We are pleased that you have visited our website and are interested in our services. Therefore, we take the protection of your privacy and the personal data that you share with us very seriously. The aim of this Privacy Policy Statement is to provide you with sufficient information laid out in a clear, straightforward manner as to the type of data that we collect, the purposes we collect it for, and the way we keep and protect it. In case you wish to discuss this matter in even greater detail than described below, please do not hesitate to contact us at:
Data Controller
Roombites Ltd
6 Doctor Anastasia Zhelyazkova Str
9010 Varna, Bulgaria
phone: 00 359 52 995 964
email: info@roombites.com
- natural persons - visitors of our websites;
- natural persons that have sent an enquiry via the event pages of our websites;
- natural persons that have submitted an enquiry via the "contact us" form on our websites;
- natural persons that have made a phone enquiry;
- natural persons that have made an email enquiry;
- natural persons that have made a fax enquiry;
- natural persons that have made an enquiry via the social platforms;
- natural persons that have made a complaint, a recommendation or objection via our websites, email addresses, phone or fax numbers;
- natural persons that represent our hotel partners;
- natural persons that represent our B2B partners;
- natural persons that represent our hotel inventory aggregator partners;
- natural persons that represent our service providers, including our web hosting providers, our cloud file hosting service providers, web development providers, email marketing service providers, payment processing providers;
- natural persons that are existing customers;
A cookie (also called web cookie, Internet cookie, browser cookie, or simply cookie) is a small piece of data sent from a website and stored on the user's computer by the user's web browser while the user is browsing.
This website uses the following types of cookies:
1. Necessary - necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
The name of the cookie used is "PHPSESSID", the provider is roombites.com, and it expires with the end of your session. The cookie’s purpose is to preserve the user’s session state across page requests. The data is sent to a webserver in Italy.
2. Statistic - statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously. The statistic cookies used on this website are:
2.1. _ga - it registers a unique ID that is used to generate statistical data on how the visitor uses the website. The provider is roombites.com and it expires in 2 years. The data is sent to a server in Italy.
2.2. _gat - it registers a unique ID that is used to generate statistical data on how the visitor uses the website. The provider is roombites.com and it expires with the end of your session. The data is sent to a server in Italy.
2.3. collect – it is used to send data to Google Analytics about the visitor's device and behaviour. It tracks the visitor across devices and marketing channels. The cookie is provided by google-analytics.com and it expires with the end of your session. The data is sent to the United States. For additional details, please check the next section of our Privacy Policy - Data protection declaration for the use of Google Analytics
This website uses Google Analytics. This tool employs “cookies”, which are text files that are stored on your computer and make it possible to analyze how you are using the website. The information created by the cookie concerning your use of this website is normally transferred to a Google server and stored there. The activation of IP anonymisation on this website with the code “anonymizeIp” means that your IP address is, however, shortened by Google within the member states of the European Union or in other states that are signatories of the Agreement on the European Economic Area.
Only in exceptional cases is the complete IP address transferred to a Google server and shortened there. Google uses this information at the request of, and on behalf of, the operator of this website to evaluate your use of the website, to create reports on the website activities, and to provide the website’s operator with additional services connected with the use of the website and the Internet.
You can prevent the storage of the cookies by carrying out a corresponding setting in your browser software; however, we expressly inform you that in this case, you may not be able to use the full scope of all of the features of this website. In addition, you can disable the cookie’s sending of the data it has created concerning your use of this website (including your IP address) to Google and the processing of this data by Google if you download and install the browser plug-in that is available under the following link: https://tools.google.com/dlpage/gaoptout?hl=en
Further information concerning the terms and conditions of use and data privacy can be found at
https://www.google.com/analytics/terms/us.html
https://policies.google.com/?hl=en
Apart from the information collected via Google Analytics, we collect personal data on the following occasions:
1. When you submit an online enquiry via our website, you may be asked to enter your name, email address and phone number. The requested data is in line with the European data protection legislation, which sets out the so-called lawful basis for processing such data. The purpose is to provide you with the services that you requested via this website. The legal basis for processing of personal data is Art. 6(1) lit. a of GDPR. Any additional personal details that you decide to share with us are entirely at your discretion and we cannot be held liable for those!
Submitting an online enquiry via our website means that the following information will be stored on our servers:
1.1. Date, time and length of your visit to one of our web pages;
1.2. The action carried out on our website;
1.3. From which server and which website you accessed the site;
1.4. Name of the event/trade fair that you are enquiring about;
1.5. Name(s) of your preferred hotel(s), star rating and location;
1.6. Number and types of rooms needed;
1.7. Dates of check-in and check-out;
1.8. Details of the person submitting the enquiry – company name, contact person name, contact email address, phone number and any extra information that you have decided to share with us;
1.9. Your target budget.
2. When you book a hotel online on www.roombites.com you may be asked to enter your name, email address, phone number, billing and credit card details. Please note that all payment transactions are carried out via an external payment gate and are not stored on our servers. The legal basis for processing of personal data is Art. 6(1) lit. b of GDPR. The purpose is to provide you with the services that you requested via this website.
