Hotels in Bulgaria
SUMMER HOTELS
ALBENA KAVARNA WHITE LAGOON BALCHIK KRANEVO GOLDEN SANDS CHAIKA/GOLDEN SANDS REGION/ RIVIERA SUNNY DAY ST. ST. KONSTANTIN I ELENA SHKORPILOVTSI BYALA OBZOR ELENITE ST.VLAS DUNI SUNNY BEACH NESSEBAR POMORIE KITEN SOZOPOL RAVDA TOPOLA AHELOY
WINTER HOTELS
BANSKO PAMPOROVO BOROVETS
CITY HOTELS
VARNA SOFIA VELIKO TARNOVO RUSE BURGAS PLOVDIV
BALNEO AND SPA HOTELS
HISARYA PAVEL BANYA SANDANSKI VELINGRAD ST. ST. KONSTANTIN I ELENA
CHILD CAMPS
Flights
Corporate events
About us
Request
General terms
GDPR
Contacts

GDPR


 

PROTECTION OF PERSONAL DATA

POLICY FOR PROTECTION OF PERSONAL DATA OF CLIENTS OF NOY TRAVEL LTD

GENERAL

1. In connection with the provision of its services and the performance of its activities, NOY TRAVEL Ltd. processes as a personal data administrator of its customers - individuals, as well as the personal data of other individuals listed below ("Data subjects"). / "You"), in accordance with the rules and principles set forth in this Policy.

 2. NOY TRAVEL Ltd. is a company, VAT number BG148125819, with registered office and address of management in the city of Varna, 83 Makedonia Str., tel .: +359 52 694494 e-mail: info@noytravel-bg.com.

 

DATA SUBJECTS

 3. (1) In connection with the provided services NOY TRAVEL Ltd. processes information regarding the following Data Subjects:

(a) individuals visiting the website http://www.noy.travel/ (the Website);

(b) individuals who make reservations for tourist services on their own behalf or on behalf of another  person through the Website;

(c) individuals using the services provided by NOY TRAVEL Ltd., as well as individuals representing or otherwise acting on behalf of legal entities using these services;

(d) individuals who have made inquiries on their own behalf or on behalf of another person they represent (including, but not limited to, e-mail, fax, telephone, use of the Instant Messaging functionality of the Website, etc.) , requests, signals, complaints or other correspondence to NOY TRAVEL Ltd.;

(e) individuals whose information is contained in inquiries (including by calling or using the Instant Messaging functionality of the Website), requests, alerts, complaints or other correspondence to NOY TRAVEL Ltd.

(2) The services of NOY TRAVEL Ltd. may be claimed only by able-bodied persons who have reached 18 years of age.

 

CATEGORIES OF PERSONAL DATA

 4. The information (categories of personal data) that NOY TRAVEL Ltd. processes regarding the Data Subjects in accordance with this Policy may include:

(1). In connection with the provision of tourist services:

(a) Identification data: names of the persons by reservation; date of birth; gender; nationality; national identification number (such as EGN for Bulgarian citizens) and / or identity document number; date of issue of the identity document; validity of identity documents; country that issued the identity document.

(b) Contact details: telephone; e-mail address; address.

(2). Data related to payments and issuing invoices: information on the method of payment (cash, bank transfer, credit card, etc.); information on due and made payments; information on payment terms and overdue / unpaid debts; bank information (bank, IBAN, bank account holder); currency of the payment made; credit / debit card number, validity and holder; CVC code; data contained in an authorization form for payment (slip); name of legal entity; address of a legal entity; VAT number and / or other identification, tax or registration number (EGN for individuals); authorization forms (signed).

(3) In cases where the Data Subject represents another person (eg a company): information on which person and in what capacity (including place of work, position), as well as information on the requested services / orders in this capacity. Respectively, in the cases when the services are requested by a person other than the Data Subject in favor of the Data Subject - in what capacity the Data Subject will use the services, by whom they are requested, by whom the payment will be made, etc. under. (eg for placements organized by an employer or business partner of the Data Subject, etc.).

