This post is also available in: Български (Bulgarian)

Personal Data Protection Policy of

“PromisedLand” Complex


Information about us

“Eredita” Ltd (hereinafter referred to as the “Controller”) is a company entered in the Trade Register, kept at the Registry Agency under UIC: 127594877, with headquarters and business address: Stokite Village, Sevlievo Municipality, Email: is responsible for collecting and processing of the submitted personal data.

Contact Data:

“Eredita” Ltd

Address: Stokite Village, Sevlievo Municipality


“Eredita” Ltd as a data controller collects and processes certain information on natural persons.

This information may refer to employees, managers, clients and guests of the “PromisedLand” Guest House, suppliers, contractors, business contacts and other natural persons whom the Controller has relations with or would like to establish any business contact.

This Personal Data Protection Policy is issued on the basis of the Personal Data Protection Act and its regulations of its usage as amended (“Bulgarian Legislation”) and General Data Protection Regulation (GDPR) (EU) 2016/679.

By sharing your personal data with us you are declaring that you are at least 16 years old.


What is meant by “personal data” and “processing of personal data”?:

“Personal data” means any information which a natural person can be identified with, directly or indirectly, by one or more attributes typical of the person such as: name, identification number/Civil ID number, contact details: location / mailing address, phone number, email address, online identifier / IP address, video images, and etc. These attributes may be a part of the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity of the natural person.

“Processing of personal data” means sum of operations executed with personal data or set of personal data such as collecting, recording, arranging, structuring, keeping, adapting or modifying, extracting, advising, using, disclosing through submitting, distributing or other means by which data becomes available, fixing or combining, limiting, deleting or destroying;


Our attitude towards your personal data

The Controller attaches great importance to the personal data protection and collects and processes personal data in compliance with the requirements of national and European legislation only. The purpose of this Personal Data Protection Policy is to inform you in what way we are processing your data and what kind of personal data we are collecting about you; for what purpose, period and what your rights are.

Your data security is very important to us. That’s why we protect your data by applying all proper and adequate technical and organisational means regarding potential risks to the rights and freedoms of natural persons in order to prevent unauthorised access, unauthorised or malicious use, loss or untimely deletion of information.


What kind of information do we collect and why?

We may collect personal data about you when using our website or when selecting our services. In most cases we require your personal data for the purpose of signing a contract, complying with a legal obligation or protecting our legal interest. In certain cases we process data based on your consent.

Depending on the services used, we may collect and process the following information about you;

Name of person, Civil ID number (for registration in the Guest House “PromisedLand” and invoice issuance, upon request), date of birth and sex;

Contact details – mailing address, phone number and email address (email);

Our guiding principles:

We strictly observe some basic mandatory principles when processing your personal data;

Personal data is processed lawfully, in good faith and in a transparent way;

Personal data is collected for specific, explicit and legitimate purposes and is not further processed in a way incompatible with these purposes;

Personal data is relevant, related and limited to what is needed in relation to the purposes which they are being processed for;

Personal data is accurate and up-to-date, if needed;

Personal data is kept in form allowing the persons concerned to be identified for a period no longer than is needed for the purposes which the personal data is processed for;

Personal data is processed in a way providing with an adequate level of security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage by applying proper technical or organisational measures.


We process personal data collected most frequently with the following objectives:

When signing and executing a contract, with regard to guest registration at the Guest House “PromisedLand” preparation of accounting documents such as a bill or an invoice for the services
provided to you; for the purpose of notifications related to our services. When performing a legal obligation – for the purpose of obligations provided by Tourism Act, Accountancy Act and Tax-Insurance Procedure Code and other related regulations with regard to the proper and legal accounting; in information obligations to all state commissions and regulating authorities, as well as court; when performing online booking (distance selling) and selling outside our facility; With your consent – for direct marketing of our products and services.

What are your rights:

When collecting and processing your personal data, you are entitled to:
Information on your personal data processed and access to your personal data collected;
Correction/completion if the data is inaccurate/incomplete – on your own initiative or on the initiative of the Controller;
Deletion of personal data, if there are legal grounds for doing so;
Restriction on the processing of your personal data by the Controller, provided there are legal grounds for doing so;
Portability of personal data between separate controllers – this entitles you to receive your data from the Controller and to transfer it to another controller in a format suitable for use;
Objection to the processing of your personal data, provided there are legal grounds for doing so;
Right to judicial or administrative defence if your rights have been violated;
You can protect your rights by emailing us at: or by mail/courier at:
Stokite Village 5462, Sevlievo Municipality, “Eredita” Ltd;
We keep your personal data in accordance with the purpose which they were collected for and within the statutory deadlines.

When can we disclose your personal data:

We enforce a set of measures to protect your personal data from loss, theft and misuse, and from unauthorised access, disclosure, modification or destruction. The Controller uses third parties to support certain contract activities or upon performing a legal obligation. We do not provide third parties with your personal data before we are sure that all technical and organisational measures have been taken to protect this data by trying to execute strict control to reach this goal.
Some of the recipients of personal data can be: courier companies, external consultants and experts, collection companies and law firms, banks, security companies, sales agents and representatives, and etc.
Your personal data may be disclosed in certain circumstances stipulated by law. For example, your personal data may be disclosed to third parties with your explicit consent or with the authorisation of the Data Protection Commission. In certain cases providing of personal data is mandatory in order to comply with our legal requirements such as: Regulating authorities, including state commissions, institutions and agencies, NRA, NSSI, courts, prosecutor’s office, and etc. where we must provide personal data in accordance with the valid legislation. If needed or appropriate we may provide your personal data for the national security purposes or for issues of public concern.

Tracking Cookies

We use “cookies” to make your visit to our website more pleasant and to provide use of certain features on different pages. These are small text files which are saved on the end device by which you visit our website. Some cookies, “Session cookies”, are deleted when you close your browser. Other cookies remain on your end device and allow us or our affiliates to recognise your browser on a subsequent visit (“Permanent cookies”). You can set your browser in such a way allowing you be aware of the cookies setting and decide to accept them individually or turn off the acceptance of cookies for particular cases or as a whole. You can find additional information in the help section of your Internet browser. Cookies disclaimer may restrict the functionality of our website. We distinguish system “cookies” and promotional “cookies”. System cookies are required for the proper functioning of our website. Cookies disclaimer will change your browsing experience on our website and certain services on our website will not be usable. Promotional cookies are saved by loading the website and help us analyse the aggregated data regarding our visitors, for example how they reach our website, how much time they spend on it, if this is their first visit, how they review the content of our website. We also may reach a conclusion regarding the success of our marketing campaigns.

Facebook Pixel
We use Facebook Pixel, a Facebook service. This service uses “cookies” stored on your device allowing ad targeting through the Facebook ad platform to its users who have already visited our website in the last 180 days. This service also provides extra opportunities for creating general and anonymous public of visitors based on the website’s content, as well as tracking the success of advertisement campaigns executed through the Facebook ad platform. More information can be found in the Facebook Privacy Policy here: If you do not want to take part in the tracking process, you can disclaim the “cookie” setting needed for that by using your browser settings and disable the general and automatic cookie saving.

Google Analytics

We use Google Analytics, a web analytics service of Google LLC. The information generated by the “cookies” for your use on this website is usually sent to Google servers in the USA and kept
there. Google shortens in advance your IP address within the Member States of the European Union or other countries – parties to the Agreement on the European Economic Community. On behalf of the operator of this website, Google uses this information to evaluate the use of the website, compile reports on the website activity and provide other services related to the website and Internet use to the website operator. IP address sent through your browser in the context of Google Analytics is not connected to other data available to Google. You can refuse the use of “cookies” by selecting the proper settings in your browser. You may also prevent the data collection by Google through “cookies” and their connection with the website use (including IP address), as well as their processing by Google by downloading and installing plug – in for your browser here:

Links to social media

Our website also contains link to Facebook. In this case, the data transfer to the social media operator mentioned happens only when pressing the relevant button of the icon illustrating the link. Clicking on such a button opens the page of the respective social media. There you can post information on our services in accordance with the rules of the social media operator . You can use our official contact profiles in the various social media as well as other official public accounts of the company. Such is our: Facebook page; Your personal data sent via a private message shall only be processed for the purposes of the reply to your inquiry. We are not responsible for the information and personal data which you voluntarily share in our official profiles without expressly being requested by you.


The Controller take due measures to protect your personal data from accidental loss and unauthorised access, use, modification or disclosure. There are policies and procedures designed
to protect information from loss, misuse and unauthorised disclosure. In addition, we take extra measures regarding information security, including access control, strict physical protection and reliable practices for collecting, keeping and processing information.
On the other hand, we apply technical measures such as encryption, pseudonymization and anonymization of personal data collected.

When do we delete your personal data?

We keep all the information we have collected about you and destroy it within the statutory time limits and if where there are no such ones, destruction is done within the time limits set by us and after the final arrangement of all our financial issues. We do not keep your data for an indefinite period.

Transfer between countries

Transfer, keeping and processing of personal data is provided by modern technical resources. The Controller will not transfer your data outside of the EEA without complying with the legal
opportunities and will introduce proper precautions to keep the confidentiality of your information.


Controller keeps the accounting and commercial information as well as all other information and documents relevant to the taxation and mandatory social security payments within the following
time limits:
payrolls – 50 years;
accounting records and financial reports – 10 years;
tax and social security control documents – 5 years after the expiration of the limitation period for repayment of the public obligation which they are related to;
all other carriers – 5 years if any shorter time limit is not stipulated by the legislation;
When the storage period expires, carriers of information (paper or technical) which are not subject to submission to the National Archives Fund may be destroyed.
When the storage period expires, data is destroyed as soon as possible through the medium of destroying the hard carriers by shredding. Technical carrier is destroyed by erasing and deleting relevant files from the Company’s computers and systems.

Changes to this Personal Data Protection Policy

This Personal Data Protection Procedure can be amended over time. Such amendments will be valid immediately after their disclosure. Regular review of this page ensures that you will always be aware of what kind of information we are collecting, how and for what purposes the Controller uses it and under what circumstances (if any) we will share it with other parties.

This Personal Data Protection Policy was approved by the Manager on May 20, 2018 and last updated on April 15, 2019.