CONFIDENTIALITY AND PERSONAL DATA PROTECTION POLICY OF NBG EOODEffective from 25.05.2018.
II. Who processes and is responsible for your personal data?
Sofia, Blvd. Vitosha No. 180, fl. 4, apartment 7
phone: +359 888 633 077
III. Categories of personal data processed by "NBG" EOOD
1. NBG EOOD may process publicly available personal data and/or personal data provided by you. The main types of personal data processed are:
(i) Personally Identifiable Information (including name, email address, language of communication and others);
(ii) Contact data (including postal and electronic addresses, telephone numbers of you or a contact person specified by you and others);
(iii) Financial information (bank account and others);
(iv) Information about a representative (legal representative or proxy of such) of our client legal entity;
(v) Site profile data (including name, postal and email addresses, telephone number, date of birth, etc.);
(vi) Data for entering into contracts for sale, dealership, wholesale, deferred payment, etc. with natural or legal persons (such as names, social security number, etc.).
2. NBG EOOD can process data prepared and generated by www.reds.bg in the process of providing the services:
(i) data on the end electronic communication device used, device type, operating system used, IP address, location;
(ii) data about your preferred goods and services
(iii) Data from the communication between us and you, your preferences, your satisfaction with our services (activity when using the services, complaints, requests, etc.);
(iv) Information regarding visits to the Site and use of the Site, including operations and history of use of the Site;
(v) The data obtained in the performance of the obligations arising from the normative acts (ie data arising from inquiries, regulations, investigative bodies, notary public, tax authorities, court, bailiff);
3. In order to ensure the good performance of the services and the obligations arising from customer contracts, "NBG" EOOD has the right to process any information that is available in public registers (including public databases and data published on the Internet). as well as information received from third parties on the occasion of the fulfillment of legal regulations, regarding customers.
4. "NBG" EOOD has the right and obligation to check the accuracy of the personal data recorded in the database, and for this purpose requires you to verify the data and, if necessary, correct it or confirm the accuracy of your data.
5. Different types of personal data can be processed independently or in combination with each other.
IV. Purposes and legal grounds for processing personal data
1. Processing of personal data, which is necessary for the conclusion or performance of contracts with us or in connection with the preparation for the conclusion of contracts with us.
NBG EOOD processes your data for the following purposes:
(i) Identifying a customer when: entering into a new or amending an existing contract with us; explanations about the services used; performance of a concluded contract.
(ii) Preparation of proposals for conclusion of contracts, sending of pre-contractual information and draft contract; management of pre-sales activities;
(iii) Data received by you in the performance of obligations arising from contracts concluded with you or a company represented by you, exercising rights and ensuring the performance of contracts by our clients;
(iv) Administering and responding to customer complaints/inquiries/complaints/complaints; return of amounts and goods; product replacement;
(v) Technical assistance to create an account/s and recover a forgotten password to access our Site, for electronic service of electronic invoices.
(vi) Identification and validation of legal age when shopping online;
(vii) Payment of obligations, rescheduling of amounts due; debt collection management;
(viii) Warranty and service;
(ix) Update offers to dealers; sharing important information regarding changes to our policy and other administrative information;
(x) Manage and administer online shopping activities; payment management.
2. In fulfillment of its legal obligations, NBG EOOD processes your data for the following purposes:
(i) Issuance of invoices;
(ii) To carry out tax-insurance control by the relevant competent authorities;
(iii) Fulfillment of obligations in relation to distance selling, off-premises sales, provided for in the Consumer Protection Act;
(iv) Provision of information to the Commission for the Protection of Personal Data in relation to obligations provided for in the legal framework for the protection of personal data - Personal Data Protection Act, Regulation (EU) 2016/679 of April 27, 2016, etc. ;
(v) Obligations provided for in the Accounting Act and the Tax-Insurance Procedure Code and other related legal acts, in connection with keeping proper and lawful accounting.
3. "NBG" EOOD processes the relevant data provided with the express written consent of the client for their processing for the following purposes:
(i) Creation and management of a personal profile on the Site; technical assistance for creating a profile/s and recovering a forgotten password to access our Site;
(ii) Direct marketing of products and services;
(iii) Participate in and administer surveys, giveaways, promotional campaigns;
4. The processing is necessary for the purposes of the legitimate interests of "NBG" EOOD.
(i) Assess and determine user satisfaction and the effectiveness of the advertising we offer to you and others, and to meet your expectations by presenting adequate advertising;
(ii) Analysis of customer purchase history data, preferences and behavior;
(iii) Guaranteeing quality of customer service.
V. Categories of third parties who access and process your personal data
(i) Transport/courier companies, postal operators with a view to fulfilling our contractual obligations, sending correspondence and communications, in connection with the contract between us, sending purchased goods;
(ii) Persons who, on the assignment of "NBG" EOOD, maintain equipment and software used to process your personal data;
(iii) Debt collection service providers, notary, solicitor, bailiff or other third party if the customer has breached an obligation arising from a contract with us;
(iv) Banks servicing payments made by and to You;
(v) Persons to whom "NBG" EOOD has provided the performance of part of the activities or obligations related to a specific service that we owe to you; persons processing personal data who, based on a contract with "NBG" EOOD, process your personal data on behalf of ""NBG" EOOD
(vi) Persons performing consulting services in various fields - lawyers, accountants, marketing agencies, etc.;
(vii) Authorities, institutions and persons to whom we are obliged to provide personal data under the current legislation.