(4) In connection with the services and functionalities of the Website:

(a) Data processed in connection with the booking of a hotel accommodation: names; e-mail address; telephone; state; credit / debit card number, validity and holder; CVC code; number of rooms; number of guests, including number of adults and number of children; corporate code / access code; code of participant in event and / or group accommodation; number of reservation; special offers and preferences of the guest (with explicit indication in the reservation form); package details.

(b) Data processed in connection with making purchases in the e-shop on the Website, available at http://noy.travel/: registration data (names; e-mail address; telephone; fax; name of legal entity; address ; settlement; postal code; district; country; password); order history; data on purchased vouchers (number; requested personal message); history of payments made; credit / debit card number, validity and holder; CVC code; bank account details; order number;

(c) Unstructured content from conversations with and inquiries to a reservation agent through the Instant Messaging functionality of the Website.

(d) Information from login logs, server logs and security application logs (Web Application Firewalls), etc. devices that fall into this category: date and time, IP address, URL, browser and device information.

(e) Cookies: The use of cookies is required for the operation of the Website. A detailed description of the cookies used, their purpose and the information processed through them can be found in the Cookie Policy of NOY TRAVEL Ltd., available at: http://www.noy.travel/

In connection with complaints, applications, requests, requests and signals submitted by clients (including in free text): unstructured information contained in the respective complaints, applications, requests, requests and signals.

 

PURPOSES FOR PROCESSING PERSONAL DATA

5. NOY TRAVEL Ltd. collects, stores and processes the information described above for the purposes set forth in this Policy and in the general conditions (contract) for the use of the relevant services it provides. Depending on the legal basis for the processing, these purposes may be:

(a) objectives related to compliance with legal obligations of NOY TRAVEL Ltd.;

(b) objectives related to and / or necessary for the performance of the contracts concluded with NOY TRAVEL Ltd. or for taking steps at the request of the Data Subject prior to the conclusion of the contract;

(c) purposes of the legitimate interest of NOY TRAVEL Ltd. or third parties;

(d) the purposes for which the Data Subject has consented to the processing of its data.

6. The purposes for processing personal data by NOY TRAVEL Ltd., related to compliance with legal obligations, include:

(1) concluding a contract for the provision of tourist services;

(2) consultation on the selection of a suitable tourist product;

(3) reservation of airline tickets;

(4) hotel accommodation;

(5) conclusion of insurance Travel assistance, medical expenses in case of illness and accident, and other insurance;

(6) processing of visa documents;

(7) handling of signals, complaints, requests for the exercise of rights and the like, as well as complaints and commercial guarantees (if applicable), including the preparation of responses to them;

(8) accounting, invoicing and reporting of payments received and made in accordance with applicable tax and accounting legislation;

(9) other activities for fulfillment of legal obligations (tax, accounting, regulatory, licensing, etc.) of NOY TRAVEL Ltd., related to providing information to competent state and judicial authorities and assisting in inspections by competent authorities .

7. The purposes for processing personal data by NOY TRAVEL Ltd., related to and / or necessary for the performance of the contracts or for taking steps at the request of the Data Subject before concluding a contract with NOY TRAVEL Ltd., include:

(1) accepting, administering and processing reservations and canceled ones;

(2) customer service, including the provision of online services through the Website;

(3) providing an opportunity for account registration and administration and maintenance of registered accounts in the online store available through the Website;

(4) administration, execution and delivery of purchases made through the Website;

(5) implementation of communication related to the provided services;

(6) administration and receipt of payments for the services provided, incl. from a distance;

(7) financial-accounting activity and administration, processing and collection of due payments for the provided services;

(8) recovery of amounts wrongly transferred;

(9) ensuring an individual approach to the provision of services, in accordance with the preferences stated by their users.

