Puna Child
Booking

PRIVACY POLICY

Contact details of the Supervisory Authority
Commission for Personal Data Protection (CPDP)
Address: Sofia, P.O. Box 1592, Prof. Tsvetan Lazarov Blvd. No. 2
Website: www.cpdp.bg

It is advisable that you take time to familiarize yourself with this Privacy Policy, and to review it periodically, because we may change it at some point.

  1. Scope

The protection of your personal data is a high priority for “Rugen” OOD. This Privacy Policy discloses how “Rugen” OOD collects, stores, processes, protects, uses and discloses personal and other data collected about you in writing, orally, electronically or while you use the websites (together with any other and any future website, hereinafter collectively referred to as the “Website”). Our personal data protection practices comply with the applicable Bulgarian data protection legislation and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

  1. Key definitions

For the purposes of this Privacy Policy, the following terms are used:

Personal data is any information relating to an identified person or a natural person who can be identified, including, but not limited to: (a) first name or initial and last name; (b) personal identification number (PIN); (c) permanent or current address; (d) telephone number; (e) e-mail address or online identifier associated with the person; (f) data regarding financial status, health status or data regarding professional experience; (g) behavioral or demographic characteristics when linked to personal identifiers; (h) voice data and video image; or (i) any other information relating to a person that is combined with any of the above.

Other data, as defined by applicable law, which may be anonymized and/or aggregated information, as well as any other information that does not reveal the identity of the person or is not directly linked to them. Other data may include, but is not limited to: cookies, IP address and information obtained from an IP address, information contained in HTTP headers. Other data stored in internet protocols, browsers or various devices, operating systems and information used by “APPS” applications on your mobile device, screen resolution, behavioral data about your use of the websites and preferred languages.

Processing of personal and other data means any operation or set of operations performed on personal or other data, by automated or other means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and deletion or destruction.

Sensitive personal data is a type of personal data that may include, but is not limited to, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership in trade union organizations, as well as the processing of genetic data, biometric data for the sole purpose of identifying a natural person, data concerning health, or data concerning a natural person’s sex life or sexual orientation.

Suppliers of goods and services are third parties that we use under contractual relationships, for the fulfillment of our legal obligations and the conduct of our commercial activity, and in order to provide you with many of our services, functions and aspects of the Website.

  1. What personal and other data we collect

Our privacy policies depend on the type of relationship you have with “Rugen” OOD and on legal requirements. We strive to collect personal and other data only to the extent necessary to provide you with products, services or information you have requested, or for the recruitment of the necessary staff for the normal operation of the Company. We may use the information to improve the functionality when using our Website, in accordance with this Privacy Policy. Below are the grounds and some of the ways in which we collect and use the information.

Your personal data may also be collected in connection with Customer Programs and games organized by “Rugen” OOD. Each Customer Program and Game has individual terms, with a detailed description of the participation rules, prize funds, the necessary personal data that will be collected, the methods of collection, storage periods and processing purposes.

When organizing such Customer Programs and games, “Rugen” OOD also complies with the general rules for the protection of personal data set by the specific social platform on which the Game is distributed. Usually, but not exclusively – Facebook, Twitter, Instagram.

3.1. Users

“Rugen” OOD collects user data in various ways. In all cases, we collect only the personal data that you have voluntarily provided to us and we do not collect any other data that has not been provided to us without your voluntary consent.

3.1.1. Personal data you have provided voluntarily

You may choose to communicate with us and provide personal data, such as your:

  • names, postal and e-mail address, telephone and/or mobile number, city, postal code, age, bank account and other information.

3.1.2. For what purpose we use your personal data

“Rugen” OOD uses the above-described data, when provided by Users, in cases of:

  1. performance of a contract concluded with a client, including delivery of goods and services;
  2. submission by clients of opinions, complaints, suggestions, objections, etc.;
  3. customer satisfaction survey;
  4. providing a response;
  5. connection to the Wi-Fi network provided by the restaurants and accommodation facilities of “Rugen” OOD;
  6. contacting us by phone, e-mail or by post with a question, recommendation or complaint;
  7. responding to your inquiries and complaints related to the quality of the offered goods;
  8. in connection with Customer Programs and in the event that you are a winning participant in the Games organized by “Rugen” OOD.

“Rugen” OOD does not collect personal data from its clients unless they contact us directly. In order for us to adequately respond to clients’ inquiries, it is possible that personal data may be shared with third parties.

3.1.3. Other data collected automatically

We collect data automatically through the Website. However, if we combine your personal data with the data we collect automatically (e.g. geographic location from your IP address and combine it with the behavioral information about your use of the Website, with your name), we treat the information as personal data.

“Rugen” OOD and its online advertising and marketing partners may use various technologies to collect information, including:

3.1.4. Cookies

Like many other websites, we also use devices that collect data, such as “cookies”. We collect this data in order to analyze the traffic to our page and to measure the effectiveness of the promotions we offer. A cookie is a text string of information that the Website sends to the cookie file from the browser on the hard drive of your computer so that the Website can remember you.

A cookie usually contains the name of the domain from which the cookie has come, the “lifecycle” of the cookie and a value, which usually represents a randomly generated unique code.

This helps us to provide you with a better use of our Website and also allows us to improve the services we offer.

A few important things you should know about cookies:
“Rugen” OOD offers certain functions that are available only through the use of cookies.

  • they are used to improve the use of the Website;
  • most cookies are “session cookies”, which means that they are automatically deleted from your hard drive at the end of the session.

You have the option to accept or refuse cookies by changing your browser settings. If you refuse cookies, this may prevent you from using all interactive features of the Website.

3.1.4. Internet Protocol (“IP”) Addresses

The IP address is associated with your computer or with your mobile device. “Rugen” OOD may use your IP address to help diagnose problems with the “Rugen” OOD server, to administer the Website and to maintain contact with you while you use the Website.

3.2. Potential employees

If you wish to be part of the team of “Rugen” OOD and you submit an application for employment or attach your CV, we process and store the personal data entered in the indicated documents for a period no longer than 6 months after completion of the selection process. The collected personal data may include, but is not limited to:

  • Identification: names, address, telephone number, e-mail address, date of birth, citizenship, bank account;
  • Education and professional qualification: data related to education, work experience, professional and personal qualification and skills, when necessary and required for the position.

These personal data are stored in accordance with the privacy rules for personal data provided when applying for a job at “Rugen” OOD.

3.3. Employees

With regard to its employees, “Rugen” OOD processes the following personal data:

  • Identification: three names, PIN, date of birth, permanent address, education and professional qualification; professional experience, bank account number;
  • Data concerning health status, including a medical certificate in relation to all employees and data from the personal health books of employees working directly with food;
  • Data concerning criminal record – criminal record certificate.

These personal data are stored in accordance with the internal rules for the protection of personal data of “Rugen” OOD and the Privacy Notice for employees’ personal data.

3.4. Contractors and suppliers

With regard to our suppliers of goods and services who are natural persons / as freelancers / and the representatives or contact persons of our suppliers of goods and services who are legal entities, “Rugen” OOD processes the following personal data:

  • Identification: names, PIN, address, telephone number, e-mail address, date of birth;
  • Professional activity: position, official capacity.

These personal data are stored in accordance with the internal rules for the protection of personal data of “Rugen” OOD and the Privacy Notice for suppliers and partners.

3.5. Visitors to premises

With regard to persons who visit premises of “Rugen” OOD in which video surveillance is carried out, “Rugen” OOD processes the following personal data:

  • Identification: voice data and video image.

These personal data are stored in accordance with the rules for the protection of personal data in video surveillance and monitoring of “Rugen” OOD.

  1. How we collect the data

Clients

The Company usually collects and processes clients’ personal data when preparing, drafting and providing a reservation and accommodation in the facilities of “Rugen” OOD.

The Company usually does not process clients’ personal data in the preparation and sale of drinks and food in its establishments.

