Moma Restaurant



We, from Moma Restaurant, have respect for the inviolability of the private life of our customers and guarantee their personal data protection to the maximum level.

This Confidentiality and Data Protection Policy (hereinafter called Confidentiality Policy) aims to clarify the data we collect from you, how and why we process it. It is prepared and based on the current Bulgarian and European legislation in the field of personal data protection, including, but not only, in accordance with Regulation (ЕU) 2016/679 of the European Parliament and the Council regarding the data (the Regulation).

Please, carefully read this Confidentiality Policy before using website (the Website) or any of its functionalities, and before using the services we provide. If you do not want us to process your personal data in the way described in this Confidentiality Policy, please, do not give it to us.

If you have any questions or comments in connection to this Confidentiality Policy, please, contact us on the following e-mail:

 I. Who processes and is responsible for your personal data?

‘Tricolore’ OOD (hereinafter called ‘Tricolore’, ‘we’) is a company registered at the Commercial Register and Register of NPLE of the Registry Agency under UIC: 202917124, which collects, processes, and stores your personal data under the conditions of this Confidentiality Policy and which operates the business of MOMA Restaurant ‘Tricolore’ OOD is a personal data administrator under the Personal Data Protection Act and the Regulation. You can contact us in any of these ways:

Registered office: Blvd “James Bourchier” 76A, 1407 g.k. Lozenets, Sofia

Telephone: 0885 62 20 20


II. Categories of personal data we process:

  • Identification data – name and surname, Personal No. (only if you would like the issuance of an invoice in your name as a private entity);
  • Contact details – e-mail, telephone number;
  • Statistical data – IP address; visited websites; identifiers stores in ‘cookies’, locally, at the Website user; information about the browser/the information system.
  • Financial information ((only if you would like the issuance of an invoice in your name as a private entity) – bank account, VAT registration, etc., required by the current accounting and tax legislation.
  • Data about a legal representative or proxy of the legal entity – the above-mentioned data can be also collected about the representatives of the legal entity in case that the services are provided for legal entities and/or it is required to issue an invoice to a legal entity.
  • Booking data: booking data – day and time of the visit in Moma Restaurant, number of persons.
  • Physical images

III. Channels through which information and personal data is collected/Personal data source:

  1. The provision of your personal data is done completely voluntary by you through:
  • The Online Booking Form of the Website;
  • The Contact Form of the Website;
  • When you contact us on the telephone number we have provided on the Website;
  • Entering data in the Book of Praise and Complaints located on site, in Moma Restaurant;

! We do not require entering personal data in the Book of Praise and Complaints. You can give only your first name or a nickname, or you may not specify any individual information at all. In case that you give any personal data, you agree that we process it for the purposes of analysis and administration of the circumstances entered in the Book. This consent can be withdrawn at any time.

  • When you send us a request for issuing an invoice about the services you have used, in your name, or in the name of a legal entity you represent;
  • When you submit a signal, claim, or other communication to us.
  1. We can process data (a big part of it is not qualified as personal data), prepared and generated by us in the process of providing our services:
  • Data about the used end electronic communication device, the type of the device, the used operational system, IP address, location;
  • Booking data;
  • Information about the visits of the Website and the use of the Website, including operations and history about using the Website;
  • Video recording of a visit of Moma Restaurant
  1. When booking via platform;

While you are using platform, we receive the following booking data by Dineout OOD (the platform source): Name, surname, telephone number, e-mail, booking data.

Dineout OOD are an independent personal data administrator, who is responsible for the execution of the obligations under the Regulation. Your relations with Dineout OOD are settled separately, and we are not part of them.

IV. What purposes do we use your personal data for?

The main business activity of Tricolore is operating Moma Restaurant, located in the city of Sofia, 28 Solunska Str., and providing services through it. We process your personal data in order to be able to provide quality services and pleasant experience in Moma Restaurant. Our Website itself helps for the provision of these services and gives are the opportunity to reach more people.

