Privacy and personal data

The current policy for protection of personal data aims in accordance with the requirements for information under Art. 13 and Art. 14 of the General Data Protection Regulation (GDPR) to inform you about the personal data processing activities performed by Borovete I AD, the purposes for which the data are processed, the measures and guarantees for the protection of the processed data, your rights and the manner , in which you can exercise them, in accordance with the requirements of Regulation (EU) 2016/679 of the EU of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Therefore, please read its contents carefully. If you have any questions, you can ask them at the following e-mail address: Information about the administrator and contact him.

Borovete I AD, hereinafter referred to as the Company, is a legal entity entered in the Commercial Register and the Register of Non-Profit Legal Entities at the Registry Agency with UIC: 204605689, with registered office and address of management: Varna, Sts. Constantine and Helena resort, an administrative building, represented by Petranka Georgieva Dobreva in her capacity as executive officer.

Borovete I AD is an administrator of personal data that are processed during or on the occasion of exercising the powers assigned to it by Regulation 2016/679 and the Personal Data Protection Act.


For the purposes of this policy:

Personal data is any information relating to a natural person that is identified or can be identified directly or indirectly by an identification number or by one or more specific features. The data may relate to facts (eg name, e-mail address, location or date of birth) or to an opinion on the actions or behavior of the Data Subject.

Personal data controller is a natural or legal person, public body, agency or other structure, which alone or together with others determines the purposes and means for the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for determining it may be laid down in Union law or in the law of a Member State.

Processing of personal data is any action or set of actions that can be performed on personal data by automatic or other means, such as collection, recording, organization, storage, adaptation or modification, recovery, consultation, use, disclosure by transmission , distribute, provide, update or combine, block, delete or destroy.

Direct marketing is a set of activities aimed at improving the quality of our services and their compliance with the exact needs and interests of our guests and analysis of their satisfaction. This includes activities such as: online advertising campaigns, e-mail marketing, surveys, user profiling and more.

Processing of personal data

In order to provide and improve the services we provide and for the needs of administering the resources to them, we store, use and process personal data in compliance with applicable legal requirements.

Purposes and grounds for processing personal data, categories of processed data.

In order to provide and improve the services we provide and for the needs of administering the resources to them, we store, use and process personal data in compliance with applicable legal requirements.

  1. In order to make a request and confirm a reservation, Borovete I AD collects and processes the following types of data:

a/ Reservation through website: - Contact person’s name and surname; Contact person’s e-mail address and phone number; b/ Reservation through telephone: - phone number and e-mail address for confirmation of the reservation – Contract person’s name and surname

This data is stored until the reservation is made. Then the data is destroyed and their further processing is impossible.

  1. For the purpose of accommodating guests in Aquahouse Hotel & SPA, the administrator processes and stores the following data:


Name of the person (for Bulgarian citizens - in Cyrillic, for foreigners - in Latin, according to the national document);

Date of birth;



ID No. / valid national identity document;

Country, issued the national document;

The data collected for the purposes of registration at the hotel are collected on the basis of Art. 116, para 2 of the Tourism Act and are necessary for keeping a register of accommodated tourists. The data is stored for a period of 5 / five / calendar years.

3.3. For the purposes of the realization of corporate or personal events in Aquahouse Hotel & SPA the following data are processed and stored:

two names of the person, responsible for the organisation of the event; for corporate event – contact person, stated legal entity, person, responsible for the organisation of the event; две имена на лицето организатор на събитието. При корпоративни събития лице за контакт, посочено от юридическото лице, организатор на събитието;

contact person’s phone number and e-mail address

These data are stored for up to 3 / three / calendar years after the event.

  1. For the purpose of direct marketing, including analyzing and profiling of the target audiences and following satisfaction of our clients we process the following data:

E-mail address

IP address






Behavior of users of the site

The explicit consent of the data subject is required for the processing and storage of this data. The data that are processed for the purposes of direct marketing are stored for a period of 26 / twenty-six / months or until the withdrawal of consent.

The purpose of collecting this data is to provide you with personalized offers and services that meet your needs and expectations.

Principles of processing

When processing personal data, we adhere to the following principles:

legality - when collecting, processing and storing your data, we comply with the provisions of applicable Bulgarian and European legislation;

good faith and transparency - the data we collect, process and comply with this privacy policy, which is available to each user;

Correlation of the processing with the purposes and minimization of the data - the types of data that we collect are minimized, according to the purposes for which they are processed. The purposes for which your data is processed are those for which we have obtained your consent;

storage restriction - we process and store the received data for a period of time, according to the purposes for which they are needed and according to your consent.

user consent to data processing - in order to use your data for marketing purposes, in order to improve the services we provide, we must obtain your explicit consent.

Electronic (E-mail) newsletter and direct advertising

Please note that when you send an inquiry to Aquahouse Hotel & SPA (for price conditions, for a reservation, for clarification about a reservation already made, for an event and / or other issues related to the services provided by the hotel) you give your consent " Borovete I AD to store and process the personal data provided by you for the purposes of the inquiry.

After sending your request, you will receive from Borovete I AD a proposal to give your consent, to process your data for the following purposes:

-for the purposes of direct marketing, as well as to receive newsletters for our current proposals travel ideas and organized games and events;

-for surveys about your satisfaction with our services;

With our e-newsletter we regularly inform you about the offers and services of our hotels belonging to the chain А Hotels, as well as for our partners from Gallery hotel Graphite, Cook’s club Sunny beach hotel, Sunrise hotel, Primorski hotel, Aquahouse Thermal and Beach. By agreeing to the processing of your data for the purposes of direct marketing, you will not only receive up-to-date information about our most attractive offers, but will also contribute to the improvement of our services. By giving our consent, we will provide you with information about preferential terms and offers, as well as a wide range of products and services, or we will direct your attention to those that may be of interest to you. This information may include references to special offers, new products and new services.