Clients’ personal data are processed when the client decides to participate in one of the programs or games organized by the Company. In such a case, clients’ personal data (the processed personal data may include, depending on the specific case, the client’s first and last name, current address, e-mail address, date of birth, telephone number, payment data and, where applicable, information about the order and places of purchase) are processed solely with the client’s consent, provided voluntarily in accordance with the rules of the relevant program and game.

Clients’ personal data are processed within customer programs for the purposes of facilitating the fulfillment of the respective client’s orders, for marketing (for example as part of the Company’s marketing campaigns, to provide information about new products, to deliver commercial messages of the Company or to notify the client about won prizes or other winnings) and for the purposes of tracking customer satisfaction.

Clients’ personal data (the processed personal data may include, depending on the specific case, the client’s first and last name, current address, e-mail address, date of birth, telephone number, payment data and, where applicable, information about the order and places of purchase) are also processed in cases of contact by a client with the Company in connection with expressing opinions, complaints, suggestions, objections, etc.

Website users

The Company uses cookies on its Website. Cookies provide faster and more efficient browsing of the Website and adapt the display of products and other content to the User’s personal interests and specific needs. Cookies are used to collect accumulated anonymous statistical data allowing understanding of the manner of use of the Website and enabling optimization of its structure and content, as well as to provide certain functions of the Website and to personalize advertisements.

The Company uses two types of cookies – temporary (session) and persistent cookies. Session cookies are used temporarily and are stored on the User’s device until the moment he/she logs out of the Website or closes the application (web browser). In contrast, persistent cookies remain on the User’s device for the period specified in the parameters of the respective cookie or until the User deletes them.

The information obtained through the use of cookies may be collected only for the purposes of mediation and performance of certain user functions. These data are encrypted in a manner that prevents access by unauthorized persons.

Generally, the application used to browse the Website allows storing cookie files on the User’s device under the initially set settings. This mode may be changed either by completely blocking cookies in the web browser settings, or by partially blocking them – in which case the User is notified each time the device stores cookies. More detailed information about the possibilities and methods for managing cookies is available in the settings of the application (web browser).

The Website collects information about the User’s IP address (i.e. the number that unequivocally identifies the network interface of the User’s computer network), the domain name, as well as the type of web browser and operating system. The purposes of processing these data are similar to those of cookies, which means that these data are used by the Company to collect statistical data for analyzing the use of the Website and for personalizing advertisements.

Users’ personal data are processed upon the presence of consent, provided voluntarily by the User by loading the Website or is expected by default in connection with the use of the Website.

The personal data of Users who register or submit an inquiry on the website are processed upon the presence of consent, provided voluntarily by the User when performing the registration or inquiry.

Employees and Potential employees

The Company processes the personal data of employees and potential employees within the scope necessary for selection and hiring of staff and the fulfillment of legal obligations (for example the obligation to withhold or pay taxes, to keep files for the purposes of health and social insurance, etc.). The employee undertakes to provide these data to the Company. Failure to provide these data should be considered a violation of legal requirements by the employee and/or the Company and may lead to the imposition of sanctions by the competent state authorities.

The Company processes employees’ personal data separately from legal requirements only with their consent and as part of certifying the legitimate interests of the Company or the performance of the contract concluded by and between the Company and the employee, more specifically for the purposes of processing personal data in CVs of job candidates in the Company, preparing advertising materials, managing the Company’s profiles in social networks, keeping records of the use of the Company’s service cars, providing information about Company events, protecting the Company’s property (mainly the use of video surveillance systems) or when ensuring access of authorized persons to the Company’s premises.

  1. What we do with the personal and other data we collect

First of all, we use the data you provide to us or that we collect in order to provide you with the products, services or information you have requested. We also use the data to improve functionality when using our Website.

It is possible that we use your data to provide you with information relating to products or services that may be of interest to you. In order to be able to automatically address client inquiries and to provide the services offered through our Website, it is possible that we share information with our service providers.

  1. Choice

You have the right to opt out of certain use and disclosure of your personal data, as specified in this Policy. Before disclosing sensitive data to a third party or processing sensitive data for a purpose other than the original purpose or a purpose subsequently authorized by you, “Rugen” OOD will make the necessary effort to obtain your explicit consent, where consent for processing is required by law or contract.

