Association for Advertising and Communication in Tourism, referred to everywhere in the text of this Statement as “AACT”, carries out its activities in accordance with Regulation (EC) 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) and other European and Bulgarian regulations in the field of personal data protection, observing the following principles when processing your personal data:
- lawfulness, good faith and transparency;
- limitation of the purpose of processing;
- relevance to processing goals and minimization of data collection;
- accuracy and timeliness of the data;
- Restriction of storage in order to achieve the objectives;
- integrity and confidentiality of processing, and ensuring an adequate level of security of personal data.
II. Collection, processing and storage of personal data
Personal information is any information pertaining to you through which we can identify you, such as your name, personal identification number, email address, contact phone number, and information about your access to our websites.
You can browse the public part of the content of our websites without entering any personal data in them. In cases where we collect personal data that is necessary to enable you to access any information, product or service you request, we will notify you in advance of the need to provide us with such data in order to satisfy your request. Your consent to the collection and processing of your personal data will always be expressly requested in cases where such consent is required by the applicable data protection legislation and the relevant information for the collection and processing of your personal data will be provided prior to any personal data to be collected and processed.
We may ask you to provide us with some of our pages to provide you with a service or product you requested, or in case you want to contact us. When you sign up for the use of our products or the provision of services - personally or through your employee, we will ask you to provide us with your personal information as your contact details (names, position, company or organization you are working with, address, such as your phone, your nationality and the country of residence or other information required to issue an invoice in connection with a payment made by you. AACT does not collect financial information about bank cards when the price for our products and services is paid online. You are not required to provide us with the requested personal information, but if you do not, the AACT may not be able to fulfill your order or provide you with the requested service.
In the event that we have received your explicit consent, AACT may use the information you provide to offer you products and services that we believe would be of interest to you. You may at any time withdraw your consent to receive such promotional and advertising messages by contacting us and notifying us in the manner you choose. The AACT contact details are listed below in this Statement, as well as in the "Contacts" section of our web pages, and any promotional or advertising email sent by us contains a "unsubscribe link" through which you can request your refusal to receive such messages. In the event that you choose to unsubscribe from receiving promotional and advertising messages, AACT is obliged to delete your contact details from the list of persons, whether consent to receive promotional and advertising messages, no later than three (three) business days from receiving your denial.
When you contact us to assist you in using our purchased products and services, we may ask you for information about your computer, operating system, browser, or the issue you want to resolve. Without this information, AACT will not be able to help you and answer your questions.
Reasons for collecting, processing and storing your personal data
AACT collects, processes and stores personal data in connection with the conclusion and execution of contracts with its clients.
AACT is the administrator of personal data regarding your data as a user of our services. With regard to the personal data you enter, process and store using our online services and products, AACT acts as a personal data processor.
In particular, as a personal data administrator, AACT collects, processes and stores personal data on the following grounds:
• taking steps to sign a contract at your request;
• fulfilling the obligations of AACT under contract with you;
• your explicit consent;
• compliance with obligations arising from a statutory instrument;
• to perform a task of public interest;
• for the purposes of the legitimate interest of AACT.
Goals for which your personal data is collected, processed and stored
AACT collects, processes and stores personal data you provide to us for the following purposes:
• Individualisation of a party to the contract and the persons for contact in connection with its execution;
• Creating a username and providing full functionality in providing our services;
• ensuring the implementation of the contract for the provision of the relevant service or product, sending short text messages (sms) or emails that are part of the functionality of the product or service purchased by the customer, etc .;
• Provide technical support and training to work with purchased products and services;
• registration of participants in seminars, webinars, trainings and other events organized by AACT;
• accounting purposes;
• statistical objectives;
• marketing purposes - sending of information messages, including those of advertising and promotional nature;
• Improve and personalize AACT services and products by offering you the right offer for new products and services that may be of interest to you.
Types of personal data that are collected, processed and stored by AACT
AACT collects, processes and stores the following types of personal data:
• Names, PIN, email address, telephone number - for natural persons, or for natural persons who manage and represent clients - legal entities. These data are necessary for the conclusion and performance of the contracts with the clients of the company that use our information products and services as well as for contacting the customer and sending information to him, including explicit consent - and sending promotional and advertising messages. No sensitive data collected;
• payer's address and contact telephone - for the purpose of making an invoice for payment purposes. No bank card financial information is collected as payment is made through PayPal or through cash on delivery;
• information from public registers containing personal data. This information is collected to provide users with information products and services with the AACT brand.
AACT does not collect, process or store special categories of personal data (sensitive data), and does not perform automated data-making.
Term for storing your personal data
AACT will not store your personal data for a period longer than necessary to achieve the purposes for which we process it. When determining the appropriate storage period, we take into account the quantity and nature of the personal data, the purposes for which we process it, and whether we can achieve these goals by other means. AACT also complies with the relevant legal requirements for the storage of certain categories of data in order to fulfill its obligations deriving from a legal act or contract and to protect its legal rights in the event of a claim.
The maximum time limit set by the AACT for data storage, if this is not contrary to legal requirements and regulations, is 5 / five / years.
If the need to store them is dropped, AACT will erase or destroy your personal data in a secure manner and without undue delay.
Transmitting your personal processing data
AACT independently collects and processes the personal data you provide. They will be provided to third parties only in the cases provided for by law.
All personal data are stored on the territory of the Republic of Bulgaria. AACT does not transfer your personal data to third countries.
What are cookies
Cookies are small text FILs that are stored on your computer or mobile device. The cookie function is to distinguish you from other users on the same web site or to keep certain information related to your preferences. They are used by most sites to make it easier for you to surf.
Each cookie is unique to your browser and contains anonymous information. The content includes the name of the domain from which it comes, its "life expectancy" and its value, usually in the form of a randomly generated number.
What species we use and what it is intended for
Security and identification
The purpose of the cookies intended to link security is:
• Recognize the user within the specific session
• Control security
• Ensure that the information the user enters is visible only to him / her
Security and authentication cookies are automatically deleted after your browser session is terminated and are kept for a limited time to ensure unobstructed site experience. It is important to note that these, as well as the other types of cookies on the site, do not store the personal data entered.
Efficiency and functionality
Productivity cookies aim at collecting statistical information and delivering content to individual user preferences. Through them, we anonymously measure the number of visits, viewed pages, visitor activity, and site visits. These cookies help us analyze traffic, which allows us to improve the website as well as the overall user experience.
Managing and deleting cookies
Please keep in mind that much of the cookies we use will improve your browsing experience on our website, and the rest are important to guaranteeing access security.
Depending on the browser you are using, you can:
• Allow or deny the storage of cookies from all sources
• Set up a notification that will ask for acceptance or reject for each new cookie
Most browsers are set to accept default cookies. However, if you do not want cookies to be stored on your computer, you can limit them by changing the settings of the browser you are using.
IV. Your rights to the protection of your personal data
Under certain circumstances, you are entitled to:
• ask for information about whether AACT stores your personal data, and if we have such data, what are these data, on what basis and for what purpose we process and store it;
• request access to your personal data (the so-called "data access request"). This allows you to obtain a copy of your personal data that AACT owns and to verify that we process them in the lawful manner;
• request a correction of your personal data owned by AACT. This allows you to correct any incomplete or inaccurate information we hold for you. AACT does not correct personal data when it is collected from a public source and fully complies with the data published in this source;
• ask for the deletion of your personal data (the "right to be forgotten"), which allows us to ask us to erase or remove without undue delay all or part of your personal data if there is no reason to do so continue to process and store it.AACT does not delete the data that it has a legal obligation to store, including for protection against claims brought against it or proof of its rights;
• to object to the processing of your personal data if we refer to a legitimate interest (or third party interests) and something in your particular situation makes you object to the treatment for that reason. You also have the right to object if we handle your personal data for direct marketing purposes;
• ask AACT to delete or remove your personal data if you have exercised your right to object to processing under the preceding paragraph;
• oppose automatic decision-making, including profiling, that is, not be subject to any automated decision-making by us through your personal data or profiling;
• request that you limit the processing of your personal data. This allows us to ask us to discontinue processing of your personal information, for example, if you want us to verify its accuracy or the reason for processing it;
• request the transfer of your personal data in electronic and structured form to you or to another person (the so-called "data portability"), which allows you to take your data from us in a suitable electronic format and to transfer to another person in a suitable electronic format;
• withdraw your consent. You may withdraw your consent for all or only part of your personal data, as well as for any or all processing purposes. If you have agreed to collect, process, and store your personal data for a particular purpose, you may at any time withdraw it for this particular type of processing. Once you notify us that you withdraw your consent, we will suspend processing for the purpose or purposes you initially agreed to, unless there is any other reason to continue such processing;
• be notified in the event of a breach of security of your personal information, which may pose a high risk to your rights and freedoms. AACT will inform you without undue delay and in an appropriate manner in the detection of such a violation, as well as the measures that have been or will be taken.
To exercise any of the above rights, please send a request or a free-form notification to our Data Protection Officer by post or by e-mail: firstname.lastname@example.org or contact him or her at address: Varna 9002, 77, Lyuben Karavelov Str.
Please note that we may ask you for specific information to help us verify your identity and to respect your right to access information or any of your other rights. The purpose of this additional security measure is to ensure that your personal information will not be disclosed to any person not entitled to receive it. You will receive the answer within the statutory 30-day period.
The exercise of the above rights does not require payment of a fee from you. However, it is possible to charge a reasonable amount of administrative fee if your request for access is clearly unreasonable or repeated or excessive. In such circumstances, we may also refuse to execute the request.
If you believe that your data protection rights have been violated, you have the right to AACT a complaint with the Personal Data Protection Commission, with information on its address and other contact details found below in this Statement.
V. Measures to Protect Your Personal Data
AACT follows strict security procedures for storing your personal data and also for preventing unauthorized access, accidental loss, destruction or damage. The security of your personal data is our priority, with which we do not compromise.
AACT applies the organizational, physical, IT and other necessary measures to ensure the security and protection of your personal data and the monitoring of the processing of personal data. Personal data is stored on company servers or in cloud Data Centers, where they are protected by all modern and appropriate standard hardware and software protection tools - firewalls, anti-virus programs, data encryption, etc.
Some of the security measures taken by AACT include the following activities:
• the requirements for collecting, processing and storing personal data are established in internal procedures, the observance of which is constantly observed;
• the access of AACT employees to personal data and the permission to process personal data in our database is limited, depending on their duties, and confidentiality obligations have been introduced for all AACT employees;
• To ensure maximum security when collecting, processing, and storing your personal data, we use, where necessary or appropriate, additional protection mechanisms such as encryption, pseudonymisation, etc.
AACT strives to continuously improve the security measures that we have implemented and implement in our business and comply with state-of-the-art technologies.
VI. Protecting the privacy of children
Protecting the privacy of children in today's interactive online world is paramount to AACT. Our websites are not intended for or deliberately aimed at children under the age of 14. AACT does not collect, process, or store personal information about individuals under 14 years of age.
AACT may, at its sole discretion, amend and supplement this Privacy Statement at any time, subject to the requirements of the applicable data protection legislation. In the event of an amendment, we will indicate the date of change and this amendment will enter into force with respect to you and your data after the date of this amendment or on another, explicitly stated later.
Information about the Privacy Controller and the Data Protection Officer
• UIC: 177177288
• Headquarters and management address: Varna 9002, 77 "L.Karavelov" Str
• Address for correspondence: Varna 9002, 77 "L.Karavelov" Str
• E-mail: email@example.com
• Contact phone: +359 52 610 306
Information on the competent supervisory authority
• Commission for Personal Data Protection
• Address for correspondence: Sofia 1592, "Prof. 2 Tsvetan Lazarov
• Contact phone: +359 2 915 3 518
• E-mail: firstname.lastname@example.org, email@example.com
• Web site: www.cpdp.bg