Regulation (EU) 2016/679 (General Data Protection Regulation) aims to protect the “rights and freedoms” of individuals and to ensure that personal data are not processed without the knowledge of the subjects and, where applicable, that is processed with their consent.
Scope outlined by the General Data Protection Regulation
Subject matter (Article 2) – this Regulation applies to the processing of personal data in whole or in part by automatic means, as well as to the processing of other personal data (eg manually and on paper) that are part of a personal data register or which are intended to form part of a register of personal data.
Territorial scope (Article 3) – the rules of the General Regulation apply to all data controllers established in the EU who process personal data of individuals in the context of their activities. It will also apply to non-EU controllers who process personal data for the purpose of offering goods and services or if they monitor the behavior of data subjects residing in the EU.Concepts
“Personal data” – any information relating to an identified or identifiable natural person (“data subject”); a person who can be identified is a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more features specific to the natural person, the physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual;
“Special categories of personal data” means personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, or trade union membership and the processing of genetic data, biometric data for the unique identification of an individual, health data or data on the sexual life of an individual or sexual orientation.
“Processing” means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collection, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission , disseminating or otherwise making the data accessible, arranging or combining, restricting, deleting or destroying it;”Administrator” – any natural or legal person, public authority, agency or other entity that alone or jointly with others determines the purposes and means for the processing of personal data; where the purposes and means of such processing are determined by EU law or the law of a Member State, the controller or the specific criteria for determining it may be laid down in Union law or in the law of a Member State;
“Data subject” – any living natural person who is the subject of personal data stored by the Administrator.
“Consent of the data subject” – any freely expressed, specific, informed and unambiguous indication of the will of the data subject, by means of a statement or clearly confirming action expressing his consent to the processing of personal data relating to him;
“Child” – The General Regulation defines a child as anyone under the age of 16.
“Profiling” means any form of automated processing of personal data, in the form of the use of personal data for the assessment of certain personal aspects relating to an individual, and in particular for the analysis or forecasting of aspects relating to the performance of professional duties. of that individual, his economic condition, health, personal preferences, interests, reliability, behavior, location or movement;
“Violation of the security of personal data” – a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed;”Main place of establishment” – the seat of the controller in the EU will be the place where he takes the main decisions on the purpose and means of his data processing activities. With regard to the processor, its main place of establishment in the EU is its administrative center.
“Recipient” – a natural or legal person, public authority, agency or other entity to which personal data are disclosed, whether a third party or not. At the same time, public authorities which may receive personal data in the context of a specific investigation in accordance with Union law or the law of a Member State shall not be considered as “recipients”; the processing of such data by those public authorities complies with the applicable data protection rules in accordance with the purposes of the processing;
“Third party” means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and persons who, under the direct supervision of the controller or the processor, have the right to process personal data. ;
- In accordance with the General Regulation, other relevant documents as well as related processes and procedures are described in this policy.
3.Regulation (EU) 2016/679 and this policy apply to all personal data processing functions, including those performed on personal data of customers, employees, suppliers and partners and any other personal data that the organization processes from various sources.
- This policy applies to all employees, contractors and partners of DAFE BUSINESS Ltd.
Any violation of the General Regulation by our employees will be considered as a serious violation of labor discipline, and in case there is a suspicion of a crime, the issue will be submitted for consideration as soon as possible to the relevant state authorities.
Partners and third parties who work with or for DAFE BUSINESS Ltd., as well as who have or may have access to personal data, will be expected to know, understand and comply with this policy. No third party may access personal data stored by DAFE BUSINESS Ltd. without first concluding a data confidentiality agreement, which imposes on the third party obligations no less burdensome than those that DAFE BUSINESS Ltd. has undertaken, which gives him the right to carry out inspections of compliance with the obligations imposed by the agreement.
Obligations and roles under Regulation (EU) 2016/679
- DAFE BUSINESS Ltd. is a data administrator and data processor in accordance with Regulation (EU) 2016/679. The registered office and the address of management of DAFE BUSINESS OOD is Bulgaria, Obnova village, 11 Strandzha Str. The company is registered in the Commercial Register of Bulgaria with SINGLE IDENTIFICATION CODE №206365851.
- The management of DAFE BUSINESS Ltd. is responsible for developing and promoting good practices in the field of information processing in the company.
- Compliance with data protection legislation is the responsibility of all employees of DAFE BUSINESS Ltd. who process personal data.
- The policy for training of the staff in “DAFE BUSINESS” Ltd. determines the specific requirements for training and information in connection with the specific roles of the employees / workers of “DAFE BUSINESS” Ltd. I Data protection principles
All processing of personal data shall be carried out in accordance with the data protection principles set out in Article 5 of Regulation (EU) 2016/679. The policies and procedures of DAFE BUSINESS Ltd. aim to ensure compliance with these principles.
- Personal data shall be processed lawfully, in good faith and transparently
Legitimate – to identify a legal basis before it can process personal data. They are often referred to as “grounds for processing”, for example “consent”, “request”, “contract”.
In good faith – in order for the processing to be in good faith, the data controller must provide certain information to the data subjects as far as practicable. This applies regardless of whether the personal data are obtained directly from the data subjects or from other sources.
Transparent – The General Regulation includes rules on the provision of confidential information to data subjects in Articles 12, 13 and 14 of the DPA. They are detailed and specific, emphasizing that privacy notices are understandable and accessible. The information must be communicated to the data subject in an intelligible form, using clear and comprehensible language.
- Personal data are collected only for specific, explicitly stated and lawful purposes
The data obtained for specific purposes are not used for a purpose that differs from those for which DAFE BUSINESS Ltd. has the explicit consent of the subject or legal grounds.
- The personal data that DAFE BUSINESS Ltd. collects are adequate, relevant, limited to what is necessary for their processing for the respective purpose. (principle of minimum necessary)
All forms for data collection (electronic or paper), including the requirements for data collection in information systems comply with the principles of ORZD and are approved by the management of DAFE BUSINESS Ltd.
li4. Personal data is accurate and can be updated, and the deletion of data after the expiration of the prescribed period or in case of refusal to provide them is automated (within the possible technical solutions).
The data we store can be reviewed and updated as needed. We do not store data in cases where it is likely to be inaccurate.
II. DATA WE MAY COLLECT FROM YOU
We may collect and process the following data:
a) Personal information that you provide by completing forms on the Website. This includes information provided during registration to use the Website or to place an order through the Website. We may also ask you for personal information when you report a problem with the Website.
b) If you contact us, we may keep a copy of this correspondence.
c) If you call us, we can record the call for training purposes.
d) We may also ask you to complete surveys that we use to conduct surveys, although you do not need to answer them.
e) Details of the transactions you make through the Website and the execution of your orders.
f) Details of your visits to the Website, including, but not limited to, traffic data, location data, web logs and other communication data. For the purpose of analyzing your visits to our Website, we also collect cookies (files stored locally on your device). By activating cookies in your browser, you have agreed to our collection of cookies for this purpose. We use the following types of cookies: basic cookies, which are essential for providing access to our Website; functional cookies, which are crucial for the proper functioning of our Website (if these cookies are disabled, our Website may not work properly); “Performance cookies” that do not identify you individually (until you enter your credentials in any of our forms), but help us customize our content according to your actions on our Website; and targeting / advertising cookies, which help make advertising more relevant to visitors to our Website.
III. PURPOSE OF DATA PROCESSING
We use your data for the following reasons:
a) To register and give you access to your account to pay for the Goods you have ordered and to deliver the Goods you have ordered.
b) To ensure that the content of the Website is presented in the most effective way to you and your computer.
c) To provide you with information about a Product that you have requested from us or that we believe may be of interest to you when you have agreed to contact us for such purposes.
d) To fulfill our obligations under contracts concluded between you and us, including delivery of the Goods from a third party and processing of payments by a third party.
e) To allow you to participate in interactive features of our Website when you choose to do so.
f) To notify you of changes to the Website.
DAFE BUSINESS Ltd. uses appropriate procedures and policies to maintain the accuracy and timeliness of personal data, taking into account the volume of data collected, the speed at which it can change, other relevant factors.
The completion of a form by the data subject intended for the controller shall include a statement that the data contained therein are accurate as of the date of submission.
All data for which the storage period has expired will be reliably destroyed in accordance with our procedures and rules.
- Personal data shall be stored in such a form that the data subject can only be identified for as long as is necessary for the processing.
When personal data are retained after the date of processing, they will be stored in an appropriate manner (minimized) to protect the identity of the data subject in the event of a data breach.
- Observance of the principle of accountability
Regulation (EU) 2016/679 includes provisions that promote accountability and manageability and complement transparency requirements. The principle of accountability in Art. 5, para. 2 requires the administrator to prove that he observes the other principles in the ORD and explicitly states that this is his responsibility.
DAFE BUSINESS Ltd. will prove compliance with the principles of data protection by implementing data protection policies by joining codes of conduct, implementing appropriate technical and organizational measures, as well as by adopting data protection techniques at the stage the design and default data protection, personal data protection impact assessment, etc.
IV. Rights of data subjects
- The data subject shall have the following rights with regard to the processing of data as well as the data recorded for him:
Make requests to confirm whether personal data relating to him are being processed and, if so, to have access to the data as well as information on the recipients of this data.
Request a copy of your personal data from the administrator;
To ask the administrator to correct personal data when they are inaccurate and when they are no longer up to date;
Require the administrator to delete personal data (right to be “forgotten”);
To ask the administrator to limit the processing of personal data, in which case the data will only be stored, but not processed .;
To object to the processing of his personal data;
To object to the processing of personal data concerning him for the purposes of direct marketing.
To file a complaint to a supervisory body if it considers that any of the provisions of the ORD is violated;
To request and be provided with personal data in a structured, widely used and machine-readable format;
Withdraw your consent to the processing of personal data at any time with a separate request addressed to the administrator;
Not be subject to automated decisions that affect him significantly, without the possibility of human intervention;
To oppose automated profiling, which happens without his consent;
- DAFE BUSINESS Ltd. shall provide conditions to guarantee the exercise of these rights by the data subject:
Data subjects may make requests for access to data as described in the Subject Request Management Procedure;
Data subjects have the right to lodge complaints related to the processing of their personal data, the processing of a request by the data subject and an appeal by the data subject concerning the way in which complaints are processed in accordance with the Complaints Procedure. requests from the data subjec
- By “consent” DAFE BUSINESS Ltd. will understand any freely expressed, specific, informed and unambiguous indication of the will of the data subject, through a statement or clearly confirming action expressing his consent to the personal data related to him to be processed. The data subject may withdraw his consent at any time.
By registering on our website or completing the order form, you agree that we may use your electronic contact information, which may be extracted from your previous use of the Website, or allow third parties to use these data to contact you electronically (email, SMS) with information about goods and services. You can opt out of marketing communications by disabling this feature through the unsubscribe link provided in each email you receive.
- In most cases, the consent for processing personal and special categories of data is routinely obtained from DAFE BUSINESS Ltd. using standard consent documents – e.g. Form for registration on the site, which includes – Name, Surname, email and phone, address, gender, age, etc.
VI. Data security
- All our employees are responsible for ensuring the security of the storage of data for which they are responsible and which “DAFE BUSINESS” Ltd. holds, and that the data is stored securely and is not disclosed under any circumstances to third parties. , unless DAFE BUSINESS OOD has granted such rights to this third party by concluding a contract / confidentiality clause. This includes, for example, not only the hosting company that hosts the website, the accounting company serving DAFE BUSINESS Ltd., suppliers.
- All personal data are available only to those who need them, and access can be granted only in accordance with the established rules for access control.
- Our website may from time to time contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility for these policies. Please check these policies before submitting personal information to these websites.
a) If we sell or buy a business or assets, in which case we may disclose your personal information to the prospective seller or buyer of such company or assets.
b) If DAFE BUSINESS OOD or practically all of its assets have been acquired by a third party, in this case the personal data stored by it for its customers will be one of the transferred assets.
c) If we are obliged to disclose or share your personal data in order to comply with any legal obligation or to protect the rights, property or safety of DAFE BUSINESS Ltd., our customers or others. This includes exchanging information with other companies and organizations in order to protect against fraud and reduce credit risk.
VIII. Data storage and destruction
- DAFE BUSINESS Ltd. does not store personal data in a form that allows the identification of subjects for a longer period than necessary, in relation to the purposes for which the data were collected.
- DAFE BUSINESS Ltd. may store data for longer periods only if the personal data will be processed for archiving purposes, for public interest purposes, and for statistical purposes, and only in the implementation of appropriate technical and organizational measures. to guarantee the rights and freedoms of the data subject.
