Privacy Policy
I. SUBJECT
This Personal Data Protection Policy, hereinafter referred to as the “Personal Data Protection Policy,” provides information on how RUEM TOURS Ltd., hereinafter referred to as the “Provider,” “Administrator,” “we,” and/or “us,” the owner/operator of the website: ruemtours.com, hereinafter referred to as the “Website,” processes (including but not limited to collecting and storing) personal data of data subjects, such as users of the Website and the Provider’s services, hereinafter referred to as “User(s),” “You,” and/or “Your,” as well as regarding their rights in this context.
The term “personal data” used in the Personal Data Protection Policy has the meaning given to it in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as the “General Data Protection Regulation” and/or “GDPR,” namely: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Below you can find brief information about:
- The Provider,
- The competent supervisory authority,
- The legal basis on which we process personal data,
- The purposes for which we use personal data,
- Principles of personal data processing,
- What personal data we collect,
- Retention period of personal data,
- Access to and transfer of personal data, and
- The rights and guarantees provided by the GDPR to data subjects.
II. INFORMATION ABOUT THE PROVIDER
1. Name: RUEM TOURS Ltd., UIC 131501059
2. Registered office and address: Sofia, Ovcha Kupel Blvd. No. 41
3. Tel.: 0877044988, email: ruem_tours@abv.bg
4. Registration in public registers: Commercial Register at the Registry Agency under the Ministry of Justice of the Republic of Bulgaria.
III. INFORMATION ABOUT THE COMPETENT SUPERVISORY AUTHORITY
1. Name: Commission for Personal Data Protection of the Republic of Bulgaria
2. Address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2
3. Phone: 02 915 3 518
4. Email: kzld@cpdp.bg
5. Website: https://www.cpdp.bg/
IV. BASIS FOR COLLECTION, PROCESSING, AND STORAGE OF PERSONAL DATA
We process (including but not limited to: collect and store) your personal data solely in connection with our activities and in accordance with the requirements of applicable legislation, including the Personal Data Protection Act of the Republic of Bulgaria and the General Data Protection Regulation.
We process your personal data based on at least one of the following grounds:
- User consent for the processing of personal data;
- The processing of personal data is necessary for the performance of contractual obligations of the Provider to the User;
- The processing of personal data is necessary for taking steps at the request of the User prior to entering into a contract;
- The processing of personal data is necessary for compliance with a legal obligation of the Provider;
- The processing of personal data is necessary for the purposes of the legitimate interests of the Provider in conducting its activities.
V. PURPOSES FOR COLLECTION, PROCESSING, AND STORAGE OF PERSONAL DATA
We collect, process, and store personal data of Users in connection with the provision of our services and communication related to the use of the Website, as well as for the following purposes:
- Communication and identification in the execution of a service contract and a sales contract (including in the execution of the respective contract);
- Communication, identification, processing, and execution of inquiries, orders, requests, reservations, purchases of goods or services (including preparation for entering into a contract, acceptance of orders, dispatch of goods, resolution of issues related to order cancellations, reservations, return of purchased goods, refund of paid amounts, and others);
- Fulfillment of tax and other legal obligations;
- Accounting purposes in connection with the use of our services;
- Protection of our legitimate interests in fulfilling our obligations to state and municipal authorities (e.g., National Revenue Agency, Ministry of Interior);
- Protection of our legitimate interests in storing information for protection against legal or tax claims and for improving the performance of the Website;
- Protection of the information security of the Website;
- Statistical information on the use of the Website;
- Providing advertising content according to the interests of the User;
If a data subject refuses to provide us with some or all of the personal data necessary for the respective purpose mentioned above, we may not be able to provide the respective service (e.g., to fulfill a contract concluded with the respective User) or to comply with the respective legal requirements (e.g., to enable the data subject to exercise their rights under the GDPR).
VI. PRINCIPLES OF COLLECTION, PROCESSING, AND STORAGE OF PERSONAL DATA
We adhere to the following principles when collecting, processing, and storing your personal data:
- lawfulness, fairness, and transparency;
- purpose limitation;
- storage limitation with a view to achieving the purposes for which the data are processed;
- data minimization;
- accuracy and currency of data;
- integrity and confidentiality in data processing and ensuring an appropriate level of security for personal data.
