Privacy Policy - SUP and Travel

Privacy and policy

I. INTRODUCTION

Welcome to www.supandtravel.com (the “Website” or “Internet page”), which is owned by SUP and Travel EOOD, URN BG206104082, with registered office and management address: Matei Preobrazhenski Street #10, Asenovgrad, Bulgaria, contact phone number: 0893 613 925 .

BY USING THIS WEBSITE, YOU AGREE TO THE TERMS REGARDING THE COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY.

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THIS WEBSITE AND IF YOU HAVE ANY QUESTIONS REGARDING THIS PRIVACY POLICY, PLEASE CONTACT US AT 0893 613 925 OR AT [email protected] . IF YOU DO NOT AGREE WITH ANY OF THE TERMS CONTAINED IN THIS PRIVACY POLICY, YOU SHOULD NOT USE THIS WEBSITE.

ADMINISTRATOR OF PERSONAL DATA

SUP & Travel EOOD (hereinafter referred to as “Administrator”) is a limited liability company, with EIC 206104082, with headquarters and management address: Matei Preobrazhenski Street #10, Asenovgrad, Bulgaria, contact phone number: 0893 613 925 and website: https://supandtravel.com/en .

SUPERVISOR:

Commission for the Protection of Personal Data

Address : Sofia, p.k. 1592, Prof. Blvd. Tsvetan Lazarov” 2

Contact information : 02/915 35 18; 02/915 35 15; 02/915 35 19; [email protected] , www.cpdp.bg

II. PURPOSES AND SCOPE OF THE PRIVACY POLICY

1.1 The administrator understands the considerations of the visitors of this website regarding the protection of personal data and is committed to protecting their personal data by applying all standards for the protection of personal data according to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC. With this Privacy Policy, the Administrator respects the privacy of individuals and makes all necessary efforts to protect the personal data of individuals against unlawful processing by applying technical and organizational measures to protect personal data,

1.2 With this Privacy Policy and in compliance with the requirements of Regulation (EU) 2016/679, the Provider provides information regarding:

– the purposes and scope of the privacy policy;

– personal data collected and processed by the provider;

– the purposes of personal data processing;

– period of storage of personal data;

– mandatory and voluntary nature of providing personal data;

– processing of personal data;

– protection of personal data;

– the recipients or categories of recipients to whom the data may be disclosed;

– rights of natural persons;

– order for exercising the rights;

– right to object;

– buttons, tools and content from other companies;

– changes to the privacy policy.

III. DEFINITIONS

2.1 In the sense of Regulation (EU) 2016/679 and this policy, the specified terms have the following meaning:

Personal Data  means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, the physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person.
Processing of personal data means any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or other way in which the data is made available, arranged or combined, restricted, deleted or destroyed.
Restriction of processing  means marking stored personal data in order to limit their processing in the future.
Profiling means any form of automated processing of personal data, consisting in the use of personal data to evaluate certain personal aspects related to a natural person, and more specifically to analyze or predict aspects related to the performance of the professional duties of that natural person person, their economic status, health, personal preferences, interests, reliability, behavior, location or movement.
Administrator means a natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of this processing are determined by Union law or the law of a Member State, the controller or the special criteria for its determination may be established in Union law or in the law of a Member State.
Personal data processor  means a natural or legal person, public body, agency or other structure that processes personal data on behalf of the controller.
Recipient means a natural or legal person, public body, agency or other structure to which the personal data is disclosed, whether or not it is a third party. At the same time, public authorities that may receive personal data within the framework of a specific investigation in accordance with Union law or the law of a Member State are not considered “recipients”; the processing of this data by the specified public authorities complies with the applicable data protection rules in accordance with the purposes of the processing.
Third party  means a natural or legal person, public body, agency or other body other than the data subject, the controller, the personal data processor and the persons who, under the direct supervision of the controller or the personal data processor, have the right to process the personal data.
Consent of the data subject  means any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or a clear affirmative action, which expresses his consent to the personal data relating to him being processed.
Personal data breach  means a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data that is transmitted, stored or otherwise processed.

