LAB HOTEL

Outlive the future

HOTEL

COLIVING

COWORKING

RESTAURANT AND
ROOFTOP

EVENTS

ESG

FAQ

CONNECT

VIRTUAL

TOUR

BOOK A

TOUR

HOTEL

COLIVING

COWORKING

RESTAURANT
AND ROOFTOP

EVENTS

ESG

FAQ

CONNECT

               

BOOK A

TOUR

VIRTUAL

TOUR

               
LAB HOTEL

Privacy Policy for Customers

of WN LAB HOTEL SOFIA 

1. Introduction

WorkNomads respects your privacy and the protection of your personal data. This Privacy Policy explains how we collect, process, disclose and safeguard your information with regard to the booking and the usage of our services, including tourist, hotel, restaurant, Coliving and Coworking services, as well as any other services directly associated with them, which will be provided at the facilities in WN LAB HOTEL SOFIA with address: 1700 Sofia, Studentski grad district, 1A Yordan Yossifov Street, hereinafter referred to as the Hotel. 

We’re committed to handling the personal information of those we engage with, whether customers, suppliers or colleagues responsibly and in a way that meets the legal requirements of General Data Protection Regulation (GDPR), as may be complemented by local regulation on the protection when processing personal data. In connection with the provision of our services and performance of our activities, we, in our capacity of data controller, process personal data of our customers – individuals, including representatives of legal entities, as well as personal data of other visitors of the Hotel, in compliance with the rules and principles under the present Policy. 

By using the services of WorkNomads, you agree and accept this Privacy Policy and agree with the collection and processing of your personal data. You explicitly grant this consent each time you access the Hotel and/or use our services or whenever you provide us with personal data.

2. Responsible authority

The responsible authority for the collection, processing and use of personal data is: 

WorkNomads AD (‘WorkNomads’, ‘We’, ‘us’, ‘our’) with its registered office at 1700 Sofia, Studentski grad district, 1A Yordan Yossifov Street, WN LAB HOTEL Sofia. Our company registration number is UIC: 206502669. If you have any questions about how we protect or use your data, please email us at privacy@worknomads.com or contact us at the following address for correspondence: 1700 Sofia, Studentski grad district, 1A Yordan Yossifov Street, WN LAB HOTEL Sofia.  

 3. Definitions

For the purposes of this Policy: 

  • “Personal Data” means any information related to data subjects and processed by WorkNomads, including name, date of birth, gender, identification number, or another personal number; number, country of issue, date of issue and date of validity of a passport, identity card or other identity documents; permanent or current address; citizenship, vehicle registration number, image, credit, and debit card details, bank accounts details, IBAN, IP address, MAC address of computers, phones, and other personal devices; e-mail or other physical, physiological, genetic, mental, economic, cultural or social characteristics, as well as any other data enabling the identification of an individual. 
  • “Processing” means any operation or set of operations performed with personal data by automatic or other means, including the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmission, distribution or otherwise, by which data is made available, sorted or combined, restricted, deleted or destroyed. 
  • “Data subjects” means individuals who can be identified, directly or indirectly, through the data processed by WorkNomads for them. The main categories of data subjects are the hotel guests, restaurant guests, users of Coliving services, users of Coworking services, visitors to the Hotel, Coliving space and the Coworking space, and recipients of the electronic newsletter and/or any other marketing materials distributed on behalf of WorkNomads. 
  • “Special categories of personal data” means personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, trade union membership, genetic and biometric data, health status or sexual life, or sexual orientation data of data subjects.  
  • “Data Controller” means WorkNomads AD, registered in the Commercial Register at the Registry Agency with UIC: 206502669, having its registered office and registered address at 1700 Sofia, Studentski grad district, 1A Yordan Yossifov Street, WN LAB HOTEL Sofia, represented by Katrien Meire, on whose behalf personal data are processed according to the purposes and means defined by it. Unless and to the extent that the applicable data protection law provides otherwise, under the Policy, WorkNomads defines the purposes and means of processing including, but not limited to: the provision of hotel and restaurant services, the provision of Coliving and Coworking services, video surveillance and security activities in the hotel-managed facilities, posting and collecting personal information on the WorkNomads websites (www.WorkNomads.com; www.worknomadshotel.com; and https://coworking.worknomads.com/) and using the personal data, including for marketing purposes, as well as transferring it to third parties, etc. 
  • “Data processor” means (1) any person other than WorkNomads and its staff who processes personal data in the non-exhaustive activities described above, the purposes and means for which are determined by WorkNomads, and (2) WorkNomads, in the cases, in which it does not act as a data controller, for example when executing a contract with an organization conducting an event or recording audiovisual works on the territory of a hotel-operated facilities. In all cases, when processing data in conjunction with or in the capacity of processing data, WorkNomads concludes a contract or other legal act under Article 28, paragraph 3 of the GPDR. 
  • “Consent” means a freely expressed, specific, informed, and unambiguous indication of the will of the data subjects through affirmative action/click on the WorkNomads website or signature of a document in writing. 
  • “Child” means any person under the age of 18 unless and until otherwise specified in the applicable data protection law. 
  • “Personal data breach” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that is transmitted, stored, or processed in any other way. WorkNomads will notify the supervisory authority and the data subjects (when acting as a data controller) or the data controller (when acting as a data processor) in any case of data security breaches. 
  • “Data subject’s rights claim” means any request to exercise data subject’s rights regarding the protection of personal data by completing the form provided or by acting in an electronic interface to the WorkNomads systems, if such an opportunity is provided and in so far as the applicant’s identity is established securely. 
  • “Third Party” means an individual or legal person, public authority, or other organization located outside the territory of the European Union, the European Economic Area, and the Swiss Confederation to which WorkNomads and/or processors transmit personal data. 
  • “Supervisory Authority” means the Commission for Personal Data Protection of the Republic of Bulgaria (CPDP) or another institution acting as a leading supervisory authority within the meaning of the applicable data protection law. 
  • “Profiling” means any form of automated data processing designed to evaluate personal aspects related to their subjects or to analyze/forecast the fulfillment of professional responsibilities, economic status, location, health, personal preferences, reliability, or behavior. 
  • “Data Protection Officer” means the individual or legal person to whom the data controller entrusts the tasks provided for in the applicable data protection law. 
  • “Personal data register” means any structured set of personal data accessed according to specific criteria, whether centralized, decentralized or distributed according to a functional or geographical principle. 

4. Categories of Data Subjects

The main categories of data subjects whose personal data we collect and process are: 

  • Individuals booking and/or using accommodation services through the web site (www.WorkNomadshotel.com), reservation module, reception, phone or other platforms for on-line reservations, in their name or on behalf of another individual or legal entity; 
  • Individuals booking and/or using restaurant services through the web site (www.WorkNomadshotel.com), reservation module, reception or phone, in their name or on behalf of another individual or legal entity; 
  • Individuals booking and/or using Coworking facilities and services through the web site (www.WorkNomadshotel.com and/or https://coworking.worknomads.com, reception or phone, in their name or on behalf of another individual or legal entity; 
  • Individuals booking and/or using the services provided by WorkNomads, including, but not limited to, hotel accommodation, restaurant and related services, Coliving services, Coworking services, provision of conference and event halls, etc., as well as individuals representing or acting in another manner on behalf of legal persons/entities using the said services; 
  • Individuals visiting the Hotel, the Coliving space and the Coworking space; 
  • Individuals who have expressed a desire to receive the electronic newsletter and/or other advertising materials on behalf of WorkNomads. 

5. Categories of Personal Data

The information (categories of personal data) concerning data subjects which may be processed by WorkNomads pursuant to the present Policy may include: 

Non-Sensitive data  

WorkNomads collects and processes primarily non-sensitive data depending on the specifics of the respective services or the fulfillment of the relevant legal obligation: 

a) In connection with the provision of hotel accommodation services:

  • Identification data: guest’s full name; date of birth; gender; nationality; national identification number (such as PIN for Bulgarian citizens) and/or ID document number; ID document date of issue; ID document date of expiry; country issuing the ID document; signature; 
  • Contact details: telephone number; email address; address; 
  • Information related to hotel accommodation: room number; floor; dates of stay (check-in date, check-out date); duration of stay (number of nights spent at the hotel); tourist package, if used; type of room preferences (smokers/non-smokers); VIP guest’s status; 
  • Data relating to payments and issuance of invoices: information regarding the payment method (in cash, by bank transfer, by credit card, etc.); information regarding due and effected payments; information regarding the due date of payment and overdue/outstanding debts; bank details (bank, IBAN, account holder); currency of the payment; number, expiry date and holder of the credit/debit card; CVC code; data contained in the payment authorization slip; name of the legal person/entity; address of the legal person/entity; VAT number and/or other identification, tax or registration number (PIN or BULSTAT for natural persons); authorization slips (signed); 
  • Records from the video surveillance performed in publicly accessible zones and premises in the Hotel, Restaurant, Coliving and Coworking space; 
  • Additional information related to hotel accommodation at the customer’s explicit request: special requirements and preferences, including type of press (newspapers and magazines), food and drinks; special requirements related to food products, drinks and other substances which should be avoided by the guest (regardless of the reason). 

b) In connection with the provision of restaurant services:

  • Identification data: full name; 
  • Contact details: telephone number; email address; address; 
  • Data relating to payments and issuance of invoices: number, expiry date and holder of the credit/debit card; CVC code; name of the legal person/entity; address of the legal person/entity; VAT number and/or other tax or registration number (for sole traders, freelancers and natural persons); authorization slips (signed); 
  • Records from the video surveillance performed in publicly accessible zones and premises in the Hotel, Restaurant, Coliving and Coworking space; 
  • Information of preferences (at the customer’s explicit request): food and drink preferences; preferred payment method; specific requirements related to food products, drinks and other substances which should be avoided by the guest (regardless of the reason). 

c) In connection with the provision of Coliving services

  • Identification data: full name; date of birth; gender; nationality; national identification number (such as PIN for Bulgarian citizens) and/or ID document number; ID document date of issue; ID document date of expiry; country issuing the ID document; signature; 
  • Contact details: telephone number; email address; address; 
  • Information related to the used Coliving space: room number; floor; dates of use; duration of use (number of days of use of the Coliving space), etc.; 
  • Data relating to payments and issuance of invoices: information regarding the payment method (in cash, by bank transfer, by credit card, etc.); information regarding due and effected payments; information regarding the due date of payment and overdue/outstanding debts; bank details (bank, IBAN, account holder); currency of the payment; number, expiry date and holder of the credit/debit card; CVC code; data contained in the payment authorization slip; name of the legal person/entity; address of the legal person/entity; VAT number and/or other identification, tax or registration number (PIN for natural persons); authorization slips (signed); 
  • Records from the video surveillance performed in publicly accessible zones and premises in the Hotel, Restaurant, Coliving and Coworking space; 
  • Additional information related to the usage of the Coliving space at the customer’s explicit request: special requirements and preferences, etc. 

d) In connection with the provision of Coworking services

  • Identification data: full name; date of birth; gender; nationality; national identification number (such as PIN for Bulgarian citizens) and/or ID document number; ID document date of issue; ID document date of expiry; country issuing the ID document; signature; 
  • Contact details: telephone number; email address; address; 
  • Information related to the used Coworking space (if applicable): Coworking space zone or other identification; floor; dates of use; duration of use (number of days of use of the Coworking space); 
  • Data relating to payments and issuance of invoices: information regarding the payment method (in cash, by bank transfer, by credit card, etc.); information regarding due and effected payments; information regarding the due date of payment and overdue/outstanding debts; bank details (bank, IBAN, account holder); currency of the payment; number, expiry date and holder of the credit/debit card; CVC code; data contained in the payment authorization slip; name of the legal person/entity; address of the legal person/entity; VAT number and/or other identification, tax or registration number (PIN for natural persons); authorization slips (signed); 
  • Records from the video surveillance performed in publicly accessible zones and premises in the Hotel, Restaurant, Coliving and Coworking space; 
  • Additional information related to the usage of the Coworking space at the customer’s explicit request: special requirements and preferences, office services subscription, etc. 

e) In connection with the provision of other services:

  • Identification data: full name; date of birth; gender; nationality; national identification number (such as PIN for Bulgarian citizens) and/or ID document number; ID document date of issue; ID document date of expiry; country issuing the ID document; signature; 
  • Contact details: telephone number; email address; address; 
  • Data relating to payments and issuance of invoices: information regarding the payment method (in cash, by bank transfer, by credit card, etc.); information regarding due and effected payments; information regarding the due date of payment and overdue/outstanding debts; bank details (bank, IBAN, account holder); currency of the payment; number, expiry date and holder of the credit/debit card; CVC code; data contained in the payment authorization slip; name of the legal person/entity; address of the legal person/entity; VAT number and/or other identification, tax or registration number (PIN for natural persons); authorization slips (signed); 
  • Records from the video surveillance performed in publicly accessible zones and premises in the Hotel, Restaurant, Coliving and Coworking space; 
  • Specific Information related to the used services. 

f) In connection with the visitors to the Hotel, the Coliving and the Coworking space

  • Identification data: full name; date of birth; gender; nationality; national identification number (such as PIN for Bulgarian citizens) and/or ID document number; ID document date of issue; ID document date of expiry; country issuing the ID document; signature; 
  • Purpose of the visit and information about the hotel guest, Coliving space user or Coworking space user to whom they go; 
  • Records from the video surveillance performed in publicly accessible zones and premises in the Hotel, Restaurant, Coliving and CoworkingCoworking space. 

g) In connection with recipients of the electronic newsletter and/or any other marketing materials distributed on behalf of WorkNomads:

  • Identification data: full name; date of birth; gender; nationality; national identification number (such as PIN for Bulgarian citizens) and/or ID document number; ID document date of issue; ID document date of expiry; country issuing the ID document; signature; 
  • Contact details: telephone number; email address; address; 
  • Preferred services and ways of communication. 

Sensitive data  

In limited circumstances, we may need to process your sensitive personal data, such as race or ethnicity data, health data, biometric data, or data about criminal offences.  This will only ever be where we meet a lawful condition for such processing, such as where we have your consent, where the data has been made public by the data subject, or where processing is necessary for: the prevention or detection of unlawful acts, the substantial public interest, or legal claims. 

 

Children’s data

Services provided by WorkNomads may be ordered only by legally capable persons who are 18 years old or older. If hotel and restaurant services are used by children, they should be accompanied by adult parents or authorized persons. 

 

6. Sources of Personal Data about you

We may collect personal data in a variety of ways, it may include: 

  1. From you directly when you sign up to book and/or to use one of our services; 
  2. From publicly available registers, publications, websites, and/or social medias and networks; 
  3. Other sources – in certain cases, the personal data processed by WorkNomads are not collected and received directly from the data subject of the relevant data, but from third parties, such as:
      • Persons representing, working for or otherwise cooperating with the data subject; 
      • Event organizers – with respect to information concerning the participants in the event; 
      • Business partners (e.g. booking sites as booking.com; tourist agencies, other persons that provide intermediary services in the context of booking or ordering of other services, etc.) of WorkNomads;
      • Competent state and judicial authorities. 

The persons providing data to WorkNomads should inform the data subjects whose data are provided of the fact of the data provision, the purposes and scope of such data provision, shall introduce the data subjects to the present Policy, and shall guarantee that they provide the data on valid legal grounds. 

When collecting personal data directly from the data subjects or indirectly (e.g., by obtaining them from another organization, collecting them from the public register, or applying another method of data mining), WorkNomads provides information by the requirements of Articles 13-14 of GDPR and this Policy. 

You are not required to provide us with your personal data. However, if you do not provide your personal data, we will not be able to provide the respective services to you. Any refusal to provide data and documents or any provision of false data may entail failure to provide the respective services or suspension of the access to services provided by WorkNomads. 

7. Legal basis for collecting and processing your personal data

The lawful basis we use for collecting and processing your information are as follows: 

  • Where required to comply with legal obligations; 
  • Where it is necessary for entering into or performing a contract with you; 
  • Where we have legitimate interest to do so, provided your rights do not override those interests; 
  • Where you have consented to its uses. 

8. Purposes of Personal Data Processing

WorkNomads collects, stores, and processes the information described in Art. 5 above for the purposes provided for in the present Policy and in the General Terms & Conditions for use of the services provided. Depending on the legal grounds for the processing, those purposes may be: 

(a) purposes related to the compliance with legal obligations of WorkNomads, including: 

  • keeping a register of accommodated guests and providing information from that register to the competent authorities, as legally required; 
  • address registration of foreigners in compliance with the requirements of the applicable legislation; 
  • deduction and payment of tourist tax; 
  • activities related to the development and implementation of counter-terrorism measures; 
  • handling of signals, complaints, requests for exercising of rights, etc., as well as claims and commercial guarantees (if applicable), including preparation of the relevant replies thereto; 
  • bookkeeping, invoicing and accounting of incoming and outgoing payments in compliance with the applicable tax and accountancy legislation; 
  • other activities related to the fulfilment of WorkNomads’ legal obligations (tax, accounting, regulatory, licensing, etc.) requiring the provision of information to and cooperation with the competent state and judicial authorities upon performance of inspections. 

(b) purposes related to and/or necessary for the performance of the contracts concluded with WorkNomads or for taking steps at the request of the data subject prior to entering into a contract: 

  • receipt, administration and processing of bookings, including cancelled bookings; 
  • customer services, including provision of online services through the website; 
  • communication related to the provision of services; 
  • administration and receipt of payments for the services provided, including remotely; 
  • ensuring a guarantee for bookings and payments of hotel accommodation and any extra services requested; 
  • financial and accounting activity and administration, processing and collection of due payments for the services provided; 
  • refunding of incorrectly transferred amounts; 
  • ensuring an individual approach in the provision of the services, taking account of the explicitly specified preferences of the customer. 