If you wish to receive the e-newsletter, we will need your valid e-mail address. For those who sign up for our newsletter, we use the so-called double opt-in procedure. This means that after registration we send you an e-mail to the specified e-mail address, where we ask you to confirm that you want to be sent a newsletter. If you do not confirm your registration within 2 weeks, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses and login and confirmation times used on a case-by-case basis. The purpose of the procedure is to be able to prove your registration and, where necessary, to clarify any potential misuse of your personal data. As a subscriber to the e-newsletter, you can withdraw your consent to the processing of your e-mail address for sending the newsletter at any time. The consent can be revoked through the link provided for this purpose in each e-newsletter or by sending an e-mail entitled "unsubscribe" to

Rights of data subjects.

The measures taken to protect personal data in accordance with the requirements of Regulation 2016/679 are aimed at ensuring the rights of subjects whose personal data are processed, namely:

Right of access. With a written application you can get information about the type of personal data provided and the purpose of their processing. The application can be submitted in person at the specified contact address or electronically from the e-mail address you provided us, as processing data, to under the terms of the Electronic Document and Electronic Certification Services Act, the Act for e-government and the Electronic Identification Act. Your application must contain three names, PIN, feedback address, description of the specific request and the preferred form for obtaining information when exercising your rights, signature, date of submission of the application.

Right to correct inaccurate or incomplete data. When accessing your data, you can request that it be corrected in case you find errors or inconsistencies. Right of deletion (right to be forgotten), if the conditions of art. 17 of Regulation 2016/679 - after providing access to your personal data, you may request that we remove any records of your personal information, without the possibility of further processing

Right to data portability. Users have the right to receive their data, which Borovete I AD stores when it is provided in a structured, widely used and machine-readable format. Users also have the right to transfer this data to another controller of personal data without hindrance by Borovete I AD, in cases and in respect of data provided by consent, in cases of data provided under a contract to which the user is a party. or data provided when taking steps by the consumer and requesting a contract.

Right to object. Users have the right to object to the processing of their data. The objection is addressed to Borovete I AD, in the order of obtaining access to personal data. Borovete I AD undertakes to consider your objection and to inform you within 30 calendar days of its receipt of the results of the internal inspection.

Right to limit processing within the meaning of Article 18 of Regulation 2016/679.

The right of the data subject not to be the subject of a decision based solely on automated processing, including profiling.

Right to appeal to the Commission for Personal Data Protection or to the court.

If you believe that your rights under Regulation 2016/679 have been violated, you can file a complaint to the Commission for Personal Data Protection or to the Administrative Court - Varna Protection of personal data Privacy of personal data We use electronic methods of personal data processing in order to ensure accurate and fast provision of services and assistance to consumers. The process of processing your personal data provided to Borovete I AD is carried out in accordance with the applicable legislation in the field of personal data protection, and Borovete I AD respects your personal privacy. Personalization and cookies New technologies allow us to customize our website for each individual client. Cookies are text files that contain information that allows returning users to be identified. Cookies are stored locally on the device you use to access our website: and do not cause damage to your system. Cookies relieve you of the need to enter data more than once, facilitate the transmission of specific content and help identify your preferences (appearance and usability settings). Accumulating and analyzing this information allows us to improve electronic services and the overall user experience so that they meet as closely as possible to your needs. You can find out about our cookies and other technologies in our Cookies Policy.

Security of personal data Borovete I AD applies technical and organizational security measures in order to protect the personal data you have provided from accidental or unlawful destruction, accidental loss, unauthorized access, alteration or dissemination, as well as other illegal forms of processing by unauthorized persons. The security measures we apply are subject to constant improvement and adaptation to the latest technologies.

The collected personal data may be provided to partners of Borovete I AD, who act as processors of personal data on behalf of Borovete I AD and are committed to comply with all applicable standards for personal data protection. We comply with the condition that the relevant information may be used only within the limits set by the legal basis on which they are collected or by your personal consent to the processing carried out on behalf of Borovete I AD, and that this information should be treated as confidential.

Borovete I AD may disclose and provide personal information in accordance with applicable law, if a court or administrative body orders or requires this or if the provision of personal data is related to the fulfillment of a legal obligation of Borovete I AD. The data collected for the purposes of accommodation in Aquahouse Hotel & SPA is available to third parties specified in the Tourism Act - the Ministry of Tourism, the Municipality of Varna and the Minister of Interior, the National Revenue Agency and the National Statistical Institute. Changes in the rules for personal data protection The rules of Borovete I AD for personal data protection may be changed unilaterally by Borovete I AD in view of their improvement, offering new services, changes in the way of service and communication with our customers, as well as in connection with legislative changes. When making changes to the current rules for personal data protection, Borovete I AD brings to your attention the changes made by publishing them on our website, giving you a reasonable period of time to familiarize yourself with them after the expiration to which they begin to apply in the processing of your personal data without further notice. If you declare that you reject the changes within this period, it will be considered that you have withdrawn your consent to the processing of your personal data and Borovete I AD will suspend their processing in the future. This may be related to the termination of your registrations for our games, services, e-newsletters, etc., for the purposes of which you originally provided us with your personal data.

Contact the team of Borovete I AD if you have any questions regarding our measures and rules regarding the protection of personal data, please send a message to the following address with the topic Borovete I AD - Personal data protection: