Privacy Policy

We are concerned about preserving your privacy and have a duty to protect your personal data. This privacy statement informs how we manage your personal data, your privacy rights, and how the law protects you. Please read this privacy statement carefully before browsing our site or communicating with us.

In the Privacy Policy:
“Services” means all products, services, content, features, technologies, or functions, and all related websites, applications, and services offered by us.
“Platform” means the websites, mobile applications, mobile sites, or other online properties through which we offer our services.
“Personal Data” means any data that contains identifying information (eg name, address, telephone number, email, etc.).
“Data controller” means a person or company that determines the purposes or means of processing personal data.

  1. Who are we?
    The main administrator of your personal data for the purposes of our international services is Miliani OOD, a limited liability company with headquarters in Burgas, 54 Demokratsia Blvd. “We”, “Us” or “Our” in the Privacy Policy). Guest House Gran Via is the administrator of personal data regarding the local services we offer. The relevant contact details are set out in section 13.
  2. What data do we collect about you?
    2.1.1. Data provided through direct interactions.
    Booking inquiries and contact via contact forms on our platforms.

When you make a booking inquiry we may collect the following information about you:
Your Name
E-mail address
Phone number

2.1.2. Information we collect automatically when you use our Services
When you access our Platforms we automatically collect the following information about you:

Device information
We collect device-specific information such as operating system, version, and unique identifiers. For example, the name of the mobile network you are using. This data helps us associate your visit to our site with your profile and always provide you with an individual experience and offers.

Location information
Depending on your device’s permissions, we automatically collect and process information about your actual location. We use a variety of technologies to determine your location, including IP address, GPS, Wi-Fi access points and mobile phones. Your location data helps us offer you the best offers related to your location.

User Data and Login Data
Technical details, including your device’s IP address, time zone, and operating system. We will also save data from your booking request (date of request), your browser type, and version.

Data generated by users when browsing web pages
We collect information about your activity on our Platform, which includes the sites from which you access our Platform, date and time of each visit, searches you perform, advertisements or banner advertisements you click on, your interaction with such advertisements or advertisements on time of your visit and the order in which you visit the content of our Platform.

Cookies and similar technologies
We use “cookies” to manage user sessions, and to store your selection of preferences related to the language used. “Cookies” are small text files transferred from a web server to your device’s hard drive. Cookies can be used to collect the date and time of website visit, web browsing history, your preferences and your username. You can set your browser to refuse all or some cookies or to warn you when websites you visit set or access cookies. Please note that if you disable or decline cookies, some parts of our Services / Platform may become unavailable or may not function properly. For more information about the cookies we use, please see our Policy on Cookies and Similar Technologies.

2.1.3. Data from third parties or publicly available sources
We obtain your personal data from various third parties [ and public sources] as set out below:

  1. Specific technical data and information about the use of the Services from analytics providers such as Google, Saycle;
    ii. from advertising networks;
    iii.from providers of search information;

2.1.4.We do not collect personal data that:
reveal racial or ethnic origin;
reveal political, religious or philosophical beliefs;
disclose membership in political parties or organizations, associations with religious, philosophical, political or trade union goals;
relate to health, sex life or the human genome;

  1. Do we collect information from children?
    Our Services are not intended for children under the age of 16, and we do not knowingly collect personal data from anyone under the age of 16. In the event that we learn that a person under the age of 16 has provided us with personal data, we will delete it immediately.
  2. Why do we process your personal information?
    We will only use your information and personal data where the law allows us to. We will most often use your personal data in the following circumstances:
    When we need to contact you to send you the offer you have requested
    When we need to fulfill the reservation you made.
    When necessary to protect your legitimate interests to improve our services and provide you with a safe and secure Platform.
    When we are required to comply with a legal or regulatory obligation.
    In certain circumstances, we may process your personal data based on your consent. If we do, we will notify you of the purpose and category of personal data to be processed at the time we seek your consent. Below we set out a description of the ways in which we use your personal data [and the legal grounds we rely on to do so. We also identify what our legitimate interests are].

4.1 To provide feedback.
If you make a booking inquiry or send us a message through the inquiry form, we use your first name, last name, mobile number, and/or email address to identify you and send you the best offer for you.
We process the above information for the accurate performance of our contract with you and based on our legitimate interest to carry out marketing activities to offer you services that may be of interest to you.

4.2. To improve your user experience on the Platform.
A) We use data generated by users when browsing web pages to:
offer tailored content, such as giving you more relevant holiday offers.
determine how much time you spend on the Platform and how you operate the Platform in order to understand your interests and improve our Services based on this data. For example, we may suggest content for you to visit based on the content you have clicked on.
monitor and report on campaign performance of our business partners and for internal business analytics.

B) We use your location data for the following purposes:
to compile anonymous and aggregated information about the characteristics and behavior of users of the Platform, including for the purposes of business analysis, segmentation, and disclosure of anonymous profiles.
to improve the performance of our Services and to personalize the content we direct to you. For example – using your location data, we can send you a specific offer related to it.
to evaluate and monitor your access to third-party advertising banners visible on the Platform.

