What do these Privacy Rules regulate and on what legal grounds the General Data Protection Regulation (GDPR) became effective and applicable in Bulgaria since May 25, 2018? GDPR was adopted by the European Union and its purpose is to unify the policies of EU Member States related to the collection and use of personal data. Another of its goals is to guarantee our right to privacy, protect our personal data, ensure better security against misuse of the personal information of each of us. This new EU regulation comes with a number of requirements that Borovitza EOOD has implemented and applied and which you can familiarize yourself with here. Such requirements for example are as follows:
To inform you about what data we use.
To notify you why we use such data.
To ask for your consent to use your personal data when we use it to provide additional services such as targeted advertising, for example.
To give you the opportunity to change your consent for various purposes via this website, so that you have more freedom.
To guarantee you the right to request correction of your data, its deletion, as well as to "be forgotten". Added to that, we may let you download your data or transfer it to you, if you notify us accordingly and identify yourself appropriately.
To identify any third parties/other companies with whom we share your data. Note that the Internet is a global network, we often use standardized services to detect login and track behavior in an anonymized version, for example Google Analytics.
What data do we collect from our registered users? Borovitza EOOD collects from the users of their portfolio websites specific data from the registrations made by such users in order to analyze the behavior of its users, as well as to provide them with more relevant content and advertisements, namely the following categories of personal data:
From www.borovitza.com - email address for receiving an invoice and warranty card, IP address, as well as a telephone number, address for receiving the shipment, as well as other personal data that are not mandatory for the user to provide during registration, email address to receive email marketing;
Data collected for all visitors of our websites: From all websites in our portfolio, we collect data on all visitors - registered users and non-registered visitors, namely the following categories of data:
User identifier with a high degree of uniqueness;
Device ID for mobile applications with a high degree of uniqueness;
Browser identifier with a high degree of uniqueness;
History of the pages visited, including secondary processing, for the purpose of establishing your preferences for certain types of content;
History of your searches on our pages;
Some types of behavior – e.g. a list of viewed ads according to their category and your interaction with them - availability of the ad in the visible section of your browser; the number clicks made and etc.
Tracking sections of the sites you visit;
How much time you spend on a certain website;
How long you watch a video;
The advertisements you have seen and/or interacted with;
When you visit our websites and the sites of our partners serving our java scripts, etc.
To whom we share and disclose your personal data.
Sometimes we save some of the information on our servers or send it to third parties. This is necessary so that we can provide you with the best experience when using our services, and sometimes - in general, so that we can ensure the availability and accessibility of the service you use.
Borovitza EOOD does not grant the right to use, does not sell, disclose or share information about you (personal data within the meaning of the GDPR) with other persons or with unrelated companies, except when this is necessary to provide you with services requested by you and when you have provided your permission, or in any of the following scenarios:
The information is provided to trusted partners who work on behalf of Borovitza EOOD based on contractual relationships and governed by confidentiality agreements. However, these companies do not have the right to independently share this information. These companies are, but not limited to the following:
The information is in compliance with the legal instructions of court orders following legitimate requests from authorized bodies (under the Electronic Communications Act, the Criminal Procedure Code, the Penal Code, etc.).
If you do not want us to send the information to some of our partners, you may withdraw your consent here.
Protection of information
When we store the information with us, it is physically saved on our own servers, located in data storage centers within the territory of the Republic of Bulgaria.
When selecting our server colocation partners, we do a detailed verification of their certification, which requires from them to comply, for example, with the following industry standards:
ISO/IEC 27001:2013 Information security certificate PCI DSS 3.2 compliance (chapter 9 and 12) ISO 9001:2008 ISO 27001:2013 BS OHSAS 18001:2007
Compliance with the above specified standards ensures maximum data security for our users.
We restrict access to information about you by employees acting under the management of Borovitza EOOD, except in cases where there are reasonable grounds for their handling of this information in order to provide you with services or in connection with the work duties performed by such employees.
We have physical, electronic and procedural safeguards in place that comply with our legal obligations to protect the information about you.
Some of our partners may transfer data outside the EEA when there is a decision on the adequate level of protection, for example - in the case of the EU-U.S. Privacy Shield. For more information, you can read the privacy policies of our partners.
How long do we keep the information?
The data storage continues as long as we have reasonable grounds to store such data. For example, when our user has given his/her consent to collect and process information about him/her.
We apply the following terms for storing the different types of personal data according to their purpose, namely:
For the purpose of measuring the user behavior on the websites from our portfolio – according to the validity period of recording of the respective cookie;
For the purposes of behavioral targeting – no more than 1 (one) year.
The Electronic Communications Act applies to traffic data and the data is stored for 6 months. These data may be transmitted to the specialized bodies and institutions but only in observance of the legal provisions and where due grounds to do so exhist.
Rights of data subjects under the GDPR.
Right of access to your personal data: you have the right to receive confirmation from us as to whether personal data about you is being processed and, if so, you have the right to access the personal data and information.
Right to correct personal data: if you find that the personal data we process about you is inaccurate, you have the right to make us correct such personal data.
Right to erase personal data (the right to be forgotten): in certain circumstances, such as if your personal data has been processed unlawfully or if you have withdrawn your consent (if the processing of personal data is based on consent), you have the right to request and have your personal data deleted by us.
Right to restrict processing: in certain circumstances, such as if you question the accuracy of your personal data or you have objected to our legitimate purpose for processing your personal data, you have the right to request that we restrict the processing of your personal data until a solution for this issue is found.
Right to challengge the processing: in certain circumstances, such as if you question our legitimate interest in processing your personal data, you have the right to object, on grounds related to your particular situation, to such processing.
Right to data portability: if your personal data is processed by automatic means with your consent or for the purpose of fulfilling our contractual relationship, you have the right to request that we provide you with your personal data in a machine-readable format for transfer to another data controller.
Right to bring a complaint with a supervisory authority: you have the right to lodge a complaint from the processing of your personal data by us with the relevant supervisory authority.
Administrator: Borovitza EOOD, 3 Lyuben Karavelov St., entrance А,
Belogradchik, Bulgaria telephone: +359 89 862 9872
Data Protection Officer: Anna Yotova; email: [email protected]