Privacy Policy
Privacy Policy
I. INTRODUCTION
BY USING THIS WEBSITE, YOU AGREE WITH CONDITIONS CONCERNING COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA IN ACCORDANCE WITH THESE CONDITIONS
PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THIS WEBSITE AND IF YOU HAVE ANY QUESTIONS ABOUT THIS PRIVACY POLICY. IF YOU DO NOT AGREE WITH SOME OF THE TERMS CONTAINED IN THIS PRIVACY POLICY, YOU SHOULD NOT USE THIS WEBSITE.
ADMINISTRATOR OF PERSONAL DATA
Users during the registration process. Disclosure is possible only in cases where the information is required by state authorities or officials authorized by law to request and collect information containing personal data and in compliance with the statutory procedure.
SUPERVISOR:
Personal Data Protection Commission
Address: Sofia, 1592, Prof. Tsvetan Lazarov ”2
Contact data:
II. PURPOSES AND SCOPE OF THE CONFIDENTIAL POLICY
1.1 1.1 The Administrator understands the views of visitors to this site regarding the protection of personal data and is committed to protecting their personal data by applying all standards of personal data protection under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC. With this Privacy Policy, the Administrator respects the privacy of individuals and makes every effort to protect the personal data of individuals against unauthorized processing by implementing technical and organizational measures to protect personal data, which measures are fully consistent with modern technological achievements and provide a level of protection that is appropriate to the risks associated with the processing and the nature of the data to be protected.
1.2 With this Privacy Policy and in compliance with the requirements of Regulation (EU) 2016/679, the Provider provides information on:
- the objectives and scope of the privacy policy;
- personal data collected and processed by the provider;
- the purposes of the processing of personal data;
- storage period of personal data;
- the mandatory and voluntary nature of the provision of personal data;
- processing of personal data;
- protection of personal data;
- the recipients or categories of recipients to whom the data may be disclosed;
- individuals’ rights;
- exercise of rights;
- right of objection;
- buttons, tools and content from other companies;
- changes in privacy policy..
III. DEFINITIONS
2.1For the purposes of Regulation (EU) 2016/679 and of this Policy, the following terms shall have the following meanings:
- Personal data means any information relating to an identified or identifiable natural person (“data subject”); identifiable natural person is an identifiable person, directly or indirectly, in particular by an identifier such as a name, identification number, location data, online identifier, or by one or more physical-specific attributes, the physical, genetic, mental, mental, economic, cultural or social identity of that individual.
- Processing of personal data means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as the collection, recording, organizing, structuring, storing, adapting or changing, extracting, consulting, using, disclosing by transmission , dissemination, or otherwise making the data accessible, arranging or combining, limiting, deleting, or destroying it
- Restriction of processing means the marking of stored personal data in order to limit their processing in the future.
- Profiling means any form of automated processing of personal data, which involves the use of personal data to evaluate certain personal aspects related to an individual, and in particular to analyze or predict aspects related to the fulfillment of the professional obligations of that person. An individual, his or her economic status, health, personal preferences, interests, reliability, behavior, location or movement.
- “Administrator” means an individual or legal person, public authority, agency or other entity that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for determining it may be laid down in Union law or in a Member State law.
- Personal data processor means an individual or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.
- Recipient means an individual or legal person, public authority, agency or other entity to whom personal data are disclosed, whether third party or not. At the same time, public authorities which may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered as ‘recipients’; the processing of such data by the designated public authorities complies with the applicable data protection rules for the purposes of processing.
- Third party means a individual or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct control of the controller or the processor, have the right to process the personal data.
- Consent of the data subject means any freely expressed, specific, informed and unambiguous indication of the data subject’s will, by means of a statement or clearly affirmative action, expressing his / her consent to the processing of personal data related to him / her.
- Personal data breach means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or processed in any other way.
