Mandatory Information Regarding the Rights of Data Subjects Related to Personal Data Protection

Information about the company processing your data:

 

Name: “SuiCo EOOD

UIC/BULSTAT: 121041923

Headquarters and registered address: Sofia, 16 Malashevska St.

Mailing address: Sofia, 16 Malashevska St.

Phone: 02 8139888

E-mail: privacy@suico.eu

Website: passiflora.eu

 

Information regarding the competent supervisory body for personal data protection

 

Name: Commission for Personal Data Protection

Headquarters and registered address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Mailing address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg

 

“SuiCo EOOD (hereinafter shortly referred to as the “Controller” or “Company”) performs its activities in accordance with the Personal Data Protection Act and Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This information is intended to inform you of all aspects of the processing of your personal data by the Company and the rights you have in relation to such processing.

 

Reason for collecting, processing and storing your personal data

Art. 1. The Controller collects and processes your personal data in connection with the use of the website suico.eu pursuant to Art. 6, para. 1, Regulation (EC) 2016/679 (GDPR), and in particular on the following grounds:

  • Your explicit consent as a customer;
  • Compliance with a statutory duty applicable to the Controller;
  • For the legitimate interests of the Controller or a third party;

Purposes and principles of collecting, processing and storing your personal data

Art. 2. (1) We collect and process the personal data you provide us in connection with the use of the site for the following purposes:

  • accounting purposes;
  • statistical purposes;
  • direct marketing
  • Sending newsletters at your request;
  • protection of information security;

(2) We comply with the following principles when processing your personal data:

  • legality, good faith and transparency;
  • limitation of processing purposes;
  • relevance to the processing goals and minimization of collected data;
  • accuracy and timeliness of the data;
  • restriction of storage in view of accomplishment of the purposes;
  • integrity and confidentiality of processing, and ensuring an adequate level of security of personal data.

(3) When processing and storing personal data, the Controller may process and store personal data in order to protect its legitimate interests:

  • implementation of its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal authorities.

What kind of personal data is collected, processed and stored by our company

Art. 3. (1) The Company performs the following operations with the personal data provided by you for the following purposes:

  • Sending a newsletter – the purpose of this operation is to administer the process of sending newsletters to clients who have indicated that they want to receive such. Given the limited scope of the personal data collected, an impact assessment of the operation is not required.
  • Communication with the contractual partner in case of an email inquiry or an inquiry using the form from the site. Given the limited scope of personal data collected, an impact assessment is not required for the operation.

(2) The controller shall process the following categories of personal data and information for the following purposes and on the following grounds:

  • Your individualizing data (email and name)
  • Purpose for which data is collected: 1) Contacts with the user and sending information, 2) Sending a newsletter.
  • Reason for the processing of your personal data. Your data used for sending a newsletter and for contacts is processed based on your explicit consent – Art. 6, para. 1, b. (s) GDPR.
  • Additional data provided by you – If you wish to complete your inquiry to us, you may fill in your name, telephone number, etc.
  • Purpose for which the data is collected: Better servicing of the counterparty and compliance with their requirements for contacts and receipt of information from us.
  • Reasons for data processing: Art. 6, para. 1, lit. (a) GDPR. The provision of such data is not required when making a request via the contact form.

(3) The controller does not collect or process personal data related to the following:

  • reveal racial or ethnic origin;
  • reveal political, religious or philosophical beliefs, or membership in trade unions;
  • genetic and biometric data, health data, or data on sexual life or sexual orientation.

(4) Personal data are collected by the Controller from the persons to whom they relate.

(5) The Company does not make automated decision making using such data.

Art. 4. The controller may use the so-called “Cookies” for the purpose of providing full functionality to the website, improving the user experience, for statistical purposes, facilitated access, etc., which you agree to by using our website. You can control and / or delete cookies at any time, using the settings of your browser. “Cookies” do not constitute personal data and are not used to identify visitors and users of the website.

Term of retention of your personal data

 

Art. 5. (1) The controller keeps your personal data for a period of up to 5 years. Upon expiration of the term or at your request, the Controller will take due care to erase and destroy all your data without undue delay or to anonymize them (i.e. to bring them in a form that does not reveal your identity).

(2) The controller keeps your personal data, provided in connection with online orders for a period of 5 years for the purpose of protecting its legal interests in legal or administrative disputes with the users of the e-store.

(3) The Controller shall notify you in the event that the period for storing the data has to be extended in order to comply with a statutory obligation or with respect to the legitimate interests of the Controller or otherwise.

 

Transfer of personal data for processing

 

Art. 6. (1) The controller may, at its own discretion, transfer all or part of your personal data to processors for the fulfillment of the processing purposes you have agreed to, subject to the requirements of Regulation (EC) 2016/679 (GDPR).

(2) The Controller notifies you if he intends to transfer some or all of your personal data to third countries or international organizations.

 

Your rights related to the collection, processing and storing of your personal data

 

Withdrawal of your consent for personal data processing

Art. 7. (1) If you do not wish your personal data to be processed for marketing purposes and to receive our newsletter, you may withdraw your consent to the processing at any time by completing the withdrawal form in Appendix 1 or by sending a request in a free form at privacy@suico.eu.

(2) Once we have received your request, we will send to the email address you have provided for newsletters and advertising messages, a letter with detailed instructions for your verification as a recipient of newsletters and subject of the personal data, for which withdrawal of consent was requested.

(3) The withdrawal of consent does not affect the lawfulness of the processing of personal data that the Controller has performed so far.

 

Right of access

 

Art. 8. (1) You have the right to request and obtain from the Controller a confirmation that personal data relating to you is being processed, by submitting a free text request at privacy@suico.eu.

(2) You have the right to access the data relating to you as well as the information relating to the collection, processing and storage of your personal data.

(3) Once we have received your request, we will send you a letter with detailed instructions for your verification as the subject of the personal data, to which access has been requested, to the email address you used to register or place orders in the e-store.

(4) After the verification, according to para. 3, the Controller provides you with a copy of your personal data processed in an electronic or another appropriate form upon request.

(5) The provision of access to the data is free of charge, but the Controller reserves the right to impose an administrative fee in the event of repeated or excessive demands.

 

 

Right of erasure (right “to be forgotten”)

Art. 9. (1) You have the right to request from the Controller the erasure of any or all personal data related to you and the Controller has the obligation to erase them without undue delay if any of the following reasons exists:

  • the personal data is no longer needed for the purposes for which it was collected or otherwise processed;
  • You have withdrawn your consent, on which the processing of the data is based, and there is no other legal basis for the processing;
  • You object to the processing of your personal data, including for direct marketing purposes, and there are no legitimate grounds for the processing that have priority;
  • The personal data has been illegally processed;
  • The personal data must be deleted to comply with a legal obligation under the EU law or the law of a Member State that applies to the Controller;
  • The personal data have been gathered in connection with the provision of information society services.

(2) The controller is not obliged to delete the personal data if he keeps them and processes them:

  • To exercise the right to freedom of expression and the right to information;
  • To comply with a legal obligation that requires processing, provided for under the EU law or the law of the Member State that applies to the Controller, or for the performance of a task of public interest or for the exercise of an official authority;
  • for reasons of public interest in the field of public health;
  • for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
  • for the establishment, exercise or defence of legal claims.

(3) In order to exercise your right to be forgotten, you must email your request for erasure of your personal data  processed by the Controller, by completing the form in Appendix 2 or by a free text request. Then the Controller will send to the email used to sign up for our newsletter or for contacting us upon filling in the site’s contact form, a letter with detailed instructions for your verification as a site user, and a subject of the personal data which you want to be erased.

(4) Once we have verified the identity of the person making the request and the person to whom the data relate in accordance with your instructions, we will delete all data we process for you in accordance with par. 3.

 

Right of restriction

 

Art. 10. You have the right to require the Controller to restrict the processing of your data by sending us a request in free text by email when:

  • your contest the accuracy of the personal data for a period that allows the Controller to verify the accuracy of the personal data;
  • the processing is illegal, but you do not want the personal data to be deleted and prefer to restrict its use;
  • The controller no longer needs the personal data for the purposes of processing, but you need them to establish, exercise or protect your legal claims;
  • You have objected to the processing, pending verification whether the legal grounds of the Controller override your interests.

(2) Once we receive your request, we will send to the email address used by you to register for our newsletter or to contact us upon filling in the site’s contact form, a letter with detailed instructions for your verification as a site user and subject of the personal data for which a request for restriction of processing has been made.

(3) After the verification under para. 2, the Company will cease the processing of your data, but will not remove the posts you made on the website, if any.

 

 

Right to receive information

 

Art. 12. You may request the Controller to inform you of all recipients of your personal data for which rectification, erasure, or restriction of the processing has been requested. The controller may refuse to provide such information if this is unfeasible or would require disproportionate effort.

 

Right of objection

 

Art. 13. You may object to the processing of your personal data by the Controller at any time, including if such data is being processed for direct marketing purposes.

 

Your rights in case of data breach

Art. 14. (1) We do our best to keep your personal data safe. We use secure communication and data transfer protocols (such as HTTPS). We use anonymous data and aliases when appropriate. We monitor our systems for possible vulnerabilities and attacks.

Although we strive to apply all measures possible, we cannot guarantee the security of the information. However, we promise to notify the relevant supervisory bodies of any data breaches. We will notify you if there is a threat to your rights or interests. We will do our best to prevent security breaches and help the authorities to investigate any violations.

If the Controller detects a data breach that may pose a high risk to your rights and freedoms, he notifies you without undue delay of the breach, as well as of the measures that have been or are being taken.

(2) The controller is not obliged to notify you if:

  • He has taken appropriate technical and organizational measures to protect the data affected by the breach;
  • He has subsequently taken measures to ensure that the breach will not lead to a high risk for your rights;
  • The notification would require disproportionate efforts.

