Privacy Policy

This document contains the Personal Data Security Policy for Individuals (“Policy”) and is linked to, but not an integral part of, the General Terms and Conditions as it does not govern rights and obligations, but is intended to explain to users what personal data we process, how werank, for what purpose and what security measures are applicable. It also provides information about the rights you, our customers and users, have in relation to the processing of personal data by “Bulgaria Cofi Services Ltd.. If the Policy changes, the changes will be posted here.

Date of update: 13.01.2020.

Your privacy is extremely important to us. This security policy discloses what personal data we collect from you through our relationship and how we use that data.

PERSONAL DATA CONTROLLER

“Bulgaria Cofi Services Ltd, UIC 102884140,with registered office and management address. Burgas, ul. “Ivan Bogorov” No. 20, inc. D, par. 7, app. 19, represented by Ivan Angelov (hereinafter for short “We”, “Online Shop”, “Site”, “Administrator”) is aadministrator of data, including personal data, with respect to information collected when browsing the site www.zakafeto.com (hereinafter referred to as the “Site”, the “Website”), as well as personal data required for the purchase of our products from our website, from our retail outlets and from social networks, including our Facebook page. “Bulgaria Coffey Services Ltd. processes personal data and from inquiries made by you to us, as well as for marketing and advertising purposes, profiling, participation in games, promotions and raffles organized by us and for any other purposes not prohibited by law. When processing personal data “Bulgaria Cofi Services Ltd. complies with all data protection legislation applicable to its activities, including but not limited to Regulation (EU) 2016/679 (“Regulation”) and the Data Protection Act, because the security of our customers’ personal data is of paramount importance to us.

DATA PROTECTION OFFICER

Data Protection Officer is Ivan Angelov

Address for correspondence. Address for correspondence. “43, entrance. 1, office 3

E-mail address: office@zakafeto.com

Contact phone +359 889406010 or +359(0)24830654

POLICY RELEVANCE

This Policy applies to all our customers using our services by ordering from the Site or expressing interest in the same by sending inquiries (hereinafter referred to as “data subjects”, “users”).

Partners and third parties who work with or for Bulgaria Coffey Services Ltd and who have or may have access to personal data will be expected to read, understand and comply with this policy. No third party may have access to personal data stored by “Bulgaria Cofi Services Ltd.without the company having first entered into a confidentiality agreement which imposes on the third party obligations no less onerous than those which “Bulgaria Cofi Services Ltd. has assumed, and which entitles the “Bulgaria Cofi Services Ltd. carry out checks on compliance with the obligations imposed by the agreement.

This policy applies to all employees/workers (and stakeholders) of Bulgaria Cofi Services Ltd as well as to external suppliers of products and services with whom Bulgaria Cofi Services Ltd has concluded contracts. Any violation of the General Regulation will be treated as a breach of labour discipline, i.e. as non-performance of contracts with partners, and in the event that there is an allegation of a criminal offence, the matter will be referred as soon as possible to the relevant government authorities.

Visitors to the Site who do not place orders or send inquiries, but only browse our website, are subject to the cookies policy adopted and published on the Site.

DEFINITIONS

“Regulation” – General Data Protection Regulation 2016/679 of 27 April 2016, hereinafter referred to as GDPR. The purpose of this piece of European legislation is to protect the “rights and freedoms” of individuals and to ensure that personal data is not processed without their knowledge and, where possible, that it is processed with their consent.

‘Personal data’ means any information relating to an identified natural person or an identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person or to the data subject.

“Special categories of personal data” – personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership and the processing of genetic data, biometric data uniquely identifying an individual, data concerning health or data concerning an individual’s sex life or sexual orientation.

‘Processing’ means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘controller’ means any natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU or Member State law, the controller or the specific criteria for its determination may be laid down in Union or Member State law;

“Data Subject” – any living natural person who is the subject of personal data stored by the Controller.

“Consent of the data subject” – any freely given, specific, informed and unambiguous indication of the data subject’s wishes, by means of a statement or a clear affirmative action, which signifies the data subject’s agreement to personal data relating to him or her being processed;

“Child” – The General Regulations define a child as anyone under the age of 16. The processing of a child’s personal data is only lawful if a parent or guardian has given consent. The administrator shall make reasonable efforts to verify in such cases that the holder of parental responsibility for the child has given or is authorized to give consent.

“Profiling” – any form of automated processing of personal data consisting in the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of that natural person’s professional duties, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

“Personal data breach” means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data that is transmitted, stored or otherwise processed;

“Recipient” – the natural or legal person, public authority, agency or other body to whom the personal data is disclosed, whether or not a third party. At the same time, public authorities which may receive personal data in the framework of a specific investigation in accordance with Union or Member State law are not considered to be ‘recipients’; the processing of those data by those public authorities shall comply with the applicable data protection rules in accordance with the purposes of the processing;

‘Third party’ means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and those persons who, under the direct authority of the controller or the processor, are entitled to process the personal data;

SUBJECTS WHOSE DATA WE PROCESS

In connection with the conclusion and execution of contracts, response to inquiries, issuance of invoices, collection of statistical data, Bulgaria Cofi Services Ltd. processes information about the following Data Subjects:

(a) individuals using the Site/Page without registration;

(b)individuals using the Site/Page by registering as users/customers;

(c) individuals who have made inquiries (including by calling), requests, signals, complaints or other correspondence to Bulgaria Cofi Services Ltd, respectively to our website and in social networks;

(d) individuals whose information is contained in enquiries (including by call), requests, signals, complaints or other correspondence addressed to Bulgaria Cofi Services Ltd;

(e) individuals with whom WE enter into distance selling contracts via the website, email, social networks;

ЛHE PERSONAL DATA WE PROCESS

Depending on the reason that necessitated the processing of personal data, the type of personal data may differ. The functionalities provided on the Site are not intended for the storage and processing of special categories of data within the meaning of Articles 9 and 10 of the Regulation. (NB! Read Article 9 and Article 10 of the Regulation here )

Data provided when placing an order or registering on the Site

In order to execute a distance contract (order) between you and Bulgaria Cofi Services Ltd , we require certain information from you. You decide whether and how to use the distance selling opportunities provided through the Site or the Facebook page. In the forms through which personal data is entered, we clearly indicate the mandatory or voluntary nature of the data provision. The data that are mandatory are those without which it is impossible to conclude the relevant contract. These are: names, email address, delivery address, contact phone number, your payment information (e.g. bank card) and possibly, when registering, a password, billing details, including your ID number if you wish to invoice an individual.

If you have chosen to store information about you on the Site by registering an account on the Site, we store the above data as well as a history of orders placed by each account registered on the Site.

In certain cases, you may be able to share information with social networks or use their sitesis to create your profile or link your account on our website to the relevant social network. In this case, the social network may provide us with automatic access to certain personal information they have collected about you (e.g., the content you have viewed, the content you want, and information about the ads you have been shown or clicked on, etc.). By linking your social network profile to your account on our website, you authorize us to access your personal data processed by the relevant social network, and to collect, use and retain this information in accordance with this Security Policy. This linking of a social media account to a registration on our website is made in the event that you click on a link provided to create a registration on our website by engaging in social media, thereby voluntarily linking to the relevant social media site. In case you have chosen to register on our website through a social network, we may process your data as name, phone, email, gender, marital status, age, photo, education, location, place of residence and other data, that you have provided to these platforms and that are visible to us in the event that you sign in with them on our site.

Data provided by, through and on other websites and applications, referred to as third parties

If you provide your personal data to “Bulgaria Cofi Services Ltd. via Viber, Skype, Facebook or any other platform/social network, we inform you that these platforms/websites/social networks have their own privacy policies and that we do not accept any responsibility or liability for these policies insofar as their processing cannot be controlled by the WILD GAME LTD.. In this regard, we recommend that you check this policy before sending us your personal data via these websites/apps.

