“Personal data” – any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is an identifiable person, directly or indirectly, in particular by means of an identifier such as name, identification number, location data, online identifier or one or more features specific to the natural person, the physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual;
“Special categories of personal data” means personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, or trade union membership and the processing of genetic data, biometric data for the unique identification of an individual, health data or data on the sexual life of an individual or sexual orientation
“Processing” means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collection, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission , disseminating or otherwise making the data accessible, arranging or combining, restricting, deleting or destroying it
“Administrator” – any natural or legal person, public authority, agency or other entity that alone or jointly with others determines the purposes and means for the processing of personal data; where the purposes and means of such processing are determined by EU law or the law of a Member State, the controller or the specific criteria for determining it may be laid down in Union law or in the law of a Member State; “Data subject” – any living natural person who is the subject of personal data stored by the Administrator.
“Consent of the data subject” – any freely expressed, specific, informed and unambiguous indication of the data subject’s will, by means of a statement or clearly confirming action expressing his or her consent to the processing of personal data relating to him or her; > “Child” – The General Regulation defines a child as anyone under the age of 16, although this may be reduced to 13 by the law of the Member State. The processing of a child’s personal data is legal only if a parent or guardian has given consent. The administrator shall make reasonable efforts to verify in such cases that the holder of parental responsibility for the child has given or is authorized to give his or her consent.
“Profiling” means any form of automated processing of personal data, in the form of the use of personal data for the assessment of certain personal aspects relating to an individual, and in particular for the analysis or forecasting of aspects relating to the performance of professional duties. of that individual, his economic condition, health, personal preferences, interests, reliability, behavior, location or movement;
“Violation of the security of personal data” – a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed; “Main place of establishment” – the seat of the controller in the EU will be the place where he makes the main decisions for the purpose and means of his data processing activities. With regard to the processor, his main place of establishment in the EU will be his administrative center.
“Recipient” – a natural or legal person, public authority, agency or other entity to which personal data are disclosed, whether a third party or not. At the same time, public authorities which may receive personal data in the context of a specific investigation in accordance with Union law or the law of a Member State shall not be considered as “recipients”; the processing of this data by those public authorities complies with the applicable data protection rules in accordance with the purposes of the processing; “Third party” means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and persons who, under the direct supervision of the controller or the processor, have the right to process personal data. ;
- PURPOSE OF COLLECTION AND HOW AND WHAT PERSONAL DATA DO WE PROCESS?
We strive to process your personal data in good faith in order to fulfill our obligations in accordance with legal and other purposes, as follows:
establishing your identity through our sales channels;
management and execution of your product orders, fulfillment of contractual obligations;
preparation of a proposal for concluding a contract;
providing the complete service you need;
preparation of proposals for concluding distance and off-premises contracts, sending courier services with renegotiated information and the draft contract; cancellation, complaint or warranty / service services; notification of everything related to the products you buy from us or you will be interested in purchasing, sending various notifications, notification of problems, errors or to respond to your requests, complaints, suggestions;
preparation of analyzes and statistics for our sales and customers;
analysis of the client’s history and preparation of a user profile in order to determine a suitable offer for you;
to protect and ensure the security and integrity of our network, you and our employees;
detect and / or prevent illegal actions or actions contrary to our terms; evaluate and measure the effectiveness of our ads, and offer you advertising content that is relevant to your needs;
We process your personal data in order to comply with obligations that are provided for in various regulations, for example:
fulfillment of obligations in connection with distance selling, off-site sales, provided for in the Consumer Protection Act;
providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act; providing information to the Commission for Personal Data Protection in connection with obligations provided for in the legislation on personal data protection – Personal Data Protection Act, Regulation (EU) 2016/679 of 27 April 2016, etc .; >
obligations provided for in the Labor Code, the Accounting Act and the Tax and Social Security Procedure Code and other related regulations, in connection with the maintenance of proper and lawful accounting; providing information to the court and third parties, in court proceedings, in accordance with the requirements of the procedural and substantive legal acts applicable to the proceedings;
age verification when shopping online 2.2. WHAT PERSONAL DATA DO WE PROCESS
Identification data (three names, address)
Traffic data or aggregated consumption data; Data to be provided at the conclusion of a contract;
Data on orders, their execution, contractual obligations;
Data for communication with clients or users (email, phone)
When we process your basic personal data and the other data described for the purposes of providing products, for their payment, for the fulfillment of your orders for the purchase of goods, as well as in order to fulfill our regulatory obligations, this processing is mandatory for the fulfillment of these goals. Without this data, we would not be able to provide the relevant services. If you do not provide us with identification data, we will not be able to enter into a contract with you for our products 2.3. HOW WE PROCESS YOUR PERSONAL DATA
With your consent
In some cases, we process your personal data only with your prior written consent. Consent is a separate ground for processing your personal data and the purpose of the processing is stated in it.
