Personal data protection policy
This policy for the protection of personal data is an integral part of the General Terms and Conditions of "Buldent" EOOD and covers issues related to personal data, incl. what information we collect as a Data Controller, how we use it and what rights users have in this regard.
"Buldent" EOOD has the status of administrator of personal data according to Regulation (EU) 2016/679 (hereinafter referred to as " Regulation " for short).
Administrator ID:
"Buldent" EOOD
Headquarters and address of management: Sofia 1700, Lozenets district, g.k. LOZENETS, MILIN KAMAK STREET No. 50A, floor 1, apartment 3
EIK 131203380, VAT number: BG131203380
MALL: Plamen Petrov Bizhev
"Buldent" EOOD treats as personal data any information that identifies a specific natural person or that relates to a natural person, through which the same can be identified. The processing of personal data is an action or set of actions that may be performed on personal data by automatic or other means.
I. How do we collect information about you?
1. We collect personal data after the express consent of the person to whom it relates. When you register on our site or use one of the forms, you provide us with certain information voluntarily, which we process and store. This information includes: first name, last name, last name, email address, phone number, date of birth, IP address, pins, comments and any other information you provide to us. You may choose to share location data or photos with us. We may prefer to reduce the amount of data we store and process in accordance with the purposes of the processing.
In the case of contractual relationships, in order to fulfill the contract, we necessarily receive the following personal data: first name, last name, last name, e-mail, address, telephone number and gender.
2. In case you decide to purchase a product or order a certain service through the edrogeria.bg site, we collect payment information, contact information (address and phone number) and details of the product or service you ordered.
3. When connecting your profile with your Facebook or Google profile or with other third-party services, we also receive the information from these profiles (for example, friends or contacts). The information we receive from these services depends on the settings and privacy statements, so each person should check what they are.
4. We also receive technical information when you use our site. Every time you use the site, mobile application or other Internet service, the system creates and saves certain information automatically. Here are some of the categories of information we collect:
a/ Data in log files. When you use the Site, our servers record information ("log data" or "log data"), including information that your browser automatically sends when you visit a website or your mobile application automatically sends when you use it. This log data includes the Internet Protocol address, the address and activity of the websites you visit, searches, browser type and settings, date and time of your request, how you used the site, cookie data and device data. If you would like to receive more details about the information we collect - contact us using the contact form.
b/ Cookie data. We also use "cookies" (small text files sent by your computer each time you visit our website) or similar data capture technologies. When we use cookies or similar technologies, we use session cookies (which persist until you close your browser) or persistent cookies (which persist until you or your browser delete them). For example, we use cookies to store your language preferences or other settings so you don't have to set them each time you visit the site. Some of the cookies we use are associated with your profile (including information about you, such as the email address you have given us), and other cookies are not. For more detailed information on how we use cookies, please review our cookie policy.
c/ Device information. In addition to log data, we collect information about the device through which you use our website, including device type, operating system, settings, unique device identifiers, and crash data to help us understand when something breaks. Whether we collect some or all of the information often depends on the type of device you use and its settings. For example, there are different types of information depending on whether you're using a Mac or a PC or an iPhone or an Android phone. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.
II. What we do with the information we collect. Purposes and term of processing:
Objectives
"Buldent" EOOD processes and stores the personal data indicated above solely for the purpose of fulfilling its contractual obligations and more precisely processing the requests of its users, making deliveries, as well as for the following purposes:
a/ Based on Art. 6, item 1, letter "b" of the Regulation - for implementation of pre-contractual relations;
b/ On the basis of Art. 6, item 1, letter "b" of the Regulation - for the fulfillment of contractual obligations that have already arisen.
c/ Based on Art. 6, para. 1, letter "a" and Art. 7 of the Regulation – for non-personalized advertising;
d/ Based on Art. 6, para. 1, letter "a" and Art. 7 of the Regulation – for personalized advertising;
e/ On the basis of Art. 22, para. 2, letter "c", Art. 6, para. 1, letter "a" and Art. 7 of the Regulation - to carry out a personalized assessment of information;
f/ Based on Art. 6, para. 1, letter "e" - for marketing purposes.
g/ On the basis of Art. 6, para. 1, letter "f" of the Regulation - for retargeting in connection with the objectives of marketing, remarketing or optimization;
Term
The data is stored and processed while the user's account is active and 1 year after its deactivation or deletion, as well as as long as it is needed to provide our services. In case the person makes the corresponding request, the information is destroyed immediately.