If you participate in any promotion, the personal data you provide will be processed in accordance with the privacy rules applicable to that promotion insofar as they differ from this Policy.

  1. Where we store your personal data

All personal data sent and collected through the websites are stored on our servers, on shared servers, on the servers of other controllers or processors of personal data with whom “Rugen” OOD has contracts for staff recruitment, or on the servers of our suppliers of goods and services. By using our websites, you agree that we store your data at the specified locations.

7.1. Provision of data to third parties

The Company provides already processed personal data only to partners with established technical and organizational measures for data protection and fulfillment of other obligations arising from Regulation (EU) 2016/679 of the EU of 27.04.2016 and the Personal Data Protection Act regarding data protection. The Company’s partners have access to personal data only within the scope necessary for the fulfillment of their obligations. Therefore, in certain cases, the Company provides personal data to other companies and third parties that provide services to the Company related to hosting personal data on shared servers, management of applications for loyalty programs, ensuring payments for purchases from the Company and analysis of marketing surveys. The personal data of the Company’s employees are provided to the external accounting company which collects accounting and tax archives and payrolls of the Company and, in some cases, to companies providing the Company with services that allow the Company’s employees to report cases of violation of legal provisions or in cases where the Company, its partners or employees act unethically.

Under no circumstances does the Company provide personal data to third parties for consideration.

7.2. Transfer of personal data to third countries

The Company may transfer personal data to countries outside the European Union and in certain cases to third countries (USA), regardless of whether there is a decision of the European Commission regarding the level of protection of personal data in these third countries equivalent to that existing in the European Union.

The transfer of personal data to other companies and third parties is carried out, if necessary, on the basis of a contract under which the recipient of personal data undertakes to maintain high standards for the protection of personal data (the transfer of personal data is based on the “standard clauses” for the protection of personal data pursuant to Article 46(2)(c) of the General Data Protection Regulation) and/or subject to the consent of the person whose personal data are transferred.

Retention period. The personal data you provide will be stored for a period no longer than necessary to achieve the purposes for which they are processed.

  1. How we protect your data

“Rugen” OOD applies organizational, physical, information technology and other necessary measures to guarantee the security and protection of your personal data and the monitoring of the processing of personal data.

Among other things, such security measures include the following activities:

  • “Rugen” OOD has established requirements for processing, registration and storage of personal data in internal procedures, compliance with which is monitored постоянно;
  • employees’ access to personal data and authorization to process personal data in the database of “Rugen” OOD is restricted depending on their duties;
  • “Rugen” OOD has established confidentiality obligations for its employees;
  • access to the office equipment of “Rugen” OOD and the computers of each employee is restricted;
  • we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act, as well as best practices from international standards;
  • for the purpose of maximum security during processing, transfer and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.

The security measures we apply are subject to continuous improvement and adaptation to the most modern technologies.

  1. Access

Where the law allows it, you may use any of the methods in Section 13 of this Policy to obtain confirmation that “Rugen” OOD processes personal data about you and to request access, correction or deletion of personal data processed by us, including when the data have been processed in violation of the principles of Regulation (EU) 2016/679 of the EU of 27.04.2016 and the Personal Data Protection Act. Such requests will be processed in accordance with “Rugen” OOD’s internal rules, aligned with Regulation (EU) 2016/679 of the EU of 27.04.2016 and the Personal Data Protection Act.

“Rugen” OOD respects and takes the necessary care to comply with the rights of data subjects, but there may be cases where it is impossible to provide the requested information, for example, but not only:

  1. when the law prevails over the rights of the data subjects;
  2. when it would pose a risk to the security of the data subjects;
  3. when it would interfere with the privacy of other persons or when it is commercial property.

If the Controller determines that access must be restricted in each particular case, “Rugen” OOD will make the necessary efforts to notify you of the reasons leading to the restriction of access to the information you requested and will provide you with contacts for further inquiries.

