Datenschutzrichtlinie

Wetter
in Albena.bg
water-tempWasser10°
x
Persönliche Information
Privatsphärevereinbarung
Nächster
x
Buchen

PRIVACY POLICY OF THE PUBLIC COMPANY “ALBENA” AD, ALBENA RESORT

PRIVACY POLICY OF THE PUBLIC COMPANY “ALBENA” AD, ALBENA RESORT

Section I. Subject, Purpose, and Scope

1.1. Albena AD (hereinafter referred to as “Albena”) is a provider of tourism services and, in this capacity, acts as a data controller. The company processes personal data independently or through a data processor, ensuring compliance with the requirements of the Bulgarian Personal Data Protection Act (PDPA), applicable European legislation (Regulation (EU) 2016/679 of the European Parliament and of the Council and related documents), sub-legislative acts regarding data protection, regulations in the tourism sector, and its own internal data processing regulations.

1.2. This Privacy Policy (hereinafter referred to as “the Policy”) defines the key principles and rules related to the processing of personal data, the rights of data subjects, the obligations and responsibilities of Albena as a data controller, as well as those of its employees as data operators, the role of the Data Protection Officer, and the registers of personal data maintained by Albena.

1.3. The Policy is part of a comprehensive internal framework of documents, technical and organizational measures adopted by Albena to ensure that its employees, consultants, and all other natural or legal persons processing personal data on behalf of Albena strictly comply with applicable European and national legislation and internal regulations, thereby safeguarding the rights of individuals to personal data protection.

1.4. The principle of data protection is among the ethical and business conduct standards adhered to by Albena. This principle is enshrined in the company’s Code of Ethics, adopted by a decision of the Board of Directors as per Protocol No. 14 dated 17 May 2013. Compliance with this principle is the obligation and responsibility of every employee and is shared across all organizational units and hierarchical levels within Albena. This Policy elaborates on this principle into specific rules and aims to support employees in their day-to-day work with personal data, thus avoiding breaches.

1.5. A breach of data security may pose a high risk to the rights of affected individuals and result in significant negative consequences for Albena, its shareholders, and employees who violate internal or external regulations. Therefore, any non-compliance with this Policy is considered a serious violation that undermines Albena's reputation and public trust.

Section II. Definitions

2.1. “Personal Data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

2.2. “Processing of personal data” means any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure or destruction.

2.3. “Personal data register” means any structured set of personal data that is accessible according to specific criteria, whether centralized, decentralized, or distributed on a functional or geographical basis.

2.4. “Consent of the data subject” means any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.

2.5. “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

2.6. “Data controller” means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

2.7. “Data processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the data controller.

2.8. “Recipient” means a natural or legal person, public authority, agency, or another body, to which personal data is disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients.

Section III. Principles Relating to the Processing of Personal Data

3. Albena processes personal data in compliance with the following principles:

3.1. Lawfulness, Fairness, and Transparency

The company processes personal data lawfully, fairly, and in a transparent manner with regard to data subjects.

3.1.1. Lawfulness

Each data processing operation carried out by Albena (through its employees, consultants, and other processors on behalf of Albena) is based on a valid legal basis and complies with internal and external regulations. The principle of alternative legal grounds applies.

Data processing is considered lawful if:

  • 3.1.1.1. it is necessary for compliance with a legal obligation to which Albena is subject;
  • 3.1.1.2. the data subject has given consent for the processing of their personal data for one or more specific purposes;
  • 3.1.1.3. it is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract;
  • 3.1.1.4. it is necessary to protect the vital interests of the data subject or another natural person;
  • 3.1.1.5. it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority;
  • 3.1.1.6. it is necessary for the purposes of the legitimate interests pursued by Albena or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

3.1.2. Lawfulness of data processing regarding individuals using tourist services, as data subjects:

Albena processes personal data of individuals using tourist services in fulfillment of its legal obligations, based on:

  • 3.1.2.1. The Tourism Act and all other applicable legislative and sub-legislative acts, under which the following contracts are concluded:
  • 3.1.2.1.1. Contract with a tour operator;
  • 3.1.2.1.2. Contract for direct sale of a tourist service and the accompanying additional services.
  • 3.1.2.2. Documents, information, and data regarding individuals who are customers of other tourist service providers, in relation to Albena’s activities and in fulfillment of legal requirements;
  • 3.1.2.3. Request by an authority for the provision of personal data of individuals using tourist services, under an obligation regulated by a legislative or sub-legislative act.

