Privacy Policy
“Luso-Borisovi EOOD
(Notification regarding the processing of personal data)
Data Controller:
- Name: “Luso-Borisovi” Ltd.
- UIC: 205152074
- Registered office and registered address. Registered office and registered address. “Chetnik Nikola Alexiev” 1
- Phone: 0897783735
- E-mail address: office@lussobyborisovi.com
- Website: www.lussobyborisovi.com
“Luso-Borisovi Ltd (“the Company” or “the Controller”) operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (“General Data Protection Regulation” or “the Regulation”). This “Privacy Policy” (“Privacy Policy” or “Policy”) is intended to inform each Customer (as defined below) of the Company regarding the processing of data by which a particular Customer is or may be identified.
For the purposes of the Policy, a “Customer” is any natural person party to a contract with the Company for the purchase and sale of goods, as well as any natural person who has expressed a willingness to enter into a pre-contractual relationship with the Administrator and/or user of the E-shop https://lussobyborisovi.com/, available on the Internet at the electronic address: https://lussobyborisovi.com/ , as well as a director, manager, representative, proxy, employee, partner, shareholder, beneficial owner of a legal person or other legal entity using the E-shop.
1. What personal data do we process?
The Company processes, as a personal data controller, the following groups of personal data of Customers:
– Physical identity – name, ID number, address, telephone number, e-mail address;
– Economic identity – bank account number information.
Personal data is collected by the Controller from the persons to whom it relates.
2. How we collect personal data
We collect personal data:
in the process of registration on the E-shop website and when using the E-shop without registration;
when carrying out correspondence with the Client, which may include communication in written form, including electronic form and oral form;
through cookies when using or browsing our website.
In some cases, we may also collect information from third parties or public sources.
Our website collects data in log files. This information contains data about your IP address, Internet Service Provider, the browser you are using, your operating system, when you visited our website, the pages you visited.
Our website uses cookies. “Cookies are small files of information that a website sends to a visitor’s browser. The browser stores this information in a text file on the user’s end device. They help us make our website work better for you. More information on the use of cookies can be found in our Cookie Policy, published on the E-shop website: www.lussobyborisovi.com.
3. Do we process special categories of personal data?
The Company does not process special categories of personal data of Customers.
4. For what purposes do we process personal data?
The Company processes the personal data of the Customers for the following purposes:
– providing you with the information and assistance you have requested from us;
– individualization and contact with customers and actual owners;
– for all activities related to the existence, modification and termination of the relationship between the Company and the Client;
– offering and promoting additional services;
– regulatory compliance;
– defending disputes and cooperating with regulators to the extent required by law.
If we do not process this personal data, we may not be able to provide you with our services or the assistance you have requested.
5. On what legal basis do we process personal data?
Customers’ personal data is collected, processed and used based on several processing grounds:
– For the performance of a contract or for entering into a pre-contractual relationship;
– For compliance with a legal obligation that applies to the Company;
– For the purposes of the legitimate interests of the Company or of a third party where the rights and interests of data subjects do not prevail over them – to resolve disputes; to prevent, detect, investigate fraud, infringement or other unlawful conduct; to establish, exercise or defend legal claims;
– Under the terms of voluntary consent where required under applicable law.
6. For how long do we keep personal data?
The Company retains the personal data during the contractual relationship and until the contractual claim is extinguished and during a transitional period (e.g. for compliance with archiving and record-keeping obligations). If legal or other action is initiated, personal data may be retained until the end of such action, including any possible appeal periods, and will then be deleted or archived as permitted by applicable law. Specifically, the various media of accounting and tax information containing personal data shall be kept for a period of 10 years from 1 January of the accounting period following the accounting period to which they relate.
Where your personal data is obtained and processed on the basis of your consent, we will only process your personal data to the extent that we have your consent to process your personal data.
7. With whom do we share personal data? Do we provide them to third parties?
The Company may, at its discretion, transfer some or all of the personal data to processors for the purposes of processing, subject to the requirements of the Regulation.
The Company shares personal data with:
– third party service providers engaged by us to perform functions or activities on our behalf;
– third parties: regulators, tax authorities, financial authorities, judicial, administrative and law enforcement authorities, all in accordance with applicable law.
This list is not exhaustive and there may be other legitimate purposes for holding, disclosing or otherwise processing your personal data.
The Company shall notify the data subject in the event of an intention to transfer some or all of his or her personal data to third countries or international organisations.
