Information on the Company that processes your data:
Name | Excedo Travel Ltd. |
UIN/BULSTAT | 203315188 |
Seat and registered address | Bulgaria, Sofia 1784, Mladost District, Block 35, App. 31. |
Address for correspondence | Bulgaria, Sofia 1784, Mladost District, Block 35, App. 31. |
info@excedotravel.com | |
Website | www.excedotravel.com |
Information on the competent Personal Data Protection supervisory authority
Name | Commission for Personal Data Protection |
Seat and registered address | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Address for correspondence | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Phone | +359 (0)2 915 3 518 |
Website | www.cpdp.bg |
Art. 1. (1) The Controller collects and processes your personal data in connection with the use of services rendered via the website www.excedotravel.com, as well as under an organized tour program booking contract and/or issued tour product voucher, pursuant to Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:
(2) Excedo offers its clients the following services, among others:
Art. 2. (1) We collect and process personal data you provide to us in connection with services rendered via our website www.excedotravel.com and though entering into contractual relations with the Company, including for the following purposes:
(2) We shall observe the following principles when processing your personal data:
(3) When processing and storing personal data, the Controller may do so for the purpose of complying with their legal obligations and protecting their legitimate interests, as follows:
Art. 3. The Company performs below-described operations with personal data you provide for the following purposes:
Art. 4. (1) The Controller processes the following categories of personal data and information for the following purposes and on the following grounds:
(2) The Controller does not collect and process personal data which disclose the following:
except on the basis of expressly specified provisions under Art. 9 GDPR.
(3) Personal data are collected by the Controller from the data subject.
(4) In some cases, the Controller may process personal data of data subjects provided to them by third parties, who declare that they have obtained the explicit consent of the relevant data subject to provide their data for the purpose of contracting and provision of travel services by the Company.
(5) The Company does not make automated data decisions.
(6) The Company does not collect and process data of persons under the age of 16, except with the express consent of their parents or legal guardians.
Art. 5. (1) The Controller retains your personal data, provided in connection with online bookings and concluded booking contracts, for a term of 5 years after their termination/execution for the purpose of protecting the Controller’s legal interests in legal or administrative disputes with the Company’s clients, whereas any accounting documents are kept for the relevant statutory period.
(2) Data you provide based on consent is stored by the Controller until said consent is withdrawn or until the data collection purpose is fulfilled, unless there is another reason to process it further.
(3) The Controller shall notify you if the data retention period needs to be extended for the purpose of fulfilling a statutory obligation or in connection with the Controller’s legitimate interests, etc.
Art. 6. (1) The Controller may, at their own discretion, transmit some or all of your personal data to data processors for processing purposes that you have agreed to, subject to the requirements of Regulation (EU) 2016/679 (GDPR).
(2) The Controller shall notify you if they intend to transfer some or all of your personal data to third countries or international organizations and you are deemed to have been duly notified of such transfer when concluding a booking contract for an organized tour program, which involves performance in a third country.
Art. 7. (1) If you do not wish all or some of your personal data to continue to be processed by the Company for specific or all processing purposes based on given consent, you may at any time withdraw your consent to processing by completing the Withdrawal of Consent template form in Enclosure № 1 below or through a request in free text sent to us via email.
(2) The Controller may ask to verify your person and identity with the relevant data subject.
(3) If you have made a booking that is currently being processed, the earliest time you can withdraw your consent to processing is when the booking has been successfully completed.
(4) You may at any time withdraw your consent to your personal data being processed for the purposes of direct marketing.
Art. 8. (1) You have the right to request and receive confirmation from the Controller whether your personal data is being processed.
(2) You have the right of access to your personal date, as well as to information on collecting, processing and retaining your personal data.
(3) The Controller may ask to verify your person and identity with the relevant data subject.
(4) The Controller shall provide you, upon request, with a copy of your processed personal data in electronic or other appropriate form.
(5) Granting access to such data is free of charge, but the Controller reserves the right to impose an administrative fee in case of repeated or excessive requests.
Art. 9. (1) You have the right to request from the Controller to:
(2) The Company may ask to verify your person and identity with the relevant data subject.
Art. 10. (1) You have the right to request from the Controller the erasure of your personal data without undue delay and they shall be obliged to carry out such request where one of the following grounds applies:
(2) The Controller is not obliged to erase personal data to the extent that retaining and processing is necessary:
(3) Should you exercise your “right to be forgotten”, the Company shall erase all your data, except for the following information:
(4) If you have made a booking that is currently being processed, the earliest time you can request “to be forgotten” is when the booking has been successfully completed;
(5) In order to exercise your “right to be forgotten”, you need to send to the Controller via e-mail a request in free text or by filling in the template form in Enclosure № 2.