Concessions granted may be withdrawn at any time. The withdrawal of the consent does not affect the fulfillment of the contractual obligations of Ecotermal OOD. If you withdraw your consent to the processing of personal data for any or all of the ways provided in it, Ecotermal Ltd. will not use your personal data and information for the purposes set out above. Withdrawal of consent is without prejudice to the lawfulness of processing based on consent prior to its withdrawal.
We have a large portfolio of products offered. When you provide us with data processing consent, that consent applies to all of our products that you have purchased. To withdraw your consent, you only need to use the store network, our website or just our contact information.
In view of our legitimate interest
These are goals related to the legitimate interests of Ecotermal Ltd. and / or third parties. These goals include
Ensuring the normal functioning and use of the Site by you and other users, maintenance and administration of the Services, resolving disputes, detecting and preventing malicious actions;
Detection and resolution of technical or problems with the functionality, development and improvement of the Services Communicating with you, including electronically on important issues related to the Services.
Reception and processing of received signals, complaints, requests and other correspondence; Realization and protection of the rights and legal interests of Ecotermal Ltd., including through the courts, and assistance in the implementation and protection of the rights and legal interests of other users of the site and / or affected third parties.
For these purposes, it may be necessary to process part or all of the above categories
Ecotermal Ltd. means by “consent” only the cases in which the data subject has been informed about the planned processing and has expressed his consent without being pressured. Consent obtained under duress or on the basis of misleading information will not be a valid basis for the processing of personal data.
For special categories of data Ecotermal Ltd. will request the explicit written consent of the data subjects, unless there is an alternative legal basis for processing. In most cases, consent for the processing of personal and special categories of data is routinely obtained from Ecotermal Ltd., using standard consent documents – e.g. when a new customer signs a contract or during the recruitment of new staff, etc.
Ecotermal Ltd. does not collect or process personal data of children under 16 or less, except with the consent of a parent in accordance with applicable local law. If we learn that a child’s personal data has been accidentally collected, we will delete the data in question in a timely manner.
- RIGHTS OF DATA SUBJECTS
Request confirmation that personal data relating to you are being processed and, if so, access the data as well as information about the recipients of this data.
Request a copy of your personal data from the administrator;
Ask the administrator to correct personal data when it is inaccurate and when it is no longer up to date;
Request the administrator to delete personal data (“right to be forgotten”); Ask the administrator to restrict the processing of personal data, in which case the data will only be stored, but not processed. To object to the processing of your personal data;
To object to the processing of personal data concerning you for the purposes of direct marketing.
File a complaint with a supervisory authority if you believe that any of the provisions of the Regulation have been violated;
To request and be provided with personal data in a structured, widely used and machine-readable format;
Withdraw your consent to the processing of personal data at any time with a separate request addressed to the administrator;
Do not be subject to automated decisions that affect you significantly, without the possibility of human intervention;
Oppose automated profiling that happens without your consent;
Ecotermal Ltd. provides all the necessary conditions to ensure the exercise of rights by the data subject. Data subjects may make requests for access to data, have the right to submit complaints to Ecotermal Ltd., related to the processing of their personal data, the processing of a request by the data subject and an appeal by the data subject regarding the processing of data. complaints
A request for the exercise of the rights of personal data subjects may be submitted as follows:
By e-mail to the following email address email@example.com; In the GDPR section of our website at: Contacts By mail to the address of our Head Office – Ecotermal Ltd .: Burgas, 47 Slivnitsa Str. With a written request
The request for the exercise of personal data rights should contain precise information on:
Name – so we can identify you;
Address, telephone, e-mail – so that we can contact you and provide you with the highest quality service;
Description of the request – so that we know what right you want to exercise;
Ecotermal Ltd. provides information on the actions taken in connection with a request to exercise the rights of the subjects within one month of receiving the request. If necessary, this period may be extended by a further two months, taking into account the complexity and number of requests from a particular person. Ecotermal Ltd. informs the person about any such extension within one month of receiving the request, indicating the reasons for the delay.
