Last Updated:  Dec 14, 2022

TC (THRACIAN CLIFFS) PRIVACY POLICY

This privacy policy describes the privacy practices of Thracian Cliffs Golf and Spa Resort EAD, with VAT Number BG121237306, which company is incorporated under the laws of the Republic of Bulgaria, with address for correspondence: Bulgaria, 9656, Dobrich district, Kavarna Municipality, Bozhurets village, operating Thracian Cliffs Golf and Spa Resort.
We appreciate your choice to be our guest. We recognize that privacy is important to you. So, we would like you to be familiar with how we collect, use and disclose data.
We collect the data by one or more of the describe below options:

  •  through our website www.thraciancliffs.com, which is owned or controlled by the TC Group (the “Website”)
  •  through our Online Reservation system (the “Reservation system”)
  •  through our social media pages that we control from which you are accessing this Privacy policy (collectively, our “Social Media Pages”)
  •  through HTML-formatted email messages that we send you that link to this Privacy Policy and through your communications with us
  •  when you visit or stay as a guest at the Resort, or through other offline interactions

Collectively, we refer to the Website, the Online Reservation system and our Social Media Pages, as the “Online Services” and, together with offline channels, the “Services.”  By using the Services, you agree to the terms and conditions of this Privacy Policy.

Collection of Personal Data

“Personal Data” are data that identify you as an individual or relate to an identifiable individual. We may process the following categories of data, in accordance with law, depending on the request made by you, such as:

  •  Name
  •  Gender
  •  Postal address
  •  Telephone number
  •  Email address
  •  Credit and debit card number or other payment data
  •  Language preference
  •  Date and place of birth
  •  Nationality, passport, visa or other government-issued identification data
  •  Important dates, such as birthdays, anniversaries and special occasions
  •  Employer details
  •  Travel itinerary, tour group or activity data
  •  Prior guest stays or interactions, goods and services purchased, special service and amenity requests
  •  Geolocation information
  •  Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts

In more limited circumstances, we also may collect:

  •  Data about family members and companions, such as names and ages of children
  • Video data via our security cameras located in public areas in our properties;
  •  Guest preferences and personalized data (“Personal Preferences”), such as your interests, activities, hobbies, food and beverage choices, services and amenities of which you advise us or which we learn about during your visit

If you submit any Personal Data about other people to us or our Service Providers (e.g., if you make a reservation for another individual), you represent that you have the authority to do so and you permit us to use the data in accordance with this Privacy Policy.

How We Collect Personal Data

We collect Personal Data in a variety of ways:

  • Online Services. We collect Personal Data when you make a reservation, use services, purchase goods, communicate with us, or otherwise connect with us or post to social media pages, or sign up for a newsletter or participate in a survey, contest or promotional offer. 
  • Property Visits and Offline Interactions. We collect Personal Data when you visit the Resort or use on-site services and outlets, such as restaurants, beach services, Spa center, child care services, and other services, provided by us. We also collect Personal Data when you attend promotional events that we host or in which we participate, or when you provide your Personal Data to facilitate an event.
  • Reservation Office. We collect Personal Data when you make a reservation over the phone, communicate with us by email, fax or via online Reservation System or contact customer service.
  • Owners. We collect Personal Data from Owners of TC Group branded properties that we manage. Owners are independent from the TC Group.
  • Business Partners. We collect Personal Data from companies with whom we partner to provide you with goods, services or offers based upon your experiences at our properties or that we believe will be of interest to you (“Business Partners”). Examples of Business Partners include on-site outlets, travel and tour partners, rental car providers and travel booking platforms. Business Partners are independent from the TC Group.
  • Other Sources. We collect Personal Data from other sources, such as public databases, joint marketing partners and other third parties.

Collection of Other Data

“Other Data” are data that generally do not reveal your specific identity or do not directly relate to an individual. To the extent Other Data reveal your specific identity or relate to an individual, we will treat Other Data as Personal Data. Other Data include:

  •  Browser and device data
  •  Online Reservation system usage data
  •  Data collected through cookies, pixel tags and other technologies
  •  Demographic data and other data provided by you
  •  Aggregated data

How We Collect Other Data

We collect Other Data in a variety of ways: 

