PRIVACY POLICY
Last change: 29.01.2024
1. INTRODUCTION
1.1. Welcome to https://3d-bewehrung.com/ (the „Website“ or „Website“), which has been created for the benefit and by order of „DRAY DE BEVERUNG“ EOOD, with EIK: 207021320, with registered office and address of management: city of Sofia, p.k. 1608, „Krasno Selo“ district, g.k. „Krasno Selo“, bl. 20, entrance Ah, app. 17, contact phone: +359 88 332 52 36.
1.2. BY USING THIS WEBSITE, YOU AGREE TO THE TERMS REGARDING THE COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY.
1.3. PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THIS WEBSITE AND IF YOU HAVE ANY QUESTIONS REGARDING THIS PRIVACY POLICY, PLEASE CONTACT US AT +359 88 332 52 36 OR OFFICE@3D-BEWE HRUNG.COM. IF YOU DO NOT AGREE WITH ANY OF THE TERMS CONTAINED IN THIS PRIVACY POLICY, YOU SHOULD NOT USE THIS WEBSITE.
2. ADMINISTRATOR OF PERSONAL DATA
2.1. „DRAY DE BEVERUNG“ EOOD (hereinafter referred to as „Administrator“) is a limited liability company, with EIC: 207021320, with headquarters and management address: Sofia, p.k. 1608, „Krasno Selo“ district, g.k. „Krasno Selo“, bl. 20, entrance Ah, app. 17, contact phone: +359 88 332 52 36 and website: https://3d-bewehrung.com/.
3. SUPERVISORY AUTHORITY:
3.1. Commission for the Protection of Personal Data
Address: city of Sofia, p.k. 1592, Prof. Blvd. Tsvetan Lazarov“ 2
Contact details: 02/915 35 18; 02/915 35 15; 02/915 35 19; kzld@cpdp.bg, www.cpdp.bg
4. PURPOSES AND SCOPE OF THE PRIVACY POLICY
4.1. The administrator understands the considerations of the visitors of this website regarding the protection of personal data and is committed to protecting their personal data by applying all standards for the protection of personal data according to Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC. With this Privacy Policy, the Administrator respects the inviolability of the personality of natural persons and makes all necessary efforts to protect the personal data of natural persons against illegal processing by applying technical and organizational measures to protect personal data, which measures are fully in line with modern technological achievements and provide a level of protection that corresponds to the risks associated with the processing and the nature of the data to be protected.
4.2. With this Privacy Policy and in compliance with the requirements of Regulation (EU) 2016/679, the Administrator provides information regarding:
• the purposes and scope of the privacy policy;
• personal data collected and processed by the Administrator;
• the purposes of personal data processing;
• period of storage of personal data;
• mandatory and voluntary nature of providing personal data;
• processing of personal data;
• protection of personal data;
• the recipients or categories of recipients to whom the data may be disclosed;
• rights of natural persons;
• procedure for exercising the rights;
• right to object;
• buttons, tools and content from other companies;
• changes to the privacy policy.
5. DEFINITIONS
5.1. For the purposes of Regulation (EU) 2016/679 and this policy, the specified terms have the following meaning:
5.1.1. Personal Data means any information relating to an identified or identifiable natural person („data subject“); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, the physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person.
5.1.2. Processing of personal data means any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission , distribution or other way in which the data is made available, arranged or combined, restricted, deleted or destroyed.
5.1.3. Restriction of processing means marking stored personal data in order to restrict their processing in the future.
5.1.4. Profiling means any form of automated processing of personal data consisting in the use of personal data to assess certain personal aspects related to an individual, and more specifically to analyze or predict aspects related to the performance of professional duties of that an individual, their economic status, health, personal preferences, interests, reliability, behavior, location or movement.
5.1.5. Administrator means a natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of this processing are determined by Union law or the law of a Member State, the controller or the special criteria for its determination may be established in Union law or in the law of a Member State.
5.1.6. Personal data processor means a natural or legal person, public body, agency or other entity that processes personal data on behalf of the controller.
5.1.7. Recipient means a natural or legal person, public body, agency or other entity to which personal data is disclosed, whether or not it is a third party. At the same time, public authorities that may receive personal data within the framework of a specific investigation in accordance with Union law or the law of a Member State are not considered „recipients“; the processing of this data by the specified public authorities complies with the applicable data protection rules in accordance with the purposes of the processing.
