+359 2 935 9999

Privacy and Data Protection Policy

The website you are viewing is operated by "FIESTA TRAVEL" Ltd., registered in the Commercial Register of the Registry Agency with UIC 130432064, with its headquarters and address at Sofia, 1404, Bulgaria Blvd. 111A, tel: +359 2 9359999, e-mail: office@fiestatravel.bg (hereinafter referred to as the "Company").

"FIESTA TRAVEL" Ltd. prioritizes not only providing quality service to its clients but also safeguarding the confidentiality of their personal data. Therefore, it has taken a series of legal and technical actions to align its operations with the new legal framework in the field of personal data protection, which began to apply with the General Data Protection Regulation (EU) 2016/679 (the "Regulation").

 

This privacy policy is effective from May 25, 2018, and aims to inform you about the following:

  • What personal data we collect from you
  • Why we collect and process your personal data and on what basis
  • When and how we may share your personal data with other organizations, including third countries
  • The duration for which we will store your personal data
  • International transfers of personal data
  • Your rights regarding the personal data you provide to us
  • Protection measures

 

1. What personal data we collect

 

 1.1 When you register for any of our services, you provide us with:

  • Address, email address, phone number, and date of birth

 

1.2 When you browse our websites or use our mobile applications, we collect:

  • Travel preferences
  • Information about your browsing behavior on our websites and mobile applications
  • Information about when you view one of our advertisements, including those displayed on other organizations' websites
  • Information about how you access our digital services, including operating system, IP address, online identifiers, and browser details
  • Social preferences, interests, and activities
  • "Cookies"

Please review the Cookie Policy to learn more details. 

 

1.3 When you make inquiries for offers, we collect:

  • First and last name, email, phone
  • Destination preferences, number of travelers, including children and their ages.

1.4 When you make a reservation, we collect:

  • Gender, first and last name, address, country, phone, email, date of birth, preferred payment method, number of travelers, including children and their ages.

1.5 To send you up-to-date offers and proposals, you can subscribe to our newsletter, and in that case, we collect:

  • First and last name, email address

 

1.6 When you purchase our products in our offices or online, we collect:

  • Names, PN, address, passport/ID card details, other identity document information
  • Passenger information – number of travelers, including children and their ages
  • Contact details – phone, email
  • Purchase information, including what you bought, when and where you bought it, how you paid, or other payment details
  • Data related to written consent from parents, guardians, or other caregivers for a child’s participation in the relevant trip
  • Any special dietary requirements
  • Relevant medical data related to disabilities, limited mobility, pregnancy, vaccinations, accident data during travel
  • Marital status – for children’s excursions, travel with one parent
  • Data related to complaints, grievances, and tourist feedback
  • Data on the tourist's behavior during the trip, related to their claims for non-compliance with the

 

2. Why we collect and process your personal data and on what basis

We collect and process your personal data for various purposes:

  • To book airline tickets, online check-in
  • To book a hotel
  • To conclude a contract for the sale of a product/service
  • To make a payment
  • To issue accounting documents for the payment made
  • To issue visas
  • To conclude voluntary or compulsory insurance "medical expenses in case of illness and accident of the tourist"
  • To provide transportation
  • To refund amounts
  • To contact you
  • For marketing and advertising purposes

We collect and process your personal data on the basis of:

  • Pre-contractual relations and conclusion of a contract with you
  • our legal obligations under Bulgarian law – for example, the Tourism Act, the Accounting Act, and applicable subordinate legislation, as well as on the basis of European legislation in the field of tourism and the provision of services
  • Consent (when sending an enquiry; when sending a newsletter; for registering a profile; when assisting with visa issuance; when processing special categories of data; when transferring data to a third country, in the absence of a decision by the European Commission on the adequacy of the level of data protection in the third country)
  • protection of your vital interests (in an emergency; when processing special categories of data where the data subject is physically or legally incapable of giving consent)
  • to protect our legitimate interests (when collecting information about preferences in order to personalize our services)