Data provided when posting a comment, review, publication

If you leave a post or comment on this website, your IP address will be saved, along with your name if you have entered this information. This is for the safety of the website operator. If your text breaks the law, he would like to be able to trace your identity. Separately, Bulgaria Cofi Services Ltd. has an obligation to store this data (referred to as “traffic data”) for certain periods and for certain purposes set out below.

Data provided on correspondence, complaints and signals

In order to resolve complaints, signals, disputes, inquiries, requests or other issues raised in communication to “Bulgaria Cofi Services Ltd.received through electronic forms on the Site, through calls to “Bulgaria Cofi Services Ltd., by sending by regular or e-mail, “Bulgaria Cofi Services Ltd. stores and processes this information, as well as the result of this processing.

In addition, due to the fact that sending comments, inquiries and other messages to the Site, Facebook Page or their administrators constitutes sending an electronic statement, under the Electronic Document and Electronic Authentication Services Act (“EDISA”) we have an obligation to maintain a log of the fact of sending the statement (without its content) for a period of 1 /one/ year. The log contains the date of the statement, the sender’s name and email address, and the sender’s identification.

If you provide us with personal information about someone else, you must do so only with that person’s authorization. You must inform them how we collect, use, disclose and store personal information in accordance with this Privacy Policy.

Data collected in the course of using the Site

In addition, we collect information from your computer, phone, tablet or other device you use. This information may include the following:

• the identifier of the device you are using, the type of that device, an advertising ID and a unique token for that device;
• location information , including location information from your mobile device. Note that most mobile devices allow you to control or disable the use of location services from any app on your mobile device in the device settings menu;
• computer and connection information, such as page view statistics, traffic to and from the Sites, referrer URL, advertising data, IP address, browsing history, information about your web log, and language, date and time settings;

Logos to facilitate your searches

Quick links to repeat previous searches allow you to repeat your searches instead of typing them in each time. The functionality can be used with or without registration. When you use the Site, a cookie with a randomly generated number is stored in your browser, enabling the Site to show you quick links to repeat previous searches. The site stores and displays the last 10 searches associated with that browser, and you can save and use them in your account when you log in. If you use the Service with registration, the last 10 searches are stored in your account.

Logs related to security, technical support, development, etc.

The Site uses logs for the following purposes:

• To ensure the reliable functioning of the services and identify technical problems;
• To secure services and detect malicious activity;
• To develop and improve the services on the Site;
• To measure Site traffic and usability;
• Logs where required by law (such as logs of electronic wills).
• Login log. This log allows unauthorized attempts to access accounts to be detected and automatically blocked. It is maintained for a period of up to 1 /one/ year and contains the date and time of login, status, whether the login is via mobile version, app or desktop browser, IP address.
• Server logs, security logs (Web Application Firewalls) and other devices that fall into this category. These logs are necessary for detecting technical problems, detecting malicious activities, etc. for the purposes mentioned above. They are kept for a period of up to 1 /one/ year. Logos may contain the following information: date and time, IP address, URL, browser and device information. In addition, some devices may use cookie-based security technology.

Cookies

The use of cookies is necessary for the functioning of the Site. In this regard, a Cookie Policy has been adopted.

Employee data and data collected when processing job applications

We process data when entering into employment contracts and when assessing and processing a job application. When concluding employment contracts, we require three names, ID number, address, age, gender, education data, work experience, bank details, and subsequently we also process health data. When processing CVs, we process names, address, age, gender, education, work experience, photo.

