GENERAL CONFIDENTIALITY AND PERSONAL DATA PROTECTION POLICY
Within the Meaning of Article 13 of the General Data Protection Regulation
Within the Meaning of Article 13 of the General Data Protection Regulation
Each of the two internet pages https://www.strimona.net and https://www.strimona.bg is owned and managed by STRIMONA STROY EOOD, Company Identification Code 121545581, („the Company“),registered office and address of management at: 11, Trakia Street, 2850 Petrich, Bulgaria.
These two internet pages have the same content and are being administered, respectively the personal data of the pages’ visitors are being processed, jointly by the Company and by STRIMONA EOOD, Company Identification Code 101533073, registered office and address of management at: 11, Trakia Street, 2850 Petrich, Bulgaria, by virtue of an Agreement of Joint Personal Data Administrators entered into between the two companies. In view of their identical content and the common database generated by them, the present Personal Data Confidentiality and Protection Policy pertains to each one of the websites, hereinafter collectively referred to as one website (“/the/ website“).
We understand that as a visitor to our website, you could have questions in relation to the information you provide to us, as well as regarding the manner in which we process such information. Because we respect your right to protect the confidentiality of your personal information, by virtue of the present Confidentiality Policy we would like to explain what information we collect on our Website and how we use it.
The Company, being a personal data administrator, collects and processes specific information about natural persons. The personal data consists of the entire information related to a natural person already identified or a subject to identification. The protection of the personal information throughout the entire procedure of personal data processing is of primary importance for the Company.
The present Personal Data Confidentiality and Protection Policy ("Policy") is part of the Rules and Procedures for Personal Data Protection of the Company and settles the manner of collecting, processing and storage of your personal data in order to comply with the statutory requirements. You can obtain access to the complete rules, policies, instructions and registers kept at the following address: 11, Trakia Street, 2850 Petrich, Bulgaria, and in case of any further questions, you can contact us on the following telephone number: 359 745 69600, or you can send us an e-mail to the following e-mail address: firstname.lastname@example.org; you can also send us a letter to the following address: 11, Trakia St., 2850 Petrich, Bulgaria.
I. Personal data processing
The Company processes your personal data collected in relation to: your registration on this website; sending offers in reply to inquiries previously sent by you, either electronically or on a hard copy; performing orders and deliveries of our products; sending brochures, catalogues, newsletters and performing other forms of direct marketing and statistical research in view of promoting the website.
The information collected through the internet page is processed by the Company solely for the purpose of rendering the services requested by you, orders placed by you and establishing contact with you as our customers. You are not obliged and we do not request you to register or provide personally identifiable (personal) information in order to be able to review our website or to have access to its contents.
Upon exercising its main activity, the Company processes the personal data of natural persons – customers, counterparties and subcontractors, as well as of its employees and workers in relation to the arising, development and termination of employment and ex officio legal relations, and of customers- natural persons as well.
The existing statutory rules for protection are applied by the Company to any personal information regardless of whether it refers to data processed electronically or on paper. In order for the processing of personal data to be in compliance with the statutory requirements, your personal data is collected and used on specifically formulated reason; it is securely stored and the Company undertakes the necessary organizational and technical measures to prevent any violation of the data security.
Your personal data is collected mainly electronically but the Company also processes data on a hard copy. The persons are informed of the provisions of this Policy in advance or at the moment of receipt of their data.
The Company does not collect personal data of children under 16 years of age without the explicit written consent of a parent.
II. Purposes of the processing
The Company processes the following personal data in correspondence to each of the following purposes:
1. For registration on the website through the contact form and for providing offers in reply to inquiries sent by you in advance: your name, telephone number and email. This data is collected only on the grounds of your consent, provided by the very act of sending an inquiry and is used for drawing up of a customized offer;
2. To perform orders and deliveries of our products: your name, telephone number, email, accurate address. Upon delivery to a person different from the person who placed the order, respectively - the name, telephone number and address of the person to whom the product should be delivered. This data is collected for the purpose of performing our contractual obligations and for the needs of accounting. The Company does not require nor store numbers or data of debit and/or credit cards. In cases where payments are needed, they are performed in the conventional manners guaranteeing the security of the individual transactions and the information contained therein.
