Privacy policy notes

This privacy policy reflects the current status of your personal data processed.

To comply with the new Regulation, you must simultaneously:

  1. Know and control all incoming and outgoing flows of personal data in your company;
  2. Prepare your staff and train them on their duties;
  3. Ensure the technical security of the data;
  4. To adapt the processes on your website to your requirements (ordering, newsletter subscription, data processing via cookies, etc.);
  5. Comply with explicit consent rules for direct marketing, remarketing, etc. You must obtain the customer's explicit consent on a case-by-case basis! Agreeing to the policy is not enough.
  6. Adopt a privacy policy in your dealings with employees and partners;

This privacy policy is tailored to the relationship between you and your users. The most important condition to comply with the requirements of the Regulation is to have complete clarity about the personal data entering and leaving your company, and to tailor the processes on the site.
A good data protection policy is a prerequisite for compliance with the Regulation, but the existence of such a policy does not guarantee compliance with all requirements.

Personal Data Processing Policy

Information about the data controller:
„Moneco“ Ltd., is a company registered in the Commercial Register of the Registry Agency with UIC 206126591, registered office and registered address. Varna, p.k. 9,000 Varna Blvd. 888856954; e-mail: botusharov@sedem2.com.

The grounds and purposes for which we use your personal data
We process your personal data on the following grounds:

  • A contract between us and you for the purpose of performing our obligations under it;
  • Explicit consent from you - the purpose is stated on a case-by-case basis;
  • Subject to a statutory obligation;

In the following paragraphs you will find detailed information about the processing of your personal data depending on the basis on which we process it.

FOR THE PERFORMANCE OF A CONTRACT OR IN THE CONTEXT OF A PRE-CONTRACTUAL RELATIONSHIP
We process your personal data in order to fulfil our contractual and pre-contractual obligations and to exercise our rights under the contracts concluded with you.

Processing objectives:

  • establish your identity;
  • management and execution of your request and execution of a concluded contract;
  • preparation of a contract proposal;
  • preparing and sending a bill/invoice for the services you use with us;
  • in order to provide you with the comprehensive service you need and to collect the amounts due for the services you have used;
  • Maintaining correspondence regarding orders placed, processing requests, reporting problems, etc.
  • notification of everything related to the services you use with us;
  • customer history analysis;
  • identify and/or prevent unlawful acts or acts contrary to our terms of service;

Data we process on this basis:
On the basis of the contract concluded between us and you, we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:

  • personal contact details - contact address, email, phone number;
  • identification data - full name, unique citizenship number or ID number of the foreigner, gender, age group, permanent address;
  • data on orders placed;
  • Correspondence relating to the overall service - emails, letters, information about your requests for troubleshooting, complaints, requests, complaints, feedback we receive from you;
  • credit or debit card information, bank account number or other banking and payment information relating to payments made;

Other information such as:

  • A customer number, code or other identifier created for identification;
  • IP address when visiting our website;
  • Demographic data
  • Social media profile details
  • Information from your actions on the site

The processing of the above personal data is mandatory for us in order to conclude the contract with you and to perform it. Without you providing us with the aforementioned data, we would not be able to fulfil our obligations under the contract.

We provide personal data to third parties
We provide your personal data to third parties as our main aim is to offer you a quality, fast and comprehensive service. We do not provide your personal data to third parties until we are satisfied that all technical and organisational measures have been taken to protect that data and we aim to implement strict controls to fulfil this purpose. In this case, we remain responsible for the confidentiality and security of your data.

We provide personal data to the following categories of recipients (data controllers):

  • postal operators and courier companies;
  • persons who, under contract, maintain equipment, software and hardware used for processing personal data and necessary for the company's activities
  • persons providing consultancy services in various fields.

When we delete data collected on this basis
We delete the data collected on this basis 2 years after the termination of the contractual relationship, whether due to expiry of the contract, termination or any other reason.

FOR THE IMPLEMENTATION OF REGULATORY OBLIGATIONS
There may be a legal obligation for us to process your personal data. In these cases we are obliged to carry out the processing, such as:

  • Obligations under the Anti-Money Laundering Act;
  • The fulfilment of obligations in relation to distance selling, off-premises selling provided for in the Consumer Protection Act;
  • Providing information to the Consumer Protection Commission or third parties as provided for in the Consumer Protection Act;
  • Provision of information to the Commission for Personal Data Protection in relation to obligations under data protection legislation;
  • Obligations stipulated in the Accounting Act and the Tax and Social Security Procedural Code and other related legal acts in relation to keeping lawful accounting records;
  • Provision of information to the court and third parties, in the framework of proceedings before a court, in accordance with the requirements of the regulations applicable to the proceedings;
  • Age verification when shopping online.

When we delete personal data collected on this basis

We delete data collected pursuant to a legal obligation once the obligation to collect and store has been fulfilled or has ceased. For example:

  • under the Accounting Act for the storage and processing of accounting data (11 years),
  • obligations to provide information to the court, competent state authorities and other grounds provided for in the legislation in force (5 years).

