WE CARE ABOUT THE PROTECTION OF YOUR PERSONAL DATA
„"JOURNEY GROUP" Ltd. is a commercial company registered in the Commercial Register at the Registry Agency with UIC 200939143, with registered office and management address: Sofia, 1 Felix Kanitz Str., tel.: 02 954 42 30; email: booking@journeygroup.bg, and is a personal data administrator, in accordance with the provisions of the Personal Data Protection Act.
Sofia, 1 Felix Kanitz St., phone: 02 954 42 30; e-mail: booking@journeygroup.bg
“JOURNEY GROUP“ Ltd. respects the confidentiality of your personal data.
The protection of your personal information throughout the entire personal data processing process, as well as the security of all business data, is an important issue for us. We process the personal data collected during your visit to our website confidentially and in accordance with legal provisions at national and European level.
What is the Security Policy and Privacy Statement?
This security policy aims to provide you with comprehensive information in clear and accessible language about what actions are taken with the personal data you provide to "JOURNEY GROUP" Ltd. (hereinafter referred to as "JOURNEY"), including:
• What personal data do we collect about you?
• What is the purpose of their collection?
• For how long do we store the personal data provided?
• Who do we share your personal data with?
• How do we notify you of a change to our Security Policy?
• What types of cookies do we use to make your experience on our website better?
• What are your rights regarding the personal data provided?
With this Security Policy, JOURNEY declares that it implements all technical and organizational measures to protect the personal data of individuals that are prescribed by law or other regulatory act at the national and European level.
Any information and data that can identify an individual, directly or indirectly.
For example, indirect identification is your mobile phone number.
Direct identification is achieved when you provide a unique identifier such as a personal identification number, social security number, customer code, etc.
In order to provide you with effective access to our products/services, JOURNEY collects the following information about you:
• Name, surname, phone number, e-mail, organization when filling out the contact form located on our website www.journeygroup.bg
• Technical data that is automatically sent to us when you use our website – IP address, GPS coordinates, information about the device from which you visit the website;
• Cookies – to identify your browser or device.
The processing of personal data includes collection, storage, destruction, transmission, correction, updating, deletion, destruction and all other actions that are performed with your personal data.
JOURNEY collects your personal data to fulfill its contractual obligations under contracts concluded with you for the provision of services - on a contractual basis.
JOURNEY also collects personal data after receiving your explicit, clear, free and unambiguous consent for the purposes of processing. For example, for marketing purposes and receiving advertising newsletters.
Consent to the processing of your personal data is provided upon visiting our office or upon registering on our website.
The consent you provide can always be withdrawn by visiting one of our offices, as well as through your profile on our website.
JOURNEY also processes personal data in compliance with legal obligations, as well as if necessary to protect the life and health of the individual to whom the data relates.
JOURNEY may also process personal data if it has a legal (legitimate) interest, except when the interests of the individual to whom the data relate take precedence over these interests.
The personal data received from you will be used to enable us to fulfill our obligations to you, as well as to help exercise your rights, including, but not limited to:
• To provide you with the services/products offered by JOURNEY;
• To provide you with access to our website, by showing you content that is relevant, personalized and limited to the criteria you set;
• To respond to your inquiries, opinions and recommendations;
• To send you information related to special campaigns and our new products and services.
In addition to the above, we have a legitimate interest in collecting your personal data because without it we cannot provide you with the service/product in which you are interested.
In order to provide products and services, JOURNEY processes (collects) the personal data you provide regarding your physical, economic, social and family identity in the following ways:
• by filling in reservation forms for tourist services – hotel accommodation, plane and bus tickets, insurance, visa services, applications, forms and declarations, which are provided to you by JOURNEY employees. The forms are provided and filled in at our Offices, in case you make a request for the provision of services;
• when updating data at your request and filling out an update form on paper or in an electronic environment;
• by processing information about your visits to JOURNEY web portals;
• by processing information about IP addresses, cookies, operating system and browser type.
Depending on the basis for which your personal data is processed, the period of storage of personal data varies.
Your personal data is stored by us for a period of 6 years from the expiry of our contractual basis, if we process the personal data for the performance of contractual obligations to you. After this period has expired and in the event that there is no legal basis for the continued storage of your personal data, the information about you is destroyed. Records about you are permanently deleted from our system, and paper files containing your personal data are destroyed.
