Group Viva!

Turkey English Bulgarian Czech


VIVA! CASINO SOFIA, held and managed by ANGLO-BOLKAN LTD., UIC 831119989, having its registered office and address of management at Sofia, 5, Sveta Nedelya Square, in the building of SOFIA HOTEL BALKAN AD

1. General Provisions

According to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, this Personal Data Protection Policy for the visitors to Viva! Casino, held and managed by Anglo-Bolkan Ltd., was developed and entered into force on 25 May 2018. This policy sets out the basic principles of the processing of personal data, their collection, storage and record keeping, and determines the necessary technical and organizational measures to protect personal data from unauthorized processing.

Anglo-Bolkan Ltd. (the Company) guarantees that the security of the personal data of our visitors is of primary importance for preserving the reputation of Viva! Casino. For this purpose, we have put in place various procedures and mechanisms to ensure the privacy by providing safeguards against unauthorized personal data processing. Personal data collection, processing and storage complies with all legal and regulatory rules governing how these actions are to be performed and what measures to protect personal data must be applied.


“Personal data” is any information related to the identification of a natural person. All data, which the Company collects, processes and stores, are necessary to comply with the legal obligation applicable to the Company.

“Controller” is a natural person or legal entity, public body, agency or other organization, which, alone or jointly, defines the purposes and means of personal data processing.

“Personal Data Processor” is a natural person or legal entity, public body, agency or other organization, which processes personal data in the name of the controller.

“Data Subject” is a natural person (client, potential client, employee etc.)

“Personal Data Processing” is any action or combination of actions that may be performed in respect of any personal data by automatic or other means, such as collecting, recording, organizing, storing, modifying, retrieving, consulting, using, disclosing by transmission, communicating or other data disclosing, arranging or combining, limiting, deleting or destroying. Personal data are collected for specific, exactly determined and legitimate purposes and are processed in a lawful, fair and transparent manner.

“Recipient” is a natural person or legal entity, public body, agency or other organization, to which personal data are disclosed, irrespective of whether it is a third party or not; the processing of such data by these public authorities complies with the applicable data protection rules, according to the purposes of the processing.

“Third Party”is a natural person or legal entity, public body, agency or other organization, other than the data subject, administrator, personal data processor and the parties, which have the right to process the personal data under the direct supervision of the controller or personal data processor.


Personal data processing also involves providing access to certain information only to employees, whose duties require such access. This is done under the management and control of the data protection officers of the Company.

The Company collects, processes and stores the following data: names, personal identity number, date of birth, identity document number, date and place of issuance of the identity document, residence address, telephone number / email, photograph for issuance of a membership card, taking a copy of identity document or passport, CCTV records. The Company is registered under the Gambling Act as an organizer of gambling games in a casino with a valid certificate of a license issued. Personal data are processed according to the legal obligation applicable to the Company according to the Gambling Act, as well as in relation to the prevention of money laundering and financing of terrorism (Internal Rules adopted according to the Measures Against Money Laundering Act and the Law on the Measures against Financing of Terrorism). In the Company, protection of natural persons applies to both automatic and manual processing of personal data, as personal data are stored in a personal data register, according to the Gambling Act.

  • Identification of the controller;
  • Accountability principle;
  • Purposes of processing;
  • Categories of personal data recipients;
  • Categories of subjects, whose data are being processed;
  • Description of technical and organizational measures;
  • Terms of storage.

As to maintain security and prevent the possibility of improper processing, the controller (the Company) assesses the risks associated with the processing and takes measures to limit these risks through timely prevention and elimination of the occurring problems.


The Company does not process data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in trade unions, genetic data, biometric data, health status, sexual orientation. In compliance with Bulgarian and European law, including Regulation (ЕU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation - GDPR) on the protection of personal data, you may exercise the following rights:

  • The right to access the personal data that the Company processes for you and get a copy thereof;
  • Right to ask the Company to correct any inaccuracies, if you find any, or update your personal information by sending an email to dposofia@groupviva.com right to deletion;
  • The right to request blockage of your personal data or limitation of the processing of your personal data in the cases specified by the law and the Regulation;
  • The right to request deletion, i.е. erasure of your personal information, if the conditions for such actions are met;
  • The right to object to the processing of your personal data for the purposes of direct marketing;
  • The right to object to the provision of your personal data to any third parties;
  • The right to request the portability of your personal data in a structured, machine-readable format, which is commonly used;
  • The right, wherever you wish, to withdraw your consent, by which you have agreed to have your personal data processed for the purposes, for which you have given the consent;
  • The right of refusal in automated decision making and profiling;
  • The right to file a complaint or request for protection of your rights with a Personal Data Protection Commission, if there are any reasons for that.

Each data subject freely gives his/her consent to the processing of his/her personal data, which is necessary for the compliance with the legal obligation of the Company as a personal data controller within the legal term.

Each client, a personal data subject, gives his/her informed consent to provide his/her personal bank account for payment of profits at Viva! Casino, according to the provisions of the Gambling Act.

Each data subject has the right to access his/her personal data processed by the Company. This is done by filling in a form for requesting personal data within a regulated period without undue delay.

Each client, a personal data subject, gives his/her consent or refusal to be notified of any future events organized by Viva! Casino , by providing contact details


The Company, as a personal data controller, complies with the principles of fair, lawful and transparent personal data processing. The personal data are processed only for specific, explicitly stated purposes, according to the legal provisions applicable in the Republic of Bulgaria.

The personal data collected must be accurate and kept up-to-date. For this purpose, a regular review is carried out and the inaccurate personal data are corrected or deleted.

Personal data and documents of transactions and operations are kept within the lawful period of 5 years. The term starts as of the beginning of the calendar year, the following year of their occurrence. According to the measures to prevent money laundering, this period may be extended to 7 years upon written instruction.

CCTV records are kept for 30 calendar days. They may be kept for a longer period, when they will be used as evidence of a crime or irregularity.

The high level of security and confidentiality of personal data processing is guaranteed by strict rules and levels of access to personal data through the necessary technical equipment for prevention of unauthorized access.

Personal data are not provided to any third countries or international organizations. Personal data recipients are public bodies with lawful objectives regulated by the Gambling Act, Measures Against Money Laundering Act and the Law on the Measures against Financing of Terrorism.


As organizer of gambling games in 24-hour working casino, the Company performs daily processing of personal data that require regular and systematic large-scale monitoring. Hence, personal data protection officers give regular instructions to the employees, who process personal data.

The personal data protection officers Sevdi Sadula and Lyubomir Todorov are available to the clients and employees on any occasions related to personal data protection. Contact details - email: dposofia@groupviva.com, телефон: +359/2 986-35-01


The Company maintains and updates documentation on the activities related to personal data processing. The personal data protection officers cooperate with the supervising authority in the performance of the obligations above and provide access to the documentation upon request.

Group Viva!© 2019. All Rights Reserved.