Please note that the above text is a translation from Romanian into English. In case of discrepancies between the English version of the text and the Romanian version, the Romanian
version shall prevail.
1.DEFINITION OF TERMS.
"Personal data" - any information related to an identified or identifiable natural person (subject of personal data) and means a set of personal data and / or non-personalized information about the User provided by him to the Company and / or automatically collected by the Company and / or third parties.
"Company" - the company SRL "TRAVEL365", (Cod Fiscal: 1018600011309, address: MD-2000, Moldova, Chisinau mun., Dosoftei str., 87, office 3), that is the developer and owner of the site “top100.travel”, on which processes and collecting personal data of Users.
"Processing of personal data" - any action (operation) or a set of actions (operations) performed by using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, using, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
“Cross - border transfer of personal data” - means the transfer of personal data to the territory of a foreign state, to an authority of a foreign state, to a foreign individual or foreign legal entity.
"Destruction of personal data" - any actions as a result of which personal data is destroyed irretrievably, with the impossibility of further restoration of the content of personal data in the information system of personal data and / or material carriers of personal data are destroyed.
"User" - means an individual and legal entity authorized / registered on the top100.travel website.
"Cookies" - means a small, unique text file that a website sends to a User's computer/device by visiting a website.
"Site" - www.top100.travel, as well as sites in the top100.travel domain.
2. GENERAL PROVISIONS.
By using the Site (viewing, reading text, sending or downloading information) and providing their personal data, the Visitor consents to the processing of personal data in accordance with this Policy.
The Company sets as its most important goal and condition for the implementation of its activities the observance of the rights and freedoms of a person and a citizen by the processing of his personal data, including the protection of the rights to privacy, personal and family confidentiality.
The Company is responsible for processing of the received Personal Data in accordance with the Security Policy adopted by the Company and transfers the corresponding obligations to any third parties acting on its behalf (processors, third parties).
The Company's website is maintained by qualified specialists who ensure the reliability and uninterrupted operation of the site. Technical support is available to users during business hours of the Company, according to the established work schedule, from 08:00 to 17:00.
2.1. User’s rights regarding the protection of personal data.
In connection with the provision of Personal Data, the User automatically receives the following rights:
- to withdraw the consent for the processing of personal data;;
- to receive data relating to their processing (grounds and purposes of such processing, methods of processing used, information about persons who have access to them or to whom they can be disclosed on the basis of an agreement or the Law).
- to receive data about the location and identification data of persons performing the processing of Personal Data.
- to receive data about the periods of storage of Personal Data.
- to receive information about the completed or proposed cross-border transfer of Personal Data.
- to clarify, update his personal data, to demand their blocking or destruction;
- to request from the Company: a list of processed personal data, legal grounds for processing, sources of their receipt, information on the terms of processing and storage, as well as other information related to the processing of his personal data.
- to exercise other rights in the field of personal data protection provided for by the Law or the provisions of this Policy.
The user may at any time withdraw his consent to the processing of personal data by sending a notification to the Company by e-mail to the email address: [email protected]
, marked "Withdrawal of consent for the processing of personal data".
Upon the request, the Company will provide information about the Personal Data that it processes. To request this information, please, contact email: [email protected]
You have the right to access your Personal Data and privacy settings at any time in order to change or delete them. This can be done in the "Profile Settings" section, where You can immediately view and change most of Your personal data. For security reasons, some elements of personal data can only be changed by contacting customer service. We will promptly respond to Your request within a reasonable time frame.
2.2. Personal data about users.
The User provides the Company with the following his personal details:
- last name, first name and patronymic;
- date and place of birth;
- address of the place of permanent residence;
- E-mail address;
- Mobile phone number;
- sex of the User.
The user is the only person responsible for the completeness of the personal (private) data provided and is obliged to change them in a timely manner (update, check, correct) on a regular basis.
The Company proceeds from the fact that all personal (personal) data provided by the User are reliable, and that the User keeps such information up to date.
3. USE OF FILES COOKIES.
The user has the right to disable cookies at any time by changing certain settings on his smartphone, tablet, watch or other mobile device. Such disconnection may result in the limiting or change of the User's access to the functional possibilities of the site and / or content.
By viewing the websites, data about the Site Visitor is automatically collected (from Cookies), in accordance with clause 2.2. Policy.
The Company's website may use Redis, a fast cache and data store, for improving of the performance and scalability of the application, as well as Memcached to speed up the site and improve performance.
By using the site, the Visitor agrees that the Company may use statistical data and Cookies for their further processing by Google Analytics, Yandex.Metrica, Google Firebase, Appmetrica systems and may transfer it to a third party for carrying out of the research, performing of the works or services on behalf of the Company.
The Company collaborates with a third party-organization either to display advertisements on the website or to manage the display of advertisements on other websites. The third party organization with whom the Company cooperates may use various technologies, such as cookies, to collect information about Your activities on this site/application and other websites in order to show you advertisements based on your browsing activities and interests.
