1. INTRODUCTORY NOTES
We extremely value the privacy of our clients and therefore we treat your personal
information with seriousness and responsibility. The information we collect are
required only in matter to provide you a complete and professional service, in
accordance with our business.
When providing services from our professional activity, we act in accordance with
General Data Protection Regulation (EU) 2016/679 of the European Parliament and
Council of 27 April 2016 (GDPR) and the provisions of the Law on Implementation of the
General Regulation on Personal Data Protection (NN 42/18) and other applicable
regulations that protect personal information.
Our goal is to provide all the necessary information on how we process and protect
personal data of our clients and the rights that belong to them regarding the processing
of personal data.
Also, the use of personal information within our business system focuses on processing
your requests so that we can notify you about news regarding our services and
business. Therefore, please inform us if there is a change in your personal information
or if you have made a mistake while submitting it, so that we can act in accordance with
the principles of personal data protection as well as providing a professional and
In case you notice any deviation from these principles or have any comments regarding
our business practices, feel free to contact us at e-mail: email@example.com to improve our
service and business.
2. PRINCIPLES OF PERSONAL DATA PROCESSING
A client is considered a person who has requested a service or a service offer from
BLACK TIE ltd.Personal data is any data relating to an individual whose identity has been identified or
can be identified (Article 4 of the General Data Protection Act).
Data processing means any procedure or set of procedures that are carried out on
personal data or on personal data sets (Article 4 of the General Data Protection
Client Privilege means any voluntary, specifically, informed and unambiguous
expression of the wishes of a respondent who expressly or explicitly acknowledges the
consent of the processing of personal data relating to him (Article 4 of the General Data
Protection Regulation). Without the client’s privacy, we will never use any client’s
personal information for any purpose that is required by the applicable regulations.
Accordingly, we will act in accordance with the following principles:
1. Lawfulness, Fairness and Transparency
Data is processed lawfully, fairly and in a transparent manner in relation to the data
subject in accordance with the best business practice of data protection.
2. Purpose limitation
We collect data for specified, explicit and legitimate purposes and only in accordance
with the purpose for which this data was collected.
3. Data minimisation
We collect and process only those data that are necessary, adequate, relevant and
limited to what is necessary in relation to the purposes for which they are processed.
4. Data accuracy
We pay particular attention to the accuracy of the data collected. We use every
reasonable step to ensure that personal data that are inaccurate are erased or rectified
without delay, regard to the purposes for which they are processed.
5. Storage limitation
Data that enables client identification is only kept for as long as is necessary to fulfill the
purpose for which the data was collected or as required by the applicable regulations.
6. Integrity and confidentiality
The data is processed in a way that ensures the proper security of personal data,
including protection against unauthorized or illegal processing, and from accidental
loss, destruction or damage by applying appropriate technical and organizational
All our employees who collect or process personal information of our clients are
acquainted and educated in accordance with the principles of the Regulation and act in
a legitimate, fair and transparent manner with personal information of their clients.
3. PERSONAL DATA COLLECTION MODE
We collect information –personal data about or customers in the following ways:
1. The user may leave his or her data personally or in the name of the user, or
another user can be contacted by us or by phone or mail
2. Data collection via web- On our website when making a reservation or asking for
a quote, we collect the information needed to make a reservation or offer; The
customer submits us the information via the form on the web site or when
registering the invoice
4. TYPES OF PERSONAL DATA WHICH WE CONCLUDE
We only collect data that is necessary for the purpose of data collection and in
accordance with applicable legal regulations.
The following data categories may be involved in the processing of our clients’ personal
a. Personal data contained in the Transfer Confirmation, namely:
Date, time, airport, flight number (railway station, train number, etc.);
Number of passengers and the route, including the point of origin and he destination;
The number of luggage items (if any);
Client’s telephone numbers specifying full names;
The vehicle category chosen by the client;
The number of necessary child safety seats and/or booster seats required;
Special requests by the Client, if any;
An approximate place of meeting the Clients at an airport, railway station, etc.;
Telephone numbers of Black tie ltd. contact persons;
Other information necessary for the considered approval and proper execution of an order.
b. Personal data obtained subsequently in relation to the provision of services
under the Contract, such as changes / amendments to Transfer Confirmation
data or route details communicated to Black tie ltd. in a timely manner and
through proper channels.
In order to comply with legal obligations, we store the following information for 11
years following the transfer date:
Lead Passenger name
Number of passengers
Lead Passenger E-mail
Point of origin and destination
Due to the nature of passenger services, there may be a need for processing specially
protected categories of personal information that reveal, for example, religious or
philosophical beliefs, union membership, and data related to client health, exclusively
for the purpose of executing a contract between BLACK TIE ltd and a client, that is,
performing the activities that precede the conclusion of the contract.