JOURNEY undertakes not to provide your personal data without your express consent to third parties, except when necessary to fulfill contractual obligations to you.
To fulfill obligations under contractual and/or pre-contractual relationships with you, JOURNEY may disclose your personal data to the following persons:
• Companies providing courier services;
• The company that provides hosting services related to this website.
JOURNEY has the right to disclose and transfer your personal data to companies located outside the territory of the Republic of Bulgaria, to the extent that there is a legitimate interest related to the processing of your personal data for internal administrative purposes. This and any other transfer is carried out in strict compliance with the confidentiality and security of your personal data.
Are there other cases in which we may share your personal data?
Your personal data is also provided to third parties in the following cases:
• At the request of the individual who provided the data, a subject of personal data protection;
• At the request of competent authorities in accordance with the current legislation of the Republic of Bulgaria and the European Union.
In all the above cases, the persons to whom we provide your personal data have declared that they provide an adequate level of protection for your personal data, including foreign companies located within the EU and the EEA. With regard to companies located outside the EU and the EEA, for each specific case, the relevant company guarantees that it provides an adequate level of protection for personal data, complying with the requirements of European legislation.
„Cookies are small text files that are saved on your computer when you visit our website. If you access this website at a later time, your browser sends the content of the cookies back to the respective provider and thus allows the terminal device to be identified again. Reading cookies allows us to design our website optimally for you and makes it easier for you to use it.
Your browser allows you to delete all cookies at any time. To do this, please refer to the help functions of your browser. This may result in certain functions of our website no longer being available to you.
Overview of the cookies we use
In this section you can find an overview of the cookies we use.
Strictly necessary cookies
Certain cookies are necessary to enable us to provide our services through the website. This category includes, for example:
• “Cookies” that identify or authenticate our users;
• “Cookies” that temporarily store certain user data (for example, content of an online form);
• “Cookies” that store certain user preferences (e.g. search settings or language settings);
• “Cookies” that store data to ensure smooth playback of video or audio content.
Analytical cookies„
We use analytical cookies to record user behavior (e.g. clicks on ad banners, entered search queries) and to statistically evaluate these actions.
Advertising cookies„
We also use cookies for advertising purposes. The user behavior profiles created with the help of such cookies (e.g. clicks on advertising banners, subpages visited, search queries entered) are used by us to show you advertisements or offers that are tailored to your interests (“interest-based advertising”).
Third-party advertising cookies
We also allow other companies to evaluate our users' data through advertising cookies. This allows us and third parties to show users of our website interest-based advertisements based on an analysis of your usage behavior (e.g. clicks on banner ads, subpages visited, queries entered), and this is not limited to our online offerings.
“Cookies when referring
Our referral tracking partners set cookies on your computer (a “referral cookie”) if you have reached our website through an advertisement from that partner. These cookies usually expire after 30 days. If you visit certain pages that we host and the cookie has not yet expired, we and the relevant conversion tracking partner may see that a particular user clicked on the advertisement and was redirected to our page. The information collected through the referral cookie is used to create referral statistics and to determine the total number of users who clicked on the relevant advertisement and were redirected to a page that has been tagged with a referral tracking tag.
Web space analysis
We need statistical information about the use of our website to make it more accessible, perform reach measurements and conduct market research.
For this purpose, we use the web analytics tools described in this section.
The user profiles created by these tools, using analytical cookies or by evaluating log files, do not contain any personal data. The tools either do not use users' IP addresses at all or shorten them immediately after collection.
The tool providers only process the data as personal data processors on our instructions and not for their own purposes.
Below you will find information about each tool provider and how you can object to the collection and processing of personal data through the tool.
Please note that for tools that use opt-out cookies, the opt-out function is device- or browser-specific and therefore valid for the end device or browser currently in use. If you use multiple end devices or browsers, you must select the opt-out function on each end device and in each browser used.
Furthermore, you can generally prevent the creation of user profiles by disabling the use of cookies.
Google Analytics
Google Analytics is provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). We use Google Analytics with the additional function of anonymizing IP addresses offered by Google. Google shortens the IP address within the EU and only in exceptional cases in the USA, in both cases only saving shortened IP addresses.