3.1.3. Lawfulness of data processing regarding employees, as data subjects:

Albena processes personal data of its employees based on applicable labor, social security, and tax legislation, in its capacity as an employer (insurer), and in relation to the conclusion and execution of employment contracts.

3.1.4. Lawfulness of data processing regarding the company’s contractors, as data subjects:

Albena processes personal data of its contractors – natural persons and representatives of legal entities, based on applicable civil, commercial, tax, and social security legislation, in its capacity as a contracting party (insurer), and in relation to the conclusion and execution of contracts and other civil legal relationships.

3.1.5. Lawfulness of data processing regarding the company’s shareholders and management bodies, as data subjects:

Albena processes personal data of its shareholders – natural persons, and representatives of the company’s management bodies, based on applicable civil, commercial, tax, and social security legislation, in its capacity as an issuer of securities.

3.1.6. Lawfulness of data processing regarding individuals in a legal relationship with Albena Group companies, as data subjects:

Albena processes personal data of individuals who are in a legal relationship with legal entities over which Albena exercises control within the meaning of §14 of the Supplementary Provisions of the Public Offering of Securities Act (POSA), in its capacity as a parent company.

3.1.7. Lawfulness of data processing regarding individuals subject to video surveillance by Albena, as data subjects:

Albena processes personal data through video surveillance and recording. Albena holds a license since 2007 for conducting activities in accordance with the Private Security Services Act (PSSA). The video surveillance is carried out based on the company’s legitimate interests – to protect its property and to ensure traceability of the work process and fiscal discipline for registering and reporting sales at its commercial sites through fiscal devices.

In performing video surveillance, the Company informs data subjects by placing informational signs in the monitored areas.

3.1.8. Fairness and transparency:

In accordance with the principle of transparency in the processing of personal data, Albena informs users of tourist services, its employees, contractors, and other data subjects, in an appropriate, clear, and comprehensible manner, about the collection and processing of their personal data, as well as their rights concerning data protection. This information is also available on the company’s website – www.albena.bg.

Albena assists data subjects in exercising their rights. Employees and other individuals processing personal data on behalf of Albena are informed of data subjects’ rights and are obligated to provide information and assistance as set out in Section VI.

3.2. Purpose limitation:

Albena collects personal data for specific, clearly stated legal purposes outlined in relevant laws, contracts, or other documents and forms, and does not process it further in a manner incompatible with those purposes.

3.3. Data minimization:

Albena processes personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

3.4. Accuracy:

Albena collects and processes accurate personal data and takes all reasonable measures to ensure timely correction or deletion of inaccurate data, considering the purposes for which it is processed.

Albena strives to keep personal data up to date. In support of this principle and to fulfill its obligations accurately, Albena encourages individuals to inform the company of any changes to their personal data and provides assistance in updating it.

3.5. Storage limitation:

Albena retains personal data in a form that allows identification of the data subject for no longer than specified by law or, if not regulated, for no longer than necessary for the purposes for which the data is processed.

Once the processing purpose is achieved or the legally defined retention period expires, Albena, as a data controller, is required to destroy the data or transfer it to another controller, while notifying the Commission for Personal Data Protection (CPDP), if the transfer is stipulated by law and the processing purposes are identical.

  • 3.5.1. Storage of personal data of users of tourist services:

According to general civil and commercial legislation, Albena stores original paper documents and electronic documents for a period of no less than 5 years after the termination of the respective legal relationship.

  • 3.5.2. Storage of personal data of employees:

In accordance with the Labor Code, the Tax and Social Security Procedure Code, the Accounting Act, and the Ordinance on the Employment Record Book and Employment Record, Albena retains employment records for a period of no less than 3 years after the termination of the employment relationship, in paper and/or electronic format. Payroll documents are stored for no less than 50 years.

  • 3.5.3. Storage of personal data of contractors:

In accordance with general civil and commercial legislation, Albena retains contracts and related documents in paper and/or electronic format for the entire duration of their validity and for a period of no less than 5 years after the termination of the respective legal relationship.

