Personal Data Protection Policy

Home / Personal Data Protection Policy

I. INTRODUCTION

Article 1. The purpose of the current Data Protection Policy is to assure compliance of https://esd-shop.com, hereafter referred to as “the Website” with the European and Bulgarian personal data protection legislative requirements. The relevant legislature is Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

 

II. PERSONAL DATA CONTROLLER

Article 2. (1) According to the Directive, the controller of personal data, collected on the Website is Brain for Business OOD, registered in the Commercial Register of the Bulgarian Registry Agency with the unique identifier 175224166, with registered offices in Bulgaria, Sofia 1528, Iskar district, 14 Munich street (hereafter referred to as the Controller).

(2) The company has the following postage address: Bulgaria, Sofia 1528, Iskar district, 14 Munich street, telephone +359 899 082 023, email: info@esd-shop.com.

 

III. CATEGORIES OF PERSONAL DATA, PROCESSED BY THE CONTROLLER

Article 3. (1) The Controller processes the following categories of personal data:

(a) The personal data, provided by the users of the Website when making an inquiry about the products, offered on the Website (https://esd-shop.com/quote-request-list/)  are: name, email, telephone number, company name and the IP address the enquiry was made from.
(b) Personal data, provided by the users of the Website when using the contact form (https://esd-shop.com/contacts/) are: name, email address, telephone and company name.

(2) The Controller processes the data of natural persons below 18 years of age.

 

IV. “COOKIES” AND SOCIAL MEDIA

Article 4. The Website uses cookies. You can acquaint yourself with our cookie policy here.

 

V. DATA PROCESSING PURPOSE AND LEGAL GROUNDS

Article 5. (1) The Controller processes the personal data collected on the Website for the following purposes:

(a) Data, collected under Article 3, Subparagraph 1, (a) and (b) above – for the administration and response to client enquiries /complaints/. The legal grounds for the processing of this data is outlined in Article 6(1), (a) of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, namely, when filling out the contact form, the data subject gives their consent for the processing of the data they provide.

(2) Your data is not subject to automated decision-making by the Controller for any of the outlined purposes.

 

VI. CATEGORIES OF THIRD PARTIES, WHICH RECEIVE ACCESS TO YOUR PERSONAL DATA

Article 6. (1) The persons, who receive access to your personal data are:

(a) Transportation/courier companies and postal operators in order to fulfil our contractual obligations;
(b) Persons, contracted by the Controller, to maintain the Website, as well as the equipment and software, used by the Controller for purposes, including the processing of your personal data;
(c) Persons, providing consultation services to the Controller in different fields – lawyers, accountants;
(d) Bodies, institutions and persons, to whom we are required to provide information by law.

(2) If we pass data onto third parties, we guarantee, through contractual agreements, that these service providers process personal data in accordance with the European legislation for personal data protection, in order to guarantee a high level of protection.

 

VII. DEADLINE FOR STORING OF PERSONAL DATA

Article 7. Your personal data will be stored for the period, necessary to exchange correspondence for the purposes, outlined in Article 5, Subparagraph 1, (a) above and/ or until the final termination of the relationship between the parties, unless we are obliged by law to keep your data for provision to public bodies, such as tax authorities. The saving and transfer of your personal data to public bodies in order to comply with the law is based on Article 6 (1), (c) of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data. 

 

VIII. YOUR RIGHTS IN CONNECTION WITH THE PROCESSING OF YOUR PERSONAL DATA. OBLIGATORY AND VOLUNTARY PROVISION OF YOUR PERSONAL DATA

Article 8. You have the following rights with regard to the processing of your personal data. You may exercise these rights at any moment, while we are storing and processing your personal data:

  • Receive a confirmation of whether or not personal data, connected to you is being processed and, if this is the case, to receive access to and information about your personal data, as well as a copy of it;
  • To request that the Controller amend incorrect personal data, connected to you or that they supplement your incomplete personal data;
  • That your personal data be deleted with no delay if there are legal grounds for its removal;
  • To request that the Controller limit the processing of your personal data;
  • To receive the personal data that you provided to the Controller in a structured, widely-used and machine-readable format;
  • The right to transfer the data, received by the Controller to another Controller without hindrance from the Controller;
  • The right to withdraw your given consent at any time, in order to prevent the processing of data, on the basis of your previous agreement thereto. The withdrawal will not impact the lawfulness of the processing, conducted based on your consent, before it was withdrawn;
  • To object to the processing of your personal data, in order to prevent it;
  • To file a complaint with the supervisory body, the competent organ in this case being the Commission for Personal Data Protection if you believe that the processing of data constitutes a violation of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data or other relevant data protection legislature.

Article 9. The provision of the following personal data is necessary, in order for us to process and reply to your enquiries or complaints: name, email. Not providing such data hinders our ability to reply to your enquiries. Other data, collected in the contact form is given by you voluntarily. You do not have to provide this personal data and it is not a legal requirement for you to do so, in order to make an enquiry. If you do not provide this personal data, this will not lead to unfavourable consequences for you.

 

IX. HOW WE PROTECT YOUR DATA

Article 10. The Controller uses organizational, IT and technical measures in order to guarantee the security and protection of your personal data and ensure the monitoring of the processing of personal data. Among other things, such security measures include the following:

  • The administrator has established the requirements for processing and storage of personal data with internal protocols, the compliance with which is monitored continually;
  • The Controller’s employees’ access to personal data and the permission to process personal data in the Controller’s database is limited, according to their responsibilities;
  • The Controller has put in place confidentiality obligations for their employees;
  • The access to the Controller’s office equipment and the computers of each employee is limited;
  • The Controller takes all necessary organizational and technical measures, outlined in European and Bulgarian legislature, and uses the best international practices and standards;
  • In order to maximise security during processing, transportation and storage of your data we may use additional protection mechanisms, such as encryption, pseudonymisation, etc.;
  • The security measures we apply are being continuously improved and adapted to the most modern technologies.

 

X. CHANGES TO THE PERSONAL DATA PROTECTION POLICY

Article 11. It is possible that we may update our Personal Data Protection Policy. If changes to the current policy are made, a message, as well as the updated Policy will be published on the Website. All amendments and additions to the Personal Data Protection Policy will only be put into practice after the publication of the actualised Policy, accessible through our Website.

 

Last update: 28.09.2021