If You interact by any way with third-party programs while using the service, for example, provide the service with Your personal data by logging in / registering of an account through social networks, we may delete this data from our service, but they will still be available in the program of the third party-developer. In this case, we cannot delete Your personal data. In this and other situations, we will notify You at the email address you provided on the Company's website that we cannot do this and explain the reasons. If you use a third-party application to post such information, You can delete it yourself. For this purpose, you must either log in to the relevant application and delete the information, or contact the support team of the relevant application.
4. PURPOSES OF COLLECTION AND PROCESSING OF PERSONAL DATA.
4.1. Determination of the purposes of processing.
The collection and processing of Personal Data is carried out for the following purposes:
- for analysis of the User's behavior, as well as identification of the User's preferences for a particular type of content;
- for operational and correct operation of the site, improving the content of the site, improving the internal architecture and functionality of the site;
- for identification of the User;
- for registration in the self-service system (personal account);
- for providing personalized advertising and marketing materials;
- for providing the Site Visitor with information about the Company and the services provided;
- to comply with the requirements of the Law;
- for establishing of the feedback, including sending notifications, requests regarding the provision of services, processing of requests and applications from the User’s site;
- for determining the location of the Site User to ensure security, prevent fraud;
- for confirmation of the accuracy and completeness of personal data provided by the user’s Site; providing the User with access to the websites or services of the Company's partners in order to obtain products, updates and services;
- for any other purposes, subject to obtaining of the separate consent from the User.
The processing of Personal Data is carried out on the basis of the following principles:
- Lawfulness of the purposes and methods of processing;
- good faith;
- Compliance of the purposes of processing of Personal Data with the purposes predetermined and declared by collecting of such Personal Data;
- Compliance of the volume and nature of the processed Personal data with the stated purposes of their processing.
4.2. Conditions of the processing of personal data.
The processing of Personal Data is carried out in the following cases:
- by obtaining consent from the User;
- by achievement by the Copyright Holder of the goals stipulated by an international treaty or the Law;
- by provision by the User of his Personal data to an unlimited number of persons;
- by fulfillment of other obligations of the Company towards the User, including, but not limited to, the provision of certain content to the User;
- by saving of the life or health of the User, when consent to the processing of his Personal Data cannot be obtained in advance.
In case of depersonalization of Personal Data, that does not allow to directly or indirectly identify the User, the subsequent use and disclosure of such data to third parties is allowed and the rules of this Policy are no longer applied to them.
The Rightsholder takes all possible measures to protect the confidentiality of the received Personal Data, except the cases when the User has made such data publicly available.
The processing of Personal Data is carried out by using automation tools and without the use of such automation tools.
5. PROCEDURE OF COLLECTING, STORING, TRANSFER AND OTHER TYPES OF PROCESSING OF PERSONAL DATA
5.1. The procedure of collecting personal data.
The Company ensures the safety of Personal Data and takes all possible measures to prevent access to Personal Data by unauthorized persons.
The User's personal data will never, under any circumstances, be disclosed to third parties, except in cases related to the implementation of applicable law or if the personal data subject has given the consent to the Company on disclosing of the data to a third party for the fulfilling of the obligations under a civil law contract.
You can perform some operations on the site without providing of Personal Data. But, when you register on the site and become the User, we may receive the following personal data from You:
- contact details (your first and last name, phone number and email address);
- payment information (number, expiration date and type of bank card, billing address, other information about Your payment information);
- demographic information (position, nature of work performed, company name and type, and other information about your demographic data);
- identification data (information from licenses, permits, identity cards or other documents certifying the status of an individual or organization);
- Profile data, including Your username and password, information about Your purchases and content, licenses for which You arrange by us.
The term for the processing of personal data is determined by the achievement of the purposes for which the personal data were collected, unless the different period is not provided by the contract or applicable law.
5.2. Disclosure of the personal data.
The Company has the right to disclose Personal Data:
- to its affiliates, branches and representative offices;
- to successors of the Copyright Holder who arose as a result of its liquidation, reorganization, liquidation or bankruptcy, and who received exclusive rights to own the site;
- to third parties solely for the purpose of providing the User with certain content or access to it;
- to third parties when the User has given consent to the disclosure, transfer or processing of his Personal Data, as well as in other cases expressly provided for by the Law or this Policy.
The Rightsholder discloses Personal Data only if:
(1) I am sure that third parties will comply with the terms of this Policy and take the same measures to protect the confidentiality of Personal Data that the Copyright Holder takes,
(2) consent to such disclosure has been previously expressed by the User and/or is permitted by law.
5.3. Storage of personal data.
The Company uses MySQL, one of the most popular relational databases, to store and manage data. MySQL ensures the security and reliability of data storage, as well as high performance and efficiency of the site.
We will retain Your information for as long as your account is active and such information is needed to provide services to You, or for as long as necessary to verify or enforce licenses to use the Licensed Content, or as long as there is necessary to fulfill our obligations under the law.
If You would like to delete Your account, please send us an email to: [email protected]
, marked "Delete account".
