Entrance
БългарскиEnglish
by Transposh - translation plugin for wordpress

Privacy policy

PRIVACY POLICY OF PERSONAL DATA

I. DEFINITIONS.

For the purposes of this Policy, the following terms have the following meanings:

"Administrator of personal data” within the meaning of this Policy is Desislava Hristova Dishleva, which is the owner of the website (the domain) www.prosper.bg ("Internet site"). The owner of the Internet site determines the purposes of processing the personal data of the visitor(s) of the Internet site on any of the grounds provided for by law.. The owner of the Internet site also determines the funds, through which this processing will be carried out.

“The cookies” or “Cookies” are small text files, stored in the browser directories, used by the visitor to the Internet site. Cookies are used, to help website visitors use the website effectively. In case, to be deleted or blocked, some Internet sites or certain of their functionalities may not be accessible to visitors.

"ZZLD” is the Personal Data Protection Act.

"CPLD” is the Personal Data Protection Commission.

"Personal Data" are any information, related to an identified natural person/natural person, which can be identified; an individual can be identified (directly or indirectly), in particular by an identifier such as a name, identification number, address, online identifier or by one or more attributes, specific to the physical, the physiological, the genetic, the mental, the mental, the economic, the cultural or social identity of that natural person.

Processing” is any operation/set of operations, carried out with Personal Data/set of Personal Data through automatic/other means such as collection, recording, organizing, structuring, storage, adapt or change, retrieval, counseling, use, disclosure by transmission, distribution or otherwise, by which the data becomes available, arrangement or combination, restriction, deletion or destruction.

"Processor of personal data” is a third party, which processes personal data of a Personal Data Subject on behalf of a Personal Data Administrator, where the Personal Data Administrator has strictly defined the purpose of the processing, the means, with which it occurs and has checked whether the person meets the requirements of the Orzld.

"ORZLD” is Regulation (EU) 2016/679 of the EP and the Council from 27 April 2016 year on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC.

Subject” is a natural person, for which Personal Data is processed.

II. SCOPE.

This Policy applies to the processing of personal data of visitors to the Internet site, which are processed on an electronic medium, with reporting registers established in accordance with this Policy, the current Bulgarian legislation and Article 30 ORZLD.

III. PURPOSES OF THE PROCESSING OF PERSONAL DATA.

The personal data of visitors to the Internet site will be processed by the Administrator in accordance with the applicable data protection legislation.

Through the Internet site, the Administrator collects personal data in the following ways:

A. When you create a profile on the website, You us you provide personal information, including their names, phone number and e-mail;

B. When you purchase items, merchandise and digital products from our online store as usual
you provide personal data - names, phone number, e-mail.

IN. Sign up for newsletter;

G. Cookies (cookies)/ etc.. similar methods.

When visiting the Internet site, cookies are attached to the terminal device of the visitor to the Internet site, which allow his actions or preferences to be “remembered” for a certain period of time according to the Policy on the use and management of cookies (cookies) to Administrator https://prosper.bg/politika-za-biskvitki/.

The following categories of personal data are collected through the Internet site, which are processed for the following purposes:

A. Name of the visitor to the Internet site. They are needed for: as a form of address; to make contact with the visitor of the Internet site; to provide an answer to a query sent to the Administrator by the visitor to the Internet site; in connection with the offer and/or provision of services or a purchased online product of the Administrator;

B. Telephone number/e-mail address of the visitor to the Internet site. They are needed for: to make contact with the visitor of the Internet site; to provide an answer to a query sent to the Administrator by the visitor to the Internet site; in connection with the offer and/or provision of services or a purchased online product of the Administrator;

IN. Username. It is necessary to create a profile on the Internet site to access digital products;

G. Data, related to the behavior of the visitor to the Internet site: They are needed for: in connection with offering services to the Administrator; learning about the interests and behavior of the visitor as a user in order to improve the services of the Administrator.

When corresponding with the Administrator via e-mail or via the contact form, published on the website, initiated by the visitor to the Internet site, the latter commits the data, that the visitor provides, to be accurate, correct and up-to-date.

IV. BASIS FOR THE PROCESSING OF PERSONAL DATA.

The administrator processes the personal data of a visitor to the Internet site on the basis of consent and for the purposes of performing the service, which the visitor of the Internet site has requested through the functionalities of the Internet site.

Personal data is processed on the grounds, specified in Article 6 ORZLD.

In cases of filling out the contact form, published on the website, by a visitor to the Internet site, the personal data of the latter are processed on the basis of his consent and for the purpose of providing an answer by the Administrator to a query addressed to him by the visitor of the Internet site.

In cases of entering the e-mail address of the visitor to the Internet site by the latter to register for receiving an information bulletin, this action, undertaken by the visitor to the Internet site will be considered by the Administrator as an affirmative act, with which the visitor to the Internet site provides his free data, specifically, an informed and unequivocal consent application for his personal data to be processed by the Administrator for the purpose of receiving an information bulletin about the Administrator's products and services.

The visitor to the Internet site has the right to withdraw his consent at any time, after which the Administrator will stop sending information materials to the e-mail address selected by the visitor to the Internet site. The visitor to the Internet site can withdraw his consent, by accessing the link in the informational email received.

