Privacy Policy

PRIVATE DATA PROCESSING POLICY
 

Information about the data controller:

 

CBN Designs Ltd is a company registered in the Commercial Register of the Registry Agency under UIC 205559376, with headquarters and address of management: Sofia, zh.k. Liulin, bl. 408, ent. B, Tel: +359888080838; e-mail: office.cbndesigns@gmail.com 

 

We process your personal data on the following grounds:

Conclusions between us and you in order to fulfill our obligations under it;
Your explicit consent - the purpose is stated on a case-by-case basis;
Under a statutory obligation
In the following paragraphs, you will find information about the processing of your personal information, depending on the reason we handle it.

FOR IMPLEMENTING THE CONTRACT OR IN THE CONTEXT OF PREFERENTIAL RELATIONS

We process your personal data in order to perform contractual and pre-contractual obligations and to use the rights under the contracts entered into with you.

 

Processing Goals:

Identify yourself;
managing and executing your application and executing a contract;
prepare and send an account / invoice for the services you use with us;
Keeping correspondence with orders placed, processing queries, reporting issues, and more.
drafting a profile;
 

Based on the agreement between us and you, we process information about the type and content of the contractual relationship as well as any other information related to the contractual relationship, including:

personal contact information - contact address, email, phone number;
identification data - full name, single citizen number or personal number of foreigner, permanent address;
Data about the orders made through the profile;
emails, letters, information about your troubleshooting requests, complaints, petitions, complaints;
credit or debit card information, bank account number or other bank and payment information related to the payments made;
 

The processing of the personal data we provide is mandatory for us to be able to sign the contract with you and execute it.

 

We provide your personal data to third parties, and our primary purpose is to offer you quality, fast and comprehensive service.

We provide personal data to the following categories of recipients (personal data controllers):

postal operators and courier companies;
persons performing consultancy services in different spheres.
 

The data collected on this basis is erased 5 years after the termination of the contractual relationship, whether due to expiration of the contract, termination or other grounds. The deadline is set by the 5-year limitation period for possible claims under the contract.

FOR THE IMPLEMENTATION OF LEGAL OBLIGATIONS

It is possible that the law provides for an obligation for us to process your personal data. In these cases, we are required to process such as:

Obligations under the Measures against Money Laundering Act;
fulfillment of distance selling obligations, off-premises sales provided for in the Consumer Protection Act;
providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;
providing information to the Commission for the protection of personal data in relation to obligations provided by the legislation on the protection of personal data;
obligations provided by the Accountancy Act and the Tax and Social Insurance Procedure Code and other related statutory instruments in relation to the keeping of lawful accounting;
providing information to the court and third parties, in the course of proceedings before a court, in accordance with the requirements of the normative acts applicable to the proceedings;
age verification when shopping online.
 

The data collected in accordance with a statutory obligation is deleted once the collection and storage obligation has been fulfilled or dropped. For example:

under the Accounting Act for the storage and processing of accounting data (11 years),
obligations to provide information to the court, competent state bodies, etc. grounds provided by current legislation (5 years).
 

When we are required to do so by law, we may provide your personal data to the competent governmental authority, a natural or legal person.

AFTER YOU AGREE

We process your personal data on this basis only after your explicit, unambiguous and voluntary consent. We will not anticipate any adverse consequences for you if you refuse to process your personal data.

Consent is a separate ground for the processing of your personal data and the purpose of the processing is specified therein and is not covered by the objectives listed in this policy. If you give us the appropriate consent, and until we withdraw or terminate any contractual relationship with you, we prepare appropriate product / service offerings for you.

For this reason, we only process the data you have given us for your explicit consent a voice. The specific data is determined for each individual case. Typically, the data includes:

Email
Telephone
Address;
names;
On this basis, we can provide your data to marketing agencies and third parties.

 

Deliveries submitted may be withdrawn at any time. Withdrawal of consent will not affect the performance of contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we will not use your personal information and information for the purposes set out above.

 

Data collected on this basis is deleted at your request or 1 year after your initial collection.

PROCESSING OF ANONYMOUS DATA

We process your data for static purposes, this means for analyzes where the results are only generalizing and therefore the data is anonymous. It is impossible to identify a particular person from this information.

How we protect your personal information

To ensure adequate data protection for the company and its customers, we apply all the necessary organizational and technical measures provided for in the Personal Data Protection Act.

For the sake of maximum security when processing, transferring and storing your data, we may use additional security mechanisms such as encryption, pseudonymisation, and more.

 

Consumer Rights

Each User of the site enjoys all rights to protection of personal data in accordance with Bulgarian and European Union law.

 

Each User is entitled to:

Awareness (in connection with the processing of his or her personal data by the administrator);
Access to their own personal data;
Correction (if data is inaccurate);
Deleting personal information (right to be forgotten);
Restriction of processing by the administrator or processor of personal data;
Portability of personal data between individual administrators;
Opposition to the processing of his or her personal data;
The data subject is also entitled not to be the subject of a decision based solely on automated processing involving profiling that produces legal consequences for the data subject or similarly affects him or her significantly;
Entitlement to judicial or administrative redress if the rights of the data subject have been violated.
 

The user can request deletion if one of the following conditions is true:

Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
The consumer withdraws his / her consent on which the processing of the data is based and no other legal basis for the processing;
The data user opposes the processing and there are no legitimate grounds for the processing that have the advantage;
Personal data has been tampered with;
Personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State which applies to the controller;
Personal data have been gathered in connection with the provision of information society services to children, and consent is given by parental responsibility for the child.
 

The user is entitled to restrict the processing of his personal data by the controller when:

It protects the accuracy of personal data. In this case, the limitation of the processing is for a period that allows the controller to verify the accuracy of the personal data;
Processing is unlawful, but the User does not want the personal data to be deleted, but instead requires a limitation of their use;
The administrator no longer requires personal data for the purposes of processing, but the User requires them to identify, exercise or protect legal claims;
opposes the processing pending verification that the legal grounds of the controller have an advantage over the User's interests.
   

Right of portability.

The data subject has the right to receive the personal data that concerns him and which he has provided to an administrator in a structured, widely used and machine readable format and has the right to transfer that data to another administrator without hindrance by the administrator to whom the personal data is provided when the processing is based on consent or a contractual obligation and the processing is done in an automated manner. When exercising its right to data portability, the data subject is also entitled to receive a direct transfer of personal data from one administrator to another where this is technically feasible.

 

Right of objection.

Users have the right to object to the controller against the processing of their personal data. The Personal Data Administrator is required to discontinue the processing unless he can prove that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or protection of legal claims. At an objection to the processing of personal data for direct marketing purposes should be terminated immediately.

 

Appeal to the supervisory authority

Each User has the right to file a complaint against the unlawful processing of his or her personal data with the Personal Data Protection Commission or the competent court.