NERO

Nero Complex Book

NERO

Nero Complex Book

PRIVACY POLICY

I. DEFINITION

The current Privacy Policy, hereinafter referred to as the “Privacy Policy”, presents information on how “NERO HOLIDAYOOD, hereinafter referred to as the “Provider”, “Administrator”, “we” and/or “us”, owner of the website nerocomplex.com, hereinafter referred to as the “Website” for short, processes (including but not limited to collecting and storing) personal data of personal data subjects, such as the users of the Internet page and of the Provider’s services, referred to below for short as “User/s”, “You” and/or “to You”, as well as regarding the rights of the latter in this regard.

The term “personal data” used in the Personal Data Protection Policy has the same meaning as that given to it in Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data and for the repeal of Directive 95/46/EC, hereinafter referred to for short as “General Data Protection Regulation” and/or “GDPR”, namely:  “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”


II. INFORMATION REGARDING NERO HOLIDAY OOD

      1. Name: NERO HOLIDAY OOD, EIK 206936093
      2. Headquarters and management address: Sofia, 52 Borovo St/, entrance D, floor 2, office 2
      3. Tel.: +359889 066000, e-mail: neropamporovo@gmail.com
      4. Entry in public registers: Commercial Register at the Registration Agency of the Ministry of Justice of the Republic of Bulgaria.

III. INFORMATION REGARDING THE COMPETENT SUPERVISORY AUTHORITY

      • Name: Commission for Personal Data Protection of the Republic of Bulgaria
      • Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
      • Phone: 02 915 3 519
      • Email: kzld@cpdp.bg
      • Website: https://www.cpdp.bg/

IV. COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA

We process, collect, and store your personal data only in connection with our activities and in line with existing legislation, such as the Personal Data Protection Act of the Republic of Bulgaria and the General Data Protection Regulation. We process your personal data based on at least one of the following grounds:

      • Consent of the User for the processing of personal data;
      • The processing of personal data is necessary for the Supplier to fulfill its contractual obligations to the User;
      • The processing of personal data is necessary to carry out actions at the User’s request prior to the conclusion of a contract;
      • The processing of personal data is necessary to fulfill the Provider’s legal responsibilities;
      • The processing of personal data is necessary for the Provider to carry out its activity in line with its legitimate interests.

V. GROUNDS FOR COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA

We collect, process, and store personal data of Users in connection with the delivery of our services and communication related to the use of the Internet page, as well as for the following purposes:

      • Communication and identification in the execution of a service contract and a sales contract (including the operation of a corresponding contract);
      • Communication, identification, processing, and execution of inquiries, orders, requests, reservations, purchases of goods or services (including contract preparation, order acceptance, dispatch of goods, problem resolution relating to cancellation of orders, reservations, return of purchased goods, refund of paid sums, and others);
      • Fulfillment of tax and other legal obligations;
      • Accounting purposes in connection with the use of our services;
      • Protection of our legitimate interests in connection with our responsibilities to state and local agencies (for example, the National Revenue Agency and the Ministry of Internal Affairs);
      • Protection of our legitimate interests in connection with the storage of information for the purposes of preventing legal or tax claims and improving the presentation of the Internet page;
      • Protection of the Internet page’s information security;
      • Statistics relating to how individuals use the website;
      • Provision of advertising content according to the User’s preferences;
      • Sending e-mail newsletters, promotional and instructive messages via push notifications;

If a data subject declines to supply us with some or all of the personal data required for the above-mentioned purpose, we may be unable to offer the relevant service (for example, to fulfill a contract entered into with the relevant User) or meet the applicable legal requirements (for example, to enable the data subject to exercise his/her rights under the GDPR).

VI. HOW WE COLLECT, PROCESS AND STORE PERSONAL DATA

When collecting, processing, and storing your personal data, we adhere to the following principles: legality, good faith, and transparency; limitation of processing purposes; limiting the storage period in order to achieve the purposes for which the data is processed; minimizing the data that is processed; data accuracy and timeliness; integrity and confidentiality in data processing; and ensuring an appropriate level of personal data security.

