We at „Фишинг Зоун” ЕООД take a responsible approach to the privacy, security and protection of our customers' personal data and want you to be aware of how we collect, use and process your personal data. We process your personal data in accordance with the principles of lawfulness and transparency.
DATA WE PROCESS
You do not need to provide Personal Data in order to use our Website, but if you wish to use certain services through our Website, the Processing of Personal Data may become necessary.
We collect the following Personal Data that you provide to us while using our Website
- first and last name;
- delivery address;
- telephone number;
- other personal data provided by you;
We only use your Personal Data for specific purposes specified in advance at the time of collection and following your explicit Consent (where Consent is the legal basis for processing), or for additional compatible purposes in accordance with the law.
The purposes for which we process your Personal Data are:
- to respond to your requests submitted through our contact form;
- to provide products and services that you order through our website;
- to provide an efficient service to our customers; and to improve the content and functionality of our website;
- to improve the quality of our services;
- to contact you to provide newsletters, special offers, useful tips, , updates and information that we think will be of interest to you;
- to contact you with information about your use of our website;
- to ask for your feedback on our products and services;
- for our marketing and advertising purposes;
Providing Personal Data to Third Parties
- Your Personal Data may only be provided to third parties provided that they undertake the same obligations to provide adequate levels of protection as set out in the Regulation.
- Your Personal Data may also be transferred to third parties acting on our behalf for further processing in accordance with the purposes for which it was originally collected or to be lawfully processed in other ways, such as service delivery, evaluation of the usefulness of this website, marketing, data management or technical support.
- The Personal Data we collect from you may be processed, accessed and stored outside the European Union in countries with a lower level of Personal Data protection than that provided for in the Regulation. In the event that we transfer your Personal Data to outside companies in other jurisdictions, we will ensure that these transfers of Personal Data are protected against the appropriate protections provided by the Framework, such as standard data protection clauses. You have the right to request a copy of the available standard data protection clauses on the basis of which we transfer your Personal Data to such countries. Where the risk regarding the protection of your Personal Data is very low, we may rely on your informed consent for such transfers.
- Your Personal Data may be disclosed: to third parties if we are required to do so by applicable law, court order, summons or government regulation; if we believe in good faith that disclosure is necessary to protect legal rights, protect your safety or that of others; as part of a criminal or other legal investigation or proceeding in the Republic of Bulgaria or abroad.
- We do not transfer, sell or exchange your Personal Data to third parties (including for marketing purposes).
LEGAL BASIS FOR PROCESSING
Article 6(1)(a) of the Regulation is the legal basis for which we require your Consent for the purposes of specific processing. If the Processing of Personal Data is necessary for the performance of an agreement to which you are a party, such as where the Processing is necessary for the supply of goods or the provision of another service, the Processing is based on Article 6(1)(b) of the Regulation. The same applies to Processing that is necessary to carry out pre-contractual measures, for example in the case of enquiries concerning our products or services. If our company has a legal obligation by virtue of which Processing of Personal Data is necessary, such as for compliance with tax obligations, the Processing is based on Article 6(1)(c) of the Regulation. Processing that does not fall within the legal grounds set out above but is necessary for the legitimate interests of our company, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject, is based on Article 6(1)(f) of the Regulation. In this case, the legitimate interest of our company is to carry out our activities for the benefit of our customers and employees.
Storage periods for personal data
Your Personal Data will not be kept for longer than is necessary for the purposes for which it was collected. This means that once the goals have been fulfilled, the data will be deleted or rendered anonymous.
Also, your personal data is stored for the period relative to our contractual relationship and for a certain period thereafter imposed by legal obligations.
Where there are no other grounds that oblige us to store (part of) your Personal Data, you may request the deletion of your information. For more information see the section „Your rights“
We endeavour to use appropriate organisational, technical and administrative measures to protect Personal Data within our organisation. To this purpose, we apply all legal and technical measures for the protection of Personal Data in relation to Article 32 of the Regulation, as well as taking into account the latest technological developments. Note, however, that despite adequate steps to protect information, no website, Internet connection, computer system or wireless connection is completely secure.