FOR WHAT PURPOSES WE PROCESS YOUR DATA

The main purpose for which WE process your personal data is generally related to the provision of services through the Site and social networks, namely the conclusion of a distance sales contract and the delivery of goods and services ordered by you, as well as the accounting of revenue. We also use your personal information to provide and improve our Services, to provide you with a personalized experience on our site, to contact you about your account and our Services, to provide you with customer service, to provide you with personalized advertising and marketing tailored to your interests, to run sweepstakes and games organized by us, and, in certain cases, to detect and investigate fraudulent or illegal activities.

“ Bulgaria Cofi Services Ltd. collects, uses and processes the information described above for the purposes set out in this Policy, which may be related to:

• the conclusion of a distance purchase contract between you and Bulgaria Coffey Services Ltd. via the Site or social networks – we require your identification, contact and payment details in order to enter into a contract with you, respectively to send you the order;
• entering into a consumer credit agreement when you have requested to purchase a good or service from the Site using credit;
• processing payments and preventing fraudulent transactions (we may pass your data to a third party to perform these functions);
• the conclusion of employment contracts and the processing and evaluation of submitted CVs;
• protection and enforcement of the legitimate interests of other users ofthe Services, third parties and the Site – the legitimate interest pursues objectives related to the legitimate interests of Bulgaria Cofi Services Ltd and/or third parties. These objectives include:
• detecting and resolving technical or functionality problems, developing and improving the purpose of the Site;
• communicating with you, including electronically, on important issues related to the services provided by us and the performance of the contracts concluded;
• targeting our marketing, updating services and offering you promotional offers based on your preferences.
• receiving and processing signals, complaints, requests and other correspondence received;
• enforce and protect the rights and legitimate interests of the Site, including in court, and assist in enforcing and protecting the rights and legitimate interests of other users of the Site and/or affected third parties;
• informing you about products and services you want us to send you information about by email, post, mobile phone and/or other digital means (depending on your stated preferences), including social media platforms – only where we have received your explicit consent to do so;
• the provision of services you request from us;
• your registration on the website or app (in which case We will also use your personal information to maintain and update your account (such as changing your address or changing your marketing preferences);
• administering the website and app and keeping them secure and safe;
• analyse and improve the use of our website, app and retail, (incl. We use information about how you navigate our Website, App and/or stores;
• administration of all competitions/tumbles/games on lottery principle, conducted by “Bulgaria Kofi Services” Ltd;
• measuring and analysing our advertising and making suggestions and recommendations to you based on the information you share with us;
• contact you about your account, troubleshoot problems with your account. When we contact you by phone to ensure efficiency, we may use automated or pre-recorded calls and text messages.
• provide you with location-based services (such as advertising, search results and other personalised content);
• the fulfilment of legal obligations of Bulgaria Cofi Services Ltd, which includes:
• to comply with statutory obligations to preserve or provide information in respect of our tax obligations to the State;
• the execution of an order received by us from competent state or judicial authorities;
• fulfilling obligations under the Data Protection Regulation relating to notifying you of various circumstances relating to your rights, the Services provided or the protection of your data, etc. similar.
• fulfilling obligations under the Consumer Protection Act such as ensuring the right of withdrawal, the right to a statutory guarantee;
• the defence of Bulgaria Cofi Services Ltd. in court proceedings;

Your data may be processed on the basis of your explicit consent, in which case the processing shall be specific and to the extent and scope provided for in the relevant consent. We usually require such consent from you when we wish to process your personal data without a legal obligation or legitimate interest for Bulgaria Cofi Services Ltd. Most often we require such consent when we wish to offer you information about new promotions, products, etc.

STORAGE PERIOD OF YOUR PERSONAL DATA

When storing data, WE apply the general principle of storing data in the minimum volume and for no longer than necessary to provide the Services and perform the contracts, ensuring their security and reliability and the requirements of the law. We will retain your personal information for the period necessary to fulfil the purposes set out in this “Privacy Policy”, unless we are required by law or legitimate interest to retain it for a longer period. Depending on the type of data and the purposes for which it was collected, there is a storage period after which the information is deleted.

