- What information is collected from the Site?
To use the Services of the Site, it needs certain information about you by which you can be identified directly or indirectly.
- Information provided voluntarily by the User:
а) In cases where a certain service on the site requires this, we may ask you for the following categories of personal information: a.1. Your personal name or nickname; a.2. Valid email address; a.3. Telephone; a. 4. Physical address for correspondence a.5. Possible preferences a.6. Additional data (user content) that the user enters for himself/herself, including graphic previews or photos. b) These categories of personal information may also be required upon request to us in connection with the exercise of your rights described below.
- Information that the Site collects from the User
- a) For the performance of certain functionality of our site and the services you access through it, we automatically collect information about you from your computer. In this way, the following additional categories of personal data can also be collected, namely: a.1) IP address a.2) browser you are using a.3) Preferred language settings a.4) Device type a.5) Reporting the time to use the site a.6) Information about the operating system of your device a.7) In addition, data can also be collected about: a.7.a) the number of clicks you make while browsing the site a.7.b) which pages on our site you have viewed a.7.c) from which pages you have been redirected to our site
- b) We may occasionally receive information about you from our partners and / or social networks: If you would like to reach us through channels other than those provided through the site (for example, social networks) we collect data from where you accessed the site. We do not collect your publicly available information.
- c) Voluntary sharing of publicly available information
At your discretion, you can share information about yourself on the site.
It may be publicly available through other websites, including information about who you are related with there. The collection, storage, preservation and processing of this information is subject to the terms and conditions of those other websites (third parties).
- Personal data of children. How we treat them?
The site’s services are not addressed to persons under the age of 18. The Company does not intend and does not wish to collect personal data of children in connection with the services provided through the site. If, however, the Company receives information about a minor in connection with the Services of the Site, we shall not process it and shall delete it, unless a legal act obliges the Company to process such data in an established manner.
- From whom is information collected?
For the purposes set out below, the Site collects information from its end users – data subjects.
- How is information collected?
The personal information processed through the site can be collected in the following ways, in combination and separately:
- Provided personally and voluntarily by the user;
- Automatically collected from and through the site
- Through Cookies to optimize its presentation and analysis.
If you would like to learn more about these technologies, how they work and how we use them, please visit our POLICY FOR COOKIES USE.
- Why is data collected and processed and on what legal basis?
The Company uses the information described above for various purposes, based on the relevant legal bases, namely:
|Data category||Purpose of processing||Legal basis under the Data Protection Regulation (GAP)|
|1. Data for age of user – data subject||1. To provide site services||1. art.6, para 1 c) – for compliance with a legal obligation applicable to the data administrator|
|1. Personal names (at least one) or nickname 2. Current email address 3. Additional information provided by the user||1. To provide service and functionality of the site||Art.6, para 1 (a) – the data subject has consented to the processing of his/her personal data|
|1. Personal names 2. Current email address 3. Additional information provided by the user||Personal communication with end users||1. Art.6, para 1 (b) – processing is necessary for the performance of a contract|
|1. IP address 2. Browser used 3. Language settings 4. Type of device used||1. To provide the full functionality of the Site||1. Art.6, para 1 (b) – processing is necessary for the performance of a contract|
|1. Personal names 2. Telephone and / or email 3. Physical address for correspondence||Official, legal and / or system warnings, legal purposes||1. art.6, para 1 c) – for compliance with a legal obligation applicable to the data administrator|
|Analytical data||Improvement of the services provided by the site and statistics||1. Art.6, para 1 f) – legitimate interest|
- Period for storage of personal data
The collected user information through the site is stored for the following periods:
|Data category||Collection method||Purpose of use||Period for storage|
|1.. Data for age of user – data subject||Through the Site when initially loaded onto the data subject’s end device||Compliance with regulatory requirements||1 hour|
|1.. Personal names 2. Current email address 3. Additional information provided by the user, including phone number and/or physical correspondence address||Through the “Contacts” section and the attached contact form||Personal communication with end users and receiving inquiries, recommendations and complaints.||Not stored|
|1. IP address 2. Browser used 3. Language settings 4. Type of device used||When using the site by the data subjects||1. To provide the full functionality of the Site||24 months|
- Measures to ensure lawful and fair processing. What measures have we undertaken to protect your data?
In accordance with European legislation, the Company maintains appropriate and necessary technical and organizational measures to protect user’s data, including preventing unauthorized access to and / or misuse of data. The Company uses business systems, procedures and information technologies to adequately protect your personal data and ensure their security. Only authorized personnel have access to personal data in our information systems.
- How do we guarantee security?
The data collected from the users of the Site are systematized into registers that are subject to encryption. The data registers themselves are located on the hard memory of computer systems with limited technical and physical access, only by qualified and trained personnel.
- Who do we share your information with?