(c) purposes related to the legitimate interest of WorkNomads and third parties: 

  • Legitimate interest – (1.1.) exercise and protection of the rights and legitimate interests of WorkNomads; and (1.2.) assistance in the exercise and protection of the rights and legitimate interests of customers; of other persons related to WorkNomads; of employees of WorkNomads; of data processors processing personal data on behalf of WorkNomads; and of business partners of WorkNomads: 

      – establishment, exercise or defence of legal claims of the persons specified above under items (1.1) and (1.2), including by legal proceedings and filing of complaints, signals, etc. with the competent state and judicial authorities; 

      – video surveillance and access control ensuring the security of WorkNomads’property, proving the compliance with applicable requirements, ensuring the physical security against violations on the buildings and objects, and protection of the life and health of citizens, including Hotel guests; 

      – taking actions for suspending the services provision in case of refusal of payment, violations of WorkNomads’ established rules and policies, etc.; 

      – administration and handling of submitted complaints, signals, requests, etc.; 

      – collection of debts due to WorkNomads, including by execution proceedings and/or through assignment to third parties, as well as by transfer of debts to third parties (cessions) following the statutory procedure; 

      – submission of notary invitations. 

  • Legitimate interest – analysis, planning and improving the quality of services provided by WorkNomads: 

      – keeping a backup copy of the data in the internal information system regarding the current state of the hotel (occupation/availability of rooms, obligations, etc.) Coliving and/or Coworking space in case of information systems failure; 

      – receipt, handling, and preparation of replies to submitted applications, requests, etc. which are not related to claims and complaints concerning the services used; 

      – survey of the customers’ satisfaction with the services;  

      – control, analysis, and optimization of the business processes for improvement of the quality of services. 

      – maintenance and administration of the website; 

      – detection and repair of technical problems in the website’s functionalities; 

      – taking measures against malicious actions against the security and normal functioning of the website. 

  • Legitimate interest – hotel accommodation and restaurant activities, provision of professional hotel and restaurant services: 

      – administration and management of the services provided by WorkNomads; 

      – quality management and control of the services provided; 

      – receiving feedback on the services provided. 

  • Legitimate interest – provision of Coliving services: 

      – administration and management of the services provided in the Coliving space and premises; 

      – quality management and control of the services provided; 

      – receiving feedback on the services provided. 

  • Legitimate interest – provision of Coworking services: 

      – administration and management of the services provided in the CoworkingCoworking space; 

      – quality management and control of the services provided; 

      – receiving feedback on the services provided. 

(d) purposes for which the data subject has given his/her consent to the processing of his/her data: 

  • Sending marketing and advertising communications regarding services, exclusive offers, packages, events, etc. 
  • Surveys and receiving feedback on the quality of services; 
  • Sending newsletters and other marketing materials; 
  • Other purposes for which the data subject has explicitly given his/her consent. 

    9. Personal Data Processing

    The processing of your personal data will be carried out by WorkNomads’ employees and/or by data processors to whom WorkNomads has assigned the performance of personal data processing activities, in strict compliance with the principles of personal data processing according to GDPR and in accordance with the purposes described in Art. 8 above.  

    WorkNomads undertakes to introduce measures allowing access to the collected personal data only to the persons to whom it must be accessed as they need it for the performance of official or other duties (the principle of access to the data based on the need to know). The employees of WorkNomads are obliged not to disclose personal data of persons other than the persons referred to in the preceding sentence. 

    Processing of Information by Third-Parties – Data Processors 

    For the purposes specified in the present Policy, WorkNomads may assign data processing activities to third parties – data processors, in compliance with the requirements under GDPR and the other applicable personal data protection rules. Where personal data are disclosed to and processed by data processors, such disclosure and processing will be carried out only to the extent and in the amount necessary for the performance of the tasks assigned by WorkNomads. Data processors act on behalf of WorkNomads and are obliged to process personal data only in strict compliance with WorkNomads’s instructions and the present Policy. Data processors shall not be entitled to use or otherwise process the information for purposes other than for the purposes specified in the present Policy. 

    10. Technical and Organizational Measures

    In order to prevent the destruction, loss, falsification, modification, unauthorized access or accidental disclosure to third parties of personal data as well as any other unauthorized processing of these data, we have installed security measures that are reasonable and appropriate on the technical and organizational levels and which are considered the normal standard. 

    The security of the collected, processed and stored personal data is ensured by the introduction of the following technical measures: 

    • Password protection; 
    • Automatic locking of idle workstations on the network; (there may be an exception when mandatory virus scanning and data transfer registration are provided); 
    • Anti-virus software and firewalls; 
    • Role-based access rights, including those of temporary staff; 
    • Protecting devices leaving the organization’s premises, such as laptops or the like; 
    • Security of local and wide area networks; 
    • Privacy-enhancing technologies such as pseudonymization and anonymization; 
    • Identification of appropriate international security standards appropriate for the provided services; 
    • When leaving the workplace unattended, care should be taken to ensure that computer screens and terminals are not visible to others, including by activating a screen saver on the device concerned. The processing of personal data remotely must be authorized explicitly by an authorized person by the WorkNomads’ Management by a written act. 

    All documents containing personal data should be kept under appropriate organizational data protection measures, which will include at least the following: 

    • The levels of appropriate training of the WorkNomads‘ staff; 
    • Measures that take into account the reliability of employees (e.g., attestations, recommendations, etc.); 
    • Inclusion of confidentiality and data protection clauses in employment contracts; 
    • Identification of disciplinary measures for breaches of personal data protection; 
    • Regular inspection of staff to comply with relevant security standards; 
    • Control of physical access to electronic and paper-based records; 
    • Adopting a “clean workplace” policy; 
    • Storage of database paper in lockable cabinets; 
    • Restricting the use of portable electronic devices outside the workplace; 
    • Restricting the use by employees of personal devices in the workplace; Adopt clear rules for creating and using passwords; 
    • Regular backing up of personal data and physical storage of copy media outside workplaces in locations with an appropriate level of security; 
    • The imposition of contractual obligations on counterparties to take appropriate security measures when transferring data outside the EU/the EEA. 
    • The collection, storage, and destruction of personal data are governed by rules and procedures for the storage of personal data, approved by the Company Manager. 
    • WorkNomads does not store personal data in a form that allows the identification of data subjects for a period exceeding the specified storage periods. 
    • For purposes of archiving in the public interest, scientific or historical research, or statistical purposes, WorkNomads may store personal data for a more extended period. 
    • Upon expiration of the respective deadlines by the written order of an authorized employee of WorkNomads, personal data shall be anonymized, pseudonymized, or destroyed according to a procedure approved by the Company Manager.

    11. Video surveillance and Security

    Under the requirements of the applicable legislation, WorkNomads applies security measures including the following technical and organizational means for access control, for ensuring the physical security against violations on the building and sites, and for protection of the life and health of citizens, including Hotel guests: 

    • security guards; 
    • alarm systems;  
    • a 24-hour video surveillance system of recording and storage devices. 

    Video surveillance and video recording may be performed in publicly accessible zones and premises in the building of WorkNomads, and in zones and premises with an exclusive access regime. There is no video surveillance in the guest rooms, WCs, recreation rooms, etc. The data of video surveillance activities are stored in a monitoring room with limited access and 24-hour security. Information boards are available at visible places to notify data subjects and other visitors that technical means for surveillance and control are used, and provide any other related information.

    12. Direct Marketing

    Subject to the data subject’s explicit consent, WorkNomads may process the following personal data: names; telephone number; address; email address; information of the type and number of used and preferred services provided by WorkNomads, and other data explicitly specified in the respective consent for the purposes of direct marketing, such as offering of goods and services, including goods and/or services offered by other persons, conducting inquiries and polls for the purpose of improving the quality of the services provided, etc., within the scope of the respective consent. 

    Where personal data are processed for direct marketing purposes, the data subject shall be entitled at any time to object to such processing. In such cases, the processing of personal data for such purposes is terminated. 

    The data subject shall be entitled at any time to withdraw his/her consent to the processing of his/her personal data for direct marketing purposes. In such cases, the personal data processing based on that consent is terminated. The withdrawal of the consent will not affect the lawfulness of the processing carried out before the withdrawal. 

    13. Profiling, Automated Decision Making and Tracking Technologies

    Profiling & ADM 

    We may use some elements of your data to customise our services and products and the information we provide to you, and to address your needs. When we do this, we take all necessary measures to ensure that your privacy and security are protected — and we only use pseudonymised data wherever possible. This activity has no legal effect on you. 

    We may use Automated Decision Making (ADM) to improve your experience. None of our ADM processes have a legal effect on you. 

    Cookies 

    We use cookies, web beacons, tracking pixels and other tracking technologies on the web site (any of the WorkNomads websites: www.WorkNomads.com; www.worknomadshotel.com; and https://coworking.worknomads.com/) to help customize the site and to distinguish you from other users, see how you use our site and products while providing you with the best experience. They also enable us to improve our services. 

    The cookies on our site can be divided into these categories: 

    • Essential cookies 

    Some cookies are essential for the operation of our site. They allow us, for example, to secure the form to prevent spam when submitting. 

    • Performance cookies 

    We use cookies to analyse how visitors use our Site and to track site performance. This makes it possible to quickly find and solve problems. Performance cookies, for example, allow us to keep track of which pages are the most popular. With the help of performance cookies, we can also show links to other pages that may be of interest to you based on the pages you have viewed. 

