The website you are visiting is a Platform (online store) with online address administrated by GRAND HOTEL MILLENNIUM SOFIA OOD, registered with the Trade Register at the Registry Agency under UIC:205948178, registration under the Value Added Tax Act No. BG205948178, with registered office and address of management at Sofia, P.O.B. 1463, 89В, Vitosha Blvd. (hereinafter GRAND HOTEL MILLENNIUM SOFIA or the COMPANY).  

Your privacy is a priority for GRAND HOTEL MILLENNIUM SOFIA and we strictly comply with the data protection legislation. This Policy aims to provide the users and visitors of with more information about the data protection principles , our responsibility as personal data controller and the measures we have implemented in order to avoid unauthorized use of your data without your knowledge or processing of your data without you being able to object or withdraw your consent.  

This Policy is subject to change over time as a result of the progress of the personal data protection legislation and as reflection of the commitment of GRAND HOTEL MILLENNIUM SOFIA to improve and streamline its practices with the latest developments in this field. GRAND HOTEL MILLENNIUM SOFIA strictly applies the relevant provisions in the field of personal data protection during all personal data processing activities performed through the Platform. 

This Privacy Policy shall apply only to, but not to the individual pages and websites of third parties, to which you may be redirected or which you may otherwise access  from In such cases GRAND HOTEL MILLENNIUM SOFIA does not have control over the data processing by third parties and cannot guarantee the protection and integrity of your personal data.

Furthermore, for additional information you may review the general privacy policy for clients of GRAND HOTEL MILLENNIUM, with online address 

This Policy was approved and enters into force on 17.12.2021, and regulates the personal data processing through

You may contact GRAND HOTEL MILLENNIUM SOFIA regarding any doubts related to the application of this Policy or the exercising of your rights via email at: 

Please read carefully this Privacy Policy, and should you have any questions, do not hesitate to contact us using one of the methods described below.

I. Main definitions

“Personal Data” – means any information relating to you – the visitor/user of our website or software application that independently or in combination with other information may help us recognize your identity or link your user behavior with a specific device, out of which you are visiting our website.

“Personal Data Subject” – means you, the natural person-visitor and/or user of the Platform

“Personal Data Processing” – means any operation we perform or may perform with your personal data including, but not limited to, its collection, analysis, storage, destruction, etc.

“Personal Data Controller” – “GRAND HOTEL MILLENNIUM SOFIA” OOD. We determine the purpose of the processing of your data, based on one of the grounds thereof envisioned by law; we determine also the means of such processing – i.e. the technical infrastructure and applications used to perform the processing.

I. The personal data we collect through our webpage

– With regards to orders placed through the Platform (online store) we collect client data, which includes data related to the purchase of goods and/or services, like for example your name, invoicing address, delivery address, email address, other contact data (phone number) and other.  

– The information collected may include data about your supplier, operational system, type of browser, domain name, your computer IP address (or another electronic device for Internet connection), time of visit to the webpage, the webpage, from which you were redirected through a link to the webpage of GRAND HOTEL MILLENNIUM SOFIA, the webpages you searched for and time and date of the search; 

– When using the contact form on the website the Data Controller collect the names, phone number and email address of the user, as well as additional information, which the user may wish to provide.  

– With regards to submitted complaints, applications, demands, requests, and alerts (incl. such with free text), the Data Controller may collect non-structured information contained in the relevant claims, applications, demands, requests and alerts, as well as information related to the results from their processing;- With regards to subscription to receive news and other marketing notices about promotions, events and other up-to-date informationrelated to GRAND HOTEL MILLENNIUM SOFIA activities: email address of the subscriber;

– “Cookies”: The functioning of the Website requires the use of “cookies“. You may set up your browser to refuse all or some cookies, or to warn you when the webpages place or have access to cookies. If you deactivate or refuse the cookies, please bear in mind that some parts of the present page may become inaccessible or may not function properly. More information regarding the used “cookies“, their designation and the information processed through them you may find on ………………  

– With regards to any message you send us by email or using the communication form on our website or in another way: Your names, contact address, email address and other data specified by you, necessary in order to communicate with you. 

– Other data: GRAND HOTEL MILLENNIUM SOFIA may also process other data referring to you if you voluntarily provide such data by filling out the relevant electronic forms in the Platform, adding preferences, setups, etc.

III. If you do not wish to provide us with your personal data

When you have the option to choose whether to share your personal data with us, you may always choose not to share them. 

If you object to the processing of your personal data by us, we shall honor your request in compliance with our legal obligations. However, as a consequence of your objection  we may not be able to process your data for the purposes described below. This may mean that it is impossible for you to use the services and products offered by us if you fail to provide us with personal information about yourself, or in case that after you have provided your information you object against its processing. In particular, please note that if you fail to provide the personal data necessary for  the contract between us, we may not be able to fulfill our contractual obligations (to provide you products or services). If you do not provide us with the requested information, we may be forced to cancel the product ordered by you in which case we will duly inform you.

