The website is available at www.starovreme.com and is managed by History Inn OOD (the Company). History Inn OOD is a company registered in the Commercial Register, with UIC 201056491, with registered office and address of management: Veliko Tarnovo, municipality of Veliko Tarnovo, ulitsa "General Gurko" 94, tel .: 0888 619 785 and e-mail address: contact@starovreme.com, the same is represented by the manager, Rossen Kutchoukov. History Inn OOD is a controller of personal data under the European Regulation on Personal Data Protection (GDPR).
In accordance with the requirements of Regulation (EU) 2016/679 of the EU of 27.04.2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and other applicable acts of the European Union and the Republic of Bulgaria , with this Policy, History Inn OOD informs you about its personal data processing activities on the website, fpr the purposes for which the data is processed, the measures and guarantees for the protection of processed data, your rights and how you can practice them
PRINCIPLES OF PERSONAL DATA PROCESSING
Compliance with the provisions of the Regulation
The policy of the Company is to ensure compliance with the provisions of the Regulation.
Personal data is collected and processed lawfully and in good faith
The company collects and processes personal data lawfully, in good faith and in accordance with the principles and rights of individuals in connection with the processing of their personal data.
Personal data is processed transparently
The company provides transparency in the communication of the collected and processed personal data and the information about it is in a short, transparent, understandable and easily accessible form and clear and unambiguous wording is used.
Personal data is collected and processed only for certain purposes
The company processes the personal data of individuals only in the following cases:
1- the processing is necessary for compliance with a legal obligation;
2- the processing is necessary for the performance of a contract (including an order) to which a natural person is a party, or for taking steps at the request of a natural person before concluding a contract, when its identification is required;
3- a natural person has given his / her unambiguous consent for an understandable and transparently defined purpose, for which the processing of his / her personal data is required;
4- the processing is necessary for the purposes of the legitimate interests of the Company or a third party, in accordance with the provisions of the Regulation;
5- the other cases provided for in the Regulation.
Personal data unnecessary for the activity are not collected and processed
The Company does not collect or process personal data of individuals that exceed its legal obligations or its needs for carrying out its activities.
The minimum necessary personal data is collected for processing
The company collects and processes only the minimum necessary personal data of individuals who:
1- are provided by law;
2- are needed to perform a contract;
3- are needed to fulfill the purposes for which they are collected.
The processed personal data are accurate and up-to-date
The company ensures that the processing of personal data of individuals is carried out with maximum accuracy and, if possible, always up to date.
Personal data is stored for the minimum necessary time
The company stores personal data for the minimum necessary time, which is:
1- required by law;
2- it is necessary to fulfill the contract and the responsibility under it;
3- the purpose for which the data were collected and processed needs to be fulfilled; or
4- until the expiration of the legitimate interest of the Company, or
5- until a request from the natural person for their deletion, when there are grounds for such a request.
After the minimum time required, in accordance with points 1 to 4 of the preceding paragraph, personal data shall be destroyed without undue delay.
In all cases, the Company ensures that at least once a year a review of the collected and processed personal data is made and those that fall into any of the above hypotheses are deleted without undue delay.
RULES FOR PROCESSING PERSONAL DATA
Personal data is processed with the necessary levels and measures of protection
The company provides the necessary levels of physical, organizational and technological protection in view of:
1- the nature, scope, context, and purpose of the processed personal data;
2- the probability, the levels of impact, and the severity of the risk for the rights and freedoms of individuals in case of violation of the security of the processed personal data;
3- their financial and organizational capabilities.
The company also provides all necessary measures for timely recovery of collected and processed personal data in case of loss as a result of accidental, malicious, or force majeure events.
Personal data is processed with controlled and traceable access
The company provides the necessary and appropriate technical, organizational, and technological measures for controlled and traceable access to the personal data of individuals.
Personal data are processed with the necessary reporting for compliance with the Regulation
The company provides the necessary records and registers to be able to prove that the provisions of the Regulation have been complied with.
Respect the rights of individuals whose personal data are processed
The company ensures compliance with the rights of individuals whose personal data are collected and processed, which includes:
1- right to be informed about the processing of personal data;
Data subjects have the right to be informed at each processing of their personal data for the purposes of the respective processing, the measures taken for the protection of their personal data, the recipients of these data, as well as the period for their storage.
2- the right of access to personal data;
Data subjects have the right at any time to request from the Company information about the data stored for them, as well as about their origin, recipients, and categories of recipients to whom they are transmitted and the purpose of storage.
3- right to withdraw consent;
In cases where the data subject has given his or her consent to the processing of his or her data, he or she may withdraw his or her consent at any time without giving any reasons.
4- right to correct inaccurate personal data;
Data subjects may ask the Company to correct their inaccurate personal data.
5- right to delete and restrict the processing of personal data;
The company provides an opportunity upon request of data subjects, deletion of their personal data. Deletion shall take place within 30 days from the date of the request. In case the Company has a legal obligation to continue processing the data, the data subject is informed that they cannot be deleted, but limited processing of his personal data may be applied.
6- right to data portability;
The data subject may request from the Company that his personal data be transferred or transferred to another controller in a structured, widely used and machine-readable format. The company will only transfer data directly if this is technically feasible.
7- the right to object to the processing of personal data;
The data subject has the right at any time and without giving reasons to object to the processing of his data for the purposes of direct marketing.
8- the right not to be subject to automatic decision-making, including profiling.
The company does not perform automated data processing, including profiling.
9- right to appeal;
The data subject has the right to lodge a complaint with the supervisory authority against the processing of his or her personal data in the event that his or her rights and legitimate interests are violated during the processing.
PROCESSED PERSONAL DATA
The company performs the following operations and processes only the necessary personal data of users for the following purposes:
»For providing tourist services to clients - Names, Phone, E-mail;
»For correspondence - Name, E-mail;
RECIPIENTS AND CATEGORIES OF RECIPIENTS
In connection with the implementation of the objectives set out above, the Company provides personal data to individuals to the following recipients:
»State and municipal bodies and/or institutions - in connection with legal obligations to them or in connection with legal requests from them for information containing personal data;
»Subcontractors in the performance of contractual obligations.
CONFIDENTIALITY OF CHILDREN'S PERSONAL DATA
The Company does not knowingly collect personal data from persons under the age of 16. If a parent or legal representative knows that his or her child has provided personal data to the Company, he or she should inform us immediately.
CONTACT THE COMPANY:
If you have questions or concerns about the processing of your personal data or wish to exercise any of your rights, you can contact:
»E-mail: contact@starovreme.com
COMPETENT SUPERVISORY AUTHORITY
On the territory of the Republic of Bulgaria the competent supervisory body is the Commission for Personal Data Protection.
In case of suspicion that your rights related to the protection of your personal data have been violated, you can report to:
»Address: Sofia 1592, Blvd." Prof. Tsvetan Lazarov ”№ 2
»E-mail: kzld@cpdp.bg
UPDATING AND AMENDING THE CURRENT PRIVACY POLICY
This Privacy Policy is updated in case of improvements to our website, changes in the purposes of personal data processing of individuals, the introduction of new goals, mechanisms, and measures for their protection, or changes in regulatory or administrative requirements for personal data processing.
This Privacy Policy is effective as of June 1, 2019.