If necessary, the Data Protection Officer of “Rugen” OOD will contact another person to cooperate and complete the process of providing the data you requested. In order to protect your data, the Controller will take the necessary steps to confirm your identity before providing access to or before making any changes related to your data.

  1. Data integrity – purpose limitation

“Rugen” OOD processes the personal data it receives while you use the websites or as long as necessary to complete the purpose(s) for which they were collected, for example, but not limited to: until completion of the provided services, dispute resolution, legal defense, audits, in the presence of legitimate business interests, performance of agreements and compliance with applicable laws. Your consent for these purposes is not required.

  1. Further sharing

“Rugen” OOD does not provide personal data to third parties unless a client or potential employee requests or has given consent for such disclosure, or the disclosure is required by law. The Controller may share personal data with its service providers, consultants and affiliates for internal, business purposes or to provide you with a product or service you have requested.

Payment information will be processed only in order to fulfill the order; it is possible to be stored by our service provider for the purposes of future orders or for accounting reporting purposes.

The Controller requires from its suppliers or other processors of personal data, in writing, confidentiality consent and ensuring protection of personal data that they maintain on behalf of the Controller, including ensuring at least the minimum level of protection required by the principles of Regulation (EU) 2016/679 of the EU of 27.04.2016; the data not to be used for any purposes other than the purposes determined by the Controller. Suppliers must notify the Controller if they have found that they can no longer fulfill their obligations. With regard to further transfers of data provided to third parties, the Controller monitors the manner of processing of personal data, requiring a guarantee from the processing party that it complies with the principles of Regulation (EU) 2016/679 of the EU of 27.04.2016.

Your personal data are considered an asset of the company and may be disclosed or transferred to a third party in the event of a change in the legal organizational structure of “Rugen” OOD, for example in any reorganization, sale, merger, split, joint venture, assignment, consolidation or other type of acquisition, disposal, or financing of all or part of our business, or of some of the commercial assets or shares (including in connection with insolvency or similar proceedings). In these cases, your data are transferred to a third party so that you can continue to receive the same products and services or to maintain the same relationship with the third party.

Although we make all necessary efforts to preserve the confidentiality of the personal data collected by us, “Rugen” OOD reserves the right to disclose personal data to third parties under certain limited circumstances, including: (a) compliance with a law, search warrant, subpoena, judicial proceedings, judicial or administrative order; (b) response to a legal request by public authorities, including to meet national security requirements or to meet law enforcement requirements; (c) enforcement of the Controller’s policies or contracts; (d) collection of amounts due; (e) protecting users of the websites from fraud or abuse; (f) during emergencies where safety is at risk, as determined by the Controller; (g) when necessary for the establishment, exercise or defense of legal claims.

By decision of the Controller, server logs may be reviewed for security purposes, for example to detect unauthorized activity on the websites. In such cases, server data containing IP addresses will be shared with law enforcement authorities so that they can identify users in connection with their investigation of unauthorized activities.

  1. Security

Although there is no “guaranteed security”, we and our partners use commercially acceptable measures (including all steps required by applicable law) designed to protect your personal information from loss, unauthorized access, use, alteration, disclosure or other misuse.

  1. Rights of data subjects

You may also submit a complaint to your Supervisory Authority; for Bulgaria this is the Commission for Personal Data Protection, at the addresses indicated in this Policy. “Rugen” OOD will fully comply with the recommendations given by Supervisory Authorities and will take the necessary steps to eliminate any non-compliance with regulatory principles.

Commission for Personal Data Protection,
address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2;
website: www.cpdp.bg.

If you suspect a violation of legal requirements, you have the right to file a complaint with the supervisory authority for personal data protection.