IV. We use your personal data for the following purposes:

–  In order to enter into a sales contract and to perform the delivery of the goods and/or services ordered by you, as well as for accounting purposes as legally required. 

– For communication with the users – data subjects and in order to send informative messages;

– For response and management of alerts, complaints, requests for exercise of rights and other similar issues;

– In order to keep logs of electronic declarations;

– For other activities with regards to the performance of our legal obligations related to the provision of information to competent public and judicial authorities and for cooperation with the competent bodies in case of inspections; 

– In order to ensure the normal functioning and use of the Website by the data subjects and by third parties, including for the purposes of the Website maintenance and  administration, to prevent cyber attacks and other malicious activity;

– For design, development and improvement of the Website functionality;

– On the grounds of the legitimate interest of GRAND HOTEL MILLENNIUM, including in case of litigation procedure and for the purpose of supporting the other visitors of the Website for the defense and protection of their rights and legal interests; 

– For quality management and control of the services provided by GRAND HOTEL MILLENNIUM; 

– In order to send marketing and advertising messages concerning products, services, special offers, packages, events and other similar;

– For research and feedback regarding the quality of services;

– In order to send information bulletins;

– For other purposes, for which a specific consent was granted by the data subject.

Change of the purposes

GRAND HOTEL MILLENNIUM SOFIA shall use your personal data for the purposes, for which they were collected, unless it was reasonably estimated that the same must be used also for another purpose compatible with the initial one.  

In case it is necessary to use your personal data for a purpose, which is incompatible with the initial purpose for which they we collected, GRAND HOTEL MILLENNIUM SOFIA will duly inform you and will explain to you the legal basis that allows for this data to be used also for this new purpose.

V. Legal grounds

GRAND HOTEL MILLENNIUM SOFIA processes your personal data on the grounds specified in Art. 6 of the General Data Protection Regulation, as follows: 

– For the performance of a contract concluded between us and/or to take steps upon your request for concluding such contract;

– For compliance with legal obligation;

– For the purposes of our legitimate interest;

– Based on your consent. 

When you fill out our Contact Form – we process your personal data based on your consent and in order to answer your specific request. 

In case you become part of the inner circle of Millennium by subscribing for news and marketing message, we process your data based on a freely given, specific, informed and unambiguous consent to process your data for the purposes of receiving information bulletins about our products and services.

You may at any time withdraw your consent, after which GRAND HOTEL MILLENNIUM SOFIA will not send you information materials unless you expressly provide your consent by entering once again your Email address into the form. You may withdraw your consent by following the link in the received Email or at

When your consent was not requested and given for the purpose of a specific processing, or the processing is not strictly necessary for the performance of the service requested by you, we, most probably, process your data on grounds our legitimate interest or such of a third person, provided that it would not damage or would insignificantly affect your right to personal data privacy. Such evaluation will always be documented by us and will follow certain criteria and argumentation. 

VI. Period for storage of your personal data

As a general rule, GRAND HOTEL MILLENNIUM SOFIA stores the personal data only for the period, for which they are necessary in order to fulfill the purposes, for which they were collected, including also to comply with the legal requirements. 

In the case of pending legal proceedings, which require the storage of the data and/or in case of a request by a competent public authority, it is possible to keep the data for a longer period than the ones indicated until the end of the dispute or proceedings before all instances. The abovementioned periods may be subject to change in case a different storage period is established in the applicable legislation.

VII. Providing your personal data to third persons

It is possible for GRAND HOTEL MILLENNIUM SOFIA to share your personal data with the following categories of third persons:

– Tax authorities and other public bodies and institutions in the case of inspection;

– Service providers: e.g. IT and system support;

– Intermediaries for the performance of the contract: courier firms and postal services suppliers;

– Professional advisers: e.g. accountants, lawyers, bankers, auditors, insurers, etc. 

– Courts, arbitration courts, Commission for Consumer Protection, Commission for Personal Data Protection and other, in case of a legal dispute or inspection;

– External marketing services consultant. 

GRAND HOTEL MILLENNIUM SOFIA requires all third parties to respect the  security of your personal data and to process them according to the applicable law. GRAND HOTEL MILLENNIUM SOFIA does not permit the third parties – service providers to use your data for their own purposes, but only for the specific purposes of and according to the instructions of the GRAND HOTEL MILLENNIUM SOFIA.  

VIII. International transfer of personal data

GRAND HOTEL MILLENNIUM SOFIA does not transfer your personal data outside the European Economic Area, i.е. the data is not transferred to countries, which do not provide a level of personal data protection equivalent to the provided by the Bulgarian legislation.   

GRAND HOTEL MILLENNIUM SOFIA, may provide your personal data to third parties, who will process the data according to our instructions or pursuant to the law, if necessary.

IX. Data security

GRAND HOTEL MILLENNIUM SOFIA implements the necessary measures to protect the personal data from accidental loss or unwarranted access, use, change or disclosure. Also, the access to personal data in the Company is limited to those employees, subcontractors and other third parties, who need this access for the purposes of their activity and for the performance of their duties. They will process your data only according to the instructions given by GRAND HOTEL MILLENNIUM SOFIA. Furthermore, they are under the obligation to keep the confidentiality of your data.