IV. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
3.1 The controller adheres to the following principles when processing personal data about individuals, namely:
- Personal data are processed lawfully, in good faith and in a transparent manner with respect to the data subject (“legality, integrity and transparency”);
- Personal data are collected for specific, explicit and legitimate purposes and are not further processed in a manner incompatible with those purposes;
- Personal data are relevant, relevant, and limited to what is necessary for the purposes for which they are processed (“minimizing data”);
- Personal data are accurate and, where necessary, kept up-to-date (“accuracy”);
- Personal data are stored in a form that allows the data subject to be identified for a period no longer than is necessary for the purposes for which the personal data are processed (“retention limit”);
- Personal data are processed in a manner that guarantees an adequate level of personal data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or corruption, by applying appropriate technical or organizational measures (“integrity and confidentiality”).
V. PERSONAL DATA COLLECTED AND PROCESSED BY THE ADMINISTRATOR
A. Processing of special categories of personal data (“sensitive data”)
А. Обработка на специални категории лични данни („чувствителни данни“)
4.1 The controller does not collect or store specific categories of personal data, such as: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, or union membership, genetic data, biometrics for the sole purpose of identifying an individual , health status, or sexual life or sexual orientation data of the individual. Individuals should not provide such sensitive data to the Administrator. In case the individual deliberately provides sensitive data to the Administrator, the Administrator shall immediately delete them.
B. Personal data collected directly from individuals
Personal data collected directly from individuals when individuals contact the Administrator by telephone
5.1 Individuals provide personal information to the Administrator when they contact the Administrator by telephone. The Administrator contact telephone number is specified in the Administrator identification information in this Privacy Policy and in the Contacts menu where contact information for the Administrator is provided. When a person contacts the Administrator by telephone, the Administrator collects and processes only the name and telephone number of the individual, and in some cases the email address of the individual. This data is processed for the purposes of communication with the individual. The processing of this personal data is necessary:
- to pursue the Admin’s legitimate interests, which legitimate interests are to send a response to the received messages, as well as to retain the received messages.
- for actions prior to the conclusion of the contract and undertaken at the request of the individual, namely providing more information offered by the Administrator services in connection with the possible conclusion of the contract with the individual.
C. Personal data of individuals provided by third parties
6.1 The controller does not normally receive personal data about individuals from third parties. However, in some cases, if the Administrator has reasonable grounds to suspect that an individual violates intellectual property rights and other similar cases, then the Administrator is entitled to obtain the suspect’s personal data from public registers, such as: the register, the register for registered trademarks kept by the Patent Office of the Republic of Bulgaria and the like. This data may be collected and processed in order to bring an infringement claim against the offender. The processing of personal data collected from a public register is necessary for the purposes of the legitimate interests of the Administrator, which legitimate interests are a claim for a violation against the offender, as well as on a legal basis.
D. Data collected automatically
7.1 When visiting the Website, the Administrator automatically collects the following information, namely:
- Internet Protocol (IP) address of the device from which the individual accesses the platform (typically used to determine the country or city from which the individual accesses the platform);
- The type of device from which the individual accesses the platform (eg computer, mobile phone, tablet, etc.);
- Type of operating system;
- Browser type;
- The specific actions that the individual takes, including the pages visited, the frequency and duration of visits to the website;
- Date and time of visits.
7.2 When using the collected information, the Administrator does not profile individuals.
VI. COOKIES
8.1 A cookie is a small text file that is saved to your computer or mobile device and downloaded on subsequent visits. Basecamp.tours uses cookies to improve and facilitate your visit. We do not use cookies to store personal information or to disclose information to third parties. The cookies used are both permanent and temporary (session cookies). Permanent cookies are stored as a file on your computer or mobile device for no longer than 24 months. We use session cookies when you use the Product Filter feature to check if you are logged in or have placed an item in your cart. You can easily delete cookies from your computer or mobile device using your browser. Instructions for working and deleting cookies are given in the “Help” menu in your browser. You can choose to disable cookies or receive a notification every time a new cookie is sent to your computer or mobile device. Please note that if you choose to disable cookies, you will not be able to take advantage of all the features of our site. Third-party cookies We use third-party cookies to collect statistics in a concise format through analytics tools like Google Analytics, GoogleAdwords, Facebook.
