Protection of personal data. Regulation (EU) 2016/679.
Definitions for the purposes of this Regulation:
1. ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more features specific to the natural, the physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual;
2. “processing” means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing through transmitting, disseminating or otherwise making the data accessible, arranging or combining, restricting, deleting or destroying it;
3. “restriction of processing” means the marking of stored personal data in order to limit their processing in the future;
4. “profiling” means any form of automated processing of personal data, in the form of the use of personal data to assess certain personal aspects relating to an individual, and in particular to analyze or forecast aspects relating to the implementation of personal data; the professional duties of that individual, his economic condition, health, personal preferences, interests, reliability, conduct, location or movement;
5. “pseudonymisation” means the processing of personal data in such a way that personal data can no longer be linked to a specific data subject without the use of additional information, provided that it is stored separately and subject to technical and organizational measures to ensure that personal data do not relate to an identified or identifiable natural person;
6. ‘personal data register’ means any structured set of personal data accessed according to certain criteria, whether centralized, decentralized or distributed according to a functional or geographical principle;
7. ‘controller’ means a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for determining it may be laid down in Union law or in the law of a Member State;
8. ‘processor’ means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
9. “recipient” means a natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a specific investigation in accordance with Union law or the law of 4.5.2016 L 119/33 Official Journal of the European Union EN Member State shall not be considered as “recipients”; the processing of such data by those public authorities complies with the applicable data protection rules in accordance with the purposes of the processing;
10. “third party” means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and persons who, under the direct supervision of the controller or the processor, have the right to process personal data. data;
11. “data subject’s consent” means any freely expressed, specific, informed and unambiguous indication of the data subject’s will, by means of a statement or clear confirmatory action expressing his or her consent to the processing of personal data relating to him or her;
12. ‘breach of security of personal data’ means a breach of security which results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data which are transmitted, stored or otherwise processed;
Principles related to the processing of personal data
1. Personal data are:
processed lawfully, in good faith and in a transparent manner with regard to the data subject (“lawfulness, good faith and transparency”);
collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes; further processing for archiving purposes in the public interest, for scientific or historical research or for statistical purposes shall not be considered, in accordance with Article 89 (1), incompatible with the original objectives (“limitation of objectives”);
appropriate, relevant and limited to what is necessary for the purposes for which they are processed (‘minimizing data’);
accurate and, if necessary, kept up to date; all reasonable steps must be taken to ensure the timely erasure or correction of inaccurate personal data, taking into account the purposes for which they are processed (“accuracy”); 4.5.2016 L 119/35 Official Journal of the European Union EN (1) Directive (EU) 2015/1535 of the European Parliament and of the Council of 9 September 2015 laying down a procedure for the provision of information in the field of technical regulations and rules on information society services (OJ L 241, 17.9.2015, p. 1);
kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for a longer period, provided that they are processed solely for archiving purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89 (1), provided that appropriate technical and organizational measures provided for in this Regulation in order to guarantee the rights and freedoms of the data subject (“storage restriction”);
processed in a way that ensures an adequate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organizational measures (“integrity and confidentiality”);
Legality of processing
1. Processing shall be lawful only if and to the extent that at least one of the following conditions is applicable:
the data subject has consented to the processing of his or her personal data for one or more specific purposes;
the processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject before the conclusion of the contract;
processing is necessary to comply with a legal obligation that applies to the administrator;
processing is necessary to protect the vital interests of the data subject or another natural person;
the processing is necessary for the performance of a task in the public interest or in the exercise of official powers conferred on the administrator;
the processing is necessary for the legitimate interests of the controller or a third party, except where such interests take precedence over the interests or fundamental rights and freedoms of the data subject which require the protection of personal data, in particular where the data subject is a child;
1. Your access to social networks such as Facebook, Skype, WhatsApp, Viber, YouTube and others, provides registration and acceptance of the general conditions of these sites. FRESH RENT A CAR is not responsible for the protection of your personal data when accepting these general conditions. Please read the general terms and conditions of these sites in detail.
