Privacy Policy

Last updated: March 2026

1. Introduction

This Privacy Policy explains how “Flamingo Water park” Ltd. (hereinafter “Flamingo Water Park”) processes personal data when you use the website aquaparkbg.com and when you purchase tickets for Flamingo Waterparks locations.

2. Data controller

  • Name: “Flamingo Water park” Ltd.
  • Company ID: 207403205
  • Registered office: Bulgaria, Varna 9000, Odessos district, 41–43 Marko Balabanov Street, ground floor, office 1.1
  • Email: info@aquaparkbg.com
  • Phone: +359888900383
  • Website: aquaparkbg.com

3. What data we process

  • Identification data: name, email address, phone number (optional) when creating an account or purchasing a ticket.
  • Purchase data: ticket type, amount, payment method (we do not store full card numbers), date and time of the transaction.
  • Technical data: IP address, browser type, device information and language preferences – for security and service improvement.
  • Communications: content of enquiries by email or via contact forms.

4. Mandatory and voluntary data

Providing certain data (e.g. a valid email and the details required to issue a ticket) is necessary to conclude and perform the purchase contract. Without them we cannot process your order or issue a ticket. Other data (e.g. phone for contact) may be voluntary unless the law requires otherwise.

5. Purposes and legal bases

  • Contract performance – processing orders, issuing tickets and providing access.
  • Legal obligations – accounting, taxation and other regulatory requirements.
  • Legitimate interests – improving our services, preventing fraud and ensuring security.
  • Consent – marketing communications where you have explicitly subscribed, with the right to withdraw consent.

6. Cookies and similar technologies

We use the following categories of cookies and similar technologies; some may be set by third parties:

  • Strictly necessary – for basic site operation (e.g. language, session, security). Legal basis: legitimate interests / provision of the service.
  • Analytics – e.g. Google Analytics, to understand traffic and improve the site. Legal basis: consent where required.
  • Marketing / social – e.g. Meta Pixel or similar tools if implemented. Legal basis: consent.

You can control cookies via your browser settings. Some features may not work fully if cookies are disabled entirely.

Where applicable, you will be offered the ability to manage your consent through a cookie banner.

7. Recipients and transfers

  • We do not sell your personal data.
  • Data may be shared with processors (e.g. payment providers, hosting, IT support) who process information only on our instructions and under contract.
  • Some providers (e.g. analytics, payments, cloud) may be located outside the European Economic Area. Where data is transferred internationally, we apply appropriate safeguards under the GDPR (e.g. EU Standard Contractual Clauses or adequacy decisions), as applicable.
  • Disclosure to competent authorities – where required by law.

8. Data security

We implement appropriate technical and organisational measures, including access controls, encryption and restricted access to data, to protect personal data against unauthorised access, loss or misuse, in line with data minimisation and the principle of limiting processing.

9. Data retention

We retain personal data only as long as necessary for the purposes for which it was collected, or as required by applicable law. After that, data is deleted or anonymised.

10. Your rights

Depending on applicable law (including the GDPR), you may have the right of access, rectification, erasure, restriction of processing, data portability, objection to certain processing, and withdrawal of consent where processing is based on consent.

You have the right to withdraw consent at any time; withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

You have the right to object at any time to processing of personal data for direct marketing purposes.

You have the right to lodge a complaint with the supervisory authority:

Commission for Personal Data Protection (CPDP) – Bulgaria
www.cpdp.bg

11. Data protection officer (DPO)

Under applicable law, the company is not required to appoint a Data Protection Officer. For questions about personal data processing or to exercise your rights, please contact us at info@aquaparkbg.com.

12. Automated decision-making and profiling

We do not carry out automated decision-making with legal effects concerning you, and we do not apply profiling within the meaning of Article 22 GDPR in connection with tickets and online orders.

13. Related documents

The General Terms & Conditions are available at: aquaparkbg.com (General Terms & Conditions section).

14. Contact

For questions about this Privacy Policy or to exercise your rights:

This Policy may be updated from time to time. The current version is always available on the website.