Data types	Storage period	Explanations
Registration details (first name, last name, email address, phone, address) и information about registration and agreement to the Terms (date, time, IP address)	For the entire period of maintaining the account on the Site and up to 1 /one/ year from termination of registration	The data identifies you as a registered user of the Site. In order to resolve any disputes that may arise or become known after the termination of the Site Use Agreement and in connection with the WEDEA (see below), this data will be retained for up to 1 /one/ year after the termination of the account.
Personal data from orders and issued invoices	For the period that your rights as a user are available(2 years); certain order data for accounting purposes is stored for a certain statutory period as it constitutes accounting information – transaction data, billing data (between 5 and 11 years);	The data identifies you as a party to the distance selling contract and is stored in order to ensure your rights, respectively. to fulfil our legal obligations as taxable persons;
A log verifying the sending of a comment, request, order to the site (contains sender, recipient, date and time)	For a period of 1 /one/ year. Due to the requirements of the WEEDEU Act, the log is kept for a period of 1 /one/ year incl. upon account closure.	Because the sending of a comment, request, order constitutes the sending of an electronic statement by you to the Site, we are obliged under the EUPA to maintain a log of the fact of sending the statement (without its content) for a period of 1 /one/ year.
Quick searches	Until you delete them; until your registration is terminated; or for up to 6 /six/ months if you use this functionality without registration.	This option allows you to repeat your searches instead of entering them each time. The functionality can be used with or without registration. Quick links are stored to repeat the last 10 searches .
Settings	Until they are deleted by you or your registration is terminated. If stored in a cookie, up to 6 /six/ months from the last use	Settings such as language selection and the like fall into this category.
Information stored in a mobile app	For the period of its use (until uninstalled)	Information necessary for the technical provision of the Services (such as settings, etc.)
Log in log (contains date and time of login, status, whether the login is via mobile, app or desktop browser, IP address)	For a period of up to 1 /one/ year from the last login or until the account is closed	This log allows unauthorized attempts to access accounts to be detected and automatically blocked.
System logs (may contain information such as: date and time, IP address, URL, browser version and device information)	For a period of up to 1 /one/ year	Server logs, security logs (Web Application Firewalls) and other devices that fall into this category. These logs are necessary to identify technical problems and/or detect malicious activity.
Correspondence, complaints and signals, requests, incoming telephone calls	Correspondence, complaints and signals are stored for up to 5 /five/ years on the basis of the Law on Obligations and Contracts (limitation periods for claims); In order to ensure the reliability of the service, incoming phone calls, when recorded (we inform you in advance if the call is recorded) are stored for up to 3 /three/ months.	In order to resolve complaints, signals, disputes, inquiries, requests or other issues raised in communications to Us received via electronic forms on the Site, by sending regular or electronic mail, We store and process this information and the result of this processing. Given the statute of limitations under Bulgarian law, for the purpose of resolving disputes, this information is stored for a period of up to 5 /five/ years.
Cookies	Up to 6 /six/ months from the last use of the Services on the Site	For a description of the cookies used, see “Cookie Policy”

Exceptions to the rules on storage periods Please note that we will not delete or anonymise your personal data if it is necessary for pending judicial, administrative, arbitration, enforcement or complaint proceedings before us. Deletion will be carried out after the need for the data has ceased, and it is possible that this will be after the expiry of the time limits mentioned above. You can always ask us to delete certain information or close your account, and we will respond to that request by retaining certain information even after the account is closed where applicable law or legitimate interests require it. If we are legally obligated or if reasonably necessary to comply with regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms, we may also retain some of your personal information for a limited period of time, even after you have deleted your account.

DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES

“Bulgaria Cofi Services Ltd, respectively the Site, does not provide your personal data to third parties unless there is a legal basis for this – an obligation under law or contract, a legitimate or vital interest, your consent. We strive to minimise the personal data we disclose, as this is always directly relevant and necessary to achieve the stated purpose. We do not sell, rent or otherwise disclose your personal information to third parties for their marketing and advertising purposes without your consent. We ensure that access to your data by private third-party entities is carried out in accordance with the legal provisions in the field of data protection and confidentiality of information, based on contracts concluded with them.

