Data Protection Policy
LIDIA TOURS LTD is a personal data controller as regards your data as users of our services. As regards the personal data that you process when you use our services, LIDIA TOURS LTD acts in the capacity as personal data processor (For example, if you are a tour operator and we act as your agent or client by offering a related travel service – if, for instance, you have asked us to make a hotel booking or to purchase air tickets, or if you use our booking system yourself.)
LIDIA TOURS LTD complies with all requirements of the new General Data Protection Regulation or GDPR adopted by the European Union. The Regulation aims to secure the protection of the data of natural persons from EU countries and to unify the regulations on the processing thereof.
The complete name of the referenced act is REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. Herein it shall be referred to as the Regulation or GDPR.
It is available in all European languages HERE: (GDPR)
This Privacy Declaration shall be effective as of 25 May 2018.
І. Who are we?
Details of the Controller:
Name LIDIA TOURS LTD, UIC 130975849
Address of management/Mailing address:
7-9 Uzundzhovska Street, floor 1, office 2
Tel. +359 2 488 08 00 +359 2 488 08 01 +359 (88) 7 600 383
Business hours: Monday - Friday 09:00 a.m.- 06:00 p.m.
Contact details of the Data Protection Officer:
You can contact directly the Data Protection Officer Elena Racheva Stoyanova at:
Tel.: 02 488 08 00
ІІ. Types of personal data that LIDIA TOURS LTD collects, processes and stores:
2.1. General personal data:
- first name and surname;
- home address;
- date of birth/age;
- emails such as email@example.com;
- number of ID cards/passports;
- IP addresses;
These cookies are essential to the proper functioning of our website’s system and allow us to maintain the logical session between your client browser (profile) and the server.
These cookies provide information on the number of visits to our website and allow us to analyse if our users operate it easily and if we have addressed their frequently asked questions (Google Analytics cookies). These cookies do not provide any information on your personal data. They only show us if you have visited more than one page of our website, how many times you visited certain pages, if you use a mobile or desktop device or other anonymous data. For Google Analytics we also use anonymization of IP addresses through anonymizelp. The maximum storage period for the analytical data in Google Analytics is 50 months.
These cookies allow us to provide you with a more personalized service (such as saving the last offer search), thus letting you make the maximum use of our website functionalities. They do not store your personal data.
These are dynamic cookies of Facebook, Google, etc. We do not use such cookies but if you click on any of the advertisements on our website, these cookies may be activated by our advertising partners. They also store no personal data.
It is up to you to adjust the settings of the cookies you may receive from our website. To do that, go to the settings of your browser and follow the instructions. Please note that if you restrict some types of cookies, you may also restrict the website functionality on your own device.
2.2. Special categories of data that we process:
- Personal ID No. (personal identification numbers of Bulgarian citizens) – whenever necessary to perform our contractual obligations, or if legally obligated;
- Sensitive data: data concerning your health status (when making medical insurance and/or in case a claim event occurs during a trip, as well as documents for temporary incapacity for work if you are an employee of ours);
- Family relationships (where necessary for the purposes of a contract – for example a minor/underaged child under your custody or for the use of the “honeymoon” promotion).
2.3. Data sources:
- From data subjects (that is yourself);
- From publicly available registers – the Commercial Register, the Property Register, the National Tourism Register with the Ministry of Tourism;
- From tour agents that act as data processors for the purposes of the service that we provide you with;
- From tour operators – partners of ours;
- From merchants that act as data processors – (e.g., in case of business trip inquiries).
2.4. Purposes and principles of use of the personal data that we collect:
- We shall process your data for the purpose of performing (and/or entering into) a contract for the provision of a travel service – an organized trip or an element thereof, or a related service (your ID card/passport are necessary for the hotel accommodation, we also need you telephone number or the number of another person named by you in case of a claim event; we need your email to send you your boarding pass and air ticket), the legal basis being Article 6, paragraph 1 of the Regulation, namely:
- Performance of the obligations of LIDIA TOURS LTD under the contract to which you are a party (including herein: the protection of your rights and legal interests and/or the rights and legal interests of the children or elderly individuals whom you may assist so that we can protect your vital interests in case a claim event should occur and at the time you are not in a condition to react);
- Performance of a legal obligation that is binding to LIDIA TOURS LTD (detailed information is available at the section devoted to our legal bases for processing your data);
- For the purposes of the legitimate interests of LIDIA TOURS LTD;
- Your explicit consent as our client.
