I. Basic principles in personal data processing
We process personal data in a lawful, well-meaning and transparent manner. The personal data is processed for concrete, explicitly stated and legitimate purposes and is NOT processed for any other reasons. The processed data is appropriate, associated with and limited to what is necessary according to our purposes (“reducing data to the minimum”);
The processed data can be kept up to date by taking all necessary means to guarantee timely deletion or correction of inaccurate personal data considering our purposes (“accuracy”);
The processed data is kept in a state that allows identifying the subject for a period no longer than the necessary (“limited storage”);
The processed data is kept in a state that guarantees a necessary level of security, including protection from unauthorized or illegal processing and from accidental loss, destruction or damage by taking suitable technical and organizational measures (“integrity and confidentiality”).
II. Personal data administrator
The personal data Administrator is „Shterev Consult“ EOOD, VAT number 121133816, with headquarters and registered office 1618 Sofia, ul. Belmeken, bl. 42. If you have questions concerning privacy or security and want to contact our employees, you can do it via this e-mail address: firstname.lastname@example.org.
III. What types of data do we process
We collect personal data so that we can improve our goods and services. Here are the types of information that we need:
1. Information you provide: we receive and keep all information you provide that has to do with „Shterev Consult“ EOOD’s services. For example: information concerning searches you conducted, your client profile, e-mail, phone number, address, inquiries, applications for access to personal information, etc.
We may also use device identifiers, cookies, and other technologies on devices, applications, and web pages to collect information about browsing, use, or other technical information for fraud prevention purposes.
3.Information from other sources:We may receive information about you from other sources, such as: delivery information of goods purchased through the site, information on the number of page views.
IV. On what basis do we collect and process your personal data
V. Objectives for personal data processing
We process your personal data in order to provide and improve the goods and services on the site. These objectives include:
- Purchase and delivery of products and services. We use your personal data to accept and handle orders, deliver products and services, make payments and communicate with you about orders, products, services and promotional offers.
- Provide, troubleshoot and improve the services of „Shterev Consult“ EOOD. We use your personal data to provide functionality, analyze performance, correct errors and improve website usability and efficiency.
- Recommendations and personalization. We use your personal information to recommend features, products and services that may be of interest to you, identify your preferences and customize your experience on the site.
- Fulfillment of statutory obligations. In some cases, we have a legal obligation to collect and process your personal information. For example, we process personal data in order to fulfill the obligations arising from accounting and tax law. Also, when a consumer purchases a product from „Shterev Consult“ EOOD under consumer protection law, „Shterev Consult“ EOOD is obliged to provide a guarantee for the product if, at the time of its delivery, it is defective, which manifests itself within two years after making it available to the user. In order to fulfill this obligation, „Shterev Consult“ EOOD should process the basic data of the consumer (by which the right to claim is established), as well as the data for the respective contract (by which it is established whether the commodity is under warranty).
- Communicating with you. We use your personal information to communicate with you regarding the goods and services we provide through various channels (e.g., by phone, email, chat). Fraud and Credit Risk Prevention. We process personal information to prevent and detect fraud and abuse and to protect the security of our customers.
- Objectives for which we seek your consent. We may also request your consent to process your personal data for the specific purpose that we communicate to you. When you agree to process your personal data for a specific purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose. However, if the processing is necessary for other lawful purpose, we can continue to process the data.
VI. Categories of individuals to whom we disclose the user’s personal data
Examples of personal data processors are:
- Courier service providers;
- Service providers for the deployment and / or maintenance of information systems that sometimes need to access personal data processed in the systems concerning providing the services;
- Law firms, accounting firms or other consultancy providers;
- Hosting Service Providers
„Shterev Consult“ EOOD may share personal information of its clients with banks and payment institutions. For the purpose of servicing the consumers’ payments, whether by bank transfer or through a payment institution, it is necessary to exchange data between „Shterev Consult“ EOOD and the respective bank or payment institution. Third parties that have to do with the transformation (e.g. merger or acquisition) or the transfer of an enterprise. In the case of conversion of „Shterev Consult“ EOOD, as well as in the case of transfer of assets in accordance with the applicable legislation, it is possible that the personal data of the users, administered by „Shterev Consult“ EOOD, may be provided to a third party successor. Authorities. The legislation of the Republic of Bulgaria requires „Shterev Consult“ EOOD to store certain personal data for the users for a fixed period. In the presence of statutory prerequisites, such personal data processed by „Shterev Consult“ EOOD should be made available to the competent authorities.
