PERSONAL DATA PROTECTION POLICY
SIDI 92 EOOD has the capacity of controller of personal data according to Regulation (EU) 2016/679 (hereinafter referred to as "Regulation").
Administrator identification: SIDI 92 EOOD
Headquarters and address of management: BULGARIA, 5809 Pleven city, 22 Braila str.
SIDI 92 EOOD treats as personal data any information that identifies a specific individual or that relates to an individual through which it can be identified. The processing of personal data is an action or set of actions that can be performed on personal data by automatic or other means.
I. HOW DO WE COLLECT INFORMATION ABOUT YOU?
1. We collect personal data with the express consent of the data subject. When you register on our site or use any of the forms, you provide us with certain information voluntarily, which we process and store. This information may include: first name, last name, last name, email address, phone number, date of birth, pins, comments and any other information you provide to us. You may choose to share location information or photos with us. We may prefer to reduce the amount of data we store and process according to the purposes of the processing.
In a contractual relationship, in order to fulfill the contract, we must receive the following personal data: name, surname, family name, email, address, telephone number and gender.
2. In case you decide to buy a product or order a certain service through the website https://eng.sidi92.com/personal-data, we collect payment information, contact information (address and telephone number) and details about the product or service that you ordered.
3. When you link your account to your Facebook, Twitter, Google or other third party services, we also receive information from those accounts (such as friends or contacts). The information we receive from these services depends on the settings and privacy statements, so each person should check what they are.
4. We receive technical information when you use our site. Each time you use the site, mobile application or other Internet service, the system creates and saves certain information automatically. Here are some of the categories of information we collect:
a) Data in the registration files. When you use the Site, our servers record information ("log data" or "log data"), including information that your browser automatically sends when you visit a website or your mobile application automatically sends when you use it. This log data includes the address of the Internet Protocol, the address and activity of the websites you visit, searches, type and settings of the browser, date and time of your request, how you used the site, cookie data and device data. If you want to get more details about the information we collect - contact us via the contact form.
c) Device information. In addition to log data, we collect information about the device through which you use our website, including device type, operating system, settings, unique device identifiers, and crash data to help us understand when something breaks. Whether we collect some or all of the information often depends on the type of device you are using and its settings. For example, there are different types of information depending on whether you're using a Mac or a computer or an iPhone or an Android phone. To learn more about what information makes your device available to us, please also check the device manufacturer's or software provider's policies.
II. WHAT DO WE DO WITH THE INFORMATION WE COLLECT?
SIDI 92 EOOD processes and stores the personal data mentioned above only for the purpose of fulfilling its contractual obligations and more precisely processing the requests of its users, making deliveries, as well as for the following purposes:
a) Pursuant to Art. 6, item 1, letter “b” of the Regulation - for implementation of pre-contractual relations;
b) On the grounds of art. 6, item 1, letter “b” of the Regulation - for fulfillment of already incurred contractual obligations;
c) On the grounds of art. 6, para. 1, letter “a” and Art. 7 of the Regulation - for non-personalized advertising;
d) On the grounds of art. 6, para. 1, letter “a” and Art. 7 of the Regulation - for personalized advertising;
e) On the grounds of art. 22, para. 2, letter “c”, Art. 6, para. 1, letter “a” and Art. 7 of the Regulation - for personalized assessment of information;
f) On the grounds of art. 6, para. 1, letter "e" - for marketing purposes;
g) Pursuant to Art. 6, para. 1, letter "e" of the Regulation - for retargeting in connection with the purposes of marketing, remarketing or optimization;
Term. The data is stored and processed according to our internal registers. For example, the data from the contact form with us is stored for up to 20 days after which it is automatically deleted. Registration data - while the user's account is valid and 1 year after deactivation or deletion, as well as as long as there is a need for it to provide our services. We store the data from each form in a separate register with its own storage period. We have chosen the shortest possible time. If you are interested in a specific period for data storage, you can send us an inquiry through the contact form on the site.
In case the person makes the respective request, the information shall be destroyed immediately.
For the purpose of delivery, when requested by the user, SIDI 92 EOOD has the right to provide the above personal data or part of them to courier companies or national postal operators, incl. SPEEDY, ECONT, RAPIDO. In this regard, the user can receive SMS or calls from these people.
III. RIGHTS YOU CAN EXERCISE REGARDING YOUR PERSONAL DATA
All rights are exercised, and the relevant requests and notifications in connection with the rights of data subjects are submitted via the CONTACT FORM ON PERSONAL DATA ISSUES https://eng.sidi92.com/kontakti, to e-mail privacy @ sidi92.com or by post to the address of management indicated above. Requests shall be made in a way that allows the identity of the applicant to be identified. With regard to some rights, technical possibilities for exercising them may be applicable, such as a write-off button. In any case, the administrator should respond to the request or rule on the declared right to the address or e-mail provided in the contact form, within one month of receiving it.
• Awareness (in connection with the processing of his personal data by the administrator); When there is a risk of breach of security of your personal data, the controller is obliged to inform you about the nature of the breach and what measures have been taken to eliminate it, as well as whether the supervisory authority has been notified of the breach.
• Access to your own personal data and the right to withdraw consent to processing. As a data subject, you have the right to request confirmation of whether your personal data is being processed and, if so, to have access to your data and the following information: for what purpose the data are being processed, what personal data, data recipients, processing time . Requests for access must be made in writing / electronically and addressed to the administrator. You also have the right to withdraw your consent to the processing of your personal data at any time.
• Correction (if the data is inaccurate). As a data subject, you have the right to request the correction of your personal data that is inaccurate / out of date. You must submit a separate request for this purpose. Your request will be answered by the administrator in the following way - in writing, at the provided e-mail address.
