POLICY FOR PROTECTION OF PERSONAL DATA
Upon change in the Policy, the changes will be posted here.
Date of update: May 24, 2018
In order to provide services, sales and follow-up services and fulfillment of contractual obligations at the sites of Drehi BG Ltd. with address of management: 7 Khan Kubrat str., Varna 9000, UIC: 203687338 processes data of individuals according to the present Politics.
In the processing of personal data, Drehi BG adheres to all applicable laws on the protection of personal data, including but not limited to,
The Personal Data Protection Act (PDPA) and the General Regulation on the protection of personal data (REGULATION (EC) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 - GDPR).
Our exclusive priority is to protect your personal data and obtain your free, informed and unambiguous consent to the processing of your personal data by Drehi BG Ltd.
By visiting the sites of Drehi BG Ltd. you agree that you provide your personal information voluntarily that you have become acquainted with your rights under the LPDP and REGULATION (EC) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 - GDPR and you consent to your personal data being collected, processed, stored and transmitted to third parties for purposes that we have listed below.
"Personal data" means any information relating to an identifiable natural person or a natural person ('data subject' or 'user'); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more signs specific to the physical, physiological, genetic, mental and mental, economic, cultural or social identity of that individual;
"Administrator" means an authority which, alone or in conjunction with other authorities, defines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union law or the law of the Republic of Bulgaria, the administrator or the special criteria for its determination may be established in European Union law or in Bulgarian law. In the present case, the administrator is Drehi BG Ltd. a company duly registered and acting under the laws of the Republic of Bulgaria with UIC 203687338, with registered office and address: Varna 9000, 7A Han Kubrat Str .;
"Personal data processor" means a natural or legal person, a public authority, an agency or other entity that processes personal data on behalf of the controller;
"Processing" means any operation or set of operations performed with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission, dissemination or other form of data access, arrangement or combination, restriction, erasure or destruction;
"Supervisory Authority" means an independent public authority of a Member State of the European Union responsible for monitoring the application of the rules on the protection of personal data. For the Republic of Bulgaria, the Supervisory Authority is the Commission for the Protection of Personal Data.
3. Policy objectives
• complies with data protection legislation, namely the Personal Data Protection Act (PDPA) and the General Data Protection Regulation and other applicable legislation, and follows best practices;
• Protects consumers, customers and partners of Drehi BG Ltd.;
• ensure transparency about the ways in which the personal data of the entities are stored and processed;
• Provides protection against the risks of data breaches;
We can collect information about you in several ways:
Forms completed and sent by you
By sending them, you knowingly share personal information.
We will minimize the amount of data in the format according to the stated goals.
• When creating a profile of the websites of Drehi BG Ltd., you provide us with personal information, including your name, phone number, address and e-mail.
• When you buy items and goods from our online stores, you provide us with personal information, including your names, phone number, address and e-mail.
Data collected through observations
Sometimes we collect information about you by observing your behavior on our sites.
For this purpose, we use standard Internet approaches to track consumer behavior, e.g. network equipment, tracking your IP address, HTTP GET / POST protocols for recording and sharing of identifiers for you and your device.
Data received from third parties
Sometimes, after your explicit consent given through partner tools, we may receive third party data, e.g. data from your social networking account, such as Facebook.
These data may be merged with other personal data we already have.
By using various online analysis tools, we can get detailed but aggregated audience data for our sites. These are not personal data within the meaning of the Regulation.
More information about the Drehi BG Ltd policy regarding cookies can be found here.
It is possible to collect various personal data according to the purposes
Typically, we collect the following data:
o Your names;
o User name;
o Cell phone;
o E-mail address;
o Physical delivery address
o Data for correspondence with you
o Bank / billing information
Data collected through observations
For all visitors, we and the suppliers of the tools we use, we typically collect the following data for you:
o The IP address from which you are visiting;
o Your browser ID
o Your mobile device identifier;
o Identity not containing your personal identifier;
o History of your behavior - pages visited on the site of Drehi BG, time spent on them, purchased products and more;
o Behavior of site content / mobile application - navigation, used interface elements, time of stay;
o your searches;
o Behavior vs. your served ads - how much and how many ads are served; where they are served; Viewed ads realized clicks, missed ads, and more;
o Your comments.
For logged-in users, we also collect identifiers linking them to the user's specific account with the above data.
Data received from third parties
Depending on the data source, this includes:
o Basic account information, such as name, email address, date of birth;
o Details you choose to share according to the specific settings for social media accounts;
o Your contacts and how you connect with them.
Special categories (sensitive) data
The activities of Drehi BG and the functionality provided on the sites are not intended for the storage and processing of special categories of data within the meaning of Art. 9 and Art. 10 of the Regulation.