5.1.8. Third party means a natural or legal person, public body, agency or other body other than the data subject, the controller, the personal data processor and the persons who, under the direct supervision of the controller or the personal data processor, have the right to process the personal data.
5.1.9. Consent of the data subject means any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or clear affirmative action, which expresses his consent to the processing of his personal data.
5.1.10. Breach of Personal Data means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of Personal Data that is transmitted, stored or otherwise processed.
6. PRINCIPLES OF PERSONAL DATA PROCESSING
6.1. The administrator follows the following principles when processing personal data for natural persons, namely:
• Personal data are processed lawfully, in good faith and in a transparent manner with respect to the data subject („lawfulness, good faith and transparency“);
• Personal data are collected for specific, explicitly specified and legitimate purposes and are not further processed in a manner incompatible with these purposes;
• Personal data are relevant, relevant and limited to what is necessary in relation to the purposes for which they are processed („data minimization“);
• Personal data are accurate and, if necessary, kept up-to-date („accuracy“);
• Personal data is stored in a form that allows the identification of the data subject for a period no longer than is necessary for the purposes for which the personal data is processed („storage limitation“);
• Personal data are processed in a way that ensures an appropriate level of personal data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures („integrity and confidentiality“).
7. PERSONAL DATA COLLECTED AND PROCESSED BY THE ADMINISTRATOR
7.1. Processing of special categories of personal data („sensitive data“)
7.1.1 The administrator does not collect or process special categories of personal data, such as: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data for the sole purpose of identifying a natural person, data on the state of health or data on the sex life or sexual orientation of the natural person. Individuals should not provide such sensitive data to the Administrator. In the event that the natural person intentionally provides sensitive data to the Administrator, the Administrator undertakes to delete them immediately.
7.2. Personal data collected directly from individuals
7.2.1. Personal data collected directly from individuals when individuals contact the Administrator by telephone Individuals provide personal data to the Administrator when they contact the Administrator by telephone. The telephone number for contacting the Administrator is specified in the Administrator’s identification data in this Privacy Policy and in the „Contacts“ menu, where the Administrator’s contact information is provided. When the person contacts the Administrator by telephone, the Administrator collects and processes only the name and telephone number of the individual, and in some cases the e-mail address of the individual. This data is processed for the purposes of communication with the individual. The processing of these personal data is necessary for actions preceding the conclusion of a contract and undertaken at the request of the individual, namely providing more information about the services offered by the Administrator in connection with the possible conclusion of a contract with the individual. The administrator uses the services of a telephone service provider, which provider is located in the Republic of Bulgaria.
7.2.2. Personal data collected directly from individuals when individuals contact the Administrator by e-mail Individuals provide personal data to the Administrator when they contact the Administrator by e-mail. The Administrator’s e-mail address is specified in the Administrator’s identification data in this Privacy Policy and in the „Contacts“ menu, where the Administrator’s contact information is provided. When the person sends an e-mail to the Administrator, the Administrator collects and processes the e-mail address, as well as the other information that the person provides in the sent e-mail, such as name, phone number, address. This data is processed for the purposes of communication with the individual and record keeping. The processing of these personal data is necessary for actions preceding the conclusion of a contract and undertaken at the request of the individual, namely providing more information about the services offered by the Administrator in connection with the possible conclusion of a contract with the individual.
7.3. Personal data of individuals provided by third parties
7.3.1. The administrator normally does not receive personal data about individuals from third parties. However, in some cases, if the Administrator has reasonable grounds to suspect that a natural person is infringing intellectual property rights and other similar cases, then the Administrator has the right to obtain personal data of the suspected person from public records, such as: register, the Register of Registered Trade Marks maintained by the European Union Office for Intellectual Property and the like. This data may be collected and processed for the purpose of filing an infringement claim against the infringer. The processing of personal data collected from a public register is necessary for the purposes of the legitimate interests of the Administrator, which legitimate interests are the filing of a claim for a committed violation against the offender, and also on legal grounds.
7.4. Data collected automatically
7.4.1. When visiting the website, the Administrator may automatically collect the following data, namely:
• Internet Protocol (IP) address of the device from which the individual accesses the Platform (usually used to identify the country or city from which the individual accesses the Platform);
• Type of device from which the individual accesses the platform (for example, computer, mobile phone, tablet, etc.);
• Type of operating system;
• Browser type;
• The specific actions the individual takes, including the pages visited, the frequency and duration of website visits;
• Date and time of visits.
7.4.2. The collection and processing of these personal data is necessary to realize the legitimate interests of the Administrator, which legitimate interests are facilitating the use of the website and improving the functionality of the website.
8. PURPOSES FOR WHICH PERSONAL DATA IS PROCESSED
8.1. The administrator collects and processes the personal data of natural persons, which are provided directly by them only for the following purposes, namely:
• in order to provide services that the Administrator offers and to identify individuals (future and current customers);
• to make contact with the individual via e-mail, so that the Administrator can respond to the inquiry received by the individual;
• for the performance of obligations under a contract to which the natural person to whom the data relates is a party, as well as for actions preceding the conclusion of a contract and undertaken at his request;
• to fulfill a legally established obligation of the Administrator of personal data, in accordance with the applicable law;
• accounting purposes;
• statistical purposes.
8.2. The administrator collects and processes the personal data of natural persons, which have been collected automatically for the following purposes, namely:
• improving the efficiency and functionality of the website;
• preparing anonymous statistical data about the way the website has been used;
• to provide better service;
• to administer the website;
• adaptation of the website to the preferences of individuals.
8.3. The administrator has no right to use the personal data of individuals for purposes other than the purposes specified in this section of this Personal Data Protection Policy.
9. STORAGE PERIOD OF PERSONAL DATA
9.1. Inquiries and e-mail correspondence: The Administrator stores personal data and received e-mail messages for a period necessary to respond to the received message, as well as for a period of one year after the received message has been answered.
9.2. Personal data of persons who have requested a service: The Administrator stores the personal data of persons who have requested a service from the Administrator for as long as is necessary for the performance of the contract, as well as for a period of ten years after the performance of the contract, which period is legal the established term.
9.3. Criteria for determining the period for which personal data will be stored:
In other cases not specified above, the Administrator will store the personal data of the natural person for no longer than necessary, taking into account the following criteria, namely: – whether the Administrator undertakes to comply with a legal obligation to continue the processing the personal data of the individual; – the purpose of storing the personal data both now and in the future; – whether a contract has been concluded between the Administrator and the natural person and the Administrator is obliged to continue processing personal data in order to fulfill the obligations under the contract; – purposes for using personal data now and in the future; – whether it is necessary to make contact with the natural person in the future; – whether the Administrator has a legal basis to continue processing the personal data of the individual; – any other legitimate reasons, such as the nature of the relationship with the natural person.
10. MANDATORY AND VOLUNTARY NATURE OF PROVIDING PERSONAL DATA
10.1. The personal data that are required to be provided by individuals are in accordance with the services offered by the Administrator and are mandatory. The provision of personal data by individuals is voluntary. In case the provision of personal data is refused:
• The administrator will not be able to provide the service desired by the individual, namely: deliver the service ordered by the individual;
• The administrator will not be able to receive the email from the user if the latter does not fill in the necessary information in the contact form;
• The natural person will not be able to create his user profile on the site;
• The individual will not be able to receive a newsletter.
11. PROCESSING OF PERSONAL DATA
11.1. The administrator processes the personal data of natural persons through a set of actions that can be performed by automatic or non-automatic means.
11.2. The Administrator processes the personal data of individuals independently or by assigning data processors on behalf of the Administrator, who are accounting service providers, hosting service providers, marketing services providers, web site traffic analysis services providers.
12. PROTECTION OF PERSONAL DATA
12.1. The administrator takes the necessary technical and organizational measures to protect personal data from accidental or illegal destruction, or from accidental loss, from unauthorized access, modification or distribution, as well as from other illegal forms of processing, namely:
• all personal information that the individual provides to the Administrator is stored on secure and reliable servers and folders;
• when exercising the right of access by the individual, the Administrator verifies the identity of the individual before providing him with the requested information;
• web-based information systems are prefixed with „https:“ instead of „http:“. In this way, your information is protected and unaltered and unread by third parties, and for this purpose the Administrator uses an SSL certificate, which is issued by one of the world’s leading companies in the field of security and encryption of data transmitted over the Internet.
• The administrator provides individuals with a secure and encrypted connection when sending personal data.
12.2. In case you would like to receive detailed information about the technical and organizational measures, please do not hesitate to contact us at +359 88 332 52 36 or at office@3d-bewehrung.com.
