GDPR
General regulation on data protection
GDPR
Privacy policy
Reasons and purposes for which we use the protection of personal data
We process your personal data on the following grounds:
fulfillment of its contractual obligations to the Users
direct marketing, which is carried out by the contractors of the tourist advertising portal Holidays Bulgaria
The tourist portal processes the personal data of the users on the basis of the contract concluded between the User and the Site Holidays Bulgaria.
The user agrees to the processing of his personal data for the purposes of direct marketing by marking a checkbox.
The user can withdraw from the given consent at any time by marking a checkbox, which is located
The personal data of the Users are stored for a period of 2 years.
The site collects and uses the information for the purposes of:
. management and execution of your request and provision of the requested service;
to provide you with the necessary complete service, as well as to collect the amounts due for the used subscription;
maintaining correspondence in connection with reservations, processing requests, reporting problems, etc.
notification of everything related to the services you use with us;
customer history analysis;
identify and / or prevent illegal actions or actions contrary to our terms of service;
Data we process on this basis:
Based on the contract concluded between us and you, we process information on the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:
personal contact details – email address, phone number;
identification data – the three names
data on the reservations made;
correspondence in connection with the overall service – e-mail, letters, information about your requests for troubleshooting, complaints, requests, complaints, feedback that we receive from you;
o other information such as:
Information from your actions on the site;
Created a unique user number;
IP address
Profile data on social networks
Demographics
The processing of the specified personal data is mandatory for us so that we can conclude the contract with you and fulfill it. Without providing us with the above information, we would not be able to fulfill our obligations under the contract.
We provide personal data to third parties
We provide your personal data to third parties, and our main goal is to offer you quality, fast and comprehensive service. We do not provide your personal data to third parties until we are sure that all technical and organizational measures have been taken to protect this data, and we strive to exercise strict control over the implementation of this goal. In this case, we remain responsible for the confidentiality and security of your data.
We provide personal data to the following categories of recipients (data controllers):
contractors;
persons who, on assignment, maintain equipment, software and hardware used for the processing of personal data and necessary for the activity of the company;
When we delete data collected on this basis
We delete the data collected on this basis 2 years after the termination of the contractual relationship, regardless of whether due to the expiration of the contract, cancellation or other grounds.
FOR FULFILLMENT OF REGULATORY OBLIGATIONS
It is possible that the law provides for an obligation for us to process your personal data. In these cases we are obliged to carry out the processing, such as:
Obligations under the Tourism Act and the Anti-Money Laundering Measures Act;
Providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;
Providing information to the Commission for Personal Data Protection in connection with obligations provided for in the legislation for personal data protection;
Providing data to third parties
When there is an obligation for us by law, it is possible to provide your personal data to the competent state authority, natural or legal person.
AFTER YOUR CONSENT
We process your personal data on this basis only after your explicit, unambiguous and voluntary consent. We will not foresee any adverse consequences for you if you refuse to process personal data.
Consent is a separate basis for the processing of your personal data and the purpose of the processing is stated in it, and does not overlap with the purposes listed in this policy. If you give us the relevant consent and until its withdrawal or termination of any contractual relationship with you, we prepare suitable for you offers for products / services, performing detailed analyzes of your basic personal data;
CONSUMER RIGHTS
Each User of the site enjoys all rights to personal data protection under Bulgarian law and European Union law. Each User has the right to:
Awareness (in connection with the processing of personal data by the administrator);
Access to your own personal data;
Correction (if data is inaccurate);
Deletion of personal data (right to be forgotten);
Restriction of processing by the controller or processor of personal data;
Portability of personal data between individual administrators;
Objection to the processing of his personal data;
The data subject is also entitled not to be the subject of a decision based solely on automated processing, including profiling, which has legal consequences for the data subject or similarly affects him to a significant extent;
Right to judicial or administrative protection in case the data subject’s rights have been violated.
The user may request deletion if one of the following conditions is true:
Personal data are no longer needed for the purposes for which they were collected or otherwise processed;
The user withdraws his consent on which the data processing is based and there is no other legal basis for the processing;
The data user objects to the processing and there are no legal grounds for processing to take precedence;
Personal data has been processed illegally;
Personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller;
Personal data have been collected in connection with the provision of information society services to children and the consent has been given by the parent responsible for the child
The user has the right to restrict the processing of his personal data by the administrator when:
Challenge the accuracy of personal data. In this case, the restriction of processing is for a period that allows the controller to verify the accuracy of personal data;
The processing is illegal, but the User does not want the personal data to be deleted, but instead requires restricting their use;
The Administrator no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise or protection of legal claims;
objects to the processing pending verification of whether the legal grounds of the administrator take precedence over the interests of the User.
Personal data we have received from third parties
We do not receive personal data from third parties.
Right of portability.
The data subject has the right to receive the personal data concerning him and which he has provided to the controller in a structured, widely used and machine-readable format and has the right to transfer this data to another controller without hindrance from the controller. data are provided when the processing is based on consent or a contractual obligation and the processing is carried out in an automated manner. When exercising its right to data portability, the data subject is also entitled to receive the direct transfer of personal data from one controller to another where this is technically feasible.