Preliminary booking for Moma Restaurant is not an obligatory condition to enjoy the atmosphere and the meals, but it guarantees that you will have a table, prepared especially for you, on the day and at the time you wish. Feel welcome to visit the Restaurant even without booking, in which cases there would be no need to collect or process any information about you, including personal data.

V. Legal reason for processing your personal data:

  • for concluding or performance of agreements with us (in connection to the services we provide and you use) or in connection to preparing the conclusion of agreements with us;
  • for the execution of our legal obligations in connection to your order, like, for example: obligations in connection to our business activity; processing and administration of your grievances, signals, complaints, and praises; communication with competent authorities in connection to a signal or complaint you have submitted; tax and security control by the respective competent authorities; execution of our financial liabilities, etc.;
  • for protection of our legitimate interests:
    • when using the contact form and the contact telephone number: making our services easier to use and increasing the quality of our services;
    • when processing and administering your grievances, signals, complaints – increasing the quality of our services;
    • With video recordings: we guarantee the protection of our and our customers’ and visitors’ possessions and their security.
  • Your explicit consent – when entering your data in the Book of Praises and Complaints;

VI. How long do we store your data?

We store your personal data for up to 2 months after the booked visit.

Provided that the personal data is processed in connection to administering a signal, a grievance, a claim, or any other inspection, this personal data shall be processed within a period of 3 months after the date of the final completion of the procedure (including with a valid act, if there is such).

The personal data processed in connection to the issuance of accounting/financial documents for the performance of tax and social security control, including for, but not limited to, the issuance of invoices, debit or credit notices, shall be stored within the term foreseen in the applicable legislation for storing such documents.

Data from video recordings from CCTV cameras – within XXX days after the creation of the recordings.

The personal data can be stored for a period longer than the above-mentioned one, in cases of an occurred legal dispute, by the time of its final solution, with a valid court judgement/arbitration award.

The personal data, entered into the Book of Praises and Complaints is stored by the end of January of the year, following the calendar year for which it was entered, or by the time the given consent is withdrawn (if this happens earlier).

VII. Where do we store your data?

The data we collect from you are stored within the European Union and the European Economic Area (EEA), as currently it is stored only on the territory of the Republic of Bulgaria.

Based on the available information as of the date of this notice, we (in our capacity of Personal Data Administrator), do not transfer your personal data out of the European Union.

Each change of the above-mentioned information shall be specified with a revision of this Confidentiality Policy.

VIII. Categories of third parties who can have access and process your personal data

Your personal data provided to third parties shall be used only for the provision of the services specified herein.

  • Persons, who, under the assignment of the data administrator, support equipment or software, used for processing your personal data, as well as such who provide services on storage of data on external server (the so-called cloud services);
  • Our partners/providers of services/consultants who help us provide quality services to you and legally operate the business activity of MOMA Restaurant, like, for example: IT services providers, marketing specialists/agencies, accounting services providers, lawyers, specialists on issues for personal data protection, consultants, notaries public, etc.;
  • Organs, institutions, and persons who we are obliged to provide your personal data under the current legislation;
  • Banks and financial institutions servicing the payments you make to us;
  • Internet platforms specialized in restaurant booking, like, for example, (operated by Dineout OOD).

Please, note that some of those companies have the independent right or obligation to process your personal data.

IX. Your Rights in connection to processing your personal data

1.General rights

At any moment within the period we store or process your personal data, you have the following rights:

  • to ask us for a copy of your personal data and right of access, at any time, to the personal data, as well as for provision of information why we are processing it;
  • to ask us to correct, without any unreasonable delay, any of your incorrect personal data, or any data which is not actual anymore;
  • if there are any available prerequisites, you can ask us to provide your personal data to you in a form convenient to be transferred to another personal data administrator, or to ask us to do it, without any obstacles from us (the right to data transferability);
  • to ask us to erase your personal data, without any unreasonable delay, provided that any of the legal reasons for that are present;
  • to ask us to limit the processing of your personal data, as, in that case, your data shall be only stored, but not processed. Our refusal for such limitation shall be done explicitly in writing, as we shall be obliged to motivate it with a legal reason;
  • to withdraw your consent for processing your personal data, at any time, with a separate request submitted to us, provided that the processing is under a given consent;
  • to object against the processing of your personal data in the cases when such processing is based on our legitimate interest, and, if your objection is reasonable, we shall discontinue the processing of your personal data;
  1. You have the right of a claim to the control authorities

