- The competent supervisory authority,
- The legal basis on which we process personal data,
- The purposes for which we use personal data,
- Principles of personal data processing,
- What personal data we collect,
- Storage period of personal data,
- Access to and transmission of personal data, and
- The rights and guarantees that the GDPR provides to data subjects.
II. SUPPLIER’S INFORMATION
- Name: “DIMITAR MADJAROV – 2” Ltd, PIC 115033847
- Headquarters and address of management. 3 “Ilyo voyvoda” Str. Plovdiv.
- Telephone number: 032 907 000, e-mail: firstname.lastname@example.org
- Public register entries: Commercial register at the Registration Agency of the Ministry of Justice of the Republic of Bulgaria.
III. INFORMATION ON THE COMPETENT SUPERVISORY AUTHORITY
- Name. Commission for the Protection of Personal Data of the Republic of Bulgaria
- Address: Sofia, 1592, 2 “Professor Tsvetan Lazarov” blvd.
- Telephone number: 02/ 915 35 18
- e-mail: email@example.com
- Internet site: www.cpdp.bg
IV. BASIS FOR COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
We process (including but not limited to: collect and store) your personal data solely in connection with our business and in accordance with the requirements of applicable law, including the Personal Data Protection Act of the Republic of Bulgaria and the General Data Protection Regulation.
- We process your personal data on at least one of the following grounds:
- User’s consent to the processing of personal data;
- The processing of personal data is necessary for the performance of contractual obligations of the Provider to the User;
- The processing of personal data is necessary to take steps at the User’s request before entering into a contract;
- The processing of personal data is necessary to comply with the Supplier’s legal obligations;
- The processing of personal data is necessary for the purposes of Provider’s legitimate interests to carry out its activities.
V. PURPOSES FOR THE COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
We collect, process and store Users’ personal data in connection with the provision of our services and communication in connection with the use of the Website, and for the following purposes:
- Communication and identification in the performance of a service contract and a sales contract (including when performing a relevant contract);
- Communication, identification, processing and fulfillment of inquiries, orders, requests, reservations, purchases of goods or services (including contract preparation, acceptance of orders, shipment of goods, solving
- issues related to cancellation of orders, reservations, return of purchased goods, refunds, etc.);
- Compliance with tax and other legal obligations;
- Accounting purposes in connection with the use of our services;
- Protection of our legitimate interests in relation to the performance of our obligations towards state and municipal authorities (for example: National Revenue Agency, Ministry of the Interior);
- To protect our legitimate interests in relation to the storage of information for the purpose of defending against legal or tax claims and to improve the performance of the Website;
- Information security protection of the website;
- Statistical information about the use of the website;
- Providing advertising content according to the User’s interests;
- Sending newsletter via e-mail, commercial and informational messages through push notifications;
- Organizing Customers’ games and contests. If a data subject refuses to provide us with some or all of the personal data that is necessary for the relevant purpose set out above, we may be unable to provide the relevant service (for example, to fulfill a contract concluded with the relevant User) or to comply with relevant legal requirements (for example, to enable the data subject to exercise their rights under the GDPR).
VI. PRINCIPLES OF COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
We comply with the following principles when collecting, processing and storing your personal data:
- legality, fairness and transparency;
- limitation of the purposes of processing;
- limitation of the storage period in order to achieve the purposes for which the data are processed;
- minimising the processed data;
- data accuracy and timeliness;
- integrity and confidentiality of data processing and ensuring an appropriate level of security of personal data.