3. When and how we may share your personal data with other organizations, including third countries

In order to provide you with the products and services you have requested, we provide your personal data to:

  • Hotels
  • Airline companies
  • Transport companies
  • Insurance companies
  • Tour operators
  • Embassies
  • National Revenue Agency, Consumer Protection Commission, and other recipients established by law

We also work with carefully selected suppliers who perform certain functions on our behalf, such as:

  • companies that help us with IT services – maintaining our computers, websites, email domains, servers, and reservation systems
  • marketing and advertising companies
  • payment processing companies

We may need to share personal data with investigative authorities or other public authorities to establish, exercise, or defend our legal rights or protect public interests for the purposes of preventing fraud, reducing credit risk, and combating terrorism.

When we share personal data with other organizations, we require them to store the data using the highest possible organizational and technical security measures and not to use your personal data for their own marketing purposes. We only share the minimum personal data that allows our suppliers and partners to provide you with our services.

4. How long we will store your personal data

We store your personal data:

  • for the purposes of the contract - for the duration of the trip and/or to comply with legal requirements such as the exercise of rights under legal claims, compensation for damages
  • for advertising and marketing purposes - until withdrawal of consent
  • for accounting purposes - in accordance with the terms specified in the Accounting Act, the Tax and Social Security Procedure Code

for statistical purposes - only after anonymization

In the absence of a legal deadline, we store your personal data for a reasonable period of time based on additional criteria. The criteria for determining the period are in line with our desire to provide you with high-quality services.

When the personal data we collect is no longer necessary for the purposes mentioned, we delete it or destroy it in another appropriate manner.

5. International transfers of personal data

We transfer your personal data outside the European Economic Area when one of the following options is available:

permission from the Personal Data Protection Commission; your explicit consent after explaining the consequences and possible risks of sending the data; standard contractual clauses; countries with a recognized adequate level of data protection.

6. Your rights regarding the personal data you provide to us

  • Right to withdraw your consent
  • Right to access and receive information

You have the right to request access to your personal data at any time.

In the rare cases where we are unable to provide access to your personal data within a period of one month, we will inform you of the reasons.

  • Right to rectification

You have the right to request that we correct any inaccuracies in your personal data.

  • Right to erasure

You have the right to request that we erase your data, unless we need to retain it to protect our legitimate interests.

  • Right to restriction of processing for a certain period of time

Right to data portability

Where technically feasible, you may request that the personal data you have provided be transferred to another organization.

  • Right to object
  • Right to lodge a complaint with the Personal Data Protection Commission

If you believe that we are violating your rights, you can contact us at office@fiestatravel.bg so that we can investigate the case.

You also have the right to lodge a complaint with the Personal Data Protection Commission at the following address: Sofia, 1592, Prof. Tsvetan Lazarov Blvd. No. 2, tel. 02/91-53-518, email: kzld@cpdp.bg

We always strive to satisfy your requests when they are admissible and justified, and to respond within the statutory one-month period. In rare cases, we may need to extend this period, but by no more than two months, up to the maximum period permitted by law.

Please note that we may ask you to confirm your identity before we can take action on your request or complaint. We may also ask you for more information to ensure that you are authorized to make such a request or complaint when you contact us on behalf of someone else.

Requests regarding your rights can be sent to:

office@fiestatravel.bg

7. Security measures

We take technical and organizational security measures to protect your data from unlawful processing, accidental loss, destruction, damage, or disclosure.

Furthermore, access to personal data within the company is restricted to those employees, subcontractors, and other third parties who need this access for the purposes of their work and to fulfill their job responsibilities. They are also obligated to maintain the confidentiality of your data.

In order to ensure maximum security when processing, transferring, and storing personal data, we use additional protection mechanisms such as encryption, pseudonymization, and others where necessary.

This Privacy and Personal Data Protection Policy is reviewed and updated by us regularly in order to be as clear, accurate, and transparent as possible and to cover any changes that occur (if necessary) and changes in legislation.

Date of last update: May 25, 2018.