We may also disclose your personal data where we are subject to legal obligation. In certain cases “Bulgaria Cofi Services Ltd. is obliged to disclose your data to public authorities such as the police, prosecutors, courts, in connection with the prevention or detection of crime. This includes sharing information with other companies and organisations to protect fraud and reduce credit risk. You should be aware that if we are asked by the police or any other regulatory or governmental authority investigating suspected illegal activities to provide your personal information or other information we obtain about you, we have the right to do so after ascertaining the validity of the governmental authorities’ request. Where we receive sales revenue, we may be required byrevenue authorities to provide sales data containing data from your orders, including personal data. In this regard, we provide your details to the accounting firms we work with. It is the legal obligation of the Site and Bulgaria Cofi Services Ltd . to protect the security of the networks and the data processed by the company. In this regard, we apply a number of measures, the implementation of which may require the processing of your data by IT companies that take care of security in our company.

We may have a contractual obligation to provide your data in the case of a distance selling contract concluded with you , under which we are obliged to provide the goods or services you have requested by courier. The same applies if you have chosen to purchase, pay for a product or service from our Site through payment or banking serviceswhose providers you personally share your details with or outsource to us. If you have chosen to insure a product/service at the time of purchase through the Site, your details are shared with the insurance companies through the order process. If we are installinga purchased product through a subcontractor, we may provide your details to the subcontractor to complete the service/warranty.

Our legitimate interest justifies the provision of personal data to third parties in certain cases. This would be the situation in the case of proceedings before the Commission for Personal Data Protection, the Commission for Consumer Protection and other state authorities. A legitimate interest also exists for Bulgaria Coffey Services Ltd when we engage other companies and individuals to perform certain tasks on our behalf, complementary to our services, within the framework of data processing contracts. We would like you to always be aware of the best offers for the products/services you are interested in. In this regard, we may provide certain of your data, only with your explicit consent, to marketing/telemarketing service providers and other companies with whom we may develop joint programs to market our goods and services.

Our website may also contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we accept no responsibility or liability for these policies. Please check these rules before sending information to these websites. Our website uses YouTube LLC, represented by Google Inc. to integrate videos. Typically, when you visit an embedded video page, your IP address will be sent to YouTube and cookies will be installed on your device. However, our videos on YouTube are integrated in an extended privacy mode (in this case, YouTube is still in contact with the DoubleClick service from Google, but personal data in accordance with Google’s privacy policy is not used). As a result, YouTube does not store any information about visitors unless you watch the video itself. If you click on the video, your IP address will be sent to YouTube and YouTube will know that you watched the video. If you are logged into YouTube through your user account, this information will also be associated with your user account (you can prevent this by logging out of YouTube before clicking on the video to view it). We have no information about the possible collection and use of your data by YouTube. For more information, see the YouTube Privacy Statement at www.google.com/intl/bg/policies/privacy/.

TO WHICH COUNTRIES WE TRANSFER YOUR PERSONAL DATA

We currently store and process your personal data in Bulgaria.

However, some of your personal data may be transferred to entities located in or outside the European Union, including countries for which the European Commission has not recognized an adequate level of data protection.

We will always take steps to ensure that any international transfer of personal data is carefully managed to protect your rights and interests. Transfers of data to service providers and other third parties will always be protected by contractual obligations and, where appropriate, other safeguards, such as standard contractual clauses issued by the European Commission or certification schemes such as the Privacy Shield for data transferred from the EU to the United States of America.

You can contact us at any time using the contact details set out at the end of the Policy to find out which countries we transfer your data to and what safeguards we apply in relation to those data transfers.

YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

Under the General Data Protection Regulation you have the following rights:

Right to information

This Policy is intended to inform you in detail about the processing of your personal data in relation to the processing of your personal data.

Right of access.

You have the right to confirm whether your personal data is being processed, to access it and to obtain information about how it is being processed and your rights in relation to it.

Right to rectification.

You have the right to correct and supplement your personal data in case it is incomplete or inaccurate. For registered users, this option is also valid in the user panel on the Site.

Right to erasure (right to be forgotten) and account closure

You have the right to request deletion of data. Please note that we may refuse to erase data where there is a substantial ground for processing and/or a legal obligation. You will be informed of this in due course.

If you wish, you have the option to close your account at any time. This option is also valid in the user panel on the Site. After account closure, all or part of the data is deleted. In connection with our obligations, responsibilities and the requirements of the law (e.g., the EUPA or the ECDEA), we may retain certain data for up to 1 /one/ year. See the section “Retention period of your personal data”.

In order to ensure the reliability of the services and to prevent data loss for technical reasons, the Site applies a data redundancy policy. The maximum update (data deletion) period for all backups is 30 days.

Right to restriction in relation to data processing

The General Data Protection Regulation provides for the possibility to restrict the processing of your personal data if there are grounds for doing so set out therein.

Right to notify third parties

Where applicable, you have the right to request the Controller of your personal data to notify third parties, where he has provided your data, regarding the rectification, erasure or restriction of the processing of your personal data.

Right to data portability.

You have the right to receive the personal data concerning you that you have provided in a structured, commonly used and machine-readable format and have the right to transfer that data to another controller without hindrance from us, if the processing is based on consent or a contractual obligation or the processing is carried out in an automated manner.

Important: The responsibility for the storage of data exported from the Site, as well as for any consequences of providing it to other administrators is entirely yours.

Right not to be subject to a decision based solely on automated processing

You have the right not to be subject to such automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the grounds for doing so are provided for in the applicable data protection legislation and appropriate safeguards are provided to protect your rights, freedoms and legitimate interests.

Right to withdraw consent

You have the right, at any time, to withdraw the consent you have given in relation to the processing of personal data on the basis of your prior consent. Such withdrawal shall not affect the lawfulness of the processing on the basis of the consent given up to the time of withdrawal. In the case of services such as the subscription to email advertisements, the subscription to which is based on your wish (consent), there is an option to terminate the subscription at any time (withdrawal of consent).

Right to object

You have the right to object to data processed on the basis of legitimate interest. In the event that such an objection is received, We will consider Your request and, if justified, comply with it. If we believe that there are compelling legitimate grounds for the processing or that it is necessary for the establishment, exercise or defence of legal claims, we will inform you of this.

Right of appeal to a supervisory authority

You have the right to lodge a complaint against our company (data controller) with the supervisory authority if you believe that the processing of personal data relating to you violates applicable data protection law. The supervisory authority in the Republic of Bulgaria is the Commission for Personal Data Protection with the address. 1592 Sofia Blvd. “1595 Prof. Tsvetan Lazarov” № 2, e-mail : kzld@cpdp.bg, website: www.cpdp.bg, telephone: 02 915 3 518.

Exercise of rights. Taxi. Time limit for ruling

You may exercise these rights free of charge at any time, by email or by request sent to the addresses indicated in the contact form on the Site or at the end of this Security Policy.

In the event that you exercise these rights manifestly unreasonably or excessively, in particular because of its repetitive nature, we reserve the right to charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or to refuse to act on the request. We will inform you of our fees, if applicable, before ruling on your request.

ACCURACY OF INFORMATION

We are not responsible for the accuracy of the data provided by you, we do not carry out any checks to this effect and we do not guarantee the true identity of the individuals who have provided the data. In all cases of suspected fraud and/or abuse, please notify us immediately. You undertake that in providing any information on the Site, you will not violate the rights of others in relation to the protection of their personal data or their other rights.

