We understand that privacy and security of the personal information you share with us is extremely important. Because of that, our privacy policy sets out how we process your data and what are the measures we take to secure it. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.

This Privacy policy applies to you if you provide us your personal data over the phone (call or SMS), online, through online registration form, via post or courier, social media, corporate or promotional website, through mobile application or other way. This policy gives effect to our commitment to protect your personal information and has been adopted by all of the companies and businesses in our group (for more information, please look at section “Who are we?”).

1. Who we are?

When we say ‘we’ or ‘us’ in this policy, we’re generally referring to the separate and distinct legal entities that are part of the project. These include:
  • Bilta EAD, Tsaritsa Joanna Str. 12, Gotse Delchev, Bulgaria,
  • Drama Hotel Association, Areos 3, Drama, Greece
  • Euroform RFS, Piazza Libertà 40, Rende, Italy

It also includes any other businesses we add to this group in the future.

2. What information for you we store and process?

  • Information you share with us when you use one of our websites:
    • winetrips.eu,
    • e-learning.winetrips.eu
  • Information you provide to us such as: your name, telephone number, email address, company, position, business sector, or when you communicate with us via post, phone, email or social media.
  • Name and email address, when you register and you give us your consent to receive emails with news and proposals from WineTrips.eu.
  • Information about any device you have used to access our sites (such as your device’s make and model, browser or IP address). This way, we try to identify which of our sites or apps you find useful and interesting.
  • Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. We want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve the information we are sending.
  • Information from other sources such as our partners, specialist companies that provide customer information with their consent, in an explicit or anonymized form (like companies for marketing research, financial institutions, social media etc.) including  information that is publicly available.

3. Purposes for which we use the data you are sending to us. Lawful basis of processing.

As a Controller of personal data, and in order to be able to fulfill our obligations under the General Data Protection Regulation, we may use your personal data for one, several or for all purposes listed below:
  • In order to send you a response to a request made by you for any of our products or services;
  • To send you emails with news and proposals from our company;
  • To send you invitations to events we organize - either alone or with our partners;
  • For statistical needs and analyzes;
  • To help us understand more about you as our customer, about the products and / or services you use, about the way you use them, and to provide you with better service from our employees;
  • To send you invitations to participate in surveys - online or in paper form.
  • To find ways to improve our products, services, applications, or websites.

The processing of your personal data is based on one of the following lawful basis of processing:

  • You have agreed to process your personal data for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which you are a party or for taking steps upon your request before entering into a contract between us and you;
  • processing is necessary to comply with a legal obligation that applies to us as a data controller;
  • processing is necessary to protect your or another individual’s vital interests;
  • Processing is necessary for the performance of a task of public interest or in the exercise of the official authority that is provided to us as a data controller;
  • processing is necessary for the purposes of our legitimate interest (or a third party’s one), except where such interests impacts your interests or fundamental rights and freedoms that require special protection of your personal data.

4. Who we might share your information with?

4.1. With companies in the group
We may share your personal data with other companies in our group (described in the "Who we are?" section) when we have your consent to that. That\'s how we can provide first-class service.
4.2. With our partners and/or providers
We work with partners and providers who can also process your personal data on our behalf but only if they meet our storage, processing and data protection standards! Such partners are:
  • Courier or postal companies who have to deliver documents or parcels on our behalf;
  • Printing companies who need to prepare customized or personalized materials for you;
  • Companies who send mass email when you need to receive an email from us;
  • Companies who send SMS when we need to send you one;

We only provide them with information that is necessary to get the relevant product and / or service from us that you have requested or have shown to you. For example, if you have indicated that you are interested in marketing information from us and / or our partners, you may see advertising messages about our products and / or services on websites you visit.

4.3. Other organisations or individuals:
We may provide your personal data to other organizations in certain cases. For example:
• If we are discussing the sale of all or part of our business, we can share data about you with potential buyers - but only in summary form so that they can assess the potential of the business;
• If we undergo reorganization or our company is sold to another organization, we may transfer your personal data to that company to continue providing you with the relevant products and / or services;
• If required by law, by a state or a private institution, in fulfillment of its statutory obligations (eg. police, NRA, NSSI, CPDP, etc.);
• If we need to share your personal data in order to protect our legitimate interest or exercise our rights as regulated by the law and to protect our customers, our users of our products and / or services, systems and servers; or
• Responding to a request from other individuals (or their representatives) who are trying to protect their statutory rights or the rights of other individuals or organizations.
In any case, we will inform you before providing this information to third parties. If this is not feasible, we will inform you as soon as we have provided your data to third parties.

