Privacy Policy

We provide you with information about the transparency of the personal data we process in accordance with Article 13 of Regulation (EU) 2016/679 (General Data Protection Regulation). Please familiarize yourself with its content. For your convenience, the information is structured into sections in case you wish to promptly acquaint yourself with a specific part of it.

1. DATA ABOUT THE ADMINISTRATOR AND CONTACT INFORMATION

Data Controller is………Nasko Pavlov Pavlov…………………………………………………………………………………. …………………………………………………………………………………………………………………………………………………….

You have the option to contact the Data Controller not only at the provided address but also through the following email address…nasko.pavlov@stil-m.com…………………………………….. or by phone ……00359888268992…………………………………

2. PURPOSES OF PROCESSING, LEGAL BASIS, DATA CATEGORIES, RECIPIENTS, AND STORAGE PERIODS

The information containing your personal data may be processed for one or more of the following purposes:

Concluding and executing contracts within the scope of our activities;

Functioning of our website;

Direct marketing;

For your convenience, we provide the complete information regarding the processed categories of personal data, the legal bases for processing, the categories of recipients, and the storage periods for each processing purpose.

2.1. Concluding and Executing Contracts

The personal data processed for concluding and executing contracts, in which the company is a party, relates to the physical individuals with whom we enter into such contracts, as well as representatives of legal entities and contact persons with whom we have contractual relationships. The legal basis for processing personal data is Article 6, paragraph. 1, B. “B” of Regulation (EU) 2016/679 – the performance of a contract or pre-contractual relations initiated by the data subject.

The processed personal data includes data identifying the parties to the contract, data about bank accounts if payments are made, and other data depending on the subject of the specific contract, strictly necessary for its execution.

Personal data can be disclosed to data subjects, other authorities, and individuals only in cases established by law (e.g., the National Revenue Agency, law enforcement authorities). The services of accounting firms can be used for their processing.

The retention period of personal data is determined based on the duration of the contract and the statute of limitations for potential claims related to it.

2.2. THE FUNCTIONING OF OUR WEBSITE

Please note that individuals can be identified through online identifiers such as internet protocol (IP) addresses and cookies. These identifiers can be used to track and identify users’ online activities and interactions on websites. In order to ensure the proper functioning of our website, we use cookies. We have provided the necessary information about the use of cookies on our website. …………………………………………………….

The nature of the data collected through cookies includes IP addresses, location information, viewed pages, and device type. The legal basis for processing this data is your consent, as outlined in Article 6, paragraph 1, B. 1(a) of Regulation (EU) 2016/679 (General Data Protection Regulation) The exception to the requirement for consent applies to cookies necessary for the provision of a service explicitly requested by you, in accordance with Article 4a, paragraph 4 of the Law on Electronic Commerce.

The recipients of this data may include law enforcement authorities in the exercise of their powers and duties.

The data of registered visitors will be deleted if the account is not used for a period of 5 years or upon withdrawal of consent by the individuals, respectively. The data of registered visitors will be deleted until they are deleted by the individuals themselves. You can find information about the storage of other cookies and how they can be deactivated in our cookie policy, which can be accessed through the link provided above.

3. YOUR RIGHTS UNDER REGULATION (EU) 2016/679

The General Data Protection Regulation provides the following rights to individuals regarding the processing of their personal data

Right to access your personal data processed by the data controller.

Right to rectify inaccurate or incomplete personal data.

Right to erasure (“right to be forgotten”) of personal data processed unlawfully or with expired legal grounds (expired storage period, withdrawn consent, fulfilled initial purpose for which they were collected, and others).

Right to restriction of processing in case of a dispute between the data controller and the individual regarding the lawfulness or accuracy of the processed personal data until it is resolved and/or for the establishment, exercise, or defense of legal claims.

Right to data portability when your personal data is processed by automated means based on consent or a contract. For this purpose, the data is transmitted in a structured, commonly used, and machine-readable format.

Right to object to the processing of your personal data at any time, based on grounds relating to your particular situation, when your personal data is processed based on legitimate interests, public interest, or official authority.

Right to object to the processing of personal data for the purposes of direct marketing. It is not necessary for you to state your reasons; in all cases, we will respect your objection made on this basis.

Right of the data subject not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or significantly affects them.

The automated processing carried out by us is not related to making entirely automated decisions with significant legal or other consequences for you.

You can exercise your rights arising from Regulation (EU) 2016/679 by submitting a written or electronic request to the data controller of your personal data. In your request, you should provide your name, personal identification number (if applicable), address, and other identifying information as the data subject. Additionally, please describe the nature of your request, indicate your preferred form of communication, and specify the actions you are requesting. It is necessary for you to sign your request, include the date of submission, and provide the correspondence address for communication with you. These requirements stem from Articles 37B and 37V of the Personal Data Protection Act. You can use the contact details provided by the data controller to send your request.

It’s important to note that even after you delete your account or request data erasure, copies of certain information from your profile may remain visible under certain circumstances. For example, if you have shared information with social media or other services, or when the retention of such copies is necessary to comply with legal obligations or for legal protection purposes. Due to the nature of information caching technology, your profile may not become immediately inaccessible to others.

4. RIGHT TO LODGE A COMPLAINT WITH THE DATA PROTECTION COMMISSION

If you believe that your rights under Regulation (EU) 2016/679 have been violated, you have the right to lodge a complaint with the Commission for Personal Data Protection, located at 1592 Sofia, Prof. Tsvetan Lazarov Blvd. “Cvetan Lazarov” Str. No. 2, fax: +359 2 915 35 25, email: kzld@cpdp.bg.

5. IMPORTANCE OF PROVIDING YOUR PERSONAL DATA

When we process your personal data for the purposes of entering into and performing contracts with you, the provision of personal data is a necessary requirement for contract formation. The non-provision of personal data hinders the ability to take steps regarding anonymous requests.

With your consent, we process personal data when you voluntarily choose to subscribe to our offers, promotions, updates, market research, and current news. If you do not provide consent for this, we will not be able to know your preferences for specific offers and provide you with services specifically tailored to you.

6. HOW WE PROCESS YOUR PERSONAL DATA

Personal data is processed both through automated means and manual procedures and is protected by appropriate security measures, taking into account the state of the art, implementation costs, as well as the nature, scope, context, and purposes of the processing. The company implements appropriate administrative, technical, personnel, and physical measures to safeguard the personal data it possesses from loss, theft, unauthorized use, disclosure, or alteration.

7. FROM WHICH SOURCES DO WE OBTAIN YOUR PERSONAL DATA

The processed personal data is obtained from you as data subjects. If necessary, we may also have access to publicly accessible registers such as property or commercial registers. However, we would not undertake such actions unless we have pre-contractual or contractual relationships with you.

8. LINKS TO OTHER WEBSITES

This privacy policy does not cover any potential links on our website to other websites. We recommend that you read the policies/transparency statements/privacy statements of other websites you visit.

9. UPDATING THIS PRIVACY POLICY

The company has the right to modify or update this Privacy Policy. Any changes to this Privacy Policy will be announced in advance through publication on the company’s website.