  • Your browser or device. We collect certain data through your browser or automatically through your device, such as your Media Access Control (MAC) address, computer type (Windows or Macintosh), screen resolution, operating system name and version, device manufacturer and model, language, internet browser type and version and the name and version of the Online Services (such as the Apps) you are using. We use this data to ensure that the Online Services function properly. 
  • Your use of the Online Reservation System. We collect certain data when you use the online Reservation System such as the date and time when your device accesses our servers and what data and files have been downloaded to the system based on your device number.
  • Cookies. We collect certain data from cookies, which are pieces of data stored directly on the computer or mobile device that you are using. Cookies allow us to collect data such as browser type, time spent on the Online Services, pages visited, referring URL, language preferences, and other aggregated traffic data.  We use the data for security purposes, to facilitate navigation, to display data more effectively, to collect statistical data, to personalize your experience while using the Online Services and to recognize your computer to assist your use of the Online Services.  We also gather statistical data about use of the Online Services to continually improve design and functionality, understand how they are used and assist us with resolving questions. Cookies further allow us to select which advertisements or offers are most likely to appeal to you and display them while you are using the Online Services or to send marketing emails. We also use cookies to track responses to online advertisements and marketing emails.
    Most modern browsers allow you to manage cookies saved on your computer. For example, you may wish to accept all cookies or reject all cookies. If you do not want data collected with cookies or to change your preferences, you may refer to your web browser settings.
  • Analytics. We collect data through Google Analytics and Adobe Analytics, which use cookies and technologies to collect and analyze data about use of the Services. These services collect data regarding the use of other websites, apps and online resources. You can learn about Google’s practices by going to www.google.com/policies/privacy partners/  and opt out by downloading the Google Analytics opt out browser add-on, available at https://tools.google.com/dlpage/gaoptout  . You can learn more about Adobe and opt out by visiting http://www.adobe.com/privacy/opt-out.html  .
  • Your IP Address. We collect your IP address, a number that is automatically assigned to the computer that you are using by your Internet Service Provider (ISP).  An IP address is identified and logged automatically in our server log files when a user accesses the Online Services, along with the time of the visit and the pages that were visited. We use IP addresses to calculate usage levels, diagnose server problems and administer the Online Services. We also may derive your approximate location from your IP address.
  • Aggregated Data. We may aggregate data that we collected and this aggregated data will not personally identify you or any other user.

Use of Personal Data and Other Data

We use Personal Data and Other Data to provide you with Services that you request, to develop new offerings and to protect the TC Group and our guests as detailed below. In some instances, we will request that you provide Personal Data or Other Data to us directly. If you do not provide the data that we request, or prohibit us from collecting such data, we may not be able to provide the requested Services.
We use Personal Data and Other Data with your consent, for our legitimate business interests, including the following:
Provide the Services you request. We use Personal Data and Other Data to provide Services you request, including:

  •  To facilitate reservations, payment, send administrative information, confirmations or pre-arrival messages, to assist you with meetings and events and to provide you with other information about the Resort, the activities, the transfers etc.
  •  To complete your reservation and stay, for example, to process your payment, ensure all requested services and provide you with related customer service
  • To manage our contractual relationship with you, because we have a legitimate interest to do so and/or to comply with a legal obligation.
  • Personalize the Services according to your Personal Preferences. We use Personal Data and Other Data to personalize the Services and improve your experiences, including when you contact our Reservation office, visit the Resort or use the Online Services, to customize your experience according to your Personal Preferences and to present offers, tailored to your Personal Preferences.
  • Communicate with you about goods and services according to your Personal Preferences. We use Personal Data and Other Data to send you marketing communications and promotional offers.
  • Business Purposes. We use Personal Data and Other Data for data analysis, audits, security and fraud monitoring and prevention (including with the use of closed circuit television, card keys, and other security systems), developing new goods and services, enhancing, improving or modifying our Services, identifying usage trends, determining the effectiveness of our promotional campaigns and operating and expanding our business activities.

Disclosure of Personal Data and Other Data

Our goal is to provide you with the highest level of hospitality and Services, and to do so, we share Personal Data and Other Data with the following:

  • TC Group. We disclose Personal Data and Other Data to other companies within the TC Group for the purposes described in this Privacy Policy, such as providing and personalizing the Services, communicating with you and to accomplish our business purposes. We share your Personal Data and Other Data used for making a reservation only to fulfill and complete your reservation.
  • Business Partners. We disclose Personal Data and Other Data with select Business Partners who provide goods, services and offers that enhance your experience at our Resort or that we believe will be of interest to you. By sharing data with these Business Partners, we are able to make personalized services and unique travel experiences available to you. For example, this sharing enables us to provide you packages that include travel-related services, such as airline tickets, rental cars, transfers, excursion…
  • Service Providers. We disclose Personal Data and Other Data to third-party service providers for the purposes described in this Privacy Policy. Examples of service providers include companies that provide telecommunication services, website hosting, data analysis, payment processing, order fulfillment, information technology and related infrastructure provision, customer service, email delivery, marketing, auditing and other services. 
  • Corporate Reorganization. We may disclose or transfer your Personal Data and Other Data to a third party in the event of any reorganization, Franchisee, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of the TC Group business, assets or stock (including any bankruptcy or similar proceedings).

Other Uses and Disclosures

We will use and disclose Personal Data as we believe to be necessary or appropriate: (a) to prevent injury or damage to the health of an individual (b) to comply with  applicable law, including laws outside your country of residence or to comply with legal process; (c) to respond to requests from public and government authorities, including authorities outside your country of residence and to meet national security or law enforcement requirements; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect the rights, privacy, safety or property of the TC Group, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Non-TC Group Entities

This Privacy Policy does not address, and we are not responsible for the privacy, data or other practices of any entities outside of the TC Group, including Owners, Business Partners or any third party operating any site or service to which the Services link. We have no control over, and are not responsible for, any third party’s collection, use and disclosure of your Personal Data.
In addition, we are not responsible for the data collection, use, disclosure or security policies or practices of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including with respect to any Personal Data you disclose to other organizations through or the Apps or our Social Media Pages.

