When do we delete data collected on these grounds?
We delete the data collected on these grounds 2 years after the termination of the contractual relations, regardless of whether due to the expiration of the contract, cancellation or other grounds.
TO COMPLY WITH REGULATORY REQUIREMENTS
The law may require us to process your personal data. In these cases, we are obliged to perform the processing, as follows:
- Pursuant to the provisions of the Anti-Money Laundering Measures Act;
- Compliance with the provisions of the Consumer Protection Act related to distance selling, off-site sales;
- Providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;
- Providing information to the Commission for Personal Data Protection in connection with obligations provided for in the legislation on personal data protection;
- In accordance with the provisions of the Accounting Act and the Tax and Social Insurance Procedure Code and other related normative acts related to lawful accounting;
- Providing information to the court and third parties, within proceedings in court, in accordance with the requirements of the regulations applicable to the proceedings;
- Age verification when shopping online.
When do we delete personal data collected on these grounds?
The data collected in accordance with an obligation required by law are deleted after the requirement for collection and storage is complied with or ceases to exist. For example:
- pursuant to the Accounting Act for storage and processing of accounting data (11 years),
- obligations to provide information to the court, competent state authorities, and other grounds provided for in the current legislation (5 years).
Provision of data to third parties
When the law requires so, it is possible for us to provide your personal data to the competent state body, natural or legal person.
AFTER YOUR CONSENT
We process your personal data on these grounds only after we receive your explicit, unambiguous and voluntary consent. We shall not provide for any adverse consequences for you if you do not consent to the processing of your personal data.
Consent constitutes separate grounds for the processing of your personal data and the purpose of the processing is stated in it, and is not covered by the purposes listed in this policy. After we receive your consent and until its withdrawal or the termination of any contractual relations with you, we prepare suitable offers for products / services, performing detailed analyses of your basic personal data;
Detailed analysis is a method of analysis that allows the processing of large volumes of data using statistical models and algorithms that include the use of personal data, as well as processes of pseudonymization and anonymization of the same, in order to extract information about trends and various statistical indicators.
Data which we process on these grounds:
We process only the data which you have given your consent for on these grounds. The specific data are determined for each individual case. These data are usually names, phone number, email address.
Provision of data to third parties
On these grounds, we may provide your data to marketing agencies, Facebook, Instagram or other social platforms.
Withdrawal of consent
Any consent granted may be withdrawn at any time. Withdrawal of consent does not affect the implementation of contractual obligations. If you withdraw your consent to the processing of personal data in any or all of the ways described above, we will not use your personal data and information for the purposes set out above. Withdrawal of consent shall not affect the lawfulness of the processing based on a consent prior to its withdrawal.
To withdraw your consent, you only need to use our site or just our contact information.
When do we delete personal data collected on these grounds?
We delete the data collected on these grounds at your request or 12 months after their initial collection.
How do we protect your personal data?
To ensure adequate data protection of the company and its customers, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.
For maximum security in the processing, transmission and storage of your data, we may use additional security mechanisms such as encryption, pseudonymization and others.
Personal data we have received from third parties
We receive personal data from the following third parties: marketing agencies, Facebook, Instagram and other social platforms.
RIGHTS OF USERS
Each User of the site shall have all rights to personal data protection under the Bulgarian legislation and the European Union legislation.
The user can exercise their rights through the contact form or by sending a message to our email.
Each user has the following rights:
- The right to be informed (in relation to the processing of his or her personal data by the controller);
- The right to access to the personal data;
- The right to rectification (when the data are inaccurate);
- The right to erasure (‘right to be forgotten’);
- The right to restriction of processing by the controller;
- The right to data portability between controllers;
- The right to object to the processing of personal data;
- The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her;
- The right to judicial or administrative protection in the event of a breach to the rights of the data subject.
The User shall have the right to obtain from the controller the erasure of personal data concerning him or her when one of the following applies:
- The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- The User withdraws consent on which the processing is based and there is no other legal ground for the processing;
- The User objects to the processing and there are no overriding legitimate grounds for the processing;
- The personal data have been unlawfully processed;
- The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
- The personal data have been collected in relation to the offer of information society services and the consent is given or authorized by the holder of parental responsibility over the child.
The User shall have the right to obtain from the controller restriction of processing where one of the following applies:
- The User contests the accuracy of the personal data; in this case the restriction shall apply for a period enabling the controller to verify the accuracy of the personal data;
- The processing is unlawful and the User opposes the erasure of the personal data and requests the restriction of their use instead;
- The controller no longer needs the personal data for the purposes of the processing, but they are required by the User for the establishment, exercise or defence of legal claims;
- The user has objected to processing pending the verification whether the legitimate grounds of the controller override those of the User
The right to data portability
The User shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided when the processing is based on consent or on a contract; and the processing is carried out by automated means. In exercising his or her right to data portability, the User shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
The right to object
The User shall have the right to object to processing of personal data concerning him or her. The controller shall no longer process the personal data unless the controller demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the User or for the establishment, exercise or defence of legal claims. Where the User objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
Complaints to the supervisory authority
Each User has the right to file a complaint against illegal processing of his or her personal data to the Commission for Personal Data Protection or to the competent court.
RECORD MAINTENANCE
We maintain a record of processing activities under its responsibility. That record shall contain all of the following information:
- the name and contact details of the controller;
- the purposes of the processing;
- a description of the categories of data subjects and of the categories of personal data;
- the categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organizations;
- where possible, the envisaged time limits for erasure of the different categories of data;
where possible, a general description of the technical and organizational security measures.