When the consent of the visitor to the Internet site is not requested and given for the purposes of specific processing, or it is not immediately necessary to perform the service requested by the visitor, the basis for processing the personal data of the visitor to the Internet site is the legitimate interest of the Administrator or a third party, which will not damage or would not significantly affect the right to privacy of the personal data of the visitor of the Internet site. The judgment of the Administrator will be documented by the latter and will follow certain criteria and reasoning. The visitor to the Internet site will be granted the right to familiarize himself with it upon request, as well as raise an objection, that the relevant processing affects his right to privacy and/or protection of personal data in a more substantial way than provided for in the justification. In these cases, The administrator will consider the objection of the visitor to the Internet site and will issue a reasoned opinion on its acceptance or rejection within a period of 14 days. The objection can be sent to the Administrator at desislava.hristova@prosper.bg.

V. RIGHTS OF PERSONAL DATA SUBJECTS.

The website visitor as a data subject has the following rights, which he can exercise in connection with the processing of his personal data, and the Administrator undertakes to respond to it without undue delay and in any case within one month of receiving the request. If necessary, this period can be extended by another two months, taking into account the complexity and number of requests of the visitor to the Internet site:

A. Right to information;

B. Right of access to data subject's data, which are in process of processing;

IN. Right to rectification;

G. The data subject's right to be "forgotten";

D. Right to restriction of processing;

Well. Right to object;

J. Right to appeal to the Personal Data Protection Commission.

Any disputes between the Administrator and the visitors of the Internet site in connection with personal data can be resolved through negotiations between the parties. In case, that no agreement is reached between the parties, the legal dispute should be referred for resolution to the Commission for the Protection of Personal Data or to the competent court in. Sofia.

VI. TECHNICAL AND ORGANIZATIONAL MEANS FOR THE PROTECTION OF PERSONAL DATA.

The administrator takes all necessary technical and organizational measures to protect the personal data of visitors to the Internet site from any illegal actions, including, but not only loss and unauthorized access.

Measures include restricting access to Personal Data, appropriate training of individuals, responsible for the processing of Personal Data and compliance with good practices, guidelines and instructions for the protection of personal data from the competent supervisory authorities. All measures are subject to regular review and updating.

In order to ensure a high level of data protection security, measures to protect personal data are taken at two stages - at the stage of designing individual segments of the website and the services offered, as well as at the default stage - when the visitor to the Internet site registers to receive an information bulletin or in another similar way.

VII. TERM FOR STORAGE AND DESTRUCTION OF PERSONAL DATA.

Personal data is stored for the periods, necessary to achieve the goals set by the Administrator, for which they are collected.

The data, which are no longer needed are subject to destruction, for which the Administrator takes the relevant technical and organizational measures. Exceptions to this rule are the following cases:

  • presence of a legal basis for processing the data for a longer period of time;
  • request made by the visitor to the Internet site to limit the processing, according to his rights, specified in Section V of this Policy;
  • for purpose, compatible with the original purpose of the processing, about which the visitor of the Internet site will be promptly notified by the Administrator.

VIII. PROVISION OF PERSONAL DATA TO THIRD PARTIES.

The personal data of visitors to the Internet site will not be disclosed to third parties. Exceptions to this rule are the following cases:

  • third parties, payment/banking service providers;
  • disclosure of personal data to a third party is necessary, in order to protect the vital interests of the visitor to the Internet site or of another natural person;
  • the disclosure of personal data to a third party is necessary for the purposes of compliance with a legal obligation, which applies to the Owner of the Internet site in his capacity as a personal data administrator.

The administrator does not transfer personal data, collected through the Internet site of a third country or an international organization outside the European Union.

THEM. VIOLATIONS. NOTIFICATION OF VIOLATIONS.

A security breach is an event, leading to accidental or wrongful destruction, loss, change, unauthorized disclosure or access to Personal Data, which are transmitted, reveal, stored or otherwise processed.

Destruction of personal data is available, when the data no longer exists or does not exist in the format, in which they can be used by the Administrator.

Loss of personal data is present, when the Personal Data exists, but the Administrator has lost control, access or your actual authority over them.

Unauthorized or illegal processing is present, when the Personal Data is disclosed or accessed by unauthorized recipients, as well as any other form of processing, infringing the Orzld, e.g.. accidental or wrongful destruction, loss, change, wrongful disclosure, or access to transmitted, personal data stored or processed in another unregulated way.

The damage is all physical, material and non-material damages, arising from an unresolved, unlawful processing or loss.

Security breaches can be divided into three main groups:

  1. Breaches of confidentiality – in relation to unauthorized or accidental disclosure of or access to personal data;
  2. Accessibility Breaches – when accidental or unauthorized loss or access to/destruction of personal data occurs;
  3. Breach of credibility – in case of accidental or unauthorized modification of personal data.

Some security breaches may fulfill two or three of the conditions at the same time, described above.

In the event of a breach of personal data security, The administrator promptly takes action according to the established policy adopted by him, escalation and reporting of personal data security breaches, by notifying the data subject without undue delay within a reasonable time after becoming aware, if the breach of personal data security is likely to result in a high risk to his rights and freedoms.

X. LIMITATION OF LIABILITY.

This Personal Data Privacy Policy is valid only for the website www.prosper.bg, but not for individual pages and websites of third parties, which you can reach by referral or in another similar way from the Internet site. In cases like these, the Administrator has no control over the processing of data by third parties and cannot guarantee the protection and privacy of data subjects' personal data.

XI. CHANGES AND AMENDMENTS TO THE POLICY.

This Policy is effective, from the date of its publication on the Internet site, and the same can be changed unilaterally by the Administrator. Amendments and additions to the Policy are published on the Internet site and enter into force on the day of their publication.

For additional information, as well as in connection with exercising your rights, please send an email to desislava.hristova@prosper.bg.