LIDIA TOURS LTD accepts and stores only the data that is necessary for and relevant to the service provided.
LIDIA TOURS LTD shall not accept or store personal data “by default”, even if they have been obtained from another controller upon a transfer request, and shall not store all the data it receives.
If the data received contain data from third parties, LIDIA TOURS LTD shall store the data under the control of the requesting subject. These data shall be managed solely for the needs thereof and for no other purposes of LIDIA TOURS LTD.
If you are an employee of ours:
In addition to the aforementioned purposes (inasmuch as the performance of the contracts with our clients is carried out through you), as well as for the protection of your rights and legal interests, as well as for the protection of your rights and legal interests for the purposes of the employment, tax and social security laws (Labour Code, Social Security Code, Tax-Insurance Procedure Code), and for the purposes of the employment relationships in the performance of your professional duties. The processing of data concerning your health status is necessary for the purposes of preventive or occupational medicine, as well as in compliance with the Medical Assessment Act and the Social Security Code (in case of sick leave compensations, maternity benefits, etc.).
2.5. LIDIA TOURS LTD collects personal data only to the extent necessary to provide the relevant services and safeguards them responsibly and lawfully.
Our legal bases for processing your data are:
2.5.1. Processing is necessary for the following legal obligation of ours:
- We are legally obligated to process your data for the purposes of your travel and/or the issuance of travel vouchers, and/or a booking form, and/or hotel accommodation, issuance of air tickets, and/or services related thereto: the Tourism Act, the CONVENTION on International Civil Aviation, the Civil Aviation Act, the Contracts and Obligations Act, the Commercial Act, the Statutes and Regulations of the International Air Transport Association (IATA), the International Convention for the Transportation of Passengers (Uniform Rules concerning the Contract for International Carriage of Passengers and Luggage by Rail) (CIV), the Convention concerning International Carriage by Rail (COTIF), Regulation (EU) No 1177/2010, Regulation (EC) No 261/2004, Regulation (EC) No 2006/2004, etc.
- Under the Insurance Code so that we can get medical insurance concerning your trip and/or to file a claim with the insurer;
- Under the Tax-Insurance Procedure Code and the VAT Act for the purposes of taxation (for invoicing);
- Under the Civil Registration Act (mandatory hotel registration at the place of accommodation);
- Under the Electronic Documents and Electronic Authentication Services Act (when paying via POS terminals). It is IMPORTANT to note that virtual POS terminals forward payments directly to the bank through the BORICA system. We do not process any financial or banking data. It is your bank that does it through the BORICA system. In this respect payments through the virtual POS terminal are no different than the payments through physical POS terminals.
- Under the Banks and Banking Act (with regards to payments and the Measures Against Money Laundering Act).
2.5.2. Processing of your data based on the contract we have entered into
2.5.3. Processing is based on your consent. (whenever we make bookings on your behalf, including when you use our services via the phone or another means of mass communication, and provided that none of the aforementioned legal bases exists);
2.5.4. For reasons of public interest in the field of public health (if an epidemic breaks out during a trip, to protect you from any risks);
2.5.5. For statistical purposes (related to the interest in a given tourism product);
2.5.6. For the exercise or defence of legal claims;
2.5.7. Where you assign to LIDIA TOURS LTD the processing of third party personal data with a view to service use, LIDIA TOURS LTD shall act as a personal data processor.
2.5.8. This is also the case when you book additional tourism services for your trip or holiday through hyperlink/hyperlinks of ours, without taking advantage of the rights applicable to package travel under Directive (EU) 2015/2302. In such cases LIDIA TOURS LTD shall solely act on your instructions as a user of our services and only inasmuch as capable of controlling the personal data that you may process. LIDIA TOURS LTD has no control over the contents or data that you, as a user of the services, may choose to add to the service of the provider (including whether or not these data contain personal data). In such cases LIDIA TOURS LTD shall play no role in the process of deciding whether a user shall use the personal data processing service, what the purposes of processing may be or whether the data are protected. Respectively, the liability of LIDIA TOURS LTD in such cases shall be limited to: 1) compliance with the instructions of the user of the service pursuant to the contract and the general terms and conditions of the booking system; 2) provision of information on the service and its functionalities through its interface.