8. The purposes for which personal data shall be processed on the basis of the consent given by the Data Subject include:

(1) Sending marketing and advertising messages for services, special offers, packages, events;

(2) Research and receive feedback on the quality of services;

(3) Sending information bulletins;

(4) Other purposes for which specific consent has been given by the Data Subject.

 

PROVISION OF PERSONAL DATA AND CONSEQUENCES IN REFUSAL TO PROVIDE TO NOY TRAVEL LTD

9. (1) NOY TRAVEL Ltd. clearly indicates, where applicable and appropriate, whether the indication / provision of relevant data and / or documents is mandatory or a requirement necessary for the conclusion or performance of a contract, as well as the consequences of refusal to provide.

(2) If additional clarifications are required, each Data Subject may request such in NOY TRAVEL Ltd. or make an inquiry to the contacts specified in this Policy.

(3) The refusal to provide data and documents specified as mandatory may be an insurmountable obstacle to the provision of a service by NOY TRAVEL Ltd., to the satisfaction and execution of the submitted requests, applications, requests, signals, etc. floor, which releases NOY TRAVEL Ltd. from liability for non-performance.

(4) The refusal to provide data and documents or the provision of incorrect ones may lead to inability to provide the relevant services or to the suspension of access to services provided by NOY TRAVEL Ltd.

(5) Data subjects should not provide NOY TRAVEL Ltd. with any special categories of data, namely: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or membership of trade unions, genetic data, biometric data, health data or data on the sexual life or sexual orientation of the individual; and personal data related to convictions and offenses).

 

OTHER SOURCES OF PERSONAL DATA

10. (1) In some cases the personal data processed by NOY TRAVEL Ltd. is not collected or received directly from the Data Subject to which it relate, but from third parties such as:

(2) Persons representing, working for or otherwise cooperating with the Data Subject;

(3) Organizers of an event - regarding information about the participants in the event;

(4) Trade partners (eg reservation sites such as com; travel agents, other persons who provide intermediary services when making reservations or when ordering other services, etc.) of NOY TRAVEL Ltd .;

11. Competent state and judicial bodies.

(1) The persons under item 10 shall undertake to inform the Data Subjects whose data they provide and to guarantee that they provide the data on the basis of a valid legal basis.

 

PROCESSING OF INFORMATION BY THIRD PARTIES - PROCESSING OF PERSONAL DATA

12. (1) For the purposes specified in this Policy, NOY TRAVEL Ltd. may subcontract personal data processing activities to third parties - personal data processors, in accordance with and within the requirements of the Regulation and other applicable rules for protection of personal data.

(2) When personal data are disclosed to and processed by personal data processors, this will be done only to the extent and to the extent necessary for the performance of the tasks assigned to them by NOY TRAVEL Ltd..

(3) The processors of personal data act on behalf of NOY TRAVEL Ltd. and are obliged to process personal data only in strict compliance with the instructions of NOY TRAVEL Ltd. and will not have the right to use or process in any way otherwise information for purposes other than those specified in this Policy.

 

CATEGORIES OF PERSONAL DATA RECIPIENTS

13. NOY TRAVEL Ltd. does not disclose personal data about the Data Subject to third parties, except in cases where:

(1) this is necessary for the fulfillment of a legal obligation of NOY TRAVEL Ltd.:

(a) competent state, municipal or judicial authorities;

(b) auditors;

(2) this is necessary for the provision of the services of NOY TRAVEL Ltd.:

(a) banks and payment service providers;

(b) postal and courier service providers;

(c) trade partners of NOY TRAVEL Ltd. such as: reservation sites; travel agencies and other providers of travel or other ancillary services such as car rental, taxi and other transport services and the like

(3) The data subject has given his explicit consent - the persons provided for in the respective consent (eg related to NOY TRAVEL Ltd., business partners of NOY TRAVEL Ltd. and the like);

(4) this is necessary for the protection of the rights or legitimate interests of NOY TRAVEL Ltd, of third parties or of the Data Subject:

(a) state, municipal and judicial authorities;

(b) private and public bailiffs;

(c) lawyers;

(d) notaries.

