1) “Personal data” means any information related to a natural person or an identifiable natural person (“data subject“); a person who can be identified is a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more features specific to the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual;
2) “Processing“ means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure, distribution or other means of making the data accessible, arranging or combining, restricting, deleting or destroying it;
3) “Administrator” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; when the purposes and means of such processing are determined by Union or Member State law, the administrator or the specific determining criteria may be established in the European Union or Member State law;
4) “Processor of personal data“ means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the administrator;
5) “Recipient“ means a natural or legal person, public authority, agency or any other body to whom personal data is disclosed, whether it is a third party or not. At the same time, public authorities which may receive personal data in the context of a specific investigation in accordance with the European Union or Member State law are not considered “recipients”; the processing of such data performed by such public authorities complies with the applicable data protection rules according to the purposes of the processing;
6) “Supervisory authority“ means an independent public body established by a Member State and responsible for monitoring the application of Regulation (EU) 2016/679.
3. Types of personal data that are processed
The personal data collected and processed by “Events Bulgaria Tour” Ltd. are:
– Identification: name; Personal ID No. (date of birth), permanent and/or current address, telephone number, ID card data or passport data;
– Education and professional qualification; data related to education, work experience, professional and personal qualifications and skills;
– Health data: health status, decisions of the Territorial Expert Medical Board, medical certificates, sick leaves and any accompanying documentation, when necessary;
– Other data: certificates of no criminal conviction, when its presentation is required according to a normative act, as well as other data, the processing of which is necessary for the fulfillment of the rights and obligations of the Company as an employer.
4. Purpose of processing
Personal data is processed in accordance with Regulation (EU) 2016/679 and the Personal Data Protection Act. Events Bulgaria Tour Ltd. processes personal data for the following purposes:
concluding contracts with the company’s clients, hiring employees, receiving services from other individuals and/or legal entities. The processing of personal data does not exceed the period necessary to achieve the legitimate objectives.
5. Recipients of personal data to whom personal data is or may be disclosed
“Events Bulgaria Tour” Ltd. provides data to the competent state authorities and institutions when required by the legislation of the country and in accordance with the provisions thereof, as well as to accounting firms, banking institutions, insurance companies, contractors under service contracts, as well as any other bodies and institutions, when it is required by the law.
6. Period of storage of personal data
“Events Bulgaria Tour” Ltd. will store personal data for the period specified in the applicable law and depending on the purpose for which it is collected. When the personal data that is collected is no longer needed for the stated purposes, “Events Bulgaria Tour” Ltd. deletes or destroys it in another reliable way.
7. Rights of data subjects
– right of access to data and information for the purposes of processing;
– right to withdraw consent to the processing of personal data;
– right to correction of personal data;
– right to delete personal data;
– right to restrict the processing of personal data;
– right to portability of personal data;
– right to object to the processing;
– right to appeal to a supervisory authority for the protection of personal data.
8. Protection of personal data
To ensure adequate data protection, “Events Bulgaria Tour” Ltd. applies all necessary organizational and technical measures outlined in Regulation (EU) 2016/679 and the Personal Data Protection Act, as well as the best practices in the international standards.
9. Policy update
This Personal Data Policy may be amended or supplemented due to changes in current legislation and European directives and regulations or the need to change the mechanisms of operation of Events Bulgaria Tour Ltd. regarding the processing and storage of personal data. You will be notified of any change through a notice posted in a prominent place on the websites of “Events Bulgaria Tour” Ltd.
You can contact “Events Bulgaria Tour” Ltd. on all issues related to the protection of personal data at:
– address: Sofia, Suha reka R.D., bl. 135, ent. Б, fl. 1, ap. 16
– phone number…………………………
– e-mail: firstname.lastname@example.org