IV. PRINCIPLES OF PERSONAL DATA PROCESSING

3.1 The administrator follows the following principles when processing personal data for natural persons, namely:

Personal data is processed lawfully, in good faith and in a transparent manner with respect to the data subject (“lawfulness, good faith and transparency”);
Personal data are collected for specific, explicitly stated and legitimate purposes and are not further processed in a manner incompatible with these purposes;
Personal data is relevant, relevant and limited to what is necessary in relation to the purposes for which it is processed (“data minimization”);
Personal data are accurate and, if necessary, kept up-to-date (“accuracy”);
Personal data is stored in a form that allows the identification of the data subject for a period no longer than is necessary for the purposes for which the personal data is processed (“storage limitation”);
Personal data are processed in a way that ensures an appropriate level of personal data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures (“integrity and confidentiality”).

V. PERSONAL DATA COLLECTED AND PROCESSED BY THE ADMINISTRATOR

A. Processing of special categories of personal data (“sensitive data”)

4.1 The administrator does not collect or process special categories of personal data, such as: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or membership in trade unions, genetic data, biometric data for the sole purpose of identifying a natural person , data on the state of health or data on the sex life or sexual orientation of the natural person. Individuals should not provide such sensitive data to the Administrator. In the event that the natural person intentionally provides sensitive data to the Administrator, the Administrator undertakes to delete them immediately.

B. Personal data collected directly from individuals

Personal data collected directly from individuals when individuals contact the Administrator by telephone

5.1 Individuals provide personal data to the Administrator when they contact the Administrator by telephone. The telephone number for contacting the Administrator is specified in the Administrator’s identification data in this Privacy Policy and in the “Contacts” menu, where the Administrator’s contact information is provided. When the person contacts the Administrator by telephone, the Administrator collects and processes only the name and telephone number of the individual, and in some cases the e-mail address of the individual. This data is processed for the purposes of communication with the individual. The processing of this personal data is necessary:

– for the realization of the legitimate interests of the Administrator, which legitimate interests are answering received calls and sending emails in connection with inquiries received by phone.

– for actions preceding the conclusion of a contract and undertaken at the individual’s request, namely providing more information about the services offered by the Administrator in connection with the possible conclusion of a contract with the individual.

The administrator uses the services of a telephone service provider, which provider is located in the Republic of Bulgaria.

Personal data collected directly from individuals when individuals contact the Administrator through the contact form on the site to contact the Administrator

5.2 Individuals provide personal data to the Administrator when they contact the Administrator by sending a message using the contact form on the Administrator’s website located at: https://supandtravel.com/en/contacts-and-faq/ . When the person sends a message to the Administrator using the contact form, the Administrator collects and processes the individual’s name, e-mail address, telephone number and other information that the person provides in the sent message, such as address. This data is processed for the purposes of communication with the individual and record keeping. The processing of this personal data is necessary:

– to realize the legitimate interests of the Administrator, which legitimate interests are sending a reply to the received messages, as well as saving the received messages.

The administrator uses the services of an e-mail service provider to store the received e-mails on the provider’s server, which server is located in the Republic of Bulgaria.

Personal data collected directly from individuals when individuals contact the Administrator by e-mail

5.3 Individuals provide personal data to the Administrator when they contact the Administrator by e-mail. The Administrator’s e-mail address is specified in the Administrator’s identification data in this Privacy Policy, where the Administrator’s contact details are provided, and also in the published general terms and conditions of the website. When the person sends an e-mail to the Administrator, the Administrator collects and processes the e-mail address, as well as the other information that the person provides in the sent e-mail, such as name, phone number, address. This data is processed for the purposes of communication with the individual and record keeping. The processing of this personal data is necessary:

– to realize the legitimate interests of the Administrator, which legitimate interests are sending a reply to the received messages, as well as saving the received messages.

The administrator uses the services of an e-mail service provider to store the received e-mails on the provider’s server, which server is located in the Republic of Bulgaria.

Personal data collected directly from individuals when individuals contact the Administrator by sending a message using the Facebook platform

