CONFIDENTIALITY RULES AND PERSONAL DATA POLICY

The Regulation on General Data Protection /Regulation (EU) 2016/679, is applied in respect in respect of the processing and protection of natural persons’ information. The protection of personal data is of the matter of utmost importance, both for the Administrator of personal data and for the persons whose data are processed. As an Administrator, we process personal data to the extent that is necessary for collecting the data. We have implemented all the required technical and organizational measures for the protection of the personal data entrusted to us.

The principles we follow when processing personal data are:

“Lawfulness, good faith, and transparency” – we process your data lawfully, conscientiously and in a transparent manner. When data processing is not based on legal or contractual relations, the previous consent of the data subject is necessary for the processing of his personal data with one or more specific purposes. Processing is lawful when it is required for the performance of a contract, which is signed by the data subject as a party, or for taking the relevant measures at the request of the data subject prior to entering into a contract.

“Reduce data to a minimum” – we only collect relevant, appropriate, and limited to the purposes of data processing that we perform.

“Purpose limitation” – we only collect your data for specific, explicitly stated, and legitimate purposes and do not undertake any further processing of it in a way incompatible with those purposes.

“Accuracy” – we maintain your data accurate and up-to-date.

“Storage limitation” – we store it in a form that allows us to identify the data subject during a period that does not exceed the one that is necessary for the purposes of its processing.

“Integrity and privacy” – we process your personal data in a way that ensures an appropriate level of security, including protection against unauthorized or unlawful access. We have taken appropriate technical and organizational measures against accidental loss, destruction, or damage of your data.

“Accountability” – We are responsible and able to demonstrate compliance with the rules and regulations in the processing of your personal data.

Consent

When the need for processing of personal data is imposed by law or is not a part of a contractual relationship, the express consent of the data subject is required. If the abovementioned consent is given in the form of a written declaration that is also related to other matters, the request for consent shall be presented clearly and properly distinguished from the other matters, in a comprehensive and easily accessible form, and compiled in clear and simple language. In cases where we ask for consent granted for special types of personal data, we will always give our reasons why and how this information will be used.

Withdrawal of consent

You can withdraw your consent at any time. You can withdraw the consent as easily as you gave it. It is enough to contact us using the specified contact details. Upon receipt of your request, we will cease processing the data for which we originally obtained consent, unless we have another legal ground to continue processing, whereof we undertake to notify you in a timely manner.

Purposes of processing

We collect and process personal data for the following purposes:

  • processing of customer data – natural persons;
  • performing registration on the site;
  • making reservations for the hotel;
  • advertising of therapeutic and rehabilitation packages;
  • product advertising;
  • advertisement of spa treatment
  • alternative medicine;
  • marketing purposes – only with the customer’s express consent;
  • sending information messages and use in all types of the company’s advertisements;

Categories of natural persons

We process data for the following categories of natural persons: • customers – natural persons.

Types of personal data we process

On this site, we do not process personal data that is related to the economic identity of data subjects.
Eventually, a necessity may arise to upload photos of events organized by the company, as well as photos of spa treatments in the context of advertising the hotel’s services. In case if you decide to visit our Website and use the services offered through it, you have to follow the requirement to provide your personal data such as name, address, telephone number, and e-mail through registration.

Special categories of personal data (“sensitive data”)

On this site, we do not process data, which reveal an individual’s racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric information, as well as data on sex life or sexual orientation.

We process certain types of personal data in the following situations:

  • We may process sensitive data where this is necessary for the defense in a legal dispute or for the protection of the interests of an individual or someone else who is incapable of giving valid consent.

Sources from which we collect personal data

We obtain the information from the data subject or a publicly available source. When the information is not obtained from the data subject, we inform him of the source of it.

Cookies

In addition to the information that you provide voluntarily in the various forms, we would like to notify you that the site uses cookies. Cookies constitute small pieces of information, which are stored on the user’s computer or mobile device. They enable “remembering” the user’s actions or preferences when navigating the Internet. Most browsers support cookies. Users can set their browsers so that cookies are not remembered or are deleted after a certain period of time.

We use cookies to:

  • Remember the user’s preferences
  • Cookies can also be used for online behavioral targeted advertising, to display ads related to the information that the user has searched for.

The use of cookies helps us monitor the traffic of our website and estimate if our users are capable of working with it easily – Google Analytics cookies. These cookies cannot give us any information about your personal data. They show us which pages of our site you have viewed, whether you visited it via a mobile or desktop device and other anonymous data. We also use IP anonymization for Google Analytics. We use the Facebook Pixel to collect statistical information about visiting our site, which we need for carrying out market research. Data collected in this way remain anonymous for us, i.e. we do not receive information about the identity of users.

Since the data is stored and processed by Facebook, we attach a link to the privacy policy and protection of personal data used by Facebook and the software, functionalities, and tools offered by it:

https://www.facebook.com/about/privacy

Your access to social networks such as Facebook, Google+, YouTube, Instagram, and others is available on condition of separate registration and acceptance of the general conditions of these sites. Popov Tours Ltd. is not responsible for your personal data protection in case of acceptance of these general terms and conditions. Please review them in detail. We are grateful for your trust and assure you that we comply with the rules for the processing and protection of information related to natural persons, as well as the rules regarding the free flow of personal data.

Categories of personal data recipients

Popov Tours Ltd. does not transfer to other organizations (recipients) part or all of the personal data processed after visiting the site.

Term of the personal data storage

We store your personal data for a time period, which does not exceed the duration necessary for its processing that serves our purposes. After the expiration of this time, we delete and destroy all your data without an inappropriate delay. Popov Tours Ltd. stores your personal data, which is necessary to be kept under the applicable legislation, for the relevant period established by law, which may exceed the period of its processing for our purposes.

Data security

We have implemented due technical and organizational measures to prevent accidental loss or unauthorized access, alteration, or disclosure of personal data. We have developed and continue to maintain a Personal Data Protection System. Authorized employees can process personal data only on the basis of our instructions and in compliance with confidentiality rules. In the event of an infringement of personal data security, we will immediately start the procedure established by the Personal Data Protection System. We will notify the supervisory authority and data subjects thereof without any delay and at the first opportunity — no later than 72 hours after becoming aware of it.

Rights of the subject of personal data

We will provide for you, upon your explicit request, any information that relates to data processing in a concise, transparent, comprehensive, and easily accessible form, written in clear and simple language.

Your rights in respect of the processing and storage of your personal data are as follows:

  • Right to information and access
  • Right to correction of your data
  • Right to erase your data
  • Right to limit the processing of the data
  • Right to data transfer
  • Right to object
  • Right to submit a complaint to the supervisory authority

In the event of an infringement of your rights, according to the legislation on personal data protection, you are entitled to file a complaint with the supervisory authority: