Privacy Policy

Mandatory Information on the Rights of Individuals Regarding Personal Data Protection

 

Information about the Company Processing Your Data:

 

Name: "Aposstar" LTD

UIC: 202874242

Registered Office and Management Address: Gabrovo, 7 "Radost" Street

Correspondence Address: Ruse, 46 "Treti Mart" Boulevard

Phone: 0895 540 441

E-mail: info@aposoliveoil.com

Website: www.aposoliveoil.com

 

Information on the Competent Supervisory Authority for Personal Data Protection

 

Name: Commission for Personal Data Protection

Registered Office and Management Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Correspondence Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg

 

     "Aposstar" LTD (hereinafter referred to as the "Administrator" or "Company") conducts its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 regarding the protection of individuals in connection with the processing of personal data and the free movement of such data. This information aims to inform you about all aspects of the processing of your personal data by the Company and the rights you have in relation to this processing.

Basis for Collecting, Processing, and Storing Your Personal Data

Art. 1.The Administrator collects and processes your personal data in connection with the use of the online store www.aposoliveoil.com  and the conclusion of contracts with the company on the basis of Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular based on the following grounds:

  • Explicit consent received from you as a client;
  • Execution of the Administrator's obligations under a contract with you;
  • Compliance with a legal obligation applicable to the Administrator;
  • For the purposes of the legitimate interests of the Administrator or a third party;

Purposes and Principles for Collecting, Processing, and Storing Your Personal Data

Art. 2. (1)We collect and process the personal data you provide us in connection with the use of the online store and the conclusion of a contract with the company, including for the following purposes:

  • Creating a profile and providing full functionality when using the online store;
  • Concluding and executing a distance contract;
  • Individualizing a party to the contract;
  • Accounting purposes;
  • Statistical purposes;
  • Protecting information security;
  • Ensuring the execution of the contract for providing the respective service;
  • Sending a newsletter upon your request;

(2) We adhere to the following principles when processing your personal data:

  • Legality, good faith, and transparency;
  • Limitation of processing purposes;
  • Relevance to processing purposes and minimization of collected data;
  • Accuracy and timeliness of data;
  • Limitation of storage with a view to achieving the purposes;
  • Integrity and confidentiality of processing and ensuring an appropriate level of security for personal data.

(3) When processing and storing personal data, the Administrator may process and store personal data in order to protect the following legitimate interests:

  • Fulfilling obligations to the National Revenue Agency, the Ministry of Interior, and other state and municipal authorities.

Types of Personal Data Collected, Processed, and Stored by Our Company

Art. 3. (1) The company performs the following operations with the personal data you provide for the following purposes:

  • Registration of a user in the online store and execution of a distance purchase-sale contract - the purpose of this operation is to create a profile for using the online store to purchase goods and provide contact data for delivery of purchased goods. Registration and profile creation for using the online store is not a mandatory step for providing the service, which is significantly accessible even without creating a profile.
    Conclusion from impact assessment: Based on the performed impact assessment, the operation "Registration of a user in the online store and execution of a distance purchase-sale contract" is permissible for execution and provides sufficient guarantees for the protection of the rights and legitimate interests of data subjects in accordance with the requirements of GDPR.
  • Concluding and executing a commercial transaction with a client or partner – the purpose of this operation is to conclude and execute a contract with a commercial partner or client and administer it. Given the limited scope of collected personal data and the fact that part of it is collected from publicly accessible sources, conducting an impact assessment is not necessary.
  • Sending a newsletter – the purpose of this operation is to administer the process of sending newsletters to clients who have stated that they wish to receive them. Given the limited scope of collected personal data, conducting an impact assessment is not necessary.
  • Exercising the right of withdrawal or making a claim – the purpose of this operation is to administer the process of exercising the right of withdrawal or making a claim by the client. Given the limited scope of collected personal data, conducting an impact assessment is not necessary.

(2) The Administrator processes the following categories of personal data and information for the following purposes and on the following grounds:

  • Your identification data (email, name, etc.):
    • Purpose for data collection: 1) To contact the user and send information to them, 2) for user registration in the online store, and 3) for sending a newsletter.
    • Ground for processing your personal data: By accepting the general terms and conditions and registering in the online store or placing an order without registration, or upon concluding a written contract, a contractual relationship is established between the Administrator and you, on the basis of which we process your personal data – Art. 6, para. 1, (b) GDPR. Your data for sending a newsletter is processed based on your explicit consent – Art. 6, para. 1, (a) GDPR.
  • Data for delivery(names, phone, address, etc.):
    • Purpose for data collection: Fulfilling the Administrator's obligations under a purchase-sale contract and delivering the purchased goods.
    • Ground for processing your personal data: By accepting the general terms and conditions and registering in the online store or placing an order without registration, or upon concluding a written contract, a contractual relationship is established between the Administrator and you, on the basis of which we process your personal data – Art. 6, para. 1, (b) GDPR.
  • Additional data provided by you - If you wish to complete your profile, you can fill in your name, surname, phone number.
    • Purpose for data collection: Completing user information in their user account.
    • Grounds for data processing: You have provided explicit consent for processing your personal data for one or more specific purposes – Art. 6, para. 1, (a) GDPR at the time of registration in the online store. Providing this data is not mandatory for registration in the online store.