You can object to the collection and processing of your data by downloading and installing the browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout?hl=en
What are your rights regarding the personal data provided?
In compliance with Bulgarian and European legislation, including Regulation (EU) 2016/679 of the EU and of the Council (General Data Protection Regulation – GDPR) on the protection of personal data, you can exercise the following rights:
• The right to access the personal data that JOURNEY processes for you and to receive a copy of it;
• The right to request correction from JOURNEY in case you find inaccuracies or need to update your personal data by sending an email to booking@journeygroup.bg
• Right to request blocking of your personal data or restriction of the processing of personal data, in the cases specified by law and the Regulation;
• Right to request deletion, i.e. deletion of your personal data from JOURNEY, if the conditions for this are met.
• The right to object to the processing of your personal data for direct marketing purposes by using the "unsubscribe" link that we have placed in each email sent to you containing promotional information about our products;
• The right to object to the provision of your personal data to third parties by logging into your personal profile on our website and unchecking the box regarding the provision of personal data to third parties;
• The right, at any time, to withdraw your consent to your personal data being processed for the purposes for which you have consented, for example for marketing, by sending an email to booking@journeygroup.bg
• Right to request the portability of your personal data in a structured, machine-readable format that is commonly used
• The right to file a complaint or request for protection of your rights with the Personal Data Protection Commission, if the prerequisites for this are met;
You can exercise all rights at any time regarding the processing of your personal data.
What does each of the above rights mean?
Right of access to personal data.
This right enables you to obtain information about the data that identifies the controller and its representative, the purposes of the processing of personal data, the recipients or categories of recipients to whom the data may be disclosed, data on the mandatory or voluntary nature of providing the data and the consequences of refusing to provide it, as well as information about the right of access and the right to rectify the collected data.
The data shall not be provided when the individual to whom it relates already has it or there is an explicit prohibition by law on its provision.
Right to erasure, access, correction, blocking
The right at any time to request the administrator to delete, correct or block personal data, the processing of which does not meet the requirements of the PDPA, as well as the right to request the administrator to notify third parties to whom the personal data have been disclosed of any deletion, correction or blocking that has been carried out, except in cases where this is impossible or involves disproportionate efforts;
Right to object
Right to object to the controller against the processing of the personal data of the individual if there is a legal basis for this, as well as against the processing and disclosure of your personal data to third parties for the purposes of direct marketing. You have the right to be notified before your personal data are disclosed for the first time to third parties or used on their behalf for the purposes of direct marketing, and you have the right to object to such disclosure or use.
Right to portability
When the processing of personal data is carried out in an automated manner, you have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used, machine-readable and interoperable format, and to transmit them to another controller.
This right should apply where the data subject has provided the personal data on the basis of his or her consent or the processing is necessary for the performance of a contractual obligation. The right should not apply where the processing is based on a legal basis other than consent or a contract. By its very nature, this right should not be exercised in relation to controllers processing data in the performance of their public duties. Therefore, this right should not apply where the processing of personal data is necessary for compliance with a legal obligation to which the controller is subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in the controller. The right of the data subject to transmit or receive personal data concerning him or her does not give rise to an obligation for controllers to adopt or maintain technically compatible processing systems. Where more than one data subject is concerned in a given set of personal data, the right to receive personal data should be without prejudice to the rights and freedoms of other data subjects in accordance with this Regulation.
Right to file a complaint or request with the Personal Data Protection Commission
In case of violation of your rights, you have the right to notify the Personal Data Protection Commission within one year of becoming aware of the violation, but no later than five years from its commission. In case of violation of your rights, you have the right to appeal actions and acts of the administrator in court or before the Supreme Administrative Court. The court cannot be notified if there are pending proceedings before the Commission for the same violation or a decision of the CPDP regarding the same violation has been appealed and no court decision has entered into force.
Changes to Security Policies – (Privacy Notice)
For all changes made to these Privacy Policies, we declare that we will notify you by sending an electronic letter (e-mail) to the e-mail address you provided.
This will give you the opportunity to discontinue using some or all of the services and/or exercise your rights, some of which are expressly stated above. In addition, we will take all possible measures to inform you in the event of changes to the protection of personal data by posting notices in the offices and on the JOURNEY web portals.
Be the first to know about our exclusive offers!