If You are unable to access Your account, please, contact Company Support service. We will respond to Your request within a reasonable time. We will retain and use Your information for as long as there is necessary to comply with our legal obligations, resolve disputes, and for the implementation of the agreements we have entered into.
5.4. Protection of personal data.
Protecting of the confidentiality of Personal Data is a paramount and important task for the Company. The Company adheres to all required international standards, rules and recommendations for the protection of Personal Data. The Company has implemented a number of technical and organizational methods aimed at protecting of Personal Data from disclosure or unauthorized access by third parties. The Company has adopted the local acts on the security of personal data. The access to personal data of Site Visitors is provided only to authorized employees of the Company.
The Company applies legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, as well as from other illegal actions in relation to personal data, including:
- differentiation of access to information systems processing personal data;
- prevention of introduction into information systems processing personal data of malicious programs and software bookmarks;
- firewalling for control of access, filter network packets and translating of network addresses for hiding of the structure of information systems that process personal data;
- detection of intrusions into information systems that process personal data that violate or create prerequisites for violating established requirements for ensuring the security of personal data;
- analysis of the security of personal data information systems, involving the use of specialized software;
- and etc.
The company makes all efforts to protect personal information sent to us, both at the time of transmission and after receiving. The personal information that You provide in connection with Your use of the website is protected by several ways:
- Your account is accessed by entering the password and chosen by You "User name" or email. This password is encrypted. There is recommended that you use a strong password consisting of letters and numbers and symbols, which should not be shared with anyone.
- Your personal information is located on secure servers, which can be accessed with a password only by a narrow circle of employees of the Company and contracting organizations.
- At the time of registering a password on the site, Your password must be encrypted.
When you enter sensitive information (such as a credit card number) on our registration or checkout forms, we encrypt this information by using the TLS protocol.
The Company's website may use an SSL certificate to protect user data and ensure a secure connection between the client and the server.
5.5. Links to third party’s websites and organizations that receive personal data.
Top100.travel site may use the OAuth protocol to authenticate third-party users and grant them access to site functionality, and may use Google Analytics to track site visitors and analyze their behavior on the site.
The Company's website is integrated with various services, such as online payment, booking, hotel and airline management systems. This provides convenience and functionality for users and partners.
The Company's website may provide a RESTful API for data exchange between third-party applications and the Company's website.
The Company's website runs on the Ubuntu operating system, one of the most popular Linux distributions. Ubuntu ensures the security, reliability and performance of the server.
The Company's website is stored on a server that ensures the availability and reliability of the site. The server also provides protection against external threats and malicious attacks.
User data is stored in the table “USERS”, “USER_SETTINGS” in the MySQL database “top100” in the LXC container “TRAVEL” on the server “PowerEdge R7425”.
The server data belong to the Limited Liability Company “Start-Soft” S.R.L., IDNO: 1007600029467, registered under the laws of the Republic of Moldova, located at: mun. Chisinau, str. Metropolitan Dosoftei, 87, of. 3.
5.6. Cross-border transmission of personal data.
Cross-border transfer of personal data is carried out taking into account the principle of free movement of data:
a. into the member states of the European Economic Area;
b. into states that provide an adequate level of personal data protection.
6. FINAL PROVISIONS.
6.1. Availability for review of the text of the policy.
The site visitor can always get acquainted with the current versions of the Policy on the Company's website. By continuing to use the site, the Visitor confirms his agreement with the changes made into the Policy.
Date of adoption of the Policy 05/22/2023.
6.2. Access for minors.
We do not aim to solicit or receive personal data from persons under 18 years of age. If You are under 18, do not enter information on the site and do not use our services. If You believe that Your child under the age of 18 has entered personal data, please, report this to the support team so that we delete the data and account of the minor.
6.3. Changing and supplementing of the policy.
The present Policy may be changed from time to time. The Company does not bear any responsibility toward the User for changing of the terms of this Policy without the permission and / or consent of the User.
The Company's website is regularly updated and developed to meet the modern requirements of users and the tourism industry. For this purpose, there are used the new technologies, methods and functionality that improve the operation of the site and provide convenience and comfort for users.
The user himself undertakes to check on the regular basis the provisions of this Policy for possible changes or additions. However, in the event of a significant change of the terms of this Policy, the Company undertakes to notify Users by automatically sending all users to the email address specified by registering of the profile on the site.
6.4. Complaints relating to confidentiality.
Under Your law, You may be granted certain legal rights in relation to your personal data. You may have the right to request access to personal data, as well as to request the correction, deletion or correction of this data and of the limiting of its further processing, subject to any exceptions provided for by law.
In the event of any claims and / or disagreements between the Parties, the dispute must be resolved through negotiations.
In case of failure to reach an agreement between the Parties, the dispute shall be resolved in court at the location of the Company, using the norms of the current legislation of the Republic of Moldova.
6.5. The risk of disclosure.
Regardless of the measures taken by the Company to protect confidentiality of the received personal data, the User is hereby considered to be properly aware that any transfer of Personal Data on the Internet cannot be guaranteed secure, and therefore the User carries out such transfer at his own risk.