5.4 Individuals provide personal data to the Administrator when they contact the Administrator by sending a message using the Facebook platform through the Facebook messaging service, accessible through the Administrator’s Facebook page at: https://www.facebook.com/SUPandTRAVELWhen the person sends a message to the Administrator by using the Facebook platform through the Facebook message service, the Administrator collects and processes the name of the individual as well as the other information that the person provides in the sent message. This data is processed for the purposes of communication with the individual and record keeping. The processing of these personal data is necessary to realize the legitimate interests of the Administrator, which legitimate interests are sending a response to the received messages, as well as saving the received messages. The administrator uses the services of Facebook, an independent service provider located in the USA, to receive messages through the Facebook platform. This means that the personal data provided will be stored on Facebook’s servers in the USA. For the transmission of these personal data outside the European Economic Area, appropriate guarantees should be provided in accordance with Article 46 of Regulation (EU) 2016/679. Facebook certifies that it complies with the EU-US Privacy Shield Principles. Facebook has its own Privacy Policy and individuals are advised to read it for more information. Facebook’s privacy policy is posted at the following address: to get more information. Facebook’s privacy policy is posted at the following address: to get more information. Facebook’s privacy policy is posted at the following address:https://www.facebook.com/policy.php

Personal data collected directly from individuals when individuals register on the website

5.5 Individuals provide personal data to the Administrator when they register on the Administrator’s website in order to create a profile. When registering, the natural person provides the following personal data, which the Administrator collects and processes, namely: name and surname of the natural person and e-mail address. The collection and processing of this personal data is necessary: - to realize the legitimate interests of the Administrator, which legitimate interests are providing the possibility for the individual to maintain a registered profile on the website of the Administrator, to save the goods preferred by the individual and to purchase goods desired by the individual; – with a view to concluding or executing a contract for the purchase of goods. Individuals’ data is stored on a server of a hosting service provider,

Personal data collected directly from individuals when individuals purchase goods

5.6 Individuals provide personal data to the Administrator when they purchase a product from the Administrator’s website. When purchasing a product from the Administrator’s website, the natural person provides the following personal data, which the Administrator collects and processes, namely: name and surname of the natural person, e-mail address, telephone and address. The collection and processing of this personal data is necessary: - with a view to concluding or executing a contract for the purchase of goods; – to fulfill legal obligations for the purposes of issuing invoices. The data of individuals are stored on the server of a hosting service provider, which provider is registered in the Republic of Bulgaria.

Personal data collected directly from individuals when individuals subscribe to receive a newsletter

5.7 Individuals provide their email address when they wish to subscribe to receive a newsletter. When the person subscribes to receive newsletters containing publications and useful information about the goods offered by the Administrator, promotional offers and the like, the Administrator collects and processes the e-mail address of the individual and the name of the individual. This data is processed for the purpose of sending the individual newsletters. The basis for processing this personal data is the express consent of the individual. The administrator uses the services of MailChimp, an independent service provider located in the USA, to send newsletters and manage the email list. This means that email addresses provided will be stored on MailChimp’s servers in the US. For the transmission of these personal data outside the European Economic Area, appropriate guarantees should be provided in accordance with Article 46 of Regulation (EU) 2016/679. MailChimp certifies that it complies with the EU-US Privacy Shield Principles. MailChimp has its own Privacy Policy and individuals are advised to review it for more information. MailChimp’s privacy policy is posted at the following address: to get more information. MailChimp’s privacy policy is posted at the following address: to get more information. MailChimp’s privacy policy is posted at the following address:https://mailchimp.com/legal/privacy/. In addition, there is a contract between the administrator and MailChimp.

C. Personal data of individuals provided by third parties

6.1 The administrator normally does not receive personal data about individuals from third parties. However, in some cases, if the Administrator has reasonable grounds to suspect that a natural person is infringing intellectual property rights and other similar cases, then the Administrator has the right to obtain personal data of the suspected person from public records, such as: register, the register for registered trademarks maintained by the Patent Office of the Republic of Bulgaria and similar. This data may be collected and processed for the purpose of filing an infringement claim against the infringer. The processing of personal data collected from a public register is necessary for the purposes of the legitimate interests of the Administrator, which legitimate interests are the filing of a claim for a committed violation against the offender,

D. Data Collected Automatically

7.1 When visiting the website, the Administrator automatically collects the following data, namely:

Internet Protocol (IP) address of the device from which the individual accesses the platform (usually used to determine the country or city from which the individual accesses the platform);

Type of device from which the natural person accesses the platform (for example, computer, mobile phone, tablet, etc.);

Type of operating system;

Browser type;

The specific actions that the individual takes, including the pages visited, the frequency and duration of website visits;

Date and time of visits.