The Company does not share personal information of users of the Site. However, in certain situations, we may share your personal information with third parties in the following cases:
|Subject of sharing||Description||Legal basis under the Data Protection Regulation (GDPR)|
|Accounting and control||To fulfil obligations under accounting law or approved international accounting standards.||Art.6, para 1, item c|
|Special Authority Body- Administrative, Judicial and / or Executive Authority||1.When there is a need and obligation to disclose a trade secret; 2. In connection with the settlement of legal disputes before a competent court and / or arbitration;3. Sharing information with law enforcement and financial institutions, when required by law or indispensable for the prevention, detection or prosecution of criminal activity or fraud.||Art.6, para 1, item c|
- Users’ rights in relation to personal data
Below we present the rights of each end user – data subject guaranteed by European data protection law:
|Type of legislation||Description||Relevance to the Site|
|Right to information||When submitting his / her personal data or before it is collected by the processing administrator, the User has the right to be informed about the following basic circumstances: 1. Who is the administrator; 2. What are the purposes of processing; 3. What is the legal basis and / or legal interests; 4. Who can receive the data; 5. What is the term for their storage; 6. What are the rights of users; 7. Is automatic decision-making performed, including profiling?||Yes|
|Right to access||The user has the right to access his/her personal data, which the Site processes. This includes data from the “Right to Information” as well as the source of personal data and the categories of data that are processed. Where personal data are not collected directly from the User, the User should also receive information on the manner of collection, the type of processing, and the legal basis available.||Yes|
|Right to correction||The user has the right to ask the administrator to correct without undue delay inaccurate personal data related to the user – subject of personal data.||Yes|
|Right to deleting||The user has the right to request the administrator to delete the personal data related to him/her without undue delay.||Yes|
|Right to be forgotten||Where the administrator has made the personal data publicly available and is obliged to delete them, then the administrator should take reasonable steps to inform the other data processing administrators that the data subject has requested those administrators to delete any links, copies or replicas of that personal data.||No|
|Right to restrict the processing of personal data||The user is entitled to request the administrator to restrict processing in the presence of at least one of the following hypotheses: 1. Data accuracy is challenged by the user;2. The processing is illegal, but the User does not want to delete them; 3. The administrator no longer needs the personal data for the purposes of processing, but the User requires it for the exercise or protection of his/her legal claims; 4. The user has objected to the processing of the data and it is expected the administrator to complete the verification. Within the time limit for processing, the data may continue to be stored by the administrator.||No|
|Right to data transfer||The User is entitled to receive from the administrator personal data concerning him which the User has provided to the administrator, if: 1. Processing is carried out in an automated manner; and 2. Processing is based on consent or in the performance of a contractual obligation. This right also includes the obligation of the administrator to transfer personal data specified by the User to another administrator.||Yes|
|Right to object to the processing of personal data||The user has the right to object to the processing of his/her personal information, which is provided to the administrator in connection with the performance of a task in the public interest, necessary for the purposes of the legitimate interests of the administrator, profiling or direct marketing. When exercising this right, the user’s personal data may be deleted from the administrator’s devices.||No|
|The right not to be subject of processing, including profiling||The user has the right not to be subject to a decision based solely on automated processing, including profiling.||No|
|Right to submit a complaint||The user has the right to file a complaint with a supervisory authority (Personal Data Protection Commission) if he / she considers that the processing of personal data concerning him / her, breaches the provisions of the General Data Protection Regulation. The data subject may exercise that right in the Member State of his/her habitual residence, place of work or place of suspected infringement.||Yes|
If you would like to learn more about the rights granted to you, how they are exercised and the procedures for doing so, you can visit the information website of European Data Protection Supervisor or the supervising body for the Republic of Bulgaria – Personal Data Protection Commission .
- How can you exercise your rights?
The user can always and at any time exercise his rights. In order to be most useful in this process, you need to send us a question by standard mail or email at the addresses below. For your convenience, you can use our standard inquiry form attached in Attachment # 1 below.
- Who is responsible for the processing of personal data?
In connection with the processing of personal data through the Site, the Company acts as a personal data administrator and site administrator.
|Contact details of the data administrator|
|Name||“Boliarka VT” AD|
|Address of business management||Bulgaria, Veliko Turnovo, 5000, 90, Hristo Botev Str.|
|Unified identification code (UIC)||119064594|
|Contact details of the supervisory authority regarding the protection of personal data|
|Name||Personal Data Protection Commission|
|address||Bulgaria, Sofia, 1592, 2 Prof. Tsvetan Lazarov Blvd.|
|Contact phone number||+ 359 2 9153518|
|This POLICY FOR PERSONAL DATA is accepter and approved by the Executive Director of “BOLIARKA VT“ AD– Ivaylo Todorov on 23.05.2018. The policy is in line with the legislation in force at the time of approval, as well as with a pan-European and national legal framework in the field of personal data protection.
Prepared/approved by: Ivaylo Todorov
Date of publication: 25.05.2018
|ATTACHMENT No 1 to the Personal Data Policy of www.boliarka.com|
|STANDARD FORM FOR INQUIRY AND EXERCISE OF RIGHTS to the website www.boliarka.com|
|1.4||Preferred form of communication:||
* At least one field must be completed to verify the identity of the application.
|1.5||Type of user:||YES||NO|
|2.||TYPE OF INQUIRY||YES||NO|
|2.1.||Request for access to personal information|
|2.2.||Request for correction of personal data|
|2.3.||Request for deletion of personal data|
|3.4.||Request for data transfer to another administrator|
|3.5.||Submission of complaint|
|3.||DESCRIPTION OF INQUIRY|