VII. PURPOSES FOR WHICH PERSONAL DATA IS PROCESSED
9.1 The controller collects and processes the personal data of individuals, which are provided directly by them for the following purposes only, namely:
- in order to provide the services offered by the Administrator and to identify individuals (future and current clients);
- contacting the individual via e-mail so that the Administrator can respond to the request from the individual;
- for performance of obligations under a contract to which the data subject is a party, as well as for actions prior to the conclusion of a contract and undertaken at his request;
- to fulfill the statutory obligation of the Data Controller, in accordance with the applicable law;
- accounting purposes;
- statistical purposes.
9.2 The controller collects and processes the personal data of individuals, which are automatically collected for the following purposes, namely:
- improving the efficiency and functionality of the website;
- producing anonymous statistics on how the website was used.
9.3 The Administrator may not use the personal data of individuals for purposes other than those specified in this section of this Privacy Policy. The provider does not perform profiling.
VIII. DURATION OF PERSONAL DATA
10.1 Personal data of persons who made a request using the contact form of the website: The Administrator shall store the personal data of the persons who made a request using the contact form of the website for a period of:
- for persons who have not become clients of the Administrator within one month of sending the request: personal data is stored for a period of three months after sending the request.
- for persons who became clients of the Administrator: personal data is stored for 10 years after the execution of the service assigned by the client to the Administrator.
10.2 Personal data of persons who made a request by telephone: The Administrator shall store the personal data of persons who made a request by telephone for a period of:
IX. BINDING AND VOLUNTARY NATURE OF SUBMISSION OF PERSONAL DATA
11.1 The personal data required to be provided by individuals are consistent with the services provided by the Administrator and are mandatory. The provision of personal data by individuals is voluntary. In case of refusal to provide personal data:
- The Administrator will not be able to provide the physical service or information desired by the Administrator;
- The administrator will not be able to receive the email from the user if the user does not fill in the required information in the contact form.
X. PROCESSING OF PERSONAL DATA
12.1 The controller processes personal data of individuals through a set of actions that can be performed by automatic or non-automatic means.
12.2 The Administrator processes the personal data of individuals independently or by assigning a processor on behalf of the Administrator, who is the accounting officer of the company, which is based in the Republic of Bulgaria.
XI. PROTECTION OF PERSONAL DATA
13.1 The controller shall take the necessary technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, unauthorized access, alteration or distribution, as well as from other unlawful forms of processing, namely:
- all personal information provided by the individual to the Administrator is stored on secure and reliable servers and folders;
- in exercising the right of access by the individual, the Administrator verifies the identity of the individual before providing him with the requested information.
13.2 Comprehensive information on the technical and organizational measures taken by the controller is available in the Instruction on the mechanism of processing of personal data and their protection in the maintained registers containing personal data with the Administrator. Should you wish to receive detailed information on technical and organizational measures, please do not hesitate to contact us on 00359 89 223 040 or by making an inquiry using the contact form on this site.
XII. RECIPIENTS TO WHICH PERSONAL DATA MAY BE DISCLOSED
14.1 The controller has the right to disclose the personal data processed to the following categories of persons, namely:
- to data subjects;
- to persons, if provided for in a normative act, for example state bodies (NRA, Patent Office, Commercial Register, etc.);
- to data processors who provide services for the benefit of the Provider’s business activities, such as the Accountant to the Administrator and courier organizations, and those persons are bound by the obligation of confidentiality and also provide sufficient safeguards for implementation appropriate technical and organizational measures in such a way that the processing proceeds in accordance with the requirements of the Regulation and ensures the protection of the rights of individuals.
