Privacy Data Protection Declaration

Confidentiality declaration

of

Mebeli Ludwig Bulgaria EOOD,

UIC /ЕИК/: 131258042,

Legal residence and registered office: city of Sofia 1766, 267 Okolovrasten Pat Blvd.,

Telephone: 02/976 70 70,

Fax: 02/976 70 71,

E-mail:info@como.bg

 

Contact data with an officer in charge of data protection:

Yu. Prigoncha, gdpr@como.bg

 

 

The protection of information and your personal data is a major priority for us.

By virtue of this declaration, we would like to inform you of our policies, practices and measures we apply in the protection of your data, as well as of the rights you have regarding the personal data collected about you.

The measures and policies for protection of personal data applied by us refer both to data collected from you through paper forms filled in by you personally or by our representative, through e-mail correspondence, entering into an agreement or other methods for collection of personal data allowed by the law, as well as to data collected in the Internet space through our internet site http://www.como.bg.

If you have any questions, you can contact us through the coordinates specified above or request information from our employees.

 

1. General information

The scope of activity of the organization is trading with furniture and other objects for furnishing residences and dwelling places.

Upon the collection and processing of your personal data, our Company observes a number of laws and statutory rules, which contain provisions on how to perform those activities, for what purposes and what guarantees for personal data protection should be applied. The relevant statutory regulations include, without limitation, The General Data Protection Regulation (Regulation (EU) 2016/679), The Personal Data Protection Act, as well as the bylaws issued pursuant to them.

 

2. What personal data we collect from you

In most cases, we collect from you data explicitly specified in the law or data necessary for entering into a specific agreement with you.

We will inform you in a clear and transparent manner in case it is necessary to collect personal data from you, which is not specifically mentioned in the law as obligatory but which our Organization finds necessary and/or has a legitimate interest in collection or if it is necessary to protect your vital interests.

 

1) Visitors of our website

You can visit our website http://www.como.bg, without giving any personal information.

With each visit to our website http://www.como.bg, data is transmitted of the use of the relevant internet browser and protocol files, the so-called server log files, for example date and time of retrieval, name of the page accessed, quantity of transferred data and the provider searched, which is stored. These data cannot be related to a specific person and they only serve to provide fault-free functioning of our website and for improvement of our offers.

We would like you to understand the manner in which we use these technologies and to make an informed choice in relation to their use, which is why we have provided for you detailed information on:

http://www.como.bg/cookies

As part of the functionality for opinion/feedback on this website, along with your comment, data is also stored about the time of its creation and the name selected by you for a commenting person and said data after control is published on the site.

Upon registration as a user of our website, we store the data you have filled in the form – names and e-mail, and if you wish, country and date of birth as well;

 

Upon request by you for an electronic newsletter, only your e-mail address is stored.

 

2) Data of our customers (present and potential ones)

Personal data is collected if you provide us with the relevant information with the purpose of:

- performing a contract/order;

- upon a contact with us or after a request by you for an electronic newsletter.

You can see what data is collected from the relevant agreement or registration form, which has to be filled in voluntarily in order to perform the foregoing.

3) Data of our partners and/or suppliers

Personal data is in a minimum and strictly necessary amount, in the typical cases this is personalized data about the representative or person for contact with the company representative. Collecting of personal ID No. /Citizen’s PIN/ is done in minimum cases and solely and only in so far as we are obliged by the law.

 

4) Video surveillance

At the COMO hypermarket there is video surveillance. Video surveillance is in relation to the requirement of the law to us. The organization has undertaken the necessary technical and organizational measures in order to protect your confidentiality and the records are stored and destroyed in observance of all legal and our internal instructions complying with the legislation.

3. Why we collect the personal data and what we use it for

We collect your personal data in relation to the following:

- providing our services and products to you,

- in order to provide for you interesting information about products and services

- or in relation to the products and services used by our organization, provided by your organization or personally by you.

In most cases, we collect personal data from you, which can enable us to identify you and contact you if necessary.

 

Data for advertising purposes:

We use your data for advertising purposes, more specifically – to send you our electronic newsletter or another advertising communication. We do not sell your data and we do not share it with third parties so as to be used for their advertising purposes or such purposes you are not aware of and have not given your consent for.

The aim of our newsletter/advertising message is to inform you about new products and/or promotional campaigns upon observance of all legal and ethical rules. We do that, after:

- we have obtained your express consent in the contract you sign and only if you have not objected to that,

- or you have expressly requested its receipt through our website or through another written/electronic form.

 

In all cases, you have the opportunity to refuse information messages in an easy and convenient for you manner, and we provide you with information thereof upon each contact with you.

 

It is possible, from time to time, with the aim of updating our database, that we send you information/letters with the request to review and correct your data in case of necessity thereof.

We do that in order to be certain that our letters reach recipients who wish to receive them, as well as that our database is up-to-date.

 

In cases where it is necessary to collect your personal data from you for purposes not mentioned above, we will inform you promptly and we will also clarify your rights to you.

 

4. Persons we share your personal data with

Beyond government authorities, institutions and persons whom we are obliged to provide with personal data according to the law;

We share your personal data only with reliable and trusted partners and solely with the aim of providing you with a quality service:

Our organization has undertaken measures and obliged all these persons (we share the data with) to apply the same protection to your personal data, as our own employees do and to observe the organization’s Policy on personal data protection.

  • external persons and companies performing for us services auxiliary to our activity:

- these are persons assigned to maintain equipment, software and hardware used for personal data protection and necessary to build the organization’s network, including the network of video cameras; persons performing services in various fields.

 

  • Mail chimp platform:

For the distribution of our information newsletters, we use the marketing platform Mail chimp of the company The Rocket Science Group, LLC, 675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308 USA.

Declaring your desire to refuse receiving our newsletter, your data will be deleted from the database of Mail chimp.

  • transport or courier company

The personal data collected by us is handed over to the selected by you (within the order) transport or courier company, insofar as this is necessary for performing a delivery. If the delivery of the goods ordered by you is performed by a courier or another transport company, we provide your telephone number, with the aim of coordinating the delivery.

 

  • Payments and third parties:

It is possible, depending on your choice of payment method, that your data be handed over by us or that you personally hand your data over to third parties:

I. Third parties with whom Mebeli Ludwig Bulgaria EOOD shares data in relation to the payment of your order;

We provide to the third parties listed below data necessary only for the purposes of processing – the data you have filled in the relevant form of the institution processing it, with the aim of performing the payment requested by you:

1) Upon payment through B-Pay, EasyPay – when you request payment through EasyPay or B-Pay, you receive a 10-digit number, which you have to use in order to pay in an office of EasyPay or on an ATM with the service B-Pay. Based on that code, we identify the payment and refer it to your order. With B-Pay, EasyPay, no personal data is exchanged; https://www.easypay.bg/site/files/trms_ld.pdf

2) Upon a lease - purchase with BNP Paribas PF – if you select an option for a lease-purchase with BNP Paribas PF, with a view to obtaining approvalfor the signing of a loan agreement, you have to fill in the form on the website and provide your personal data necessary for approval and subsequent obtaining of a loan: http://www.bnpparibas-pf.bg/gdpr-reglament.html

II. Third parties to whom you can submit your data directly

Your personal data is not handed over to us, it is processed directly by the relevant companies after you select the preferred option for payment and are transferred to the relevant website/vendor.

Please get acquainted with the practices and policies applied by the relevant companies and make an informed choice.

Links to other websites related to payment of your order:

1) upon payment with credit/debit cards (through eBORICA):https://www.borica.bg/products-and-services/Priemane-na-kartovi-plashtaniya

  • Redirecting of the URL for payment to the internet page of the payment services provider

2) upon payment through ePay Bg – Standard: https://www.epay.bg/v3main/front/declaration

  • Redirecting of the URL for payment to the internet page of the payment services provider

 

3) through a bank transfer to our bank account in Raiffeisen bank EAD:https://www.rbb.bg/bg/za-bankata/pravna-informaciya/poveritelnost/obrabotvane-lichni-danni-raifaizenbank/#iztochnitsi

 

5. Measures for protection

The organization collects, processes and stores personal data upon observing all legal requirements and by applying adequate technical and organizational security measures.

 

With the purpose of maximum security upon processing, transfer and storage of personal data, we also use where necessary, additional mechanisms for protection such as encryption, pseudonymisation, etc.

 

6. Period (term), during which we store your personal data

Your personal data is stored by the Organization for the period specified in the active laws, depending on the aim it is collected for.

We store and use the data you have provided, for the performance of a contract, for a period that would enable us to protect our and your legal interest – that means we store it for a period not longer than 5 years from the performance of a specific contract.

If the grounds for collection are different from a contract, the storage periods are according to other requirements and specifics, and namely:

- according to the requirement of the law

- according to your wish

- according to our internal policy on data updating

 

Upon determining the period of storage of your data, we also take into account our desire to provide you with services of high quality, as well as normal development of our relations of partnership.

 

Our goal upon storing your personal data is to observe its actuality and accuracy, as well as your convenience in relation to which to require minimum actions by you on re-registrations or second provision of data.

 

When personal data we collect is no longer necessary for the specified goals, we delete it or destroy it in another reliable manner.

 

7. Your rights

  • You are entitled to request access to your personal data at any time.

  • You are entitled to know what personal data about you we process and what we use it for, how we store it.

  • Beyond the above-described rights, you are entitled to request:

- that your personal data be deleted;

- to request limitation in the processing of your personal data for a specific period of time;

- object against processing;

- transferability of the data;

- right to complaint to the supervisory body, which is the Commission for Persona Data Protection.

 

Some of the rights listed above depend on the specific reason for which we process your personal data. For example, in some of the cases we are obliged by the law to store your personal data. In such cases, it will not be possible to delete your personal data from our systems.

  • Turn to our employees in the event you have any questions.

 

Our employees or employee on personal data protection:

- will assist you upon exercising your rights;

- will inform you in addition of each one of your rights.

 

  • To exercise your right to access, send us an access request.

 

The access to data:

Access to the data is granted free of charge. We are entitled to refuse access to data only in case of excess on your behalf or ill-grounded requests. We are entitled to request from you the payment of an administrative fee in the event of excessive requests. According to our internal rights, we deem excessive such requests that are forwarded to us by the same person more than once in every 3 months. Determining this period has been made entirely in compliance with the specifics of our activity, the nature of the information we have about you (in the general cases, your contact data) and the frequency with which a necessity and interest should possibly arise on your behalf to forward a specific request to us.

 

 

Your identification:

With the purpose of protection, both of your rights and of the rights of our other partners, users, customers, prior to granting access to certain data or to performing any action on a specific request by you, we will ascertain the personal identity of the person who forwarded the request. This may lead to a request by us to provide additional information about you, to come on the spot, to send your request via electronic qualified signature or other reasonable measures, depending on the request, nature and context of their processing.

 

Deadline for response:

We always strive to satisfy your requests when such requests are admissible and well-grounded, as well as to send a response to you within the legally provided deadline.

In the rare cases when we cannot ensure access to your personal data within 1 month, it might be necessary to extend that period but no longer than to the admissible and maximum allowed period according to the law, as we will specify the reasons for that.

8. Updating/actualization

The present declaration shall be revised and updated by us on a regular basis, with the aim of being maximally clear, accurate, transparent and encompass changes newly occurred with us (if necessary).

Date of last update – 25.06.2018.