    • Third-party cookies 

    Third parties (such as advertising networks) may, outside our control, use cookies to send you targeted advertising. These are usually performance cookies or advertising or tracking cookies. We have no control over these third-party cookies. To know more, please consult the privacy and/or cookie policy of the relevant third party. 

    • Changing Browser settings 

    If you do not want to allow all cookies, you can change your browser’s settings. These settings are usually found in your browser’s “Options” or “Preferences” menu.  

    If you change your settings and block cookies, certain functionalities on our site will no longer be offered and you may not be able to make optimum use of our site. 

    14. Disclosure of your personal data

    We may share information we have collected about you in certain situations. 

    Your information may be disclosed as follows: 

    By Law or to Protect Rights 

    If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities to prevent and detect fraud or crime. 

     

    Disclosure of personal data with third parties 

    We may share your personal data with: 

    • Colleagues, affiliates, business partners (taxi/transfer transport companies; booking sites; travel agencies and other providers of tourist services), suppliers (e.g., consultants, accounting firms, auditors, IT service providers, financial institutions, law firms) and subcontractors for the performance and execution of any contract we enter into with them or you; 
    • Advertisers and advertising networks solely to select and serve relevant adverts to you and others with your consent;  
    • Analytics and search engine providers that assist us in the improvement and optimization of our web site;  
    • To develop customer relationships, services, products and systems; 
    • In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets. 

    As far as necessary for the previously mentioned purposes, we may share your personal data with these third parties, and when we do so we will require those affiliates to honor this Privacy Policy. 

    Except as described above or unless with your prior written consent, your personal data are never casually sold or passed on to third parties for commercial purposes. 

    15. Transfer and retention of your personal data

    Personal Data Transfer 

    Where your personal data is transferred or stored outside of the European Economic Area (“EEA”), and that country or jurisdiction is thus not subject to GDPR, we will ensure your data is protected by appropriate safeguards, including: 

    • The destination countries are deemed by the EU Commission to have an adequate level of protection of personal data; 
    • We have entered into Standard Contractual Clauses for the Transfer of Personal Data to Third Countries. 

    By submitting your personal data, you agree to this transfer and processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy. 

    In order to provide our services or products to you, it is sometimes necessary for us to transfer your data to the third parties outlined above that may be based outside of the EEA. In these cases, we ensure that both ourselves and our partners take adequate and appropriate technical, physical and organizational security measures to protect your data.  

     

    Retention 

    Your personal data are not retained any longer than is necessary or as required by law.  

    The data are being processed and retained by WorkNomads for a period required to allow the proper realization of the purpose for which they were collected and processed, or in pursuance of the possible contractual relationship you have concluded with us. 

    When our contractual relationship with you ends, the data will be kept as long as is necessary and in particular imposed by legislation. Normally the data is not kept any longer than the period during which legal action is possible regarding the execution of previous contracts (period of limitation). 

    WorkNomads in accordance with its internal rules and procedures, as well as the applicable legislation, processes and stores information about the data subjects for the following periods: 

    Type of personal data  Retention period 
    Data relating to the register for accommodated tourists within the meaning of Art. 116 of the Tourism Act, including identification data of the accommodated persons as well as data related to the hotel accommodation In accordance with the procedures and time limits stipulated in the Tourism Act and the relevant regulations.
    Information relating to requested and used hotel accommodation services, events and restaurant services, including such relating to cancellation of bookings for hotel accommodation (as far as they involve a refund of pre-paid amounts and/or a deduction of amounts due)

    From making the respective booking/request up to 5 /five/ years from the provision of the service/completion of the contract/cancellation of the booking. 

    In cases where the services are requested and used based on a long-term contract, the period starts running from the complete performance and/or termination of the contract. 
    Information relating to requested and used Coliving services, including such relating to cancellation of bookings for Coliving space (as far as they involve a refund of pre-paid amounts and/or a deduction of amounts due) 

    From making the respective booking/request up to 5 /five/ years from the provision of the service/completion of the contract/cancellation of the booking. 

    In cases where the services are requested and used based on a long-term contract, the period starts running from the complete performance and/ or termination of the contract. 
    Information relating to requested and used Coworking services, including such relating to cancellation of bookings for Coworking space (as far as they involve a refund of pre-paid amounts and/or a deduction of amounts due) 

    From making the respective booking/request up to 5 /five/ years from the provision of the service/completion of the contract/cancellation of the booking. 

