Information about the Data Controller:
“AGPPDP – Botev 64” Ltd. is a company registered under the Commercial Act of the Republic of Bulgaria, with UIC: 103866646, with registered seat and address of management in BULGARIA, Varna, postcode 9010, Primorski district
Legal grounds and purposes for which we use your personal data
We process your personal data on the following grounds:
A contract concluded between us and you, in order to fulfill our obligations under it;
Explicit consent from you – the purpose is specified for each specific case;
A legal obligation provided by law.
In the following paragraphs you will find detailed information regarding the processing of your personal data depending on the legal basis on which we process it.
FOR THE PERFORMANCE OF A CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS
We process your personal data in order to fulfill our contractual and pre-contractual obligations and to exercise our rights under the contracts concluded with you.
Purposes of processing:
establishing your identity;
management and execution of your request and performance of a concluded contract;
preparation of an offer for concluding a contract;
preparation and sending of an invoice/bill for the services you use with us;
providing you with comprehensive service, as well as collecting the amounts due for the services used;
maintaining correspondence related to orders placed, processing requests, reporting problems, etc.;
notification regarding everything related to the services you use with us;
establishing and/or preventing unlawful actions or actions in contradiction with our terms for the respective services;
Data we process on this basis:
On the basis of the contract concluded between us and you, we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:
contact personal data – e-mail address;
identification data – two names, delivery address, e-mail;
other feedback we receive from you;
information from your actions on our website.
The processing of the above personal data is mandatory for us in order to conclude the contract with you and to perform it. Without providing the above data, we would not be able to fulfill our obligations under the contract.
We provide personal data to third parties
We provide your personal data to third parties, with our main goal being to offer you high-quality, fast and comprehensive service. We do not provide your personal data to third parties before ensuring that all technical and organizational measures have been taken to protect these data, and we strive to exercise strict control over the fulfillment of this objective. In this case, we remain responsible for the confidentiality and security of your data.
We provide personal data to the following categories of recipients (data controllers):
postal operators and courier companies;
persons who, by assignment, maintain equipment, software and hardware used for processing personal data and necessary for the company’s activities;
persons providing consulting services in various fields.
When we delete data collected on this basis
We delete the data collected on this basis 5 years after termination of the contractual relationship, regardless of whether due to expiration of the contract term, termination, or other grounds.
FOR COMPLIANCE WITH LEGAL OBLIGATIONS
It is possible that the law provides for an obligation for us to process your personal data. In such cases, we are obliged to carry out the processing, such as:
obligations under the Anti-Money Laundering Act;
fulfillment of obligations related to distance selling, off-premises selling, as provided in the Consumer Protection Act;
providing information to the Consumer Protection Commission or third parties as provided by the Consumer Protection Act;
providing information to the Personal Data Protection Commission in connection with obligations under data protection legislation;
obligations under the Accounting Act and the Tax and Social Security Procedure Code and other related regulations, in connection with maintaining lawful accounting;
providing information to the court and third parties within court proceedings in accordance with applicable legislation;
When we delete personal data collected on this basis
We delete data collected under a legal obligation after the obligation for collection and storage has been fulfilled or has ceased. For example:
under the Accounting Act for storage and processing of accounting data (11 years),
obligations to provide information to the court, competent state authorities and other grounds provided by applicable legislation (5 years).
Provision of data to third parties
When we have a legal obligation, we may provide your personal data to a competent state authority, natural or legal person.
AFTER YOUR CONSENT
We process your personal data on this basis only after your explicit, unambiguous and voluntary consent. We will not foresee any adverse consequences for you if you refuse the processing of personal data.
Consent is a separate basis for processing your personal data, and the purpose of processing is specified in it and does not overlap with the purposes listed in this policy. If you give the respective consent and until its withdrawal or termination of any contractual relations with you, we prepare suitable offers for products/services for you by carrying out detailed analyses of your basic personal data;
Detailed analysis is a method of analysis that allows processing of large volumes of data through statistical models and algorithms and others, which include the use of personal data, as well as processes of pseudonymization and anonymization, with the aim of extracting information about trends and various statistical indicators.
