Privacy Policy - FC Pirin Blagoevgrad - Official website

PRIVACY POLICY AND PROTECTION OF PERSONAL DATA

PFC PIRIN 22 AD, with registered office and address of management: 2700 g. Blagoevgrad, str. Dabravska no 1 and mailing address: 2700 g. Blagoevgrad, str. Dabravska no 1, entered in the Commercial Register at the Registration Agency with EIC 206966097, represented by the executive director Stanislav Lyubenov Manolev, is a personal data controller within the meaning of the Regulation (EU) 2016/679, hereinafter briefly referred to as the "Regulations".

This privacy and data protection policy is intended to define and clarify the relationship between the two parties – Seller/Merchant (PFC PIRIN 22 AD)  – Buyer/Client (INDIVIDUAL/LEGAL ENTITY), occurring during the sale of goods from a distance through the electronic portal/shop of "PFK PIRIN 22" AD with the electronic address - www.fcpirin.com

Personal data should be understood as any information, which refers to the user - a natural person and through which he can be identified. Categories of personal data, which we process

For the execution of a contract for the sale of goods and services at a distance according to the Merchant's General Terms and Conditions, as well as its implementation, The trader can process and store the following personal data of users - natural persons, namely: Name; surname; password; address; email; phone number; date of birth and others.

PURPOSES AND PROCESSING OF PERSONAL DATA

  • The Merchant may use the data provided by the Buyer, through his consent, with purpose:
  • performing the distance selling service
  • and provide the Buyer with other related services – courier and payment by bank transfer or through an integrated payment system for payments
  • regular receipt by the Buyer of information and advertising about current products, services, games with prizes, promotions and email customer surveys, mail.
  • provision of state bodies and institutions
  • correspondence for connection with a view to performing the service
  • making a sale or delivery of goods, which the Merchant offers on its website
  • sending suggestions or advice about specific products
  • an inquiry received from a Customer regarding an offered product/goods
  • maximum ease of access when using the Merchant's website
  • compliance with regulatory requirements (eg for tax purposes),
  • collection of opinions by the Merchant in order to improve the quality of the service provided for the sale of goods/products
  • selection of employees, applying for a job in the Merchant's company
  • accounting for the proper administration of the Merchant's business
  • for the purposes of the Merchant's marketing activities, etc.
  • The merchant processes personal data:
  • on the basis of fiduciary relationships between him and the Client – in connection with ordering and purchasing, sending, the payment of the products/goods offered on the Merchant's page;
  • on the basis of the Client's consent to have his data processed – he provides his personal data voluntarily.
  • on the basis of a legal obligation or with a view to fulfilling a statutory obligation to a relevant state institution (NOAH, NAA, MIA; BFS; FSC; BNB; The labor inspection, etc.).
  • on the basis of a legitimate interest of the Merchant – at legitimate (legal) interest the Merchant unilaterally, without asking for consent, decides, that it has the right to process the data of given entities, to protect its primordial rights and interests, for example, to protect his property or to be able to carry out his business at all.
  • to send suggestions or advice about its products, services, including how the Customer can take maximum advantage of the features available when using the Merchant's website.
  • with the consent of the Client.

Use and protection of the Customer's personal data

Use of the website www.fcpirin.com , in review mode can be done without entering the Customer's personal data.

The provision of personal data is mandatory and arises from a contractual requirement, in view of the need for the Merchant to perform the delivery services of the products and services purchased by the Customer.

When the Customer registers on the Merchant's website – www.fcpirin.com  – and orders goods/products, he does this in order to realize pre-contractual and contractual relations, aimed at purchasing goods and products from the Merchant's website.

In this regard, the Customer's personal data is required - name, surname, email, address (and), telephone.

When the Customer performs such registration, buys a product or service from the Merchant or otherwise uses the website in connection with the Merchant's website, The Customer agrees to the General Terms and Privacy Policy of the Merchant, as this is a prerequisite for concluding a contract between the Client and the Merchant.

The trader strictly adheres to the processing of the minimum possible volume of personal data. If the processing of personal data is necessary and there is no other legal basis for such processing, The Merchant will request the Customer's consent. This message is intended to clarify, what personal data the Merchant processes and what the Customer's rights are in this regard.

The merchant processes the personal data of natural persons - users solely and solely for the purpose of fulfilling its contractual obligations and more precisely processing the user's ORDER, making the relevant delivery.

The use of the website www.fcpirin.com ., in review mode can be done without entering the Customer's personal data

Legal basis for the processing of personal data

  • the performance of a contract, to which the data subject is a party, or taking steps at the data subject's request prior to entering into a contract;
  • compliance with a legal obligation, which applies to the administrator;
  • the legitimate interest of the administrator to carry out its activities for the benefit of the welfare of its shareholders and to function as a responsible public company.

If the processing of personal data is necessary, but there is no other basis for such processing, The trader will procure the express prior consent of the data subject.

Term and storage of personal data processing

The merchant (The administrator)  store the subject's personal data for a period, necessary to fulfill his obligations as a party to a contract, unless a regulatory document (Accountancy Act, Tax and Insurance Procedural Code, Commercial Law, ZZD, etc.),  does not require their storage for a longer period. The data is stored according to the applicable Bulgarian and/or European legislation.

The Merchant continues to process information about the Customer, until he withdraws his consent or it can reasonably be assumed, that his consent no longer exists. The customer has the right at any time to withdraw his consent to the processing of the personal data provided by him, and for this purpose it is necessary to inform the Merchant. Withdrawal of consent does not affect the lawfulness of the processing, based on consent given before its withdrawal.

Data to third parties

The merchant has the right to provide the collected, processed and stored for the purposes of the contract for the sale of the Customer's data to third parties, which they can be:

  • administrators or operators of personal data within the meaning of the Personal Data Protection Act, in order to fulfill the Merchant's obligation under concluded contracts for the delivery of goods, or debt collection, payable for the goods delivered, as well as to fulfill legal obligations.
  • Agencies for marketing campaigns of the Merchant. These companies receive the data when setting cookie settings, as well as when conducting other marketing activities, related to the Merchant's website, as well as companies, who conduct e-mail marketing, sending promotional e-mail messages to the Client and attaching codes when they are opened.
  • Third parties, which attach codes and cookies to the Customer's device when visiting the Merchant's page, such as Google, Facebook etc.
  • Companies, providing IT support for the Merchant's information systems, in which the Customer's data is stored. Their access to the data in the systems is for the purpose of normal and protected functioning of the same, and thus protection of the data provided for processing.
  •  State institutions with a view to fulfilling a statutory obligation (NOAH, NAA, MIA; FSC; BNB; The labor inspection, etc.)
  • licensed postal operators - couriers. In these cases, the user may receive SMS notifications or calls.

 Consent to the processing of personal data:

Contract for the sale of goods/services at a distance - any contract, concluded between the Merchant and the Customer for the sale of goods at a distance without the simultaneous physical presence of the Merchant and the Customer, by using one or more means of distance communication until the conclusion of the contract, including at the time of conclusion of the contract.

Is considered, that the user has given his express written consent to the processing and transfer of his personal data by registering a user account by pressing the button "I agree to the general conditions and the privacy policy of personal data" located on the website www.fcpirin.com

Is considered, that the user has given his express written consent to the processing and transfer of his personal data by registering as guest by pressing the "I agree to the terms and conditions" button

"I agree to the privacy policy" button located on the website www.fcpirin.com

The personal data provided during the registration process are considered correct, complete and accurate and when changing the same, The customer is obliged to update them in a timely manner. When provided incorrect, incomplete or inaccurate data or, if changes have occurred in the same not updated, The merchant is not responsible for the inaccurate performance of the contract.

The data subject has the opportunity to correct the information entered by him in the registration form before the completion of the order.

In cases of online payment of a purchased product/goods, The merchant does not process the transaction data. In this case, the data is forwarded to a secure payment system environment.

Considers, that the user has given his express written consent to the processing and transfer of his personal data by registering a user account by pressing the "I agree to the general conditions" button and I agree to the privacy policy and protection of personal data, located on a website www.fcpirin.com  for the following purposes:

  • By regularly receiving information and advertising about current products, services, games with prizes, promotions and email customer surveys, mail and others.

Rights of personal data subjects (Customers)

Subjects have the right to know how their personal data is processed.

  • Right to information: The Customer has the right to request from the Merchant information about how and for what purposes it processes his personal data, as well as to receive a copy of the personal data.
  • Subjects have the right to access their personal information, stored by the personal data controller and personal data processors, as well as receive confirmation as to whether or not their personal data is being processed.
  • The subject of personal data has the right to ask the administrator to correct inaccurate personal data without undue delay, related to it (right to rectification).
  • The data subject has the right to request the erasure of the personal data related to him. Another name for this right is "the right to be forgotten" The administrator is obliged to delete personal data, in each of the following cases:

– the personal data are no longer necessary for the purposes, for which they have been collected or otherwise processed;

– the data subject withdraws his consent, on which the processing of the data is based and there is no other legal basis for the processing;

– the data subject objects to the processing and there are no legal grounds for the processing, to have an advantage;

– the personal data were processed unlawfully;

– the personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State, which applies to the administrator.

– the personal data were collected in connection with the provision of information society services to children and consent was given by the holder of parental responsibility for the child.

– data must be deleted to comply with the law.

The customer should keep in mind, that there may be reasons for the deletion not to take place immediately, due to the existence of a legal requirement to retain this data.

  • The subject has the right to request the administrator to limit the processing of personal data (right to restriction of processing). The administrator is obliged to notify each recipient, to whom the data was disclosed, for any correction made by him, deletion and restriction of the processing of the subject's personal data.
  • The subject has the right to receive the personal data, which concern him and which he has provided to the administrator (right of portability). When the data is processed on the basis of consent or contractual obligation and the processing is carried out in an automated manner, the data can be requested and must be obtained in a widely distributed electronic format, to make it possible to provide this data to a new administrator. Also, the subject of personal data may request the direct transfer of personal data from one controller to another.
  • Individuals have the right to object to the processing of personal data, related to them on the basis of public interest or legitimate interest of the controller. The administrator must stop the processing, unless he proves, that the legal grounds for processing take precedence over interests, rights and freedoms of the data subject. For example, data subjects have the right to object to the processing of personal data, related to direct marketing, where the processing of personal data is a legitimate interest of the employer and the controller must stop the processing.
  • The subject of personal data has the right not to be subject to automated decision-making, including profiling.

Profiling is defined in an article 4, etc. 4 of the Regulation as any form of automated processing of personal data, where personal data is used to analyze or predict personal aspects of the individual, which relate, for example, to the performance of the person's professional duties, its economic status, health, interests, reliability, behavior, movement and others.

Automated decision making means the analysis and assessment of personal aspects of an individual based solely on an automatically made decision, where there is no human intervention or analysis, but only from a machine. The subject of personal data may become subject to automated decision-making, if this is necessary for the conclusion of a contract or if the subject has expressly agreed to be subject to such a decision or to any other of the grounds for processing. In other cases, the subject of personal data may refuse to have their information processed in this way. Then the administrator must implement appropriate measures to protect the rights and freedoms of the subject, the least of which is the provision of human intervention in the implementation of the analysis.

  • Right to appeal to a supervisory authority and effective judicial protection against a controller or processor of personal data

To exercise his rights, each subject of personal data may prepare and send to the Company's address one or more of the following forms:

  • Right to Information Request
  • Request for access to personal data
  • Request to correct personal data
  • Request to delete personal data
  • Request to restrict the processing of personal data
  • Request for portability of personal data
  • Objection to processing of personal data

Personal data administrator (The company, PFC Pirin 22 AD)

Administrator means a natural or legal person, public body, agency or other structure, which alone or jointly with others determines the purposes and means of processing personal data. Processor of personal data means a natural or legal person, public body, agency or other structure, which processes personal data on behalf of the Administrator.

Recipient of personal data

Recipient means a natural or legal person, public body, agency or other structure, before which the personal data is disclosed, whether third party or not.

Third side

Third party means a natural or legal person, public body, agency or other body, different from the data subject, administrator, the personal data processor and the individuals, who, under the direct supervision of the administrator or the personal data processor, have the right to process personal data.

Seller/Trader –  natural or legal person, that sells or offers for sale goods or services for a fee, as part of their commercial or professional activity in the public or private sector.

Company – the name, under which traders conduct their business

Customer/Buyer/User – any natural/legal person,  which acquires the goods, provided by the Seller/Merchant.

Contract for the sale of goods at a distance – any contract, concluded between the Merchant and the Customer for the sale of goods at a distance without the simultaneous physical presence of the Merchant and the Customer, by using one or more means of distance communication until the conclusion of the contract, including at the time of conclusion of the contract.

Commodity/Product – any subject of a distance sales contract, concluded between the Merchant and the Customer through the Merchant's website/electronic store, provided to the Client for a fee.

Order/Request – an electronic document, through which the Customer declares to the Merchant his intention to purchase goods from him, using the site provided for this purpose.

Website/Internet Page – the domain www.fcpirin.com  property of the Merchant, through which he trades.

Account – formed by email and password section of the Web site, allowing the Customer to place an Order. The account displays information about the Customer, as well as his order history.

Online trading - purchase and sale of goods or services for profit, which is carried out mainly through e-shops, online platforms /, classifieds platform, social networks, etc.

Electronic/Internet store – store built with a set of computer programs ( software), registered and accessible at its own unique address on the Internet (Website/Internet Page) through which the Merchant offers goods at a distance, carries out e-commerce with them for a fee, delivers the selected goods, and in return is paid in legally established ways.

Campaign – commercial message, promoting the Merchant's brand or goods specified by him, which are available in limited quantities or at a certain percentage discount from the current regular price.

This Privacy and Personal Data Protection Policy is mandatory for all Customers of the Merchant's e-store.

Is considered, that the Customers are notified and express their agreement with the same before making the purchase request from the electronic store.

Security

The primary goal of information security is to secure and protect information or minimize its loss .

The merchant takes the necessary measures (administrative, technical and physical), to protect the provided personal data from loss, theft and misuse, as well as from unauthorized access, modification or distribution, as well as from other illegal forms of processing, involving disclosure, alteration or destruction of data.

COOKIES

The HTTP cookie, commonly referred to simply as a "cookie", is a packet of information, in the form of a small file size,  sent from a web server to your Internet browser on your electronic device, and then returned by the browser each time, when he accesses that same server.

"Cookies" may contain arbitrary information, selected by the server, and are used to maintain the state of HTTP transactions, which are otherwise "stateless". They are usually used to authenticate the identity of a registered user of the SITE, as part of the login process or initial registration on the site, and the user is not required to enter a new username and password at each subsequent access to the SITE.

Cookies can be used to maintain a "basket" of selected items to purchase from the site during a session, to personalize the site (presenting different pages to different users), and to track individual users' access to the site, for user content rating systems, etc.

How long the cookie stays saved on the user's computer?

A "cookie" remains stored on the user's device for use during a subsequent session, but this is not mandatory or a rule – it can also be used only within one session and deleted at the end of the session. Cookies can also be deleted by the user at any time.

01.09.2022