3. For advertising our products by means of sending promotional offers, brochures, catalogues, newsletters and others to you: your name, mobile phone number and email. For those purposes, as well as for the purposes of direct marketing, the Company requires your explicit consent. Your consent to the processing of your personal data disclosed in the contact form on the internet page is documented by pressing a button or check box in the contact form, including by noting that you are acquainted with the rules for personal data protection and are informed of your rights, as well as that you are a person of mature age. In addition to that, the Company ensures suitable measures and means for protection of your rights pursuant to the Electronic Trade Act, so that you will not receive any not requested commercial messages to your email. The Company stores your consent for processing of the personal data in electronic form.
4. For the purposes of statistical research with a view to improving the image of the site and attracting advertisers, the Company processes data on your gender in such a way that all your other personal data is anonimized in view of such specific purpose and thus, upon carrying out of the statistical research, you cannot be identified in any manner.
5. For the purposes of the commercial activity of the Company, said company processes the personal data of the natural persons – customers, counterparties and subcontractors, as well as of its employees and workers in the manner specified above.
6. With the purpose of keeping the order in the buildings used by the Company for exercising its activity, as well as for its property preservation and in view of its legitimate interest, the Company exercises video surveillance by complying with all statutory requirements.
What refers to the opportunity you are given to publish on the internet page photographs related to your inquiries, the Company explicitly reminds you that you should undertake the necessary measures to avoid the presence of identifiable natural persons on said photographs, with a view to their personal data protection. In case such photographs are published by you through the website platform, the Company will undertake the relevant measures for deletion of the persons photographed or editing by means of cropping the photos where natural persons are present.
Whenever the personal data is processed on the ground of your consent, you can withdraw said consent in the same manner in which you granted it – by filling in the feedback form on this website with a request in free text that the processing of personal data be terminated for purposes specified by you (when your consent has been granted through the website) or by filling in a form for withdrawal of consent, which you can obtain from the administrative division of the Company (when the consent has been granted by a written declaration of consent).
The consent can also be withdrawn by a request in a free form sent to email@example.com
III. Hosting, Log files, „Cookies“, Web Analysis and Social Media
The hosting of each of the two internet pages takes place by using the services of SuperHosting.BG OOD, Company Identification Code 131449987, with adress: Iztok Residential area, 36 G. M. Dimitrov Blvd., Izgrev area, 1797 Sofia, Bulgaria. (https://en.superhosting.bg/). As a provider of such services said company has explicitly specified in its confidentiality policy published in the following internet page https://en.superhosting.bg/web-hosting-page-privacy-policy.php what information, obtained through the content of the internet pages hosted by it, it will process and share with third parties without requesting the personal data addressee’s consent. Sharing such information is necessary when its providing is required in order to meet rules of the law or of a court proceeding, to protect rights or property of the website or its visitors, to identify individuals violating the law or the rights of third parties and to cooperate in the investigation of alleged illegal actions. In view of the foregoing, whenever users of each of the two internet pages share personal data, it will be assumed that they have provided their consent for disclosing said data for the above-specified purposes.
Additional security by means of using an SSL certificate
SSL is an abbreviation from the English phrase: Secure Socket Layer and it constitutes additional protection of cryptographic nature, which ensures higher security of the connection between your customer browser and the web browser at which our website is located. Upon establishing internet connection, the data transmitted is in encrypted form, which makes it difficult to disclose its content /including – the shared personal data, information, which may lead to individualisation of the user, bank information, etc./
2. Log Files
With each use of the Internet, the browser used by you transfers specific information, which the Company stores in log files. That information is stored for a short period of time in order to identify the problems and for security concerns. The log files, which should be maintained with the purpose of evidence are not deleted until the relevant incident (attempted violation or violation of the data security) is completely solved and in certain individual cases the files can be handed over to the investigating authorities. Log files are also used for the purpose of analysis (with or without incomplete IP address).
The following information is specifically stored in the log files:
- IP address (address of the internet protocol) of the end device used for access to the website of the Company;
- name of the loaded files or information;
- date and time, as well as duration of the stay in the website;
- amount of transferred data;
- operating system and information about the internet browser used, including about the add-ons installed (such as Flash Player).
"Cookies" are small text files recorded on the computer you use when you visit a certain website. In case you have access to that website at another moment, the browser sends back the content of the "cookies" to the relevant offering party and in this manner it enables the second identification of the end device.
