Privacy Policy
INFORMATION ON THE POLICY ON PROTECTION OF PERSONAL DATA PROCESSED IN OUR COMPANY, in connection with Art. 13 and Art. 14 of EU Regulation 2016/679
1. Personal data administrator
NATIVE DISTRIBUTION LTD. with address: Sofia, 1528, 18 "Nedelcho Bonchev" Str., e-mail: office@native-bg.com , tel./fax: +359 879 505 102, ("Personal Data Controller") processes personal data of individuals ("data subjects") in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) (GDPR) and the Personal Data Protection Act.
According to the General Regulation, personal data is any information relating to a natural person and from which that person can be identified, directly or indirectly. Processing of personal data is any operation or set of operations which is performed on personal data, whether or not by automated means.
2. Individuals whose personal data are processed by the company
In connection with the personal data provided by the COMPANY, it processes personal data regarding the following data subjects:
- creating a profile and providing full functionality when using the online store;
- placing orders and purchasing goods;
- individualization of a party to the contract;
- accounting purposes;
- statistical purposes;
- information security protection;
- ensuring the implementation of the contract for the provision of the relevant service;
- participation in games, raffles, advertising campaigns with your explicit consent;
- participation in loyalty programs organized by the Company, with your explicit consent;
- sending a newsletter with your explicit consent;
- familiarization with promotional terms and conditions and sending any other type of commercial communications, with your explicit consent.
3. Purposes of processing
The company processes the personal data of its clients, including their employees, for the following purposes:
(1) Provision of technical and digital services in performance of a contract;
(2) Protection of legitimate interests of the company, including:
- Ensuring the normal functioning, maintenance and security of the company's systems;
- Communication with customers, including electronically;
- Implementation and protection of the rights and legitimate interests of the company, including through legal proceedings.
(3) Fulfillment of the company's legal obligations and execution of orders of competent state or judicial authorities.
4. Legal grounds for processing
The Company processes personal data only if one of the alternative legal bases under the General Regulation is available, in particular:
(1) Performance of a contract, including pre-contractual relations prior to its conclusion;
(2) Legal obligations applicable to the company;
(3) The legitimate interests of the company, insofar as they override the interests or fundamental rights and freedoms of the data subjects;
(4) Freely expressed, specific, informed and unambiguous consent of the data subject. Consent already given may be withdrawn by the person at any time in the same manner as it was given.
5. Possible consequences if personal data is not provided
In case the client does not provide the required information, including the necessary personal data, the company will not be able to conclude a contract with him, respectively, it will not be able to provide the requested service.
6. To whom is personal data transferred or disclosed?
The personal data of the company's clients are provided to:
- Commercial companies providing accounting services and information maintenance of the company's IT systems, in the capacity of personal data processors;
- Other competent public authorities in fulfillment of an obligation provided for by law.
7. Period of storage of personal data
The personal data of the company's counterparties are stored for a period of 5 years from the conclusion of the relevant contract in accordance with the general statute of limitations under the Obligations and Contracts Act.
Personal data contained in accounting documents shall be stored within the terms set out in Article 12 of the Accountancy Act.
8. Security of personal data
The company implements all appropriate technical and organizational measures to ensure the security of personal data, including an explicit obligation by employees to confidentiality.
9. Rights as data subjects
Every individual whose data is processed by the company has the following rights:
- the right to access his/her personal data, including to receive a copy of them;
- the right to correct or supplement inaccurate or incomplete personal data;
- right to delete personal data that is processed without legal basis;
- right to restrict processing - in the event of a legal dispute between the company and the individual until its resolution or for the establishment, exercise or defense of legal claims;
- right to object - at any time and on grounds relating to the specific situation of the person, provided that there are no compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or legal proceedings.
In accordance with the Personal Data Protection Act, the above rights may be exercised by submitting a written application on site at the FIRMA office. An application may also be submitted electronically in accordance with the Electronic Document and Electronic Signature Act. The application shall be submitted personally by the data subject or by a person expressly authorized by him/her.
10. Protection of the rights of data subjects
In accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 (General Data Protection Regulation), any individual who believes that their right to the protection of their personal data has been violated may file a complaint with the Personal Data Protection Commission at the address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., website: https://www.cpdp.bg/ .