13. RECIPIENTS TO WHOM PERSONAL DATA MAY BE DISCLOSED
13.1. The administrator has the right to disclose the processed personal data to the following categories of persons, namely:
• the natural persons to whom the data refer;
• to persons, if provided for in a legal act, for example state bodies;
• to persons processing personal data who provide services for the benefit of the Administrator’s business activities, such as providers of accounting services, providers of hosting services, providers of telephone services, providers of marketing services, providers of website traffic analysis services, and these persons are bound by an obligation to observe confidentiality, and also these persons have provided sufficient guarantees for the application of appropriate technical and organizational measures in such a way that the processing takes place in accordance with the requirements of the Regulation and ensures the protection of the rights of natural persons.
13.2. The administrator does not sell personal data provided by the individual to third parties.
14. RIGHTS OF INDIVIDUALS
14.1. Right of access
The natural person has the right to receive from the Administrator a confirmation as to whether personal data relating to him is being processed and, if so, to access the data – the relevant categories of personal data.
14.2. Right to rectification
The individual has the right to ask the Administrator to correct inaccurate personal data relating to him without undue delay. Considering the purposes of the processing, the natural person has the right to have incomplete personal data completed, including by adding a declaration.
14.3. Right to erasure (right to be forgotten)
The natural person has the right to request from the Administrator the deletion of the personal data related to him without undue delay, and the Administrator has the obligation to delete the personal data without undue delay when any of the grounds specified in Article 17 of Regulation 2016/679 apply.
14.4. Right to restriction of processing
The natural person has the right to demand from the Administrator a limitation of processing when one of the conditions specified in Article 18 of Regulation 2016/679 applies. When processing is restricted, such data are processed, with the exception of their storage, only with the consent of the individual or for the establishment, exercise or defense of legal claims or for the protection of the rights of another individual or for important reasons of public interest for the Union or a Member State. When the natural person has requested the limitation of processing, the Administrator informs him before the cancellation of the limitation of processing.
14.5. Right to data portability
The natural person has the right to receive the personal data concerning him and which he has provided to an administrator, in a structured, widely used and machine-readable format, when the processing is based on consent in compliance or on a contractual obligation and the processing is carried out by automated means way.
14.6. Right to object
The natural person has the right, at any time and on grounds related to his particular situation, to object to the processing of personal data concerning him. Pursuant to Art. 21, paragraph 4 of Regulation 2016/679, the natural person is expressly notified of the existence of the right to object, which is presented in a clear manner and separately from any other information. To fulfill this obligation, more information about the right to object can be found in the section below entitled „Right to object“.
14.7. Right to withdraw consent
The natural person has the right to withdraw the consent given by him at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal. The individual may withdraw their consent in the manner specified in section XIV of this privacy policy or by selecting the „unsubscribe“ option when receiving the newsletter.
14.8. Profiling rights
The natural person has the right not to be subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for the data subject or similarly significantly affects him.
14.9. Right to be notified of a breach of personal data security
When the breach of personal data security is likely to pose a high risk to the rights and freedoms of natural persons, the natural person must be notified without undue delay of the breach of personal data security.
14.10. Right to judicial and administrative protection
14.10.1. Right to submit a complaint to a supervisory authority
The natural person has the right to lodge a complaint with a supervisory authority, in particular in the Member State of habitual residence, place of work or place of the alleged infringement, if the natural person considers that the processing of personal data concerning him violates the provisions of the Regulation .
14.10.2. Right to an effective judicial remedy against a supervisory authority
Every natural and legal person has the right to effective judicial protection against a binding decision of a supervisory authority concerning him. Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.
14.10.3. Right to effective judicial protection against a controller or processor of personal data
Without prejudice to any available administrative or non-judicial remedies, including the right to lodge a complaint with a supervisory authority, an individual has the right to an effective judicial remedy where they consider that their rights under the Regulation have been infringed as a result of processing of his personal data, which is not in accordance with the Regulation. Proceedings against an administrator or processor of personal data shall be instituted before the courts of the Member State in which the Administrator or processor of personal data has its place of establishment.
14.11. RIGHT TO COMPENSATION FOR DAMAGES SUFFERED
Any person who has suffered material or non-material damage as a result of a violation of the Regulation has the right to receive compensation from the Administrator or personal data processor for the damage caused. Legal proceedings in connection with the exercise of the right to compensation shall be instituted before the courts of the Member State in which the Administrator or personal data processor has its place of establishment.
