Starosel's history | Blog | Careers | Contacts | FAQ | Terms of use | Privacy policy
Confidentiality
Submission of applications in relation to personal data
The services we provide to you enable you to manage your privacy, including your personal data.
In this regard, you have the opportunity to submit your application to the personal data administrator or to the Personal Data Protection Officer representing the specific company STAROSEL TOURS LTD, and your application will be considered as soon as possible.
The reception official - representative of the company - administrator or the Personal Data Protection Officer who accepts your request will provide you with information on the measures taken within one month of receiving your accurately and comprehensibly worded application, provided that the sender of the application is uniquely identified.
The specified period can be extended by another two months if this is necessary due to the complexity of the case and the number of requests. The Administrator (the Personal Data Protection Officer) is obliged to inform you of any possible extension within one month of receiving the application, stating the reasons for such a postponement.
If your application cannot be identified or is not formulated accurately and comprehensibly, the administrator or the Personal Data Protection Officer will contact you with a request to supplement it, and from that moment the one-month period for deciding your application will cease to run until the day of its completion. In this regard, please keep in mind that if you do not complete your application within a reasonable time, it will not be considered and will be rejected on the basis of Art. 12 of the Regulation.
Applications can be submitted in one of the following ways:
- In person at the reception of the complex in the complex for Wine & SPA Complex Starosel;
- By mail with a notarized application;
The answer will be sent to you in the manner specified in the application. In the event that the administrator cannot take the measures you requested, you will be informed no later than one month after the acceptance of your application.
The provision of the requested information by us, as well as the satisfaction of your requests, is carried out completely free of charge. In the case of applications that are unfounded or untenable, mainly because they are repeated, the administrator has the right:
- To request a corresponding fee, including the administrative costs incurred in connection with providing the requested information or message, or in connection with taking the requested actions,
or
- To reject the submitted request.
/the relevant documents must be attached to each application as in the sample view below/
- Application for objection to processing of personal data Art. 21 GDPR
- Application for access to information of the LS Art. 15 GDPR
- Application for deletion of LD Art. 17 GDPR
- Application for correction of DD Art. 16 GDPR
- Application for restriction of the use of LD Art. 18 GDPR
- Application for portability of LD Art. 20 GDPR
- Application for notification of a violation of the LD
Privacy Policy
In the European Union, the new law on the protection of personal data is already in force - the General Regulation on the Protection of Personal Data (GDPR).
We are committed to protecting your data and privacy is a core part of everything we do.
Learn more about the privacy of your data and the security measures we apply to it in order to comply with it as we apply the requirements and provisions of the GDPR in this privacy notice.
Key and timely updates include processes to manage the privacy of your data with a view to respecting your rights.
Our Services enable you to manage your privacy in a variety of ways.
You can easily manage your wishes regarding the services and products we provide you.
In addition, you are able to use many of the services on our site without logging in or without creating an account at all. You also have the ability to view the privacy policies for all of our services and products individually on the web, through a specific option on the Site, to control what information we collect and how it is used.
The privacy policy will provide you with information on how we collect and process your personal data, which you can view by selecting a specific menu option in the section.
/the relevant documents must be attached to each application as in the sample view below/
European legislative framework
GENERAL REGULATION REGARDING THE PROTECTION OF PERSONAL DATA (GDPR)
(GDPR)
In the European Union, the new law on the protection of personal data is already in force - the General Regulation on the Protection of Personal Data (GDPR).
The application of the General Regulation on the protection of personal data has been in force since 25.05.2018 in our country as well and replaced the application of the GDPR, effective until that moment.
The protection of natural persons in relation to the processing of personal data is a fundamental right. Article 8(1) of the Charter of Fundamental Rights of the European Union ("Charter") and Article 16(1) of the Treaty on the Functioning of the European Union (TFEU) provide that everyone has the right to the protection of their personal data.
The principles and rules regarding the protection of natural persons in relation to the processing of their personal data should, regardless of their citizenship or place of residence, be consistent with their fundamental rights and freedoms, and more specifically, with the right to the protection of their personal data.
This Regulation aims to contribute to the construction of an area of freedom, security and justice and to an economic union, to the achievement of economic and social progress, to the strengthening and convergence of economies within the internal market, as well as to the well-being of people.
The purpose of Directive 95/46/EC of the European Parliament and of the Council is to harmonize the protection of the fundamental rights and freedoms of individuals with regard to data processing activities and to ensure the free movement of personal data between Member States. 4.5.2016 L 119/1 Official Journal of the European Union.
Find out more about the requirements and regulations of the ORZLD. You can read the full text here.
Official under ZLD
Dear customers of "Staroseltur" EOOD
Our commitment is to protect your personal data. Their privacy is a core part of everything we do.
