PRIVACY POLICY AND PROTECTION OF PERSONAL DATA
This Privacy Policy has been prepared and is based on the current Bulgarian legislation in the field of personal data protection and Regulation (GDPR) 2016/679 of the European Parliament and of the Council and aims to clarify how and why "HISTORICAL TRAVELS" EOOD, EIK 204579319 processes and protects your personal data in the process of using the website "historicaltravels.bg" (hereinafter referred to as the website for brevity).
The privacy policy applies to your personal data if you are an individual or a representative of a legal entity that is our customer. It will explain to you what personal information we process when providing our services, for what purposes we use it and what your rights are as a subject of personal data.
PRINCIPLES
When collecting and processing personal data, we are guided by the following principles: legality; good faith; transparency; limitation of processing purposes; minimizing the data collected; accuracy and timeliness; restriction of storage in order to fulfill the objectives; processing privacy and security.
-
WHO PROCESSES AND IS RESPONSIBLE FOR YOUR PERSONAL DATA? The administrator of your personal data is: "HISTORICHESKI PATUVANIA" EOOD, the commercial company registered in the Commercial Register at the Registration Agency with EIK 204579319, which collects, processes and stores your personal data under the terms of this Privacy Policy, mandatory company rules and standard contractual clauses, according to Implementing Decision (EU) 2021/915 of the European Commission of June 4, 2021.
You can contact us at the address: Vetrino village, G. S. Rakovski street No. 9, telephone: +359877740898 or +359898798015, e-mail address: r.radev@historicaltravels.bg and angel@onesto.bg.
Competent supervisory body for the protection of personal data: Commission for the Protection of Personal Data, registered office and management address: Sofia 1592, "Prof. Tsvetan Lazarov" 2, address for correspondence: Sofia 1592, "Prof. Tsvetan Lazarov" 2, phone: 02/ 915 3 518, website: www.cpdp.bg.
-
LEGAL DEFINITIONS
-
The GDPR contains a total of 26 legal definitions and it is not practical to fit them all into this policy. However, the more key concepts would find a place and are therefore presented below:
-
"Personal data" – any information relating to an identified natural person or an identifiable natural person ("data subject");
an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, the physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person;
"Processing" - any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection,
recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission, distribution or otherwise making the data available, arranging or combining, limiting, erasing or destroying;
"Administrator of personal data" – a natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of processing personal data; when the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the special criteria for its determination may be established in Union law or in the law of a Member State.
"Processor of personal data" - a natural or legal person, public body, agency or other structure that processes personal data on behalf of the controller;
"Third party" - a natural or legal person, public body, agency or other body other than the data subject, the administrator, the personal data processor and the persons who, under the direct supervision of the administrator or the personal data processor, have the right to process the personal data.
"Consent of the data subject" - any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or a clear affirmative action, which expresses his consent for the personal data related to him to be processed.
"Breach of personal data security" - a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed.
"Profiling" - any form of automated processing of personal data, consisting in the use of personal data to evaluate certain personal aspects related to a natural person, such as his economic status, health, personal preferences, interests, reliability, behavior, location or movement
Pseudonymization" - processing of personal data in such a way that the personal data can no longer be linked to a specific data subject without the use of additional information, provided that it is stored separately and subject to technical and organizational measures with in order to ensure that the personal data is not linked to an identified natural person or to an identifiable natural person.
"Register of personal data" - the set of data that is maintained and stored by the administrator, regardless of their physical medium.
3. PERSONAL DATA TO BE COLLECTED
Depending on the specific goals, "HISTORICAL TRAVELS" EOOD processes the data indicated below independently or in combination with each other.
Processing of personal data that is provided directly by you when you order a certain product/service through the online form on the website or make an inquiry by phone or through the contact form of "historicaltravels.bg".
Personal data to identify a user (two names, email, phone number)
We do not knowingly collect personal information from persons under the age of 18.
4. WAYS YOUR PERSONAL DATA IS COLLECTED
The collection and processing of your personal data is carried out in several ways: registration on the website; purchase of goods/services; giving feedback on a website page; sending messages via chat platforms or by email; as well as when you use or browse the website through your browser's cookies.