VII. PERSONAL DATA
We collect the following categories of Users’ personal data for the following purposes and on the following grounds:
- Your personal data (name and surname, telephone number and e-mail address), as well as other data that you provide to us voluntarily, for the purpose of processing your enquiries, providing service offers and providing services on our part, at your request, including communication with you in this regard, and on the basis of taking steps at your request for the possible conclusion of a contract, the performance of a contract to which you are a party or a consent for processing provided by you;
- Your personal data (name and surname, telephone number and e-mail address) and information related to payment and payment methods chosen for the purpose of issuing and sending accounting/tax documents (invoices) in connection with services used by you, including communication with you in this regard, and on the basis of taking steps at your request for the possible conclusion of a contract, performance of a contract to which you are a party or performance of our legal obligation;
- Name and e-mail address for the purpose of sending advertising and/or informational content from our side, including news, newsletter, promotions, participation in loyalty programs and activities, announcements about improvements or changes in the services provided by us, as well as other advertising messages, if you express your wish, and on the basis of consent for processing provided by you or our legitimate interest in relation to Users who are already our customers and/or partners;
- Your personal data (name and surname, telephone number, social networking profile and e-mail address) and information necessary for the purposes of running games and competitions by us, if you have expressed a wish to participate in such, as well as for contacting you in connection with them and publicly announcing winners.
- Your IP address, browser settings and language preferences, pages visited, and actions taken for the purpose of sending push notifications if you have opted in to receive them;
- Your IP address, the pages visited, for information security purposes;
- Other data that may be necessary in certain cases or related to the provision of services to Users by us, including the necessary for the performance of contractual obligations (e.g. date of birth, signature, PIN number) or other data that Users choose to voluntarily share with us, and based on the performance of a contract to which you are a party, consent for processing provided by you or in compliance with our legal obligation.
We do not process, respectively collect from Users, special categories of personal data (for example: data revealing racial or ethnic origin, political opinions, genetic or biometric data, as well as data concerning the sex life and sexual orientation of the data subject).
We do not make decisions based solely on automated data processing, including profiling.
We usually obtain the personal data directly from the data subject. However, it is not excluded that we may also receive personal data from other people, such as: other employees in the company where the data subject works, as well as from publicly available sources such as the Commercial Register and the Register of Non-Profit Legal Entities at the Registry Agency of the Ministry of Justice of the Republic of Bulgaria.
VIII. STORAGE PERIOD OF PERSONAL DATA
We keep Users’ personal data for no longer than necessary to fulfil the relevant processing purpose or the statutory period, where applicable. For example:
- personal data provided by you when filling in the contact form will be stored until the request has been fulfilled or the enquiry you have contacted us about has been satisfied, and for a maximum of one year thereafter for statistics and marketing analyses;
- our customers’ personal data processed in connection with contracts concluded between the respective User and us will be stored for a period not longer than ten years from the 1st of January of the year following the year in which the contract is recorded for tax purposes;
- our customers’ personal data processed in connection with the issuance of tax documents (invoices) will be stored for a period not exceeding ten years from January 1st of the year following the year in which the document I is recorded for tax purposes;
- our partners/suppliers’ personal data processed in connection with contracts concluded between the respective partner/supplier and us will be stored for a period of no longer than ten years from the 1st of January of the year following the year in which the contract is recorded for tax purposes;
- the personal data of participants in recruitment and selection procedures will be kept for a period not exceeding six months from the time of the final conclusion of the recruitment/selection procedure in which the concerned data subject participates, respectively after the expiry of the appeal period of the procedure, unless the concerned data subject has consented to the storage of their personal data for a longer period, in which case the data subject shall have the right to withdraw their consent at any time and without giving reasons.
The retention period depends, along with other things, on the duration of the legal relationship between the concerned User and us and on the purposes for which the personal data are processed. Where there is an indication(s) of potential legal claim(s) or liability, these periods will be extended accordingly. Where processing is based on the User’s consent (for example: in the case of personal data provided by third parties for direct marketing), we will retain that personal data for as long as we have valid consent to process it.
After the above periods have expired, we shall take the necessary care to delete and/or destroy your relevant personal data without undue delay.