  • 3.5.4. Storage of personal data of shareholders and company management:

According to general civil and commercial legislation, Albena retains shareholder registers, information about executives and candidates for the company’s management bodies, and related documents in paper and/or electronic format for their entire period of validity and for no less than 5 years from the date of the general meeting or deregistration from the Commercial Register.

  • 3.5.5. Storage of personal data of individuals in legal relationships with Albena’s subsidiaries:

In accordance with general civil and commercial legislation, Albena stores contracts and related documents in paper and/or electronic format for the entire duration of their validity and for a period of no less than 5 years after the termination of the respective legal relationship.

  • 3.5.6. Storage of personal data from video surveillance:

Video footage is recorded in a dedicated log and stored for a period of 30 (thirty) days, after which it is destroyed in accordance with the Private Security Services Act (PSSA) and Albena’s Personal Data Destruction Procedure.

3.6. Integrity and confidentiality:

Albena processes personal data in a way that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by applying suitable technical and organizational measures.

3.7. Accountability:

Albena is responsible for complying with the principles outlined in this section and requires compliance from its employees and any physical or legal persons who process personal data on behalf of and under assignment by Albena.

 

 

Section IV. PERSONAL DATA PROCESSED BY ALBENA

4. Personal data depending on the source of the data:

4.1. Personal data provided by data subjects
Albena processes personal data provided by the data subject through an application, contract, or another document initiated by the individual, for the purpose of performing an activity requested by the data subject or in relation to the exercise of their rights.

4.2. Personal data not provided by data subjects
In cases prescribed by law and when related to Albena’s legal obligations as a subject under civil and commercial law, the company processes personal data of individuals that it receives from the respective competent state authorities or other companies.

4.3. Personal data by category (special categories of personal data)

4.3.1. Albena does not process special categories of personal data, except for:

4.3.1.1. Health data of its employees:

  • 4.3.1.1.1. in relation to fulfilling legal requirements upon their employment;
  • 4.3.1.1.2. for the purposes of occupational health and safety;
  • 4.3.1.1.3. in connection with exercising their rights during temporary incapacity for work;
  • 4.3.1.1.4. in connection with exercising their rights in case of permanent reduced work capacity.

4.3.1.2. Health data of users of tourist services, provided by them for the purpose of exercising contractual rights, preferences, and interests.

Section V. INFORMATION PROVIDED BY ALBENA DURING PERSONAL DATA PROCESSING

5.1. When Albena receives personal data from a data subject, it provides them with information about:

  • 5.1.1. Identifying data for Albena and its representatives;
  • 5.1.2. Contact details for the Data Protection Officer;
  • 5.1.3. The purposes and legal basis for data processing, where applicable;
  • 5.1.4. The recipients or categories of recipients to whom the data may be disclosed;
  • 5.1.5. Whether the provision of data is a statutory or contractual requirement, or necessary for the conclusion or execution of a contract or activity requested by the data subject (i.e., if it is voluntary), and the consequences of refusing to provide it;
  • 5.1.6. Information about the right of access and correction of the collected data;
  • 5.1.7. The data retention period or criteria used to determine it;
  • 5.1.8. The right to lodge a complaint with a competent authority.

5.2. The information in point 5.1 is also provided when personal data is not obtained from the individual to whom it relates, unless the individual already has that information.

5.3. When personal data is not obtained from the data subject, Albena is obliged to provide the data subject with any available information about the source, upon request.

5.4. Points 5.1 to 5.3 of this section do not apply where the data has not been obtained from the data subject but its collection or disclosure is expressly permitted by EU or Bulgarian law and appropriate safeguards for the data subject's legitimate interests are in place.

Section VI. ALBENA’S OBLIGATION TO ASSIST DATA SUBJECTS IN EXERCISING THEIR RIGHTS

6.1. Albena must provide data subjects whose data it processes with transparent and accessible information about their rights, in writing, orally, or by other means upon request and after verifying their identity.

6.2. Albena assists in the exercise of the rights listed in Section VII and cannot refuse to act upon a request unless it is unable to identify the requester.

6.3. Albena informs the data subject of the actions taken on their request without undue delay and in any event within one month of receiving the request. This period may be extended by two additional months where necessary due to complexity or number of requests. Albena notifies the data subject of any such extension within one month, stating the reasons for the delay.

6.4. If the request is submitted electronically, the response is provided by the same means where possible, unless otherwise requested. The right to obtain access to personal data via a secure remote system must not adversely affect the rights and freedoms of other individuals.

