Information about the company that processes the personal data of the Users
„DC 2008“ Ltd., UIC 200110465 with registered office and main establishment Asenovgrad, 13 Dragoman Str., [email protected] or tel. 0879 437 744 (hereinafter - "Data controller"). The Data controller operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
I. Grounds for collection, processing and storage of personal data
1.The Data controller collects and processes personal data in connection with the use of the e-storewww.dice.bg and concluding contracts with the company on the grounds of Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the basis of:
•Explicit consent obtained from Users;
• Fulfillment of the obligations of the Data controller under a contract with the Users;
• Compliance with a legal obligation that applies to the Data controller;
• For the purposes of the legitimate interests of the Data controller or a third party.
II. Objectives and principles in the collection, processing and storage of personal data
2. The Data controller collects and processes the personal data that Users provide in connection with the use of the online store www.dice.bg and concluding a contract with the company, including for the following purposes: creating an account and providing full functionality when using the online store; concluding and executing a purchase and sale contract at a distance; individualization of a party to the contract; accounting purposes; statistical purposes; information security protection; ensuring the implementation of the contract for the provision of the respective service, the satisfaction of complaints and appeals of the Users, implementation of post-warranty service.
3.The Data controller observes the following principles in the processing of personal data: lawfulness, fairness and transparency;purpose limitation; relevance to the processing purposes and minimizing the data collected; accuracy and relevance of data;storage limitation in order to achieve the purposes; integrity and confidentiality of the processing and ensuring an appropriate level of security of personal data.
4.When processing and storing personal data, the Data controller may process and store personal data in order to protect the following legitimate interests: fulfillment of its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal authorities.
III. Types of personal data collected, processed and stored by the Data controller
5.The controller performs the following operations with the provided personal data for the following purposes:
•Registration of a user in the e-shop and fulfillment of a distance sales contract - the purpose is to create a profile for using the e-shop to purchase goods offered in the online store.
• Conclusion and execution of a purchase and sale contract at a distance with a User - the purpose is the conclusion and execution of the contract and its administration.
• Exercising the right of withdrawal or making a complaint - the purpose is to administer the process of exercising the right of withdrawal or complaint by the client.
6. The Data controller processes the following categories of personal data and information for the following purposes and on the following grounds:
• Individual data (e-mail, full name, address, etc.)
◦Purpose for which the individualizing data is collected: registration of a User in the online store and connection with the User and sending information to them.
◦Reasons for processing personal data: By accepting the General Terms and Conditions and registering in the e-shop or placing an order, a contractual relationship is created between the Data controller and the User, on which basis the Merchant processes the personal data of the User.
•Delivery details (full name, telephone, address, etc.)
◦Purpose for which the data for delivery is collected: Fulfillment of obligations of the Data controller under the purchase and sale contract and delivery of the purchased goods.
◦Grounds for personal data processing: By accepting the General Terms and Conditions and registering in the e-shop or placing an order without registration, or by concluding a written contract, a contractual relationship is created between the Data controller and the User, on which basis the Data controller processes the User's personal data. The data necessary for the delivery are provided by the Data controller to third parties (courier companies) for the purposes of the delivery.
7. For the purposes of ordering goods from the online store, the Users express their voluntary consent for their personal data to be processed by the Data controller for the purposes of concluding and executing the sales contract with the Data controller of the online store. Consent is given by checking the check box. In the event that Users do not wish to provide their consent for the processing of their personal data for the stated purposes, their ability to place an order through the online store may be limited.
9. The Data controller does not collect or process personal data that reveals racial or ethnic origin; disclose political, religious or philosophical beliefs or trade union membership; genetic and biometric data, data concerning health or data on sexual life or sexual orientation.
· Data in connection with the periodic receipt of newsletters from the online store
10. Users can sign up to receive the online store's periodic newsletter by providing an email address. The periodical online newsletter contains up-to-date information about the goods and services offered by the Data controller of the online store, promotional offers, information about marketing, advertising, etc. activities offered by the Data controller. The Data controller of the online store may use the e-mail address provided to them in connection with the newsletter subscription only for the specified purpose - regular sending of the newsletter, in order to better identify user needs through pseudonymous marketing research, which will lead to better positioning. of the online store and its offers and to better inform the Store Data controller about user needs and attitudes. Registration for receiving a newsletter is not mandatory. Users who have subscribed to receive the newsletter are given the opportunity to unsubscribe at any time without giving a reason. The refusal to receive the online newsletter is exercised through an explicitly specified option in each newsletter sent to the users.