VII. PERSONAL DATA
We collect the following categories of personal data of Users for the following purposes and on the following grounds:
- Your identifying data (name and surname, phone number, and email address), as well as other data you voluntarily provide to us, for the purposes of processing your inquiries, providing service proposals, and providing services from our side, at your expressed desire, including communication with you in this regard, and on the basis of taking steps at your request for possible contract conclusion, contract execution, in which you are a party or consent for processing provided by you;
- Your identifying data (name and surname, phone number, and email address) and information related to payment and selected payment methods for the purposes of issuing and sending accounting/tax documents (invoices) in connection with the services you use, including communication with you in this regard, and on the basis of taking steps at your request for possible contract conclusion, contract execution, in which you are a party or fulfillment of our legal obligation;
- Your IP address, browser settings, and preferred language, visited pages, as well as actions taken for the purposes of sending Push notifications, at your expressed desire to receive such;
- Your IP address, visited pages, for the purposes of protecting information security;
- Other data that may be necessary in certain cases or related to the provision of services to Users from our side, including necessary for the execution of contract obligations (e.g., date of birth, signature, personal identification number) or other data that Users decide to voluntarily share with us, and on the basis of contract execution, in which you are a party, consent for processing provided by you or compliance with our legal obligation.
We use “cookies” on the Website, which are small files downloaded to your computer to enhance your experience as site users. You can find more information in this regard on our dedicated cookie policy page – link
We do not process, nor do we collect from Users, special categories of personal data (e.g., data revealing racial or ethnic origin, political opinions, genetic or biometric data, as well as data concerning the sexual life and sexual orientation of the data subject).
We do not make decisions based solely on automated data processing, including profiling.
We usually receive personal data directly from the data subject. However, it is not excluded that we may receive personal data from other persons such as other employees in the company where the respective data subject works, as well as from publicly accessible sources such as the Commercial Register and the register of non-profit legal entities at the Registry Agency under the Ministry of Justice of the Republic of Bulgaria.
VIII. RETENTION PERIOD OF PERSONAL DATA
We retain personal data of Users for no longer than necessary for the execution of the respective processing purpose or the legally established period, where applicable. For example:
- personal data provided by you when filling out the contact form will be retained until the request is fulfilled or the inquiry is satisfied, in connection with which you have contacted us, as well as up to one year thereafter for statistics and marketing analyses;
- personal data of our clients processed in connection with contracts concluded between us and the respective User will be retained for a period not exceeding ten years, starting from January 1 of the year following the year in which the contract was accounted for tax purposes;
- personal data of our clients processed in connection with the issuance of tax documents (invoices) will be retained for a period not exceeding ten years, starting from January 1 of the year following the year in which the document was accounted for tax purposes;
- personal data of our partners/suppliers processed in connection with contracts concluded between us and the respective partner/supplier will be retained for a period not exceeding ten years, starting from January 1 of the year following the year in which the contract was accounted for tax purposes;
- personal data of participants in recruitment and selection procedures will be retained for a period not exceeding six months, starting from the moment of final completion of the recruitment/selection procedure in which the respective data subject participates, respectively after the expiration of the appeal period of the given procedure, unless the respective data subject has consented to the retention of their personal data for a longer period, in which case the data subject has the right at any time and without giving reasons to withdraw their consent.
The retention period also depends, among other things, on the duration of the relationships that have arisen between us and the respective User, as well as on the purposes for which the personal data are processed. When there is an indication(s) of potential legal claim(s) or liability, these periods will be accordingly extended. When processing is based on the User’s consent (e.g., in cases of personal data provided by third parties for direct marketing), we retain these personal data as long as we have valid consent for their processing.
After the expiration of the above periods, we take the necessary care to delete and/or destroy the respective personal data without undue delay.
IX. ACCESS TO PERSONAL DATA AND TRANSFER OF PERSONAL DATA TO THIRD PARTIES
In principle, the personal data of Users that we process are accessible to our employees, representatives, and partners who need them for the fulfillment of legal obligations and/or for the fulfillment of contractual obligations (e.g., providing a given service under a contract with the User). In this regard, it is possible, at our discretion and in compliance with the GDPR requirements, to transfer all or part of your personal data to third parties such as accountants, professional consultants, including lawyers (for the purposes of financial-accounting and administrative servicing of our activities), cloud platforms for data processing/storage (for the purposes of organizational servicing of our activities, e.g., storing and processing contracts with Users on cloud platforms for greater security), companies providing postal services (for the purposes of organizational servicing of our activities, e.g., sending contracts on paper to Users), IT service providers, system administration, marketing services (for the purposes of providing more reliable and quality work of the Website and more secure data processing), providers of services for storing foreign information (i.e., hosting companies) (for the purposes of executing contracts with Users).
Based on applicable legislation or at the request of public authorities, all or part of your personal data may also be accessible to public authorities.
We do not intend to transfer your personal data to countries outside the European Economic Area or to international organizations.
X. RIGHTS OF DATA SUBJECTS
At any time while we process your personal data, and subject to the limitations set out in applicable legislation, you, the data subject, have the following rights:
- Right of access – you have the right to request information on whether we process your personal data, as well as to access and obtain a copy of such personal data; if you request more than one copy of such personal data, you may owe a fee for each additional copy;
- Right to rectification/correction – you have the right to request that your personal data be corrected if you believe they are inaccurate or incomplete. We will make such corrections without undue delay;
- Right to erasure/to be forgotten – under certain circumstances (e.g., the respective personal data are no longer necessary for the purposes for which they were collected; you have withdrawn your consent for processing certain personal data, for which there is no other legal basis for processing), you can request that your personal data we process be erased from our records/database without undue delay. In certain cases, we may refuse to erase such personal data (e.g., the processing of personal data is necessary for compliance with a specific legal obligation or for the establishment, exercise, or defense of legal claims);
- Right to restriction of processing – when certain conditions are met (e.g., the processing of certain personal data is unlawful, but you do not want these data to be erased), you have the right to request the restriction of the way your personal data are processed;
- Right to data portability – when your personal data have been provided to us by you and are processed in an automated manner, you have the right to request that these personal data be provided to you in a structured, commonly used, and machine-readable format, as well as to be transferred to another data controller, if technically feasible;
- Right to object – you have the right, at any time, to object to the processing of your personal data for certain purposes, in which case we will stop using the personal data for the specific purpose unless we have overriding legitimate grounds for doing so (e.g., you have the right, at any time, to object to the processing of your personal data for direct marketing purposes, in which case we will cease processing your personal data for these purposes without undue delay);
- Right to object to automated processing, including profiling – you have the right not to be subject to a decision based solely on automated processing of your personal data, including profiling, and you also have all the rights that arise for you if you are subject to the legal consequences of such processing;
- Right to withdraw consent for processing – if we process your personal data based on provided consent, at any time, you have the right to withdraw your consent. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.
In the event that, at the request of the User, we delete their personal data from our database, we will retain only the information that may be necessary to protect our legitimate interests or for public authorities.
You have the right to request that we inform you about all recipients to whom personal data for which correction, deletion, or processing restriction has been requested have been disclosed. We may refuse to provide this information if it would be impossible or require disproportionate effort.
In cases where we are required to transfer personal data to another controller, correct or delete personal data, restrict the processing of personal data or terminate such processing, provide information about recipients to whom personal data for which correction, deletion or restriction of processing has been requested, or provide access to personal data, and if there are concerns about the identity of the User who made the relevant request, we may first require additional information to confirm the identity of the data subject in question.
In the event that during the processing of your personal data there is a third party to whom all or part of your personal data has been transferred (as indicated in Part IX above), all of the above requests will be forwarded to this third party.
The exercise of the above-mentioned rights is free of charge for Users, except when the requests made are clearly unfounded or excessive. In such cases, we may either impose a reasonable fee for fulfilling the request or refuse to take action on the request.
Users can exercise the above-mentioned rights by contacting us via email at: ruem_tours@abv.bg
XI. COMPLAINT TO SUPERVISORY AUTHORITY
If you believe that your personal data is not being processed lawfully or that any of your rights related to personal data protection have been violated, you have the right to file a complaint with the competent supervisory authority for personal data protection, as specified in Part III above of the Personal Data Protection Policy. You also have the right to seek protection of your rights through legal action.
In case of links to other websites on the Website, we recommend that you carefully review the personal data protection/privacy policies of these other websites, because when you visit these pages, your personal data may be processed by the websites in question, which processing is not covered by the Personal Data Protection Policy.
We reserve the right to change the Personal Data Protection Policy, at our discretion, as well as when we deem appropriate.