Privacy policy

Privacy policy

Latest amendment: 25th of May, 2018

The policy described herein (“Policy”) is implemented in SPA HOTEL ELBRUS.

In Grand Hotel Velingrad we strive to provide excellent products, services and experience throughout the world. We value your business highly, and even more importantly – we value your loyalty highly. We know that confidentiality is very important. We have developed the current policy, in order to clarify our practices regarding personal data, collected from you or for you on this website or through our applications, through written and verbal communication with us when you visit our premises, and from other sources.

By using any of our products and services and/or through agreeing with this Policy, for example, during registration, for any of our products or services, you agree to the collection and use of personal data as described in this document.


In any instance of contact or interaction with the guests and in carrying out all aspects of our work, it is possible that we collect personal data. This data may include: your contact information; information, related to your reservation, stay or visit; participation in a membership or the Loyal Customer Programme; participation in a competition, lottery or marketing program (even if you’re not staying in one of our hotels); information, related to the purchase and receipt of products or services; personal characteristics, nationality, income, passport number, date and place of passport issue, travel history, payment information, for example, bank card number and other bank card information, as well as authentication information and other similar data for invoicing and payment account, related to mobile payments; preferences as guests; preferences for communication and marketing; information regarding the vehicles you bring to our premises; other types of information, which you chose to provide us with or which we can receive about you.

Additionally, in specific instances we also collect other personal data, for example:

Participation in the Grand Hotel Velingrad Loyal Customer Programme on the website:

When you sign up for this program, you will be invited to enter with your electronic address, Facebook or Google+ profile, in order to be able to use all the benefits of the program. Keep in mind, that under these circumstances we will administer your personal data, which we have not received personally by the data subject. Be informed that this data will only be used for the purposes of the tourist services, provided by us, in our capacity as co-administrator of personal data.

*Studies: We may ask you about demographic and other personal data within the framework of customer studies.

* Data collected on our premises: We collect additional data when you register at our premises, including data requested under the Tourism Act. We may also use a hidden surveillance system and other security measures on our premises, which may capture or record photos of guests and visitors in public areas, as well as location information about you during your stay on our premises (through access cards and other technologies). We may also use a video surveillance system and records of sound or video, in order to provide protection for our employees, guests and visitors, on our premises, when this is permitted by law. At the Reception we record video and sound. This capture (observation) is carried out only with the aim to provide protection and security for our guests, and is only carried out in the public spaces of the hotel (not in your room). Be informed, that the capture does not relate to the processing and collection of personal data, and is not carried out with this aim, and therefore the records are deleted within the term set in legislation. We may also collect personal data in relation to services at the premises, such as concierge, fitness clubs, SPA centers, events, childcare services and equipment rental.

* Events profiles: If you plan an event with us, we collect details regarding this event, date of the event, number of guests, details on the rooms where guests stay, and, in case of corporate events – information on your organization (name, annual budget and number of sponsored events per year.) We also collect information on the guests, who participate in your group or event. If you visit us as part of a group, we may have personal information about you, provided to us by the group, and you may receive offers from us as a result of your stay in a group or participation in an event, depending on your preferences and to the extent that this is permitted by law. If you visit us as an event participant, we may share your personal data with the event organizers, to the extent that this is permitted by law. If you are an event organizer, we may share information about your event with third parties, providing services, who may offer their event services to you, to the extent that this is permitted by law.

* Social networks: If you choose to participate in activities or offers in social networks, sponsored by Grand Hotel Velingrad, we may receive some information from your social network account, in our capacity as co-administrator of personal data together with the social networks, depending on your settings in the respective social network, such as location, registrations, activities, interests, photos, status updates, and friends lists. We may also provide you with the opportunity to participate in photo competitions, for example, related to photos taken during your stay with us, which you can share with your social network contacts for evaluation and voting, shared offers and other promotions. These photos are not processed by us as personal data and are not deemed personal data.

Apart from the information, which we collect directly for you, we may also infer information about you based on the data you provide us with, or from other information, which we receive. In such instances, we wil express you inform you by e-mail regarding the additionally collected personal data, their source, and the fact, that they will only be used for the purposes of provision of our tourist services.


We use your personal data in many ways, including the provision and personalization of services, which you request and expect from Grand Hotel Velingrad, provision of the hospitality you expect in the room and everywhere on our premises, management of the Loyal Customer Programme, marketing promotions and sales, as described below

Participants in the Loyal Customer Programme: If you are a participant of our programme, we use your information for the personalization of your experience when you use our services. We also use your data for the dissemination of news, promotional materials, and transaction materials regarding different Grand Hotel Velingrad services, as well as for the personalization of advertisements and content, provided to you through online, e-mail, mobile and visual advertisement, as well as on our website and in our social media profiles, depending on the preferences you have given with regard to the receiving of notifications.