11.Personal data is collected by the Data controller from the individuals to whom it relates.
12.The Data controllerperforms the following operations with the provided personal data to individuals who are legal representatives or proxies of legal entities for the following purposes:
13. For the conclusion and execution of a distance contract with a commercial company, the Data controller processes only the full name of the legal representative or the individual authorized by the company.
14.The personal data of the Users are collected by the Data controller directly from the individuals to whom they refer and/or from the Registry of Companies to the Registry Agency.
15.The company does not perform automated data decision-making.
16. Access to the website www.dice.bg can be done through Google and other search engines, as well as through social networks - Facebook, Instagram and others. The website can integrate social media services (eg social media messages) through which users can communicate with the website. The website maintains social media accounts and may offer applications of various social media sites. Each time a user accesses the website through social media, the provider of the respective social media may allow the User to share information with us. If the User chooses to share, they will be notified by the social media provider what information will be shared with us. For example, when accessing a website through a social media account, certain information (as permitted by the social media provider) may be shared with us. This may include the User's address, age or profile photos stored in the User's account/profile.
17.When using the website www.dice.bgby the Users, the Data controller receives information from log files (set of system information for the user): IP address; ISP (Internet Service Provider); the browser that the user uses when visiting the website (eg Google Chrome, Internet Explorer and Mozilla Firefox); the time the user has spent on the website and which pages on the site have been visited.
18. The website uses Google Analytics - a web service provided by Google for the compilation of detailed statistics for website visitors. The statistics are collected on a Google server and used by the Data controller for the purpose of analyzing traffic and improving the efficiency of the website. The website may use information from social media, in particular facebook about the user, for the purposes of this website, as well as for advertising and promotion of the website. The consent for the provision of this information is given by the Users to the respective social media.
IV. Storage periods of personal data
20.The Data controller stores personal data for a period not longer than the existence of the User's account/profile in the online store. After deleting the User's account, the Data controller takes the necessary care to erase and destroy all personal data of the User without undue delay or to anonymize them (to bring them in a form that does not reveal the identity of the User).
21.In all cases, the Data controller stores personal data provided in connection with online orders for a period of 5 years for the purpose of protecting the legal interests of the Data controller in court or administrative disputes with users of the online store. The Data controller shall notify the respective individuals in case the term for data storage needs to be extended in view of fulfillment of a normative obligation or in view of legitimate interests of the Data controller or otherwise.
22.The Data controller stores the personal data that it is necessary to keep under applicable law for the relevant period, which may exceed the period of existence of the User's account/profile in the e-store.
V. Transfer of personal data for processing
23.The Data controller may, at its discretion, transfer part or all of the personal data of the Users to personal data processors for the fulfillment of the processing purposes agreed by the Users, subject to the requirements of Regulation (EU) 2016/679 (GDPR). The Data controllershall notify the Users in case of intention to transfer part or all of their personal data to third countries.
VI. Rights of Users in the collection, processing and storage of personal data
· Withdrawal of consent to the processing of personal data
24.If the User does not wish the personal data provided by them to be processed, they may at any time withdraw their consent for processing by a request in free text, which they should send by e-mail to the Data controller.
25. Upon receipt of the request, the Data controllershall send to the email, which is used for registration or ordering in the e-store, a letter with detailed instructions for verification of the relevant User as a subject of personal data.
26. After performing the verification, the Data controllershall erase the personal data of the User and shall send them a confirmation of the deletion electronically. The deletion of personal data may result in the inability of the Merchant to fulfill its obligations under the contract concluded with the User.
27.The withdrawal of the consent does not affect the legality of the processing of personal data, which the Data controller has performed so far.
· The right of access
28.The User has the right to request and receive confirmation from the Data controller whether personal data related to them are processed by sending a request in free text by e-mail. The user has the right to access the data related to them, as well as the information related to the collection, processing and storage of their personal data.
29.Upon receipt of the request, the Data controllershall send to the email, which is used to register or place orders in the e-store, a letter with detailed instructions for verification of the User as a subject of personal data to which access is requested.
30.After performing the verification, the Data controllershall provide the User with a copy of the processed personal data related to them, in electronic or other appropriate form.
31.Providing access to the data is free of charge, but the Data controller reserves the right to charge a fee in case of repetitive or excessive requests.