15. ORDER FOR EXERCISE OF RIGHTS
15.1. Individuals exercise their right to withdraw consent, the right of access, the right to erasure, rectification, the right to limit processing, the right to data portability, the right to object and the right to profiling, by submitting a written request to the Administrator (or by mail to the address specified in the Administrator’s identification above in this privacy policy or by sending an email), which should contain the following information:
• name, address and other identification data of the relevant natural person;
• description of the request;
• signature, date of submission of the request and e-mail address.
15.2. The request is made personally by the individual. The administrator files the requests submitted by individuals in a separate register.
15.3. After the natural person exercises his right of access to personal data concerning him, the Administrator verifies the identity of the natural person before responding to the request. This is necessary to minimize the risk of unauthorized data access and identity theft. In the event that the Administrator cannot identify the individual from the collected personal data, then the Administrator has the right to request a copy of documents that identify the individual (such as an identity card, driver’s license, other documents that contain personal data that may identify the natural person).
15.4. The administrator examines the request and provides the individual with information about the actions taken in relation to the request within two months of receiving the request. If necessary, this period can be extended by another month, taking into account the complexity and number of requests.
15.5. The administrator informs the individual of any such extension within one month of receiving the request, indicating the reasons for the delay. When the individual submits a request by electronic means, if possible, the information shall be provided by electronic means, unless the individual has requested otherwise.
15.6. If the Administrator does not take action on the individual’s request, the Administrator shall notify the person without delay and at the latest within one month of receiving the request of the reasons for not taking action and of the possibility of filing a complaint with a supervisory authority and seeking protection under court order.
15.7. The administrator undertakes to communicate any rectification, deletion or limitation of processing to any recipient to whom the personal data has been disclosed, unless this is impossible or requires a disproportionately large effort. The administrator informs the individual about these recipients if the individual so requests.
16. RIGHT OF OBJECTION
16.1. The natural person has the right, at any time and on grounds related to his particular situation, to object to the processing of personal data concerning him. Pursuant to Article 21, paragraph 4 of Regulation 2016/679, the natural person is expressly notified of the existence of the right to object, which is presented in a clear manner and separately from any other information. To fulfill this obligation, more information about the right to object will be provided in this section of this privacy policy.
16.2. The natural person has the right, at any time and on grounds related to his specific situation, to object to the processing of personal data concerning him, in cases where the processing is necessary for the performance of a task of public interest or in the exercise of official powers that have been granted to the Administrator or the processing is necessary for the purposes of the legitimate interests of the Administrator or a third party, except when such interests are overridden by the interests or fundamental rights and freedoms of the natural person that require the protection of personal data, more especially when the individual is a child. The administrator undertakes to stop the processing of personal data, unless he proves that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of the natural person, or for the establishment, exercise or defense of legal claims. Individuals exercise their right to object by submitting a written request to the Administrator by mail to the address specified in the Administrator’s identification above in this privacy policy or by sending an email.
16.3. When personal data is processed for the purposes of direct marketing, the natural person has the right at any time to object to the processing of personal data concerning him for this type of marketing, which includes profiling in so far as it is related to direct marketing. When the natural person objects to processing for the purposes of direct marketing, the processing of personal data for these purposes is terminated. Individuals exercise their right to object by submitting a written request to the Administrator by mail at the address indicated in the Administrator’s identification above in this privacy policy or by sending an email indicating that they do not wish to receive advertising communications.
17. LINKS, TOOLS AND CONTENT FROM OTHER COMPANIES
17.1. The website contains buttons, tools or content that link to services of other companies. All sites of such companies that can be accessed through this website are independent and the Administrator does not assume any responsibility for damages and losses resulting from the use of these sites. Individuals use these sites at their own risk and are advised to consult the relevant Privacy Policy of the respective company for more information.
18. CHANGES TO PRIVACY POLICY
18.1. This Privacy Policy may be updated at any time in the future. When this happens, the changed policy will be posted on this website with a new „Last Modified“ date at the top of this Privacy Policy and will be effective from the date of posting. Therefore, it is recommended that you periodically check this Privacy Policy to ensure that you are aware of any changes. By using the website after the updated Privacy Policy is posted, you will be deemed to agree to the changes.
19. CONTACTS
19.1. In case you have any further questions regarding this Privacy Policy, please do not hesitate to contact us at +359 88 332 52 36 or at office@3d-bewehrung.com.