You undertake not to store or send in any form of information containing special categories of data and sensitive data such as:
- data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, membership of trade unions, or your genetic data, biometric data, your health status, your sexual or sexual orientation, or data related to with your convictions and violations.
- Identity documents as well as Personal Identification Number, Passport / ID Card number, etc. similar.
Drehi BG has no obligation and does not monitor the availability of the data listed here on the Site. The provision of such information is entirely at risk and the responsibility of the providing person.
Logos related to security, technical support, development, and more.
The Sites use logs for the following purposes:
• To ensure the reliable operation of the Services and to identify technical problems;
• To ensure the security of the Services and detect malicious actions;
• Development and improvement of the Services on the Site;
• To measure the visibility and usability of the Site;
• Logos in cases where this is required by law (as logos of electrons wishes).
Login log in. This log makes it possible to detect and automatically block unauthorized attempts to access accounts. It is maintained for up to 1 / a / year, including the date and time of the login, status, whether the entry is through a mobile version, an application or a desktop browser, an IP address.
Server logs, Web Application Firewalls, and more. devices falling under this category. These logs are required to detect technical problems, detect malicious actions, and more. of the above objectives. They are stored for up to 1 / a / year. Logs can contain the following information: date and time, IP address, URL, browser and device information. In addition, some devices are able to use cookie-based security technology.
Drehi BG may also process other data relating to you in cases where you voluntarily provide such data by filling in relevant electronic forms on the Site, adding preferences, settings, etc.
5. Purposes of processing information
The information we collect and process for you may be used for the following purposes:
Normal functioning of our sites
These data are strictly necessary for the normal operation of our sites and mobile applications. Through them, we can authenticate your identity by logging in to users, better displaying content, loading the site faster, protecting sites, and hacking.
Such data, for example, is your session data - information about logged-in, cached content, and more.
Here also the data related to your identification in connection with the registration for use of our service.
Conclusion and execution of a contract
These are the goals necessary for the steps to sign and execute the contract between you and Drehi BG, including the data processing required for registration, account creation, and ordering, delivery, claiming, etc. similar, as well as related services provided on the sites of Drehi BG.
To save and access information
This goal is ancillary to other goals - using different technical mechanisms, Drehi BG will be able to fulfill any of the other goals described.
Includes storage and access to information stored on your device, e.g. device identifiers, user IDs, ad IDs, cookies, and other technologies.
This goal is helpful - by using the technical mechanisms described there, we will be able to fulfill one of the other goals described.
For personalization and profiling
We collect and process information about the use of our services for the subsequent serving of personalized advertising and / or content in another context, e.g. other sites and mobile apps in time.
Typically, your content and site / mobile app behavior is used to create conclusions about your interests that govern the future selection of ads and / or content served.
The goals pursued by Drehi BG Ltd. are: to provide a better experience for the users of the sites, mobile applications and services of Drehi BG by displaying relevant advertisements.
We collect information about your use of the content and combine it with a previous one to measure, understand and report your use of our services.
This goal does not include personalization and profiling.
To inform you about games and promotions
To meet this goal, we collect your personal information to inform you about ours or third parties, our partners, initiatives, promotions, games, offers, and more.
For all of the purposes described above, we can use third-party tools.
For the processing of your personal data, including the provision of competent authorities in the cases provided for by the law and for the fulfillment of legal obligations of Drehi BG Ltd. as well as for purposes related to the fulfillment of the obligations of the parties to the contract
For Planning, Reporting, and Statistics purposes
For the purpose of planning, reporting and statistics, any operation for the collection and processing of personal data required for statistical surveys or for the production of statistical results, as well as for the preparation, implementation and verification of plans and their results.
For marketing purposes
To always send you up-to-date and useful information about our initiatives, we collect data such as an email address or other means of contacting you - Viber, Skype, Messenger, or another communications platform.
To carry out the activity
Drehi BG collects, uses and processes the information described above for the purposes of this Policy and the General Terms and Conditions, which may be:
• Goals needed for pre-sales service, queries, requests, like;
• Goals needed to implement sales, signing, confirmation, processing, delivery, etc. similar
• Goals required for after-sales obligations, claims, claims, warranties, etc. similar
• Goals for which you have given your explicit consent;
• Goals required to meet legal obligations.
These are goals related to the legal interests of Drehi BG and / or third parties. These goals include:
• Ensuring the normal functioning and use of your sites by other users, maintaining and administering the Services, resolving disputes, detecting and preventing malicious actions.
• Detecting and resolving technical problems or problems with the functionality, development and improvement of the Services.
• Communicating with you, including electronically.
