categories of personal data:


  • Full name and contact details (email, phone, address)
  • Identification information (ID/passport number, nationality)
  • Reservation and stay details (dates, preferences, room type, services used)
  • Payment and billing information
  • Communication records (inquiries, reviews, complaints)
  • CCTV recordings (within the premises for security purposes)
  • IP address, browser data and cookies (when visiting our websites)
  • Health and allergy information (only if voluntarily provided for service personalization)


We do not collect or process sensitive personal data (racial or ethnic origin, political opinions, religious beliefs, etc.) unless explicitly required by law or with explicit consent.

3. PURPOSE OF PROCESSING

Your personal data may be processed for the following lawful purposes:


  • Managing hotel reservations and guest stays
  • Processing payments, invoicing and legal compliance
  • Personalizing your stay experience and preferences
  • Providing spa, wellness, and dining services
  • Internal security and incident prevention (CCTV, access logs)
  • Marketing and promotional communication (only with explicit consent)
  • Managing loyalty programs such as Regnum Infinity Loyalty Program
  • Responding to inquiries, requests or legal claims
  • Recruitment and human resources management (for employees and applicants)

4. LEGAL GROUNDS FOR PROCESSING

We process personal data only when there is a valid legal basis, such as:


  • Fulfillment of a contract (e.g. hotel booking, service agreement)
  • Compliance with a legal obligation (e.g. local tourism laws, tax regulations)
  • Your explicit consent (e.g. receiving newsletters or offers)
  • Protection of legitimate interests (e.g. security, service improvement)


You have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal.

5. DATA RETENTION

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law. Standard retention periods include:


  • Guest records: 5 years after last stay (unless otherwise required)
  • CCTV recordings: up to 30 days
  • Marketing data: until consent is withdrawn
  • Employee records: as per local employment legislation


After these periods, the data is securely deleted or anonymized.

6. DATA SHARING AND TRANSFERS

We do not sell or rent your personal data. Your data may only be shared with:


  • Internal Regnum Hospitality Bulgaria departments (on a need-to-know basis)
  • Service providers (IT support, payment processors, marketing agencies) under strict data protection agreements
  • Public authorities (when legally required, e.g. tax office, police)
  • Third parties only with your explicit consent


Your personal data is not transferred outside the EU/EEA, unless specific safeguards are in place as per GDPR requirements.

7. DATA SECURITY MEASURES

We take appropriate technical and organizational measures to protect your data, including:


  • Encrypted servers and databases
  • Access control and authentication protocols
  • Regular staff training and awareness
  • Firewall and antivirus protection
  • Secure backups and disaster recovery procedures

8. YOUR RIGHTS UNDER GDPR

You have the right to:


  • Access your personal data
  • Request rectification of inaccurate data
  • Request erasure (“right to be forgotten”)
  • Object to processing or restrict certain uses
  • Request data portability
  • File a complaint with the Commission for Personal Data Protection (CPDP) in Bulgaria

9. COOKIES AND WEBSITE ANALYTICS

Our websites use cookies to enhance user experience and monitor traffic. You may manage cookie preferences through your browser settings. For more information, please see our separate Cookie Policy.

10. UPDATES TO THIS NOTICE

We may update this Personal Data Processing Notice periodically. The most recent version will always be available on our website. Major changes will be communicated directly where applicable.

11. CONTACT US

If you have questions or concerns regarding the processing of your personal data, please contact:


Regnum Hospitality Bulgaria – Data Protection Office


Email: gdpr@regnum.bg

Phone: +359 749 84 000