The following types of personal data are processed, provided by you and necessary for identification and fulfillment of the contractual obligations of “FRESH RENT A CAR”:
1. Your names .;
4. ID card or passport number;
5. Driver’s license number
Names, address and other data of the proxy, entered in the document for his authorization to represent the data subject before “FRESH RENT A CAR”. The data is processed in the form of a scanned copy or photo of the information.
Provision of personal data by the data subject to the controller, as a contractual or legal obligation. The possible consequences of the lack of personal data.
We clarify that the provision of personal data may be partially required by law (eg tax provisions) or may be the result of contractual provisions (eg information about the contractual partner). For example, the data subject must provide us with personal data when a contract is concluded with him. The lack of personal data would lead to the fact that the contract with the individual cannot be concluded and executed;
The processing is necessary for the fulfillment of obligations under a contract to which the natural person to whom the data relate is a party, as well as for actions prior to the conclusion of a contract. The need to collect personal information is also necessitated by the fact that in certain circumstances public authorities have a legal basis to require personal information for identification.
The data subject may contact our contact person before providing their personal data. Our contact person explains to the data subject whether the provision of personal data is required by law or contract or is necessary for the conclusion of the contract;
In case you do not want to provide the necessary data for the service “car rental”, “FRESH RENT A CAR” will not be able to fulfill its commitments and agreements to you;
Your personal data may be provided to competent public authorities in order to fulfill their regulatory obligations under the relevant laws and regulations – court, prosecutor’s office, investigation, Ministry of Interior, Traffic Police, auditing bodies – NRA, NSSI, supervisory bodies – Commission for Personal Data Protection, etc., when they have requested the data in due course in connection with the exercise of their powers.
We terminate the use of your personal data for the purposes of the contractual relationship after the termination of the contract, but we do not delete them before the expiration of the statute of limitations for filing claims (5 years), obligations to provide information of the court, competent state bodies, etc. grounds provided for in the current legislation (5 years).
After the expiration of the storage period, the personal data shall be deleted / destroyed (by an applicable method – eg by cutting, burning or permanent deletion from electronic means, for which a protocol shall be drawn up by a commission appointed by order of the Manager), unless:
they are necessary for pending court, arbitration, administrative or enforcement proceedings;
You have exercised your right to request a restriction on the processing of your personal data;
You have the following rights regarding your personal data:
1. Right of confirmation
You have the right to receive confirmation from the administrator of Most Computers whether your personal data is processed.
2. Right of access
You have the right to receive free of charge from the administrator “FRESH RENT A CAR” information about your processed personal data, at any time, as well as a copy of this information. In addition, you have the right to access and explain your personal data, which includes the following information:
the purposes of processing;
the relevant categories of personal data related to you;
the recipients or categories of recipients to whom your personal data are or will be disclosed, in particular recipients in third countries or international organizations;
where possible, the estimated period for which your personal data will be stored and, if this is not possible, the criteria used to determine this period;
the existence of the right to request the correction or deletion of personal data or to restrict the processing of personal data relating to you, or to object to such processing;
the existence of the right to lodge a complaint with the supervisory authority;
where your personal data is not collected by you, any available information about their source;
When your personal data is transferred to a third country or to an international organization, you have the right to be informed of the appropriate safeguards in connection with the transfer;
At your request, FRESH RENT A CAR may provide you with a copy of your personal data that is being processed.
Providing access to personal data related to you may not adversely affect the rights and freedoms of third parties or lead to a breach of the legal obligation of “FRESH RENT A CAR”
When your requests for access are clearly unfounded or excessive, especially due to their recurrence, FRESH RENT A CAR may charge a reasonable fee based on the administrative costs of providing the information or refuse to respond to your request for access.
FRESH RENT A CAR assesses on a case-by-case basis whether a request is manifestly unfounded or excessive.
