Grow Remotes prioritizes not only the provision of high-quality services to its clients but also keeping their personal data confidential. Therefore, our business is in compliance with the latest personal data legal framework, applied by virtue of the General Data Protection Regulation (EC) 2016/679 of the EUROPEAN PARLIAMENT AND OF THE COUNCIL, in force as at 25 May 2018 (hereinafter “the Regulation”). The provision of data by the user for all passengers is mandatory in view of the execution and performance of the agreement between the parties, whereas upon refusal to submit personal data, the TOUR OPERATOR cannot perform its contractual obligation.
1. Grow Remotes is a personal data ADMINISTRATOR pursuant to the REGULATION
2. Grow Remotes processes the personal data submitted by the USER under the Contracts and Obligations Act, the Commerce Act, the Tourism Act, the Accountancy Act, and the Personal Data Protection Act in strict compliance with the provisions of the Regulation.
3. Grow Remotes takes such technical and organizational security measures against unauthorized and illegal processing, accidental loss, personal data destruction, or damage, as may be required, considering the state of technological development, established practices, and the statutory requirements.
4. Grow Remotes shall duly carry out any and all notifications provided for in the Regulation.
5. The USER submits to the TOUR OPERATOR a Statement containing the required personal data of all passengers pursuant to the Regulation. These Statements should be completed in person and signed by the data subjects. When the subject is underage or a minor, the Statement should be signed in person by a parent/legal guardian.
6. The USER is aware and gives their consent on behalf of all passengers for their personal data, provided within the Statement, to be processed for the following purposes:
6.1. For the performance of the agreement between the Parties;
6.2. For taking out insurance – “Travel Assistance Abroad” and “Trip Cancellation Insurance”;
6.3. For accounting purposes;
6.4. For communication purposes;
6.5. For the Tour Operator’s marketing research.
7. If an entry visa is required, Grow Remotes further collects and processes data in compliance with the requirements of the Consular departments. Personal data is processed only in order to provide a visa on behalf of the passenger.
8. Personal data is stored as follows:
8.1 “Enquiries” Register – data of the USER, provided for communication purposes and for the purposes of preliminary bookings upon trip enquiry – 30 days, by virtue of explicit consent, unless the data subject requests “to be deleted” prior to the expiry of this term;
8.2 “Trips” Register – data of the USER for the performance of specific travel agreements and bookings – 2 years as at the date of the final performance of the specific service;
8.3 “Bulletin” Register – data of the USER and of partners, provided for storage by virtue of explicit consent outside the scope of performance of a specific agreement – 5 years, unless the data subject requests “to be deleted” prior to the expiry of this term;
8.4 “Market Research” Register – data for marketing and statistical purposes – 5 years, upon explicit consent, unless the data subject requests “to be deleted” prior to the expiry of this term;
8.5 “Accounting” Register – data of the USER for accounting purposes – 5 years as at the date of document execution;
9. Upon the expiry of the processing and storage term, Grow Remotes deletes all personal data and the existing copies thereof, unless there are other legal grounds for further storage, or there is an explicit consent for a longer storage term, submitted by virtue of a Statement by a data subject.
10. Grow Remotes submits personal data under item 5 to third parties only in connection to the agreement signed with the user for the provision of tourist services and on the grounds of the agreements between Grow Remotes and the providers of the relevant services.
10.1 Data provision is done pursuant to Art. 46 of the Regulation upon strict compliance with the mandatory company rules and the existence of relevant contractual provisions between the personal data administrator and receiver;
10.2 Any third party – personal data receiver constitutes personal data processor under the Regulation;
10.3 For the purposes of this Agreement, Personal Data processors are: airlines, hotels and insurance companies – providers stated in the agreement, tour guides and local representatives – contact information is provided in the travel documents not later than 3 days prior to the date of the first contractual service;
10.4 In the event of visa provision, the personal data processor is also the Consulate of the relevant country, which also constitutes personal data provision outside Bulgaria;
11. Grow Remotes does not provide personal data to persons irrelevant to the scope of the above agreement.
12. Further information about the rights of the USER:
12.1 To receive information about the CONFIDENTIALITY POLICY of Grow Remotes;
12.2 To receive confirmation whether and what personal data is processed, as well as to receive access to it, depending on the technical capabilities;
12.3 To request from Grow Remotes corrections of inaccurate personal data without undue delay, as well as personal data update and supplement in the event of changes thereof;
12.4 To request the deletion of the personal data if the legal grounds for its processing are no longer in force or Grow Remotes does not need this data in order to ascertain, exercise, or remedy judicial or other legal claims;
12.5 To request the restriction of the user’s personal data processing, as well as the right to object to the processing thereof when there are no legal grounds for personal data processing;
12.6 To request data portability to another Administrator – provided by Grow Remotes in a structured and commonly used format;
12.7 To file a claim to a supervisory body /Personal Data Protection Commission or the competent Court/ in relation to the user’s personal data processing when the law provides for such option.
What are “cookies”?
Every cookie is unique for your browser and contains anonymous information. Its content includes the name of the domain it comes from, its “lifecycle” and a value, usually in the form of a randomly generated number.
What kinds we use and what for?
Security and identification.
The purpose of the cookies intended for connection security is:
- To recognize the user within the specific session;
- To control security;
- To ensure that the information the user enters is seen only by the user
The security and identification cookies are automatically deleted after your browser’s session ends or are stored for a limited time period in order to ensure smooth website operation. Please, bear in mind that these, as well as the other kinds of cookies of the website, do not store the personal data entered.
Effectiveness and functionality
Performance cookies aim to collect statistical data and content provision according to the individual preferences of the users. We use them to measure anonymously the number of visits, pages viewed, visitors’ activity, as well as the repeated website visits. These “cookies” help us analyse the traffic, which enables us to improve the website, as well as the overall user experience.
Management and deletion of cookies
Please, bear in mind that a large portion of the “cookies” we use will improve your website browsing, while the rest are important to ensure access security. Depending on the browser used, you can:
- Allow or deny the storage of cookies from all sources;
- Set up a notification requesting allow or deny permission for each new “cookie”
Most browsers are set up to accept “cookies” by default. However, if you do not wish for “cookies” to be stored on your computer, you may restrict them by changing the settings of the browser used.