The data processed and protected in accordance with this privacy policy refers to any information (personal data) relating to an identified or identifiable natural person (data subject) who can be directly or indirectly identified, particularly by reference to an identifier such as the person's name, surname, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person, or any other factors, individually or in combination.

The data processing defined in this privacy policy includes any operation or set of operations performed with personal data, whether or not by automated means, and such operations may include collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of provision, alignment or combination of data.

SIA 'ROVER,' as the data controller/processor, hereby guarantees that:

• The processing of personal data, including their transmission, is and will continue to be carried out in accordance with the applicable national and European Union data protection laws and regulations (and, if applicable, the competent state authorities have been informed thereof).
• It has provided instructions to the Recipient or Processor to process the transmitted personal data only in accordance with the requirements of the applicable data protection laws and, if applicable, to process the data only on behalf of the controller.
• It ensures compliance with the security measures for data processing.
• If data is intended to be transferred outside the European Union during transmission, the data subject is informed or will be informed before such transmission to a third country (which does not provide adequate protection in the understanding of applicable European Union laws).
• It will respond to any data subject requests regarding the processing of their personal data.
• It will keep records of all data processing activities performed, ensure that any operation carried out with such data is traceable, including identifying to whom such data was transmitted, the type of data, the purposes, and the contractual relationships with such parties.
• It will promptly and properly handle any data subject information requests regarding the processing of their personal data and take into account any recommendations provided by supervisory authorities regarding the processed data.
• Upon termination of the Agreement or the end of the processing period, it will return to the data subject all the transmitted personal data and their copies (if requested by the data subject) and, to the extent permitted by applicable laws, destroy all such data and provide evidence of compliance with the provisions of this clause to the data subject. SIA ''ROVER" hereby confirms that the information and personal data you have provided in relation to the conclusion, execution, and communication of the Travel Agreement will be collected, processed, and stored in accordance with the European Union regulatory requirements regarding personal data protection.

The collected data may be disclosed to third parties in certain cases:

• When providing Tourism services that require involving recipients of personal data located in third countries (e.g., airlines, sea carriers, land carriers, insurers, hotels) and transmitting personal data to a third country (including territories outside the European Union and the European Economic Area, excluding the "U.S. shield"). Therefore, the data recipient does not provide adequate guarantees for data protection, as well as for technical and organizational measures related to the processing and the decision on data transfers to third countries. It is up to you to make a decision based on your participation preferences in the trip and the need for data processing. The data controller informs you that it does not make any automated decisions or profiling based on your data. No violation of your data security will be allowed to the best of its abilities.

Data subject's obligations and rights:

• Clearly and unambiguously express consent to the processing of your data.
• Provide accurate, correct, and truthful data.
• Issue written consent if the Controller or its Processor plans to transfer the data for further processing to any other recipient or processor. In the event of consent being obtained, request that the respective recipient or processor enter into an agreement with the same terms and conditions for secure data processing as assumed by the data subject according to the specific Agreement, and obtain a copy of such agreement. By submitting your data, you agree that the data will be processed and stored for the entire specified data processing period, as well as for the time required by the relevant regulatory acts after the initial data processing.

You have the right to request the restoration, correction, restriction of data processing, information about the use of your personal data, as well as to request the erasure of your data. You also have the right to lodge a complaint with the State Data Inspectorate if a breach of your data processing has occurred.