5. TYPES OF DATA, PURPOSES AND LEGAL BASIS FOR PROCESSING
5.1. TYPES OF DATA
5.1.1 Personal data provided by you, through express consent: two names, telephone and your e-mail address. Consent is given in writing or when creating an account/filling in a form that requires personal data.
5.1.2 Data collected upon payment made to "HISTORICAL TRAVELS" EOOD.
5.1.3 IP address data when visiting our site. This data is collected to improve and ensure security, as well as for statistical purposes and research.
5.1.4 When connecting to your Facebook or Google account or other third-party services (where such functionality is available), we also receive the information from those accounts (eg friends or contacts). The information we receive from these services depends on the settings and privacy statements, so each person should check what they are.
5.1.5 Your name and e-mail data may be used in the process of providing various services, including sending commercial messages and direct marketing, in case you have given additional consent.
5.2. PURPOSES FOR THE PROCESSING OF PERSONAL DATA
In fulfillment of its legal obligations and depending on the specific goals, "HISTORICHESKI PATUVANIA" EOOD processes the data indicated below, individually or in combination with each other for the following purposes:
5.2.1 issuing an accounting document;
5.2.2 carrying out tax-insurance control by the relevant competent authorities;
5.2.3 provision of information to the Commission for the Protection of Personal Data in connection with obligations provided for in the legal framework for the protection of personal data - Personal Data Protection Act, Regulation (EU) 2016/679 of April 27, 2016, etc. ;
5.2.7 presenting information and suggestions for special offers on services offered that we think you may like by sending an email, a text message in a mobile/web application or by making a phone call;
5.2.8 identification of a user when registering on the website and/or recording the services offered;
5.2.4 obligations provided for in the Accounting Act and the Tax-Insurance Procedure Code and other related legal acts, in connection with keeping correct and lawful accounting;
5.2.5 provision of information about the client and purchases made by him and/or services used by him upon inquiry/request/verification by a competent authority;
5.2.6 technical assistance to create an account/s and recover a forgotten password to access our website;
5.2.9 updating your personal data or the information related to services provided;
5.2.10 carrying out direct marketing by sending offers, invitations and information about products and services, after your express express consent, through electronic communication channels (such as e-mail, SMS, email, etc.), marketing activities, conducted through the use of the website (for example, advertising spots) by "historicaltravels.bg" and a company from the group of companies to which "HISTORICAL TRAVELS" EOOD belongs.
The administrator processes the data that is collected automatically during your visit to the website for the following purposes:
Statistical purposes about how the website has been used in order to improve its performance. Which amounts to producing analyzes where the results are only generalizable and therefore the data is anonymous. Identification of a specific person from this information is impossible.
The administrator will not process personal data for purposes other than those specified.
6. TRANSFER OF PERSONAL DATA TO THIRD PARTIES
"HISTORICAL TRAVELS" EOOD has the right, after judgment, to provide information to other persons processing personal data for the fulfillment of the purposes of processing and in compliance with the requirements of the Regulation. In the presence of explicit consent, the personal data provided by you can be shared with partners - companies from the group of companies to which "HISTORICHESKI PATUVANIA" EOOD belongs
with the subject of cultural-historical products and services subject to their compliance with the current privacy policy for processing and protection of personal data.
For the purposes of fulfilling a concluded contract or for another reason, a situation may arise where you entrust us with processing data to a third party. In such a case, we will act as the processor of the personal data.
7. Data Security
To prevent unauthorized access, to maintain data accuracy and to ensure proper use of data, we implement reasonable and adequate physical, IT and organizational security measures for the effective protection of all personal data we process. The information you provide through the online platforms will subsequently be transmitted in an encrypted form, using the SSL (Secure Socket Layer) protocol to prevent the misuse of data by third parties. You can identify this by the fact that a closed padlock symbol appears in your browser's status bar and the URL begins with “https”.
With a view to improving the measures presented in this Privacy Policy, we will make every effort to ensure the correctness, completeness, currency and compliance of the data for the intended use, and any changes will be described in the updated version and entered effective after notification to website users via email messages.
"HISTORICHESKI PATUVANIA" EOOD will periodically test and review the effectiveness of data protection measures against risks of loss, inaccurate use, unauthorized access, disclosure, modification or unauthorized deletion/destruction.
The scope of the organizational measures taken by our organization and guaranteeing the security of the processing of your personal data includes the fact that for the purposes of complying with the rules of the GDPR and realizing their importance, a training procedure is implemented for our own employees and to the persons authorized by the Administrator and employees of the same. If personal data is transferred from the Administrator to authorized persons of the same or to employees, this is carried out under legal security conditions meeting the necessary guarantees.
In the event that we, as an Administrator, cooperate with another administrator in the processing of personal data, we ensure a legal and transparent conclusion of an agreement on the processing of personal data, the content of which explains in detail the disclosure of personal data to the other administrator , and all this is done under conditions that guarantee the protection of the processing of your personal data.
We store your data on our own server purchased from Plesk, which is protected by multiple proven methods, the CloudFlare company is responsible for data transfer, the latter does not have direct access to your personal data, but only transfers it through encryption. CloudFlare Processing of Your Personal Data Agreement: https://www.cloudflare.com/cloudflare-customer-dpa/. Agreement for processing your personal data through Plesk: https://central.plesk.com/legal/privacy-policy/.
8. Processing time
The duration of storage of your personal data depends on the processing purposes for which they were collected:
Personal data processed for the purpose of purchases and requested services are stored and processed as long as there is a need for them in order to achieve the goals or to fulfill the last service requested by you, as well as 5 years after that in view of the legitimate interests of the administrator. In the event that a regulatory act determines a longer term for data storage, we store it according to the established term.
Personal data processed for the purpose of issuing accounting/financial documents for the implementation of tax and insurance control, such as but not limited to invoices, debit, credit notices are stored for at least 5 years after the expiration of the limitation period for repayment of the public claim, unless the applicable legislation does not provide for a longer term.
9. Your Rights
9.1 Right of Access
As a data subject, you have the right to access the data and the following information:
1.1 the purposes of processing;
1.2 relevant categories of personal data;
1.3 the recipients or categories of recipients to whom your personal data has been or will be disclosed.
For this purpose, you can contact us at the email address: r.radev@historicaltravels.bg and angel@onesto.bg.
9.2 The right to withdraw consent
If you have given your consent to the use of the data on legal grounds with your consent, you can withdraw it at any time without stating your reasons. For this purpose, it is enough to send an email to r.radev@historicaltravels.bg and angel@onesto.bg. This will not affect the processing of your data until this point, which will remain a legal and valid process.
9.3 Right to rectification
You have the right to obtain from "HISTORICHESKI PATUVANIA" EOOD the deletion of your data, which can be exercised under certain circumstances provided by the applicable legislation, including:
You have the right to ask the administrator to correct inaccurate personal data relating to you. Considering the purposes of the processing, you have the right to request that incomplete personal data be completed, including by adding a declaration.
-
the situation where the personal data are no longer necessary in relation to the purposes of the processing;
-
the situation where the data subject objects to the processing and there are no other legitimate interests that appear to prevail in relation to the processing;
-
the situation where personal data has been processed unlawfully.
The deletion of your personal data can be done at any time, upon request, by using the methods already indicated or by using our general contact details for each project/service. Normally, your data is deleted immediately, but no later than one month after claiming such a right. If the deletion contradicts the data storage obligations established by law, contract or regulations, respectively for commercial reasons or for other reasons provided for by law, instead of deletion, your data can only be blocked. If this is the case with your customer account, you will receive a notification from us in this regard. After deleting your data, it is no longer possible to receive information.
9.5 Right to Object
9.6 The right to appeal
10. The right to data protection
As a subject of personal data, you have the right, in the event of a violation of your rights, to refer the Commission for the Protection of Personal Data, in the capacity of the National Authority for the Supervision of the Processing of Personal Data, within 6 months of becoming aware of the violation, but no later of two years from its execution.
Questions related to all data processing can be addressed to us at any time at the address: Vetrino village, G.S. Rakovski street No. 9, phone: +359877740898 or +359898798015, or e-mail: r .radev@historicaltravels.bg and angel@onesto.bg.
This Privacy Policy may be updated and supplemented without notice, in the event of an update of legislation or a change in our personal data processing policy. The new update will be effective from the date of the last change indicated at the top of the Privacy Policy. Using the website after the update is posted means you agree to the changes made.