1. Personal data within the meaning of Regulation / EU / 2016/679 of the European Parliament and of the Council of Europe of 27 April 2016 / Regulation / and the Personal Data Protection Act is any information relating to a natural person who is identified or can be identified directly or indirectly by an identification number or by one or more specific features.


1.1. Miletia Tour Ltd., UIC207550447, registered address of management: Sozopol, 18 Milet Str., represented by Milen Ivanov – manager, is an administrator of personal data on the provision of tourist services in Miletia Suites, managed by the company, with address: Sozopol, 18 Milet Str., tel.: +359 886 107 202, website: miletia.com

The contact person in connection with the processing of personal data by Miletia Tour Ltd. is Milen Ivanov

  1. Miletia Tour Ltd. collects, processes, and stores personal data to provide tourist services and services such as individual trips, organized trips, hotel accommodation and others. Miletia Tour Ltd. collects personal data directly from the people to whom it provides tourist services, and the personal data is stored responsibly and lawfully.

The provision of personal data is voluntary.

2.1. Miletia Tour Ltd. collects, processes, and stores personal data based on:

2.1.1. Explicit consent of the data subject.

2.1.2. Fulfillment of contractual obligations.

2.1.3. Fulfillment of legal obligations that apply to Miletia Tour Ltd., including tax regimes.

2.2. As a controller of personal data and to facilitate and quickly pay for the provided tourist services, the subjects of personal data can take advantage of the opportunity to pay for the requested tourist services by bank transfer via credit / debit card. In view of the provided opportunity for payment by bank transfer via credit / debit card, Miletia Tour Ltd. also processes the following category of personal data and information:

2.2.1. Credit / debit card information, namely card type and number, cardholder’s name, validity date and security code.

2.2.2. Financial information or invoice data.

  1. Miletia Tour Ltd. takes care of protection and prevention of unauthorized access, improper use, change, destruction, or accidental loss of the cardholders’ bank data. This includes the use of special security rules by the employees of Miletia Tour Ltd., who have access to servers and databases in which the personal information of the cardholders is stored.

3.1. Miletia Tour Ltd. is obliged to notify the personal data subject / cardholder / if:

– there is a high-risk breach of the rights and freedoms of the data subject, as well as what measures have been taken to control the breach.

– there is an infringement that will not lead to a high risk for the rights and freedoms of the data subject, as well as for the measures taken to ensure the termination of the infringement.

  1. To maximally protect the provided personal bank data, Miletia Tour Ltd. has taken technical and organizational precautionary measures to avoid accidental or intentional manipulation, accidental loss, illegal destruction or unauthorized access by unauthorized persons, modification, or distribution, as well as from other illegal forms of processing of the provided personal data by the cardholder.
  2. For maximum protection of the personal bank data provided to the cardholders, Miletia Tour Ltd. has taken the following technical and organizational measures:

5.1. The forms for providing consent for the collection, storage, and processing of personal data, including bank data, filled in by the clients are included in a documentary register and are stored in special cabinets. Access to the cabinets is controlled by authorized persons, locking of the premises and cabinets, security alarm, physical guard, and alarm system.

5.2. The electronic information register is built in the form of files. The databases are accessible only to authorized persons and only to the data and resources necessary for the performance of their duties.

5.3. The access to the information system is carried out only after authorization with a unique name and password. Restricting access to the information system containing personal data is limited by introducing access levels. When transmitting information electronically, protection is provided by encrypting, archiving, and subsequently recovering the data to protect it from loss or destruction. It is possible to monitor each operation, as well as the date and time of its execution, protection of the information system through anti-virus programs and a firewall.

5.4. The processing of personal data, including bank data, is carried out in compliance with the requirements of the Regulation and the Personal Data Protection Act.

  1. Miletia Tour Ltd. may disclose the personal data of the cardholders only to persons and bodies specified in a normative act, to fulfill its legal obligations.

6.1. No transfer of personal data to cardholders to third parties is performed, unless Miletia Tour Ltd. is legally obliged to do so, or the transfer of data is necessary for the performance of the contractual relations, or the cardholder has previously given explicit consent for transfer. of his data.

  1. The personal bank data of the cardholder shall be deleted as soon as the purpose for which it was stored has already been fulfilled or is not valid. Storage may also take place if required by European or national legislation. Personal bank data are also deleted /deleted/ if the statutory storage period prescribed by regulations expires unless it is necessary to continue the storage of data for the purposes of concluding or executing a contract.