Personal data protection policy

Information about the personal data controller:

“Ecomaat” Ltd. is a legal entity having its registration in Mirkovo (Bulgaria), 21 Vasil Levski str., phone number: +359888762334; e-mail address: info(at)ecomaat.com

Grounds and purposes for which personal data is processed

We process your personal data on the following grounds:

  • Contract concluded between us and you in order to fulfill our obligations under it;
  • Your explicit consent – the purpose is stated on a case-by-case basis;
  • Under a legal obligation;

In the following paragraphs, you will find detailed information regarding the processing of your personal data, depending on the grounds and purpose we process it.

 

FOR EXECUTION OF CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS

We process your personal data in order to perform the contractual and pre-contractual obligations and to use the rights under the contracts concluded with you.

 

Processing Goals:

  • identification
  • managing and executing your request and executing a contract;
  • preparing an offer for concluding a contract;
  • preparation and sending a bill/ invoice for the services;
  • to provide you with the full service you need, as well as to collect the due amounts for the services used;
  • keeping correspondence in relation to previous orders, processing requests, reporting problems, and more;
  • notification of anything related to the services you use from us;
  • client history analysis;
  • identify and / or prevent unlawful actions or actions inconsistent with our terms of service;

 

Data we process on this ground:

Based on the agreement between you and us, we process information about the type and content of the contractual relationship as well as any other information related to the contractual relationship, including:

  • personal contact details – contact address, email, phone number;
  • identification data names, personal ID or personal ID of a foreigner, gender, age, permanent address;
  • data about the orders made;
  • correspondence in relation to the entire service – emails, letters, information about your requests for troubleshooting, complaints, requests, complaints, feedback we receive from you;
  • credit or debit card information, bank account number or other bank and payment information related to the payments made;

o other information such as:

  • Customer/User ID, code or other identifier created for identification;
  • IP address when visiting our website;
  • Demographic data;
  • Social Network Account Details;
  • Information from your actions on the site.

The processing of the above mentioned personal data is obligatory for us in order to be able to conclude the contract with you and execute it. Without providing us with this information, we would not be able to fulfil our contractual obligations.

 

We provide third parties with personal data

We provide your personal information to third parties, and our main purpose is to offer you quality, fast and comprehensive service. We do not provide third parties with your personal data before making sure that all technical and organizational measures are taken to protect this data by striving to carry out strict control to meet this goal. In this case, we remain responsible for the confidentiality and security of your data.

We provide the following categories of recipients (personal data controllers) with personal data:

  • postal operators and courier companies;
  • persons who, by assignment, keep equipment, software and hardware used for the processing of personal data and necessary for the operation of the company
  • persons performing consultancy services in different spheres.

 

When do we delete the data collected on this basis?

The data collected on this basis will be erased 5 years after termination of the contractual relationship, whether due to expiration of the contract, termination or other grounds. The deadline is set by the 5-year limitation period for possible claims under the contract.

 

FOR THE EXECUTION OF LEGAL OBLIGATIONS

It is possible that we are obliged by the law to process your personal data. In these cases, we are required to do so. Examples for these obligations are:

  • Obligations under the Measures against Money Laundering Act;

Execution of obligations in relation to distance selling, off-premises sales provided by the Consumer Protection Act;

  • Providing information to the Consumer Protection Commission or third parties in connection with the Consumer Protection Act;
  • Provision of information to the Commission on the protection of personal data in relation to obligations provided by the legislation on the protection of personal data;
  • Obligations stipulated in the Accountancy Act and the Tax-Insurance Procedure Code and other related normative acts in relation to the lawful accounting;
  • Provision of information to the court and third parties, in the course of proceedings in the court, in accordance with the requirements of the normative acts applicable to the proceedings;
  • Age authentication when shopping online.

 

When do we delete personal data collected on this basis?

The data collected according to an obligation under the law is deleted after the collection and storage obligation has been fulfilled or dropped. For example:

  •  under the Accountancy Act for the storage and processing of accounting data (11 years),
  •  obligations to provide information to the court, competent state bodies, etc. grounds provided by current legislation (5 years).

Provision of 3rd parties with personal data

When we are required to do so by law, we may give your personal data to the competent governmental authority, a natural or legal person.