14.2 The Provider does not sell personal data provided by an individual to third parties.
XIII. RIGHTS OF INDIVIDUALS
RIGHTS OF INDIVIDUALS
Right of access
15.1 An individual has the right to receive from the Administrator confirmation that personal data related to him/her are processed and, if so, to have access to the data – the relevant categories of personal data.
Right of correction
15.2 The individual has the right to ask the Administrator to correct without undue delay inaccurate personal data related to him. Considering the purposes of processing, the individual has the right to complete incomplete personal data, including by adding a declaration.
Right to be deleted (right to be “forgotten”)
15.3 An individual has the right to request from the Administrator the deletion of personal data related to him without undue delay, and the Administrator has the obligation to delete without undue delay the personal data when any of the grounds specified in Article 17 of Regulation 2016/679 apply.
Right to restrict processing
15.4 The individual has the right to request from the Administrator a restriction of processing when one of the conditions specified in Article 18 of Regulation 2016/679 applies. Where a restriction on processing is carried out, such data shall be processed, with the exception of their storage, only with the consent of the individual or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural person or for important grounds of public interest. for the Union or a Member State. When an individual has requested a restriction on processing, the Administrator shall inform the individual prior to the cancellation of the restriction on processing.
Data portability right
15.5 An individual has the right to receive personal data concerning him which he has provided to the controller in a structured, widely used and machine-readable format, where processing is based on consent or a contractual obligation and processing is carried out under automated way.
Right to object
15.6 An individual has the right, at any time and on grounds relating to his or her particular situation, to object to the processing of personal data relating to him / her. According to Article 21 (4) of Regulation 2016/679, the individual is explicitly informed of the existence of the right of objection, which shall be presented in a clear manner and separately from any other information. For the fulfillment of this obligation, more information on the right of objection can be found in the section entitled ‘Right of Objection’ below.
Profiling rights
15.7 The individual has the right not to be the subject of a decision based solely on automated processing involving profiling, which has legal consequences for the data subject or similarly significantly affects it.
Right to be informed about personal data breach
15.8 Where a breach of personal data security is likely to create a high risk to the rights and freedoms of individuals, the individual must be notified without undue delay of the breach of personal data security.
Right to a judicial and administrative remedy
Right to lodge a complaint with a supervisory authority
15.9 An individual may file a complaint with a supervisory authority, in particular in the Member State of habitual residence, place of work or place of alleged infringement, if the natural person considers that the processing of personal data concerning him violates the provisions of Of the Regulation.
The right to effective judicial protection against a supervisory authority
15.10 Every individual and legal person has the right to an effective judicial remedy against a binding decision of a supervisory authority relating thereto. Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.
Q: The right to effective judicial protection against an administrator or processor
15.11 Without prejudice to any administrative or non-judicial remedies available, including the right to lodge a complaint with a supervisory authority, an individual has the right to an effective judicial remedy where he considers that his rights under the Regulation have been infringed as a result of processing of his personal data which is not in accordance with the Regulation. Proceedings against a controller or processor shall be brought before the courts of the Member State where the controller or processor is established.
Right to compensation for damages
15.12 Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the Regulation shall be entitled to receive compensation from the Administrator or the processor for the personal injury suffered. Legal proceedings concerning the exercise of the right to compensation shall be brought before the courts of the Member State in which the controller or the processor processes the place of establishment.
XIV. PROCEDURE FOR THE EXERCISE OF RIGHTS
16.1 Individuals exercise their right of withdrawal of consent, right of access, right of deletion, correction, right of limitation of processing, right of data portability, right of objection and profiling rights, by submitting a written request to the Administrator ( or by post to the address specified in the Administrator ID above in this privacy policy or by sending an email), which should include the following information:
- name, address and other identifying information of the individual concerned;
- a description of the request;
- signature, date of submission of the request and e-mail address.
16.2 The request is made personally by the individual. The administrator records the requests submitted by individuals in a separate register.
