This policy applies to all Processing of Personal Data in electronic form (including electronic mail) or where it is held in manual files that are structured in a way that allows ready access to information about individuals.
General Data Protection Regulation (GDPR)
We are a Data Controller of your information. Data Controller under this Policy shall mean a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
Personal Data shall be processed lawfully, fairly and in a transparent manner in relation to the Data Subject. This means that, where legally required, LockTrip must tell the Data Subject what Processing will occur, i.e. LockTrip must ensure that the individuals are provided with a privacy information notice concerning the processing of their Personal Data (transparency).
Whose personal data LockTrip collects and processes?
In the course of its activity Lock Trip collects and processes personal data pertaining to:
Website visitors/users as well as visitors of our social media profiles
As clients we refer to both individual clients, as well as to legal representatives/ employees of a corporate client, including where our business relationship are established via our website.
For the purposes of the activities of LockTrip as regards our obligations to prevent money laundering, terrorist financing, drug and human trafficking, proliferation of weapons of mass destruction, corruption and bribery and to take action in case of any form of suspicious activity from its Users, along with data concerning client’s pieces of personal data pertaining to other persons may be collected.
These may be individuals who are the beneficial owners of a corporate client and/or individuals who are the legal representative of entities.
What personal data we collect? How do we obtain them and why do we process them?
Personal information LockTrip collects when you visit our website may include information you provide voluntarily as well as information collected automatically.
LockTrip collects personal data that you provide voluntarily via our website, such as when filling in online forms/ applications/ inquiries/ complaints or when you use our email to reach us. This information may include name, positions and company (employer), contact details such as email and phone number, as well as other personal information, which you freely decided to disclose. LockTrip also collects these data you subscribe for receiving of bulletin or other marketing communication from us.
When you visit our website, we automatically collect particular personal details. This information collected automatically may include your IP address, device type, device unique identification number, browser type, geo-location, webpages visited, time and date of visit as well as other technical information. Collecting this type of information allows us to better understand our website visitors, where they come from and which elements of our web content is of interest to them. We use this information for internal analytics purposes and for improvement of the quality and suitability of our website in terms of you visitors’ preferences.
Personal information we collect for our clients
In the course of its business activity, LockTrip collects personal data for its clients, including:
Personal Identification Number or Personal Number of Foreigner
any citizenship acquired;
country of residence and main address
Identity card / passport or other official identity document, the period of validity of which has not expired and has a photo of the client
Photo of the client
Contact details, such as address, e-mail, phone number
Bank details, such as credit/debit card details, IBAN or other payment account number
Sensitive personal data such as political views only on the KYC/AML process.
As mentioned before, LockTrip must be maximally protected that its activity is not used for money laundering and terrorist financing. In accordance with the KYC process, LockTrip will identify you as a client and whereas the client is an entity, LockTrip shall identify its beneficial owners.
In connection with the above identification, LockTrip will collect a copy of the presented identity document.
LockTrip may gather data about the professional and business activity of the client as well as other data in accordance with the requirements of the law to prevent money laundering and terrorist financing.
Special Categories of Data
Special Categories of Personal Data means pertaining to or revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data for the purpose of uniquely identifying a natural person.
In connection with the application of specific AML measures related to PEPs or close relatives LockTrip may collect information about political views of its clients with a declaration. Some of the information collected by this declaration may be considered as Special Categories of Data (also known as sensitive data). LockTrip will only processes such kind of information where the Data Subject expressly consents to such Processing or where one of the following conditions apply:
The Processing relates to Personal Data which has already been made public by the Data Subject.
The Processing is necessary for the establishment, exercise or defence of legal claims;
The Processing is specifically authorised or required by law (e.g. for Employees this would be the case where medical information about them should be provided to the Company in relation to sick leaves);
The Processing is necessary to protect the vital interests of the Data Subject or of another natural person where the Data Subject is physically or legally incapable of giving consent;
Further conditions, including limitations, based upon applicable national law related to the Processing of genetic data, biometric data or data concerning health.
Where Special Categories of Data are being Processed, LockTrip will adopt additional protection measures. LockTrip may also adopt additional measures to address local custom or social expectation over the Processing of Special Categories of Data.
How do we collect the information?
In the course of exercising our business activity, LockTrip collects personal data via the following channels:
Directly from you – when you send us requests, register on our website, submit forms and documents for participation in different initiatives.
Publicly available sources – data from Commercial Register, including published financial statements, Register of Non-profit Legal Entities, professional profile online, information published in the media.
Why do we use your personal data?