Provision of data to 3rd parties
Where we are legally obliged to do so, we may provide your personal data to the competent government authority, individual or legal entity.

WITH YOUR CONSENT
We process your personal data on this basis only after your explicit, unambiguous and voluntary consent. We do not foresee any adverse consequences for you if you refuse the processing of personal data.

Consent is a separate basis for processing your personal data and the purpose of the processing is set out in it and is not covered by the purposes listed in this policy. If you give us the relevant consent and until you withdraw it or terminate any contractual relationship with you, we make product/service suggestions that are appropriate for you by carrying out detailed analyses of your basic personal data;

Detailed analytics is a method of performing analysis that enables the processing of large volumes of data using statistical models and algorithms and others that involve the use of personal data, as well as processes of pseudonymizing and anonymizing the same, in order to extract information about trends and various statistical indicators.

Data we process on this basis:
On this basis, we only process the data for which you have given us your explicit consent. The specific data is determined on a case-by-case basis. Usually these data are email, names, telephone, address.

Provision of data to third parties
On this basis we may provide your data to marketing agencies, Facebook, Google or similar.

Withdrawal of consent
Consents granted may be withdrawn at any time. Withdrawal of consent shall have no effect on the performance of contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we will not use your personal data and information for the purposes set out above. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to withdrawal.

To withdraw your consent, you only need to use our website or simply our contact details.

When we delete data collected on this basis
We delete data collected on this basis at your request or 12 months after its initial collection.

PROCESSING OF ANONYMISED DATA
We process your data for static purposes, that is, for analyses in which the results are only aggregated and the data are therefore anonymous. It is impossible to identify a specific person from this information.

Your data may also be anonymised. Anonymisation is an alternative to data erasure. In the case of anonymisation, all personally identifiable elements/items that allow you to be identified are irreversibly deleted. There is no legal obligation to erase anonymised data as it does not constitute personal data.

Why and how we use automated algorithms
For the processing of your personal data we use partially automated algorithms and methods in order to continuously improve our products and services to adapt our products and services to your needs in the best possible way. This process is called profiling.

How we protect your personal data
To ensure adequate protection of the company's and its customers' data, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.

The company has established rules to prevent abuse and security breaches.

In order to maximize the security of the processing, transmission and storage of your data, we may use additional security mechanisms such as encryption, pseudonymization, etc.

Personal data we have received from 3rd parties
We receive personal data from the following 3rd parties: email address, names, phone, address

Rights of Users
Each User of the Site enjoys all the rights for the protection of personal data under Bulgarian and European Union law.
The user can exercise their rights via the contact form or by sending a message to our email.
Each User is entitled to:

  • Awareness (in relation to the processing of his personal data by the controller);
  • Access to your own personal data;
  • Correction (if data is inaccurate);
  • Erasure of personal data (right to be forgotten);
  • Restriction of processing by the controller or processor;
  • Portability of personal data between controllers;
  • Objection to processing of personal data;
  • The data subject shall also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her;
  • The right to a judicial or administrative remedy if the data subject's rights have been violated.

The user may request deletion if one of the following conditions applies:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • The user withdraws their consent on which the data processing is based and there is no other legal basis for the processing;
  • The data user objects to the processing and there are no legitimate grounds for the processing that override;
  • Personal data have been unlawfully processed;
  • The personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
  • The personal data was collected in connection with the provision of information society services to children and consent was given by the person with parental responsibility for the child.

The user has the right to restrict the processing of his/her personal data by the controller when:

  • Challenge the accuracy of the personal data. In this case, the restriction of processing shall be for a period which allows the controller to verify the accuracy of the personal data;
  • The processing is unlawful, but the User does not wish the personal data to be deleted, but requests instead that their use be restricted;
  • The controller no longer needs the personal data for the purposes of the processing, but the User requires them for the establishment, exercise or defence of legal claims;
  • Object to processing pending verification whether the legitimate grounds of the controller override the interests of the User.

Right to portability.
The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format and shall have the right to transfer those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent or a contractual obligation and the processing is carried out by automated means. When exercising his or her right to data portability, the data subject shall also have the right to obtain a direct transfer of the personal data from one controller to another where this is technically feasible.

Right to object.
Users have the right to object to the controller to the processing of their personal data. The data controller shall be obliged to terminate the processing unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. If you object to the processing of personal data for direct marketing purposes, the processing shall cease immediately.

Complaint to the supervisory authority
Each User has the right to lodge a complaint against unlawful processing of his/her personal data with the Personal Data Protection Commission or the competent court.

Maintenance of a register
We keep a record of the processing activities for which we are responsible. This register contains all the information listed below:

  • The name and contact details of the administrator
  • Purposes of the processing;
  • Description of categories of data subjects and categories of personal data;
  • The categories of recipients to whom the personal data have been or will be disclosed,
  • Including recipients in third countries or international organisations;
  • Where possible, the time limits provided for erasure of the different categories of data;

Where possible, a general description of the technical and organisational security measures
The data collected on this basis shall be kept for a period not exceeding 12 months, as prescribed by the CPC.