 

AFTER YOUR EXPLICIT CONSENT

We process your personal data on this ground only after your expressly, unambiguously and voluntarily agree. We will not provide any unfavourable consequences for you if you refuse to agree your personal data to be processed.

Consent is a separate ground for the processing of your personal data and the purpose of the processing is specified therein and is not covered by the objectives listed in this policy. If you give us the appropriate consent and until we withdraw or terminate any contractual relationship with you, we prepare appropriate product / service suggestions for you by performing detailed analyses of your basic personal data;

Advanced analytics is a method of performing an analysis that allows the processing of large volumes of data through statistical models and algorithms and others that involve the use of personal data as well as the processes of aliasing and anonymizing them to retrieve information about trends and different statistical indicators.

 

Data we process on this ground:

On this ground, we process only the data you have given us our explicit consent for. Specific data is determined for each individual case. Typically, this data is an names, e-mail address, gender, age.

Provision of data to third parties

For this reason, we may provide your data to marketing agencies, Facebook, Google, Instagram, Mailchimp or similar.

 

Withdrawal of consent

Consent submitted may be withdrawn at any time. Withdrawal of consent will not affect the performance of contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we will not use your personal information and information for the purposes set forth above. Withdrawal of consent does not affect the lawfulness of consent-based processing prior to its withdrawal.

To withdraw your consent, you only need to use our site or simply contact us.

 

When do we delete the data collected on this basis?

The data collected on this basis is deleted either at your request or 12 months after its initial collection.

 

PROCESSING OF ANONYMOUS DATA

We process your data for static purposes, this means for analyzes where the results are only generalized and therefore the data is anonymous. Identifying a specific person from this information is impossible.

Your data can also be anonymized. Anonymisation is an alternative to data deletion. In anonymization, any personal identifiable elements / elements that allow you to identify yourself are irrevocably deleted. Anonymized data is not legally obligatory for deletion because it does not constitute personal data.

Why and how we use automated algorithms

For the processing of your personal data, we use partially automated algorithms and methods to continually improve our products and services to adapt our products and services to your needs in the best possible way. This process is called profiling.

How we protect your personal information

To ensure adequate data protection for the company and its customers and users, we apply all necessary organizational and technical measures provided in the Personal Data Protection Act.

For the sake of maximum security when processing, transferring and storing your data, we may use additional security mechanisms such as encryption, pseudonymisation, and more.

Personal data we have received from third parties

We receive personal data from social networks.

Consumer Rights

Each user of the site has all rights to protection of personal data in accordance with Bulgarian and European Union legislation.

 

The user can exercise their rights through the contact form or by sending a message to our email.

 

Each User is entitled to:

  • Awareness (in connection with the processing of his or her personal data by the controller);
  • Access to their own personal data;
  • Correction (if data is inaccurate)
  • Deleting personal data (right to be forgotten);
  • Restriction of processing by the controller or the processor of personal data;
  • Portability of personal data between individual controllers;
  • Appeal against the processing of his or her personal data;
  • The data subject may also not be the subject of a decision based solely on automated processing involving profiling that produces legal consequences for the data subject or similarly affects him or her significantly;
  • Entitlement to judicial or administrative redress if the rights of the data subject have been violated.

 

The user may request deletion if one of the following conditions is true:

  • Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • The consumer withdraws his consent on which the processing of the data is based and no other legal basis for the processing;
  • The data user opposes the processing and there are no legitimate grounds for the processing that have an advantage;
  • Personal data has been tampered with;
  • Personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller;
  • Personal data have been gathered in connection with the provision of child information society services and consent is given by parental responsibility for the child.

 

The customer/user is entitled to restrict the processing of his personal data by the controller when:

  • Opposes the accuracy of personal data. In this case, the limitation of the processing is for a period that allows the controller to verify the accuracy of the personal data;
  • Processing is unlawful, but the User does not want personal data to be deleted but instead requires a limitation of their use;
  • The controller no longer needs personal data for the purposes of processing, but the User requires them to establish, exercise or protect legal claims;
  • Appeals against processing pending verification that the legitimate grounds of the controller have an advantage over the User’s interests.

