Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their 'Personally Identifiable Information' (PII) is being used online. Data protection is of a particularly high priority for us in Expo Travel Group. The use of the Internet pages of Expo Travel Group is possible without any indication of personal data; however, if you want to use services via our website, processing of personal data could become necessary.

The processing of your personal data, such as the name, e-mail address, or telephone will always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to Expo Travel Group. With this privacy policy, we would like to inform you of the nature, scope, and purpose of the personal data we collect, use and process. This policy applies only to personal information processed by or on behalf of Expo Travel Group.

About us

We are Expo Travel Group and you can contact us by email at info@expotravel.group, or by any of the methods described on our Contact Us Page

Definitions

Our privacy policy is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Some of the terms might sound confusing, or unclear so we would like to first explain the terminology used.

Personal data

Personal data means any information relating to an identified or identifiable person (you). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number or to one or more factors specific to that person.

Processing

Processing is any operation, or set of operations which is performed on personal data or on sets of personal data. Example of such processing is storing your data, collection and organising it, using your data.

Restriction of processing

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

Controller

Controller is the natural or legal person which determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law.

Processor

Processor is a natural or legal person which processes personal data on behalf of the controller.

Third party

Third party is a natural or legal person other than you, the controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Consent is any freely given indication of your wishes by which you signify agreement to the processing of personal data.

How do we protect your information?

Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL/TLS) technology. However, Internet-based data transmissions, even encrypted, may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, you are free to transfer personal data to us via alternative means, e.g. by telephone.

We implement a variety of security measures when a user places an order or enters, submits, or accesses their information to maintain the safety of your personal information.

All payment transactions are processed through a gateway provider and are not stored or processed on our servers.

What information do we collect from you and why?

Collection of general data and information

Expo Travel Group collects a series of general data and information. This general data and information is stored in the server log files. Collected may be the browser types and versions used, the operating system used by the accessing system, the website from which you reach our website (so-called referrers), the date and time of access to the Internet site, an IP address.

When using this general data, the Expo Travel Group does not draw any conclusions about you. This information is needed to deliver the content of our website correctly, optimise the content of our website as well as its advertisement, ensure the long-term viability of our systems, and provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. We analyse anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our company, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by you.

Collection of personal information

When ordering or registering you may be asked to enter your name, email address, mailing address, phone number, company name or other details that we need to provide you with the requested services and products. European data protection legislation sets out specific "lawful bases" for processing personal data. Below we will explain under which basis we process different information about you, and we will explain the purpose of that processing.

We collect information from you when you place an order, send us a request or enquiry, subscribe to a newsletter, fill out a form, use live chat or speak with us on the phone.

Types of personal information

Title and name

  • To create a hotel, flight or other bookings in your name and contact you about the services and products you request
  • We will keep this information for our records and general customer relationship management

Contact details (e.g. email address, phone number)

  • We will send you marketing messages (offers and exclusive deals) by email only if you give us explicit consent
  • To create hotel, flight or other bookings in your name and contact you about the services and products you have requested, or have already booked via our company
  • We will keep this information for our records only for a period of time needed to successfully perform the service and any eventual post-service date interactions that may be needed. We may also need these details for any general customer relationship management
  • To contact you by phone in order to discuss the services you have requested (unless you have asked us not to)

Payment Card details

  • To process payments manually (only in cases where you refuse to use our secure online payment processing system)

Information about your booking

  • To make your requested booking
  • We may keep this information for statistics to improve our services and to target our offerings to you

Loyal Customer Programs information

  • With you consent and if you would like us to use your loyalty information when booking flights

Advance Passenger Information (may include gender, date of birth, passport details)

  • We are legally obliged to provide this information to airlines when booking flights

Postal Address

  • If you would like us to post tickets, invoices or other documents to you

Communication with you

  • To take any necessary actions as a result from the communications
  • We may keep records of the communications with you for monitoring of the quality of our services and for training purposes

Information about how you use our services

  • Where this information is gathered with the help of cookies you can block them in your browser (see below for help). Some parts of our on-line services may not work if you do.

In some rare occasions we may need to process the data that we have about you to comply with law enforcement agencies, under court order or as required by law. We may also use your data to identify any fraudulent activity or to protect our legal rights.

Do we use "cookies"?

Yes, as almost all websites on the Internet, the Internet pages of the Expo Travel Group websites use cookies. Cookies are small text files that are stored in a computer system via an Internet browser.

To learn more about cookies and how we use them take a look at our Cookie Policy

Who we share personal information with

If necessary, and on the legal bases, set out in this policy, we may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries).

We may disclose personal data to our suppliers or subcontractors to provide you with the requested services and products.

Financial transactions relating to our services are handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.

In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.

Your rights

  • the right to access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to object to processing
  • the right to data portability
  • the right to complain to a supervisory authority
  • the right to withdraw consent

If you wish to exercise any of your rights you may contact Expo Travel Group in writing at any time.

Right of confirmation

You have the right granted by the European legislator to obtain from us the confirmation as to whether personal data concerning you is being processed.

Right to access

You have the right to obtain information from us about your personal data stored and a copy of this information. Provision of such information may be subject to:

  • the payment of a fee (currently fixed at EUR 10)
  • the supply of appropriate evidence of your identity

Right to rectification

You have the right to have any inaccurate personal data about you rectified and, considering the purposes of the processing, to have any incomplete personal data about you completed.

Right to erasure (Right to be forgotten)

In some circumstances you have the right to request erasure of personal data concerning you, and we have the obligation to erase your personal data after review. Those circumstances include:

  • the processing is for direct marketing purposes and the personal data have been unlawfully processed
  • the personal data are no longer necessary in relation to the purposes for which it was collected or processed
  • you withdraw consent to consent-based processing
  • you object to the processing under certain rules of applicable data protection law

Right of restriction of processing

You have the right to request restriction of processing of your data where one of the following applies:

  • The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data.
  • The processing is unlawful, and you oppose the erasure of the personal data and requests instead the restriction of their use instead.
  • We no longer need the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defense of legal claims.
  • You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether our legitimate grounds override those of the data subject.

Right to object

You have the right to object, at any time, to processing of your personal data, which is based on point (e) or (f) of Article 6(1) of the GDPR.

We will no longer process your personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests of the data subject, or for the exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.

If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any service, the processing is based on Article 6(1) lit. b GDPR.

The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.

In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.

Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms which require protection of sensitive personal data.

Provision of personal data for our legitimate business interests.

We process personal information for certain legitimate business purposes, which include some or all the following:

  • where the processing enables us to enhance, modify, personalise or otherwise improve our services / communications for the benefit of our customers
  • to identify and prevent fraud
  • to enhance the security of our network and information systems
  • to better understand how people interact with our websites
  • to provide postal communications / direct marketing which we think will be of interest to you or can benefit you
  • to determine the effectiveness of promotional campaigns and advertising

Whenever we process data for these purposes we will ensure that we always keep your Personal Data rights in high regard and take account of these rights. You have the right to object to this processing if you wish, and if you wish to do so please contact us or in the case of email marketing by using the unsubscribe option in every marketing email. Please bear in mind that if you object, this may affect our ability to carry out tasks above for your benefit.

Provision of personal data as contractual requirement.

We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.

Occasionally, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Our Contact Details

Expo Travel Group Ltd.

Str. Gabrovo 19, floor 4
Varna 9000, Bulgaria
Tel: +359 52 919 555
Fax: +359 52 911 411
Tour Operator License: #PK-01-7794
TIDS / IATA: #96011123

Amendments

We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. In some specific cases we may notify you of changes to this policy by email.