1. Personal data within the meaning of Regulation / EU / 2016/679 of the European Parliament and of the Council of Europe of 27 April 2016 / Regulation / and the Personal Data Protection Act is any information relating to a natural person who is identified or can be identified directly or indirectly by an identification number or by one or more specific features.

1.1. MC Invest EOOD, UIC 115576113, with registered office and address of management: Plovdiv, p.k. 4003, Region “North“, 6 Belgrade Str., 6th floor, represented by Emil Dimitrov Kelbechev – Manager, is an administrator of personal data on the provision of tourist services in the Blue Bay Sozopol Hotel managed by the company, with address : Sozopol, 15 Kraybrezhna Str., tel .: +359 55 045 000, website: https://blu-bay.com.
The contact person in connection with the processing of personal data by MC Invest EOOD is Emil Kelbechev

2. MC Invest EOOD collects, processes and stores personal data in order to provide tourist services and services such as individual trips, organized trips, hotel accommodation and others. MC Invest EOOD collects personal data directly from the persons to whom it provides tourist services, and the personal data are stored responsibly and lawfully.
The provision of personal data is voluntary.

2.1. MC Invest EOOD collects, processes and stores personal data on the basis of:

2.1.1. Explicit consent of the data subject.

2.1.2. Fulfillment of contractual obligations.

2.1.3. Fulfillment of legal obligations that apply to MC Invest EOOD.

2.2. As a controller of personal data and in order to facilitate and quickly pay for the provided tourist services, the subjects of personal data can take advantage of the opportunity to pay for the requested tourist services by bank transfer via credit / debit card. In view of the provided opportunity for payment by bank transfer via credit / debit card, MC Invest EOOD also processes the following category of personal data and information:

2.2.1. Credit / debit card information, namely card type and number, cardholder’s name, validity date and security code.

2.2.2. Financial information or invoice data.

3. MC Invest EOOD takes care of protection and prevention of unauthorized access, improper use, change, destruction or accidental loss of the cardholders’ bank data. This includes the use of special security rules by the employees of MC Invest EOOD, who have access to servers and databases in which the personal information of the cardholders is stored.

3.1. MC Invest EOOD is obliged to notify the personal data subject / cardholder / if:
– there is a high-risk breach of the rights and freedoms of the data subject, as well as what measures have been taken to control the breach;
– there is an infringement that will not lead to a high risk for the rights and freedoms of the data subject, as well as for the measures taken to ensure the termination of the infringement.

4. In order to maximally protect the provided personal bank data, MC Invest EOOD has taken extensive technical and organizational precautionary measures to avoid accidental or intentional manipulation, accidental loss, illegal destruction or unauthorized access by unauthorized persons, modification or distribution, as well as from other illegal forms of processing of the provided personal data by the cardholder. Security procedures are regularly reviewed and reviewed to take account of technological advances.

5. For maximum protection of the personal bank data provided to the cardholders, MC Invest EOOD has taken the following technical and organizational measures:

5.1. The forms for providing consent for the collection, storage and processing of personal data, including bank data, filled in by the clients are included in a documentary register and are stored in special cabinets. Access to the cabinets is controlled by authorized persons, locking of the premises and cabinets, security alarm, security and alarm system.

5.2. The electronic information register is built in the form of files. The databases are accessible only by authorized persons and only to the data and resources necessary for the performance of their duties.

5.3. The access to the information system is carried out only after authorization with a unique name and password. Restricting access to the information system containing personal data is limited by introducing access levels. When transmitting information electronically, protection is provided by encrypting, archiving and subsequently recovering the data in order to protect it from loss or destruction. It is possible to monitor each operation, as well as the date and time of its execution, protection of the information system through anti-virus programs and a firewall.

5.4. The processing of personal data, including bank data, is carried out in compliance with the requirements of the Regulation and the Personal Data Protection Act.

6. MC Invest EOOD may disclose the personal data of the cardholders only to persons and bodies specified in a normative act, in order to fulfill its legal obligations.

6.1. No transfer of personal data to cardholders to third parties is performed, unless MC Invest EOOD is legally obliged to do so, or the transfer of data is necessary for the performance of the contractual relationship or the cardholder has previously given explicit consent for transfer. of his data.

7. The personal bank data of the cardholder shall be deleted as soon as the purpose for which they were stored has already been fulfilled or is not valid. Storage may also take place if required by European or national legislation. Personal bank data are also deleted / deleted / if the statutory storage period prescribed by regulations expires, unless it is necessary to continue the storage of data for the purposes of concluding or executing a contract.