Security

The TC Group will process your Personal Data and Other Data at all times in an absolute confidential way and maintaining the mandatory duty to secrecy with regard to said data, in accordance with the provisions set out in applicable regulations, and to this end adopting the measures of a technical and organizational nature required to guarantee the security of your data and prevent them from being altered, lost, processed or accessed illegally, depending on the state of the technology, the nature of the stored data and the risks to which they are exposed.
We seek to use reasonable organizational, technical and administrative measures to protect Personal Data. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please immediately notify us in accordance with the “Contacting Us” section, below.

Your responsibility

By using our services, you declare that you are of legal age or legally emancipated, where applicable, fully capable, and that the information provided to TC Group is true, accurate, complete and up-to-date. For these purposes, you are responsible for the truthfulness of all the data communicated and will keep the information updated, so that said data reflects your actual status.
By using our services, you declare that you share with us your Personal Data freely and voluntarily.
In case you share with us Personal data to third person, you guarantee that you have informed third parties on whose behalf you have provided data, where applicable, of the aspects contained in this document. Also, you guarantee that you have obtained the third party’s authorisation to provide their data to us for the purposes indicated.
By using our services, you will be responsible for false or inaccurate information provided to us and for damages, whether direct or indirect, that this may cause to TC Group or third parties.

Choices, Access and Retention

You have choices when it comes to how we use your data and we want to ensure you have the information to make the choices that are right for you.
If you no longer want to receive marketing-related emails, you may opt-out at any time by following the opt-out link at the bottom of our newsletters or email us at privacy@thraciancliffs.com
We will try to comply with your request as soon as reasonably practicable. If you opt out of receiving marketing emails from us, we may still send you important administrative messages, from which you cannot opt out.

How You Can Access, Change or Suppress Your Personal Data

If you would like to review, correct, update, suppress, restrict or delete Personal Data that you have previously provided to us, or if you would like to receive an electronic copy of your Personal Data for purposes of transmitting it to another company (to the extent this right to data portability is provided to you by law), you can contact us at privacy@thraciancliffs.com or by mail:
Bulgaria, 9656,
Dobrich district,
Kavarna Municipality, Bozhurets village,
Thracian Cliffs Golf and Spa Resort
Administration office

You may send a letter to the address and e-mail, specified above, with the Reference “Data Protection”, at any time free of charge, to:

  • Revocation of consent granted.
  • To obtain confirmation about whether or not you Personal data is being processed at TC Group.
  • To access your Personal details.
  • To rectify any inaccurate or incomplete data.
  • To request the deletion of your personal data when, among other reasons, the data are no longer necessary for the purposes for which they were collected.
  • To obtain from TC Group the limitation of data processing when any of the conditions provided in the data protection regulations are met.
  • To request the portability of your data.

Likewise, you are informed that at any time you may file a complaint regarding the protection of your Personal data before the competent Control Authority – Bulgarian Commission for Personal Data Protection in the following ways:

  • 1. In person – at the CPDP’s Registry at: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
  • 2. By post to: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Commission for Personal Data Protection.
  • 3. By fax: +3592/91-53-525.
  • 4. By e-mail to the CPDP’s e-mail address (kzld@cpdp.bg).

In this case, your complaint should be submitted in the form of a signed electronic document with an electronic signature (not scanned!).
You also can lodge a complaint with a data protection authority for your country or region or where an alleged infringement of applicable data protection laws occurs at http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080
Please note that we often need to retain certain data for recordkeeping purposes and/or to complete any transactions that you began prior to requesting a change or deletion (e.g., when you make a reservation, you may not be able to change or delete the Personal Data provided until after the completion of such reservation).  There may also be residual data that will remain within our databases and other records, which will not be removed.  In addition, there may be certain data that we may not allow you to review for legal, security or other reasons.

Retention
We will retain your Personal Data for the period necessary to fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law.
The criteria used to determine our retention periods include: 

  •  The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you keep using the Services)
  •  Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them)
  •  Whether retention is advisable considering our legal position (such as, for litigation or regulatory investigations)

Sensitive Data
Unless specifically requested, we ask that you not send us, and you not disclose, on or through the Services or otherwise to us, any Sensitive Personal Data (e.g., social security numbers, national identification number, data related to racial or ethnic origin, political opinions, religion, ideological or other beliefs, health, biometrics or genetic characteristics, criminal background, trade union membership, or administrative or criminal proceedings and sanctions).
Use of Services by Minors
The Services are not directed to individuals under the age of sixteen (16), and we request that they not provide Personal Data through the Services.
Updates to This Privacy Statement
The “Last Updated” legend at the top of this page indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Online Services. Your use of the Services following these changes means that you accept the revised Privacy Policy. If you would like to review the version of the Privacy Policy that was effective immediately prior to this revision, please contact us at
privacy@thraciancliffs.com

Contacting Us
If you have any questions about this Privacy Policy, please contact us at privacy@thraciancliffs.com or by mail:

Bulgaria, 9656,

Dobrich district,

Kavarna Municipality, Bozhurets village,

Thracian Cliffs Golf and Spa Resort

Administration office