VII. PERSONAL DATA CATEGORIES

We collect the following categories of personal data from Users for the following objectives and reasons:

      • Your personal data (name and surname, telephone number, and email address), as well as other data that you voluntarily provide to us, for the purposes of processing your inquiries, providing service offers, and providing services on our part, if expressed by you desire, including communicating with you in this regard, and on the basis of taking steps at your request for the possible conclusion of a contract, performance of a contract to which you are a party, or consent to a contract.
      • Your personal data (name and surname, phone number, and email address) as well as payment and payment method information for the purposes of issuing and sending accounting/tax documents (invoices) in connection with the services you use, including communication with you in this regard, and on the basis of taking steps at your request for the possible conclusion of a contract, performance of a contract to which you are a party, or fulfilment of our obligations.
      • Email address for the purposes of advertising and/or informational content by us, including news, newsletters, promotions, participation in loyalty programs and activities, notices of improvements or changes in services provided by us, and other advertising messages, if expressed at your request and on the basis of consent to processing provided by you or our legitimate interest in relation to Users who are already our clients and/or partners;
      • Your IP address, browser settings and preferred language, pages visited, and actions taken in order to deliver Push notifications if you have indicated a wish to receive them;
      • Your IP address and the pages you visited for the purpose of preserving information security.
      • Other data that may be required in certain cases or related to our provision of services to Users, (such as date of birth, signature, unified citizen number) or other data that Users voluntarily decide to share with us, and on the basis of performance of a contract to which you are a party, consent to processing provided by you, or compliance with our legal obligation.

We do not process or collect special types of personal data from Users (for example: data revealing racial or ethnic origin, political views, genetic or biometric data, as well as data about the sex life and sexual orientation of the data subject). We do not make decisions entirely based on automated data processing, such as profiling.

We usually obtain personal data directly from the data subject. However, it is not excluded that we may also receive personal data from other persons, such as: other employees in the company where the relevant subject of personal data works, as well as publicly available sources such as the Commercial Register and the register of non-profit legal entities at the Agency for entries to the Ministry of Justice of the Republic of Bulgaria.

VIII. PERIOD OF PERSONAL DATA STORAGE

We store the personal data of Users for no longer than is necessary to fulfil the relevant processing purpose or, where applicable, the legally established period. Thus, for example: 

      • personal data provided by you when filling out the contact form will be stored until the request is fulfilled or the inquiry for which you contacted us is resolved, as well as for a maximum of one year after that for statistics and marketing analyses;
      • personal data of our clients processed in connection with contracts concluded between us and the relevant User will be stored for no more than ten years, starting on January 1 of the year following the year in which the contract is reported for tax purposes;
      • personal data of our clients processed in connection with the issuance of tax documents (invoices) will be stored for a period of no more than ten years, starting on January 1 of the year following the year in which the document is reported for tax purposes;
      • personal data of our partners/providers processed in connection with contracts concluded between us and the relevant partner/provider will be stored for a period of no more than ten years, starting on January 1 of the year following the year in which the contract is reported for tax purposes;
      • personal data of participants in recruitment and selection procedures will be stored for no more than six months, starting with the final completion of the recruitment/selection procedure in which the relevant personal data subject participates, respectively after the expiry of the period for appeal of the given procedure, unless the subject of personal data in question has consented to the storage of his/her personal data for a longer period, in which case the subject of personal data has the right to withdraw permission at any time and without giving reasons.
      • The storage period depends, among other things, on the duration of the legal relationship between us and the respective User, as well as on the purposes for which the personal data is processed. Where there is an indication of a potential legal claim or liability, these terms will be extended accordingly. When the processing is based on the User’s consent (for example, personal data provided by third parties for direct marketing), we store this personal data until we have a valid consent for its processing.

After the above-mentioned time periods have expired, we take the necessary steps to erase and/or destroy your relevant personal data without undue delay.