· The right torectification
32.The User may at any time correct or fill in inaccurate or incomplete personal data related to them by making a request to the Data controller by email.
· The right to erasure ("to be forgotten")
33.The User has the right to request from the Data controllererasure of part or all related personal data, and the Data controller has the obligation to erase them without undue delay, when there is any of the following reasons:
•personal data are no longer needed for the purposes for which they were collected or processed;
•the user has withdrawn their consent for the processing of data and there is no other legal basis for the processing
•the user objects to the processing of personal data relating to them and there are no legal grounds for processing to take precedence.
•personal data have been processed illegally;
•personal data must be erased in order to comply with a legal obligation under the EU law or the law of a Member State applicable to the Data controller;
•personal data have been collected in connection with the provision of information society services.
34.The Data controller is not obliged to erase personal data if they store and process them:
•to exercise the right to freedom of expression and the right to information;
• to comply with a legal obligation requiring processing provided for in EU law or the law of the Member State applicable to the Data controller or for the performance of a task in the public interest or in the exercise of official powers conferred on them;
• for reasons of public interest in the field of public health;
• for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
• to establish, exercise or defend legal claims.
35. In order to exercise his right to be forgotten, it is necessary for the User to send by e-mail a request in free text to erase personal data, after which the Data controller will send to the e-mail used to register or place orders in the e-store a letter with detailed instructions. for the verification of the person as a user of the store and subject of the personal data for which a request for deletion has been made.
36.After the Data controller verifies the identity of the person who has made the request and the person to whom the data relates in accordance with the sent instructions, the Data controller will erase all data of the respective User, which they process.
37.If an order has been placed and is being processed, the earliest moment at which the User may request to be "forgotten" is the successful completion of the order.
· The right to restrict processing
38.The User has the right to request from the Data controller to limit the processing of the personal data related to them by sending to the Data controller a request in free text by e-mail, when:
•The User disputes the accuracy of the personal data for a period that allows the Data controller to verify the accuracy of the personal data;
• The processing is illegal, but the User does not want the personal data to be erased, but only their use to be restricted;
• The Data controller no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise or protection of his legal claims;
• The User has objected to the processing pending verification of whether the legal grounds of the Data controller take precedence over his interests.
39.Upon receipt of the request, the Data controller sends to the email used to register or place orders in the e-store, a letter with detailed instructions for verification of the person as a user of the store and personal data subject for whom a request to restrict processing is requested.
40.After the verification, the Data controller will stop the processing of personal data and will notify the User by email.
· The right to data portability
41.If the User has given consent for the processing of personal data or the processing is necessary for the performance of the contract with the Data controller, or if the data is processed automatically, the User may request the Data controller to provide personal data in readable format and transfer them to another Data controller. , as well as to request from the Data controller to directly transfer the personal data to an Data controller specified by the User, when this is technically feasible.
42.The user can exercise the right todata portability by sending an e-mail request in free text, after which the Data controller will send to the e-mail used for registration or ordering in the e-shop, a letter with detailed instructions for verification of the person as a user of the store and the subject of the personal datafor which the portability request has been made.
43.After the verification, the Data controllershall send to the e-mail specified by the User the data, which they process for the respective person in a readable format.
· The right to beinformed
44. The User may request the Data controller to inform them of all recipients to whom the personal data for which correction, deletion or restriction of processing has been requested, have been disclosed to.
· The right to object
45.The User may at any time object to the processing of personal data by the Data controller relating to them, including if they are processed for the purposes of profiling or direct marketing.
· Rights of Users in case of breach of personal data security
46.If the Data controller finds a violation of the security of personal data of Users, which may pose a high risk to their rights and freedoms, they notify Users without undue delay of the violation and the measures that have been taken or are to be taken.
47.The Data controller is not obliged to notify the Users if theyhave taken appropriate technical and organizational protection measures with regard to the data affected by the security breach or if theyhave subsequently taken measures to ensure that the breach will not lead to a high risk to the rights of the Users, or if the notification would require a disproportionate effort.
VII. Individuals to whom personal data are provided
48.The Data controller does not provide the personal data of the Users to third parties, except for the cases when such provision is obligatory by law.
49.The Data controller does not transfer personal data to third countries.50.In case of violation of the rights of the Users, mentioned above or provided for in the applicable legislation for personal data protection, the Users have the right to file a complaint to the Commission for Personal Data Protection with registered office and main establishment: 1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd., Telephone: 02 915 3 518,Website: www.cpdp.bg.