6.5. If Albena does not take action on the request, it informs the data subject without delay and at the latest within one month, providing the reasons and the right to lodge a complaint with the Commission for Personal Data Protection (CPDP) and seek redress.

6.6. Information and any communications and actions taken in response to data subject requests are provided free of charge. If requests are manifestly unfounded or excessive, especially due to their repetitive character, Albena may:

  • (a) charge a reasonable fee based on administrative costs; or
  • (b) refuse to act on the request.

6.7. If Albena has reasonable doubts about the identity of the person making the request, it may request additional information and/or documents necessary to confirm the identity.

Section VII. RIGHTS OF DATA SUBJECTS

Pursuant to Regulation (EU) 2016/679 and applicable Bulgarian law, data subjects have the following rights:

7.1. Right of access
The data subject has the right to obtain confirmation whether Albena processes their personal data and, if so, to access the data and receive the following information:

  • (a) the purposes of processing;
  • (b) the categories of personal data concerned;
  • (c) the recipients or categories of recipients, particularly third countries or international organizations;
  • (d) the intended retention period or criteria used to determine it;
  • (e) the right to request rectification, erasure, or restriction of processing, or to object;
  • (f) the right to lodge a complaint with CPDP;
  • (g) the data source, where not collected from the data subject;
  • (h) the existence of automated decision-making, including profiling, and its significance and consequences for the data subject.

7.2. Right to rectification
The data subject has the right to request that Albena correct inaccurate personal data and complete incomplete data without undue delay.

7.3. Right to erasure ("right to be forgotten")
The data subject has the right to request the erasure of their personal data, and Albena must comply without undue delay where:

  • (a) the data is no longer necessary for the purposes collected;
  • (b) the data subject withdraws consent and there is no other legal basis;
  • (c) the data subject objects under Art. 21(1) and there are no overriding legitimate grounds, or objects under Art. 21(2);
  • (d) the data was unlawfully processed.

7.3.1. Albena halts processing in cases under point (c) when:

  • an objection is received regarding direct marketing;
  • an objection is received under Art. 21(1) and Albena cannot demonstrate overriding legitimate grounds.

7.3.2. The right to erasure does not apply where:

  • the statutory data retention period has not expired;
  • processing is based on an active contract;
  • processing is necessary for legal claims;
  • processing is required by law.

7.4. Right to restriction of processing
The data subject may request restriction of processing when:

  • (a) processing is unlawful, but the data subject opposes erasure and prefers restriction;
  • (b) Albena no longer needs the data, but the subject needs it for legal claims.

7.4.1. Restricted data may be processed only with consent, for legal claims, protection of another's rights, or public interest.

7.4.2. If the restriction is lifted, Albena informs the data subject in advance.

7.5. Right to object

7.5.1. The data subject may object to processing based on public interest or legitimate interests. Albena ceases processing unless it demonstrates compelling legitimate grounds that override the rights of the data subject or are for legal claims.

7.5.2. The data subject has the right to object at any time to processing for direct marketing, including profiling. Albena must cease such processing upon objection.

Albena explicitly informs the data subject of their right to object at the first point of contact, in a clear and separate manner.

7.8. The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or significant effects for them.

7.9. Albena applies internal rules and procedures regulating how it accepts, reviews, and responds within one month to requests by individuals exercising their rights under this section.

Section VIII. Data Controller and Data Processor

8.1. Responsibility of Albena

In its capacity as a data controller, Albena implements appropriate technical and organizational measures—part of which is this Policy—to ensure and be able to demonstrate that personal data is processed in accordance with Regulation (EU) 2016/679 and the applicable national legislation, taking into account the nature, scope, context, and purposes of the processing, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons. These measures are reviewed and updated where necessary.

8.2. Data Processor

8.2.1. Data processors on behalf of Albena include all employees and contractual representatives of Albena, when they process personal data in the performance or in connection with the performance of their official or contractual duties.

8.2.2. For the purposes of this Policy, data processors also include all natural or legal persons who, based on contracts concluded with Albena, carry out any of the activities defined as personal data processing under Section II, point 2.2, such as providers of the following (non-exhaustively listed) services related to:

  • Information technologies used by Albena;
  • Digitization and other technical data processing;
  • Printing and courier services;
  • Destruction of data (on paper).