2.6. The legitimate interests pursued by us or by any third parties working for us are generally as follows:
- We are a business company that functions as a tour operator and an agent – our legitimate interest is directly related to the scope of our business, to the performance thereof and to the execution of our contractual relations – the provision of tourism services (and any legal relations pertinent thereto);
- The interests of LIDIA TOURS LTD and of the third parties in the field of commerce, legal certainty and taxation policy come as a result of the nature of our business.
- We are a member of IATA;
- We are an insurance agent;
- The third parties that work for us are accountants, tour operators, agents, carriers, lawyers, tourist guides, museum workers, insurers – their legitimate interest is a direct result of their business.
2.7. The following organizations/persons may obtain your personal data:
- Travel agents and members of the Bulgarian Association of Travel Agents (BATA) and the Association of Bulgarian Tour Operators and Travel Agents (ABTTA) entered in the National Tourism Register with the Ministry of Tourism and/or the relevant tourism registers of other countries (item 6 of the Tourism Act);
- Hotel operators (the civil Registration Act);
- The accounting company that we use (the Accountancy Act);
- Any administrations to which you may apply for a visa;
- Air carriers and members of IATA;
- Carriers (where necessary under an international treaty);
- Law offices/lawyers/legal advisers (in case we need to defend our legitimate interest);
- Insurance companies;
- The National Revenue Agency;
- The governmental authorities.
ІІІ. Principles of processing
We adhere to the following principles when processing your data:
- Lawfulness, good faith and transparency;
- Restriction of processing purposes;
- Compatibility of processing purposes and minimization of data collection;
- Accuracy and timeliness of data;
- Storage restriction with a view to achieving the purposes;
- Integrity and confidentiality of processing and ensuring an appropriate level of personal data security.
By consenting to this Privacy Declaration (notice on the confidential treatment of personal data), you grant us permission to process your personal data only for the purposes we have communicated.
Consent is needed to enable us to process both types of personal data (general and special) but it has to be explicitly granted.
Where we ask for consent concerning special (sensitive) personal data, we shall always provide the due justification therefor and shall detail on how the requested information shall be used.
You may withdraw your consent at any time by filing a Consent Withdrawal Statement or send a free-text email (letter).
V. Transfer of personal data to countries outside the EU or to international organizations
LIDIA TOURS LTD shall inform you if it intends to transfer all or any part of your personal data to third countries or international organizations.
We do not intend to transfer your personal data to third parties without first obtaining your consent, unless this is necessary for the purposes of our contract (e.g., travel to countries requiring a visa).
VІ. We shall not be selling your personal data!
LIDIA TOURS LTD may, at its own discretion, transfer all or any part of your personal data to data processors with a view to achieving the purposes of processing in strict compliance with Regulation (EU) No 2016/679.
VІІ. Period of data storage
(LIDIA TOURS LTD) shall store your personal data for the following periods:
1. In the presence of legitimate grounds:
- Under Article 91 of the Tourism Act - 2 years (plus 6 months for forwarding the case; in the absence of forwarding – upon the expiry of the aforementioned period);
- Until the expiry of the general five-year limitation period applicable to contractual relations (e.g., Article 111 of the Obligations and contracts Act in conjunction with item 60 – 68 of the Additional Provisions to the Tourism Act) (with the option of a 6-month extension period for forwarding the case; in the absence of forwarding – upon the expiry of the aforementioned period)
- Under the Accountancy Act – 10 years and/or until the audit and/or cross-check completion by the National Revenue Agency (if any such audits or cross-checks are still running at the end of the 10-year period);
- In case of employment and insurance relations – 50 (fifty) years;
- In case of legal proceedings – 5 years from filing the case with the court (with a view to collection of legal costs). Where cases are joined (e.g., one is referenced for a preliminary ruling, while the time-limit of the other is about to expire, the time-limit shall be over for both cases with the expiry of the 5-year period as applied to the latest case – e.g., unpaid air ticket for a service that has already been provided: the existence of a preliminary order for payment procedure and consecutive enforcement proceedings to collect any outstanding costs).