16.3 After the individual has exercised his right of access to personal data relating to him, the Administrator verifies the identity of the individual before responding to the request. This is necessary to minimize the risk of data misuse and identity theft. In case the Administrator cannot identify the individual from the collected personal data, then the Administrator has the right to request a copy of the documents identifying the individual (such as ID card, driving license, other documents containing personal data which may identify the individual).
16.4 The Administrator shall consider the request and provide the individual with information on the actions taken in connection with the request within one month of receipt of the request. If necessary, this period may be extended by another two months, taking into account the complexity and number of requests.
16.5 The Administrator shall inform the individual of any such extension within one month of receipt of the request, indicating the reasons for the delay. Where the individual submits a request by electronic means, the information shall, where possible, be provided by electronic means, unless otherwise requested by the individual.
16.6 If the Administrator does not take action on the request of the individual, the Administrator shall notify the person without delay and within one month at the latest within one month of receiving the request for reasons for not taking action and for the possibility of filing a complaint with the supervisory authority and seeking protection. judicially.
16.7 The controller is obliged to report any correction, deletion or restriction of processing to any recipient to whom the personal data have been disclosed, unless this is impossible or requires a disproportionate effort. The administrator shall inform the individual of these recipients if the person so requests.
XV. RIGHT OF OBJECTION
17.1 An individual has the right, at any time and on grounds relating to his or her particular situation, to object to the processing of personal data relating to him. According to Article 21 (4) of Regulation 2016/679, the individual is explicitly informed of the existence of the right of objection, which shall be presented in a clear manner and separately from any other information. To fulfill this obligation, more information on the right of objection will be provided in this section of this privacy policy.
17.2 An individual has the right, at any time and on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her in cases where the processing is necessary for the performance of a public interest task or for the exercise of official powers conferred on the Administrator or the processing is necessary for the purposes of the legitimate interests of the Administrator or of a third party, except where such interests take precedence over the interests or fundamental rights and their own odes of the individual, which require protection of personal data, particularly when the individual is a child. The controller undertakes to suspend the processing of personal data unless it proves that there are compelling legal grounds for processing that take precedence over the interests, rights and freedoms of the individual, or for the establishment, exercise or defense of legal claims. Individuals exercise their right of objection by submitting a written request to the Administrator at the address specified in the Administrator identification above in this Privacy Policy or by sending an email.
17.3 When processing personal data for direct marketing purposes, the individual has the right at any time to object to the processing of personal data relating to him for this type of marketing, which includes profiling insofar as it relates to direct marketing. When an individual objects to processing for direct marketing purposes, the processing of personal data for these purposes is terminated. Individuals exercise their right of objection by submitting a written request to the Administrator at the address specified in the Administrator ID above in this privacy policy or by sending an email indicating that they do not wish to receive promotional messages.
XVI. LINKS, TOOLS AND CONTENTS FROM OTHER COMPANIES
18.1 The Website contains buttons, tools or content that link to other companies’ services, such as the “Share on Facebook”, “Share on Twitter”, “Share on Linkedin” buttons, as well as links to the Provider’s social Linkedin media and links to the developer of the Admin Website. All sites of such companies that may be accessed through this site are independent and the Administrator assumes no responsibility for any damages and losses resulting from the use of these sites. Individuals use these sites at their own risk and it is advisable to consult the respective company privacy policy for more information.
XVII. CHANGES IN CONFIDENTIAL POLICY
19.1 This Privacy Policy may be updated at any time in the future. When this happens, the modified policy will be posted to this website with a new “Last Modified” date at the top of this Privacy Policy and will be effective from the date of publication. Therefore, it is recommended that you periodically check this Privacy Policy to make sure you are aware of any changes. Use of the Website after the publication of the updated Privacy Policy will be deemed to be your agreement to the changes made.
XVIII. CONTACTS
20.1 If you have any further questions about this Privacy Policy, please do not hesitate to contact us on 00359 89 223 040 or using the contact form on this site.