IX. ACCESS TO PERSONAL DATA AND TRANSFER OF PERSONAL DATA TO THIRD PARTIES

In general, the personal data of Users that we process are accessible to our employees, representatives, and partners who require them to fulfill legal and/or contractual obligations (for example: providing a given service under a contract with a User). In this regard, we may, at our discretion and in accordance with the GDPR requirements, transfer all or part of your personal data to third parties such as accountants, professional consultants, including lawyers (for the purposes of financial, accounting, and administrative service of our activity), cloud platforms for data processing/storage (for the purposes of the organizational service of our activity, for example: storing and processing the contracts with the Users of cloud platforms for the purpose of greater security), (for the purposes of organizational service of our activity, for example: sending contracts on paper to the Users), IT service providers, system administration, marketing services (to provide more reliable and high-quality Website operation and more secure data processing), third-party information storage service providers (i.e. hosting companies) (for the purpose of fulfilling contracts with Users). All or part of your personal data may be made available to public authorities based on applicable law or at the request of public authorities. We do not intend to transfer your personal data to countries outside the European Economic Community or to international organizations.

X. RIGHTS OF DATA SUBJECTS

At any time while we are processing your personal data, and subject to the limitations set forth in applicable legislation, you, the data subject, have the following rights:

      • Right of access – you have the right to request information about whether we are processing your personal data, as well as access to and a copy of such personal data; if  you request more than one copy of your personal data, you may be required to pay a fee for each additional copy;
      • Right to rectification/correction – If you believe your personal data is inaccurate or incomplete, you have the right to request that it be corrected. We will make such rectifications/corrections without undue delay;
      • Right to erasure/right to be forgotten – in certain circumstances (for example, the relevant personal data are no longer required for the purposes for which they were collected; you have withdrawn your consent to the processing of certain of your personal data for which there is no other legal basis for processing), you may request that your personal data that we process be erased from our records/our database without undue delay. In certain cases, We may refuse to delete Your personal data (for example, if the processing is required to comply with a legal obligation or to establish, exercise, or defend legal claims);
      • Right to processing restriction – when certain conditions are fulfilled (for example, the processing of part of your personal data is unlawful but you do not want this data erased), you have the right to request a restriction on how your personal data is processed;
      • Right to portability – in cases where your personal data is provided to us by you and it is processed automatically, you have the right to request that your personal data be transmitted to you in a structured, widely used, and machine-readable format, as well as transferred to another controller of personal data, if this is technically feasible;
      • Right to object – you have the right to object to the processing of your personal data for specific purposes at any time, in which case we will stop using the personal data for the specific purpose, unless we have overriding legitimate grounds to do so (for example, you have the right to object to the processing of your personal data for direct marketing purposes at any time, in which case we will stop processing your personal data for these purposes without undue delay);
      • Right to object to automated processing, including profiling – You have the right not to be the subject of a decision solely based on automated processing of your personal data, including profiling, and you also have all the rights that accrue to you if you are subject to the legal consequences of such processing;
      • Right to withdraw consent to processing – If we process your personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal shall have no effect on the lawfulness of processing based on consent prior to its withdrawal.

In the event that we erase a User’s personal data from our database at his/her request, we will only retain the information that is necessary to protect our legitimate interests or for governmental authorities. You have the right to request that we notify you of all recipients to whom the personal data subject to correction, erasure, or restriction of processing has been revealed. We may decline to provide this information if it proves impossible or would require a disproportionate amount of effort. In the event that we are required to transfer personal data to another administrator, to correct or erase personal data, to restrict or terminate personal data processing, to provide information about the recipients to whom personal data has been provided, for which rectification, erasure, or restriction of processing is requested, or to provide access to personal data, and if there are concerns about the identity of the User making the request, we may first request more information to establish the data subject’s identity. If, during the processing of your personal data, a third party receives all or part of your personal data (as described in Part IX above), all of the above requests will be forwarded to that third party. Except when the requests are plainly baseless or disproportionate, the Users’ use of the aforementioned rights is free of charge. In such a case, we may charge a reasonable fee to comply with the request or refuse to act on it. Users may exercise their rights set forth above by contacting us via email at neropamporovo@gmail.com

XI. COMPLAINT TO SUPERVISORY AUTHORITY

If you consider that your personal data is not being processed legitimately or that one of your data protection rights has been violated, you have the right to file a complaint with the appropriate supervisory authority for data protection referred to in Part III of the Privacy Policy. You have the right to seek legal protection for your rights as well. If the website contains links to other websites, we recommend that you carefully familiarize yourself with their personal data protection/privacy policies, because when you visit these websites, the websites in question may process your personal data, and such processing may not be covered by the Personal Data Protection Policy. We reserve the right, at our sole discretion, to amend the Privacy Policy at any time.