This website is managed by SILKY HOLIDAYS Ltd., registered with UIC: 128595448 at the Commission for Personal Data Protection in Bulgaria.
SILKY HOLIDAYS Ltd., hereinafter called „AGENCY“, accepts as its priority to provide not only quality service to its clients but also to protect the confidentiality of their personal data. It has therefore taken a number of legal and technical steps to bring its activity into line with the new personal data law which is being implemented by the General Data Protection Regulation (EU) 2016/679 (hereinafter called "Regulation").
• What personal data we collect from you
• Why we collect and process your personal data and on what grounds
• When and how we can share your personal information with other organizations, including third countries
• The period in which we will store your personal data
• International transfers of personal data
• The rights you have with respect to our personal data
• Security measures
1. What personal data do we collect?
1.1. When you sign up for one of our services, you provide us with:
• Address, email address, phone number and date of birth
• Your sign-in information, as your username and password you selected
1.2. When you browse our websites or use our mobile apps, we collect:
• Travel preferences
• Information about your browsing behavior on our websites and mobile apps
• Information about your browsing any of our ads, including those displayed on the websites of other organizations
• Information on how you access to our digital services, including operating system, IP address, online identifiers and browser details
• Social preferences, interests and activities
1.3. When you make inquiries about offers, we collect:
• Name and surname, e-mail, phone
• Destination preferences, number of travelers including children and their age
1.4. When making a reservation, we collect:
• Gender data, name and surname, address, country, phone, e-mail, date of birth, preferred form of payment, number of travelers including children and their age
1.5. In order to send you up-to-date offers, you can subscribe to our newsletter and then we collect:
• E-mail data
1.6. When you buy our products in our offices or online, we collect:
• Names, PIN, address, passport/ ID card details, other identity card details
• Passenger information - Number of passengers including children and their age
• Contact details - phone, e-mail
• Information about your purchases, including what you bought, when and where you bought it, how you paid it, or other payment information.
• Data relating to written consent from parents, guardians or custodians or other carers for the participation of the child or student in the relevant tourist trip
• Any special dietary requirements
• Relevant medical data on disability, limited mobility, pregnancy, vaccinations, accident data on travel
• Family status information - child excursions, traveling with one parent
• Data about complaints and the opinion of tourists
• Data on the tourist's behavior during the trip regarding his claims of non-compliance with the contract
2. Why do we collect and store your personal data and on what grounds?
We collect and process your personal data for different purposes:
• Booking airline tickets, online check-in
• Hotel booking
• To conclude a contract for the sale of a product/ service
• To process and make a payment
• Issuance of accounting documents for the payment made
• For issuing visas
• For the conclusion of voluntary or compulsory insurance "medical expenses for sickness and accident of the tourist"
• To provide transport
• To contact you
• For marketing and advertising purposes
We collect and process your personal data on the basis of:
• Pre-contractual relations and contracting with you
• Our legal obligations under Bulgarian legislation - for example, the Tourism Law, the Accountancy Act and the applicable secondary legislation as well as European legislation in the field of tourism and service provision
• Consent (when sending an inquiry, sending a newsletter, registering a profile, assisting in issuing a visa, processing special categories of data, transmitting data to a third country if the third country does not have a decision of the European Commission to provide an adequate level of data protection)
• Protecting your vital interests (in an emergency, processing special categories of data when the person is physically or legally incapable of giving consent to provide data)
• To protect our legitimate interests (in collecting preference information to personalize our services)
3. When and how we could share your personal data with other organizations, including third countries
In order to provide you with the products and services you require, we provide your personal data to:
• Airline companies
• Transport companies
• Insurance companies
• Tour operators
• National Revenue Agency, Consumer Protection Commission and other recipients established by law
We also work with carefully selected providers that perform certain functions on our behalf, for example:
• Companies that help us with IT services - support computers, websites, email domains, servers, booking systems
• Marketing and advertising companies
• Payment processing companies
We may have to share personal data with investigative companies or other public authorities to identify, exercise or defend our legitimate rights or protect public interests in order to prevent fraud, reduce credit risk, combat terrorism, etc.
When we share personal data with other organizations, we require them to store the data by taking the highest possible organizational and technical security measures, and not to use your personal data for their own marketing purposes. We only share the minimum personal information that allows our suppliers and partners to provide you with our services.
4. What is the term of storing your personal data?
We store your personal information:
• For the purposes of the contract - for the duration of the tour and/ or for compliance with the legal requirements such as the exercise of rights to claim, compensation for damages
• For advertising and marketing purposes - until the consent is withdrawn
• For accounting purposes - according to the deadlines specified in the Accountancy Act, the Tax and Social Insurance Procedure Code
• For statistical purposes - only after their anonymisation
In cases of lack of legal time, we retain your personal data for a reasonable period of time determined on the basis of additional criteria. The criteria for setting the deadline are in line with our desire to provide you with high quality services.
When the personal data we collect is no longer required for the purposes mentioned, we delete or destroy them in another appropriate manner.
5. International transfers of personal data
We transfer your personal data outside the European Economic Area in the implementation of any of the following options: permission from the Commission for Protection of Personal Data; with your consent after explaining the consequences and possible risks of data transmission; standard contractual clauses; countries with an adequate level of data protection.
6. You have the following rights regarding the provided personal data:
• Right to withdraw your consent
• Right to access and receive information
You have the right to request access to your personal data at any time.
In the rare cases where we can not provide access to your personal data in a period not exceeding one month, we will state the reasons.
• Right to correction
You may request to correct any inaccuracies in your personal data.
• Right to delete data
You may request that you delete your data unless it is necessary to store it for legitimate interests.
• The right to restrict the processing of data for a certain period of time
• Right to data portability
Where technically possible, you may ask your provided personal data to be submitted to another organization.
• Right of objection
• Right to complain to the Commission for the Protection of Personal Data
If you believe that we are violating your rights, you may contact us at email@example.com to investigate the case.
You have the right to submit a complaint to the Commission for Personal Data Protection, address: Bulgaria, Sofia 1592, 2 Prof. Tsvetan Lazarov Str., Phone: +359-2-91-53-518, e-mail: firstname.lastname@example.org
We aim to satisfy your requests when they are admissible and reasonable, and give you a response within the statutory one-month period. In rare cases, we may have to extend this period, but not more than two months, to the maximum time allowed by law.
Please note that we may ask you to verify your identity before we can act on your request or complaint. We may also ask you for more information to make sure you are authorized to submit such a request or complaint when you contact us on behalf of someone else.
Requests regarding your rights, you can send to:
7. Security measures
We take technical and organizational security measures to protect your data from unauthorized processing, accidental loss, destruction, damage or disclosure. Moreover, the company has limited access to personal data to those employees, subcontractors and other third parties who need such access access for the purposes of their activities and for the fulfillment of their official duties. They also have an obligation to protect the confidentiality of your data.
In order to ensure maximum security in the processing, transfer and storage of personal data, we also apply where necessary additional security measures such as encryption, pseudonymisation and others.
Date of last update - 25.05.2018