2. Where a contractual basis exists (unless processing is performed on a legal basis and we are legally obligated to store your data for a longer period):
- When purchasing air tickets and/or making hotel bookings through us – until the receipt of the respective air ticket or voucher, as your data shall be immediately deleted by the system, inasmuch as we function as data processors acting between you and the controller which shall provide the end service – e.g., the air carrier. Your data may be stored as an exception if you have created a user account under your control in order to use system discounts, and/or if you have consented thereto for the purposes of the marketing policy of the company – direct and/or indirect marketing. In such cases you may withdraw your consent at any time and, depending on the system, if you have access to a client account – to delete the data yourself, and/or to request that you are forgotten (and that the data is erased) by filling in this form and/or sending a free-text email to the email address given above, or by giving us a paper note. (Please, read through your rights detailed herein below in section VIII).
- With the expiry of the term provided for making any claims under the contract;
- Your data shall be stored on paper and by electronic means in pursuance of an established policy and organizational measures on security according to the Regulation.
3. With your consent – as long as necessary to achieve the purposes for which consent has been granted, or until the withdrawal of consent.
VІІІ. You have the following rights:
At any time while we are storing or processing your data you (as a data subject according to the terms of the Regulation) shall have the following rights:
- You shall have the right to obtain from LIDIA TOURS LTD a copy of your personal data and shall have the right to access your personal data at any time;
- You shall have the right to obtain from LIDIA TOURS LTD your personal data in an appropriate format to be transferred to another controller, or to request that we perform the transfer without hindrance from us;
- you shall have the right to obtain from LIDIA TOURS LTD rectification without undue delay of any inaccurate data of yours, as well as data that are no longer relevant;
- you shall have the right to obtain from LIDIA TOURS LTD erasure of your personal data without undue delay where one of the following grounds applies:
- your personal data are no longer necessary in relation to the purposes for which they were collected;
- where you withdraw your consent;
- where you object to the processing,
- where the personal data have been unlawfully processed;
- where the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we as a controller are subject;
- where the personal data have been collected in relation to the offer of information society services.
ATTENTION: We may refuse to erase your personal data for one of the following reasons:
- for compliance with a legal obligation to which we are subject or for performance of a task of public interest;
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
- for the establishment, exercise or defence of legal claims;
- for exercising the right of freedom of expression and information.
ІХ. You also have the following rights:
- you shall have the right to obtain from LIDIA TOURS LTD restriction of processing of your personal data and in that case the data shall only be stored, not processed. Should we refuse to restrict the processing, we shall explicitly do so in writing and our refusal shall rest on lawful grounds that we shall provide;
- you shall have the right at any time to withdraw your consent to the processing of your personal data with a separate request sent to the controller;
- you shall have the right to object to certain types of processing such as direct marketing (unsolicited communication);
- you shall have the right to object to automated processing, including profiling;
- you shall have the right not to be subject to a decision based solely of automated processing, including profiling;
- if we need to use your personal data for a new purpose that is not covered hereby, we shall furnish you with a new data protection notice and, where necessary, shall ask you in advance to consent to the new processing.
All of the aforementioned requests shall be forwarded if there is a third party involved (recipients, including ones outside the EU and international organizations) in the processing of your personal data.
Х. You shall have the right to lodge a complaint with the supervisory authority
In case of violation of your rights according to the applicable data protection laws, you shall have the right to file a complaint with the Commission for Personal Data Protection as follows:
- Name: Commission for Personal Data Protection
- Registered office and address of management: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia;
- Mailing address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia;
- Tel.: 02 915 3 518
- Email: firstname.lastname@example.org, email@example.com
- Website: www.cpdp.bg
In case you wish to file a complaint concerning the processing of your personal data through LIDIA TOURS LTD (recipients, including ones outside the EU and international organizations), you may do so by using the contact details of LIDIA TOURS LTD or you may contact directly the Data Protection Officer (using the contact details given above).