Planning of meetings and events: We may use your personal data, in order to provide you with information regarding the planning of meetings and events.

* * Marketing and communications: Within what is permitted, we may use your personal data, in order to provide you with or offer you bulletins, promotions and updated special offers, as well as other marketing notifications, depending on your notification preferences. We use your personal data in order to provide notifications during your stay, notifications regarding accounts and reservation confirmations, and marketing notifications, and to carry out studies, lottery betting, lotteries and other competitions. We may provide these notifications through e-mail, post, social networks, telephone, text message (including SMS and MMS), targeted notifications, notifications in applications and other means (including notifications in the premises, for example, through the TV in your room). With your permission we will also use user generated content (for example – photos) the social media services for the provision of visual advertisements on our websites and in our apps in case of co-administration with these third parties.

We collect information regarding your bank card, which may be added to your personal data and used by Grand Hotel Velingrad, in order for us to provide you with and/or send you targeted marketing notifications based on your payment method and depending on your notification preferences. We may also partner with third parties, in order to understand whether a visitor to our premise has a discount offer in case of immediate payment, related to his/her bank card, and we may provide the visitor with advertisements information, clarifying how they can use the respective offer during their stay in Grand Hotel Velingrad.

*Service improvement: We may use your personal data to introduce improvements of the services, provided by Grand Hotel Velingrad, and in order to guarantee, that our premises, products and services, are of interest to you. We also use your personal data in order to provide you with the expected level of hospitality in your room and on our premises. This can include the provision of the possibility to manage technologies in your room through our website, or applications from your personal devices.

* Accuracy, analysis and personalization of data: We may also summarize your personal data with information from third parties, in order to maintain the information updated for analysis. We may also depend on information from third parties when we provide better and more personalized services. If, for example, you link your social media services or other accounts with our services, we can use this information to provide you with a more personalized social experience with us, or to share the information as described elsewhere in this declaration.


In order to provide you with the expected level of hospitality and the best service, we may share your personal data with our service providers and third parties, as described below:

* Group events and meetings: If you visit SPA hotel Elbrus as part of a group event or meeting, the information, collected during the planning of the meeting or event, will be shared with the organizers of these events and meetings, and, when necessary, with the guests, who organize or participate in the event or meeting.

Business partners: We may collaborate with other companies, in order to provide you with products, services, or offers, based on your experience on our premises. In relation to this, we may share your data with our business partners. For example, we can help you in finding a rental car or other services from our business partners, and share personal data with these business partners, in order to provide these services. We may also share your personal data, like, for example, your e-mail address, with our corporate partners in the tourism sector, or to participate in marketing activities with co-participation of other brands together with our corporate partners in the tourism sector. In the case of such co-administration, in order to protect your personal data, we request from third parties to provide the same level of protection, as provided by Grand Hotel Velingrad.

Services on the premises: We may share personal data with third party providers, who provide services on the premises, such as concierge, SPA procedures, golf or restaurants. In the case of such co-administration, in order to protect your personal data, we request from third parties to provide the same level of protection, as provided by Grand Hotel Velingrad.

* Service providers: We rely on third parties who provide services and products on our behalf, and we may share your personal data with them, when necessary and appropriate. In general, our service providers are required by contract to protect your personal data and don’t have the right to use or share your personal data in any other way, except as required by law. Regardless of this, our service providers may use your personal data to investigate cases of fraud, without sharing the data. We may use service providers who may provide you with news or provide you with promotional materials and transaction materials on our behalf, including personalized online and mobile advertisements depending on your notification preferences. In the case of such co-administration, in order to protect your personal data, we request from third parties to provide the same level of protection, as provided by Grand Hotel Velingrad

* Others: In addition, SPA hotel Elbrus may disclose personal data, in order to (a) comply with applicable laws, (b) answer to requests for information for the government or public bodies (c) comply with applicable legal procedures (d) protect the rights, confidentiality, safety or property of Grand Hotel Velingrad, web-site visitors, guests, employees or the public. (e) allow us to demand limitation or reduction of damage, which may be caused to us (f) apply the terms and conditions on our websites (g) react in emergency situations.


When you visit and use the website of Grand Hotel Velingrad we collect other data, which do not directly disclose your identity (pseudonymization), related to your use of the website, like, for example, a catalogue of the websites you visit and the number of times you visit our sites (“Additional information”). We use additional information and data, received by third countries, to provide you with e-mail, online (on our and other websites) and mobile advertisements.

