Privacy Policy

Last updated: June 2026

This policy explains what personal data Travel Blog collects, why, and your rights under the EU General Data Protection Regulation (GDPR). We aim to collect as little as possible.

Who is responsible (data controller)

Nigina Mukumova, based in Sofia, Bulgaria. A contact email is being set up and will be published here before launch.

What we collect

• Information you give us — e.g. your email address if you sign up for the newsletter.
• Automatic technical data — your hosting provider records standard server logs (IP address, browser type, pages visited) for security and to keep the site running.
• Cookies — see the section below.

Cookies

• Essential — needed for the site to function and to remember your cookie choice.
• Affiliate partner cookies — when you click an affiliate link, the partner (e.g. a booking platform or retailer) may set a cookie to credit a resulting booking or purchase. These are set by the partner, not by us.
• Analytics — if and when we use analytics, we will load it only after you accept cookies via the banner, and we will update this policy.

Affiliate links & third parties

Some links on this site are affiliate links. If you click one and make a booking or purchase, we may earn a commission at no extra cost to you (see our affiliate disclosure). When you follow such a link, you leave our site and the partner's own privacy policy applies. Partners may include booking platforms, tour and activity marketplaces, travel retailers, and the Amazon Associates Program.

Who we share data with

• Hosting — the site is hosted on Cloudflare Pages, which processes technical/log data to deliver it.
• Email provider — if you subscribe, your email is stored with our email service provider for the sole purpose of sending the newsletter.
• Affiliate networks — as described above, via cookies set on their links.

We never sell your personal data.

Legal basis

We process data on the basis of your consent (e.g. newsletter sign-up, non-essential cookies) and our legitimate interest in running and securing the website (e.g. essential server logs).

International transfers

Some providers may process data outside the EU/EEA. Where that happens, we rely on the safeguards those providers put in place (such as Standard Contractual Clauses).

How long we keep data

Newsletter subscriptions are kept until you unsubscribe. Technical logs are kept only as long as the provider needs them for security and operations.

Your rights

Under the GDPR you can request to access, correct, delete, or port your data, and object to or restrict its processing. You can also withdraw consent at any time. To exercise any right, contact us via the details on our about page.

If you believe we have mishandled your data, you may complain to the Bulgarian Commission for Personal Data Protection (Комисия за защита на личните данни, cpdp.bg).

Changes to this policy

We may update this policy; the "last updated" date above will always reflect the current version.