5. International transfers of your data

If for purposes described in this Privacy Policy we have to transfer your personal data to a third party (another of our group or our supplier and / or partner) whose headquarter is outside the EU or country with adequate level of protection, you will be notified of this as well as of the measures with which your personal data will be protected. Your data may be transferred on the basis of a contract between us and the third party, in a manner approved by the relevant regulatory autority, and under an external arrangement approved by the relevant regulatory autority (eg. Data Shield in the Relationship between EU and US - \'Privacy Shield\' or others).

6. Keeping you informed about our products and services?

When you explicitly agree to this, we will gladly share with you email about our special offers, ideas, products and / or services when we have something to share with you.
If you do not agree or wish to withdraw your consent to receive emails from us, you may do so in one of the following ways:

  • via the unsubscribe link included in any email we send you;
  • by sending us a unsubscribe email at privacy@WineTrips.eu.

7. What are your rights related to your personal data and how you can exercise them?

7.1. Right to access and correction of your personal information
You have access to your personal data processed for the purposes outlined above. If we process this data and receive a request from you (or from a third party authorized by you), we will provide this access for free. You may also request a copy of your personal data we process.
Before we provide access to your personal data to you or to a person authorized by you, we may request proof of identity and details of your relationship with us or our partners so we can find the data that relates to you.
If any personal data we store and process for you is inaccurate or obsolete, you are entitled to ask us to correct them, including by adding a statement.
7.2. Right to delete your personal data
You may request to delete your personal details without undue delay if:
  • personal data are no longer needed for the purposes for which they were collected;
  • when you have withdrawn your consent;
  • when you have objected to the treatment if it is unlawful;
  • when personal data must be deleted to comply with a legal obligation under Union law or the law of a Member State that applies to us as a data controller;
  • when personal data has been gathered in connection with the provision of information society services.

Under certain conditions, we may refuse to delete your personal information in the cases provided for by law.

7.3. Right to data portability and right of appeal
You may obtain the data we process for you in a structured, widely used and machine readable format to transfer your data to another Controller.
You have the right to file a complaint with the local regulator, the Personal Data Protection Commission (CPDP) or the court if you think your rights are being violated. For this purpose, you can visit the CPDP website at https://www.cpdp.bg/, where you will learn more.
7.4. Right of withdrawal of consent
You have the right to withdraw your consent to the processing of your personal data on our behalf at any time by submitting a request to us:
  • by sending us a unsubscribe email at privacy@winetrips.eu;
  • by contacting us by phone on +359 2 850 20 28;
  • by sending us a written application at: Sofia 1618, 43A, Vihren str./li>
7.5. Right of objection
You have the right at any time to submit to us an objection to the processing of your personal data for purposes related to direct marketing, including profiling, in so far as it relates to direct marketing. The objection can be made by phone or by e-mail to the contact details listed above in p.7.4.
7.6. Restrict the processing of personal data
You have the right to request that we limit the processing of your personal data when you believe your personal data is inaccurate, the processing of your personal data is improper, we do not need your personal data for processing purposes, or you have objected to the processing of your personal data. In this case, personal data will only be stored but not processed.
7.7. The right not to be subject to an automated solution involving profiling
You have the right not to be subject to a fully automated solution, including profiling, when it generates legal issues for you or affects you considerably.
If you would like to exercise any of the rights described here, please contact us at the contacts listed in p. 7.4.

8. For how long do we store your data?

We store a record of your personal information in order to provide you with high quality and consistency of our services within the group. We always store and process your data in accordance with the law and we never keep it for longer than is necessary. In the massive case, unless otherwise specified, your data is stored for 2 (two) calendar years from the date of receipt.

9. Data Security

We treat your personal data as strictly confidential. To protect them, we take a number of measures, including:

  • We limit access to the premises where we work only to the people who need to be there (using codes and access cards, passwords, etc., related to restricting access to certain premises);
  • We also control access to our information technology systems by means of firewalls, ID validation, logical segmentation and / or physical separation of our systems and information;
  • We use methods such as encryption and pseudonymization of information;
  • We never ask you to send us your password;
  • We advise never to enter an account number, password, or other sensitive information in an email to us.

10. Contact with us

If you wish to exercise any of the rights described in this Privacy Policy, or if you have a question or complaint about this policy or the way your personal data is processed, please contact us in one of the following ways:
By email: privacy@winetrips.eu
By post: To Data Protection Officer of WineTrips.eu, Sofia 1618, 43A, Vihren str.
By phone: contact us on +359 2 850 20 28 in working hours from 09:00 to 17:30.             

11. Policy change

This privacy policy was most recently updated in 01.10.2018.