    In cases where the services are requested and used based on a long-term contract, the period starts running from the complete performance and/or termination of the contract.
    Financial and accounting documents; invoices; authorisation slips; other information related to tax and insurance control.  Up to 10 /ten/ years from the beginning of the year following the one in which payment of the amount for the relevant year is due. 
    Unstructured communication, correspondence, complaints, signals, etc. 

    Up to 5 /five/ years 

    In cases where the correspondence concerns a long-term contract, the period starts running from the complete performance and/or termination of the contract. 
    Data relating to reservation of restaurant services by phone  Up to 1 /one/ year 
    System logs. Logs related to security, technical support, etc. (these may contain information such as: date and time, IP address, URL, information about the browser version and device) 

    1 /one/ year 

     
    Data from video recordings  Up to 6 /six/ months 
    Data from feedback cards 

    The information from the feedback cards is filled in the internal systems of WorkNomads in a fully anonymized form (only the feedback, comments and recommendations) without any information regarding the person who has given this feedback. After that the feedback cards are destroyed immediately. Up to 30 /thirty/ days after they have been filled in. 

     
    Data processed on the grounds of Data Subject’s explicit consent  As of the moment of obtaining the consent till its withdrawal by the data subject. 
    Note: The personal data referred to in this Policy may also be processed for a longer period than the ones specified above if this is necessary to achieve the objectives set forth therein or to protect the rights and/or legitimate interests (including in legal proceedings) of WorkNomads or if the current legislation provides for data processing for a longer period. 

    16. Your Rights

    Pursuant to the GDPR, you have the following rights: 

    • The right to access your personal data: to ask us for confirmation whether we process your personal data and to request for copies of your personal data in a structured, commonly used and machine-readable format; 
    • The right to rectify your personal data: to ask us to rectify or erase incorrect, incomplete, inappropriate or outdated information about you; 
    • The right to withdraw your consent: to revoke any previously granted consent with the processing of your personal data. Such revocation does not affect the permissibility of the processing of your personal data up to the moment of revocation. Revocation of consent may result in the discontinuation of the services provided to you by us; 
    •  The right to object to processing: to object to our processing of your personal data, if there are reasons arising from your particular situation or if the objection is directed against our processing activities based on our legitimate interests and/or for direct marketing;  
    • The right to have your personal data erased: to ask us to delete your personal information. This will result in the discontinuation of the services provided to you by us;  
    • The right to restrict processing operations: to request that we restrict the processing of your personal data; 
    • The right to transfer your personal data: to request the transfer of your data that we have collected directly to you or to another controller/organisation; 
    • The right with regard to automated decision-making (ADM), including profiling – not to be subject to an automated decision which is based solely on automated processing (i.е.processing without human intervention), including profiling within the meaning of the GDPR, which produces legal effects for the data subject or similarly significantly affects him/her, unless there are grounds for this as set forth in the GDPR as well as suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests. Such measure shall at least include the right to obtain human intervention on behalf of WorkNomads, the right of the data subject to express his/her point of view and to contest the decision. 
    • The right to submit a complaint about how we process your personal data to a Data Protection Authority – the Commission for Personal Data Protection of the Republic of Bulgaria. 

    To exercise the rights mentioned above, you may send us a written request, dated and signed. We may request you to provide us with information necessary to confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.  

    Your exercise of these rights is subject to certain exemptions to safeguard public interest (e.g. the prevention or detection of crime or fraud) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement. 

    Questions, exercise of your rights and complaints 

    You may contact us if you have any questions on this Privacy Policy, about how we protect or use your data, please email us at privacy@worknomads.com. 

    If you wish to report a complaint or if you feel that we have not addressed your concern in a satisfactory manner, you may contact the Commission for Personal Data Protection of the Republic of Bulgaria: 

    – E-mail: kzld@cpdp.bg  

    – Website: https://www.cpdp.bg/  

     – Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592 

    17. Changes to this Privacy Policy

    To keep up with changing legislation, best practice and changes in how we process personal information, we may revise this Privacy Policy at any time without notice by posting a revised version on the website of WorkNomads. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on the web site, and you waive the right to receive specific notice of each such change or modification. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the services after the date such revised Privacy Policy is posted. 

    18. Applicable law and competent court

    This Privacy Policy is governed by, interpreted and executed in accordance with Bulgarian law, which is solely applicable. The relevant applicable courts have exclusive jurisdiction to hear any dispute that should arise from the interpretation or execution of this Privacy Policy. 

    This Privacy Policy has been drafted by WorkNomads AD in its capacity as data controller to fulfil its obligations to provide information to the data subjects under Art. 13 and Art. 14 of Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). 

     

    This Privacy Policy will take effect from 25.11.2022.