ESBO ltd respects your privacy. Whether you deal with us as a customer, a supplier, a member of the general public, etc., you are entitled to the protection of your Personal Data. This data may relate to your name, telephone number, email address but also to other data, such as your IP, (geo-)location, etc.
In this General Privacy and Data Protection Policy (“this Policy”) we describe how we collect your Personal Data and why we collect it, what we do with your Personal Data, with whom we share it, how we protect it, and the choices you can make about your Personal Data.
This Policy applies to the processing of your Personal Data in the framework of various services, tools, applications, websites, portals, (online) sales promotions, marketing actions, sponsored social media platforms, etc. that are provided or operated by us or on our behalf.
2. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?
The entity which is responsible for the processing of your Personal Data is:
Address: Polkovnik Sava Mutkurov 53, Plovdiv, Bulgaria
E-mail: [email protected]
INFORMATION CONCERNING THE COMPETENT SUPERVISORY AUTHORITY
Name: Personal Data Protection Commission
Registered office and registered office: 1592 Sofia, Prof. Tsvetan Lazarov ”№ 2
Address: 1592 Sofia, Prof. Tsvetan Lazarov ”№ 2
Phone: 02 915 3 518
4. KEY PRINCIPLES
We value your Personal Data entrusted to us and we are committed to processing your Personal Data in a fair, transparent and secure way. The key principles ESBO ltd applies are as follows:
Lawfulness: we will only collect your Personal Data in a fair, lawful and transparent manner.
Data minimisation: we will limit the collection of your Personal Data to what is directly relevant and necessary for the purposes for which they have been collected.
Purpose limitation: we will only collect your Personal Data for specified, explicit and legitimate purposes and not process your Personal Data further in a way incompatible with those purposes.
Accuracy: we will keep your Personal Data accurate and up to date.
Data security and protection: we will implement technical and organisational measures to ensure an appropriate level of data security and protection considering, among others, the nature of your Personal Data to be protected. Such measures provide for the prevention of any unauthorised disclosure or access, accidental or unlawful destruction or accidental loss, or alteration and any other unlawful form of Processing.
Access and rectification: we will process your Personal Data in line with your legal rights.
Retention limitation: we will retain your Personal Data in a manner consistent with the applicable data protection laws and regulations and no longer than is necessary for the purposes for which they have been collected.
Protection for international transfers: we will ensure that any of your Personal Data transferred outside the EEA is adequately protected.
Safeguards towards third parties: we will ensure that Personal Data access by (and transfers to) third parties are carried out in accordance with applicable law and with suitable contractual safeguards.
Lawfulness of direct marketing and cookies: when we send you promotional materials or place cookies on your computer, we will ensure that we do so in accordance with applicable law.
5. PROCESSING OF YOUR PERSONAL DATA: WHICH PERSONAL DATA DO WE COLLECT AND ON WHICH LEGAL GROUNDS
Whenever we require your Personal Data, we will always clearly inform you which of your Personal Data we collect. This information will be provided to you through a separate privacy notice which will, for example, be included in specific services (including communication services), electronic newsletters, reminders, surveys, offers, invitations for events, etc.
Please note that in accordance with applicable data protection law, your Personal Data can be processed if:
you have given us your consent for the purposes of the Processing (as described in the privacy notice related to that particular Processing). For the avoidance of doubt, you will always have the right to withdraw your consent at any time; or
it is necessary for the performance of a contract to which you are a party; or
with such Processing, we pursue a legitimate interest that is not outbalanced by your privacy rights. Such legitimate interest will be duly communicated to you in the privacy notice related to that particular Processing.it is required by law.
6. FOR WHICH PURPOSES WE PROCESS YOUR PERSONAL DATA
We will only process your Personal Data for specified, explicit and legitimate purposes and we will not process your Personal Data further in a way that is incompatible with those purposes.
Such purpose can be the execution of an order you have placed, the improvement of your visit on one of our websites or portals, the improvement of our products and services more generally, the offering of services or applications, marketing communications and actions, etc.
7. KEEPING YOUR PERSONAL DATA ACCURATE AND UP-TO-DATE
It is important for us to maintain accurate and up-to-date records of your Personal Data. Please inform us of any changes to or errors in your Personal Data as soon as possible by contacting us in writing. We will take reasonable steps to make sure that any inaccurate or outdated Personal Data is deleted or adjusted accordingly.
8. ACCESS TO YOUR PERSONAL DATA
You have the right to access your Personal Data which we are processing and, if your Personal Data is inaccurate or incomplete, to request the rectification or erasure of your Personal Data.
9. HOW LONG DO WE KEEP YOUR PERSONAL DATA
We will keep your Personal Data in a manner consistent with applicable data protection law. We will only keep your Personal Data for as long as necessary for the purposes for which we process your Personal Data or to comply with the law or. For information on how long certain Personal Data is likely to be kept before being removed from our systems and databases, please contact us in writing.
10. PROTECTING YOUR PERSONAL DATA
We have a set of technical and organisational security measures in place to protect your Personal Data against unlawful or unauthorised access or use, as well as against accidental loss or damage to their integrity. They have been designed taking into account our IT infrastructure, the potential impact on your privacy and the costs involved and in accordance with current industry standards and practice.
Your Personal Data will only be processed by a third party Data Processor if that Data Processor agrees to comply with those technical and organisational data security measures.
Maintaining data security means protecting the confidentiality, integrity and availability of your Personal Data:
Confidentiality: we will protect your Personal Data from unwanted disclosure to third parties.
Integrity: we will protect your Personal Data from being modified by unauthorised third parties.
Availability: we will ensure that authorized parties are able to access your Personal Data when needed.
Our data security procedures include: access security, backup systems, monitoring, review and maintenance, management of security incidents and continuity, etc.
12. DISCLOSURE OF PERSONAL DATA
Depending on the purposes for which we collect your Personal Data, we may disclose it to the following categories of recipients, which will then process your Personal Data only within the framework of these purposes:
Within our organisations and our brand environment:
Our authorised staff members;
Business partners: for example, contractors or subcontractors. We ask such companies to always act in compliance with applicable laws and this Policy and to pay high attention to the confidentiality of your personal information;
Other third parties:
when required by law or as lawfully necessary to protect ESBO ltd:
to comply with the law, requests from authorities, court orders, legal procedures, obligations related to the reporting and filing of information with authorities, etc.;
And to protect the rights, property or safety of ESBO ltd Factory and/or its clients.
13. LEGAL INFORMATION
The requirements of this Policy supplement, and do not replace, any other requirements existing under applicable data protection law. In case of contradiction between what is written in this Policy and requirements in applicable data protection law, applicable data protection law will have priority.
ESBO ltd may amend this Policy at any point in time. Where this happens we will alert you of any changes and we will then ask you to re-read the most recent version of our Policy and to confirm your acceptance thereof.