Art. 18. The Data Subject shall have the right to object, on grounds relating to his/her particular situation, at any time to processing of personal data concerning him/her, including profiling within the meaning of the Regulation, based on public interest, exercise of official authority and the legitimate interests of GRAND HOTEL MILLENNIUM SOFIA OOD or a third party. In these cases, GRAND HOTEL MILLENNIUM SOFIA OOD shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the Data Subject or where necessary for establishing, exercising or defending legal claims.

Art. 19. (1) The Data Subject may exercise his/her personal data protection rights by personally submitting a written request at the address specified in Art. 23 of this Policy or by sending a notary certified request by post.

(2)The request under Para 1 may also be exercised via electronic means, and for this purpose the same shall be signed by the Data Subject with a qualified electronic signature within the meaning of the Electronic Document and Electronic Certification Services Act and Art. 3 (12) of Regulation (EU) No 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC; which is to be sent to GRAND HOTEL MILLENNIUM SOFIA OOD at the electronic address referred to in Art. 23 of this Policy.

(3)The Data Subject may exercise the rights relating to his/her personal data either personally or through an explicitly authorised person (with a power of attorney certified by a notary).

(4)Part of the rights may also be exercised through the functionalities available on the Website.

X. Links to other web pages

The page hosting the Platform of GRAND HOTEL MILLENNIUM SOFIA may contain links to other webpages and applications of third parties. Clicking on these links may enable these third parties to collect or share data about you. GRAND HOTEL MILLENNIUM SOFIA has no control over these web pages and bears no responsibility for their policies with respect to data protection. Therefore, it is recommended that you read very carefully their policies.  

XI. Terms and conditions, which apply to the consent of a person aged under 18 years in connection with information society services

In the cases when grounds for the personal data processing of a data subject are its express consent and this processing is related to the direct offering of information society services to a data subject aged under 18 years, by using these services he undertakes to provide valid consent in accordance with applicable law.

XII. Your legal rights

According to he applicable data protection legislation you have the following rights: 

  1. Right to access, including right to a copy of the processed data:

At any time, you have the right to request information regarding the personal data, which we store about you. You may contact us and request your data which will be provided to you upon written request and identification;

  1. Right to rectification of inaccurate personal data:

You have the right to request rectification of your personal data if they are inaccurate, including completing incomplete personal data. This you may do through your profile and by sending a written request to us.

  1. Right to erasure (“Right to be forgotten“) in the following cases:

– the processing is no longer necessary;

– the consent was withdrawn, when the processing is based on consent;

– the data have been unlawfully processed;

– the personal data have to be erased for compliance with a legal obligation;

The right to be forgotten is not an absolute right and it may not be honored in the cases provided by law or if you fail to identify yourself.

  1. Right to restriction of processing, when:

– the accuracy of data is contested for the period needed for their accuracy to be verified;

– the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; 

– the data is required for the establishment, exercise or defense of your legal claims; 

– you objected to the processing pending the verification whether  the legitimate grounds of the controller override yours.

In the case of rectification, erasure or restricting of processing, we shall notify each recipient, to which the personal data were disclosed, unless this proves impossible or involves disproportionate effort.

  1. Right to portability of machine-readable data:

If your personal data are processed by automated means based on your consent or for the purpose of performing our contractual relations, you have the right to request that we provide your personal data in machine-readable format for their transfer to another data Controller.

  1. Your right to object against the processing:

You have the right to object against the processing of your personal data based on the legitimate interest of the Data Controller or a third party. The Data Controller shall no longer process your personal data unless it is demonstrated that compelling legitimate grounds exist thereof, which override you interests and rights, or for the establishment, exercise or defense of  legal claims.

  1. Right to file a complaint before a supervising authority: 

If you believe that we are infringing the applicable legislation please do not hesitate to contact us in order to clarify any issue. You have the right to file a complaint regarding the processing of your personal data before the Commission for Personal Data Protection (CPDP) – 1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd. or at 

XIII. Resolving disputes and applicable law

In the case of any disputes the applicable law shall be the law of the Republic of Bulgaria and the courts of Sofia shall have exclusive jurisdiction.

 Any disputes between GRAND HOTEL MILLENNIUM SOFIA and the users of with respect to personal data may be resolved by negotiations between the parties. In the rather unlikely case of a legal dispute, it must be referred to the Commission for Personal Data Protection or directly to the competent court in the city of Sofia.

XIV. Changes to the current Privacy Policy and Personal Data Protection

Various circumstances may impose periodical changes and improvements to the current Privacy Policy. The changes shall enter into force after their publication at When visiting the webpage after the change in the Policy, you shall be bound by the new Privacy Policy.

For additional information, as well as with respect to exercising your rights you may reach us at the following contact information: 

Telephone +359-2-445-7487


Address: Sofia, Postal code 1463, 89V Vitosha Blvd.