You may exercise all of your rights concerning the protection of your personal data through the forms attached hereto. Of course, these forms are not compulsory and you may extend your requests in any form that contains your statement to that effect and identifies you as the holder of the data concerned.
ADDITIONAL INFORMATION TO THE
What is personal data?
According to the General Data Protection Regulation personal data is defined as:
"Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
Furthermore, separate data that, when put together, may result in the identification of a specific person, also constitute personal data.
Personal data that have become anonymized in such a manner that the person is not or is no longer identifiable, are no longer considered personal data. In order for the data to actually be anonymized, anonymity has to be irreversible. If data can be used for the subsequent dentification of a person, they shall remain personal data and shall remain within the scope of the GDPR.”
WHAT DATA ARE NOT CONSIDERED PERSONAL?
The examples of data not considered personal include:
- a company registration number;
- an email address such as firstname.lastname@example.org;
- anonymized data.
Why does LIDIA TOURS LTD collect and store personal data?
- In order for us to be able to offer you our travel services, we need to collect personal data so that we can perform (and/or enter into) a contract for the provision of a travel service – an organized trip or a separate element thereof or a related service (your ID card/passport are necessary for the hotel accommodation, we also need you telephone number or the number of another person named by you in case of a claim event; we need your email to send you your boarding pass and air ticket), the legal basis being Article 6, paragraph 1 of the Regulation, namely:
• Performance of the obligations of LIDIA TOURS LTD under the contract to which you are a party; (including herein: the protection of your rights and legal interests and/or the rights and legal interests of the children or elderly individuals whom you may assist so that we can protect your vital interests in case a claim event should occur and at the time you are not in a condition to react);
- Performance of a legal obligation that is binding to LIDIA TOURS LTD (detailed information is available at the section devoted to our legal bases for processing your data);
- For the purposes of the legitimate interest of LIDIA TOURS LTD and your legitimate interest (e.g., under an insurance policy) and/or your consent;
We guarantee that the information we collect and use is necessary (essential) for that purpose and is not aimed at invading your privacy.
For the purposes of advertising and marketing communications, LIDIA TOURS LTD shall additionally ask for your consent.
How do you use my personal data?
In this privacy notification we provide a detailed account of the purposes and reasons for us to collect and process your data.
• We are legally obligated to process your data for the purposes of your travel and/or the issuance of travel vouchers, and/or booking forms, and/or hotel accommodation, issuance of air tickets, and/or services related thereto: the Tourism Act, the CONVENTION on International Civil Aviation, the Civil Aviation Act, the Contracts and Obligations Act, the Commercial Act, the Statutes and Regulations of the International Air Transport Association (IATA), the International Convention for the Transportation of Passengers (Uniform Rules concerning the Contract for International Carriage of Passengers and Luggage by Rail) (CIV), the Convention concerning International Carriage by Rail (COTIF), Regulation (EU) No 1177/2010, Regulation (EC) No 261/2004, Regulation (EC) No 2006/2004, etc.
Under the Insurance Code so that we can get medical insurance concerning your trip and/or to file a claim with the insurer;
Under the Tax-Insurance Procedure Code and the VAT Act for the purposes of taxation (for invoicing);
Under the Civil Registration Act (mandatory hotel registration at the place of accommodation);
Under the Electronic Documents and Electronic Authentication Services Act (when paying via POS terminals);
Under the Banks and Banking Act (as regards payments you need to give your names and your personal ID No.)
This is also the case when you book additional tourism services for your trip or holiday through hyperlink/hyperlinks of ours, without taking advantage of the rights applicable to package travel under Directive (EU) 2015/2302
2.5.2. Processing of your data based on the contract that we have signed with you
2.5.3. Processing is based on your consent. (whenever we make bookings on your behalf, including when you use our services via the phone or another means of mass communication, and provided that none of the aforementioned legal bases exists); We need your consent for the following purposes:
1. For direct marketing purposes (e.g., so that we can send you hot offers or last-minute offers);
2. For statistical purposes (so that we may decide which offer would be most appropriate for you);
3. For profiling (user account, point collection program, etc.)
2.5.4. We do not need consent (unless a legal basis exists) when we process your data for one of the following purposes:
188.8.131.52. For reasons of public interest in the field of public health (if an epidemic breaks out during a trip, to protect you from any risks);
184.108.40.206. For statistical purposes (related to the interest in a given tourism product or for Google Adwords);
220.127.116.11. For the exercise or defence of legal claims.
Are you going to forward or share my personal data with other organisations or persons?