(3)The Administrator does not collect or process personal data related to the following:

  • Revealing racial or ethnic origin;
  • Revealing political, religious, or philosophical beliefs, or membership in trade union organizations;
  • Genetic and biometric data, health data, or data concerning sexual life or sexual orientation.

(4) Personal data is collected by the Administrator from the persons to whom it relates.

(5) The company does not perform automated decision-making with data.

Art. 4. (1) The company performs the following operations with the personal data provided by you, as legal representatives or proxies of legal entities – commercial partners, for the following purposes:

  • Concluding and executing a commercial transaction: For concluding and executing a commercial transaction with a commercial company, we process only the full names of the legal representative or authorized person of the company. Conclusion from impact assessment: Given the limited number of individuals whose data is processed and the limited scope of collected personal data, conducting an impact assessment is not necessary for this operation.

(2) Personal data is collected by the Administrator from the persons to whom it relates and from the Commercial Register at the Registry Agency.

(3) The company does not perform automated decision-making with data.

Art. 5. The Administrator may use so-called "cookies" to provide full functionality of the website, improve user experience, statistical purposes, ease of access, etc., with which you agree by using our website. You can control and/or delete cookies at any time through your browser settings. Cookies do not constitute personal data and are not used to identify visitors and users of the online store.

Retention Period of Your Personal Data

Art. 6. (1) The Administrator retains your personal data for a period not longer than the existence of your profile in the online store. After deleting your profile, the Administrator takes the necessary care to delete and destroy all your data without unnecessary delay or to anonymize it (i.e., to make it such that it does not reveal your identity).

(2) The Administrator processes your personal data provided when placing an order without registration in the online store until the order is completed unless you have given your explicit consent at the time of ordering for your data to be processed for the purposes of improving the service, providing recommended content for you, individual conditions, promotions, and for statistical purposes.

(3) The Administrator retains your personal data provided in connection with online orders for a period of 5 years for the purposes of protecting the legal interests of the Administrator in legal or administrative disputes with users of the online store.

(4) The Administrator informs you if the retention period for data needs to be extended in order to fulfill a regulatory obligation or for the legitimate interests of the Administrator or another.

(5) The Administrator retains the personal data that needs to be kept under applicable law for the respective stipulated period, which may exceed the duration of your profile in the online store or until the order is completed.

Art. 7. The Administrator retains the personal data of the legal representatives of its commercial partners for the duration of the contract, to comply with the legitimate interests and legal obligations of the Administrator, which period may exceed the duration of the concluded contract.

Transfer of Your Personal Data for Processing

Чл. 8. (1) The Administrator may, at its discretion, transfer part or all of your personal data to data processors for the purposes of processing, which you have agreed to, in compliance with the requirements of Regulation (EU) 2016/679 (GDPR).

(2) The Administrator informs you in case of intent to transfer part or all of your personal data to third countries or international organizations.

Your Rights Regarding the Collection, Processing, and Storage of Your Personal Data

 

Withdrawal of Consent for Processing Your Personal Data

Art. 9. (1) If you do not wish the personal data you have provided to be processed for marketing purposes and receiving newsletters, you can withdraw your consent for processing at any time by filling out the consent withdrawal form in Appendix No. 1 or by sending a free-text request via email.

(2) After receiving your request, we will send you an email with detailed instructions for verification as a newsletter recipient and data subject whose consent is being withdrawn.

(3) Withdrawal of consent does not affect the lawfulness of data processing performed by the Administrator until this moment.

 

Right of Access

Art. 10. (1) You have the right to request and receive confirmation from the Administrator whether personal data related to you is being processed by sending a free-text request via email.

(2) You have the right to access data related to you and information about the collection, processing, and storage of your personal data.

(3) After receiving your request, we will send an email with detailed instructions for verification as a data subject whose access is being requested.

(4) After verification, as per para. 3, the Administrator provides, upon request, a copy of the processed personal data related to you in electronic or other appropriate form.

(5) Access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repeat or excessive requests.

 

Right to Correction or Completion

Art. 11. (1) You can correct or complete inaccurate or incomplete personal data related to you at any time through the "Edit Profile" option.

(2) You can correct or complete inaccurate or incomplete personal data related to you directly through your profile on the website or by sending a request to the Administrator via email, using the form in Appendix No. 4 or a free-text request.

 

Right to Deletion ("Right to Be Forgotten")

Art. 12. (1) You have the right to request the Administrator to delete part or all of your personal data, and the Administrator has the obligation to delete them without undue delay when one of the following grounds applies:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • You withdraw your consent on which the processing is based, and there is no other legal basis for the processing;
  • You object to the processing of your personal data, including for direct marketing purposes, and there are no overriding legitimate grounds for the processing;
  • The personal data has been unlawfully processed;
  • The personal data must be deleted to comply with a legal obligation under EU law or the law of a Member State applicable to the Administrator;
  • The personal data has been collected in connection with the provision of information society services.

(2) The Administrator is not obliged to delete personal data if it processes and stores it for the following purposes:

  • For exercising the right to freedom of expression and information;
  • For compliance with a legal obligation requiring processing provided by EU law or the law of the Member State applicable to the Administrator or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Administrator;
  • For reasons of public interest in the field of public health;
  • For archival purposes in the public interest, scientific or historical research purposes, or statistical purposes;
  • For the establishment, exercise, or defense of legal claims.

(3) To exercise your right to be forgotten, you need to send an email request to delete your personal data processed by the Administrator by filling out the form in Appendix No. 2 or a free-text request, after which the Administrator will send an email with detailed instructions for verification as a user of the store and a data subject whose data deletion is requested.

(4) After verifying the identity of the person who submitted the request and the person to whom the data relates according to the sent instructions, we will delete all data we process for you, as per para. 3.

(5) If you have placed an order that is being processed, the earliest you can request to be forgotten is upon successful completion of the order.

 

Right to Restriction

Art. 13. You have the right to request the Administrator to restrict the processing of your data by sending a free-text request via email when:

  • You contest the accuracy of the personal data for a period allowing the Administrator to verify the accuracy of the personal data;
  • The processing is unlawful, but you do not want the personal data to be deleted, only to have its use restricted;
  • The Administrator no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise, or defense of legal claims;
  • You have objected to processing pending verification of whether the legitimate grounds of the Administrator override your interests.

(2) After receiving your request, we will send an email with detailed instructions for verification as a user of the store and a data subject whose data processing restriction is requested.

(3) After verification, as per para. 2, the Company will suspend the processing of your data but will not remove any publications you have made in the online store if there are any.

 

Right to Data Portability

Art. 14. (1) If you have given consent for the processing of your personal data or the processing is necessary for the execution of the contract with the Administrator, or if your data is processed by automated means, you can:

  • Request the Administrator to provide your personal data in a readable format and transfer it to another Administrator;
  • Request the Administrator to directly transfer your personal data to an Administrator specified by you, where this is technically feasible.

(2) You can exercise the right to data portability by sending an email with the completed form according to Appendix No. 3 or a free-text request, after which the Administrator will send an email with detailed instructions for verification as a user of the store and a data subject whose data portability is requested.

(3) After verification, as per para. 2, the Company will send the data it processes about you in XML format to the email specified by you.

 

Right to Receive Information

Art. 15. You can request the Administrator to inform you about all recipients to whom personal data for which correction, deletion, or restriction of processing has been requested has been disclosed. The Administrator may refuse to provide this information if it is impossible or requires disproportionate effort.

 

Right to Object

Art. 16. You can object at any time to the processing of personal data by the Administrator relating to you, including if it is processed for profiling or direct marketing purposes.

 

Your Rights in Case of Personal Data Security Breach

Art. 17. (1) If the Administrator establishes a personal data security breach that may result in a high risk to your rights and freedoms, it notifies you without undue delay of the breach and the measures taken or to be taken.

(2) The Administrator is not obliged to notify you if:

  • It has implemented appropriate technical and organizational protection measures regarding the data affected by the security breach;
  • It has subsequently taken measures ensuring that the breach will not result in a high risk to your rights;
  • Notification would require disproportionate effort.

Persons to Whom Your Personal Data is Provided

Art. 18. (1) For the purposes of processing your personal data and providing the service in full functionality and with regard to your interests, the Administrator may provide the data to the following data processors:

 

Data Processor         Purpose of Personal Data Processing

 

"Aposstar" LTD ........................................................

………………………………………..         ……………………………………………………………

………………………………………..         ……………………………………………………………

 

(2) The data processors comply with all legality and security requirements when processing and storing your personal data.

Art. 19. The Administrator does not transfer your data to third countries.