In connection to your personal data processing, you have the right to submit a claim to the control authorities, as the competent authorities connected to this are the Commission for Personal Data Protection, address: 1592, the city of Sofia, 2 Prof. Tsvetan Lazarov Blvd. (

  1. Automated decision-making

We do not use your personal data for automated decision-making, including for profiling, which will arise any legal consequences for you or will concern you to a significant extent.

  1. How can you exercise your rights?

4.1. If you have any questions or you would like to exercise your rights connected to your personal data processing for any of the purposes or for any of the cases specified herein, you can contact us on the following contacts:


Address: Solunska str 28, Sofia, Bulgaria

4.2. The requests addressed to Tricolore OOD, in accordance with this Policy, must contain at least as follows:

– name, address or other data for identification of the respective private entity;

– description of the request;

– the preferred form for providing the information;

– signature, date of submitting the application, and mailing address.

4.3. We answer all the questions, signals and claims of data subjects, in accordance with the rules of the current legislation. Please, note that before we answer your claim, we are obliged to identify the person who has submitted the claim, so that we make sure in his/her right to submit it.

4.4. We shall inform you about our answer and the measures we have undertaken, without any unreasonable delay, but in all the cases, no later than 30 days after receiving the claim.

4.5. Tricolore EOOD shall notify the private entity who has submitted the request about its settlement or about the motivated refusal to settle the request. The notification shall be sent by Tricolore EOOD to the private entity, in the way specified as preferred for providing the information, and, in case that there is no such, by mail, with a registered letter, or personally, against signature.

  1. Can you refuse to provide your personal data and what are the consequences from this?

Personal data processing is based on your voluntary provision of data. You can use the services of the Restaurant without providing personal data by visiting it on site. However, in case that you would like to make use of any of the concomitant services (like preliminary booking of a table) or you would like to execute your right of grievance, signal or complaint, or to have an invoice issued, then, we need your personal data to identify the party which makes the respective request/application, so as to be able to meet your requirements.

X. Log files

Like in most websites, the Website collects data in log files. This information contains your IP, which browser you use (like Mozzilla, IE, Chrome, etc.), the operating system (Linux, Windows, iOS), when you have visited our website, and the visited websites. We reserve the right to use the IP addresses of the users in order to find their identity in the cases when it is necessary to execute the law.

XI. Connection to other websites

Occasionally, the Website may contain links/references (hyperlinks) to other websites. We do not operate the connected websites and do not approve the contents, services or the products of these websites. We are not responsible for the confidentiality policies or the contents of these websites and we advise you that you have a look at their confidentiality policies.

XII. Confidentiality Policy of ‘the Cookies’

In order to make the Website work in accordance with the functionality set by the staff, as well as to personalize your visits, we sometimes keep some small data files on your device, called ‘cookies’. This is a standard practice which is extensively used almost in all the websites around the world. You can find detailed information on what cookies are and how and which cookies we use, as well as how you can control or erase the cookies, in our Cookies Policy, published on our Website.

Please, note that blocking some of the cookies may reflect the way in which the website functions, which may also lead to disturbed functionality of the website.

XIII. Revisions of the Confidentiality Policy

It is possible that we occasionally update our Confidentiality Policy. In any such revision of the current policy, our website will have a published announcement and an updated Confidentiality Policy. Any revisions and supplements in our Confidentiality Policy shall be applied only after its updated contents is published and accessible through our Website. Provided that the changes of the Confidentiality Policy are essential, we may prefer to send a personal message via e-mail to each one of you, with a link to the new/updated policy, so that we make sure you will be familiarized with the changes.