In case of refusal to provide access to personal data, “FRESH RENT A CAR” justifies its refusal and informs you.
3. Right of correction The data subject has the right to ask the controller to correct inaccurate personal data related to him without undue delay. Given the purposes of the processing, the data subject has the right to complete incomplete personal data, including by adding a declaration.
4. Right to be deleted (Right to be forgotten)
You have the right, provided by the European legislator, to request from the administrator “FRESH RENT A CAR” deletion of your personal data without undue delay, and the administrator is obliged to delete your personal data without undue delay when any of the following grounds:
personal data are no longer needed for the purposes for which they were collected or otherwise processed;
you withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
you object to the processing and there are no legitimate grounds for the processing to take precedence;
your personal data has been processed illegally;
your personal data must be deleted in order to comply with the legal obligation of the administrator “FRESH RENT A CAR”;
FRESH RENT A CAR is not obliged to delete personal data insofar as the processing is necessary:
to exercise the right to freedom of expression and the right to information;
for compliance with the legal obligation of “FRESH RENT A CAR”;
for the observance of the Road Traffic Act;
for the observance of the limitation periods for filing claims specified in the Law on Obligations and Contracts;
for the establishment, exercise or defense of legal claims;
5. Right to limit processing
You have the right to request from the FRESH RENT A CAR restriction of processing when one of the following applies:
dispute the accuracy of your personal data for a period that allows the administrator to verify the accuracy of personal data;
the processing is illegal, but you do not want your personal data to be deleted, but instead demand that their use be restricted;
the controller no longer needs your personal data for the purposes of processing, but you require for the establishment, exercise or protection of legal claims;
you have objected to the processing on the grounds of the legitimate interest of “FRESH RENT A CAR” and a check is underway whether the legal grounds of the administrator take precedence over your interests;
6. Right to data portability
Вие имате право, да получите личните данни, които Ви засягат и които сте предоставил/а на „ФРЕШ РЕНТ А КАР ” , в структуриран, широко използван и пригоден за машинно четене формат. При поискване, тези данни могат да бъдат прехвърлени на друг администратор, посочен от Вас, когато това е технически осъществимо.
You can exercise the right of portability in the following cases:
processing is based on your consent;
the processing is based on a contractual obligation;
processing is performed in an automated manner;
The right of portability may not adversely affect the rights and freedoms of others.
7. Right to object
You have the right to object to the processing of your personal data by FRESH RENT A CAR. FRESH RENT A CAR terminates the processing of your personal data in the event of an objection, unless it proves that there are compelling legal grounds for its continuation. which take precedence over your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
FRESH RENT A CAR does not collect or process special categories of personal data (so-called sensitive personal data), namely those that:
reveal racial or ethnic origin;
disclose political, religious or philosophical beliefs, membership in political parties or organizations, associations with religious, philosophical, political or trade union goals;
relate to health, sex life or the human genome;
As a responsible company, we FRESH RENT A CAR do not use automated decision making that includes or excludes profiling.
If you wish to contact us on issues related to this Declaration or the protection of personal data in the Company, please contact us in the following ways:
Phone: +359 8 78 5005 78
By mail: Sofia 1202, 18 Kozloduy Str., For the contact person for data protection.
Name and address of the administrator
The controller for the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679), other data protection laws applicable in the Member States of the European Union and other data protection provisions is:
PAN-88 C EOOD, with UIC: 205314811
Str. Kozloduy 18
Sofia 1000, Bulgaria
Phone: +359 8 78 5005 78
Control over our activities related to the processing of personal data in Bulgaria is exercised by the following administrative body:
Commission for Personal Data Protection (CPDP)
Address: Sofia 1431, Acad. Ivan Evstratiev Geshov ”15
Tel: + 359 2 915 35 18
Fax: + 359 2 915 35 25
El. mail: email@example.com, firstname.lastname@example.org
* The tenant provides his personal data contained in the contract and when registering and booking on our site freshrentacar.com