Privacy Policy


1.1 Management of this website (hereinafter – “Website”) is carried out by “BIAPI TRAVEL” Limited Liability Company, a legal entity registered and operating in accordance with the requirements of Ukrainian legislation, code in ERDPOU (Unified State Register of Enterprises and Organizations of Ukraine) 31215508, with address 79008, Lviv region, the city of Lviv, Pavlo Rymlianyn street, building 1, A-4, floor 4 (hereinafter – “Company”, “we”, “our”).

1.2. The company, being a “data controller” in accordance with the requirements of EU General Data Protection Regulation 2016/679, hereinafter – “GDPR” and “personal data owner” in accordance with the Law of Ukraine “On Personal Data Protection”, recognizing the seriousness of the need to protect the personal data of visitors to our Website, in order to protect such personal data, has developed this Privacy Policy (hereinafter – “Policy”).

1.3. This Policy has been developed for the purpose of informing the user of the Website (hereinafter – “User”, “Visitor”) about:

  • the concept of personal data;
  • the amount of personal data that is collected and processed;
  • the purpose of collecting and using such data;
  • ways to protect personal data;

1.4. The policy applies to personal data that we process in connection with the services we offer you, and applies to personal data collected directly from you through our Website.

1.5. In order to comply with the law, we may periodically update the Privacy Policy. Therefore, we kindly ask you to regularly review our Policy on the Website to keep yourself up to date.


2.1. “Personal data” is any personal information required by a third party to identify an individual (data subject).

2.2.”Special category data” is such personal data, the processing of which carries a special risk for the data subject, i.e. may harm such subject at work, at educational institution or in any other environment. For example, personal data revealing racial origin, health status, biometric or genetic data, etc. 

2.3. “Personal data subject” is an individual to whom personal data relates and who can be identified or has already been identified by such personal data.

2.4. “Personal data owner” is an individual or a legal entity which is responsible for the processing of personal data and determines the purposes of its use. Using the terminology of international law, the owner of personal data is a “personal data controller”. 

2.5. “Personal data processor” is an individual or a legal entity which, acting on the basis of orders, instructions, regulations of the personal data owner, processes personal data for the owner.

2.6. “Processing of personal data” is any actions performed with personal data with the use of automatic procedures or without the use of such procedures, and include their collection, recording, systematization, structuring, storage, adaptation, modification, organization, review, distribution, use, granting access to third parties, including employees of the personal data owner or processor, as well as their deletion.

2.7. “Blocking of personal data” is temporary suspension of personal data processing;

2.8. “Deletion of personal data” is actions as a result of which the personal data of the User in the personal data system is erased, which makes it impossible to restore it, and/or actions as a result of which the material carriers of such data are destroyed;

2.9. “Cookies” are small blocks of data created by the Website and stored on the User’s computer or other device in the form of one or more files. The user can block the cookies at any time. Cookies do not contain personal data of the User.


3.1. The processing of personal data is conducted in accordance with the requirements of the Constitution of Ukraine, the Law of Ukraine “On Personal Data Protection”, other regulations and internal acts of the Company. 

3.2. The processing of personal data of Website visitors located in the territory of the European Union is conducted in accordance with the EU General Data Protection Regulation 2016/679 (hereinafter – “GDRP”).


4.1. The company conducts the processing of personal data of the User of the website in accordance with the set purpose only with the full and obvious consent of the User for such processing. If the User acts in the interests of a third party, the User must obtain consent for the processing of personal data from third parties in whose interests he/she acts.

4.2. The processing of personal data is necessary for the Company to fulfill its obligations to the User, including the performance of the contract under which the User is the beneficiary or guarantor. 

4.3. Obtaining the consent of the User or third parties in whose interests he/she acts is a mandatory condition of using the Website and receiving the services provided by the Company on such Website.

4.4. The User’s personal data is also processed in connection with the Company’s fulfillment of obligations arising from the law and public-law relations, i.e. in case of receiving requests from government agencies, officials, etc. 

4.5. Refusal of the User to give its consent to the processing of personal data, the provision of incomplete and/or inaccurate data by the User result in the Company’s failure to provide services through the Website.