We use your personal data in the course of the performance of our activities upon establishment of relations with potential and current clients, for establishment of our position at the market and others. In particular, we process your personal data for the following:
Drafting of contract offers and conclusion of contracts
Administration, management and performance of clients’ request or orders concerning our products or services, performance of contracts for products or services
Processing is necessary for the purposes of the legitimate interests pursued by LockTrip to prevent its activity to be used for money laundering or terrorist financing
Collection of sums
Performance of deliveries, client support, rendering technical assistance, including upon grievances or complaints from clients
Sending of marketing messages, brochures and other types of letters concerning the products and services of LockTrip
What else you need to know?
If you use our website for creating an account and for sending orders as well as when you use our contact form we will also process your personal data in your capacity as website visitor/user, including via electronic means upon loading of our webpage.
Legal Basis for processing of Personal Data
Providing service and answering inquiries, signals, complaints, troubleshooting and other feedback regarding the services provided.
Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
Given the specific activity of LockTrip, it estimates that it can be used for abuses such as money laundering and terrorist financing.
To prevent such illegal activities, the company has set up a KYC/AML process.
In this regard, the company has an interest in concluding contracts only with persons who have been carefully inspected.
Processing is necessary for the purposes of the legitimate interests pursued by the controller to prevent its activity to be used for money laundering and terrorist financing.
The data subject has given consent to the processing of his or her personal data for these specific purposes.
Contact details, such as address, e-mail, phone number
The data subject has given consent to the processing of his or her personal data for this specific purpose
Your personal data will be processed by LockTrip only in accordance with the applicable data protection regulations. When you correspond with us through any of the communication channels, you confirm that the data you have provided is accurate, correct and up-to-date.
We should inform you that any consent to the processing of your personal data may be withdrawn at any time, as by submitting a written request to the address of the LockTrip in Sofia, Mladost district, 78 Alexander Malinov Blvd., and / or sending an e-mail to email@example.com
For how long will my personal data be stored?
Once the purposes for which the personal data have been collected have been achieved, we will destroy it immediately.
LockTrip takes all necessary technical and organizational measures for the destruction of data that are no longer needed, except in cases where there is a legal basis for LockTrip to process it for a longer period of time; upon your request to limit the processing, according to your rights, described in detail below; or with a view to being compatible with the original purpose of the processing, of which you will be informed.
LockTrip stores the collected personal data within the following terms:
a) when the data are processed on the basis of a concluded contract with clients - for a period of 5 years, which period starts from the date of termination of the contract with clients. Sensitive personal data collected in connection with customer identification will be stored for the same period.
b) when the data are processed on the basis of obtained consent - until the explicit withdrawal of the consent.
c) when the data are processed to protect the realization of the rights and interests of the Company, which have a justified advantage over the interests of individuals - until the expiration of the right and / or loss of interest.
d) where the data are processed for compliance with a legal obligation that applies to the controller, subject to legal provisions.
After the expiration of the specified terms, if there is no other reason for data processing, they will be deleted. In order to obtain and analyze information related to the products and services you use, as well as to improve the service, the Company may delete only part of the data. In these cases, it continues to store part of the data that does not allow individuals to be subsequently identified.
Who will we share your personal information with?
We undertake to share your information only amongst employees of LockTrip who require your information to perform their job functions. All of the individuals are under duty of confidentiality in terms of further disclosure of your personal information.
Sometimes LockTrip need to share your personal information with our partner organizations. When this is necessary, e.g. for accessing the services of IT providers for development of our systems and technical maintenance; auditors and consultants, who assess the compliance of our activity with various regulatory requirements; legal advisors securing our legal interests; successors of the Company or business partner in case all of part of the Company is sold, restructured or merged with another company, including in the course of due diligence processes for this purposes and other cases, we will comply with all aspects of applicable European and national data protection legislation.
Whenever necessary or required, we share information with:
IT services Providers
Auditors and consultants
Other service providers, e.g. corporate events organizers, couriers and others
Legal successor of the Company
Public authorities of the Republic of Bulgaria (in compliance with applicable legislation).
Do we transfer your data to countries outside the European Economic Area?
We do not transfer your personal data to countries or territories outside the European Economic Area.
Any transfer of personal data which are undergoing processing or are intended for processing after transfer to a third country or to an international organisation shall take place only if, subject to the other provisions of this Regulation, the conditions laid down in Chapter V of General Regulation on Personal Data Protection are complied with by the Controller, including for onward transfers of personal data from the third country or an international organisation to another third country or to another international organisation.