Data we process on this basis:
On this basis we process only the data for which you have given explicit consent. The specific data are determined for each individual case. Usually, the data include:
Email
Names
IP Address
Provision of data to third parties
On this basis, we may provide your data to marketing agencies, Facebook, Google or other similar entities.
Withdrawal of consent
The consents provided may be withdrawn at any time. Withdrawal of consent does not affect the performance of contractual obligations. If you withdraw your consent for processing personal data for any or all of the methods described above, we will not use your personal data and information for the purposes specified above. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
To withdraw your consent, you only need to use our website or simply our contact details.
When we delete data collected on this basis
We delete data collected on this basis upon your request or 6 months after their initial collection.
PROCESSING OF ANONYMIZED DATA
We process your data for statistical purposes, which means for analyses where the results are only aggregated and therefore the data are anonymous. Identification of a specific individual from this information is impossible.
Your data may also be anonymized. Anonymization represents an alternative to data deletion. In anonymization, all personally identifiable elements (elements allowing your identification) are irreversibly removed. For anonymized data there is no legal obligation for deletion, as they do not constitute personal data.
Why and how we use automated algorithms
For the processing of your personal data, we use partially automated algorithms and methods in order to continuously improve our products and services and to adapt them to your needs in the best possible way. This process is called profiling.
How we protect your personal data
To ensure adequate protection of company and customer data, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.
The company has established rules to prevent misuse and security breaches.
For maximum security in processing, transfer and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.
Personal data we have received from third parties
It is possible that we receive personal data about you from other users.
Rights of Users
Each User of the website has all rights for personal data protection according to Bulgarian legislation and European Union law.
The User may exercise their rights via the contact form or by sending a message to our email.
Each User has the right to:
Information (regarding the processing of their personal data by the controller);
Access to their own personal data;
Correction (if the data are inaccurate);
Deletion of personal data (the “right to be forgotten”);
Restriction of processing by the controller or processor;
Portability of personal data between separate controllers;
Objection to the processing of their personal data;
The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects them;
Right to judicial or administrative protection in case the rights of the data subject have been violated.
The User may request deletion if one of the following conditions is met:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
The User withdraws their consent on which the processing is based and there is no other legal ground for processing;
The User objects to the processing and there are no overriding legitimate grounds for processing;
The personal data have been processed unlawfully;
The personal data must be deleted to comply with a legal obligation under Union law or the law of a Member State applicable to the controller;
The personal data were collected in relation to the offering of information society services to children and consent was given by the holder of parental responsibility.
The User has the right to restrict the processing of their personal data by the controller when:
They contest the accuracy of the personal data. In this case, the restriction of processing is for a period that allows the controller to verify the accuracy of the personal data;
The processing is unlawful, but the User does not want the personal data to be deleted and instead requests restriction of their use;
The controller no longer needs the personal data for processing purposes, but the User requires them for the establishment, exercise or defense of legal claims;
They object to the processing pending verification whether the legitimate grounds of the controller override those of the User.
Right to data portability.
The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or on a contractual obligation and the processing is carried out by automated means. When exercising their right to data portability, the data subject also has the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Right to object.
Users have the right to object to the controller against the processing of their personal data. The controller is obliged to terminate the processing unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims. When objecting to the processing of personal data for direct marketing purposes, the processing must be terminated immediately.
Complaint to the supervisory authority
Each User has the right to file a complaint regarding unlawful processing of their personal data to the Personal Data Protection Commission or to the competent court.
Maintenance of a register
We maintain a register of processing activities for which we are responsible. This register contains all of the following information:
the name and contact details of the controller;
the purposes of processing;
a description of the categories of data subjects and categories of personal data;
the categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organizations;
where possible, the envisaged time limits for erasure of the different categories of data;
where possible, a general description of the technical and organizational security measures;
This Privacy Policy has been adopted and approved on 25.04.2022 by “AGPPDP – Botev 64” Ltd.