8. Is personal data protected?
The Company shall provide and maintain appropriate technical and organisational measures to protect personal data against unauthorised access or unlawful use of personal data and/or against its accidental loss, alteration, disclosure, access and/or corruption or copying. These measures are intended to ensure the continued protection and privacy of personal data. The Company reassesses the measures regularly in order to achieve permanent security of personal data.
9. Do we perform automated decision making?
The Company does not perform automated decision making with data.
10. What are the Customers’ rights in relation to the protection of personal data?
Any Customer may exercise the rights set out below by written notice to the Company.
– Withdrawal of consent to the processing of personal data
Where the processing of a Customer’s personal data is based on the Customer’s consent to the processing of the Customer’s personal data, the Customer shall have the right to withdraw its consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent prior to its withdrawal.
– Right of access
Each Customer shall have the right to obtain confirmation from the Company as to whether his personal data is being processed by the Company. This includes the right of access to personal data, the right to obtain a copy of the data free of charge (except in cases of excessive and repetitive requests), unless otherwise provided in the applicable data protection rules, and the right of the Customer to be provided with a description of the basic information relating to the processing of his personal data.
The Company shall provide the Customer with a copy of the personal data being processed free of charge, but reserves the right to charge an administrative fee in the event of repetition or excessiveness of enquiries.
– Right of rectification
Each Customer shall have the right to rectify or request the Company to rectify, without undue delay, inaccurate, incomplete or out of date personal data relating to them.
– Right to erasure (right to be forgotten)
Each Customer shall have the right to request the Company to erase the personal data relating to him/her without undue delay where any of the following grounds apply:
(i) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(ii) the Customer withdraws its consent on which the processing of its data is based and there is no other legal basis for the processing;
(iii) Customer objects to processing as set out below;
(iv) the Customer’s Personal Data has been unlawfully processed; or
(v) Customer Personal Data must be deleted in order to comply with a legal obligation under EU law, the law of a Member State or the law of another country;
(vi) the personal data have been collected in connection with the provision of information society services.
The Company may refuse to delete the Customer’s personal data to the extent that the processing is necessary:
(i) to exercise the right to freedom of expression and the right to information;
(ii) for compliance with a legal obligation requiring processing provided for in EU or Member State law applicable to the Controller or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
(iii) for public health reasons
(iv) for archiving purposes in the public interest, scientific or historical research or statistical purposes;
(v) the establishment, exercise or defence of legal claims.
– Right to restriction of processing
Each Customer has the right to request the Company to restrict the processing of his/her personal data in the following cases:
(i) Where it disputes the accuracy of the Personal Data as provided by the Customer and processed by the Company (the limitation is for a specified period to allow the Company to verify the accuracy of the Personal Data);
(ii) Where the processing is unlawful but the Customer does not wish the Personal Data to be erased but instead requests that its use be restricted;
(iii) Where the Company no longer needs the personal data for the purposes of processing but the Customer requires it to establish, exercise or defend legal claims;
(iv) Where a Customer has objected to processing and expects the Company to verify whether the Company’s legitimate grounds for processing the personal data override the Customer’s interests.
– Right to object
Each Customer shall have the right at any time, on grounds relating to his or her particular situation, to object to the processing of personal data concerning him or her.
A Customer may only exercise the right in respect of the processing of his or her personal data that is carried out by the Company for the purposes of the Company’s legitimate interests.
In the event that the objection is justified, the Company will cease processing the personal data concerning the objecting Customer unless the Company proves that there are compelling legitimate grounds for the processing which override the interests of the Customer.
– Right to data portability
This right includes the following possibilities:
(i) obtain the personal data in a structured, commonly used and machine-readable format for transfer to another controller, or
(ii) to obtain a direct transfer of the personal data to another controller if this is technically feasible.
– Right of appeal
Each Customer has the right to lodge a complaint regarding the processing of his/her personal data by the Company with the Personal Data Protection Commission, which is the competent supervisory authority.
Data Protection Commission
Address. к. 1592 N. “prof. Tsvetan Lazarov” № 2,
tel. (02) 91 53 519, fax: (02) 91 53 525
Email: kzld@cpdp.bg
Website: www.cpdp.bg
11. What happens in case of a change?
In the event of a material change in the way in which the Company processes Customers’ personal data and/or in the types of personal data it processes and/or in any other aspect of the subject matter of this notice, the Company will notify Customers of the relevant change immediately by issuing and giving Customers an updated version of the notice.