We shall not be selling your data to third parties, nor shall we be forwarding them for profit.
LIDIA TOURS LTD may forward your personal data to our sub-suppliers we have entered into contracts with.
Any third parties that may receive your data are obliged to store them in a safe manner and to use them solely for the purpose of performing their obligations to us. When they no longer need your data to perform these obligations, they shall be provided with detailed instructions on the destruction thereof in compliance with the procedures established by LIDIA TOURS LTD.
Where we intend to transfer special (sensitive) personal data to a third party, we shall do so only after we have obtained your consent. (Exceptions being the cases where we are legally obligated to act otherwise.)
Recipients of your data may be governmental authorities, to which we shall transfer them in compliance with specific and clear legal obligations.
How are you going to store and safeguard my personal data that you collect?
LIDIA TOURS LTD collects, stores and uses the information you have provided in a manner that is compatible with the General Data Protection Regulation (GDPR). We shall do our best to keep the information accurate and updated.
We shall not store information concerning you longer than reasonably necessary for achieving the specific purposes of collection, which have been communicated herein.
Some of the information storage periods depend on legal obligations to keep documents and information in certain minimum terms (see detailed information in Section VІІ).
We have taken foreseeable technical and organizational measures to secure the protection of your data from unauthorized access. We have integrated an information protection system, namely personal accounts protected by authentication with usernames and passwords and we operate with encrypted data both when using the MAC (APPLE) OS under a firewall, and when using the encrypted channels to the servers with the SSL/TLS and В2В/В2С protocols. Data bases are also stored on the Google Cloud Platform. We have developed a mechanism of notifying persons in case of unauthorized data access. We do not store data locally on the computers of our employees. They only pass through them during processing. Each employee of ours has a restricted access only to the information that he or she needs to perform his or her obligations. When a paper and/or email statement of a client is received, the notification procedures commences. Clients consent to providing their data by clicking on the respective box on the website when signing up/booking.
The rest of the details concerning the systems ARE a company secret which may be disclosed only to the officials at the Commission for Personal Data Protection with your security in mind.
How can I find out what are the personal data of mine that you hold and process?
(LIDIA TOURS LTD), at your request, is obliged to tell you what information concerning you it stores and how is that information processed.
- If we have personal data of yours, you can ask for the following information:
- Contact details of the organization that is processing your data or on behalf of which your data is being processed. (In certain cases this may be a representative of the EU);
- Contact details of the Data Protection Officer that you may approach;
- The purposes of the processing;
- The legal basis for the processing;
- The relevant categories of personal data being processed;
- The recipients or categories of recipients which have or shall receive the data;
- The recipients in third countries or international organisations, if the personal data have been transferred to such, as well as the safeguards that they shall maintain a level of data protection no lower than the one in the EU;
- If the processing is based on the legitimate interests of (LIDIA TOURS LTD) or of a third party, information on those interests;
- The intended period for which the personal data shall be stored;
- Details on your rights to obtain rectification or erasure of personal data, the right to obtain restriction of personal data processing and the right to object to such processing;
- Information on your right to withdraw your consent at any time;
- Details on your right to lodge a complaint with a supervisory authority;
- Information whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data;
- The source from which the personal data originate, if not obtained directly from you;
- All details and information on the existence of automated decision-making, including profiling, as well as any meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing.
How can I access my data which is being processed?
You need to fill in an access request available here (link to a template) or to extend a request using the contact details of (LIDIA TOURS LTD), or, using the given contacts, directly reach the Data Protection Officer.
You need to satisfactorily prove your identity to us by providing – personal documents, client number or an e-card.
You can contact directly our Data Protection Officer at:
The information and requests are processed free of charge, except for the cases stipulated by law, where the controller is entitled to charge a reasonable fee.
Red the full text here (link)
By consenting to our Privacy Declaration concerning our Personal Data Processing Policy you explicitly consent to our processing of your personal data for the stated purposes.