- Personal data will be securely destroyed in accordance with the principle of ensuring an adequate level of security (Article 5 (1) (f) of the General Regulation) – including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organizational measures (“ongoing supervision, levels of access, integrity and confidentiality”);
DAFE BUSINESS Ltd. has created an automated data inventory process as part of its approach to dealing with risks and opportunities in the process of complying with the policy of compliance with Regulation (EU) 2016/679. During the inventory of the data in DAFE BUSINESS OOD and in the workflow of data the following are established:
business processes that use personal data;
sources of personal data;
the number of data subjects;
a description of the categories of personal data and the elements of each category;
the purposes of the processing for which the personal data are intended;
the legal basis for the processing;
the recipients or categories of recipients of personal data;
basic storage systems and locations;
all personal data that are subject to transfers outside the EU / if any /;
storage and deletion periods. In conclusion, we assure you that DAFE BUSINESS Ltd. is aware of the risks associated with the processing of personal data.
DAFE BUSINESS Ltd. assesses the level of risk for persons involved in the processing of personal data. Impact assessments are performed on data protection in connection with the processing of personal data by DAFE BUSINESS Ltd. in connection with new projects.
DAFE BUSINESS Ltd. manages all risks identified by the impact assessment in order to reduce the likelihood of non-compliance with these rules.
We will do our best from a technical and organizational point of view to keep the personal data you provide us. However, the protection of this data is also your responsibility! When we provide you (or when you choose) a password that allows you to access certain parts of the Website, you are responsible for maintaining the confidentiality of that password. Please do not share the password with anyone!
In order to make the visit to our site attractive and to be able to use certain functions, we use so-called “cookies”. Cookies are small text files that are stored on your device. They serve to make our site more accessible, more efficient, as well as more secure for customers and to facilitate the management of our platform. of them contribute to the optimal use of our website.
More information about cookies on our page:
You can set your browser not to save cookies or delete existing ones. To find out how, please consult the manufacturer of your browser or use the instructions.
Because you can prevent cookies from being saved through the appropriate settings of your browser, keep in mind that if you do, you may not be able to use all the features of this website. You can learn more about how cookies work at https://cookiepedia.co.uk/ (information in English)
By activating cookies in your browser, you have agreed to our collection of cookies for this purpose. We use the following types of cookies: basic cookies, which are essential for providing access to our Website; functional cookies, which are crucial for the proper functioning of our Website (if these cookies are disabled, our Website may not work properly); “Performance cookies” that do not identify you individually (until you enter your credentials in any of our forms), but help us customize our content according to your actions on our Website; and targeting / advertising cookies, which help make advertising more relevant to visitors to our Website.Google Analytics- Our site may use Google Analytics (Google Analytics), an analytics service offered by Google, Inc. (“Google”), to understand how users use our pages. Information about the use of this site obtained through cookies is usually transmitted and stored by Google on servers in the United States. IP depersonalization is enabled on this site, which is why Google will partially delete the user’s IP address.
You can turn off data collection from Google Analytics through the appropriate settings of your browser, using the Cookies settings button.
Details on how Google collects and processes data can be found at the following link: www.google.com/policies/privacy/partners/
Facebook-Pixel – Our site can use Facebook-Pixel. The Facebook pixel is the HTML code of our web page, which allows us to set, measure and optimize the audience when conducting marketing campaigns.
The Facebook pixel measures the conversions of different devices, allows automatic creation of target groups of visitors to the site, as well as re-targeting and creating dynamic ads.
Through the Facebook pixel, we do not collect personal information directly, but use the available information about the user in order to redirect to our web page when browsing the Internet. In this action, however, we do not know personal information about the specific user – for example, who the user is.
Google AdWords s- This website may use Google AdWords, a remarketing and behavioral targeting service provided by Google. DAFE BUSINESS Ltd. does not identify or collect user data through Google AdWords.
Plug-in and Social Media
Social sharing buttons may be integrated into our site. For this purpose we use the AddtoAny application. We do not collect personal data when using this application.
All sharing buttons are set up in accordance with the requirements of personal data protection. Only when you click on the appropriate “share button” on this website (and only then) is a direct connection established between your browser and the server of the administrator of the respective social network. According tosocial network administrators do not collect personal data from social networks without clicking on the appropriate share button. Only registered members collect and process such data, including the IP address. If you do not want your visit to our website to be linked to the relevant social network profile, please log out of your relevant social network profile.
As the owner of this website, we do not have information about the content of the provided data and how they are used by social networks. For more information on the use of data from social media, see the privacy policies of the respective social networks.