By this Privacy Notice, Despred AD provides information about the methods it uses to collect, use, share and protect the personal data provided by you.
Despred AD (hereinafter referred to as the “Company”) processes your personal data in compliance with the applicable legal provisions for personal data protection. They are collected for specific, explicitly stated legitimate purposes and after their implementation, the data are not further processed in a way inconsistent with these purposes. Their provision is limited to what is necessary for the purposes for which they are processed (“minimising the processing of personal data”) and kept up-to-date. They are handled in a way that ensures an appropriate level of security. They are stored fairly and within the statutory deadlines. All activities outlined herein are consistent with the provisions of the General Data Protection Regulation (GDPR 2016/679).
SUPERVISING AUTHORITY: Commission for Personal Data Protection
Address: 2, Prof. Tsvetan Lazarov Blvd., Sofia 1592
Contact data: 02/915 35 18; 02/915 35 15; 02/915 35 19; firstname.lastname@example.org, www.cpdp.bg
It is important that you read this Privacy Notice carefully to understand how and why we use your personal information.
What is personal data?
The definitions used in this document are in compliance with Article 4 of the GDPR:
“Personal data”: Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Sensitive personal data”: Personal data, which are inherently particularly sensitive with respect to the fundamental rights and freedoms of data subjects, deserve specific protection, as the context in which they are processed could pose significant risks to fundamental rights and freedoms. These personal data include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or membership in trade unions, genetic data, biometrics for unique identifying an individual, data concerning health or data on the sexual life of an individual or sexual orientation.
“Processing”: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making data available, alignment or combination, restriction, erasure or destruction.
“Data Controller”: An individual or a legal entity, public body, agency, or another unit which, alone or jointly with others, determines the purposes and methods of personal data processing.
What are the principles of data processing that we apply?
According to the current data protection legislation, the applicable principles are as follows:
- Personal data shall be processed lawfully, fairly and in a transparent manner;
- Personal data shall only be collected for valid purposes and shall not be used in any other way that is not compatible with these purposes;
- Personal data collected shall be related and limited to what is necessary to achieve the relevant purposes;
- Personal data collected shall be accurate and kept up to date;
- Personal data shall be kept for a period not longer than necessary in relation to the purposes for which they were collected;
- Appropriate protection.
What information does the Company collect?
The Company only collects basic personal data about you, excluding special types of information. The personal information collected may include your name, your company’s name, address, e-mail, telephone number, and other information required by the Accountancy Act and other laws.
Why does the Company process personal data?
The Company collects your data on various grounds.
The Company processes your personal data in order to implement its obligations as a party to a contract for the sale of goods and services. As well as for issuing invoices, preparing a detailed report on consumption and services.
For the purpose of the implementation of the obligations of the Company to you, it may transfer your personal data with courier companies and financial institutions / payment processing institutions (e.g. banks, payment service providers, etc.).
The Company has a legitimate interest in using this information for future marketing campaigns and to inform you about future projects.
Furthermore, the Company will keep data related to your payments and purchases to ensure that this information is available in the case of formal proceedings such as civil cases (e.g. if the Company is sued for damages), administrative and criminal investigations (e.g. inspection or audit by the National Revenue Agency), consumer claims, etc.
The Company has arranged for video surveillance on its commercial premises in order to ensure protection against theft and other potential crimes.
How does the Company protect data?
The Company protects the security of your data in compliance with the applicable data protection law. The Company applies internal policies and controls to ensure that your data are not lost, accidentally destroyed, misused or disclosed, and are only available to employees as required for the performance of their duties.
When the Company engages third parties to process personal data on its behalf, they do so complying with written instructions, undertaking to observe confidentiality and applying appropriate technical and organizational measures to ensure data security.
However, please note, that transmission of information over the Internet is never completely secure. Despite the fact that we do everything possible to keep our own systems secure, we do not have full control over all processes related to, for example, the use of our website or the transmission of confidential materials by e-mail, so we cannot guarantee absolute security of your information transmitted to us via the Internet.
For how long does the Company retain data?
The Company will retain your personal data only for the period for which they are needed and for which they are legally regulated. The determination of the appropriate period depends on the quantity, nature and sensitivity of the personal data, the potential risk of harm due to unauthorized use or disclosure of the data to third parties, as well as the applicable legal provisions.
Disclosure of data to third parties
Sometimes, in order to provide the services you have requested from the Company, it may share your personal information with external service providers. The Company may disclose personal data in case of technical support of information systems and operational support of the activity. Such disclosure takes place only if there is a valid reason to do so and on the basis of a written agreement with the recipients for the provision of an adequate level of protection. The Company requires all service providers with whom it shares your data to respect the security of your personal data and to treat it in accordance with the law.
When delivering the products ordered by you, the Company uses courier services, and for this purpose it provides the personal data you have specified for the delivery.
The Company may disclose your personal information to law enforcement, government or public authorities in order to comply with any legal or regulatory requirements. The provision of your data to state authorities can only be carried out in the cases provided for by law and in a volume limited to the purposes for which they are requested.
The Commission for Personal Data Protection exercises legal control over the process of personal data processing and the Company provides full access to the personal data registers kept by it under the legal conditions.
What are your rights as a data subject?
- Right of access to your personal data, which allows you to receive a copy of them.
- Right to request the correction of incomplete or inaccurate personal data relating to you.
- Right to request a restriction on the processing of your personal data, which allows you to temporarily suspend the processing of your personal data.
- Right to object to the processing of your personal data.
- Right to request the deletion of the personal data related to you where there is no valid reason to continue their processing (“right to be forgotten”).
- Right to request the transfer of your personal data to you or to a third party, and this only applies to automated information for which you have initially given your consent to use it (“right to data portability”).
- Right to file a complaint with the competent supervisory authority or the court if your rights have been violated or you have suffered from the unlawful processing of your personal data.
- Right to withdraw your consent to the processing of your personal data at any time by notifying us at the contact address and email specified in the document, without prejudice to the lawfulness of the processing.
If you decide to exercise any of these rights or have additional questions, please contact us at: 84 Veslets Str., Sofia 1202, or by sending an email to: Katya.Atanasova@despred.com
If you believe that the Company has not complied with your data protection rights, you can file a complaint to the Commission for Personal Data Protection.
The Company shall reserve the right to update this Privacy Notice at any time, of which you will be notified by posting it on our website or in any other appropriate manner.