(5) in other cases provided by law.

14. (1) NOY TRAVEL Ltd. processes and stores information about the Data Subject until the achievement of the respective purposes for which it is collected and processed.

(2) NOY TRAVEL Ltd., in accordance with its internal rules and procedures and applicable law, processes and stores information about the Data Subject within the following time limits:

 

 

 

Data types                                                          

Storage period

Information related to requested and used tourist services, for events and activities, incl. for canceled reservations for tourist services (insofar as they relate to the refund of prepaid amounts and / or withholding of amounts due)

From the execution of the respective reservation / request to 5 / five / years from the provision of the service / completion of the contract / cancellation of the reservation.

In cases where the services are requested and used on the basis of a contract with long-term performance, the term begins to run from the final performance and / or termination of the contract.

Financial and accounting documents; invoices; authorization forms; other information related to tax and social security control.

Up to 10 / ten / years, starting from the beginning of the year following the year during which the payment of the obligation for the respective year is due.

Unstructured communication, correspondence, complaints, signals.

5 years

In cases where the correspondence relates to a contract with long-term performance, the term begins to run from the final performance and / or termination of the contract.

Data related to the registration of an account in the e-shop of the Website

For the entire period of registration and up to 5 years after its termination.

System logs. Logs related to security, technical support, etc. (may contain information such as: date and time, IP address, URL, browser version and device information)

1 year

Log of the actions on requests for registration of a profile or for purchase of goods with or without a registered profile on the Website (information such as: action / content of the request, date and time, IP address, etc. is stored).

For the entire period of maintaining the registration of an account on the Website and up to 5 / five / years after its termination (if any)

Up to 5 / five / years from the execution of the requested purchase (if made without a registered account).

Data processed with the express consent of the Data Subject.

From the moment of giving the consent until its withdrawal by the Data Subject.
 

The personal data specified in this Policy may be processed for a longer period than those mentioned above, if this is necessary to achieve the objectives set out in it or to protect the rights and / or legitimate interests (including in court). ) of NOY TRAVEL Ltd. or if the current legislation provides for data processing for a longer period.

 

 

RIGHTS OF DATA SUBJECTS IN RELATION TO THEIR PERSONAL DATA

15. In relation to the processing of personal data relating to him, each Data Subject has the following rights:

(1) Right to information - to receive information regarding the processing of his personal data from NOY TRAVEL Ltd.;

(2) Right of access:

(a) obtain confirmation as to whether personal data relating to him are being processed;

(b) to have access to the personal data processed and to the detailed information concerning the processing and his / her rights.

(3) The right to correction - to require the correction or completion of his personal data, if the same are inaccurate or incomplete;

(4) The right to erasure - to request the erasure of his personal data, if there are grounds for this, provided for in the Regulation;

(5) Right to limit the processing of personal data - to require NOY TRAVEL Ltd. to limit the processing of personal data within the scope of the Regulation, if there are grounds for that, provided in it;

(6) Notification of third parties - the right to require NOY TRAVEL Ltd. to notify third parties to whom his personal data have been disclosed of any correction, deletion or restriction of the processing of his personal data, unless this is impossible or requires disproportionately large efforts from NOY TRAVEL Ltd .;

(7) Right to data portability - to receive personal data concerning him and which he has provided to NOY TRAVEL Ltd., in a structured, widely used and machine-readable format, and to transfer this data to another controller without obstruction by NOY TRAVEL Ltd.

The right to data portability applies when the following two conditions are met simultaneously:

(a) the processing is based on consent or a contractual obligation; and

(b) the processing is carried out in an automated manner.

If technically feasible, the Data Subject has the right to receive a direct transfer of personal data from NOY TRAVEL OOD to another controller. The right to data portability may be exercised in a way that does not adversely affect the rights and freedoms of others.