Recipients of your personal data
In order to make a delivery, when such is requested by the user, "Buldent" EOOD has the right to provide the above personal data or part of them to courier companies or national postal operators, incl. ECONT, SPEEDY, EUROPE. In this regard, the user may receive SMS or calls from these persons. These providers receive only that personal information they need to perform their functions. These providers receive this information so that we can fulfill our obligations to you for the relevant request and to provide our services to you.
The processing of your personal data can be carried out without your consent, only if we are obliged by law to provide government authorities and/or third parties with information containing personal data, in which case in the implementation of mandatory provisions of the law, we will be provided only personal data with the minimum necessary content for each specific case.
III. Rights you may exercise in relation to your personal data:
All rights are exercised, and relevant requests and notifications in connection with the rights of data subjects are submitted through the CONTACT FORM FOR ISSUES RELATED TO PERSONAL DATA edrogeria.bg, to e-mail info@edrogeria.bg. Or by post to the management address listed above. Requests are made in a manner that allows the identity of the requester to be identified. With respect to some rights, technical means of exercising them may be applicable, for example an Unsubscribe Button. In any case, the administrator should respond to the request or rule on the declared right to the address or e-mail provided in the contact form, within one month of receiving it.
According to the General Data Protection Regulation, the data subject has the right to:
• Awareness (in connection with the processing of his personal data by the administrator); When there is a risk of a breach of the security of your personal data, the controller is obliged to notify you of the nature of the breach and what measures have been taken to remedy it, as well as whether the supervisory authority has been notified of the breach.
• Access to your own personal data and the right to withdraw consent to processing. As a subject of personal data, you have the right to request confirmation of whether your personal data is being processed and, if so, to access your data and the following information: for what purpose data is processed, what personal data, data recipients, processing period . Access requests must be made in writing/electronically and addressed to the administrator. Also, you have the right to withdraw your consent to the processing of your personal data at any time.
• Correction (if data is inaccurate). As a personal data subject, you have the right to request the rectification of your personal data that is inaccurate/out-of-date. For this purpose, you must submit a separate request. Your request will be answered by the administrator in the following way - in writing, to the provided e-mail address.
• Erasure of personal data (right to be forgotten). As a subject of personal data, you have the right to "be forgotten", i.e. request that your personal data be deleted without undue delay i.e. the controller to delete your personal data from all systems and records where it is stored, including notifying any third parties/personal data processors to whom it has provided the data. A deletion request can be submitted on the grounds provided for in the Regulation, incl. in the presence of any of the following grounds: the personal data are no longer necessary for the purposes for which they were collected; when you have withdrawn your consent; when you have objected to the processing, when the processing is unlawful; where the personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State that applies to the controller; when personal data were collected in connection with the provision of information society services. The administrator may refuse to delete the personal data on the grounds specified in the Regulation - when the processing of the specific data is for the purpose of: exercising the right to freedom of expression and information; performing a legal duty or task in the public interest or exercising public authority; for public health purposes; archiving for purposes of public interest, research historical research or statistical purposes; or the establishment, exercise or defense of legal claims.