Your legal rights are:

  • To request information about whether we process your personal data, what they are and for what purpose they are processed.
  • To request access to your personal data (“Data access request”). This enables you to receive a copy of the personal data we hold about you and to check whether we process them lawfully.
  • To request correction of your personal data held by us. You have the opportunity to correct any incomplete or inaccurate information we hold about you.
  • To request deletion of your personal data. This enables you to request that we erase or remove personal data if:
    • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    • you withdraw your consent on which the processing is based and there is no other legal ground for processing;
    • the data subject objects to the processing, including profiling, and there are no overriding legitimate grounds for the processing, or the data subject objects to processing for direct marketing purposes;
    • the personal data have been processed unlawfully;
    • the personal data must be erased to comply with a legal obligation under Union law or Bulgarian law;
    • the personal data were collected in relation to the offer of information society services.
  • To object to processing against certain types of processing, such as direct marketing (unsolicited advertising messages), as well as when processing is based solely on the Controller’s legitimate interest.
  • To object to automated decision-making, including profiling, i.e. not to be subject to any automated decision-making by us using your personal data or profiling.
  • To request restriction of processing of your personal data when:
    • you contest the accuracy of the personal data, for a period allowing the Controller to verify the accuracy of the personal data;
    • the processing is unlawful but the data subject does not want the personal data to be erased and requests instead the restriction of their use;
    • the Controller no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims;
    • you have objected to processing based on the Controller’s legitimate interest, while verification is pending whether the legitimate interests of the company override those of the data subject.
  • To request the transfer of your personal data in electronic and structured form to you or another person (commonly known as the right to “data portability”). This enables you to receive your data from us in a usable electronic format and to transmit them to another person in a usable electronic format.
  • To withdraw your consent. In the rare cases where you may have given consent to collect, process and transfer personal data for a specific purpose, you have the right at any time to withdraw your consent regarding that specific type of processing. After we receive notice that you have withdrawn your consent, we will stop processing your information for the purposes to which you originally consented, unless there is another lawful basis for us to do so.

The request may be made by completing an Application Form and sending it to the e-mail address of the Data Protection Officer or to the address of “Rugen” OOD.

In order to ensure that we have identified the correct person, it is possible that we contact you to confirm your request.

“Rugen” OOD undertakes to review your request without undue delay and in any case within 30 days of receipt of the request. In cases involving legal and factual complexity, this period may be extended by a further 30 days. You do not need to pay a fee for exercising the above rights. In case of a repeated request on the same grounds, if the request is manifestly unfounded or excessive, a fee may be charged.

In order to provide complete, accurate and clear information in the request, it is possible that we ask you for specific identifying data that will help us confirm your identity. This is an additional security measure ensuring that your personal data will not be disclosed to persons who are not entitled to receive them.

  1. Information concerning children

We do not knowingly collect personal information from children under the age of 16. If we learn that we have collected personal information of a child under the age of 16, we will take steps to delete the information as soon as possible or to obtain the consent of the person with parental responsibility for the child.

If you are a parent or legal representative of a child who you think has provided us with personal data, please contact our data protection officer and he will take immediate action to delete the information in accordance with applicable law.

  1. Links to third-party websites

Please note that the Website may contain links to other websites for your convenience and information. The Controller does not control websites external to the company, nor their privacy practices. Please note that they may differ from those set out in this Policy. “Rugen” OOD does not endorse and makes no representations about third-party websites. Personal data that you choose to provide to websites not affiliated with us are not covered by this Policy. We encourage you to review the privacy policies of other websites before providing your personal data. Some third parties may choose to share their users’ personal information with us. This sharing is governed by the company’s privacy policy, not by this Policy.

  1. Changes to the Privacy Policy

The Controller may update this Privacy Policy. When the Policy is changed, we will update the “last revision” date located at the top of the Policy.

If there are any changes to this Policy, we will notify you. We encourage you to read our Privacy Policy so that you are informed about how we protect the information provided by you.

If you continue to use the Website after the publication or amendment of the Policy, this will be deemed as your consent to be bound by it and any similar changes to it.

Any change to this Privacy Policy takes effect immediately after its publication.

  1. Other relevant policies

This Policy may be supplemented by one or more special policies or privacy notices. In the event of a conflict between this Policy and any special policy, the applicable special policy prevails.

In addition, you have the right to lodge a complaint with the Commission for Personal Data Protection: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2 or in electronic form on the Commission’s website: https://www.cpdp.bg.

This policy is approved and enters into force as of April 2023.

 

Schedule a Visit