Ecotermal Ltd. is not obliged to respond to a request in case it is not able to identify the data subject, the description of the request is not specified or is not sent in the ways provided in this Policy.
Ecotermal Ltd. may request the provision of additional information necessary to confirm the identity of the data subject when there are reasonable concerns regarding the identity of the individual submitting the request.
Where the request is made by electronic means, the information shall, where possible, be provided by electronic means, unless the data subject has requested otherwise.
- DATA SECURITY
A principle in our structure is that all employees are responsible for ensuring security in the storage of data for which they are responsible and which Ecotermal Ltd. holds, and that the data is stored securely and is not disclosed under any circumstances. to third parties, unless Ecotermal Ltd. has not granted such rights to this third party by concluding a contract / confidentiality clause. In this regard, all personal data are available only to those who need them, and access can be granted only in accordance with the established rules for access control. All personal data is treated with the utmost security and stored:
in a private room with controlled access; and / or in a locked cabinet, to which authorized lys have access; and / or
computerized system, password protected in accordance with the internal requirements specified in the organizational and technical measures for controlling access to; and / or computer media that are protected in accordance with the organizational and technical measures for controlling access to information.
Ecotermal Ltd. has created an organization to ensure that computer screens and terminals cannot be viewed by anyone other than the authorized employees / workers of Ecotermal Ltd. All employees are required to be trained and to accept the relevant contractual clauses / declarations / rules for compliance with organizational and technical access measures before being granted access to information of any kind. Personal data shall be deleted or destroyed only in accordance with internal procedures for storing and destroying data.
In case of leakage of data containing personal data, Ecotermal Ltd. will follow and comply with all applicable rules for notification in such cases.
- PROTECTION OF PERSONAL DATA
1 (one) year – from termination of the contract or until final settlement of all financial obligations and expiration of the statutory obligations for data storage, such as obligations under the Electronic Communications Act and the Electronic Document and Electronic Certification Services Act; br> 11 (eleven) years under the Accounting Act for storage and processing of accounting data;
5 (five) years under the Obligations and Contracts Act (limitation periods for filing claims;
5 (five) years according to obligations for providing information to the court, competent state bodies, etc. grounds provided for in the legislation in force Please note that we will not delete or anonymize your personal data if it is necessary for pending court, administrative, arbitration, enforcement or litigation proceedings before us.
- PROVISION OF INFORMATION
When the disclosure of your personal data is duly requested by a competent public or judicial authority;
Where there is a decision of the Commission for Personal Data Protection or of the European Commission, according to which the respective country provides an adequate level of personal data protection;
Where an agreement has been concluded with the organization to which the personal data are transferred, containing the standard data protection clauses approved by the European Commission by Decision № 2010/87 / EU; When it is necessary to transfer data to an organization in the United States, the transfer is made to the extent that a Privacy Shield Framework Agreement has been signed with the United States Department of Commerce. The US Department of Commerce is responsible for managing and administering the Privacy Shield and ensuring that companies meet their commitments
Where necessary, we engage other companies and individuals to perform certain tasks on our behalf, complementing our services, within the framework of data processing contracts; Change of ownership of – in the event of a merger, acquisition or sale of assets affecting the processing of personal data, you will be notified in advance; When we have received your explicit consent for transfer;
- GENERAL POLICY INFORMATION
- DATA FOR CONTACT WITH Ecotermal Ltd. and SUPERVISORY AUTHORITY PROTECTION OF PERSONAL DATA
contact phone: 0888 099 278
address: Burgas, Slivnitsa St 47
In the event of a breach of your rights under applicable data protection law, you have the right to lodge a complaint with the supervisory authority:
THE COMMISSION FOR THE PROTECTION OF PERSONAL DATA
Headquarters and address for correspondence: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2, phone 02 915 3 518, E-mail: firstname.lastname@example.org, Website: www.cpdp.bg