VII. PURPOSES FOR WHICH THE PERSONAL DATA ARE PROCESSED

9.1 The administrator collects and processes the personal data of the natural persons, which are provided directly by them only for the following purposes, namely:

in order to provide services that the Administrator offers, namely the sale of goods and identification of natural persons (future and current customers);
to make contact with the individual via e-mail, so that the Administrator can respond to the inquiry received by the individual;
for the performance of obligations under a contract to which the natural person to whom the data refer is a party, as well as for actions preceding the conclusion of a contract and undertaken at his request;
to fulfill a legally established obligation of the Personal Data Administrator, in accordance with the applicable law;
to send the goods purchased by the individual;
to send newsletters containing information about received new collections, discounts, etc.

accounting purposes;
statistical purposes.

9.2 The administrator collects and processes the personal data of natural persons, which have been collected automatically for the following purposes, namely:

– improving the efficiency and functionality of the website;

– preparation of anonymous statistical data on the way the website has been used.

9.3 The administrator has no right to use the personal data of individuals for purposes other than the purposes specified in this section of this Personal Data Protection Policy.

VIII. STORAGE PERIOD OF PERSONAL DATA

10.1 Inquiries and correspondence by e-mail, Facebook : The administrator stores the personal data and messages received by e-mail and Facebook for a period necessary to respond to the message received and to satisfy the request of the individual, as well as for a period from one year after the Administrator has responded to the message received.

10.2 Personal data of persons who have purchased goods : The Administrator stores the personal data of persons who have purchased goods from the Administrator for a period of ten years, which period is the legally established term for storing customer invoices.

10.3 Personal data of persons who have subscribed to receive the newsletter: The administrator stores the personal data of persons who have subscribed to receive the newsletter until the person unsubscribes from the option to receive the newsletter or until the termination of this service by the administrator.

B. Criteria for determining the period for which personal data will be stored

10.4 In other cases not specified above, the Administrator will store the personal data of the natural person for no longer than necessary, taking into account the following criteria, namely: – whether the Administrator is obliged to comply with a legal obligation to continue the processing the personal data of the individual; – the purpose of storing the personal data both now and in the future; – whether a contract has been concluded between the Administrator and the individual and the Administrator is obliged to continue processing personal data in order to fulfill the obligations under the contract; – purposes for using personal data now and in the future; – whether it is necessary to make contact with the individual in the future; – whether the Administrator has a legal basis to continue processing the personal data of the individual; – any other valid reasons,

IX. MANDATORY AND VOLUNTARY NATURE OF PROVIDING PERSONAL DATA

11.1 The personal data that are required to be provided by individuals are in accordance with the services offered by the Administrator and are mandatory. The provision of personal data by individuals is voluntary. In case the provision of personal data is refused:

– The administrator will not be able to deliver the goods desired by the individual;

– The administrator will not be able to receive the email from the user if the latter does not fill in the necessary information in the contact form;

– The natural person will not be able to create his user profile on the site.

X. PROCESSING OF PERSONAL DATA

12.1 The administrator processes the personal data of natural persons through a set of actions that can be performed by automatic or non-automatic means.

12.2 The Administrator processes the personal data of natural persons independently or by assigning a data processor on behalf of the Administrator, who is the accountant of the company, which is based in the Republic of Bulgaria.

XI. PROFILING

13.1 Profiling means any form of automated processing of personal data, consisting in the use of personal data to assess certain personal aspects related to a natural person, and more specifically to analyze or predict aspects related to the performance of the professional duties of that individual, their economic status, health, personal preferences, interests, reliability, behavior, location or movement. When performing profiling, automated methods and algorithms are used.

13.2 The administrator performs profiling in order to adapt the services provided by the administrator to the needs of individuals, and also to improve the administrator’s services. For this purpose, automated methods and algorithms are used to determine the preferences of individuals by performing an initial or ongoing assessment based on the data provided by the individual. In this way, it is established what would be the most suitable offer for the individual concerned, so that the most suitable offer can be prepared and made to the individual.

XII. PROTECTION OF PERSONAL DATA

14.1 The administrator takes the necessary technical and organizational measures to protect personal data from accidental or illegal destruction, or from accidental loss, from unauthorized access, modification or distribution, as well as from other illegal forms of processing, namely:

– all personal information that the individual provides to the Administrator is stored on secure and reliable servers and folders;

– when exercising the right of access by the individual, the Administrator verifies the identity of the individual before providing him with the requested information.

14.2 Comprehensive information about the technical and organizational measures taken by the administrator is available in the Instruction on the mechanism of personal data processing and their protection in the maintained registers containing personal data at the Administrator. In case you wish to receive detailed information about the technical and organizational measures, please contact us at 0893 613 925 or [email protected] .