- Right to information and access:
- Right to data portability:
Where the processing of your Personal Data occurs in an automated manner on the basis of your Consent or on the basis of a contractual agreement, you have the right to receive a copy of your data in a structured, commonly used and machine-readable format transferred to you or to another party.
- Right to correction:
- Right to deletion (the right “to be forgotten“):
You have the right to request the deletion, or to delete by yourself via the user panel, all personal data processed by us, at any time, in the following situations:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed.
- You wish to withdraw your consent on which the processing is based pursuant to Article 6 (1) (a) or 9 (2) (a) of the Regulation and there is no other legal basis for the processing;
- You wish to object to the processing pursuant to Article 21 (1) of the Data Protection Regulation and there are no legitimate grounds for the processing which override, or you object to the processing pursuant to Article 21 (2) of the Regulation;
- The personal data have been unlawfully processed;
- The personal data must be deleted in order to comply with a legal obligation under European Union or Member State law to which the controller is subject;
- The Personal Data have been collected in connection with the provision of services to the information society pursuant to Article 8 (1) of the Regulation.
If we have provided your Personal Data to third parties, we are obliged – to take appropriate steps, including technical measures, to inform those third parties that you have requested deletion of your data or copies or replicas of that Personal Data, subject to available technology and implementation costs.
The right to be forgotten may not be exercised in the following situations:
- if you have an open order that has not yet been dispatched or has been partially dispatched;
- if you have an outstanding debt to us, regardless of the method of payment;
- if you are suspected of abuse or have misused our services;
- if you have made a purchase, we will retain your personal data in relation to your transaction against legal obligations.
- Right to object to processing based on legitimate interest:
You have the right to object to the processing of your Personal Data on the basis of our legitimate interest. We will stop processing your Personal Data unless it is proven that there are compelling legal grounds for doing so that take precedence over your interests and rights or due to legal claims.
- Right to object to direct marketing:
You have the right to object to receiving marketing communications, including profiling and analysis for direct marketing purposes.
You can unsubscribe from direct marketing in the following ways:
- by following the instructions in any message received in your email;
- by editing the settings in your user panel;
- Right to restriction of processing
You have the right to request the restriction of Processing where one of the following circumstances applies:
- if you claim that your Personal Data is inaccurate, we will restrict the Processing until a data accuracy check has been passed.
- the Processing is unlawful, but the data subject does not wish the personal data to be deleted, but requests instead the restriction of their use;
- if we no longer need your personal data for the purposes of the Processing, but it is necessary for the establishment, exercise or defence of legal claims;
- if you object to Processing on the basis of our legitimate interest, in which case we will restrict Processing pending the outcome of the lawful basis check.
- Right to withdraw consent
You have the right, at any time, to withdraw your consent to the Processing of your Personal Data where such Processing is carried out on the basis of consent.
- Automated individual decision-making, including profiling
You have the right to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects the data subject, unless the decision: (1) is necessary for the conclusion or performance of a contract between a data subject and a controller; or (2) is permitted by the European Union or Member State law applicable to the controller and which also provides appropriate measures to safeguard the rights and freedoms, and legitimate interests; or (3) is based on the data subject’s explicit consent.
For your information, our activities do not require the making and use of automated decisions, including profiling.
- Right to file a complaint with a supervisory authority:
If you believe that we are processing your Personal Data in an unlawful manner, you have the right to file a complaint with a supervisory authority in the European Union. The supervisory authority of the Republic of Bulgaria is:
Commission for Personal Data Protection
1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd.
How can you use your rights?
Protection of personal data of persons under the age of 14
We understand the importance of protecting the privacy of children. Our website is not intended for persons under the age of 14. We do not have a policy to intentionally process data about persons under the age of 14.
Data controller information and contacts
- „Фишинг Зоун” ЕООД
- гр. София, ул. „Христо Трайков“ 10
Date of last update: 26.11.2020