5.1. The Company, providing the full range of services through the Website, processes the User’s personal data based on the following principles:

5.1.1. Lawfulness principle – the Company processes personal data only on legal grounds in accordance with the requirements of Ukrainian legislation and international regulations;

5.1.2. Purpose limitation principle – the Company receives and processes personal data only in accordance with specific legal purposes;

5.1.3. Data minimization principle – the Company collects and processes personal data of the User only and exclusively in the amount necessary to fulfill the terms of the contract and provide the relevant services;

5.1.4. Accuracy principle – personal data provided by the User must be accurate and up-to-date. In the event that the User’s personal data has changed since the consent to their processing was given, the User must notify the responsible persons of the Company in order to receive the services of the Website in full;

5.1.5. Storage limitation principle – the Company stores personal data of the User no longer than provided by the consent of such User or the requirements of the Legislation of Ukraine;

5.1.6. Security principle – the Company processes personal data of the User in compliance with the requirements for protection of such data provided by the Legislation of Ukraine and International legal acts.


6.1. Personal data, the consent to the processing of which is given by the User to the Company, include and/or may include the following: surname; name; patronymic; sex; citizenship; passport data (number, expiration date, issuing country); contact phone number; personal e-mail; state of health (if such information is necessary for the use of special services); company name, registration number of the legal entity (when making payment on behalf of such legal entity).

6.2. When the User visits the Website, the Company may also collect software information, which includes the type of browser from which the Website is viewed, the location of the User, the IP address. Such information does not enables the Company to identify the User and is not related to the data that the User provides on the Website.

6.3. In addition to the above, the Company may process any other personal data if the User voluntarily provides it to the Company.


7.1. The Company, being aware of its responsibility to the User, does not collect or process special category data. 


8.1. The Company processes personal data of the User and third parties on whose behalf the User acts, for the following purposes, including, but not limited to:

8.1.1. Providing a full range of services through the Website;

8.1.2. Being able to provide information on the Company’s special offers and other services, including joint services of our partners;

8.1.3. Sending marketing messages to the User. For this purpose, we receive a separate consent from the User, which can be withdrawn at any time. Marketing messages include news, information about the availability of special offers or promotions, promotional products of the Company. To select personalized advertising, the Company may use the information provided by the User on the Website, cookies, as well as other automatically collected data. In addition, the Company may send to the User push notifications, Skype, Viber, Telegram, WhatsApp and other messages using OTT-applications, SMS-messages and other means of information transmission;

8.1.4. Transmission of such information at the request of state bodies and officials;


9.1. In accordance with Ukrainian legislation, the personal data subject has the right to:

9.1.2. Know about the fact of processing, sources of collection, location of their personal data, location of the owner or processor of personal data;

9.1.3. Know about the grounds, purposes and methods of personal data processing;

9.1.4. Receive information about providing access to their personal data to third parties;

9.1.5. Make a reasoned request to the owner or processor of personal data with an objection to their personal data processing;

9.1.6. Make a reasoned request to the owner or processor of personal data to change or erase their personal data, if such data is inaccurate or processed illegally;

9.1.7. Protect their personal data;

9.1.8. Know about the terms of processing and storage of their personal data;

9.1.9. To other rights provided for by the Law of Ukraine “On Personal Data Protection” and GDPR.

9.2. The Company provides information to the User at their request, provided that it is established that personal data belongs to such User. 


10.1. The Company takes all organizational, technical and other measures necessary to ensure the highest level of personal data security and prevent unauthorized access, destruction, alteration, blocking of access or any other actions that may damage the personal data of the User.

10.2. The Company, recognizing the need to ensure the protection of personal data of Users and to coordinate actions to ensure such protection, has appointed a person responsible for the security of personal data.


11.1. The Company, after receiving the consent to the processing of personal data by the User, processes such personal data within 3 years from the date of receipt of the User’s consent. 

11.2. The Company reserves the right to change this Policy at any time. In case of such changes, the date of the change shall be indicated in the current version of the Policy. The new revision comes into force from the moment of its publication on the Website. 

11.3. Last revision: August 07, 2020


12.1. Should there be any questions, requests, suggestions or complaints related to this Privacy Policy, the Company kindly asks you to send your requests to the specified e-mail address: or to the office address: 79008, Lviv region, the city of Lviv, Pavla Rymlyanyna street, building 1, A-4, floor 4.

12.2. The company kindly asks you to indicate your name, surname, e-mail address, as well as detailed questions, comments, suggestions, complaints or requirements in all letters.