XII. RECIPIENTS TO WHOM PERSONAL DATA MAY BE DISCLOSED

15.1 The administrator has the right to disclose the processed personal data to the following categories of persons, namely:

of the natural persons to whom the data refer;
to individuals, if provided for in a regulatory act, for example state bodies (NAS, Patent Office, Commercial Register, etc.);
to persons processing personal data who provide services for the benefit of the Provider’s business activities, such as the Administrator’s accountant and courier organizations, and such persons are bound by an obligation to observe confidentiality, and also such persons have provided sufficient guarantees for the application of appropriate technical and organizational measures in such a way that processing takes place in accordance with the requirements of the Regulation and ensures protection of the rights of natural persons.

15.2 The administrator does not sell personal data provided by the individual to third parties.

XIII. RIGHTS OF NATURAL PERSONS

RIGHTS OF INDIVIDUALS

Right of access

16.1 The natural person has the right to receive from the Administrator confirmation as to whether personal data related to him/her are being processed and, if so, to access the data – the relevant categories of personal data.

Right to rectification

16.2 The individual has the right to request the Administrator to correct inaccurate personal data relating to him without undue delay. Considering the purposes of the processing, the natural person has the right to have incomplete personal data completed, including by adding a declaration.

Right to erasure (right to be forgotten)

16.3 The natural person has the right to request from the Administrator the deletion of the personal data related to him without undue delay, and the Administrator has the obligation to delete the personal data without undue delay when any of the grounds specified in Article 17 of Regulation 2016/679 apply.

Right to restriction of processing

16.4 The natural person has the right to demand from the Administrator a restriction of processing when one of the conditions specified in Article 18 of Regulation 2016/679 applies. When processing is restricted, such data are processed, with the exception of their storage, only with the consent of the individual or for the establishment, exercise or defense of legal claims or for the protection of the rights of another individual or for important reasons of public interest for the Union or a Member State. When the natural person has requested the limitation of processing, the Administrator informs him before the cancellation of the limitation of processing.

Right to data portability

16.5 The natural person has the right to receive the personal data concerning him/her which he/she has provided to a controller in a structured, widely used and machine-readable format, where the processing is based on consent in compliance or a contractual obligation and the processing is carried out in an automated manner.

Right to object

16.6 The natural person has the right, at any time and on grounds related to his particular situation, to object to the processing of personal data concerning him. Pursuant to Art. 21, paragraph 4 of Regulation 2016/679, the natural person is expressly notified of the existence of the right to object, which is presented in a clear manner and separately from any other information. To fulfill this obligation, more information about the right to object can be found in the section below entitled “Right to object”.

Right to withdraw consent

16.7 The natural person has the right to withdraw the consent given by him at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal. The individual may withdraw their consent in the manner specified in section XIV of this privacy policy or by selecting the “unsubscribe” option when receiving the newsletter.

Profiling rights

16.8 The natural person has the right not to be subject to a decision based solely on automated processing involving profiling that gives rise to legal consequences for the data subject or similarly significantly affects the data subject.

Right to be notified of a breach of personal data security

16.9 When the breach of personal data security is likely to pose a high risk to the rights and freedoms of individuals, the individual must be notified without undue delay of the breach of personal data security.

Right to judicial and administrative protection

Right to file a complaint with a supervisory authority

16.10 The natural person has the right to submit a complaint to a supervisory authority, in particular in the Member State of habitual residence, place of work or place of the alleged infringement, if the natural person considers that the processing of personal data concerning him violates the provisions of The regulation.

Right to an effective judicial remedy against a supervisory authority

16.11 Every natural and legal person has the right to effective judicial protection against a binding decision of a supervisory authority concerning him. Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.

C: Right to an effective legal remedy against a controller or processor of personal data

16.12 Without prejudice to any available administrative or non-judicial remedies, including the right to lodge a complaint with a supervisory authority, an individual has the right to an effective judicial remedy where they consider that their rights under the Regulation have been infringed as a result of processing of his personal data that is not in accordance with the Regulation. Proceedings against an administrator or processor of personal data shall be instituted before the courts of the Member State in which the Administrator or processor of personal data has its place of establishment.