VII. What methods do we use to protect your personal data
We work diligently to protect the security of your information when transferring it, using a Secure Sockets Layer (SSL) certificate that encrypts the information you enter. In addition, we maintain physical, electronic, and procedural safeguards regarding the collection, storage and disclosure of your personal information. Our security procedures mean that we may sometimes ask for proof of identity before disclosing your personal information. Devices that store your personal data offer security features to help protect them against unauthorized access and data loss. It’s important to protect yourself against unauthorized access to your password and to your computers and devices. Be sure to sign out when you’re done using a shared computer.
VII. How long do we store your personal data
IX. General information on the rights of individuals
„Shterev Consult“ EOOD takes action at the request of an individual to exercise a right under this section only if able to identify the person concerned. Only individuals who can be identified by „Shterev Consult“ EOOD have the opportunity to exercise their rights under this section. If the purposes for which „Shterev Consult“ EOOD processes personal data do not require or no longer require the identification of an individual, „Shterev Consult“ EOOD has no obligation to maintain, obtain or process additional information in order to identify the person for the sole purpose of taking action at the request of that person. „Shterev Consult“ EOOD notifies individuals of the actions taken within one month of receiving a request under this section, in some cases this period may be extended by another two months. „Shterev Consult“ EOOD shall provide individuals with information on actions taken in connection with their claims for the exercise of rights under this section without undue delay and in any event within one month of receipt of the request. If necessary, this period may be extended by another two months, taking into account the complexity and number of requests. „Shterev Consult“ EOOD shall inform the person concerned of any such extension within one month of receipt of the request, indicating the reasons for the delay. In case of refusal to fulfill the request, „Shterev Consult“ EOOD informs the respective individuals about their rights. If „Shterev Consult“ EOOD does not take action at the request of an individual, „Shterev Consult“ EOOD shall notify them (without delay and within one month after receiving the request) for the reasons for not taking action, as well as for the possibility of filing Appeal to the Commission for Personal Data Protection and Legal Prosecution. In certain cases „Shterev Consult“ EOOD may request additional information to verify the identity of individuals. In the event that „Shterev Consult“ EOOD has reasonable concerns about the identity of the individual who requests this section, „Shterev Consult“ EOOD may request the provision of additional information necessary to confirm the identity of the individual.The actions taken by „Shterev Consult“ EOOD for and in connection with claims for the exercise of rights under this section are completely free of charge to the persons, unless their claims are manifestly unfounded or excessive. When the case is such (for example, because of its repetitive nature), „Shterev Consult“ EOOD has the right, at its sole discretion: (a) to refuse to comply with the request; or (b) request payment of a reasonable fee, determined on the basis of the administrative costs necessary to provide the requested information or to take the requested action.
X. Users have the right to access personal data concerning them
Consumers have the right to receive information from „Shterev Consult“ EOOD whether personal data related to them is being processed. If so, users have the right to access the relevant data.Correcting inaccurate or out of date personal dataIf the personal data processed by „Shterev Consult“ EOOD is inaccurate or out of date, users have the right to request that „Shterev Consult“ EOOD corrects them.
XI. Deletiton of personal information (“Right to be forgotten”)
Users have the right to request from „Shterev Consult“ EOOD to delete their personal data in the following cases:
- personal data is no longer needed for the purposes for which it was collected or processed;
- the consumer has withdrawn his consent on which the processing of personal data is based and there is no other legal basis for the processing of the personal data;
- the consumer has objected to the processing of personal data which is based on the legitimate interest of „Shterev Consult“ EOOD, unless there are other legitimate grounds for processing that take precedence over the interests, rights and freedoms of the user, or the processing of data is necessary for the establishment, exercise or defense of legal claims;
- the consumer has objected to the processing of personal data for the purposes of direct marketing and there are no other legitimate grounds for processing that data;
- personal data relating to the respective user wasprocessed illegally;
personal data must be deleted by „Shterev Consult“ EOOD in order to comply with a legal obligation arising from the law of the Republic of Bulgaria or the law of the European Union.