 

 

Persons to whom your personal data are provided

 

Art. 15. (1) For the purpose of processing your personal data and providing the full functionality of the service and in view of your interests, the Controller may provide the data to the following companies – data processors, including, but not limited to:

 

Data processor                                             Purpose of data processing

 

(2) Personal data processors shall comply with all requirements for legality and security of processing and storing your personal data.

Art. 16. The controller shall not transfer your personal data to third countries, unless this is necessary and subject to the conditions of Art. 6 (2).

Art. 17. In case of a violation of your rights under the above or the applicable legislation for personal data protection, you are entitled to file a complaint to the Commission for Personal Data Protection, as follows:

 

Name: Commission for Personal Data Protection.

Headquarters and registered address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Mailing address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg

 

Art. 18. You may exercise all your rights related to personal data protection by using the forms attached hereto. Of course, these forms are not mandatory and you may send a request in a free form, containing a statement and qualifying you as a data subject.

Art. 19. If the consent relates to transfer, the Controller describes the possible risks for the data transfer to third countries in the absence of a decision for adequate protection and appropriate security means.

 

Appendix No. 1

 

Form for withdrawal of the consent for processing activities

 

Your name*: …………………….

Your email address which we used in the e-store *: …………………….

Contact data (e-mail)*: …………………….

 

To

Name: “SuiCo EOOD

UIC/BULSTAT: 121041923

Headquarters and registered address: Sofia, 16 Malashevska St.

Mailing address: Sofia, 16 Malashevska St.

Phone: 02 8139888

E-mail: privacy@suico.eu

Website: passiflora.eu

 

I hereby withdraw my consent for the processing of the personal data I have provided, for the purpose of receiving newsletters, promotional messages or other marketing materials. I am aware of the conditions for withdrawing my consent in compliance with the Mandatory information of the e-store regarding the rights of individuals related to personal data protection.

In case of a violation of your rights under the above or the applicable legislation for personal data protection, you are entitled to file a complaint to the Commission for Personal Data Protection, as follows:

 

Name: Commission for Personal Data Protection.

Headquarters and registered address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Mailing address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg

 

Appendix No. 2

 

Request „to be forgotten“ – for erasure of the personal data related to me

 

Your name*: …………………….

Your email you used for the registration or for ordering via our e-store*: …………………….

Contact data (e-mail)*: …………………….

 

To

Name: “SuiCo EOOD

UIC/BULSTAT: 121041923

Headquarters and registered address: Sofia, 16 Malashevska St.

Mailing address: Sofia, 16 Malashevska St.

Phone: 02 8139888

E-mail: privacy@suico.eu

Website:  passiflora.eu

 

I hereby ask the following personal data collected, processed and retained by you, provided by me or by third parties and related to me, pursuant to the indicated identification, to be erased from your databases.

I declare that I am aware that part or all of my personal data may continue to be processed and retained by the controller for the purpose of implementing his legal obligations.

In case of a violation of your rights under the above or the applicable legislation for personal data protection, you are entitled to file a complaint to the Commission for Personal Data Protection, as follows:

 

Name: Commission for Personal Data Protection.

Headquarters and registered address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Mailing address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg

 

Appendix No. 3

 

Request for Data Portability

 

Your name*: …………………….

Your email you used for the registration or for ordering via our e-store*: …………………….

Contact data (e-mail)*: …………………….

 

To

Name: “SuiCo EOOD

UIC/BULSTAT: 121041923

Headquarters and registered address: Sofia, 16 Malashevska St.

Mailing address: Sofia, 16 Malashevska St.

Phone: 02 8139888

E-mail: privacy@suico.eu

Website:  passiflora.eu

 

I hereby ask all personal data related to me and collected, processed and retained in your databases to be sent in an XML format to:

e-mail: …………………….

Controller – receiving the data: …………………….

 

Name: “SuiCo EOOD

Identification number (UIC, BULSTAT, reg. number in the CPDP): BG121041923, 121041923, 1163968

E-mailprivacy@suico.eu

 

In case of a violation of your rights under the above or the applicable legislation for personal data protection, you are entitled to file a complaint to the Commission for Personal Data Protection, as follows:

 

Name: Commission for Personal Data Protection.

Headquarters and registered address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Mailing address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg

 

Appendix No. 4

 

Request for data rectification

 

Your name*: …………………….

Your email you used for the registration or for ordering via our e-store*: ……………………..

Contact data (e-mail)*: …………………….

 

To

Name: “SuiCo EOOD

UIC/BULSTAT: 121041923

Headquarters and registered address: Sofia, 16 Malashevska St.

Mailing address: Sofia, 16 Malashevska St.

Phone: 02 8139888

E-mail: privacy@suico.eu

Website:  passiflora.eu

 

I hereby ask the following personal data collected, processed and retained by you, provided by me or by third parties and related to me, to be rectified as follows:

Data subject to rectification:

…………………………………………..

Please correct the data as follows:

…………………………………………..

In case of a violation of your rights under the above or the applicable legislation for personal data protection, you are entitled to file a complaint to the Commission for Personal Data Protection, as follows:

Name: Commission for Personal Data Protection.

Headquarters and registered address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Mailing address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Phone: 02 915 3 518

Website: www.cpdp.bg