How do we protect your personal data?
To ensure adequate data protection of the Company and its Clients, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act and the General Regulation on Personal Data Protection.
The company has established structures for the prevention of misuse and security breaches, and a Data Protection Officer has been appointed to support the processes of protection and security of your data.
For maximum security in the processing, transmission and storage of your data, we may use additional security mechanisms such as encryption, pseudonymization and more.
The Company stores your data on special server spaces, which are accessible only to employees of the Company who are directly engaged in the processing of your data.
Paper copies are stored in special places, which are not publicly available or available to persons with unauthorized access.
If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you wish to be informed what Personal Information we hold about you and if you want it to be removed from our systems, please contact us.
In certain circumstances, you have the following data protection rights:
The right of information.
The right to access, update or to delete the information we have on you.
The right of rectification.
Right of erasure.
The right to object.
The right of restriction.
The right to data portability.
The right to withdraw consent.
Right to Complain before the Surveillance Authority.
In more details
Right of information:You have the right to receive relevant information of our processing of your data, which is actually the purpose of this Policy. However, at any time you may contact us to receive additional information or clarifications on whether and how LockTrip processes any of your personal data.
Right of access:You have the right to get free information about the nature, volume and way we use your personal data, and get a copy of this information. In addition, you have the right to receive information about the recipients of your data, including whether your personal data is being transferred to a country or an international organization located outside the European Union. If such a transfer takes place, you have the right to be informed of the appropriate precaution measures taken to protect your personal information.
Right of Rectification:You may request from us within a reasonable time to supplement and / or correct incomplete, inaccurate or outdated personal data.
Right of Erasure:You may require the deletion of your personal data and we are obliged to delete the personal data without undue delay, unless there is a legitimate legally prescribed reason to deny your request, e.g. when the processing is mandatory under the applicable legislation.
Right of objection:You may object to processing performed by LockTrip at any time on grounds relating to your particular situation (applicable when processing your data is done on the basis of a legitimate interest of LockTrip or a third party). In any case you may object to processing for the purposes of direct marketing (if performed on this legal basis).
Right to Restriction of Processing:In the event that personal data that we process is inaccurate or obsolete or if you deem our processing unlawful, you have the right to ask us to limit / suspend the processing of such data for a period that allows us to verify the accuracy of the information and correct it accordingly, or until we resolve the matter of the legality of our processing.
Data portability:This right allows you to get your personal data in a structured, machine-readable format. You are entitled to data portability inly where we process your personal information on the basis of consent or for the conclusion/performance of a contract and provided that the information itself is processed via automated means.
Right to withdraw consent:When processing your personal data is based on your consent, you are entitled to withdraw it at any time. This can be done online by contacting us via email or in our office or via postal service at LockTrip address.
Withdrawal of your consent does not affect the legality of the processing prior to the consent withdrawal.
Right to Complain before the Surveillance Authority:If you believe that your privacy and data protection rights have been violated, you have the right to contact the Bulgarian Data Protection Commission. CPDP data is as follows:
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
To exercise any of the above rights, you may contact us at any time. Before we can fulfil your request, we may ask for additional information to verify your identity.
LockTrip follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and a part of hosting services' analytics. The information collected by log files include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These are not linked to any information that is personally identifiable. The purpose of the information is for analyzing trends, administering the site, tracking users' movement on the website, and gathering demographic information.
Cookies and Web Beacons
Like any other website, LockTrip uses 'cookies'. These cookies are used to store information including visitors' preferences, and the pages on the website that the visitor accessed or visited. The information is used to optimize the users' experience by customizing our web page content based on visitors' browser type and/or other information.
Google DoubleClick DART Cookie
Note that LockTrip has no access to or control over these cookies that are used by third-party advertisers.
Third Party Privacy Policies
Our website and services may provide links to other websites through direct links or through third party applications. LockTrip do not control these sites or their privacy practices, so we recommend that you familiarize yourself with their privacy practices before sharing your personal data with these platforms.
You can choose to disable cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found at the browsers' respective websites. What Are Cookies?
Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/or monitor and guide their online activity.
LockTrip does not knowingly collect any Personal Identifiable Information from children under the age of 13. If you think that your child provided this kind of information on our website, we strongly encourage you to contact us immediately and we will do our best efforts to promptly remove such information from our records.
Changes to this Policy
This Policy was last updated on 7th March 2021. We may change its contents by updating this page to reflect changes in applicable legislation or LockTrip privacy practices. However, we will not use your personal data in new ways without your knowledge or consent.