IX. ACCESS TO PERSONAL DATA AND TRANSFER OF PERSONAL DATA TO THIRD PARTIES
In general, the Users’ personal data we process is accessible to our employees, agents and partners who need it to comply with legal obligations and/or to fulfil contractual obligations (for example: providing a service under a contract with a User). In this relation, we may, at our discretion and subject to the requirements of the GDPR, transfer all or part of your personal data to third parties such as accountants, professional advisors including lawyers (for the purpose of financial and accounting and administrative services of our business), cloud-based data processing/storage platforms (for the purpose of organizational services of our business, for example: storing and processing contracts with Users on cloud-based platforms for better security), companies providing postal services (for the purposes of the organizational service of our activity, for example: sending contracts on paper to the Users), IT service providers, system administration, marketing services (for the purposes of providing more reliable and quality work on the Internet page and more secure data processing), third party information storage service providers (i.e. hosting companies) (for the purpose of fulfilling contracts with Users).
Based on applicable law or at the request of public authorities, all or part of your personal data may also be made available to public authorities.
We do not intend to transfer your personal data to countries outside the European Economic Community or to international organizations.
X. DATA SUBJECTS’ RIGHTS
You, the data subject, have the following rights any time while we are processing your personal data, and subject to the limitations set out in the applicable law:
- Right of access – you have the right to request information about whether we are processing your personal data and to access and obtain a copy of such personal data; in the event that you request more than one copy of such personal data, you may be liable to pay an appropriate fee for each additional copy;
- Right to rectification/correction – you have the right to request that your personal data be corrected if you believe it is inaccurate or incomplete. We will carry out such rectification/correction without undue delay;
- Right to erasure/to be forgotten – in certain circumstances (for example: the personal data concerned is no longer necessary for the purposes for which it was collected; you have withdrawn your consent for the processing of certain personal data for which there is no other legal basis) you may request your personal data that we process to be erased from our records/our database without undue delay. In certain cases we may refuse to erase such personal data (for example: the processing of personal data is necessary to comply with a specific legal obligation or to establish, exercise or defend legal claims);
- Right to restrict processing – where certain conditions apply (for example: the processing of certain part of your personal data is unlawful, but you do not want this data to be erased), you have the right to request a restriction of the way in which your personal data is processed;
- Right to data portability – where your personal data is provided to us by you and is processed in an automated manner, you have the right to request this personal data to be transferred to you in a structured, commonly used and machine-readable format, as well as to have it transferred to another personal data controller if this is technically feasible;
- Right to object – you have the right, at any time, to object the processing of your personal data for certain purposes, in which case we will stop using your personal data for that specific purpose unless we have overriding legitimate grounds for doing so (for example: you have the right, at any time, to object the processing of your personal data for direct marketing purposes, in which case we will stop processing your personal data for those purposes without undue delay);
- Right to object to automated processing, including profiling – you have the right not to be subject to a decision that is based solely on automated processing of your personal data, including profiling, and you also have all the rights that accrue to you in the event that you are subject to the legal consequences of such processing;
- Right to withdraw your consent for processing – in the event that we process your personal data on the basis of consent, you have the right to withdraw your consent at any time. Withdrawal will not affect the lawfulness of processing based on consent prior to withdrawal.
If, at User’s request, we delete their personal data from our database, we will only retain the information that may be necessary for the protection of our legitimate interests or for public authorities.
You have the right to request information about any recipients to whom the personal data for which rectification, erasure or restriction of processing has been requested, have been disclosed. We may refuse to provide this information if it would be impossible or would require a disproportionate effort.
In case we are required to transfer personal data to another controller, to correct or erase personal data, to restrict processing of personal data or to cease such processing, to provide information about the recipients to whom the personal data for which correction, erasure or restriction of processing has been requested, has been provided, or to provide access to personal data, and where there are concerns about the User’s identity making the relevant request, we may first request additional information to confirm the identity of the data subject in question.
In case there is a third party in the processing of your personal data to whom all or part of your personal data has been transferred (as set out in Part IX above), all of the above requests will be forwarded to that third party.
The exercise of the above rights is free of charge to Users, except where the requests made are manifestly unfounded or excessive. In such a case, we may either charge a reasonable fee to comply with the request or refuse to act on the request.
Users may exercise the above rights by contacting us by email at: firstname.lastname@example.org
XI. COMPLAINT TO A SUPERVISORY AUTHORITY