XII. Restrict the processing of my personal data
As of May 25, 2018, users have the right to request from „Shterev Consult“ EOOD to restrict the processing of related personal data in the following cases:
- the accuracy of personal data is challenged by the user for a period that allows „Shterev Consult“ EOOD to verify the accuracy of the personal data;
- the processing is unlawful, but the user does not want the personal data to be erased, but calls for restricting its use instead;
- „Shterev Consult“ EOOD no longer needs personal data for the purposes of processing, but the user requires it for the establishment, exercise or defense of legal claims;
the consumer has objected to the processing of personal data based on the legitimate interest of „Shterev Consult“ EOOD, pending verification that the legitimate grounds of „Shterev Consult“ EOOD have priority over the interests of „Shterev Consult“ EOOD.
XIII. Portability of my personal data
As of May 25, 2018, users have the right to receive from „Shterev Consult“ EOOD the personal data provided by them in a structured, widely used and machine-readable format, as well as to transfer this data to another administrator without hindrance from „Shterev Consult“ EOOD insofar as:
- „Shterev Consult“ EOOD processes this data for the purpose of concluding or executing a contract with the consumer, or on the basis of the consent of the latter; and
- the processing of the relevant data is done in an automated manner.
Users have the right to request „Shterev Consult“ EOOD to transfer their personal data directly to another administrator, when technically feasible.
XIV. Objection to the processing of personal data
Consumers have the right, at any time and on grounds relating to their particular situation, to object to the processing of personal data concerning them when „Shterev Consult“ EOOD processes their data to protect their legitimate interests. In certain cases, this right is unconditional and „Shterev Consult“ EOOD will always suspend the processing of data in case of objection from the users. These are the cases in which „Shterev Consult“ EOOD processes personal data for direct marketing purposes.
In all other cases, depending on the nature of the objection and the circumstances put forward by the relevant consumer, „Shterev Consult“ EOOD will carry out an internal review of the objection and rule on it in accordance with this section, by: (a) informing the consumer that it will suspend the processing of his / her personal data; or (b) reasonably refuses to suspend the processing of his / her personal data, if there are legal grounds for doing so.
You can exercise your right of access to your personal data, correct, delete, restrict their processing and portability here.
XV. Right to complain to a supervisory authority
Consumers have the right to file complaints or alerts to the Commission for Personal Data Protection (CPDP) in the event that they believe „Shterev Consult“ EOOD violates personal data protection legislation. Complaint instructions are published on the CPDP website https://www.cpdp.bg
After 25.05.2018, consumers may also file complaints with other supervisory authorities within the territory of the European Union as provided for in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), or hereinafter referred to as “GDPR”.
What is a cookie
Cookies are often indispensable for websites that have huge databases, need logins, have customizable themes, other advanced features.
Cookies usually don’t contain much information except for the url of the website that created the cookie, the duration of the cookie’s abilities and effects, and a random number. Due to the little amount of information a cookie contains, it usually cannot be used to reveal your identity or personally identifying information.However, marketing is becoming increasingly sophisticated and cookies in some cases can be agressively used to create a profile of your surfing habits.
What are the types of cookies and what are they used for
1. Session cookies
They are used for example on e-commerce websites so you can continue browsing without losing what you put in your cart. Session cookies also help to improve site load time. They expire when you close your browser.
2. Permanent cookies
They persist even when the browser is closed. They have an expiration date though and by law, you can’t make them last more than 6 months. They’re used to remember your passwords and login info so you don’t have to re-enter them every time. Furthermore, it can be used for personalization and to store the preferences of visitors, such as selected language or currency.
3. Third-party cookies
Cookies attributes usually corresponds to the website domain they are on. Not for third-party cookies, they are installed by third-party websites, such as advertisers. They gather data about your browsing habits, and allow them to track you across multiple websites and they can track you through different websites. Through them it is possible to determine which pages you visit, in what order and how long you stay in them. Most often used to analyze the visits and the interests of consumers on a particular topic.
We use services from the following partners:
What can not cookies do
Cookies are plain text files. They are not compiled so they cannot execute functions or make copies of themselves. They cannot browse through or scan your computer or otherwise snoop on you or dig for private information on your hard disk.
What can I do to manage cookies stored on my computer
Cookies can be disabled or removed by tools that are available in most commercial browsers. The preferences for each browser you use will need to be set separately and different browsers offer different functionality and options. For more information on how you can block, delete, or disable cookies, please review your browser or device settings.
If you are most concerned about third-party ad cookies generated by advertisers, you can exclude them from here: Your Online Choices site.
Please remember that if you choose to block or disable cookies, some sections of our site may not work properly.
Last update: 21.01.2020