• Accept and process received orders, signals, complaints, requests and other correspondence;
• Enforcing and protecting the rights and legitimate interests of Drehi BG, including by law, and assisting in the realization and protection of the rights and legitimate interests of other site users and / or affected third parties.
For these purposes, it may be necessary to process part or all of the above categories.
The objectives related to the observance of legal obligations of Drehi BG include the fulfillment of statutory obligations to preserve or provide information upon the receipt of an appropriate order by the competent state or judicial authorities while ensuring the possibility of exercising the control powers of the competent state bodies , in the fulfillment of the legal obligations of Drehi BG to notify you of different circumstances related to your rights, the Services provided or the protection of your data, etc. under. For these purposes, it may be necessary to process part or all of the above categories.
Your data may be processed based on your explicit consent, the processing in this case being specific and in the extent and scope provided in the respective consent.
6. Legal basis for using the information
The reason for the processing of Customer's Personal Data is, above all, the need to perform a contract to which it is a party or the need to take action prior to its conclusion (Article 6 (1) (b) of the CRPD). This applies above all to Personal Data provided on the form when registering an Account, submitting Orders and signing a Sale or Booking Agreement in the Online Store as well as subscribing to the Bulletin. Also, if Personal Data is provided to us in connection with a Customer's complaint, the legal basis for their processing is the need to execute / service the sales contract for the advertised goods.
In the case of data processing operations for the stated marketing purposes, except for those performed as part of the Bulletin functioning on the basis of the Regulation, the reason for such processing is the fulfillment of the objectives arising from the legitimate interests that the Administrator or his collaborators want to achieve (Article 6 (1) (f) of the CRPD), but in this case its collaborators are not involved in the processing of the data of the Client. On the other hand, the presentation, creation, delivery and performance of ads, offers or promotions (discounts) based solely on automated processing, including profiling tailored to the maximum extent of Customers' preferences, which can significantly affect your customized solutions, is based on the Customer's voluntary consent (Article 6 (1) (a) of the ARRD). However, this applies only to adult customers.
For (other) purposes, Customer's Personal Data may be processed on the basis of:
• Voluntary consent, eg. persons involved in competitions, persons using the contact forms (Article 6 (1) (a) of the CRPD)
• the applicable law when processing is necessary to fulfill a legal duty of the Administrator, when based on tax or accounting regulations, the Administrator executes sales contracts (Article 6 (1) (c) of the ARF);
• necessary for purposes other than those mentioned above as a result of the legitimate interests of the Administrator or a third party, in particular for the purpose of identifying, claiming or defending claims, market or statistical analysis (Article 6 (1) (f) ARPD).
7. STORAGE DATE
Here you can find information on the storage life of different types of data. In the storage of data, We apply the general principle of data storage in a minimum volume and for a period no longer than is necessary for carrying out the activity, ensuring their security and reliability and the requirements of the law.
Registration data (such as name, surname, email address, telephone, address) and information on making the registration and agreeing to the Terms (date, time, IP address)
For the entire period of maintenance of the account on the Site and up to 1 / one / year of termination of the registration
Your data is identified as a party to the Sales and / or Service Agreement. In order to resolve possible disputes that have arisen or have come to light after termination of the agreement and in connection with the LDRD (see below), these data are stored for a period of up to one year after termination of the account.
Notifications Subscriptions (email address, criteria)
For the period for which the subscription is active until its termination and / or cancellation of the account
The site allows you to subscribe and receive notifications at your email address. If you use the service without registration, you need to provide an email address to which you wish to receive the subscription. Subscription can be terminated at any time.
Logon account (contains date and time of login, status, whether signing in via mobile version, application or desktop browser, IP address)
For a period up to 1 / one / year from the last entry or until the account is closed
This log makes it possible to detect and automatically block unauthorized attempts to access accounts.
System logs (may contain information such as: date and time, IP address, URL, browser and device version information)
For a period up to 1 / one / year
Server logs, Web Application Firewalls, and more. devices falling under this category. These logs are required to identify technical problems and / or detect malicious actions.
Correspondence, complaints and signals, requests, incoming phone calls
Correspondence, complaints and alerts are kept for up to five (five) years.
In order to ensure the reliability of the service, incoming phone calls are stored for up to three (three) months
In order to resolve complaints, signals, disputes, inquiries, requests or other issues made in communicating to Us through electronic forms on the Site through calls to the Garmin telephone exchange by sending by regular mail or by e-mail, we store and process this information as well as the outcome of such processing. In view of the limitation periods under Bulgarian law, in order to resolve disputes, this information is kept for a period of up to five (five) years.
Up to 6 / six / months from the last use of the Services
For a description of the biscuits used, see "Cookies Policy"
In the event of a legal dispute or proceedings requiring retention of data and / or a request from a competent public authority, data may be retained for longer than the specified time limits until the final settlement of the dispute or proceeding in all cases. These deadlines may be changed if a different requirement to keep information under the current legislation is established.