• Deletion of personal data (right to be "forgotten"). As a data subject, you have the right to be "forgotten", ie. to request that your personal data be deleted without undue delay, ie. the administrator to delete your personal data from all systems and records where they are stored, including notifying all third parties / processors of personal data to whom he has provided the data. A request for erasure may be made on the grounds provided for in the Regulation, including in the presence of any of the following grounds: personal data are no longer necessary for the purposes for which they were collected; when you have withdrawn your consent; when you have objected to the processing, when the processing is illegal; where personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State,which applies to the administrator; where personal data have been collected in connection with the provision of information society services. The controller may refuse to delete personal data on the grounds specified in the Regulation - when the processing of specific data is for the purpose of: exercising the right to freedom of expression and information; performing a legal obligation or task of public interest or exercising public authority; for public health purposes; archiving for purposes of public interest, historical research or statistical purposes; or establishing, exercising or defending legal claims.The controller may refuse to delete personal data on the grounds specified in the Regulation - when the processing of specific data is for the purpose of: exercising the right to freedom of expression and information; performing a legal obligation or task of public interest or exercising public authority; for public health purposes; archiving for purposes of public interest, historical research or statistical purposes; or establishing, exercising or defending legal claims.The controller may refuse to delete personal data on the grounds specified in the Regulation - when the processing of specific data is for the purpose of: exercising the right to freedom of expression and information; performing a legal obligation or task of public interest or exercising public authority; for public health purposes; archiving for purposes of public interest, historical research or statistical purposes; or establishing, exercising or defending legal claims.historical research or statistical purposes; or establishing, exercising or defending legal claims.historical research or statistical purposes; or establishing, exercising or defending legal claims.
• Restriction of processing by the controller or processor of personal data. As a data subject, you have the right to ask the controller of your personal data to restrict the processing of personal data. Restrictions are allowed in the following cases: - when you believe that your personal data is not accurate, in which case the restriction is for the period necessary for the administrator to verify the accuracy; - when the processing of your personal data is illegal, but you do not want them to be deleted, but you only want their use to be restricted; - when the controller no longer needs your personal data for the purposes of processing, but you, as the data subject, require them for the establishment, exercise or protection of legal claims; - when you have objected to the processing pending verification that the administrator's legal grounds take precedence over your interests. To this end, in the presence of any of the above conditions, you should submit a request.
• Portability of personal data, including between individual administrators. The data subject has the right to portability - to receive the personal data concerning him and which he has provided to the controller, in a structured, widely used and machine readable format and has the right to transfer this data to another controller without interruption by the controller, to whom the personal data are provided when the processing is based on consent or a contractual obligation and the processing is carried out in an automated manner. When exercising its right to data portability, the data subject shall also be entitled to receive a direct transfer of personal data from one controller to another where this is technically feasible.
• Objection to the processing of his personal data. As a data subject, you have the right to object to the processing of your personal data at any time, including for direct marketing purposes. The controller should be motivated whether he accepts the objection or why he continues to process the personal data if he rejects the objection.
• The data subject has the right not to be the subject of a decision based solely on automated processing, including profiling, which has legal consequences for the data subject or similarly affects him significantly. The data subject has the right to challenge the automated decision at any time.
• The right to judicial or administrative protection in the event that the data subject's rights have been violated. As a subject of personal data you have the right to complain against the processing of your personal data or non-compliance with your rights in connection with the protection of personal data before the competent supervisory authority - Commission for Personal Data Protection, address: Sofia 1592, Blvd. . Tsvetan Lazarov ”№ 2 (www.cpdp.bg). Also a person who has suffered material or non-material damages as a result of violation of this regulation, has the right to receive compensation from the administrator or processor of personal data for the damages.
• We have taken a number of technical, legal and organizational measures to protect the personal data of each person. In order to avoid unauthorized access, we perform encryption procedures in some areas. We also use SSL protocols to prevent the possibility of third-party data misuse. We do not share data with third parties, except in cases where we should deliver the ordered goods.
• It is possible to use the services of third parties who are processors of personal data for the above purposes of processing. These persons process personal data on our behalf and are obliged to comply with current regulations for personal data protection. These individuals are carefully selected by us and have access only to the data they need to provide the services with which they are engaged and within the framework of our consent. In the event that these persons are outside the EU and do not meet the necessary requirements of the GDPR, based on its status as a legal act, we will guarantee the protection of personal data through contractual or other legal instruments. Also, it is possible that personal data may be provided to state or municipal authorities that exercise different types of control within the law.
By confirming the application for registration of an account, confirming an order for a service or product, the user gives his explicit consent (NOT by presumption) to the processing and transfer of personal data for one or more of the following purposes:
a / Inclusion of the user's assessment and his opinion in marketing research by electronic methods - by e-mail or messenger.
b / Receive electronic messages for products, services and other advertising messages on all owned devices.
c / Receive personalized advertising that is tailored to the user's preferences. Personalization is performed based on algorithms for evaluating user behavior data.
d / Receiving personalized sales offers tailored to the user's behavior and relevant to his preferences by e-mail, mail or messenger. For this purpose, the data on the consumer's consumption based on his purchasing behavior, his participation in advertising campaigns, as well as the use of the site can be the subject of analysis and forecast of the user's interests.
e / Receiving non-personalized advertising. Users will also receive information about current products, services, initiatives and other advertising messages.
In the process of personal data processing SIDI 92 EOOD observes the principles of European and national legislation related to the protection of personal data of individuals. By applying a package of organizational, technical and legal measures, we strive to ensure a high level of security of personal data, protection against unauthorized processing, destruction or damage.