• Restriction of processing by the administrator or processor of personal data. As a data subject, you have the right to request the controller of your personal data to restrict its processing. The restriction is allowed in the following cases: - when you consider that your personal data is not accurate, in which case the restriction is for a period necessary for the administrator to check the accuracy; - when the processing of your personal data is illegal, but you do not want them to be deleted, but you only want to limit their use; - when the administrator no longer needs your personal data for the purposes of processing, but you, as the data subject, require them for the establishment, exercise or defense of legal claims; - when you have objected to the processing pending verification of whether the controller's legitimate grounds prevail over your interests. For this purpose, if any of the above conditions are present, you should submit a request.
• Portability of personal data , incl. between individual administrators. The data subject has the right to portability - to receive the personal data concerning him and which he has provided to an administrator in a structured, widely used and machine-readable format and has the right to transfer such data to another administrator without hindrance from the administrator, to whom the personal data is provided, when the processing is based on consent or a contractual obligation and the processing is carried out in an automated manner. When exercising the right to data portability, the data subject has the right to obtain a direct transfer of the personal data from one administrator to another, when this is technically feasible.
• Objection to the processing of his personal data. As a data subject, you have the right to object to the processing of your personal data at any time, incl. when it is for direct marketing purposes. The administrator should motivate himself whether he accepts the objection, resp. why it continues to process the personal data if it rejects the objection.
• The data subject has the right and not be subject to a decision based solely on automated processing , including profiling, which gives rise to legal consequences for the data subject or similarly affects him to a significant extent. The data subject has the right to contest the automated decision at any time.
• Right to judicial or administrative protection in the event that the data subject's rights have been violated. As a subject of personal data, you have the right to complain against the processing of your personal data or non-compliance with your rights in connection with the protection of personal data before the competent supervisory authority - Commission for the Protection of Personal Data, address: Sofia 1592, "Prof" Blvd. . Tsvetan Lazarov" No. 2 (www.cpdp.bg). Also, a person who has suffered material or non-material damages as a result of a violation of this regulation has the right to receive compensation from the controller or processor of personal data for the damages caused.
IV. Security
We have taken numerous technical, legal and organizational measures to protect the personal data of each individual. In order to avoid unauthorized access, we implement encryption procedures in some areas. Also, we use SSL protocols to prevent the possibility of data misuse by third parties. We do not share data with third parties, except in cases where we need to deliver the ordered goods.
It is possible to use the services of third parties who are processors of personal data for the aforementioned processing purposes. These persons process the personal data on our behalf and are obliged to comply with the applicable regulations for the protection of personal data. These persons are carefully selected by us and only have access to data that is necessary for them to provide the services they are engaged in and within the framework of the consent expressed to us. In the event that such persons are outside the EU and do not meet the necessary requirements of the GDPR, based on its statutory status, we will ensure the protection of personal data through contractual or other legal instruments. Also, it is possible that the personal data will be provided to state or municipal authorities, which carry out different types of control within the framework of the law.
V. Advertising
By confirming the request for account registration, confirming an order for a service or product, the user gives his express consent to the processing of his personal data for one or more of the following purposes:
a/ Inclusion of the user's evaluation and his opinion in marketing surveys through electronic methods - by e-mail or messenger.
b/ Receiving electronic messages about products, services, etc. advertising messages on all owned devices.
c/ Receiving personalized advertising that is tailored to the user's preferences. Personalization is carried out based on an evaluation of user behavior data;
d/ Receiving customized commercial offers tailored to the user's behavior and related to his preferences by e-mail, mail or messenger. For this purpose, the user's consumption data based on his purchasing behavior, his participation in advertising campaigns, as well as the use of the site can be subject to analysis and prediction of the user's interests.
e/ Receiving non-personalized advertising. Users will also receive information about current products, services, initiatives, etc. advertising messages.
VI. Declaration
In the process of processing personal data, "Buldent" EOOD complies with the principles of European and national legislation related to the protection of personal data of individuals. Applying a package of organizational, technical and legal measures, we strive to guarantee a high level of personal data security, protection against unregulated processing, destruction or damage.
We declare that the personal data we collect will be used only for the purposes set forth herein.