8.2.3. When assigning the processing of personal data, Albena uses only data processors that provide sufficient guarantees for the implementation of appropriate technical and organizational measures so that the processing complies with the requirements of Regulation (EU) 2016/679, the applicable national legislation, and ensures the protection of the rights of data subjects.

8.2.4. Data processors acting on behalf of Albena shall not engage another processor without Albena’s prior specific or general written authorization. In cases where Albena grants general written authorization, the processor is required to inform Albena in advance of any intended changes concerning the addition or replacement of other processors. Albena reserves the right to object to such changes.

8.2.5. Processing by a data processor shall be governed by a contract or other legal act under EU law or the applicable Bulgarian legislation, which sets out the nature and purpose of the processing, the duration of the processing, the types of personal data, the categories of data subjects, and the obligations and rights of both the processor and Albena. The processor shall be subject to the following obligations:

a) To process personal data only on documented instructions from Albena, including with regard to transfers of personal data to a third country or an international organization, unless required to do so under EU or Member State law applicable to the processor. In such a case, the processor shall inform Albena of this legal requirement before processing, unless that law prohibits such information on important grounds of public interest;

b) To ensure that persons authorized to process personal data on its behalf have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;

c) To take all necessary security measures for the processing;

d) To comply with the conditions described above for engaging another data processor;

e) To assist Albena through appropriate technical and organizational measures, taking into account the nature of the processing assigned to the processor, in fulfilling Albena’s obligation to respond to requests for exercising the data subjects’ rights under Regulation (EU) 2016/679;

f) To assist Albena in ensuring compliance with the obligations under Articles 32–36 of Regulation (EU) 2016/679, taking into account the nature of the processing and the information available to the processor;

g) At Albena’s choice, to delete or return all personal data after the end of the provision of processing services and to delete/destroy existing copies unless EU or Member State law requires storage of the data;

h) To make available to Albena all information necessary to demonstrate compliance with the obligations laid down in this section and to allow for and contribute to audits, including inspections, conducted by Albena or another auditor authorized by it;

i) To immediately inform Albena if, in its opinion, an instruction infringes Regulation (EU) 2016/679 or other applicable EU or national data protection legislation.

8.2.6. Where a data processor engaged by Albena under a contract or other legal act involves another processor for carrying out specific processing activities, the same data protection obligations as set out in the contract or legal act between Albena and the initial processor shall be imposed on that other processor. The sub-processor shall provide sufficient guarantees to implement appropriate technical and organizational measures to ensure the processing complies with legal requirements. In any case, the initial data processor shall remain fully liable to Albena for the performance of the sub-processor’s obligations.

8.3. Processing under the direction of Albena or a data processor on behalf of Albena

The data processor and any person acting under the authority of or on behalf of Albena or of the processor who has access to personal data shall process such data only on instructions from Albena, unless processing is required by EU or Member State law.

8.4. Cooperation with the Supervisory Authority

Upon request by the Commission for Personal Data Protection (CPDP), representatives of Albena and its data processors shall cooperate with the CPDP in the performance of its duties.

Section IX. Personal Data Registers

9.1. The information systems used for processing individuals’ data are a type of electronic registers, owned by Albena.

9.2. Albena adopts rules regarding the manner of collecting and storing personal data, as well as the time limits and procedures for destroying data from the respective registers, in accordance with special laws and the adopted information security rules.

 

Section X. Types of Registers

10.1 In its capacity as the personal data controller, when providing tourism services, Albena, based on the Tourism Act and the acts for its implementation, maintains in electronic form a Register of accommodated tourists for each categorized accommodation facility managed by Albena, as per Article 116, Paragraph 2 of the Tourism Act.

10.2 (1) In its capacity as the personal data controller and employer, Albena maintains a register in which it collects, processes, and stores personal data of its employees, as well as individuals working under non-labor contracts with Albena:

  1. for the purpose of identifying labor and non-labor relations;
  2. in compliance with the regulatory requirements of the Labor Code, the Social Security Code, the Accounting Act, the Personal Income Tax Act, and others;
  3. for business purposes.

(2) Albena uses the register under Paragraph 1 for:

  1. All activities related to the establishment, modification, and termination of labor and non-labor relationships — for the preparation of any documents related to these relationships (contracts, additional agreements, documents confirming work experience, employment certificates, references, and others);
  2. Communication with employees and individuals working under non-labor contracts, including by phone, email, concerning their obligations under the concluded agreements.
  3. For accounting purposes regarding the remuneration of the aforementioned individuals under the contracts signed with them.