GENERAL POLICY INFORMATION

This Personal Data Policy may be amended or supplemented due to changes in the applicable Bulgarian or European legislation, at the initiative of Bulgaria Cofi Services Ltd. or a competent authority.

“Bulgaria Cofi Services Ltd. will inform users of amendments or additions to this Privacy Policy by publishing the updated Privacy Policy on our website.

Users are advised to periodically check the most up-to-date version of this Privacy Policy on the website of Bulgaria Cofi Services Ltd.

This Privacy Policy is current as of 31.12.2019.

HOW WE PROTECT YOUR RIGHTS

SECURITY MEASURES

In order to ensure the best possible protection of the data of the company and our customers/users/contractors/visitors on the Site, WE apply all necessary organizational and technical measures provided for in the General Data Protection Regulation and the Data Protection Act, as well as best practices of international standards. We apply the appropriate and necessary level of protection and to this end we have developed effective physical, electronic and administrative procedures to safeguard the data we collect from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

We store your data on secure servers using the latest encryption algorithms and ensure backups are kept.

The Company has adopted the necessary rules and procedures relating to the lawful processing of your personal data, including. Data Breach Action Plan, has established structures to prevent misuse and security breaches, and has designated a Data Protection Officer to assist in the lawful processing, protection and security of your data.

Access to your personal data is only permitted to those employees, service providers or persons related to you on a need-to-know basis for business purposes or who need it to perform their official duties. All staff/employees are required to be trained and accept the relevant contractual clauses/declarations/rules to comply with organisational and technical access measures before being given access to information of any kind.

It is a principle of our structure that all employees/workers are responsible for ensuring the security of the storage of the data for which they are responsible and which we process, and that data is stored securely and not disclosed under any circumstances to third parties unless we have granted such rights to that third party by entering into a confidentiality agreement/clause. In this regard, all personal data is accessible only to those who need it, and access can only be granted in accordance with established access control rules. All personal data is treated with the utmost security and stored:

• in a private room with controlled access; and/or
• in a locked cabinet accessible to authorised persons; and/or
• a password-protected computerised system in accordance with the internal requirements set out in the organisational and technical arrangements for controlling access; and/or
• computer media that are protected in accordance with organisational and technical measures to control access to information.

Personal data shall only be erased or destroyed in accordance with internal data retention and destruction procedures.

For maximum security when processing, transferring and storing your data, we may use additional protection mechanisms such as encryption, pseudonymization, back up technology for backup copies.

We use a payment service to process payments. All payment information is encrypted using SSL technology.

When you post in forums, chat rooms or social networking services, the personal information you share is visible to other users and may be read, collected or used by them. In these cases, you are responsible for the personal information you choose to provide.

Despite the measures we implement to protect your personal data, we are aware that, in general, the transmission of information over the Internet or other public networks is not completely secure, and there is a risk that the data may be viewed and used by unauthorized third parties. We cannot take responsibility for these vulnerabilities on systems that are not under our control. In the event of a data leak containing personal data, we ensure that we comply with all applicable notification standards in such cases.

COOKIE POLICY

As an integral part of this Privacy Policy, Bulgaria Cofi Services Ltd. has adopted a Cookie Policy, published and available both on the Site and on our Facebook page.

CONTACT US

DATA PROTECTION OFFICER

Questions and requests related to the exercise of the rights to protect your personal data can be addressed to Bulgaria Cofi Services Ltd., through the contact form available on the Site or by following any of the contact forms:

“Bulgaria Cofi Services” Ltd, UIC 102884140, with registered office and management address. Burgas, ul. “Ivan Bogorov” No 20, in. D, par. 7, app. 19, represented by Ivan Angelov;

Data Protection Officer: Ivan Angelov

Address for correspondence. Address for correspondence. “43, entrance. 1, office 3

E-mail address: office@zakafeto.com

Contact phone +359 889406010 or +359(0)24830654