It will be considered, that the client, who voluntary reveals data from a special category
of personal data to BLACK TIE ltd, is explicitly giving his or her privacy, in processing
5. PURPOSE OF PERSONAL DATA COLLECTION
We collect personal information for the following purposes:
1. In order to execute the contract or prepare for the execution of the contract, we
collect personal information so that we can perform the service to the client or in
order to make a service offer to the client.
2. For the purposes of informing users about services and products, if the client has
given the privilege, we can use the client’s information to inform the customer
about our services and products that may be of interest to the client.
3. For internal purposes – with the aim of protecting the interests of their clients as
well as their own legitimate interests, in accordance with the applicable
We are obliged to provide or allow access to certain personal data of the client to the
competent state bodies, based on a written request, according to the applicable
regulations, (e.g. courts, police, tourist inspections, etc.). The legal basis for the
processing of data for these purposes is the fulfilment of the legal obligations of BLACK
6. PROMOTING DATA TO THIRD PARTY
We pass client data to third parties in the following cases:
1. For the purpose of executing a contract or preparing for execution of a contract
with a client
When it is necessary to provide the customer with a contracted service or required
information, we pass the data to a third party. This includes, for example, sending a
client’s data to a hotel or carrier when it is needed to perform a service or make a bid
for the service.
2. When the user has given the privilege
We pass the data to a third party if it is necessary for the purpose for which the user
has explicitly granted the privilege.
3. When engaging subcontractors to perform certain jobs
If we engage the subcontractors as executives for the execution of certain jobs, in that
case we will pass the personal data to the subcontractor.
7. CLIENT RIGHTS
In accordance with the General Data Protection Regulation (GDPR), the client has the
1. Right of access by the data subject
The client is entitled to receive confirmation that we are processing his or her personal
data and, if processed, he or she is entitled to receive information about the purpose of
the processing, the category of personal data we are processing, the recipients or
categories of recipients of the data we are processing, the estimated period in which
the data will be stored or the criteria to determine the period, the right to request
correction, deletion and limitation of data processing, the right to lodge a complaint
with the supervisory authority, automated decision-making system information, such as
profile design, of safeguards if the data is transferred to a third country.
2. Right to Rectification
The customer has the right to obtain correction of incorrect data related to it, as well as
to request the completion of incomplete data.
3. Right to erasure (“Right to be forgotten”)
The customer has the right to obtain deletion of data (“Right to be forgotten”) unless
the data is necessary for the purpose for which they are collected or should be kept in
accordance with the applicable legal regulations. BLACK TIE ltd. has the obligation to
notify the customers the change or erasure of the data executed at its request.
4. Right to restriction of processing
The client has the right to access the data processing limit, under the terms defined in
the General Data Protection Regulation. BLACK TIE ltd has an obligation to notify the
client about the processing limit made at the client’s request.
5. Right to data portability
The client has the right to receive the personal data concerning him or her, which he or
she has provided to BLACK TIE ltd, in a structured, commonly used and machine-
readable format and have the right to transmit those data to another controller without
hindrance from the controller to which the personal data have been provided.
6. Right to Object
The client has at all times the right to object to the processing of personal data.
The client has at all times the right to a direct marketing complaint, in which case the
data will no longer be used for that purpose.
7. Automated individual decision-making, including profiling
The client has the right not to be subject to a decision based solely on automated
processing, including profiling, which produces legal effects concerning him or her or
similarly significantly affects him or her.
8. PERSONAL DATA PROTECTION
When protecting personal information of our clients, we handle a business practice in
the field of tourism as well as information and communication technologies. We are
improving every day in the area of our activity and we are of particular interest to the
client’s satisfaction, which of course implies the protection of his or hers personal data.
For this reason, we have invested additional resources and efforts to protect our
customers from any unauthorised insight, change, loss, theft, or other misuse of data.
The client can exercise his rights under the General Data Protection Regulation (GDPR)
by submitting a request to the electronic mail address: firstname.lastname@example.org, as well as filing
a claim with the Personal Data Protection Agency.
The Policy comes into force and begins to apply on the day of its publication and is
available on the internet site and at BLACK TIE ltd. On the possible amendments to the
Policy, clients will be timely informed, including through the publication on the web site.
The right to transfer of personal data, deletion of data and the limitation of personal
data processing shall have the client no later than the date of application of the General
Data Protection Act, 25 May 2018.