C) Using the booking inquiry information you provide, including email addresses and phone numbers, we reflect the different devices (such as desktop computers, mobile devices, and tablets) used by you to access the Platform. This allows us to link your activity on the Platform from different devices and helps us provide you with a seamless user experience regardless of what device you use to access.

We process the above information based on our legitimate interest to improve your experience on the Platform and fully fulfilling our joint contract.

4.3. To provide you with a safe and secure Platform.
A) We use your mobile number, access form data, and unique device identifiers to administer and secure the Platform (including troubleshooting, data analysis, testing, fraud prevention, system maintenance, support, reporting, and data acceptance ).

B) We analyze your communications made through our feedback feature to prevent fraud and promote safety by blocking spam or abusive messages that may have been sent to you by any other user.

We process the above information for the full and accurate performance of our joint contract, to improve our Services, and, based on our legitimate interest, to prevent fraud.

  1. How will we notify you of changes to the Privacy Policy?
    We may update this Privacy Statement from time to time. We will post the changes on this page and notify you by email or through the Platform. If you do not agree with the changes made, you have the right to delete your account by selecting send an email to
  2. Your rights
    In certain circumstances, you have rights under applicable data protection laws and in relation to your personal data.
    If you wish to exercise any of the rights listed below, please select your account settings / privacy settings or contact us via the contact form or via email
    Right to request access to your personal data (commonly referred to as a “data subject access request”). This gives you the opportunity to obtain a copy of your personal data that we hold and to check that it has been lawfully processed.
    Right to request correction of your personal data we hold about you. This gives you the opportunity to correct any incomplete or inaccurate data we have about you. However, we may need to verify the accuracy of the new data you provide to us.
    Right to request the restriction of processing of your personal data. This gives you the opportunity to contact us with a request to stop processing your personal data in the following cases: a) if you want us to prove the accuracy of the data; b) when you believe that our use of the data is unlawful; c) when you require us to store the data, even if we no longer need it, as you need to establish to exercise or prove your claims; or d) where you have objected to the use of your data, but we need to check whether we have legal grounds to use it.
    Right to request the erasure of your personal data. This right enables you to contact us to request the deletion or removal of your available data when there is no valid reason for us to continue processing it. In addition, you have the right to request that we delete or remove your personal data when you have successfully exercised your right to object to processing (see below) when you suspect that we may have processed your information not in accordance with legal requirements or from when we are required to delete your personal data to comply with legal requirements. Please note that for certain purposes we may be legally required to store your personal data (see section 10).
    Right to object to the processing of your personal data, when it is based on a legitimate interest (or that of a third party) and there is a reason for your specific interests, which leads you to object to the processing of your personal data on this basis, considering that the processing violates your fundamental rights and freedoms. You have the right to object when we process your personal data for direct marketing purposes. In certain cases, we may demonstrate that we have compelling legitimate grounds to process information about you, which overrides your right to object.
    Right to request the transfer of your personal data to you or to a third party. We will provide you, or a designated third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you have originally given us your consent to use or that we have used to enter into a contract with you.
    You have the right to withdraw your consent to the processing of your personal data at any time. This does not affect the lawfulness of the processing that we have already carried out on the basis of your prior consent.
    No fee is usually required: You have no obligation to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. We may refuse to fulfill your request in these circumstances.
    Response Time: We will do our best to respond to any legitimate request within one month of its submission. It may take us more than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated. In addition, you have the right to lodge a complaint at any time with the Privacy Commission as set out in section 13. Before you lodge a complaint with the Privacy Commission, we would like to know your grounds for complaint and claims and do our best to resolve them. Please contact our Privacy Department using the contact form.
  3. Communications and Marketing
    We will contact you by email or call regarding our Services and your inquiry through our Platforms. Because it is imperative that we provide you with such communications at your request, you may not be provided with an opportunity to opt-out of receiving them.

You can ask us to stop sending you marketing communications at any time by clicking on the opt-out link in the email or SMS sent to you.

You may receive marketing communications from us if:
you have requested such information from us;
use the Platform or the Services;
you provided your data when you participated in a contest organized by the Platform; or
you are registered for a promotion.

  1. Who do we share your data with?
    We may share your personal data with the parties listed below for the purposes set out above in section 4.
    Our marketing department to contact you if you are interested in our services, as well as send you advertising offers related to your interests.
    Sales and Reception to enter your details into our booking systems, which is the only way to prove that the booking is in your name.
    Third-Party Service Providers: We use third-party service providers to provide certain parts of our Services, such as device hosting companies, and companies that collect and classify marketing data. Service providers may be located in or outside the EEA.
    We conduct checks on our third-party service providers and require them to respect the security of your personal data and treat it in accordance with legal requirements. We do not allow third-party service providers to use your personal data for their own purposes, and we only allow them to process your personal data for specified purposes and in accordance with our instructions.
    Advertising and Analytics Providers: In order to improve our Services, we will sometimes share non-identifiable information with analytics providers that help us analyze how users use the Platform / Services. We share our information with them in a non-identifiable form to monitor and report the effectiveness of the campaigns provided to our business partners and to analyze the business itself. For more details about our advertisers and analytics providers, please see our Cookies and Similar Technologies Policy.
    Law enforcement authorities, regulators and others: We may disclose your personal data to law enforcement authorities, governmental or public authorities and other similar third parties in order to comply with any legal or regulatory requirements. We may disclose your personal data when such disclosure is necessary for the establishment, exercise, or defense of legal claims, whether in legal proceedings or in an administrative or out-of-court proceeding. In these cases, we are not obliged to inform users about the disclosure of their personal data to public authorities.
    We may sell, transfer or merge parts of our business or our assets. We may acquire or merge with other companies. If these changes to our business occur, the new owners may use your personal information in the same way as described in this privacy statement.
    Publicly Available Information: When you post an item for sale through our Services, you may choose to make certain personal information visible to other users of the Platform. This may include your first name, last name, email address, location, and contact number. Please note that any information you provide to other users may always be shared by them with third parties, so please do so at your own discretion and risk.
  2. International transfers
    Whenever we transfer your personal data outside the EEA, we ensure that it provides a similar level of protection by ensuring that at least one of the following safeguards is in place:
    We only transfer your personal data to countries that are accepted by the European Commission as providing an adequate level of personal data protection. For more details, see European Commission: Adequacy of personal data protection in non-EU countries
    When we use the services of certain service providers, we may enter into specific contracts with them, approved by the European Commission, which gives personal data the same protection as it has in Europe. For more details, see European Commission: Model contracts for the transfer of personal data to third countries
    When we use US-based service providers, we may transfer data to them if they are part of the EU-US Privacy Shield, which requires them to provide similar protections for personal data. data shared between Europe and the US. For more details, see European Commission: EU-US Privacy Agreement.
    You can obtain a copy of the warranties in place by contacting us via the contact form.
  3. Where do we store your data and for what period of time?
    The data we collect about you will be stored and processed both inside and outside the EEA on secure servers to ensure the best possible user experience for users. For example: to quickly create websites or mobile applications.
    We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including the purposes of complying with legal, accounting, or reporting requirements.
    To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of your personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, and the purposes for which we process your personal data, and whether we can achieve these purposes through other means and applicable legal requirements.
    In case you have any questions regarding the storage period of your personal data, please contact us via the contact form or by email
  4. Technical and organizational security measures for processing
    All information we receive about you is stored on secure servers of our hosting provider and we have implemented technical and organizational measures that are appropriate and necessary to protect your personal data. Gran Via House continuously evaluates the security of its network and the suitability of its internal information security program, which is designed to (a) help protect your data from accidental or unlawful loss, access or disclosure; (b) identify reasonably foreseeable security risks to our web platforms c) minimize security risks, including through risk assessment and regular testing. We also ensure that all payment data is encrypted using SSL technology.
    Please note that despite the measures we take to protect your data, the transfer of data over the Internet or other open networks is never completely secure and there is a risk that your personal data may become accessible to unauthorized third parties.
  5. Links to third party sites
    The Platforms may contain links to third-party websites or applications. If you click on any of these links, please note that each has its own privacy policy. We do not control these websites/apps and are not responsible for their policies. When you leave the Platform, we encourage you to read the privacy notice of each website you visit.
  6. Contact​​strong,
    ​​For further information or to exercise your rights, please contact our hotel manager by email

For local data protection matters, your local supervisory authority is:
Personal Data Protection Commission
Address: Sofia, 1592, 2 Tsvetan Lazarov Blvd
Tel. +359 2 915 3580 Fax +359 2 915 3525

14.1. By accessing the website and using our platforms, the user accepts and gives his informed express consent for his personal data to be collected, processed, and stored by the Administrator for the purpose of the correct, trouble-free, and full use of the platforms, according to the Privacy Policy published on the website.

14.2. The administrator takes measures to protect the personal data of users, in accordance with the requirements of the Law on the Protection of Personal Data and other applicable provisions of Bulgarian and European law.

14.3. The User agrees to receive system information and messages that, in the opinion of the Administrator, are useful, informative, or necessary in connection with the Services, including but not limited to information about products or services, updates, new features or services, advertising campaigns, promotions, events, changes or technical failures in the operation of the platforms, as well as other information, from the Administrator and its partners at the e-mail address or the telephone number specified by the user in the reservation form. The user can withdraw his consent at any time by email to

14.4. The user agrees to the data about his preferences to be used for newsletters and other purposes in connection with the Gran Via Guest House platforms.

14.5. The User’s personal data, entered by him in the Gran Via House platforms in connection with the preparation of an online offer, remain saved in the system, even if the inquiry has not been completed.

14.6. In certain cases, e.g. when the Administrator has reasonable suspicions of a violation of the General Terms and Conditions and rules for using the platforms, the applicable laws or to detect a crime or prevent a violation, the Administrator has the right to access the personal data of users.