Privacy Policy

Please read this document carefully. It contains the Privacy Policy of Tarsis Ltd. (“Policy”) and explains our practices regarding the processing of personal data in the context of the services we offer and our activities.

This Policy has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “Regulation”).

PRIVACY POLICY OF TARSIS LTD.

GENERAL PROVISIONS

Art. 1. In providing its services and carrying out its activities, Tarsis Ltd. (“Hotel Tarsis”) acts as a data controller of its customers’ personal data—natural persons—and other individuals listed below (“Data Subjects”/“You”), in accordance with the rules and principles set out in this Policy.

Art. 2. Tarsis Ltd., company ID xxxxxxxxxx, registered office and management address Sunny Beach resort, 8230 Nessebar Municipality, Bulgaria; tel.: +359 88 888 7775; email: [email protected]. VAT number: xxxxxxxxxx.

DATA SUBJECTS

Art. 3 (1). In relation to the services provided, Hotel Tarsis processes data concerning the following Data Subjects:

(a) individuals visiting the website https://hoteltarsis.com/ (“Website”);

(b) individuals making reservations for themselves or on behalf of others via the Website;

(c) individuals using Hotel Tarsis services, including accommodation, catering, conference/event spaces, and those acting on behalf of legal entities;

(d) individuals who submit inquiries (email, fax, phone, instant messaging, etc.), requests, complaints or other correspondence to Hotel Tarsis;

(e) individuals whose information is included in the above inquiries or correspondence.

(2) Hotel Tarsis services are available only to individuals aged 18 or older and legally capable.

CATEGORIES OF PERSONAL DATA

Art. 4. The categories of personal data processed by Hotel Tarsis under this Policy may include:

1. For accommodation services:

(a) Identification: guest name; date of birth; gender; nationality; national ID number (e.g. Bulgarian EGN) and/or passport/ID details; issue and expiry dates; issuing country; signature;

(b) Contact: phone; email; address;

(c) Stay details: room number; floor; check-in/check-out dates; length of stay; package usage; smoking/non-smoking preference; VIP status;

(d) Special requests: dietary or other needs specified by the guest.

2. Payment and invoicing: payment method; amounts due and paid; payment deadlines and defaults; bank details; currency; credit/debit card number, expiry, holder, CVC; authorization forms; company name, address, VAT or registration number; signed authorizations.

3. For catering services:

(a) Identification: name;

(b) Contact: phone; email; address;

(c) Payment/invoicing: card details; CVC; company name/address; VAT or tax ID; signed authorizations;

(d) Food/beverage preferences or allergies, if specified.

4. When representing another entity: name, role (employer, position), services or orders requested, and who orders/pays and on whose behalf.

5. Loyalty/discount cards: name; discount details.

6. Website features:

(a) Reservation data: name; email; phone; country; card details; rooms; number of guests; promo codes; booking number; special offers/preferences; package details;

(b) E-shop data: registration (name; email; phone; fax; company details; password); order history; voucher data; payment history; card/bank details; order numbers;

(c) Unstructured chat or messaging content;

(d) Logs: login, server and security device logs (IP, URL, browser/device info);

(e) Cookies: necessary for site function—details in our Cookie Policy at https://hoteltarsis.com/.

Video surveillance: public areas are monitored 24/7; recordings stored securely; notices posted.

DATA RETENTION

Art. 16. Data retention periods vary by data type and legal requirement, from 1 year for some logs to up to 10 years for accounting records. See internal tables for details.

DATA SUBJECT RIGHTS

Art. 17. You have the right to:

1. Be informed about data processing;

2. Access your data;

3. Rectify inaccuracies;

4. Erase data under certain conditions;

5. Restrict processing;

6. Be notified of third-party corrections or deletions;

7. Data portability when processing is based on consent or contract and automated;

8. Object to automated decisions, including profiling, with human oversight;

9. Withdraw consent at any time, without affecting prior processing.

OBJECTIONS

Art. 18. You may object, on grounds relating to your situation, to processing based on public interest, official authority, or legitimate interests. We will cease processing unless overriding legitimate grounds exist.

COMPLAINT TO SUPERVISORY AUTHORITY

Art. 20. You may lodge a complaint with the competent data protection authority, such as the Bulgarian Commission for Personal Data Protection:

CPDP
Address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria
Website: https://www.cpdp.bg/

CONTACT & FURTHER INFORMATION

Art. 23. For clarifications or to exercise your rights, contact us at:

Address: Sunny Beach resort, 8230 Nessebar, Bulgaria
Email: [email protected]
Phone: +359 88 888 7775

This Policy is effective from 31.01.2025.