(6) The Controller may ask to verify your person and identity with the relevant data subject.
(7) The Controller shall not delete data they have a legal obligation to keep, including for the purpose of defense in legal claims against them or as proof of their rights.
Art. 11. (1) You have the right to request restriction of processing from the Controller where one of the following applies:
(2) The Controller may ask to verify your person and identity with the relevant data subject.
Art. 12. (1) If you have given consent to your personal data being processed or processing is required to perform the contract with the Controller, or if your data is processed in an automated manner, you may:
(2) You may at any time request to receive in machine-readable format your personal data, stored and processed in connection with the use of services provided by the Controller, via e-mail request in free text or by filling in the template form in Enclosure № 3.
(3) The Controller may ask to verify your person and identity with the relevant data subject.
Art. 13. You may request from the Controller to inform you of any recipients to whom personal data has been disclosed, for which you requested rectification, erasure or restriction of processing. The Controller may refuse to provide such information, if this is impossible or would require disproportionate efforts.
Art. 14. You may object at any time to the processing of your personal data, carried out by the Controller based on their legitimate interest, including for the purpose of profiling or direct marketing.
Art. 15. (1) If the Controller establishes a personal data breach, where that personal data breach is likely to result in a high risk to your rights and freedoms, they shall communicate to you said breach without undue delay, as well as any measures they have undertaken or will undertake related thereto.
(2) The Controller shall not be obliged to notify you, when:
Art. 16. For the purposes of processing your personal data and providing requested service in its full form and in your interest, the Controller may provide your data to processors (e.g. insurance brokers, hotels, transport companies, tour guides, etc.). Said personal data processors comply with all requirements of legality and security of personal data processing and storage.
Art. 17. Should your rights under the aforementioned or the applicable personal data protection legislation be violated, you have the right to file a complaint with the Commission for Personal Data Protection as follows:
Name | Commission for Personal Data Protection |
Seat and registered address | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Address for correspondence | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Phone | +359 (0)2 915 3 518 |
Website | www.cpdp.bg |
Art. 18. You may exercise all your personal data protection rights through the template forms enclosed hereto. Of course, these templates are only optional and you may submit your requests in any form that contains a statement to that effect and identifies you as the data subject.
Art. 19. If your consent concerns data transfer, the Controller shall describe the possible risks of data transferring to third countries in the absence of an adequate protection solution and adequate remedies.
Art. 20. (1) Excedo has the right to store information or gain access to information stored in the terminal equipment of the recipient of services offered by Excedo (“cookies”), after the website user has agreed to the use of “cookies”. Excedo has the right to use “cookies” that are required for the technical functioning of its website, which users are deemed to be duly informed of.
(2) “Cookies” do not constitute personal data within the meaning of GDPR and their use and processing cannot result in the identification of the data subjects.
(3) Excedo shall ensure that the service recipient has the opportunity to receive information on data stored in terminal equipment at any time. The respective natural person shall exercise that right by sending an inquiry via email to Excedo and by legitimization through their ID card or passport.
(4) If a natural person has not expressly objected to information storing or gaining access to information stored on terminal equipment, Excedo shall be entitled to carry out these actions without the individual’s explicit consent. The natural person shall have the right to submit an objection under the current article via Excedo’s main internet site.
(5) In cases of provision of information society services, which are expressly requested by the recipient of these information society services, Excedo has the right to process “cookies” without the recipient’s explicit consent.
Art. 21. Excedo’s website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about a Client’s use of the website (including Client’s IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating a Client’s use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required by law or where such third parties process the information on Google’s behalf. Google will not associate a Client’s IP address with any other data held by Google. Client’s may refuse the use of cookies by selecting the appropriate settings on their browser, however please note that this may result in inability to use the full functionality of the website. By using Excedo’s website, the Client consents to the processing of data about them by Google in the manner and for the purposes set out above.
Art. 22. Excedo’s website uses Google Adsense, a web screens service provided by Google Inc., USA (“Google”). Google Adsense uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. Google Adsense also uses so-called “Web Beacons” (small invisible images) to gather information. Through the use of Web beacons simple actions such as the visitor traffic to the website can be recorded and collected. The information generated by the cookie and/or Web Beacon about a Client’s use of the website (including their IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information to evaluate a Client’s use of the website with regard to the ads, compiling reports on website activity and ads for website operators and providing others with website and internet related services. Google may also transfer this information to third parties where required by law or where such third parties process the information on Google’s behalf. Google will not associate a Client’s IP address with any other data held by Google. Clients can avoid storing cookies on their hard drive and the display of Web Beacons by choosing ‘Do not accept cookies’ in your browser settings ” (in MS Internet Explorer under ” Tools> Internet Options> Privacy> Settings ” , in Firefox under ” Tools> Settings> Privacy> Cookies ”); however, we point out that this may result in incomplete use all features of this website. By using Excedo’s website, the Client consents to the processing of data about them by Google in the manner and for the purposes set out above.