8. Data Care
Customer's personal data is processed in accordance with Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (UE.L State Gazette No 119, point 1) (also referred to as the "ARRD") and other applicable rules, for the entire data processing period - the legal provisions on the protection of personal data. Personal data means information about a designated or identifiable individual (hereinafter referred to as "Personal Data"). An identifiable natural person is a person who can be determined, directly or indirectly, in particular on the basis of an identifier such as a person, identification number, location data, internet identifier or one or more specific factors defining the physical, physiological, psychological, economic, cultural or social identity of an individual.
The administrator shall take special measures to protect the interests of the data subjects and, in particular, ensure that the data collected by him:
• are processed in accordance with the law in a fair and transparent way for the data subjects;
• are processed for specific, explicit and legitimate purposes and subsequently not processed in a way that is inconsistent with these purposes;
- are appropriate, appropriate and limited to what is necessary for the purposes for which they are being handled;
• are accurate and up-to-date when necessary;
- are stored in a format that permits the identification of data subjects for a period which is not longer than is necessary for the purposes for which the data are being processed;
• - are processed in a way that provides appropriate security for Personal Data, including protection against unauthorized or unlawful processing and accidental loss, destruction or damage by appropriate technical or organizational measures.
As stated in the introduction, aware of the importance of personal data for Customers, the Administrator protects not only users who visit the Online Store or uses an Application but also the Customers who have provided their personal data to the Administrator using other communication channels,
b. apps that allow organizing ad campaigns, including competitions, to be run by the Facebook Webmaster Administrator.
9. Access to information
Your personal data may only be provided to third parties in the following cases: where this is provided for by law; if so requested by a competent state or judicial authority; when we have received your explicit consent for this; when this is necessary to protect the rights and legitimate interests of Drehi BG and / or other consumers.
We sometimes disclose your personal information to third parties - Partners of Drehi BG Ltd., including such third parties located outside the European Union, subject to the requirements of the Regulation, such as:
o Industry-recognized solution providers that have publicly declared compliance with GDPR and e-privacy policies, such as Google and Facebook. Agreements also include the insertion and use of unique identifier tags, including cookies, localStorage or other appropriate web technology;
o Third persons providing services to Drehi BG Ltd. as Forwarding and courier companies. Accountants and accounting firms; Auditors and Audit Firms; Lawyers - Lawyers, lawyers and lawyers; Notaries; Advertising and PR agencies; Companies operating in the system of data administration.
10. Your rights
Our priority is to inform you of your legal rights and to ensure that they are respected. You have the following rights to be respected when processing your personal information:
o Right at any time to withdraw your consent to the processing of your personal data;
o Ask for your data to be corrected or supplemented in case of an inaccuracy found by a written application addressed to us;
o Right to access your personal information;
o Right to restrict the processing of your personal data;
o Right to object to the processing of your personal data;
o The data portability right;
o Right to ask for the erasure of your personal data that is being processed unlawfully or by a faulty legal basis (withdrawn consent, accomplished original purpose for which they were collected, etc.);
o Right to ask the Privacy Controller to notify third parties to whom the data controller has provided your data with respect to correcting, deleting, or limiting the processing of personal data.
o You have a right to appeal to the Personal Data Protection Commission.
11. Use your data to contact you
We may use the information you provide to get in touch with you about various issues such as:
o to notify you of changes in the policies of Drehi BG Ltd and the current rules;
o to respond when you have contacted us or respond to a comment or complaint;
o to invite you to participate in our research regarding the services of Drehi BG Ltd;
o for marketing purposes;
o to send you relevant offers for products and services
o to let you know about games, contests, or promotions
We will never contact you to request the password from your account.
12. ACCURACY OF THE INFORMATION
Drehi BG Ltd. is not responsible for the accuracy of the data you provide, does not carry out checks in this sense and does not guarantee the real identity of the data subjects. In all cases of doubt on your part, of established fraud and / or misuse, please let us know immediately. You agree not to violate the rights of others in the provision of any information in connection with the protection of their personal data or other rights.
13. DATA PROTECTION OFFICER
Questions and requests relating to the exercise of the rights to the protection of your personal data may be addressed to the Data Protection Officer:
Address for correspondence: 7 Khan Kubrat Str., Varna 9000
Drehi BG Ltd reserves the right at any time to amend and / or supplement this Policy. Changes take effect as soon as they are published on the website unless otherwise provided in the updated version of the Policy. You should periodically visit this policy review page. The policy may be updated at any time without specific notice to users of the Site. Drehi BG Ltd. is not responsible if a website user does not know the latest current version of this Policy.