I. GENERAL INFORMATION
General Data Protection Regulation (GDPR) – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data entered into force on 25 May 2018.
The Regulation aims to ensure the protection of the data of natural persons from all European Union (EU) Member States and to align and update the regulations on the processing of such data. The GDPR protects the data privacy rights of every person who is in the EU, regardless of whether the information is processed inside or outside the EU.
This policy aims to provide comprehensive information about the processing of personal data in a clear and accessible way for users.
II. INFORMATION ABOUT THE PERSONAL DATA Administrator
“Bulgaria DropView” EOOD, UIC 208164637, with registered office and management address in the town of. Sofia, Slatina district, g.k. Hristo Smirnenski, bl. 36, is a personal data Administrator with regard to the data sent by you and processed by us.
As a data Administrator , Bulgaria DropView Ltd. carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 by collecting data of individuals to the extent necessary for the provision of the service, protecting the data responsibly and lawfully and ensuring the rights of individuals in the collection, processing and storage of their personal data.
III. DEFINITIONS
‘Personal data’ means information relating to an identified natural person or a natural person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, psychological, economic, cultural or social identity of that individual;
“Administrator’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
‘Data subject’ means a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person;
‘Processing’ means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction or destruction.
IV. GROUNDS FOR COLLECTING, PROCESSING AND STORING YOUR PERSONAL DATA
Art. 1 (1) The Administrator collects, processes and stores your personal data in connection with the use of the website on the basis of:
1. Received explicit, clear, free and unambiguous consent from you for the purposes of processing (e.g. to receive the Newsletter and for marketing purposes);
2. Compliance with a legal obligation that applies to the Data Administrator as necessary to protect the life and health of the data subject;
3. A legitimate interest of the Administrator , except where that interest is overridden by the interests of the data subject.
(2) By subscribing to the newsletter, you expressly consent to the processing of your personal data for the purpose of receiving marketing communications, news and offers. You can withdraw your consent at any time by using the unsubscribe link at the end of each message or by contacting us by email at info@bulgariadropview.com .
V. PURPOSES OF DATA COLLECTION, PROCESSING AND STORAGE
Art. 2 (1) The Administrator receives your personal data when you fill in one of the forms on the website, such as the “Contact us” button, in the “Share with us!” field, and when you sign up to receive our online newsletter.
(2) The Administrator collects, processes and stores the data provided by you for the purposes set out in this Policy, including:
1. subscribe and receive the newsletter;
2. sending information and promotional messages;
3. statistical purposes;
4. accounting purposes;
5. information security protection.
VI. CATEGORIES OF DATA COLLECTED, PROCESSED AND STORED BY THE Administrator
Art. 3 (1) The data provided by users are: email address and additional information you have included in the online form.
(2) The Administrator shall not collect or process data concerning:
1. racial or ethnic origin;
2. political, religious or philosophical beliefs, or trade union membership;
3. genetic and biometric data, data concerning health or data concerning sex life;
4. sexual orientation.
(3) The Administrator shall not collect or process personal data of persons under the age of 16, except with the express consent of their parents or legal representatives.
(4) Personal data is collected by the Administrator only from the persons to whom it relates.
VII. PRINCIPLES FOR THE PROCESSING AND STORAGE OF PERSONAL DATA
Art. 4 (1) The controller shall comply with the following principles when processing and storing personal data:
1. legality and good faith;
2. limitation of the purposes of the processing;
3. relevance to the purposes of the processing and the collection of only relevant, appropriate and necessary data for the purposes of the processing;
4. accuracy and timeliness of the data;
5. limitation of the storage of the data in order to achieve the purposes;
6. integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.
VIII. STORAGE PERIOD OF PERSONAL DATA
Art. 5 (1) The controller shall store the personal data provided for a period no longer than the existence of your subscription to the e-newsletter or the withdrawal of your consent to the processing of your personal data.
(2) After the expiry of the period referred to in par. 1, the controller shall take the necessary care to delete and destroy all your data without undue delay.
IX. RIGHTS IN THE COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
Withdrawal of consent to the processing of personal data
Article 6 (1) Data subjects shall have the right at any time to withdraw their consent to the processing of all or part of their personal data by the Controller for any or all of the purposes of the processing, by means of a free text request, without prejudice to the lawfulness of the processing carried out prior to the withdrawal.
(2) The controller may require verification of the identity and identity of the person to whom the data relate.
(3) After withdrawal of consent, the Controller shall delete the data.
(4) The Controller shall delete the data except for the following information:
(a) information that is necessary to verify that the data subject’s right to be forgotten has been fulfilled;
(b) technical information that cannot be linked in any way to the data subject’s identity.
Right of access
Art. 7 (1) The data subject shall have the right to request and obtain from the Controller confirmation as to whether personal data relating to him or her are being processed.
(2) Every data subject shall have the right to obtain access to the data relating to him or her and to information concerning the collection, processing and storage of his or her personal data.
(3) The controller shall provide the data subject, upon request, with a copy of the personal data processed relating to him in electronic or other appropriate form.
(4) The provision of access to the data shall be free of charge, but the Controller reserves the right to charge an administrative fee in the event of repetitive or excessive requests.
Right to rectification or completion
Article 8 (1) The data subject may rectify or supplement inaccurate or incomplete personal data concerning him or her directly on the subscription form or by submitting a request to the Controller.
Right to erasure (“being forgotten”)
Art. 9 (1) The data subject shall have the right to request the erasure of personal data relating to him or her from the Controller, and the Controller shall have the obligation to erase them without undue delay.
(2) In order to exercise the right to be forgotten, the data subject shall submit a request in electronic form to the Controller.
(3) The Controller shall have the right to request verification of the identity and identity with the data subject.
(4) The Controller shall erase the data, except for the following information:
(a) information that is necessary to certify that the data subject’s right to be forgotten has been fulfilled;
(b) technical information which cannot be linked in any way to the data subject’s identity.
Right to restriction
Art. 10 (1) The data subject shall have the right to require the Controller to restrict the processing of personal data concerning him or her where:
1. contest the accuracy of the personal data, for a period that allows the Controller to verify the accuracy of the personal data;
2. the processing is unlawful, but the data subject does not request erasure of the data relating to him or her, but only restriction of the processing;
3. The controller no longer needs the personal data for processing purposes, but the data subject requires them for the establishment, exercise or defence of legal claims.
Right to portability
Art. 11 (1) The data subject shall have the right at any time to obtain from the Controller the personal data which he or she has provided in a structured, commonly used and machine-readable format by means of a request addressed to the e-mail address.
(2) The data subject shall have the right to request the Controller to transfer the personal data provided directly to a controller designated by the data subject, where this is technically feasible. The request for direct transfer of the personal data to a third party may be made by email.
(3) The controller shall have the right to require the data subject to verify his or her identity and identity with the data subject.
Right to complain to the Consumer Protection Commission
Art. 12 (1) In case of violation of his/her rights, the data subject shall have the right to lodge a complaint with the Commission for Personal Data Protection at the following address:
Commission for Personal Data Protection
Registered office and registered address. Registered office and registered office: 1592 Sofia Blvd. “1592, Proff. No. 2 Tsvetan Lazarov
Correspondence data. Registered office and registered office: 1592 Sofia Blvd. “1592, Proff. No. 2 Tsvetan Lazarov
Phone: 02 915 3 518
Email: kzld@cpdp.bg
Website: www.cpdp.bg