="sha384-Vkoo8x4CGsO3+Hhxv8T/Q5PaXtkKtu6ug5TOeNV6gBiFeWPGFN9MuhOf23Q9Ifjh" crossorigin="anonymous">

Политика за поверителност

  1. What personal data do we collect?
  • We collect personal data about you when you willingly submit information directly to us when you access and use the Website. This can include information you provide to us when you e-mail us using the links on the Website, fill in a form, correspond with us via the Website, phone, email or otherwise, subscribe to our mailing lists, newsletters or other forms of marketing communications, respond to surveys or use some other feature of the Website as available from time to time.
  • If you choose not to provide personal data, we may not be able to provide the full service of our Website to you or respond to your other requests.
  • You may find the different categories of personal data we collect, how we use it and what are the legal basis for it his usage in the table 1
  • We also automatically collect personal data about you indirectly, including about how you access and use the Website and information about the device you use to access the Website. You may find the different categories of personal data we collect automatically, how we use it and what are the legal basis for it his usage in the table 2.
  • We also may use your personal data to provide you with a personalized experience regardless of how you interact with us.
  • We may anonymize and combine any of the personal data we collect (so that it does not directly identify you). We may use such information for our business purposes for example:  to test our IT systems, for a research, for data analysis, to improving the use of our service and to develop new products and features. We may also share such anonymized information with others including, for the needs explained.
  1. How we use your personal data?

2.1 When we reveal your personal data? We may have to share your personal data with the following reasons listed in table 1 and table 2 or if required:

  • Service providers and advisors. Personal data may be disclosed to third party vendors and other service providers that perform services for us, on our behalf, which may include identifying and serving targeted advertisements (for example, on Facebook and Twitter), providing payment, mailing or email services, tax and accounting services, data enhancement services, fraud prevention services, web hosting, and/or analytic services.
  • Flataway Website does not collect any credit/debit card information. In some cases, we may receive from you your bank account information to process refunds or when you pay your reservation fees via bank transfer. For all regular payments, we use a third party provider, Stripe or MyPOS.
  • Any payment information will be subject to Stripe’s privacy policy accessible here or MyPOS’s privacy policy accessible here.
  • The ESTI system for tourist information operated by the Bulgarian Ministry of Tourism, law enforcement, regulators and other parties for legal reasons. Personal data may be disclosed to third parties as required by law or if we reasonably believe that such action is necessary to
    • comply with the law and the reasonable requests of law enforcement;
    • protect the security or integrity of the Website;
    • exercise or protect the rights, property, or personal safety of users of the Service or others.

2.2. Retention periods

  • We will only retain your personal data for 12 months after your last booking for the purposes we collected it for (as set out in paragraph 2.1 above, and in Annex 1 and Annex 2 below), including for the purpose of satisfying and legal, accounting, or reporting requirements. This period can be prolonged after confirming it with you.
  • Retention of personal data is determined in consideration of the amount, nature and sensitivity of personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data, and whether we can achieve those purposes through other means, and the applicable legal requirements.
  • In some cases, you can ask us to delete your data: see paragraph “Right to erasure” below for further information.
  • In some cases, we may anonymize your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

2.3. How we store and transfer your personal data

We implement proper technical and administrative measures to protect your personal data against accidental or illegal destruction, loss, change or damage.

All personal data we collect will be stored on secure servers. All electronic transaction entered into via our Website will be protected by SSL encryption technology.

Your personal data may be transferred to, processed and stored in, countries outside of the jurisdiction you are in where we and our third party service providers have operations. All such actions will be made in consideration with personal data protection and with the GDPR regulations art. 44 and the following, in consideration of art.101 and 102 of the same regulation.

“A transfer of personal data to a third country or an international organisation may take place where the Commission has decided that the third country, a territory or one or more specified sectors within that third country, or the international organisation in question ensures an adequate level of protection. Such a transfer shall not require any specific authorisation.” Art. 45 GDPR

  1. What rights do you have?

Your personal data is used in accordance to the applicable EU regulations and local legislations.

  • Right of access. You have the right to receive confirmation of whether, and where, we are processing your personal information; information about the categories of personal information that we are processing, the purposes for which we process your personal information, and information as to how we determine applicable retention periods; information about the categories of recipients with whom we may share your personal information; and a copy of the personal information we hold about you.
  • Right of data portability. You have the right to receive the personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without interference, or to request the transfer of your personal data to another person where technically feasible.
  • Right to rectification. You have the right to obtain rectification of any inaccurate or incomplete personal information that we hold about you without undue delay.
  • Right to erasure, “right to be forgotten”. You have the right, in some circumstances, to require use to erase your personal information without undue delay, if the continued processing of that personal information is not justified.
  • Right to restriction of processing. You have the right, in some circumstances, to require us to limit the purposes for which we process your personal information if the continued processing of the personal information in this way is not justified, such as where the accuracy of the personal information is contested by you, for a period enabling us to verify the accuracy of that personal information.
  • Right of objection. You have the right to object to processing your personal information, based on legitimate interests and direct marketing.
  • You also have the right to address a complaint to your local data protection authority. Further information about how to contact your local data protection authority is available at ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.

If you wish to exercise one of these rights, please contact us using the contact details at the end of this Privacy Policy.

  1. Links to third party sites

The Website may contain links to and from third party services. If you follow a link to any of these websites, please note that they have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information to those services.

  1. Children

The Website is not directed or intended to the use of people under 18 and we do not knowingly collect personal data from people under 18.

  1. Privacy Policy Updates

We evaluate our privacy policies and procedures to implement improvements and modifications occasionall. When we do, we will indicate the date that this Privacy Policy was last updated.  Any changes we make will be effective immediately upon notice, which we may provide by means including, without limitation, posting a prominent notice on the Website or sending an email to the address associated with you. We are not responsible for your failure to receive an email due to the actions of your internet service provider or any email filtering service.

       7. Notifications

When we need to provide you with information about something, whether for legal, marketing or other business related purposes, we will select what we believe is the best way to get in contact with you. We will usually do this through email or by placing a notice on the Website. The fact that we may send notices to you will not stop you from being able to opt out of certain types of contact as described in this Privacy Policy.

       8. How to contact us?

Questions, comments and requests regarding this Policy are welcome and should be addressed to reservations@flataway.bg

Table 1 – Personal information we may collect when you use the Website

Category of personal information How we use it Legal basis for the processing
Contact information and basic personal details such as your first name, last name, phone number, and e-mail address. This information will be used to operate, maintain and provide to you the service of the Website. The processing is necessary for:

  • the performance of a contract and to take steps prior to entering into a contract; and
  • our legitimate interests, namely administering the Website, for marketing purposes and communicating with users.
This information will be used to communicate with you, including sending communication for the purpose of our service(such as invoices and information about updates to the service of the Website, and any news, alerts and marketing communications (in line with your settings and options)). The processing is necessary for:

  • the performance of the contract and to take steps prior to entering into a contract; and
  • our legitimate interests, namely administering the Website, for marketing purposes and communicating with users.
We use this information for questions and complaints made by you or about you in regards to the use of our service. The processing is necessary for our legitimate interests, namely administering the service, for marketing purposes and communicating with users.
Transaction information including payment information such as time, date, value of transactions, and your bank account information (only for refunds or bank transfer payments) We use this information to facilitate transactions and provide you with the Service. The processing is necessary for the performance of a contract.
We use this information to provide customer support. The processing is necessary for:

  • the performance of a contract and to take steps prior to entering into a contract; and
  • our legitimate interests, namely administering the service.
We use this information to detect and prevent fraud. The processing is necessary for our legitimate interests, namely the detection and prevention of fraud.
Guest stay information and feedback, including travel and transportation information regarding your travel to and from the property (including flight and train schedule) and your responses to any customer surveys. We use this information to address your questions, issues and concerns regarding the service, and to personalize your experience with respect to the service. The processing is necessary for our legitimate interests, namely communicating with users and responding to questions, complaints, and concerns.
We use this information to develop new products and features available through the Service, or otherwise to improve the Service. The processing is necessary for our legitimate interests, namely developing and improving our service.
We use this information to determine products and services that may be of interest to you. The processing is necessary for our legitimate interests, namely marketing.
Information provided by third parties. We may occasionally receive information about you from third parties and other users. We may obtain information from third parties to enhance or supplement our existing user information. We may also collect information about you that is publicly available. We may combine this information with the information we collect from you directly. We use this information to contact you, to send you advertising or promotional materials or to personalize our service, to pre-populate online forms, and to better understand the demographics of our users. The processing is necessary for our legitimate interests, namely to adapt our service to the user and to improve our service generally.
All personal information set out above. We will use all the personal information we collect to operate, maintain and provide to you the features and functionality of our service, to communicate with you, to monitor and improve our service and business, and to help us develop new products. The processing is necessary for our legitimate interests, namely to administer and improve the service.

Table 2 – Personal information collected automatically

Category of personal information How we use it Legal basis for the processing
Information about how you access and use the Website including, for example, how frequently you access the Website, the time you access it and how long you use it, whether you access the Website from multiple devices, the website from which you came and the website to which you go when you leave our website, and other actions you take on our Website. We use this information to present the service to you on your device. The processing is necessary for our legitimate interests, namely to adapt the service to the user and improve it generally.
We use this information to administer the service for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to help us develop new products and services. The processing is necessary for our legitimate interests, namely communicating with users and responding to queries, complaints, and concerns, and for developing and improving the service.
We use this information to detect and prevent fraud. The processing is necessary for our legitimate interests, namely the detection and prevention of fraud.
All personal information set out above. We will use all the personal information we collect to operate, maintain and provide to you the features and functionality of our service, to monitor and improve our service and business, and to help us develop new products and services. The processing is necessary for our legitimate interests, namely to administer and improve the service.