Privacy Policy

Privacy Policy

“…………………………………” EOOD

(Notice on the Processing of Personal Data)

Personal Data Controller:

1. Name: “………………….” EOOD
2. UIC: ………………………..
3. Registered Office and Address of Management: ……………………………
4. Phone: ……………………………..
5. Email Address: ………………………..
6. Website: ………………………..

“……………………………….” EOOD (the “Company” or the “Controller”) carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (the “General Data Protection Regulation” or “GDPR”). This Privacy Policy (the “Privacy Policy” or the “Policy”) aims to inform each Client (as defined below) of the Company about the processing of data that identifies or may identify the individual Client.

For the purposes of this Policy, a “Client” is any natural person who is a party to a contract with the Company for the purchase of goods, or a natural person who has expressed an intention to enter into pre-contractual relations with the Controller and/or a user of the online store …………………, available at: ……………….., as well as a director, manager, representative, proxy, employee, partner, shareholder, or beneficial owner of a legal entity or other legal formation using the online store.

1. What personal data do we process?

As a personal data controller, the Company processes the following categories of personal data of Clients:

• Physical identity – names, personal identification number (PIN), address, phone number, email address;

• Economic identity – bank account number.

Personal data is collected by the Controller directly from the individuals concerned.

2. How do we collect personal data?

We collect personal data:

• During the registration process on the online store’s website or when using the store without registration;

• Through correspondence with the Client, including written, electronic, and oral communication;

• Via cookies when you browse or use our website.

In some cases, we may also collect information from third parties or public sources.

Our website collects data in log files. This information includes your IP address, internet provider, browser type, operating system, time of visit, and visited pages.

Our website uses cookies – small files containing information sent to the visitor’s browser and stored on the user's device. These help improve website performance for you. For more information, please refer to our Cookie Policy published on our website: www………………com.

3. Do we process special categories of personal data?

The Company does not process special categories of personal data of Clients.

4. What are the purposes of processing personal data?

The Company processes Clients’ personal data for the following purposes:

• Providing information and assistance as requested by you;

• Identifying and communicating with Clients and beneficial owners;

• Managing all activities related to the existence, amendment, and termination of the relationship between the Company and the Client;

• Offering and promoting additional services;

• Compliance with regulatory requirements;

• Defense in disputes and cooperation with regulatory authorities, as required by law.

Without this data, we may not be able to provide the services or assistance you request.

5. What is the legal basis for processing personal data?

Clients’ personal data is collected, processed, and used on the following grounds:

• Performance of a contract or steps prior to entering into a contract;

• Compliance with legal obligations applicable to the Company;

• Legitimate interests of the Company or a third party, provided they do not override the data subject’s rights – e.g., dispute resolution, fraud prevention, or the establishment or defense of legal claims;

• Consent, where required by applicable law.

6. How long do we store personal data?

The Company retains personal data for the duration of the contractual relationship and until the obligations under the contract have been fulfilled, including any transitional periods (e.g., for recordkeeping). If legal or other proceedings are initiated, data may be retained until the end of such proceedings, including appeal periods, and will then be deleted or archived as permitted by law.

Specifically, accounting and tax data containing personal data is stored for 10 years, starting from January 1 of the year following the accounting year to which the data relates.

If data processing is based on your consent, we will only process your data as long as we have your valid consent.

7. With whom do we share personal data? Do we transfer it to third countries?

The Company may share part or all of the personal data with data processors for the purposes described, in compliance with the GDPR.

Personal data may be shared with:

• Third-party service providers performing tasks on our behalf;

• Public authorities – regulators, tax and financial authorities, courts, law enforcement, etc., as required by applicable law.

This list is not exhaustive; there may be other legitimate reasons for sharing or storing personal data.

The Company will notify data subjects if it intends to transfer personal data to third countries or international organizations.

8. Are personal data protected?

The Company implements and maintains appropriate technical and organizational measures to protect personal data from unauthorized access, misuse, accidental loss, alteration, disclosure, or copying. These measures ensure the ongoing confidentiality and integrity of data. The Company regularly reviews these measures to maintain a high level of data security.

9. Do we perform automated decision-making?

The Company does not engage in automated decision-making involving personal data.

10. What are the rights of Clients regarding personal data?

Each Client may exercise the following rights by submitting a written request to the Company:

• Withdrawal of consent – when processing is based on consent, the Client may withdraw it at any time. This does not affect the lawfulness of prior processing;

• Right of access – Clients can request confirmation whether their data is being processed, obtain access to the data, and receive a copy (subject to limitations for excessive or repeated requests);

• Right to rectification – to correct inaccurate, incomplete, or outdated data;

• Right to erasure (“right to be forgotten”) – under certain conditions, including:

  • Data is no longer needed for its original purpose;

  • Consent is withdrawn and no other legal ground exists;

  • The Client objects to processing;

  • Data was processed unlawfully;

  • Erasure is required by law;

  • Data was collected in relation to information society services;

• Right to restriction of processing – in specific situations, such as when data accuracy is contested or the Client needs data for legal claims;

• Right to object – at any time, based on the Client’s specific situation. The Company will cease processing unless there are overriding legal grounds;

• Right to data portability – to receive data in a structured, machine-readable format or have it transferred to another controller, where technically feasible;

• Right to lodge a complaint – Clients may file complaints with the supervisory authority:

Commission for Personal Data Protection
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
Phone: (02) 91 53 519
Fax: (02) 91 53 525
Email: kzld@cpdp.bg
Website: www.cpdp.bg

11. What happens in case of changes?

If there are significant changes in how the Company processes Clients’ personal data, the types of data it processes, or any other aspect of this notice, the Company will notify Clients promptly by issuing and sharing an updated version of this notice.