Personal data means any information relating to an identified or identifiable person (you). An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number or to one or more factors specific to that person.
Processing is any operation, or set of operations which is performed on personal data or on sets of personal data. Example of such processing is storing your data, collection and organising it, using your data.
Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Controller is the natural or legal person which determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law.
Processor is a natural or legal person which processes personal data on behalf of the controller.
Third party is a natural or legal person other than you, the controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent is any freely given indication of your wishes by which you signify agreement to the processing of personal data.
Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential. In addition, all sensitive information you supply is encrypted via Secure Socket Layer (SSL/TLS) technology. However, Internet-based data transmissions, even encrypted, may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, you are free to transfer personal data to us via alternative means, e.g. by telephone.
We implement a variety of security measures when a user places an order or enters, submits, or accesses their information to maintain the safety of your personal information.
All payment transactions are processed through a gateway provider and are not stored or processed on our servers.
Expo Travel Group collects a series of general data and information. This general data and information is stored in the server log files. Collected may be the browser types and versions used, the operating system used by the accessing system, the website from which you reach our website (so-called referrers), the date and time of access to the Internet site, an IP address.
When using this general data, the Expo Travel Group does not draw any conclusions about you. This information is needed to deliver the content of our website correctly, optimise the content of our website as well as its advertisement, ensure the long-term viability of our systems, and provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. We analyse anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our company, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by you.
When ordering or registering you may be asked to enter your name, email address, mailing address, phone number, company name or other details that we need to provide you with the requested services and products. European data protection legislation sets out specific "lawful bases" for processing personal data. Below we will explain under which basis we process different information about you, and we will explain the purpose of that processing.
We collect information from you when you place an order, send us a request or enquiry, subscribe to a newsletter, fill out a form, use live chat or speak with us on the phone.
In some rare occasions we may need to process the data that we have about you to comply with law enforcement agencies, under court order or as required by law. We may also use your data to identify any fraudulent activity or to protect our legal rights.
If necessary, and on the legal bases, set out in this policy, we may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries).
We may disclose personal data to our suppliers or subcontractors to provide you with the requested services and products.
Financial transactions relating to our services are handled by our payment services providers. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds.
In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or to protect your vital interests or the vital interests of another natural person.
If you wish to exercise any of your rights you may contact Expo Travel Group in writing at any time.
You have the right granted by the European legislator to obtain from us the confirmation as to whether personal data concerning you is being processed.
You have the right to obtain information from us about your personal data stored and a copy of this information. Provision of such information may be subject to:
You have the right to have any inaccurate personal data about you rectified and, considering the purposes of the processing, to have any incomplete personal data about you completed.
In some circumstances you have the right to request erasure of personal data concerning you, and we have the obligation to erase your personal data after review. Those circumstances include:
You have the right to request restriction of processing of your data where one of the following applies:
You have the right to object, at any time, to processing of your personal data, which is based on point (e) or (f) of Article 6(1) of the GDPR.
We will no longer process your personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests of the data subject, or for the exercise or defence of legal claims.
You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.
Art. 6(1) lit. a GDPR serves as the legal basis for processing operations for which we obtain consent for a specific processing purpose.
If the processing of personal data is necessary for the performance of a contract to which you are a party, as is the case, for example, when processing operations are necessary for the supply of goods or to provide any service, the processing is based on Article 6(1) lit. b GDPR.
The same applies to such processing operations which are necessary for carrying out pre-contractual measures, for example in the case of inquiries concerning our products or services. If our company is subject to a legal obligation by which processing of personal data is required, such as for the fulfilment of tax obligations, the processing is based on Art. 6(1) lit. c GDPR.
In rare cases, the processing of personal data may be necessary to protect the vital interests of the data subject or of another natural person. This would be the case, for example, if a visitor were injured in our company and his name, age, health insurance data or other vital information would have to be passed on to a doctor, hospital or other third party. Then the processing would be based on Art. 6(1) lit. d GDPR.
Finally, processing operations could be based on Article 6(1) lit. f GDPR. This legal basis is used if processing is necessary for the purposes of the legitimate interests pursued by our company or by a third party, except where such interests are overridden by your interests or your fundamental rights and freedoms which require protection of sensitive personal data.
We process personal information for certain legitimate business purposes, which include some or all the following:
Whenever we process data for these purposes we will ensure that we always keep your Personal Data rights in high regard and take account of these rights. You have the right to object to this processing if you wish, and if you wish to do so please contact us or in the case of email marketing by using the unsubscribe option in every marketing email. Please bear in mind that if you object, this may affect our ability to carry out tasks above for your benefit.
We clarify that the provision of personal data is partly required by law (e.g. tax regulations) or can also result from contractual provisions (e.g. information on the contractual partner). Sometimes it may be necessary to conclude a contract that the data subject provides us with personal data, which must subsequently be processed by us. The data subject is, for example, obliged to provide us with personal data when our company signs a contract with him or her. The non-provision of the personal data would have the consequence that the contract with the data subject could not be concluded.
Occasionally, we may include or offer third-party products or services on our website. These third-party sites have separate and independent privacy policies. We have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.
Str. Gabrovo 19, floor 4
Varna 9000, Bulgaria
Tel: +359 52 919 555
Fax: +359 52 911 411
Tour Operator License: #PK-01-7794
TIDS / IATA: #96011123
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. In some specific cases we may notify you of changes to this policy by email.