Privacy Policy

1. Introduction

Welcome to Nesebar. We value your privacy and are committed to protecting your personal data.

This Privacy Policy describes how we collect, use, store, and protect your information in accordance with GDPR and Bulgarian law.

2. Data Controller

The data controller for your personal information is:

3. Data We Collect

3.1. Account Information

• Name and surname
• Email address
• Phone number
• Password (encrypted)

3.2. Booking Information

• Check-in and check-out dates
• Number of guests
• Special requests
• Payment information

3.3. Property Information (for hosts)

• Property details and descriptions
• Photos
• Location
• Pricing

3.4. Technical Data

• IP address
• Browser type and version
• Device information
• Cookies and similar technologies

4. Legal Basis for Processing

We process your personal data on the following legal bases:

• Contract execution - to provide booking services
• Consent - for marketing communications
• Legal obligation - for tax and accounting purposes
• Legitimate interest - to improve our services

5. How We Use Your Data

We use your personal information to:

• Provide our booking services
• Process and manage bookings
• Communicate with you about your bookings
• Provide customer support
• Improve our platform
• Send marketing communications (with your consent)
• Comply with legal obligations

6. Data Sharing

We may share your information with:

• Hosts/Guests - to facilitate bookings
• Service providers - for payment processing and analytics
• Legal authorities - when required by law

We never sell your personal data to third parties.

7. International Transfers

Your data is primarily stored on servers within the European Union. If we transfer data outside the EU, we ensure adequate protection through standard contractual clauses.

8. Data Security

We implement appropriate security measures to protect your data:

• SSL/TLS encryption for data transmission
• Encrypted storage of sensitive information
• Access controls and authentication
• Regular security monitoring and updates

9. Data Retention

We retain your personal data for:

• Account data - as long as your account is active
• Booking data - 7 years (for tax purposes)
• Marketing data - until you withdraw consent

After the retention period, we securely delete or anonymize your data.

10. Your Rights

Under GDPR, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request data deletion ("right to be forgotten")
• Restrict processing
• Data portability
• Object to processing
• Withdraw consent at any time

To exercise these rights, contact us at

11. Cookies

We use cookies to improve your experience on our platform.

• Essential cookies - necessary for platform functionality
• Analytics cookies - to understand how you use our site
• Marketing cookies - to show relevant ads (with your consent)

You can manage cookie preferences in your browser settings.

12. Children's Privacy

Our services are not intended for children under 18. We do not knowingly collect data from minors. If you believe we have collected such information, please contact us.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or platform notification. Continued use after changes means acceptance of the new policy.

14. Complaints

If you have concerns about how we handle your data, you can file a complaint with:

15. Contact

For privacy-related questions, contact us: