Privacy Policy
of “FREE BIRD” Ltd. with UIC 204128501 on aeterna-life.com adopted on 25.07.2024.
I. INTRODUCTION
“FREE BIRD ” Ltd, with UIC 204128501, registered office and address of management. Sofia, 1527, 8, Angista str. The COMPANY, hereinafter referred to as the COMPANY, is the owner of the aeterna-life.com website, which offers nutritional supplements only to adult and capable users. The COMPANY, for the purpose of the sale of goods, is the controller of personal data and is responsible for compliance with the provisions of the General Data Protection Regulation 2016/679 and the Personal Data Protection Act in force since 01.01.2002.
When visiting aeterna-life.com as a guest, without placing an order or making an online inquiry, the Company does not collect personal data. In this case, information is collected that does not relate personally to the website visitor, such as the IP address of his computer, the name of the local network or of the company, the website visited before the Company’s website, the information that the subject has searched on aeterna-life.com, as well as the date and time of the visit and the browser used. This information is collected and analyzed, and the visitor remains anonymous. It is used solely to improve the attractiveness, content, and functionality of aeterna-life.com. This information is not used further and is not forwarded to third parties.
The purpose of this Privacy Policy is to inform you what personal data is processed by the Company and for what purposes, to whom it is provided, what your rights are regarding the processing of your personal data and how you can exercise them.
II. BASIS FOR COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
The Company collects, processes, and stores your personal data in connection with the use of the e-commerce platform at aeterna-life.com, hereinafter referred to as the Platform, and the conclusion of contracts with the Company, on the basis of Art. 1 of Regulation (EU) 2016/679 (GDPR) and in particular on the following basis: explicit consent obtained from you as a customer;
performance of the administrator’s obligations under a contract with you;
compliance with a legal obligation applicable to the controller;
for the purposes of the legitimate interests of the controller or of a third party.
III. PERSONAL DATA PROCESSED.
PURPOSES FOR PROCESSING PERSONAL DATA
The Company processes the following categories of personal data and information for the following purposes:
Delivery details (email address, mailing address, billing address, phone number, bank account details, payment details, etc.) – for the performance of the Company’s obligations under the Purchase Agreement and delivery of the purchased goods.
Data for Issuing Invoices to Users – natural persons – Two names and ID number. The processing of the PIN is carried out only after an explicit request of the person for the issuance of an invoice with this requisite.
Direct Marketing Details – Two names and e-mail;
Online inquiry details – Two names and e-mail.
The Company, as a personal data controller, performs the following operations and processes only the necessary personal data for the following purposes:
providing full functionality when using the Platform;
individualization of the user – party to the contract for the purchase and sale of goods offered through the Platform;
securing the performance of the contract for the purchase and sale of goods offered through the Platform;
the exercise by the customer of the right of withdrawal or complaint in respect of the goods in respect of which such rights may be exercised;
information security protection;
accounting purposes, including the issuance of invoices and/or other documents related to the delivery of the goods offered on the Platform.
statistical purposes.
IV. STORAGE PERIOD OF PERSONAL DATA
The company processes your personal data for the duration of the contractual relationship, i.e. the purchase contract.
The Company stores your personal data provided in connection with online orders in the issued accounting documents for a period of 10 years for the purpose of protecting the Company’s legal interests in legal or administrative disputes with users of the online store, and the accounting documents are kept for the relevant statutory period.
The Company shall notify you in the event of the need to extend the data retention period in order to comply with a legal obligation or in view of the legitimate interests of the Company or otherwise.
The Company shall keep the personal data which it is obliged to keep under applicable law for the relevant prescribed period, which may exceed the duration of the contractual relationship.
V. DATA PROTECTION
The Company has put in place reasonable technical and administrative measures to safeguard the personal data that is processed in order to ensure that unauthorised persons do not have access to it and to prevent it from being leaked, and to ensure that it is properly used in accordance with the law and for the period in which it is legitimately needed.
VI. DATA SHARING
The Company shares users’ personal data in the following cases:
1.Sharing with service providers
The Company uses service providers to do certain activities on behalf of the Company. These service providers may be located in countries in the European Union and the European Economic Area, as well as in the United States or other countries around the world, and offer services such as credit card payment processing, customer support, content customization, IT services, email service providers, data hosting. The Company’s service providers are obliged by virtue of the resulting legal relationship and legal regulations to protect the personal data received from the Company and are not allowed to use it for any other purpose than to perform the services as directed by the Company.
2.Sharing with suppliers for the purpose of delivery to an address
The Company uses courier service providers to deliver the goods offered by the Company to an address in the Republic of Bulgaria in view of an order placed on the Company’s website. The Company’s courier service providers are obliged by virtue of the established legal relationship and legal regulations to protect the personal data received from the Company and are not allowed to use it for any other purpose than to carry out delivery to an address as directed by the Company.
3. Corporate transactions
If at any time the Company decides to restructure its business, it may disclose or transfer personal information to potential buyers or receive personal information from sellers, and it is the Company’s obligation to ensure adequate protection for consumers’ personal information in these types of transactions.
4.Compliance with the law
The Company may share users’ personal data if it is required to: (a) respond to duly authorized requests for information from law enforcement authorities and to comply with national security and other law enforcement requirements; (b) comply with a law, regulation, subpoena or court order; (c) investigate and help prevent security threats, fraud or other criminal or malicious activity; or (d) protect the rights or personal safety of its employees and third parties under applicable law.
Like most websites, the Platform collects data in log files. This information includes the user’s IP address, as well as which browser they use (such as Mozzilla, IE, Chrome, etc.), the operating system (Linux, Windows, iOS), and when they visited the Platform. The Company reserves the right to use users’ IP addresses to disclose their identity in cases where this is necessary to comply with the law.
The Company has the right to provide personal data of the user to third parties in order to offer a quality, fast and comprehensive service. The personal data shall be made available upon assurance by the Company that all technical and organisational measures have been taken to protect such data.
VII. RECIPIENTS AND CATEGORIES OF RECIPIENTS
In connection with the performance of the purposes set out above, the Company provides the personal data of individuals to the following recipients:
National Revenue Agency – for inspections and audits;
Banks, pursuant to a banking services agreement with the Company – in connection with the payment of monies upon exercise of the right of withdrawal;
Other state and municipal authorities and/or institutions – in connection with legal obligations to them or in connection with legal requests from them for information containing personal data;
Subcontractors for the performance of contractual obligations, including suppliers for the purpose of making delivery to an address of goods offered by the Company.
VIII. CONTACT DETAILS OF THE COMPANY
If you have any questions or concerns about the processing of your personal data or wish to exercise any of your rights, please use the following contact details:
email: hello@aeterna-life.com
phone: 0882 828806
address: Sofia, Angista 8
IX. PRINCIPLES FOR PROCESSING PERSONAL DATA
1. Compliance with European and Bulgarian legislation.
The Company’s policy aims to ensure compliance with the provisions of Regulation 2016/679 and the Personal Data Protection Act.
2.Personal data is collected and processed lawfully and in good faith
The Company collects and processes personal data lawfully, in good faith and in accordance with the principles and rights of individuals in relation to the processing of their personal data.
3.Personal data is collected and processed only for specified purposes
The Company processes personal data of individuals only in the following cases:
Where an individual has given his or her unambiguous consent to an intelligible and transparently defined purpose on the part of the Company for which processing of his or her personal data is necessary;
Where the processing is necessary to comply with a legal obligation of the Company;
Where processing is necessary for the performance of a contract with the Company to which an individual is a party or to take steps at the request of an individual before entering into a contract where his or her identification is required;
Where processing is necessary to protect the vital interests of the natural person whose personal data is being processed or of another natural person;
Where the processing is necessary for the purposes of the legitimate interests of the Company or of a third party under the provisions of the Regulation;
Where the processing is necessary for the purposes of the legitimate interests of the Company or of a third party under the provisions of the Regulation;
Where the processing is necessary for the purposes of analysis and business intelligence, new product development, improvement of systems and metrics based on the legitimate interest of the Company, namely to continuously improve and develop its products;
For another legitimate purpose or in the other cases provided for in the Regulation.
Personal data not necessary for the activity is not collected and processed
The Company does not collect or process personal data of individuals beyond its obligations under the law or its needs for doing business.
4.Limitation of targets
The Company uses the personal data of users only for the purposes stated at the time of collection and for additional purposes compatible with them, in accordance with the law.
In all cases where it is necessary to use collected and processed personal data of individuals for purposes other than the original ones, the Company shall notify the individuals concerned, request their consent and proceed to process their personal data for other purposes only after their explicit consent.
5.Personal data is processed transparently
The Company shall ensure transparency in the communication of the personal data collected and processed, by providing information in a concise, transparent, understandable and easily accessible form, and using clear and unambiguous wording. The user decides whether and how to use the website and its functionalities.
6.Right to informed choice
The Company always provides users with accurate information and gives them the right to choose the type of personal data it collects from them, as well as the purposes and duration for which it collects and processes it. The Company will not use users’ personal data for purposes inconsistent with these principles, the Privacy Policy or specific notices related to the services provided.
7.The minimum personal data necessary for processing shall be collected
The Company collects and processes only the minimum necessary personal data of individuals who:
are provided for by law;
are required for the performance of a contract;
are necessary to fulfil the purposes for which they are collected.
are provided by you voluntarily and after your consent.
Personal data processed is accurate and up to date
The Company shall ensure that the processing of personal data of individuals is carried out with the utmost accuracy and, where possible, always up to date.
8.The personal data shall be processed by the minimum number of persons required
The Company shall ensure that the access and processing of personal data of natural persons is carried out by the minimum number of persons (operators) who have the necessary competence for their processing and the necessary commitment to their protection.
9.Personal data shall be kept for the minimum necessary time
The Company retains personal data for the minimum time necessary:
is required by law;
the need to perform a contract (including an order) and the responsibility thereunder;
necessary to fulfil the purpose for which the data were collected and processed;
until the individual requests their deletion, after which they shall be destroyed without undue delay;
until the expiry of the period for which the Company has the right to store the data on the basis of a legitimate interest.
In all cases, the Company shall ensure that the personal data collected and processed are reviewed at least once a year and those that fall under any of the above hypotheses shall be deleted without undue delay.
X. PERSONAL DATA PROCESSING RULES
1.Personal data shall be processed with the necessary levels and measures of protection
The Company provides the necessary levels of physical, organizational and technological protection in order to:
the nature, scope, context and purpose of the personal data processed;
the likelihood, impact levels and severity of the risk to the rights and freedoms of natural persons in the event of a breach of the security of the personal data processed; its financial and organisational capabilities.
The Company shall also ensure all necessary measures for the timely recovery of collected and processed personal data in case of their loss as a result of accidental, malicious or force majeure events.
2.Personal data is processed with controlled and traceable access
The Company provides the necessary and appropriate technical, organizational and technological measures for controlled and traceable access to the personal data of individuals and the possibility to review, correct, supplement, transfer or delete the personal data of users shared with us.
3.Personal data is processed with the necessary accountability to comply with the Regulation
The Company shall ensure that it has the necessary records and registers to be able to demonstrate that the provisions of the Regulation have been complied with.
4.Data security
In order to protect users’ personal data from misuse, the Company implements strict measures to protect the information it holds and requires the same level of security from its partners to whom it provides it in order to meet its obligations to users.
5.Compliance with the rights of natural persons whose personal data are processed
Users have the right to access any personal data that they have provided or that the Company holds about them. They also have the right to request the rectification, completion, restriction, transfer or deletion of their personal data, as well as to request clarification in relation to its processing. In certain cases, a user’s request may be denied on the basis of law, for example, where the provision of information would disclose personal data to another person, or where there is a legal prohibition on the disclosure of such information.
The Company shall ensure compliance with the rights of individuals whose personal data is collected and processed, which includes:
The User may ask the Company for confirmation of whether it is processing their personal data and, if so, to request access to it. This is done by the User sending a request to the Company at the address below.
Right to rectification of inaccurate data
You can ask the Company to correct your inaccurate personal data or to supplement the personal data it already has.
Right to erasure (right to be forgotten)
In certain circumstances you may ask the Company to delete your personal data and, if the law allows, the Company will do so as soon as possible. In such event, the Company will no longer be able to provide its services to you.
Right to restriction of processing
You can ask the Company to restrict the processing of your personal data. In this case, the relevant data will be marked and can only be processed by the Company for certain purposes.
The right to be informed of action resulting from a request for rectification, erasure or restriction of the processing of personal data
Right to data portability
In certain circumstances, you may have the right to receive your personal data that you have provided to the Company in a structured, commonly used format that is machine-readable (e.g. in digital format) and to request the transfer of that data to another person without the Company preventing this, if such transfer is technically feasible.
Right to object to processing of personal data
Right to lodge a complaint with a supervisory authority.
If you think that your rights in relation to personal data have been violated, please contact the Company to try to find a solution to the matter.
You can also contact your local data protection authorities and lodge a complaint with them, in particular if you are resident in a European Union country or at the place of the alleged breach.
In Bulgaria, this is the Commission for Personal Data Protection, information about which you will find below.
A request to exercise the rights described above can be sent to the following email address: kzld@government.bg, kzld@cpdp.bg
Contact us.
We at FREEBIRD Ltd. value your opinion. If you have any questions or concerns about our Privacy Policy, the collection and use of your personal data, or in relation to a possible violation of the Personal Data Protection Act, you may contact us at the Company contact details listed above.
XI. COMPETENT SUPERVISORY AUTHORITY
The Commission for Personal Data Protection (CPDP) is the independent state authority that ensures the protection of individuals in the processing of their personal data and access to such data, as well as the control of compliance with the Personal Data Protection Act on the territory of the Republic of Bulgaria.
In case you suspect that your rights related to the protection of your personal data have been violated, you can submit a report to the CPPD at:
“Address. Address: 1592 Sofia 2, “Prof. Tsvetan Lazarov” Blvd.
E-mail: kzld@cpdp.bg
Website: www.cpdp.bg
Phone: 02 / 91-53-518
XII. CHANGES TO THE PRIVACY POLICY
The Company reserves the right to change this Privacy Policy at any time, without notice and without your prior and express consent, in strict compliance with the provisions of the General Data Protection Regulation 2016/679.
of “FREE BIRD” Ltd. with UIC 204128501 on aeterna-life.com adopted on 25.07.2024.
I. INTRODUCTION
“FREE BIRD ” Ltd, with UIC 204128501, registered office and address of management. Sofia, 1527, 8, Angista str. The COMPANY, hereinafter referred to as the COMPANY, is the owner of the aeterna-life.com website, which offers nutritional supplements only to adult and capable users. The COMPANY, for the purpose of the sale of goods, is the controller of personal data and is responsible for compliance with the provisions of the General Data Protection Regulation 2016/679 and the Personal Data Protection Act in force since 01.01.2002.
When visiting aeterna-life.com as a guest, without placing an order or making an online inquiry, the Company does not collect personal data. In this case, information is collected that does not relate personally to the website visitor, such as the IP address of his computer, the name of the local network or of the company, the website visited before the Company’s website, the information that the subject has searched on aeterna-life.com, as well as the date and time of the visit and the browser used. This information is collected and analyzed, and the visitor remains anonymous. It is used solely to improve the attractiveness, content, and functionality of aeterna-life.com. This information is not used further and is not forwarded to third parties.
The purpose of this Privacy Policy is to inform you what personal data is processed by the Company and for what purposes, to whom it is provided, what your rights are regarding the processing of your personal data and how you can exercise them.
II. BASIS FOR COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
The Company collects, processes, and stores your personal data in connection with the use of the e-commerce platform at aeterna-life.com, hereinafter referred to as the Platform, and the conclusion of contracts with the Company, on the basis of Art. 1 of Regulation (EU) 2016/679 (GDPR) and in particular on the following basis: explicit consent obtained from you as a customer;
performance of the administrator’s obligations under a contract with you;
compliance with a legal obligation applicable to the controller;
for the purposes of the legitimate interests of the controller or of a third party.
III. PERSONAL DATA PROCESSED.
PURPOSES FOR PROCESSING PERSONAL DATA
The Company processes the following categories of personal data and information for the following purposes:
Delivery details (email address, mailing address, billing address, phone number, bank account details, payment details, etc.) – for the performance of the Company’s obligations under the Purchase Agreement and delivery of the purchased goods.
Data for Issuing Invoices to Users – natural persons – Two names and ID number. The processing of the PIN is carried out only after an explicit request of the person for the issuance of an invoice with this requisite.
Direct Marketing Details – Two names and e-mail;
Online inquiry details – Two names and e-mail.
The Company, as a personal data controller, performs the following operations and processes only the necessary personal data for the following purposes:
providing full functionality when using the Platform;
individualization of the user – party to the contract for the purchase and sale of goods offered through the Platform;
securing the performance of the contract for the purchase and sale of goods offered through the Platform;
the exercise by the customer of the right of withdrawal or complaint in respect of the goods in respect of which such rights may be exercised;
information security protection;
accounting purposes, including the issuance of invoices and/or other documents related to the delivery of the goods offered on the Platform.
statistical purposes.
IV. STORAGE PERIOD OF PERSONAL DATA
The company processes your personal data for the duration of the contractual relationship, i.e. the purchase contract.
The Company stores your personal data provided in connection with online orders in the issued accounting documents for a period of 10 years for the purpose of protecting the Company’s legal interests in legal or administrative disputes with users of the online store, and the accounting documents are kept for the relevant statutory period.
The Company shall notify you in the event of the need to extend the data retention period in order to comply with a legal obligation or in view of the legitimate interests of the Company or otherwise.
The Company shall keep the personal data which it is obliged to keep under applicable law for the relevant prescribed period, which may exceed the duration of the contractual relationship.
V. DATA PROTECTION
The Company has put in place reasonable technical and administrative measures to safeguard the personal data that is processed in order to ensure that unauthorised persons do not have access to it and to prevent it from being leaked, and to ensure that it is properly used in accordance with the law and for the period in which it is legitimately needed.
VI. DATA SHARING
The Company shares users’ personal data in the following cases:
1.Sharing with service providers
The Company uses service providers to do certain activities on behalf of the Company. These service providers may be located in countries in the European Union and the European Economic Area, as well as in the United States or other countries around the world, and offer services such as credit card payment processing, customer support, content customization, IT services, email service providers, data hosting. The Company’s service providers are obliged by virtue of the resulting legal relationship and legal regulations to protect the personal data received from the Company and are not allowed to use it for any other purpose than to perform the services as directed by the Company.
2.Sharing with suppliers for the purpose of delivery to an address
The Company uses courier service providers to deliver the goods offered by the Company to an address in the Republic of Bulgaria in view of an order placed on the Company’s website. The Company’s courier service providers are obliged by virtue of the established legal relationship and legal regulations to protect the personal data received from the Company and are not allowed to use it for any other purpose than to carry out delivery to an address as directed by the Company.
3. Corporate transactions
If at any time the Company decides to restructure its business, it may disclose or transfer personal information to potential buyers or receive personal information from sellers, and it is the Company’s obligation to ensure adequate protection for consumers’ personal information in these types of transactions.
4.Compliance with the law
The Company may share users’ personal data if it is required to: (a) respond to duly authorized requests for information from law enforcement authorities and to comply with national security and other law enforcement requirements; (b) comply with a law, regulation, subpoena or court order; (c) investigate and help prevent security threats, fraud or other criminal or malicious activity; or (d) protect the rights or personal safety of its employees and third parties under applicable law.
Like most websites, the Platform collects data in log files. This information includes the user’s IP address, as well as which browser they use (such as Mozzilla, IE, Chrome, etc.), the operating system (Linux, Windows, iOS), and when they visited the Platform. The Company reserves the right to use users’ IP addresses to disclose their identity in cases where this is necessary to comply with the law.
The Company has the right to provide personal data of the user to third parties in order to offer a quality, fast and comprehensive service. The personal data shall be made available upon assurance by the Company that all technical and organisational measures have been taken to protect such data.
VII. RECIPIENTS AND CATEGORIES OF RECIPIENTS
In connection with the performance of the purposes set out above, the Company provides the personal data of individuals to the following recipients:
National Revenue Agency – for inspections and audits;
Banks, pursuant to a banking services agreement with the Company – in connection with the payment of monies upon exercise of the right of withdrawal;
Other state and municipal authorities and/or institutions – in connection with legal obligations to them or in connection with legal requests from them for information containing personal data;
Subcontractors for the performance of contractual obligations, including suppliers for the purpose of making delivery to an address of goods offered by the Company.
VIII. CONTACT DETAILS OF THE COMPANY
If you have any questions or concerns about the processing of your personal data or wish to exercise any of your rights, please use the following contact details:
email: hello@aeterna-life.com
phone: 0882 828806
address: Sofia, Angista 8
IX. PRINCIPLES FOR PROCESSING PERSONAL DATA
1. Compliance with European and Bulgarian legislation.
The Company’s policy aims to ensure compliance with the provisions of Regulation 2016/679 and the Personal Data Protection Act.
2.Personal data is collected and processed lawfully and in good faith
The Company collects and processes personal data lawfully, in good faith and in accordance with the principles and rights of individuals in relation to the processing of their personal data.
3.Personal data is collected and processed only for specified purposes
The Company processes personal data of individuals only in the following cases:
Where an individual has given his or her unambiguous consent to an intelligible and transparently defined purpose on the part of the Company for which processing of his or her personal data is necessary;
Where the processing is necessary to comply with a legal obligation of the Company;
Where processing is necessary for the performance of a contract with the Company to which an individual is a party or to take steps at the request of an individual before entering into a contract where his or her identification is required;
Where processing is necessary to protect the vital interests of the natural person whose personal data is being processed or of another natural person;
Where the processing is necessary for the purposes of the legitimate interests of the Company or of a third party under the provisions of the Regulation;
Where the processing is necessary for the purposes of the legitimate interests of the Company or of a third party under the provisions of the Regulation;
Where the processing is necessary for the purposes of analysis and business intelligence, new product development, improvement of systems and metrics based on the legitimate interest of the Company, namely to continuously improve and develop its products;
For another legitimate purpose or in the other cases provided for in the Regulation.
Personal data not necessary for the activity is not collected and processed
The Company does not collect or process personal data of individuals beyond its obligations under the law or its needs for doing business.
4.Limitation of targets
The Company uses the personal data of users only for the purposes stated at the time of collection and for additional purposes compatible with them, in accordance with the law.
In all cases where it is necessary to use collected and processed personal data of individuals for purposes other than the original ones, the Company shall notify the individuals concerned, request their consent and proceed to process their personal data for other purposes only after their explicit consent.
5.Personal data is processed transparently
The Company shall ensure transparency in the communication of the personal data collected and processed, by providing information in a concise, transparent, understandable and easily accessible form, and using clear and unambiguous wording. The user decides whether and how to use the website and its functionalities.
6.Right to informed choice
The Company always provides users with accurate information and gives them the right to choose the type of personal data it collects from them, as well as the purposes and duration for which it collects and processes it. The Company will not use users’ personal data for purposes inconsistent with these principles, the Privacy Policy or specific notices related to the services provided.
7.The minimum personal data necessary for processing shall be collected
The Company collects and processes only the minimum necessary personal data of individuals who:
are provided for by law;
are required for the performance of a contract;
are necessary to fulfil the purposes for which they are collected.
are provided by you voluntarily and after your consent.
Personal data processed is accurate and up to date
The Company shall ensure that the processing of personal data of individuals is carried out with the utmost accuracy and, where possible, always up to date.
8.The personal data shall be processed by the minimum number of persons required
The Company shall ensure that the access and processing of personal data of natural persons is carried out by the minimum number of persons (operators) who have the necessary competence for their processing and the necessary commitment to their protection.
9.Personal data shall be kept for the minimum necessary time
The Company retains personal data for the minimum time necessary:
is required by law;
the need to perform a contract (including an order) and the responsibility thereunder;
necessary to fulfil the purpose for which the data were collected and processed;
until the individual requests their deletion, after which they shall be destroyed without undue delay;
until the expiry of the period for which the Company has the right to store the data on the basis of a legitimate interest.
In all cases, the Company shall ensure that the personal data collected and processed are reviewed at least once a year and those that fall under any of the above hypotheses shall be deleted without undue delay.
X. PERSONAL DATA PROCESSING RULES
1.Personal data shall be processed with the necessary levels and measures of protection
The Company provides the necessary levels of physical, organizational and technological protection in order to:
the nature, scope, context and purpose of the personal data processed;
the likelihood, impact levels and severity of the risk to the rights and freedoms of natural persons in the event of a breach of the security of the personal data processed; its financial and organisational capabilities.
The Company shall also ensure all necessary measures for the timely recovery of collected and processed personal data in case of their loss as a result of accidental, malicious or force majeure events.
2.Personal data is processed with controlled and traceable access
The Company provides the necessary and appropriate technical, organizational and technological measures for controlled and traceable access to the personal data of individuals and the possibility to review, correct, supplement, transfer or delete the personal data of users shared with us.
3.Personal data is processed with the necessary accountability to comply with the Regulation
The Company shall ensure that it has the necessary records and registers to be able to demonstrate that the provisions of the Regulation have been complied with.
4.Data security
In order to protect users’ personal data from misuse, the Company implements strict measures to protect the information it holds and requires the same level of security from its partners to whom it provides it in order to meet its obligations to users.
5.Compliance with the rights of natural persons whose personal data are processed
Users have the right to access any personal data that they have provided or that the Company holds about them. They also have the right to request the rectification, completion, restriction, transfer or deletion of their personal data, as well as to request clarification in relation to its processing. In certain cases, a user’s request may be denied on the basis of law, for example, where the provision of information would disclose personal data to another person, or where there is a legal prohibition on the disclosure of such information.
The Company shall ensure compliance with the rights of individuals whose personal data is collected and processed, which includes:
The User may ask the Company for confirmation of whether it is processing their personal data and, if so, to request access to it. This is done by the User sending a request to the Company at the address below.
Right to rectification of inaccurate data
You can ask the Company to correct your inaccurate personal data or to supplement the personal data it already has.
Right to erasure (right to be forgotten)
In certain circumstances you may ask the Company to delete your personal data and, if the law allows, the Company will do so as soon as possible. In such event, the Company will no longer be able to provide its services to you.
Right to restriction of processing
You can ask the Company to restrict the processing of your personal data. In this case, the relevant data will be marked and can only be processed by the Company for certain purposes.
The right to be informed of action resulting from a request for rectification, erasure or restriction of the processing of personal data
Right to data portability
In certain circumstances, you may have the right to receive your personal data that you have provided to the Company in a structured, commonly used format that is machine-readable (e.g. in digital format) and to request the transfer of that data to another person without the Company preventing this, if such transfer is technically feasible.
Right to object to processing of personal data
Right to lodge a complaint with a supervisory authority.
If you think that your rights in relation to personal data have been violated, please contact the Company to try to find a solution to the matter.
You can also contact your local data protection authorities and lodge a complaint with them, in particular if you are resident in a European Union country or at the place of the alleged breach.
In Bulgaria, this is the Commission for Personal Data Protection, information about which you will find below.
A request to exercise the rights described above can be sent to the following email address: kzld@government.bg, kzld@cpdp.bg
Contact us.
We at FREEBIRD Ltd. value your opinion. If you have any questions or concerns about our Privacy Policy, the collection and use of your personal data, or in relation to a possible violation of the Personal Data Protection Act, you may contact us at the Company contact details listed above.
XI. COMPETENT SUPERVISORY AUTHORITY
The Commission for Personal Data Protection (CPDP) is the independent state authority that ensures the protection of individuals in the processing of their personal data and access to such data, as well as the control of compliance with the Personal Data Protection Act on the territory of the Republic of Bulgaria.
In case you suspect that your rights related to the protection of your personal data have been violated, you can submit a report to the CPPD at:
“Address. Address: 1592 Sofia 2, “Prof. Tsvetan Lazarov” Blvd.
E-mail: kzld@cpdp.bg
Website: www.cpdp.bg
Phone: 02 / 91-53-518
XII. CHANGES TO THE PRIVACY POLICY
The Company reserves the right to change this Privacy Policy at any time, without notice and without your prior and express consent, in strict compliance with the provisions of the General Data Protection Regulation 2016/679.