Right to object.
Users have the right to object to the controller against the processing of their personal data. The controller of personal data shall be obliged to terminate the processing, unless he proves that there are convincing legal grounds for the processing, which take precedence over the interests, rights and freedoms of the data subject, or for establishing, exercising or defending legal claims. In the event of an objection to the processing of personal data for the purposes of direct marketing, the processing should be stopped immediately.
Complaint to the supervisory authority
Each User has the right to file a complaint against illegal processing of his personal data to the Commission for Personal Data Protection or to the competent court.
OBLIGATIONS OF THE PERSONAL DATA ADMINISTRATOR:
The personal data controller has the following responsibilities:
Process the data in accordance with the principles of personal data protection set out in the Regulation, being able to prove this (accountability);
Provides data protection at the design stage and by default;
Notifies the supervisory authority and the data subject in case of breach of personal data security, as well as documentation of any breach of personal data security, incl. the facts related to the violation, the consequences thereof, the actions taken to address the violation;
Performs data protection impact assessment;
Apply appropriate technical and organizational measures to ensure data security, such as:
Pseudonymization;Encryption;
Ensuring constant confidentiality, integrity, availability and sustainability of processing systems and services;
Timely restoration of the availability and access to personal data in case of a physical or technical accident;
Regular testing, evaluation and evaluation of the effectiveness of technical and organizational measures;
Cooperation with the supervisory authority for personal data protection in fulfilling the obligations arising from the regulation.
Prepares and implements internal procedures regarding the acceptance, consideration and response within one month of requests from Users to exercise their rights as subjects of personal data
AUTHORITY REGULATORY ACTIVITY
The body regulating the activity of the Site of the Commission for Personal Data Protection (CPDP), with the following coordinates:
About CPDP:
Website: https://www.cpdp.bg/
tel: 02 / 91-53-518
email: kzld@cpdp.bg
address: Sofia 1592, bul. „Prof. Tsvetan Lazarov ”№ 2
Registration and identification in Holidays Bulgaria
Holidays Bulgaria identifies the Users of the site by storing log files on the server of the Site – tourist advertising catalog Holidays Bulgaria.
Holidays Bulgaria has the right to collect and use information about the Users on the basis and for the purposes of the implementation of the contract concluded under general conditions with the User. The information by which the person can be identified may include personal data specified in the general conditions and policies, as well as any other information that the person provides voluntarily upon registration. The information includes any other that the User enters, uses or provides when using services.
Holidays Bulgaria takes due care and is responsible for protecting the information about the User, which became known to him on the occasion of registration, except in cases of force majeure, accidental event or malicious acts of third parties.
In the registration form filled in by the User upon registration, Holidays Bulgaria indicates the mandatory or voluntary nature of the provision of data and the consequences of refusing to provide them.
Holidays Bulgaria may disclose personal data to third parties only in the cases provided by law and in the circumstances provided by law or with the express consent of the Users.
The user can register by filling in the relevant electronic registration form, available in real time (on-line) on the Internet on the tourist portal-catalog of Holidays Bulgaria has agreed with the General Terms.
By pressing the virtual button with the text “Registration” or other similar text, having the force of written confirmation of the General Terms, the User makes an electronic statement within the meaning of the Electronic Document and Electronic Signature Act, declaring that he is familiar with the General Terms. accepts them and undertakes to abide by them. The Merchant may store in log files on its server the IP address of the User, as well as any other information necessary for its identification and reproduction of its electronic statement of acceptance of the General Terms in the event of a legal dispute. The text of the General Terms and Conditions is available on the Internet on the website of Holidays Bulgaria in a way that allows its storage and reproduction.
When filling in the application for registration, the User is obliged to provide complete and accurate data on identity (for individuals), legal status (for legal entities) and other data required by the electronic form of the Merchant, as well as update them in 7 (seven) one day from their change. The user declares that he agrees to provide the required personal data, ensuring that the data provided during the registration process are correct, complete and accurate and will change them in a timely manner if the latter changes. In case of providing incorrect data, the Merchant has the right to terminate or suspend immediately and without notice the provision of services and maintaining the registration of the User.
Upon registration, the User receives a unique username, which may be the email or data provided by the User from social networks or third-party identification services, and a password to access the services available through the website.
The user can manage their user profile on the site. Through your account.
The Username with which the User registers does not give him any other rights than those explicitly stated in these terms.
Upon payment of a subscription, the registrar in his capacity as a representative of a legal entity is obliged to give his full name and address, resp. the name of the legal entity it represents for the purpose of issuing an invoice.
The user is obliged to take all care and take the necessary measures that are reasonably necessary in order to protect his password, as well as not to disclose his password to third parties and to notify immediately in Holidays Bulgaria case of unauthorized access, as and in the likelihood and doubt of such. He bears the responsibility and risk for the protection of his password, as well as for all actions performed by him or by a third party using his password.