(8) Rights in automated individual decision-making, including profiling - not to be the subject of an automated decision based solely on automated processing (ie processing without human intervention), including profiling within the meaning of the Regulation, which has legal consequences for the Data Subject or similarly affects it to a significant extent, unless the grounds provided for in the Regulation are met and appropriate safeguards are in place to protect the rights and freedoms and legitimate interests of the Data Subject. Such guarantees are at least the right of human intervention by NOY TRAVEL Ltd., the right of the Data Subject to express its point of view and challenge the decision.

If such a decision, including profiling, is made against the Data Subject, in each case the Data Subject has the right and will receive from NOY TRAVEL Ltd. separately relevant information about the logic used, the meaning and intended consequences of such processing for him, as well as and on the manner of exercising the rights under this point.

(9) Right to withdraw consent for processing - when the processing of personal data is based solely on the consent given by the Data Subject, the data subject may withdraw his consent at any time. Such withdrawal shall not affect the lawfulness of the processing based on the consent given until the withdrawal.

RIGHT TO OBJECT

16. The data subject has the right at any time and on grounds related to his or her specific situation to object to the processing of personal data concerning him or her, including profiling within the meaning of the Regulation based on the public interest, the exercise of official powers or the legitimate interests of NOY TRAVEL Ltd. or a third party. In such cases, NOY TRAVEL Ltd. terminates the processing of personal data, unless it proves that there are compelling legal grounds for processing that take precedence over the interests, rights and freedoms of the Data Subject, or for the establishment, exercise or protection of legal data. claims.

17. (1) The data subject may exercise his rights related to personal data protection by personally sending a written request to NOY TRAVEL Ltd. - submitted personally by the subject to the address specified in item 22 of this Policy or by notarized request sent by mail.

(2) The request under para. 1 may also be exercised electronically, for which purpose it must be signed by the Data Subject with a qualified electronic signature within the meaning of the Electronic Document and Electronic Certification Services Act and Art. 3, point 12 of Regulation (EU) № 910/2014 of the European Parliament and of the Council of 23 July 2014 on electronic identification and certification services for electronic transactions in the internal market and repealing Directive 1999/93 / EC, and to be sent to NOY TRAVEL Ltd. at the e-mail address specified in item 22 of this Policy.

(3) The data subject may exercise the rights related to his personal data, personally or through a person explicitly authorized by him (with a notarized power of attorney).

(4) Some of the rights may also be exercised through the functionalities available on the Website.

 

RIGHT TO COMPLAINT TO A SUPERVISORY AUTHORITY

18. Any Data Subject has the right to lodge a complaint with the Data Protection Supervisor, in particular in the Member State (EU / EEA) of his or her habitual residence, place of work or place of the alleged breach, if he or she considers that that the processing of his personal data infringes the provisions of the Regulation or other applicable data protection requirements.

 

SUPERVISORY AUTHORITY IN THE REPUBLIC OF BULGARIA

19. The supervisory body in the Republic of Bulgaria is:

Commission for Personal Data Protection

Address: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Website: https://www.cpdp.bg/.

 

RESTRICTIONS ON RIGHTS

20. The scope of the data subjects' rights and the obligations of NOY TRAVEL Ltd. in relation to these rights may be limited by a legislative measure of EU or Member State law applicable to NOY TRAVEL Ltd.

 

EXPLANATIONS AND ADDITIONAL INFORMATION

21. The data subject may receive explanations regarding the content and grounds for data processing, the manner of exercising the rights under this Policy, as well as any additional information regarding his rights in the processing of personal data from NOY TRAVEL Ltd. to:

Address: Varna, 83 Makedonia Str.

Email address: info@noytravel-bg.com

 Phone: +359 52 694494

This Personal Data Protection Policy has been drawn up by NOY TRAVEL Ltd. in its capacity of personal data controller with a view to fulfilling its obligations to provide information to data subjects under Art. 13 and Art. 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC General Data Protection Regulation).