GENERAL PROVISIONS

This personal data protection policy has been prepared in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as "Regulation (EU) 2016/679" or "GDPR").

We understand that your personal data and the protection of the information you share with us is of utmost importance. Therefore, our Personal Data Protection Policy describes how we process your data and the measures we take to protect it.

This policy applies to you if you provide us with personal data by telephone (via call or SMS), through an online registration form, by post or courier, through social media, on a corporate or promotional website, through a mobile application, or by any other means. Our Personal Data Protection Policy is an expression of our commitment to protecting your personal information.

Information regarding the Data Controller

Art. 1. (1) " DELLA MANAGEMENT " EOOD (the Company) is a data controller registered in the Commercial Register at the Registry Agency with UIC: 203642706, with registered office and management address: Dimitrovgrad 6400, 19 Dimitar Blagoev Blvd., Bulgaria

  (2) This policy aims to clarify and present information and the conditions for the exercise of the rights of natural persons in relation to the protection of their personal data processed by "DELLA MANAGEMENT" EOOD in connection with the Company's activities.

 (3) The purpose of this policy is to inform you about the processing activities relating to your personal data, the purposes for which they are processed, the measures and safeguards for data protection, your rights, and the manner in which you may exercise them in accordance with the requirements of the GDPR and the relevant applicable legislation of the European Union and the Republic of Bulgaria.

(4) In implementation of the Personal Data Protection Policy of "DELLA MANAGEMENT" EOOD and the objectives of the General Data Protection Regulation and the Personal Data Protection Act (PDPA), the Company processes your personal data in compliance with the following principles:

  1. lawfulness, fairness and transparency;
  2. purpose limitation;
  3. data minimisation;
  4. accuracy;
  5. storage limitation;
  6. integrity and confidentiality.

Information regarding the competent supervisory authority

Art. 2. In the event of a violation of your rights under the aforementioned or applicable personal data protection legislation, you have the right to lodge a complaint with the Commission for Personal Data Protection, as follows:

  1. Name: Commission for Personal Data Protection
  2. Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
  3. Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
  4. Telephone: 02 915 3 518
  5. Email:  kzld@government.bgkzld@cpdp.bg
  6. Website:  www.cpdp.bg

Art. 3. For the purposes of this policy:

  1. "Personal data" means any information relating to an identified natural person or a natural person who can be identified, directly or indirectly, such as a name, personal identification number, location data, online identifier, or by one or more factors specific to the physical, physiological, genetic, mental, psychological, economic, cultural or social identity of that natural person;
  2. "Data subject" means a natural person who can be identified as a result of the processing of their personal data;
  3. "Processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
  4. "Data processor" means a natural or legal person, public authority, agency or other body which processes personal data on behalf of "DELLA MANAGEMENT" EOOD;
  5. "Recipient" means a natural or legal person, public authority, agency or other body to which "DELLA MANAGEMENT" EOOD discloses personal data, whether or not it is a third party. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as "recipients"; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
  6. "Consent of the data subject" means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them;
  7. "Personal data breach" means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

PERSONAL DATA

Art. 4. In connection with our activities, "DELLA MANAGEMENT" EOOD processes personal data of the following categories of persons:

  1. Purchasers of goods;
  2. Users of services;
  3. Visitors to our website;
  4. Recipients of promotional messages.

Art. 5. For the purpose of establishing and exercising your rights, "DELLA MANAGEMENT" EOOD processes the following personal data about you:

  1. Data relating to your identity – your names, personal identification number (EGN), gender, age;
  2. Your personal contact data – permanent address, other address, telephone number and email address;
  3. Other information: company, position, business sector, as well as any feedback you provide to us by post, telephone, email or through social media messages;
  4. Information about the device or devices you use or have used to access our website (e.g. brand and model of your device, operating system, browser or IP address).
  5. Details of emails and other electronic communications you receive from us, including whether those messages have been opened and whether you have clicked on any of the links in them. We want to make sure that our communications are useful and relevant to you, so if you do not open them and do not click on a link in them, we know we need to improve the information we send you.
  6. Information from other sources, such as our partners, specialised companies that provide information about their clients with their consent, in explicit or anonymised form (e.g. marketing or clinical research companies, financial institutions, social media, etc.), including publicly available information about you.
  7. "Cookies" and other tracking devices

So-called session (temporary) "cookies" are used to the extent necessary to ensure the secure and efficient functioning and use of our website. The storage of session "cookies" on end devices or application software intended for browsing information resources (web browsers) is entirely under the control of the user. Cookie-related information is stored on the server side after HTTP sessions in service logs for no longer than necessary to complete the specific purpose being processed, or as provided by law.

  1. We use Google Analytics as a monitoring tool (Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). Google Analytics uses "cookies" that allow us to track the number of visitors to our website, their source, and to analyse how often and how the website content is used. You can install an opt-out tool to prevent the collection of such information from your visit ( https://tools.google.com/dlpage/gaoptout?hl=en)
  2. Social media plug-ins

We use social media to promote the Company's activities. Each social media platform has its own privacy policy and processes your personal data.

Facebook

When you visit our website, Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA) recognises your profile and establishes a direct connection between your browser and your Facebook profile. In this way, the Facebook platform receives information about your IP address from your visit to our website. For more information, you can find Facebook's privacy policy here: https://www.facebook.com/policy.php Other information that is processed jointly by us and Facebook is that which is provided to us in connection with our Facebook page. We have access to anonymous statistics about the activities that take place on our Facebook page, and we categorically cannot link or identify a specific profile through this data.

Art. 5. (1) "DELLA MANAGEMENT" EOOD does not collect or process personal data relating to the following:

  1. revealing racial or ethnic origin;
  2. revealing political, religious or philosophical beliefs, or trade union membership;
  3. genetic and biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation.

(2) Personal data is collected by "DELLA MANAGEMENT" EOOD from the persons to whom it relates.

(3) The Company does not carry out automated decision-making with data.

(4)  The Company does not process data of persons under 16 years of age, except with the explicit consent of their parents or legal representatives.

Art. 6. Legal basis for the collection, processing and storage of your personal data

(1) "DELLA MANAGEMENT" EOOD collects and processes your personal data on the following basis:

  1. You have given your consent to the processing of your personal data for one or more specific purposes;
  2. The processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract between us and you;
  3. The processing is necessary for compliance with a legal obligation to which we are subject as a data controller;
  4. The processing is necessary in order to protect your vital interests or those of another natural person;
  5. The processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as a data controller;
  6. The processing is necessary for the purposes of our legitimate interest or that of a third party, except where such interests are overridden by your interests or fundamental rights and freedoms which require the protection of your personal data.

(2) "DELLA MANAGEMENT" EOOD is a data controller with respect to your data as users of our services. With regard to the personal data that you process using our services, "DELLA MANAGEMENT" EOOD acts in its capacity as a data processor.

Art. 7. Purposes for which we use the personal data you provide to us:

  1. To send you a response to an inquiry you have made about one or more of our products or services;
  2. To send you emails with company news and offers;
  3. To send you invitations to events we organise, either independently or with our partners;
  4. For statistical needs and analyses;
  5. To help us learn more about you as our client, about the products and/or services you use, about the way you use them, and to provide you with better service from our staff;
  6. To send you invitations to participate in surveys, whether online or on paper.
  7. To find ways to improve our products, services, applications or websites.
  8. To create a profile on our website and ensure full functionality in providing our services;
  9. To identify a contracting party;
  10. For accounting purposes;
  11. For statistical purposes;
  12. To protect information security;
  13. To ensure the performance of the contract for the provision of the respective service;
  14. To improve and personalise the service by offering appropriate promotional offers for products and services that may be of interest to you;
  15. To subscribe to our articles published on our website blog;
  16. To leave comments on products and our articles published on our blog.

RIGHTS OF NATURAL PERSONS

Art. 8. (1) As a natural person whose data "DELLA MANAGEMENT" EOOD processes, you have the following rights:

  1. To obtain information about your personal data being processed. You have the right of access to your personal data that we process for the purposes stated above. If we process such data and receive a request from you (or from a third party authorised by you), we will provide such access free of charge. You also have the right to request a copy of your personal data that we process. Before providing access to your personal data to you or to a person authorised by you, we may request proof of identity, as well as details of your relationship with us or with our partners, in order to locate the data relating to you;
  2. To request rectification of data collected about you if such data is inaccurate or has changed;
  3. To request erasure ("right to be forgotten") of personal data collected about you, except in cases where "DELLA MANAGEMENT" EOOD processes your personal data in compliance with obligations arising from the law. You have the right to request that we erase your personal data without undue delay if:
    1. the personal data are no longer necessary in relation to the purposes for which they were collected;
    2. you have withdrawn your consent;
    3. you have objected to the processing if it is unlawful;
    4. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which we are subject as a data controller;
    5. the personal data have been collected in relation to the offer of information society services.

Under certain conditions, we may refuse to erase your personal data in cases provided for by law.

  1. To request restriction of processing of your personal data only for the purposes for which they were collected, in accordance with the requirements of the General Data Protection Regulation, the Personal Data Protection Act and the implementing acts (only in cases provided for in the applicable regulatory framework and insofar as this does not conflict with our regulatory obligations to process your personal data);
  2. Right to data portability of your personal data (only in cases provided for in the applicable regulatory framework and insofar as this does not conflict with our regulatory obligations to process your personal data);
  3. To receive copies of documents containing your personal data, after submitting a request using the standard form at the Company's office;
  4. At any time you may object to the processing of your personal data for the purposes of direct marketing carried out by "DELLA MANAGEMENT" EOOD, by withdrawing your consent.

Art. 10. (1) In the event of a violation of your rights under the General Data Protection Regulation, the PDPA, you have the right at any time to lodge a complaint with the relevant supervisory authority, namely the Commission for Personal Data Protection;

(2) You may also challenge the actions and decisions of "DELLA MANAGEMENT" EOOD and the processors acting on behalf of the Company through judicial proceedings before the relevant administrative court and before the Supreme Administrative Court. .

Art. 11. (1) You may exercise the rights under Art. 9 by completing in writing a " Request for the Exercise of Rights in Relation to Personal Data Protection" (the Request), which we will provide to you upon demand.

(2) The Request may be submitted in person or through a person expressly authorised by you with a notarised power of attorney, on paper, at any of our offices, as well as electronically, in accordance with the Electronic Document and Electronic Certification Services Act (EDEСА). When the Request is prepared as an electronic document, it shall be signed with a qualified electronic signature.

(3) When submitting the Request through an authorised person, you shall also attach the respective express power of attorney.

(4) In cases where the exercise of your rights under this chapter may result in the disclosure of personal data of a third party, the relevant member of our staff will provide you with access only to the part relating to you.

Art. 12.  Within 30 (thirty) days from the receipt of your valid "Request for the Exercise of Rights in Relation to Personal Data Protection", "DELLA MANAGEMENT" EOOD will provide you with written information regarding the actions taken by us, as follows:

  1. Upon exercise of your right of access to personal data – we will provide you with information about: the purposes for which the Company processes your personal data; the categories of personal data processed; the recipients or categories of recipients to whom your personal data have been or will be disclosed, in particular recipients in third countries or international organisations; where possible, the envisaged period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period; the existence of the right to request from us the rectification or erasure of personal data or restriction of processing of personal data concerning you, or to object to such processing; the right to lodge a complaint with the competent supervisory authorities; where your personal data are not collected from you, any available information as to their source; the existence of automated decision-making, including profiling, in accordance with the General Data Protection Regulation;
  2. Upon exercise of your right to erasure of your personal data – we will erase your personal data without undue delay, provided that the prerequisites for the exercise of this right as set out in the General Data Protection Regulation, the PDPA and the implementing acts are met and insofar as this does not conflict with our regulatory obligations to process your personal data;
  3. Upon exercise of your right to restriction of processing of your personal data – we will restrict the processing of your personal data in the cases provided for in the applicable regulatory framework and insofar as this does not conflict with our regulatory obligations to process your personal data, without erasing them, and we will inform you before the lifting of the restriction on processing.
  4. 4. Upon exercise of your right to data portability"DELLA MANAGEMENT" EOOD will provide your personal data in a structured, commonly used and machine-readable format and will transfer your data to another controller, in the cases provided for in the applicable regulatory framework and insofar as this does not conflict with our regulatory obligations to process your personal data.

(2) "DELLA MANAGEMENT" EOOD will also inform you in writing of any refusal of access, erasure, right to restriction of processing of your personal data, or request for the exercise of the right to data portability, as well as the reasons for the refusal, within the period specified in paragraph 1.

(3) When your personal data have been erased or the processing thereof has been restricted, "DELLA MANAGEMENT" EOOD will notify the recipients thereof, who are responsible for their respective erasure or restriction.

(4) Our obligation to provide the information under this article may be limited in whole or in part, taking into account your fundamental rights and legitimate interests and in the cases provided for by applicable legislation.

(5) " DELLA MANAGEMENT" EOOD has the right to extend the period under paragraph 1 up to 60 days, depending on the complexity and number of requests received in each individual case. The Company will notify you of any extension of the period, as well as the reasons for the extension of the response period on our part, within 30 days from the receipt of your valid "Request for the Exercise of Rights in Relation to Personal Data Protection" .

Art. 13. (1) You may exercise the right to request rectification of your personal data by completing in writing a "Request for Rectification of Personal Data" (the Request) , which we will provide to you upon demand.

(2) The Request may be submitted in person or through a person expressly authorised by you with a notarised power of attorney, on paper, at our office, as well as electronically, in accordance with the Electronic Document and Electronic Certification Services Act (EDEСА). When the Request is prepared as an electronic document, it shall be signed with a qualified electronic signature.

(3) When submitting the Request through an authorised person, you shall also attach the respective express power of attorney.

Art. 14. (1) Within 30 (thirty) days from the receipt of your valid "Request for Rectification of Personal Data", "DELLA MANAGEMENT" EOOD will rectify without undue delay inaccurate personal data concerning you or complete your incomplete personal data.

(2) "DELLA MANAGEMENT" EOOD will inform you in writing of any refusal to rectify or complete your personal data, as well as the reasons for the refusal, within the period specified in paragraph 1.

(3) When your personal data have been rectified or completed, "DELLA MANAGEMENT" EOOD will notify the recipients thereof, who are responsible for their respective rectification or completion.

(4) Our obligation to provide the information under this article may be limited in whole or in part, taking into account your fundamental rights and legitimate interests and in the cases provided for by applicable legislation.

Art. 15. (1) You may exercise the right to object to the processing of your personal data for the purposes of direct marketing by completing in writing a "Request for Withdrawal of Consent for the Processing of Personal Data for Direct Marketing Purposes" (the Request) , which we will provide to you upon demand.

(2) The Request may be submitted in person or through a person expressly authorised by you with a notarised power of attorney, on paper, at any of our offices, as well as electronically, in accordance with the Electronic Document and Electronic Certification Services Act (EDEСА). When the Request is prepared as an electronic document, it shall be signed with a qualified electronic signature.

(3) When submitting the Request through an authorised person, you shall also attach the respective express power of attorney.

Art. 16.  Within 30 (thirty) days from the receipt of your valid "Request for Withdrawal of Consent for the Processing of Personal Data for Direct Marketing Purposes" , "DELLA MANAGEMENT" EOOD will cease processing the personal data you have provided for the purposes of direct marketing and will provide you with written information regarding these actions.

(2) "DELLA MANAGEMENT" EOOD will inform you in writing of any refusal to honour the Request under paragraph 1, as well as the reasons for the refusal, within the period specified in paragraph 1.

(3) After "DELLA MANAGEMENT" EOOD ceases processing the personal data provided by you, the Company will notify the recipients thereof, who are responsible for the cessation of processing.

(4) Our obligation to provide the information under this article may be limited in whole or in part, taking into account your fundamental rights and legitimate interests and in the cases provided for by applicable legislation.

(5) "DELLA MANAGEMENT" EOOD has the right to extend the period under paragraph 1 up to 60 days, depending on the complexity and number of requests received in each individual case. The Company will notify you of any extension of the period, as well as the reasons for the extension of the response period on our part, within 30 days from the receipt of your valid "Request for Withdrawal of Consent for the Processing of Personal Data for Direct Marketing Purposes" .

Retention period for your personal data

  Art. 17. (1) "DELLA MANAGEMENT" EOOD retains your personal data for a period no longer than the existence of your profile on the website. Upon expiry of this period, "DELLA MANAGEMENT" EOOD takes the necessary care to delete and destroy all your data without undue delay. In the general case, unless otherwise specified, your data is retained for a period of 2 (two) calendar years from the date of receipt.

(2) "DELLA MANAGEMENT" EOOD will notify you if the data retention period needs to be extended for the purpose of fulfilling objectives, performing a contract, in view of the legitimate interests of "DELLA MANAGEMENT" EOOD, or otherwise.

(3) "DELLA MANAGEMENT" EOOD retains your data provided on the basis of consent until its explicit withdrawal, provided that this does not affect publications and comments made in order to preserve the contextual integrity of the comments.

(4) "DELLA MANAGEMENT" EOOD retains personal data that it is required to keep by virtue of applicable legislation for the respective prescribed period, which may exceed the duration of your registration.

In the event of a personal data breach

Art. 18. (1) If "DELLA MANAGEMENT" EOOD identifies a personal data breach which is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay of the breach, as well as of the measures that have been taken or are to be taken.

(2) "DELLA MANAGEMENT" EOOD is not obliged to notify you if:

  1. it has implemented appropriate technical and organisational protection measures in respect of the data affected by the security breach;
  2. it has subsequently taken measures ensuring that the breach is no longer likely to result in a high risk to your rights;
  3. the notification would involve disproportionate effort.

Persons to whom your personal data are disclosed

Art. 19. In connection with the conclusion of contracts for the purchase, sale and delivery of goods and services offered by "DELLA MANAGEMENT" EOOD, "DELLA MANAGEMENT" EOOD transmits the necessary information to:

  1. Courier or postal companies that need to deliver documentary or other shipments to you on our behalf;
  2. Printing houses that need to prepare personalised materials for you;
  3. Mass email sending companies when you need to receive an email message from us.

Art. 20. The Controller does not transfer your data to third countries.

Data protection

Art. 21. "DELLA MANAGEMENT" EOOD treats your personal data as strictly confidential. In order to protect them, a number of measures have been taken, including:

  1. We restrict access to the premises where we work to only those persons who need to be there (for this purpose we use codes and access cards, passwords and other technologies related to restricting access to certain premises);
  2. We also apply access control to our information technology systems through firewalls, ID validation, logical segmentation and/or physical separation of our systems and information;
  3. We use methods such as encryption and pseudonymisation of information;
  4. We never ask you to send us your password;
  5. We advise you never to enter an account number, password or other sensitive information in an email to us.

Supplementary provisions

  • 1. This policy has been approved by order of the representative of "DELLA MANAGEMENT" EOOD
  • 2. For matters not regulated by this policy, the General Data Protection Regulation, the Personal Data Protection Act and other legal acts relevant to the activities of "DELLA MANAGEMENT" EOOD shall apply.
  • 3. Taking into account contemporary trends, this privacy policy may be amended. The date of the last update is indicated at the end of the document. All changes to this privacy policy shall be applicable after their publication going forward.

Last updated: 2020

This policy was prepared by a team of professionals at Advocatus.bg

Thank you for your trust!