3. When you reach out to us via the “Contact us” form on our website, you may be asked to enter your name, email address and phone number. Any additional personal details that you decide to share with us are entirely at your discretion and we cannot be held liable for those! The legal basis for processing of personal data is Art. 6(1) lit. a of GDPR. The purpose is to provide you with the services that you requested via the contact form of this website.
4. When you subscribe to our newsletter, you may be asked to enter your name, email address and your mailing preferences. The legal basis for processing of personal data is Art. 6(1) lit. a of GDPR. The purpose is to provide you with the services that you requested via this website.
5. When you send us an email directly, a letter by post or a fax, we collect, process and use your personal data to help us provide our services and conduct any necessary correspondence. The legal basis for processing of personal data is Art. 6(1) lit. f of GDPR. The purpose is to provide you with the services that you requested.
6. When you decide to opt for an offline credit card payment with us, you may be required to provide us with your name, email address, phone number, company details, and billing information as well as credit card details. Please note that these will be stored as long as requested by the bank providing us with the POS unit used to carry out the transaction. The legal basis for processing of personal data is Art. 6(1) lit. b and c of GDPR. The purpose is to provide you with the services that you requested and to fulfil our contractual obligations with our payment service providers.
7. When you decide to post your comment/provide feedback, you may be required to provide us with your name, your position, your company name, your email address, the event/trade fair you have visited, and the hotel you have stayed at, as well as any additional information that you have decided to share. The legal basis for processing of personal data is Art. 6(1) lit. a of GDPR. The purpose is to share your feedback with the users of our website.
8. When you decide to give us a call over the phone, you may be required to provide your company name, contact person name, contact email address, phone number, name of the event/trade fair that you are enquiring about, name(s) of your preferred hotel(s), star rating and location, number and types of room needed, dates of check-in and check-out, and your target budget, as well as any additional information that you find relevant to your enquiry. The legal basis for processing of personal data is Art. 6(1) lit. f of GDPR. The purpose is to provide you with the services that you requested over the phone. Please note that we do not record the phone calls.
9. When a colleague of yours or a business associate is making an enquiry on your behalf, we might ask for your company name, your name, your contact email address, phone number, name of the event/trade fair that your colleague/business associate is enquiring about on your behalf, name(s) of your preferred hotel(s), star rating and location, number and types of room needed, dates of check-in and check-out, and your target budget as well as any additional information that your colleague/business associate finds relevant to the enquiry. The legal basis for processing of personal data is Art. 6(1) lit. f of GDPR. The purpose is to provide you with the services that your colleague/business associate requested on your behalf.
We keep the personal data that we collect about you for different periods of time, depending on the purpose of data collection as well as the lawful requirements, as follows:
1. The information that you provide when you contact us/submit an enquiry via our website (name of the event/trade fair that you are enquiring about, name(s) of your preferred hotel(s), star rating and location, number and types of room needed, dates of check-in and check-out, details of the person submitting the enquiry, company name, contact person name, contact email address, phone number, your target budget and any extra info that you have decided to share with us) is kept for 60 months.
2. The information that you provide when you contact us via email/phone/fax (name of the event/trade fair that you are enquiring about, name(s) of your preferred hotel(s), star rating and location, number and types of room needed, dates of check-in and check-out, details of the person submitting the enquiry, company name, contact person name, contact email address, phone number, your target budget and any extra info that you have decided to share with us) is kept for 60 months.
3. The information collected by Google Analytics is kept for 26 months for statistical purposes, which help us understand better how you interact with our website.
4. The credit card details which you have submitted when opting for an offline payment are stored for 36 months, as required by our bank partners for the purpose of handling refunds, chargebacks, and disputes.
5. The personal data that we collect when you make/amend/cancel a reservation is kept for 60 months.
6. The personal data we collect when you subscribe to our newsletter is kept until you decide to opt-out of the newsletter service or exercise any of your rights.
7. When you decide to post your comment/provide feedback on our website, you have given your explicit consent to collect your personal data and post it on our website. This data is kept for 60 months.
We have implemented technical and organisational measures in order to protect the personal data that you have made available to us from loss, destruction, manipulation and unauthorised access.
The protection and safe-guarding of your personal data is very important to us and we implement various security safeguards to protect your data, including:
1. Encryption, such as the use of SSL certificates where personal data is transferred over the internet.
2. Regular reviews of our processes for collecting, storing and processing your personal data.
3. Restricting access to your personal data to authorised users only. This includes the use of physical security measures.
The nature of our business activities suggests data transfer to third parties/countries.
In order to execute your hotel booking, we need to transfer your name either to the hotel directly, to one of the B2B booking engines or to one of the hotel inventory aggregators that we work with. No additional information shall be passed on without your explicit consent! This means that we transfer only the minimum required personally identifiable information (PII) necessary to carry out our business activities. The legal basis for the processing of personal data is Art. 6(1) lit. b of GDPR - the performance of a contract where the traveller is a contracting party.