VI. How long are your personal data kept?
The duration of storage of your personal data depends on the processing purposes for which they were collected:
1. The personal data processed for the purpose of concluding/amending and executing contracts between "NBG" EOOD and you or a company represented by you - for the term of the contract and until the final settlement of all financial relations between the parties. "NBG" EOOD may store some of your personal data for a longer period until the expiration of the relevant statute of limitations in order to protect against possible customer claims in connection with the performance/termination of contracts with us, as well as for more a long period in the case of a legal dispute that has already arisen until its final resolution with an effective court/arbitration decision;
2. Personal data processed for the purpose of issuing accounting/financial documents for the implementation of tax-insurance control, such as, but not limited to – invoices, debit, credit notices, handover protocols, contracts for the provision of services/goods are stored at least 11 years after the expiration of the limitation period for repayment of the public claim, unless the applicable legislation provides for a longer period.
3. The personal data processed for the purpose of managing the profile on the Site - until the express withdrawal of the given consent or receiving an objection to the processing of personal data for managing the profile.
4. The personal data processed for the purpose of direct marketing - until the express withdrawal of the given consent for direct marketing or receiving an objection to the processing of personal data for direct marketing.
VII. Your Rights in relation to the processing of your Personal Data
1. General rights
In connection with the processing of personal data, you have the following rights, which you may exercise at any time while we store or process your personal data, by sending an application to the address of "NBG" EOOD indicated above, or by electronic means to email: firstname.lastname@example.org You have the right to request from "NBG" EOOD:
• a copy of your personal data and access to them at any time;
• to correct, without undue delay, your inaccurate personal data, as well as data that is no longer up-to-date;
• your personal data in a form convenient for transfer to another personal data controller, or to request that we do so without being hindered by us (right to portability);
• your personal data to be deleted without undue delay in the presence of any of the legal grounds for this;
• to limit the processing of your personal data, in which case your data will only be stored, but not processed. Our refusal to limit will be expressly only in writing, and we are obliged to motivate it with the lawful reason;
You also have the right to:
• to withdraw your consent to the processing of your personal data at any time with a separate request addressed to "NBG" EOOD. for processing based on consent;
• object to the processing of your personal data;
• object to automated processing, including profiling;
• not be subject to a decision based solely on automated processing, including profiling;
2. You have the right to appeal to the supervisory authority
You have the right to submit a complaint directly to the supervisory authority, the competent authority being the Commission for the Protection of Personal Data, address: Sofia 1592, "Prof. Tsvetan Lazarov" №2 (www.cpdp.bg). In the event that you wish to file a complaint regarding the processing of your personal data by "NBG" EOOD, you can do so at the indicated contact details of the Administrator or directly to the Data Protection Officer (at the above-mentioned contact details contact).
3. Automated processing and profiling
When you visit our Site, we use automated processing to adapt products and services to your needs in the best possible way.
4. Objection to use for direct marketing
You have the right to object to the future processing of your personal data for the purposes of direct marketing and advertising, as well as to their disclosure to third parties and their use on their behalf for the purposes of direct marketing and advertising, by withdrawing your consent under anytime. For this purpose, you can send an electronic message with the corresponding request to stop using your data for direct marketing purposes to the address: email@example.com
5. Can you refuse to provide personal data to "NBG" EOOD and what are the consequences of this?
In order to conclude a contract with you and/or to provide you with the requested products and/or services and/or to deliver the ordered goods in accordance with our legal and subsequently contractual obligations, NBG EOOD needs certain data which to identify the party to the contract, its representative, contact details, payment details. Failure to provide such data prevents us from entering into a contract with you.
In order to make a purchase from our Site and to deliver the goods or services you have ordered, for your convenience you have the option of creating your own profile on the Site. During the profile creation process, "NBG" EOOD needs certain data to identify you, contact data, payment data.
VIII. How we protect your data
"NBG" EOOD implements organizational, physical, information technology and other necessary measures to ensure the security and protection of your personal data and the monitoring of the processing of personal data.
Among other things, such security measures include the following activities:
• "NBG" EOOD has established the requirements for processing, registration and storage of personal data with the internal procedures, compliance with which is constantly monitored;
• NBG EOOD employees' access to personal data and permission to process personal data in the NBG EOOD database is limited, depending on their duties;
• NBG EOOD has established confidentiality obligations for its employees;
• access to the office equipment of "NBG" EOOD and the computers of each employee is limited.
• we implement all the necessary organizational and technical measures provided for in the Personal Data Protection Act, as well as the best practices of international standards
• For the purpose of maximum security when processing, transferring and storing your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc. The security measures we apply are subject to constant improvement and adaptation to the latest technologies.
IX. Link to other sites
Personal data for children
We do not knowingly collect personal information from children under the age of 16. If we learn that we have collected personal information from a child under the age of 16, we will take steps to delete the information as soon as possible or obtain the consent of the person with parental responsibility for the child.