Art. 20. In case of violation of your rights according to the above or applicable data protection legislation, you have the right to file a complaint to the Commission for Personal Data Protection, as follows:

 

Name: Commission for Personal Data Protection

Registered Office and Management Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Correspondence Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg

 

Art. 21. You can exercise all your rights regarding the protection of your personal data through the forms attached to this information. Of course, these forms are not mandatory, and you can submit your requests in any form that contains a statement to this effect and identifies you as the data subject.

Art. 22. If the consent concerns a transfer, the Administrator describes the possible risks for the transfer of the data to third countries in the absence of an adequate protection decision and appropriate safeguards.

 

Appendix No. 1

 

Consent Withdrawal Form for Processing Purposes

 

Your Name:*: …………………….

Your Email Used in the Online Store:*: …………………….

Contact Details (email)*:: …………………….

 

To:

Name: "Aposstar" LTD

UIC: 202874242

Registered Office and Management Address: Gabrovo, 7 "Radost" Street

Correspondence Address: Ruse, 46 "Treti Mart" Boulevard

Phone: 0895 540 441

E-mail: info@aposoliveoil.com

Website: www.aposoliveoil.com

 

I hereby withdraw my consent for processing the personal data I have provided for the purposes of receiving a newsletter, advertising messages, or other marketing materials, and I am aware of the conditions for withdrawing consent in accordance with the Mandatory Information on the Rights of Individuals Regarding Personal Data Protection of the online store.

In case of violation of your rights according to the above or applicable data protection legislation, you have the right to file a complaint to the Commission for Personal Data Protection, as follows:

 

Name: Commission for Personal Data Protection

Registered Office and Management Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Correspondence Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg

 

Appendix No. 2

 

Request to Be Forgotten – Deletion of Personal Data Related to Me

 

Your Name:*: …………………….

Your Email Used for Registration or Orders in the Online Store:*: …………………….

Contact Details (email)*:: …………………….

 

To:

Name: "Aposstar" LTD

UIC: 202874242

Registered Office and Management Address: Gabrovo, 7 "Radost" Street

Correspondence Address: Ruse, 46 "Treti Mart" Boulevard

Phone: 0895 540 441

E-mail: info@aposoliveoil.com

Website: www.aposoliveoil.com

 

Please delete all personal data collected, processed, and stored by you, provided by me or third parties related to me, according to the identification provided.

I declare that I am aware that part or all of my personal data may continue to be processed and stored by the Administrator for the purposes of fulfilling its legal obligations.

In case of violation of your rights according to the above or applicable data protection legislation, you have the right to file a complaint to the Commission for Personal Data Protection, as follows:

 

Name: Commission for Personal Data Protection

Registered Office and Management Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Correspondence Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg

 

Appendix No. 3

 

Request for Data Portability

 

Your Name:*: …………………….

Your Email Used for Registration or Orders in the Online Store:*: …………………….

Contact Details (email)*:: …………………….

 

To:

Name: "Aposstar" LTD

UIC: 202874242

Registered Office and Management Address: Gabrovo, 7 "Radost" Street

Correspondence Address: Ruse, 46 "Treti Mart" Boulevard

Phone: 0895 540 441

E-mail: info@aposoliveoil.com

Website: www.aposoliveoil.com

 

Please send all personal data related to me, collected, processed, and stored in your databases, in XML format to:

e-mail: …………………….

Receiving Administrator: ........................................

 

Name:: …………………….

Identification Number (UIC, reg. number in CPDP): .: …………………….

E-mail: …………………….

 

In case of violation of your rights according to the above or applicable data protection legislation, you have the right to file a complaint to the Commission for Personal Data Protection, as follows:

 

Name: Commission for Personal Data Protection

Registered Office and Management Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Correspondence Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg

 

Appendix No. 4

 

Request for Data Correction

 

Your Name:*: …………………….

Your Email Used for Registration or Orders in the Online Store:*: …………………….

Contact Details (email)*:: …………………….

 

To:

Name: "Aposstar" LTD

UIC: 202874242

Registered Office and Management Address: Gabrovo, 7 "Radost" Street

Correspondence Address: Ruse, 46 "Treti Mart" Boulevard

Phone: 0895 540 441

E-mail: info@aposoliveoil.com

Website: www.aposoliveoil.com

 

Please correct the following personal data related to me, collected, processed, and stored by you, provided by me or third parties related to me, as follows:

Data to be corrected:

…………………………………………..

Please correct as follows:

…………………………………………..

In case of violation of your rights according to the above or applicable data protection legislation, you have the right to file a complaint to the Commission for Personal Data Protection, as follows:

 

Name: Commission for Personal Data Protection

Registered Office and Management Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Correspondence Address: Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg