Privacy Policy
PRIVACY AND PERSONAL DATA PROTECTION POLICY of “Stay Nexus” Apartments
This Privacy Policy governs the manner in which “Nexus Imoti” EOOD (referred to as the “Provider” or “We”) collects, uses and stores the personal data of its guests when using the accommodation services and the website staynexus.com.
The document has been prepared in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Tourism Act of the Republic of Bulgaria.
1. Personal data administrator
Your data is processed jointly by the companies operating under the “Stay Nexus” brand:
“Nekus Imoti” Ltd., UIC: 131333721
Correspondence address: Sofia, 18 Shipchenski Prohod Blvd., Galaxy Shopping Center, office 40.
Email for data questions: [email protected]
2. What data do we collect and why (KYC and ESTI)
In order to provide the “accommodation” service, we are legally required to collect specific personal data to identify guests (Know Your Customer / KYC procedure).
A. Tourist registration data (Mandatory by law)
According to Art. 116 of the Tourism Act, we are obliged to register each accommodated guest (Bulgarian or foreign citizen) in the Unified Tourist Information System (USTI), maintained by the Ministry of Tourism. For this purpose, we collect the following data from your identity document:
Three names;
Personal Identification Number (or date of birth for foreigners);
Identity document number (ID card or Passport);
Citizenship;
Gender.
B. Contact and communication details
Email address and phone number (incl. Viber/WhatsApp);
This data is required to send check-in instructions, access codes and invoices.
C. Financial data
Payment data (card data) processed through a secure environment of our partners (Unicredit Bulbank / Quendoo). We do not store your full credit/debit card numbers on our servers.
3. Data Collection Method and ID Verification
In view of the specifics of our properties (guest apartments without a 24-hour reception), data collection is carried out in one of the following two ways, at the client’s choice:
Physical submission on site: Submission of an identity document for reference at our reception (office) during working hours (12:00 – 18:00). Our employee enters the data directly into the system without retaining the document.
Remote Provisioning (Digital Check-in): For guest convenience and for express or self-check-in purposes, guests can submit the required details or a photo of their ID through our official encrypted communication channels:
Official email: [email protected]
Official Viber/WhatsApp number: +359 878 549 022
Important regarding Late Check-in: According to our Terms and Conditions, check-in after 6:00 PM is entirely self-guided. To make this possible, registration with ESTI and identity verification must be completed remotely during business hours (before 6:00 PM). Without providing personal data in advance, we are not entitled to and do not provide access (keys/codes) to the property.
4. Sharing data with third parties
We maintain strict confidentiality and do not sell your data. We only provide it to the following categories of recipients when it is mandatory:
Ministry of Tourism and NRA: Automatic data exchange through the ESTI system (legal obligation).
Ministry of Interior: Upon request, in connection with address registration of foreigners or the preservation of public order.
Banks and payment service providers (UniCredit Bulbank, Quendoo): For payment processing and prevention of bank card fraud.
Accounting firms: For the legal accounting of invoices.
5. Time of storage
Data in ESTI: Stored according to the terms set by the Tourism Act (minimum 5 years).
Accounting documents (invoices): 10 years, according to the Accountancy Act.
Communication (chat/email): It is kept until the relationship ends and the statute of limitations for claims expires, after which it is deleted.
6. Data security
We take all necessary technical and organizational measures to protect your data, including:
Use of secure SSL connections when making payments.
Restricted access to physical and digital registers to authorized employees only.
Encrypted communication through messaging platforms.
7. Your rights
As a data subject, you have the right to:
Request access to the data we process for you.
You request correction of incorrect data (e.g. incorrect PIN or email).
You request deletion of data (except for those that we are required to keep under the law on ESTI and NRA).
To exercise your rights, please contact us at: [email protected]
By making a reservation and providing your identity document (physical or digital), you declare that you are familiar with this policy and consent to your data being processed for the purposes of tourist registration.