Your name*:
Contact data (email)*:
To
Name | Excedo Travel Ltd. |
UIN/BULSTAT | 203315188 |
Seat and registered address | Bulgaria, Sofia 1784, Mladost District, Block 35, App. 31. |
Address for correspondence | Bulgaria, Sofia 1784, Mladost District, Block 35, App. 31 |
info@excedotravel.com | |
Website | www.excedotravel.com |
☐I hereby withdraw my consent to data collection, processing and storage of the following personal data provided by me:
☐All my personal data
☐Only these data ………………………………………………..
for the following purposes:
☐The following purposes: ……………………………………
……………………………………………….
☐All purposes
☐I hereby declare that I am aware of the Company’s terms and conditions for provision of services after consent has been withdrawn.
Should your rights under the aforementioned or the applicable personal data protection legislation be violated, you have the right to file a complaint with the Commission for Personal Data Protection as follows:
Name | Commission for Personal Data Protection |
Seat and registered address | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Address for correspondence | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Phone | +359 (0)2 915 3 518 |
Website | www.cpdp.bg |
Your name*:
Contact data (email)*:
To
Name | Excedo Travel Ltd. |
UIN/BULSTAT | 203315188 |
Seat and registered address | Bulgaria, Sofia 1784, Mladost District, Block 35, App. 31. |
Address for correspondence | Bulgaria, Sofia 1784, Mladost District, Block 35, App. 31 |
info@excedotravel.com | |
Website | www.excedotravel.com |
I hereby request that all my personal data that you collect, process and store, as provided by me or third parties who are associated with me, as per stated identification, be erased from your databases.
I hereby declare that I am aware that some or all of my personal data may continue to be processed and stored by the Controller for the purposes of fulfilling their legal obligations.
Should your rights under the aforementioned or the applicable personal data protection legislation be violated, you have the right to file a complaint with the Commission for Personal Data Protection as follows:
Name | Commission for Personal Data Protection |
Seat and registered address | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Address for correspondence | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Phone | +359 (0)2 915 3 518 |
Website | www.cpdp.bg |
Your name*:
Contact data (email)*:
To
Name | Excedo Travel Ltd. |
UIN/BULSTAT | 203315188 |
Seat and registered address | Bulgaria, Sofia 1784, Mladost District, Block 35, App. 31. |
Address for correspondence | Bulgaria, Sofia 1784, Mladost District, Block 35, App. 31 |
info@excedotravel.com | |
Website | www.excedotravel.com |
I hereby request that all my personal data that you collect, process and store be sent to:
☐e-mail:
☐Controller – data recepient:
Name | |
Identification Number (UIN, BULSTAT, CPDP reg. nr.) | |
API interface |
I hereby request that my personal data be provided in the following format:
☐XML
☐JSON
☐CSV
☐Other:
I request that my personal data in respective format be provided to me/to the controller as indicated by me:
☐Via provided email or through API ………..
☐On physical optical or electronic media (CD, DVD, USB) at your address
Should your rights under the aforementioned or the applicable personal data protection legislation be violated, you have the right to file a complaint with the Commission for Personal Data Protection as follows:
Name | Commission for Personal Data Protection |
Seat and registered address | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Address for correspondence | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Phone | +359 (0)2 915 3 518 |
Website | www.cpdp.bg |
Your name*:
Contact data (email)*:
To
Name | Excedo Travel Ltd. |
UIN/BULSTAT | 203315188 |
Seat and registered address | Bulgaria, Sofia 1784, Mladost District, Block 35, App. 31. |
Address for correspondence | Bulgaria, Sofia 1784, Mladost District, Block 35, App. 31 |
info@excedotravel.com | |
Website | www.excedotravel.com |
I hereby request that the following personal data you collect, process and store, as provided by me or third parties who are associated with me, as per stated identification, be rectified as follows:
Data subject to rectification:
……………………..
Please, rectify as follows:
………………………
Should your rights under the aforementioned or the applicable personal data protection legislation be violated, you have the right to file a complaint with the Commission for Personal Data Protection as follows:
Name | Commission for Personal Data Protection |
Seat and registered address | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Address for correspondence | Bulgaria, Sofia 1592, 2, Blvd. Tsvetan Lazarov Str. № 2 |
Phone | +359 (0)2 915 3 518 |
Website | www.cpdp.bg |