When visiting the internet pages of the Company, you are asked in a cookie layer pop up whether you wish to allow "cookies", which are activated for the website or you wish to deactivate them in the settings.
In the event that "cookies" are blocked one “opt out cookie” is recorded in the browser. That "cookie" serves only for the purposes of activating your objection. Deactivation of the "cookies" may forbid certain functions of the internet pages of the Company and deteriorate the operation of the website.
The Company uses the following cookies:
- Cookies storing specific settings of the website;
- Cookies storing data in order to provide fault-free reproduction of video or audio content.
Cookies are also used within specific sessions for the purposes of customised directing of advertisements of the commercial activity carried out by the Company.
4. Web Analysis
The Company collects statistical information about the use of the website in order to make the website more accessible for its users, as well as for the needs of market research. The user profiles created by these instruments with the assistance of analytical "cookies" or through an assessment of the log files contain the following data in view of statistical and advertising purposes of the Company – the number of visitors of the website, the country and settlement from which they access the website, age, gender and interests of the users, the type of device and the browser from which the website is accessed, sessions on the website and their duration.
Suppliers of the instruments processes the data only in their capacity as processors of personal data pursuant to the instructions of the Company and not for their own purposes.
The supplier of such an instruments is Google Analytics and Google AdWords.
Google Analytics and Google AdWords are offered by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA ("Google"). The Company uses Google Analytics with the additional function offered by Google for anonimization of the IP addresses.
You may object to collection and processing of your data by downloading and installing an add-on for browser from the following link: http://tools.google.com/dlpage/gaoptout?hl=en
The collected information of personal nature is not used for performing profiling of the users.
5. Add-ons for Social Networks
The Company also uses the so-called social add-ons from various social networks. When the add-ons are used, the internet browser you use establishes direct connection with the relevant social networks servers. Thus, the relevant provider receives information that your internet browser has accessed the relevant web page in the social networks even if you have no user profile with this provider or you have not currently accessed your profile. In this case the log files (including the IP address as well) are directly transmitted by the internet browser to a server of the relevant provider and are respectively stored there. The provider or its server may be located outside the EU or EEA.
The add-ons are independent extensions by providers of the social networks so that the Company cannot influence the scope of data collected and stored by them. In addition, by means of the Company page in Facebook, the following personal data of Facebook users is collected and processed– gender, age, and place of residence. The data is collected and processed by virtue of conditions agreed with Facebook, and said data is used by the Company only for the purposes of marketing and advertising, without being handed over to third parties. The purpose and scope of collecting, the duration of the processing and use of the data from the social network, as well as your rights can be found in the policy for personal data protection of the relevant social network.
6. External Links
The Internet pages of the Company may contain links to websites of third parties. If you click on such a link, the Company has no instruments to influence the processing of data sent by you to such third party, therefore the Company does not assume any liability for the processing of such personal data by third parties.
IV. Transfer of Data
The Company does not perform any transfer of personal data to countries outside the European Union.
Upon performing of its activity, the Company has to share your personal data with some of the following bodies:
- regulatory, state and judicial bodies which by virtue of a statutory instrument have powers to request the providing of information containing personal data, such bodies are courts, prosecution offices, different regulatory bodies such as the Consumer Protection Commission, Personal Data Protection Commission, bodies responsible for the national security and public order;
- service providers (accounting, legal, IT system maintenance, courier services, etc.) or to business partners with the assistance of which we render our services to you.
In all cases, the Company enters into agreements in writing with the traders it is working with by requiring from them to undertake the necessary measures in order to guarantee the protection of your personal information. The Company transfers to those counterparties only the information they need in order to provide the agreed services without permitting them to use your information for their own purposes.
V. Your Rights in Relation to Your Personal Data Processed by The Company
The Company provides you with information about the steps of your personal data processing in transparent, understandable and easily accessible form, in clear and simple language. The Company provides the information in writing or in another manner, including, by electronic devices.
The Company provides you with free information about the actions undertaken in connection to a request regarding the exercise of your rights within a period of one month from receipt of the request. If necessary, said period may be extended with two additional months by taking into account the complexity and number of the requests. Company shall inform you of each such extension within a period of one month from receipt of the request by specifying the reasons for the delay as well.
If the Company refuses to undertake actions at your request, it will also inform you, within a period of one month from receipt of the request, of the reasons for it not to undertake action and of the opportunity you have to file a complaint with the Personal Data Protection Commission.
When the requests filed with the Company are evidently unfounded or exorbitant, more specifically because of their repetition, the Company may levy a fee by taking into account the administrative costs for rendering the information or communication or the undertaking of the required actions.
Your rights are as follows:
1. Right to Information and Access:
You have the right to receive from the Company confirmation whether personal data related to you is processed and, if so, to obtain access to such data and the information related to it. The Company provides you with a copy of the personal data, which is processed.
2. Right to Correction and Deletion:
You are entitled to request from the Company correction of the inaccurate personal data pertaining to you, which correction is to be performed with no unreasonable delay. Bearing in mind the purposes of the processing, you are entitled to request supplementing incomplete personal data, including by submitting an additional declaration.
You are entitled to request deletion of the personal data related to you, except when the deletion of such data would lead to affecting other parties’ rights and interests, including those of the Company, or when there is a statutory obligation for its storage.
When the Company has provided your personal data to third parties in performance of its contractual obligation or in the event of presence of legitimate interest, and subsequently an obligation occurred for it to delete your personal data, said company will undertake the necessary measures to inform the third parties which have received the data that a request has been filed for deletion and they also have to delete all links, copies or replicas of said personal data.
4. Processing Limitation:
Your are entitled to request from the Company to limit the processing of your data, except if such limitation of the processing would lead to violation of other parties’ rights and interests, including those of the Company, or there is a statutory obligation for its storage
5. Objection against the Processing of Data:
Your are entitled to object against the processing of data at any time except when the processing is necessary for the performance of a task of public interest or the processing is for the purposes of the legitimate interest of the Company or a third party.
The objection against direct marketing is unconditional and is to be applied by the Company within a reasonable period.
Should the personal data be processed only on the grounds of your consent, you are entitled to withdraw that consent with immediate effect in the manner specified above. The legitimacy of the processing of data prior to withdrawal of the consent shall remain unchanged.
6. Data Transferability:
You are entitled to receive the data that is available at the Company in a structured and machine-readable format or – if technically practicable – to request the Company to transfer said data to a third party specified by you.
7. Right to Lodge a Complaint with the Personal Data Protection Commission:
You are entitled to lodge a complaint with the Personal Data Protection Commission at the following address: 2, Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria, telephone: 02/91-53-518, Email: firstname.lastname@example.org.
In order to exercise your rights pursuant to the Regulation, you can write to the electronic address specified above or send a letter by post to the correspondence address specified above.
Applications in relation to exercising your rights are generally filed in person or by a person explicitly authorised by you. An application may be also filed electronically, within the procedure of the Electronic Document and Electronic Signature Act. When there are normative administrative rules in relation to exercising your rights (in the Personal Data Protection Act and other acts), they should also be observed.
The Company will reply to you in the form in which you have filed your application – in writing on a hard copy or in electronic form. When you have filed an application by electronic means, the information will possibly be rendered to you in a widely used electronic form unless you have requested otherwise. In case the Company has well-grounded concerns in relation to the personal identity of the natural person filing the request, it can ask for additional information necessary for confirmation of the personal identity. If such information is not received and the identification of the applicant is impossible, the Company may refuse to undertake actions regarding a filed request to exercise any of the rights specified in this Policy.
The Company has developed an internal instruction determining how long your personal data should be stored. It is drawn up on the basis of the type of information collected and on the purposes the data is processed for. The Company stores your personal data as long as it is necessary for the purposes of data processing in relation to which the data has been collected and for each other admissible and related purpose or up to the expiry of the legally determined deadline. It is a legitimate interest of the Company to preserve certain personal information about you until the expiry of the limitation period for filing complaints (5 years) after expiry or termination of an agreement with you.
After the expiry of the period for its storage, the data is destroyed as soon as possible by destroying the hard copies by means of shredding and when on a data carrier – by means of obliteration and deletion of the relevant files from them.
VI. Additional Provision
The Company reserves the right to change the data security and protection measures if such change is necessary due to a technical development with the aim of better data protection. In such cases, the Company will alter the data protection policy respectively and will respectively update the current version of the data protection notification.
Document Version: V1_24052018