Financial transactions relating to our services are handled by our payment service providers. We will share transaction data with our payment service providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
We transfer data to our service providers such as hosting providers, cloud file hosting service providers, web development providers, email marketing service providers and payment processing providers. The purpose is to provide you with the services that you requested. The personal data processed internally by these data processors is protected by appropriate technical and organisational security measures as required by GDPR or the country local legislation in the cases where the data processor’s location does not fall within the GDPR legislation.
In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.
Under the General Data Protection Regulation, you have the following rights:
1. Right of access - you have the right to obtain from us confirmation as to whether or not personal data concerning yourself is being processed, and, where that is the case, access to the personal data and the following: the purpose of processing, the categories of personal data concerned, the recipients to whom personal data have been or will be disclosed, and the envisaged period for which the personal data will be stored (if possible). You may request a copy of the personal data undergoing processing.
2. Right of rectification - you have the right to obtain from us without undue delay the rectification of inaccurate personal data concerning yourself.
3. Right to erasure (‘right to be forgotten’) - you have the right to obtain from us the erasure of personal data concerning yourself without undue delay where one of the following grounds applies:
3.1. The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
3.2. You withdraw consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
3.3. You object to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2);
3.4. The personal data have been unlawfully processed;
3.5. The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject;
3.6. The personal data have been collected in relation to the offer of information society services referred to in Article 8(1).
4. Right to restriction of processing - you have the right to obtain from us restriction of processing, where:
4.1 The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data; or
4.2 The processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
4.3. We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims; or
4.4. You have objected to processing pursuant to Article 21(1), pending the verification whether our legitimate grounds override yours.
5. Right to data portability - you shall have the right to receive the personal data concerning yourself, which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from us, where the processing is based on consent pursuant to point (a) of Article 6(1) or point (a) of Article 9(2) or on a contract pursuant to point (b) of Article 6(1), and the processing is carried out by automated means.
6. Right to object - you shall have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data concerning yourself which is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.
6.1. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning yourself for such marketing, which includes profiling to the extent that it is related to such direct marketing.
6.2. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
7. Automated individual decision-making, including profiling
7.1. You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you, or, similarly, significantly affects you unless it is necessary for entering into, or performance of, a contract between you and us, or it is authorised by Union or Member State law to which we are subject, and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or is based on your explicit consent.
8. Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you shall have the right to lodge a complaint with a supervisory authority, in particular, in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data infringes this regulation.
9. You shall have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing, based on consent before its withdrawal.
The personal data that you have provided to us will only be used for direct marketing after your explicit consent. You can exercise any of your rights listed in this privacy policy at any given moment, e.g., you can withdraw your consent at any given time.
If you would like to subscribe to our free newsletter, we need your email address. You will receive a confirmation email from us after you submit the registration form. The subscription becomes effective only after you have clicked on the link in the confirmation email. You can unsubscribe from the newsletter at any time. Your email address is then removed from the distribution system by setting a permanent command for excluding any further messages from us.
The data processing is considered lawful only if and to the extent that at least one of the following applies:
Article 6(1)a - you have given consent to the processing of your personal data for one or more specific purposes.
Article 6(1)b - processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.
Article 6(1)c - processing is necessary for compliance with a legal obligation to which we are subject.
Article 6(1)d - processing is necessary in order to protect the vital interests of the data subject or of another natural person.
Article 6(1)e - processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (us).
Article 6(1)f - processing is necessary for the purposes of the legitimate interests pursued by the controller (us) or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject (you) which require protection of personal data, in particular where the data subject is a child.
We process personal data on the grounds of Article 6(1)a with the following purposes:
- to promote the quality of our service by publishing customer feedback on our websites, including the personal data which you have consented to provide;
- to provide our services when you contact us;
- to carry out communication regarding our services, e.g., hotel bookings
- to provide regular newsletters as requested by you.
We process personal data on the grounds of Article 6(1)b with the following purposes:
- to execute your booking, make an amendment or cancel your booking as requested by you;
- to accept the payment for your booking, so that we can provide you with our services;
- to communicate to the hotel/B2B supplier/hotel inventory aggregator your special requests concerning your booking.
We process personal data on the grounds of Article 6(1)f with the following purposes:
- to better understand how people interact with our websites;
- to carry out communication with an already existing or a potential customer including but not limited to email communication concerning the service that we provide;
- to identify and prevent fraud;
- to handle complaints;
- to enhance the security of our network and information systems;
- to provide postal communications / direct marketing which we think will be of interest to you or can benefit you;
- to determine the effectiveness of promotional campaigns and advertising.
The supervisory authority in Bulgaria is the Commission for Personal Data Protection.
Our website has links to Facebook, Twitter, and LinkedIn. Please note that no personal data is being collected via the links unless you decide to log into the respective social media right after following us. In this case, we strongly suggest that you get acquainted with the privacy policy of the respective social media:
https://www.facebook.com/policy.php
https://twitter.com/en/privacy
https://www.linkedin.com/legal/privacy-policy
Note that we may update this policy occasionally and a new version of it will be published on our website. We recommend you visit this page to ensure you are up to date with its content. In some specific cases, we may notify you of changes to this policy by email.