Right to compensation for damages suffered

16.13 Any person who has suffered material or non-material damages as a result of a violation of the Regulation has the right to receive compensation from the Administrator or the processor of personal data for the damages caused. Legal proceedings in connection with the exercise of the right to compensation shall be instituted before the courts of the Member State in which the Administrator or personal data processor has its place of establishment .

XIV. ORDER FOR EXERCISE OF RIGHTS

17.1 Individuals exercise their right to withdraw consent, the right of access, the right to deletion, correction, the right to limit processing, the right to data portability, the right to object and the right to profiling, by submitting a written request to the Administrator ( or by mail to the address specified in the Administrator’s identification above in this privacy policy or by sending an email), which should contain the following information:

name, address and other identification data of the relevant natural person;
description of the request;
signature, date of submission of request and e-mail address.

17.2 The request is made personally by the individual. The administrator files the requests submitted by individuals in a separate register.

17.3 After the natural person exercises his right of access to personal data concerning him, the Administrator verifies the identity of the natural person before responding to the request. This is necessary to minimize the risk of unauthorized data access and identity theft. In the event that the Administrator cannot identify the individual from the collected personal data, then the Administrator has the right to request a copy of documents that identify the individual (such as an identity card, driver’s license, other documents that contain personal data that may identify the natural person).

17.4 The administrator examines the request and provides the individual with information about the actions taken in relation to the request within one month of receiving the request. If necessary, this period can be extended by another two months, taking into account the complexity and number of requests.

17.5 The administrator informs the individual of any such extension within one month of receiving the request, indicating the reasons for the delay. When the individual submits a request by electronic means, if possible, the information shall be provided by electronic means, unless the individual has requested otherwise.

17.6 If the Administrator does not take action on the individual’s request, the Administrator shall notify the person without delay and at the latest within one month of receiving the request of the reasons for not taking action and of the possibility of submitting a complaint to a supervisory authority and seeking protection judicially.

17.7 The administrator undertakes to communicate any rectification, deletion or restriction of processing to any recipient to whom the personal data has been disclosed, unless this is impossible or requires a disproportionately large effort. The administrator informs the individual about these recipients if the individual so requests.

XV. RIGHT OF OBJECTION

18.1 The natural person has the right, at any time and on grounds related to his particular situation, to object to the processing of personal data concerning him. Pursuant to Art. 21, paragraph 4 of Regulation 2016/679, the natural person is expressly notified of the existence of the right to object, which is presented in a clear manner and separately from any other information. To fulfill this obligation, more information about the right to object will be provided in this section of this privacy policy.

18.2 The natural person has the right, at any time and on grounds related to his specific situation, to object to the processing of personal data concerning him, in cases where the processing is necessary for the performance of a task of public interest or in the exercise of official powers that have been granted to the Administrator or the processing is necessary for the purposes of the legitimate interests of the Administrator or a third party, except when the interests or fundamental rights and freedoms of the natural person that require the protection of personal data take precedence over such interests, more especially when the individual is a child. The administrator undertakes to stop the processing of personal data, unless he proves that there are convincing legal grounds for the processing that take precedence over the interests, the rights and freedoms of the natural person, or for the establishment, exercise or defense of legal claims. Individuals exercise their right to object by submitting a written request to the Administrator by mail at the address specified in the Administrator’s identification above in this privacy policy or by sending an email.

18.3 Where personal data is processed for the purposes of direct marketing, the natural person has the right at any time to object to the processing of personal data concerning him for this type of marketing, which includes profiling in so far as it is related to direct marketing. When the natural person objects to processing for the purposes of direct marketing, the processing of personal data for these purposes is terminated. Individuals exercise their right to object by submitting a written request to the Administrator by mail at the address indicated in the Administrator’s identification above in this privacy policy or by sending an email indicating that they do not wish to receive advertising communications.

XVI. CHANGES TO PRIVACY POLICY

19.1 This Privacy Policy may be updated at any time in the future. When that happens, the changed policy will be posted on this website with a new “Last Modified” date at the top of this Privacy Policy and will be effective from the date of posting. Therefore, it is recommended that you periodically check this Privacy Policy to ensure that you are aware of any changes. By using the website after the updated Privacy Policy is posted, you will be deemed to agree to the changes.

XVII. CONTACTS

20.1 In the event that you have any further questions regarding this Privacy Policy, please do not hesitate to contact us at 0893 613 925 or [email protected] .

Last updated: April 11, 2022