 

Right of portability

The data subject has the right to receive the personal data that concerns him and which he has provided to an controller in a structured, widely used and machine readable format and has the right to transfer this data to another controller without hindrance by the controller to whom the personal data is provided when the processing is based on consent or a contractual obligation and the processing is done in an automated manner. When exercising its right to data portability, the data subject is also entitled to receive a direct transfer of personal data from one controller to another when technically feasible.

Right of objection

Users have the right to object to the controller against the processing of their personal data. The Personal Data Administrator is required to discontinue the processing unless he can prove that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject or for the establishment, exercise or protection of legal claims. In case of objection to the processing of personal data for the purposes of direct marketing, the processing should be terminated immediately.

 

Appeal to the supervisory authority

Each User has the right to file a complaint against the unlawful processing of his personal data with the Personal Data Protection Commission or the competent court.

 

Keeping a registry

We keep a Register of the processing activities for which we respond. This Register contains all of the following information:

  • Name and contact details of the controller
  • Targets of processing;
  • Description of categories of data subjects and categories of personal data;
  • The categories of recipients to whom personal data is or will be disclosed,
  • Including recipients in third countries or international organizations;
  • Where possible, the deadlines for deleting the different categories of data;
  • Where possible, a general description of the technical and organizational security measures.

Cookie Policy

Using “cookies”

Cookies are short text files or small bundles of information that are stored through the internet browser of your terminal device (PC, tablet, laptop or cell phone) when you visit different websites and pages on the Internet. The primary purpose of cookies is to make the Consumer recognizable when he returns to the website. Some cookies have a more specific purpose, such as storing Consumer behavior on the site and making it easier for the Consumer to use the website. More information on how cookies work can be found on the Internet.

 

How are cookies used on this Website?

 

We use cookies on this website primarily for facilitating the usability of the site, improving its work, and storing information about Consumer behavior. No personal data is stored in this process, ie. through the cookies of the site we can not identify you as a person, so the collection of this information does not apply to the Law for Protection of Personal Data. Collected information from cookies is typically used in a generic way to analyze Consumer’s behavior on the Website, which allows us to improve the functionality of the site, the Consumer paths, and the content we use.

 

Which cookies are used on this website?

 

Session cookies

This type of cookies makes it easier for you to use the site, they store information temporarily only within the session of your browser. Typically, the information stored through them include what services you have added to your cart, which pages of the site you have visited, and how you have accessed some information. They do not collect any information from your computer and are automatically deleted once you leave the Website or end the session of your browser.

 

Persistent cookies

They enable us to store specific browsing information, such as analyzing site visits, how you have reached the Website, pages you have reviewed, options you have chosen, and where you have been targeting through the Website. Tracking this information helps us making improvements to the Website, including bug fixes and content expansion. The shelf life of this type of cookie varies according to its intended purpose.

 

Third party cookies

Our site has links to other sites or embedded content from other sites, such as Facebook, YouTube, Twitter, Google+, LinkedIn, partner websites. It is possible that when visiting these sites or opening content from them, they will be stored on your terminal cookies from these websites. These cookies are defined as third-party cookies, and we have no control over the generation and management of these cookies. This is why we encourage you to search for information about them and how to manage the third-party websites.

 

How can I manage the use of cookies from this Website?

All browsers allow you to manage cookies from a specially designed folder on your browser. You can block the receiving of cookies, delete all or part of them, or set your cookie preference settings before initiating a visit to our site. Keep in mind that deleting or blocking cookies may adversely affect the functionality of our Website and, hence, your Consumer experience.

 

Disable or block cookies

Controlling, disabling, or blocking cookies is governed by your browser settings. Keep in mind that a full ban on the use of all cookies may affect the site’s performance, its effectiveness, and access to certain information.

 

STANDARD WITHDRAWAL FORM TO FACILITATE THE RIGHT OF WITHDRAWAL

(fill in and submit this form only if you wish to terminate the contract)

 

To „ECOMAAT”  LTD.

 

I hereby inform you we wish to withdraw from the contract for the provision of the following service:

……………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………….

 

Ordered/received on – ……………………………………………………………………………………………………

Name of the User/s – ………………………………………………………………………………………………………

Address of the User/s- ………………………………………………………………………………………………………

 

Signature of the User/s: ……………………………………………….

(only if this is a paper form)

 

Date: ……………………………………………