Section XI. Data Security and Data Breach

11.1 Albena and the personal data processors acting on its behalf implement appropriate technical and organizational measures to ensure a level of security that is aligned with the risks, varying in likelihood and severity, to the rights and freedoms of individuals.

11.2 Albena and the personal data processors acting on its behalf take actions to ensure that any individual acting under the direction of Albena or the data processor, who has access to personal data, processes such data only upon Albena's instructions, unless the individual is required to do so by EU law or the law of a member state.

11.3 In the event of a personal data security breach, Albena applies an established Procedure for action in the event of a personal data breach and notification of the breach.

11.4 The personal data processor acting on behalf of Albena notifies Albena, without undue delay, as soon as it becomes aware of a personal data security breach.

Section XII. Data Protection Officer

12.1 Albena appoints a Data Protection Officer (DPO), publishes their contact details on Albena's website, and notifies the Commission for Personal Data Protection (CPDP).

12.2 Albena ensures that the DPO participates, in an appropriate and timely manner, in resolving all matters related to the protection of personal data.

12.3 Albena and the personal data processors acting on its behalf assist the DPO in performing the functions outlined in section 12.8, by providing the resources necessary for fulfilling these functions, granting access to relevant registers, personal data, and processing operations. Albena ensures that the DPO has opportunities to develop and maintain their expertise.

12.4 Albena and the personal data processors acting on its behalf ensure that the DPO receives no instructions concerning the performance of their duties. The DPO cannot be dismissed or penalized by Albena for performing their duties. The DPO reports on their activities to the Board of Directors of Albena.

12.5 Data subjects may contact the DPO regarding any matters related to the processing of their personal data and the exercise of their rights.

12.6 The DPO is obliged to maintain the confidentiality or secrecy of the functions they perform in accordance with EU law or national legislation.

12.7 The DPO may perform other functions and duties. Albena or the personal data processor acting on its behalf ensures that these functions and duties do not lead to a conflict of interest with their data protection role.

12.8 Key functions and responsibilities of the DPO:

  • a) Inform and advise Albena or the personal data processors acting on its behalf, including employees performing processing, on their obligations under Regulation 2016/679 and other applicable EU and national data protection laws.
  • b) Monitor compliance with Regulation 2016/679, other relevant EU and national legislation, and Albena’s or the data processor’s internal rules regarding data protection, including overseeing the assignment of responsibilities related to personal data processing, awareness raising, staff training, and relevant audits.
  • c) Provide advice on Data Protection Impact Assessments (DPIAs) and ensure their performance under Article 35 of Regulation 2016/679.
  • d) Cooperate with the CPDP.
  • e) Act as a contact point for the CPDP on matters related to processing, including in prior consultations under Article 36 of Regulation 2016/679, and consult with the CPDP on any other issues as appropriate.

12.9 In performing their duties, the DPO duly considers the risks related to processing operations and takes into account the nature, scope, context, and purposes of the processing.

This policy was approved by the Board of Directors of Albena AD through a decision recorded in Protocol No. 7/2018.

CONTACT INFORMATION

Administrator's Details:

"ALBENA" AD
Unified Identification Code (UIC): 834025872

Correspondence Address:
Obrochishte village, 9630, Balchik Municipality, Dobrich District,
Albena resort, Administrative Building

Contact Phone: 0885 853 512
Email: dpo@albena.bg

Supervisory Authority's Details:

Commission for Personal Data Protection (CPDP)

Address: Sofia, Prof. Tsvetan Lazarov Blvd., No. 2, Postcode: 1592

Contact Phone: 02/91-53-518
Email: kzld@cpdp.bg

Holen Sie sich die neuesten Nachrichten und Angebote direkt in Ihren Posteingang
Abonnieren
facebook Created with Sketch. Instgram Created with Sketch. linkedin Created with Sketch. Youtube Created with Sketch. twitter Created with Sketch.
+359 700 12 110
8:30-17:00 Mo-Fr
Preis für STandardanrufe
Agentur Login
Datenschutzrichtlinie Geschäftsbedingungen Copyright © 2025 Albena.bg. Alle Rechte vorbehalten