Privacy policy


Privacy policy

Privacy policy of

This privacy policy applies to the Royal Spa Velingrad and the online reservation portal. Hotel’s website It does not apply to collection of information through other channels. By using our website, you consent to the collection, use, and disclosure of your information as described in this policy. If you do not agree, please do not use this website.

The policy covers the processing and protection of personal data in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the Regulation).

We value the importance of privacy and are devoted to establishing our clients’ trust by upholding high standards of personal information protection. Our policies describe the types of personal data we collect and receive, the circumstances under which we collect or receive personal data, the rules and procedures we have established outlining its use and storage, and how we share certain types of personal information in limited circumstances, the procedures you should follow if you have any questions or requests about your personal data or our policies and procedures, as well as information about the person to whom such questions or requests should be directed and the means by which to contact this person.

Below you will find information:

  • about the person responsible for processing your data;
  • what categories of personal data we process;
  • under what conditions we process the data;
  • about the purposes and legal grounds for the processing;
  • deadlines for data storage and security measures;
  • how to exercise your rights under the GDPR,
  • as well as in which cases and in what order we share your data to third parties.

Within this policy, the current document is a privacy notice within the meaning of the General Data Protection Regulation (GDPR). It was prepared by Capital City Center OOD, which is registered in the Registry Agency’s Commercial Register under the UIC: 201962951

Within this policy, personal data means information about you that may be used to identify you personally, such as your name, personal identification number and identity document, home address, e-mail address, or phone number, and that is not publicly available. It also includes information on consumer preferences when such information is provided or recorded by us while providing services to individuals.


  • Contact information: name, email address, telephone number or postal address, in case you send us an inquiry or in case you subscribe to our newsletter
  • Information regarding the guest’s stay and loyalty: arrival and departure dates, purchased services, specific desires and preferences, use of loyalty discounts in cases where a reservation is made.
  • Payment information: credit card number in case you book online.
  • Business or company information: Business or company information: contact or other pertinent information about your company, in case an event is planned, or your employees or intermediaries use their corporate profile to work with us.
  • Information provided by you: inquiries, reviews of hotel services, job applications, etc.
  • Website usage information: You can learn more about the information about your actions on the website, as well as its settings and administration, in our Cookie Policy.


In the framework of our business, it is usually required to collect and process information about our customers. The information is collected directly and it specifically includes your name and other identifying data, contact details (email, address, telephone), and so on.


  • Information provided by you: in cases when you book online or contact us.
  • Automatically via cookies: In accordance with applicable law, we use tracking technologies such as cookies to collect anonymous information about you.
  • From third parties: from people authorized to act on your behalf – if they make a reservation on your behalf, from social networks, advertising and analysis service providers.


  • In case you give your explicit consent, your data will be used to provide you with information about promotions and other interesting information about our services.
  • We use data to respond to your inquiries: We will use the data to perform the services you have requested, such as processing a hotel reservation request that has been received.
  • We use data to improve the website and the services: We may use your data to improve the services we offer. We may also use your data to personalize your travel experience. We use data to analyze the efficacy of the website:
  • We may process your data anonymously in order to optimize the website’s functionality.
  • We use data for marketing purposes: We may send you information about new services and offers. We may also use your data to provide you with advertisements for our offers. If you sign up for our newsletter, you will receive our promotional emails. In compliance with current law, we obtain your consent before beginning marketing operations. You can learn more about your consent and how to manage it by reading the sections below.
  • We use data to communicate with you: We may contact you about a future booking or event.
  • We use information in other ways permitted by applicable law.


The implementation of e-marketingprocessing forms requires your explicit consent to be notified by email, phone, and/or SMS about discounts, promotions, raffles, and other marketing activities. You may consent by checking the appropriate box at the bottom of this notice. Forms and tools are also used on the website in order to provide service and sales (such as reservations).


The protection and security of your data is important to us. We take all reasonable actions and precautions to prevent loss, abuse, or unauthorized access. However, if you suspect a violation, please contact us immediately by using the information provided.


The data processed for e-marketing based on the customer’s explicit consent is stored until the consent is withdrawn, but no more than one year after it was provided, unless you have renewed your consent to receive marketing information.


The GDPR includes a number of options for protecting individuals in connection with data collection and processing, particularly:

  • the right to access and obtain information about the processing of your data;
  • the right to object to processing when the data is processed in the company’s legitimate interest;
  • the right to withdraw your consent to data processing when it is processed solely on the basis of your explicit consent;
  • the right to data portability for data processed with your explicit consent, and depending on your instructions, we will either provide you with a copy or automatically transfer them to another organization;
  • the right ask for correction if the information we store about you is incorrect;
  • the right to request that your data be ‘forgotten’ when it is processed with your consent or when the processing is otherwise illegal
  • the right to file a complaint with a supervisory authority (see below for details).


In order to provide our services, to ensure the Hotel’s security, and to obtain up-to-date information, we may disclose your information to third parties as well as the following individuals for the following purposes:

  • other Capital City Center group hotels, when required and permitted by law;
  • competent tax and other state bodies during an inspection;
  • partners (e.g. tour operators, accountants, an external archives company, or lawyers in the event of litigation);
  • in case of merging or acquisition, your data may be shared with the new owner(s), about which you will be notified.
  • In any case, unless expressly permitted by local law and adequate protection measures are in place, your data will not be shared with third parties established outside the EEA (EU, Norway, Iceland, and Liechtenstein).
  • We share your data with third party data processors who perform selected services on our behalf. We share your information with email service providers such as Mailchimp. We also share information with companies that assist us in managing the website, our analytics, search engines that act on our behalf, and partners such as social networks that provide promotions and advertising on our behalf.


You can choose not to receive marketing emails. To stop receiving our promotional emails you can unsubscribe from the newsletter in any promotional message you receive from us. Even if you unsubscribe from promotional messages, you may still receive messages regarding transactions, including responses to your inquiries.

You can manage the cookies and tracking technologies. To learn how to manage cookies and other similar tools, please review our Cookie Policy.

You can control the tools on your mobile devices. You can disable the location or push notifications from the mobile device you are using. These settings depend on the device type.

Standard security measures

  • Users under the age of 18: The website is only designed for adults. We do not intend to collect personally identifiable information about children under the age of 18 without the permission of their parent or guardian.
  • Links to Third-Party Websites: We are not responsible for the third-party websites or for their policies. If you click on a link to a third-party website, please read the privacy policies of that website carefully before deciding whether or not to continue using it.
  • Data retention: We store data for the time necessary to carry out the activities described in this Privacy Policy, in accordance with applicable laws.


Regardless of the aforementioned, you have the right to file a complaint with the Commission for Personal Data Protection (CPDP):

  • in person, at the address: Sofia, 2 Prof. Tsvetan Lazarov blvd.; • in person, at the address: Sofia, 2
  • by letter , to the address: Sofia, Postal code 1592, 2 Prof. Tsvetan Lazarov blvd.
  • by fax – 029153525;
  • by sending an e-mail to CPDP –;
  • via the CPDP website at: на адрес:

We reserve the right to periodically update this policy, which is why we encourage you to review it on a regular basis in order to find out how we process and protect your personal data.

If you have any questions about our Privacy Policy or would like to make a request or exercise your rights in relation to your personal data, please contact our Data Protection Officer Ekaterina Karagyaurova,

Take advantage of our exclusive
discounts includes overnight stay, breakfast and dinner