We use cookies and other technologies (like, for example, pixel etiquettes, web beacons, clean gif, links in e-mails, JavaScript, device IDs in Google and Apple and similar services) to receive this information. If you want to remove or block cookies at any time on your device, you can update your browser settings (check your browser help menu, in order to learn how to delete or block cookies). Grand Hotel Velingrad is not responsible for your browser settings. You can find good and easy to understand instructions for the management of cookies on different types of web-browsers on

A note for EU Citizens: If you are in Europe, you can also change your cookie preferences. To do this, you need to make changes to the “Cookie settings”.

We may use the information, collected and summarized by us, or anonymized personal data, received by third parties, in order to learn more about our customers (for example, we can use summary information, in order to define the percentage of users we have with a certain telephone code). This includes demographic data, such as date of birth, sex, family status, inferable trade interests, such as favorite products and activities, and other information, which we may collect from you or third parties.

Inasmuch as the Additional information does not disclose your identity, we can disclose this information for all purposes, as long as it’s permitted by law. In some cases we may combine Additional information with personal data. If we combine Additional information with Personal data, the combined information will be treated as personal data in accordance with this Declaration.


The term “sensitive information” relates to information regarding race, ethnicity, political views, religious or philosophical beliefs, participation in trade unions, health condition, sexual life or sexual orientation, genetic information, judicial past and all biometric data, used to identify you. We do not collect confidential information, except if you provide it to us voluntarily. We may use health information, provided by you, for the provision of better services and meeting your specific needs (for example in order to provide access to people with disabilities). With regard to this type of information (in case it’s collected and processed), special class two technological processes for personal data storage and encryption are applied.


As a parent or legal guardian, do not allow your children to send personal data without your permission. If we still receive, process and store personal data for children under 14 years of age, these data are stored under a special regimen of storage ant processing of children’s personal data.


Our website may contain links to third party websites. Take into account, that we are not responsible for the collection, use, maintenance, sharing or disclosure of data and information by these third parties. If you provide information to and use third party websites, the confidentiality regulations and conditions regarding the service provided by these websites are applied. We recommend that you read the confidentiality regulations regarding websites you visit before you send personal data.


SPA hotel Elbrus will take reasonable measures to: (a) protect personal data against unauthorized access, disclosure, change or destruction (b) maintain accurate and updated personal information, as appropriate. We also require from service providers, with whom we share personal data, to take measures analogical to ours, for the provision of confidentiality for your personal data. For online transactions we use special technological means for personal data protection with regard to the data you send us through our website. However, regrettably, there is no security system or data transfer system online, which is guaranteed to be completely secured, and in case of breach, we are under the responsibility to address the case to the Personal Data Protection Commission within 72 hours.

We will contact you through mobile/text notification or e-mail, in order to ask you to provide us with your confidential data or bank card data. We will ask about bank card data on the phone only in case you are making a reservation or are reserving a promotional package. We will not contact you to request your account log-in information for the Loyal Customer Programme of Grand Hotel Velingrad. If you receive such a request, you should not respond.


Within the framework of applicable legislation, you can ask about information regarding the personal data we store about you and, when appropriate, to request its update, correction or deletion (“right to be forgotten”) of your personal data, which we maintain in our active database. We will perform all necessary updates and changes within the time-frame, set out in applicable law, and where it’s permitted by law we may request a certain tax to cover the costs related to the request. Such requests must be sent in written form to In order to protect the confidentiality of your personal data, we can only reply to such requests through the e-mail address you used when you registered or provided to us by other means. Please remember, that when you make such a request, it’s possible that we will not be able to provide you with the same quality and diversity of services you are used to.

Additionally, under certain circumstances, based on applicable law, you can request that we stop sharing your personal data with our business partners, or that Grand Hotel Velingrad deletes limits or pseudonymises your personal data. To this end you need to contact us on the e-mail, specified above. We will try our best to reply to these requests in compliance to the General Data Protection Regulation (GDPR).


We store your personal data for the period, necessary for the achievement of the goals, described in this Policy document and/or one year after we have provided you with a tourist service, except in cases where a longer storage period is necessary or allowed by applicable law.

Upon your request, or when we no longer need your data for the provision of the tourist service, which was provided to you, we will delete your personal data in the shortest possible period and in a way, in which it can’t be reproduced or recovered immediately.

If your data exists on paper, they will be destroyed securely, for example through machine shredding or burning or in another similar way, and if they are in electronic format, the personal data will be destroyed through technical means, so that they can’t be reproduced or recovered.


We may sporadically change this Policy. You will know when the current document has been amended, if you check the link and date at the beginning. All amendments to our Policy will take effect upon publication of the amended Policy on the website. By using the website and/or any of our products and services, you accept the amended Policy which is effective at the time.


If you have any questions regarding this Policy or the way in which SPA hotel Elbrus processes your personal data, you can contact us via e-mail at or by regular mail at the address “SPA hotel Elbrus”, 116' Khan Asparuh Boul., Velingrad