The services we provide to you enable you to manage your privacy in a variety of ways.
You can manage your wishes regarding the services and products we provide you because for us the protection of personal data is an important issue, which is why we have taken the necessary measures to be able to provide you with complete and synthesized information on the processing and protection of personal data from companies in the "Starosel" group.
It is my responsibility to carry out all activities for the protection of personal data, foreseen in the Regulations of the Starosel group, and I believe that with the information provided, I will be useful for you to find answers to all questions related to your personal data.
It is your right to contact me and the persons responsible in the "Starosel" team on all issues related to the processing of personal data, with a view to respecting your rights.
In this section of the site, we provide you with the opportunity to find information about:
- What the data protection officer is responsible for;
- Who can contact the data protection officer;
- How to contact the Data Protection Officer.
Basic concepts
Regulator - in the Republic of Bulgaria it is the Personal Data Protection Commission (PCPD).
Regulation – Regulation (EU) 2016/679 of the European Parliament of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR).
Personal data – all information about identified or identifiable natural persons. An identifiable natural person is a person who can be directly or indirectly identified through the use of a given natural person identifier, for example: name, identification number, location information, email, photo, phone number, etc.
Limiting the processing of personal data - designation of stored personal data to limit their processing in the future.
Personal data protection officer - a person appointed to the companies of "Starosel", according to Art. 37 of the Regulation. The personal data protection officer bears his own responsibility regarding the protection of personal data in Starosel group companies. The duty of the Personal Data Protection Officer is to protect the rights and interests of data subjects and group companies.
Recipient – a natural or legal person, public authority, agency or other entity to whom the personal data is provided, regardless of whether it is a third party or not. In the specific case, the bodies of the state authority, which have the right to receive personal data when carrying out a specific check, in accordance with the regulations of a given member state, are not considered recipients of data; the processing of personal data by the specified state authorities must be carried out in accordance with the applicable data protection rules, depending on the specific purposes of processing the information.
Collection of personal data – a systematic process or set of procedures, the purpose of which is to obtain personal data, with the aim of their further storage on an information medium and their immediate or subsequent processing.
Processing of personal data – any operation or set of operations on personal data or personal data files performed with or without automated devices, such as collection, recording, organization, structuring, storage, adaptation or modification, search, review, use, access upon transfer, distribution or any other data access, organization or combination, restriction, deletion or destruction.
Consent to the processing of personal data - any free, specific, informed and unequivocal statement of will by which the person providing the data gives consent or other type of permission for the processing of his personal data.
Personal data administrator – a legal entity (a Starosel group company) that determines the purposes and method of personal data processing, carries out the data processing and is responsible for it. The administrator can authorize or entrust the processing of personal data to another person - a personal data processor.
Data subject (personal data subject) – the natural person to whom the personal data refers. The data subject is considered to be identified or identifiable when, on the basis of one or more identifiers of the personal data, he can be directly or indirectly identified.
Status check - evaluation of the application of the subject of the personal data by the Administrator, if the application of the subject of the personal data is unfounded or untenable, above all if it has been submitted again. An application may be considered manifestly unfounded, in cases where at first glance it can be established that there is no justification (if one should be applied) and when, even after further interpretation, it is not possible to establish what the subject's request is of the data (for example, objection to data processing according to Art. 21, paragraph 1 of the Regulation, when the data subject does not indicate in his application information about his situation that would allow the Administrator to assess whether the justified interest outweighs the interest of the data subject ). Applications that are unfoundedly repeated or are too numerous can be considered manifestly untenable. The practice is not to impose sanctions on them before considering the context of the particular case. The Administrator ascertains the manifest unfoundedness or insolvency of the application, for which he prepares a justification and includes it in his notification to the Personal Data Protection Officer, with the aim of rejecting the application. The administrator is obliged to document and archive his justification, for the purposes of a possible inspection by the Regulator.
Third party – a natural or legal person, state authority, agency or other entity, other than the data subject, the Administrator, the Personal Data Processor or the persons directly subordinate to the Administrator or the Personal Data Processor, who have the right to process personal data.
PDPC (Personal Data Protection Commission) – established under the Personal Data Protection Act, in its latest valid amendment. The commission has been delegated the powers of a central administrative body for the protection of personal data, within the scope of the cited law, as well as other powers determined by virtue of the by-laws.
Handler (Executor) – natural or legal person, state authority, agency or other entity that processes personal data for the Administrator.
Disclosure of personal data – data that is disclosed through mass media, another way of public disclosure or as part of a public list/register.
Special categories of data (sensitive data) – personal data that reveal racial or ethnic affiliation, political views, religious or philosophical beliefs or membership of organizations, processing of genetic data, biometric data for the purposes of individual identification of natural persons and data on health status or sex life or sexual orientation of individuals.