Privacy policy

Mandatory Information about Data Subjects' Rights Regarding Personal Data Protection

Information about the company processing your data:

Name: ATRA 96 OOD

Headquarters and address: Plovdiv, Antim I 22

Phone: +359 884 138 832

Email: atra.socials@gmail.com

Website: [DOMAIN]

Information about the competent supervisory authority for personal data protection:

Name: Commission for Personal Data Protection

Headquarters and address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2

Correspondence address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2

Phone: 02 915 3 518

Website: www.cpdp.bg

Introduction

ATRA 96 OOD (hereinafter referred to as the "Administrator" or "Company") conducts its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council from 27 April 2016 regarding the protection of individuals with regard to the processing of personal data and the free movement of such data (GDPR). This information aims to inform you about all aspects of the processing of your personal data by the Company and the rights you have in connection with this processing.

Basis for collecting, processing, and storing your personal data:

Art. 1. The Administrator collects and processes your personal data in connection with the use of the online store www.atra-bg.com and the conclusion of contracts with the company based on Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), specifically on the following grounds:

Explicit consent obtained from you as a client;
Fulfillment of the Administrator's obligations under a contract with you;
Compliance with a legal obligation that applies to the Administrator;
For the purposes of the legitimate interests of the Administrator or a third party;

Purposes and principles of collecting, processing, and storing your personal data:

Art. 2. (1) We collect and process personal data that you provide in connection with the use of the online store and the conclusion of a contract with the company, including for the following purposes:

Creating a profile and providing full functionality when using the online store;
Conclusion and execution of a distance contract;
Individualization of the contracting party;
Accounting purposes;
Statistical purposes;
Protection of information security;
Ensuring the execution of the service contract.
Sending a newsletter if you have expressed a desire;

(2) We adhere to the following principles when processing your personal data:

Lawfulness, good faith, and transparency;
Purpose limitation;
Data minimization;
Accuracy and currency of data;
Storage limitation for the achievement of purposes;
Integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.

(3) When processing and storing personal data, the Administrator may process and store personal data to protect the following legitimate interests:

Fulfillment of obligations to the National Revenue Agency, Ministry of Interior, and other state and municipal authorities.

What types of personal data our company collects, processes, and stores:

Art. 3. (1) The Company performs the following operations with the personal data you provide for the following purposes:

Registration of a user in the online store and execution of a distance sales contract – the purpose of this operation is to create a profile for using the online store to purchase goods and provide contact information for delivering purchased goods. Registration and profile creation for using the online store is not a mandatory step in providing the service and it is significantly available without creating a profile.

Conclusion from the impact assessment: Based on the impact assessment, the operation "Registration of a user in the online store and execution of a distance sales contract" is permissible and provides sufficient guarantees for the protection of the rights and legitimate interests of data subjects in accordance with GDPR requirements.

Conclusion and execution of a commercial transaction with a client or partner – the purpose of this operation is to conclude and execute a contract with a commercial partner or client and its administration. Given the limited scope of collected personal data and the fact that some of them are collected from publicly accessible sources, an impact assessment is not necessary.
Sending a newsletter – the purpose of this operation is to administer the process of sending newsletters to clients who have requested to receive them. Given the limited scope of collected personal data, an impact assessment is not necessary.
Exercising the right to withdraw or make a claim – the purpose of this operation is to administer the process of exercising the right to withdraw or make a claim by the client. Given the limited scope of collected personal data, an impact assessment is not necessary.

(2) The Administrator processes the following categories of personal data and information for the following purposes and on the following grounds:

Your identifying data (email, name, etc.)

Purpose for which the data is collected:

Establishing contact with the user and sending information;
For registration purposes in the online store;
For sending a newsletter;

Basis for processing your personal data – By accepting the general terms and conditions and registering in the online store or placing an order without registration, or by concluding a written contract, a contractual relationship is established between the Administrator and you, on the basis of which we process your personal data – Art. 6, para. 1, b. (b) GDPR. Your data for sending a newsletter is processed based on your explicit consent – Art. 6, para. 1, b. (a) GDPR.

Data for delivery (names, phone, address, etc.)

Purpose for which the data is collected: Fulfillment of the Administrator's obligations under a sales contract and delivery of purchased goods.

Additional data provided by you – If you wish to complete your profile, you can fill in data such as name, surname, phone number.

Purpose for which the data is collected: Completing user information in their account.

Basis for processing the data: You have given explicit consent for processing your personal data for one or more specific purposes – Art. 6, para. 1, b. (a) GDPR at the time of registration in the online store. Providing this data is not mandatory for registration in the online store.

(3) The Administrator does not collect and process personal data related to:

racial or ethnic origin;
political, religious, or philosophical beliefs, or membership in trade unions;
genetic and biometric data, health data, or data on sexual life or sexual orientation.

(4) Personal data is collected by the Administrator from the individuals to whom it pertains.

(5) The Company does not perform automated decision-making with data.

Data retention period

Art. 6. (1) The Administrator retains your personal data for a period no longer than the existence of your profile in the online store. After deleting your profile, the Administrator takes the necessary measures to delete and destroy all your data without unnecessary delay or to anonymize it (i.e., to make it so that it does not reveal your identity).

(2) The Administrator processes your personal data provided when placing an order without registration in the online store until the order is completed, unless you have given your explicit consent when placing the order for the data to be processed for the purposes of improving the service, providing recommended content for you, individual conditions, promotions, and for statistical purposes.

(3) The Administrator retains your personal data provided in connection with online orders for a period of 5 years to protect the Administrator's legal interests in judicial or administrative disputes with users of the online store.

(4) The Administrator will notify you if the data retention period needs to be extended to comply with a legal obligation or for the Administrator's or another's legitimate interests.

(5) The Administrator retains personal data required by applicable law for the respective statutory period, which may exceed the duration of your profile in the online store or until the order is completed.

Transfer of your personal data for processing

Art. 8. (1) The Administrator may at its discretion transfer part or all of your personal data to data processors for the purposes of processing, which you have consented to, in compliance with the requirements of Regulation (EU) 2016/679 (GDPR).

(2) The Administrator will notify you if it intends to transfer part or all of your personal data to third countries or international organizations.

Your rights regarding the collection, processing, and storage of your personal data

Withdrawal of consent for processing personal data

Art. 9. (1) If you do not wish the personal data you have provided to be processed for marketing purposes and receiving a newsletter, you can withdraw your consent for processing at any time by filling out the consent withdrawal form in Appendix No. 1 or by sending a free-text request via email.

(2) After receiving your request, we will send an email to the address you provided for receiving newsletters and promotional messages with detailed instructions for verifying you as a recipient of newsletters and a subject of personal data for which consent withdrawal is requested.

(3) Withdrawal of consent does not affect the lawfulness of the processing of personal data that the Administrator has carried out up to that point.

Right of access

Art. 10. (1) You have the right to request and receive from the Administrator confirmation whether personal data related to you is being processed by sending a free-text request via email.

(2) You have the right to access the data related to you, as well as to information regarding the collection, processing, and storage of your personal data.

(3) After receiving your request, we will send an email to the address you used for registration or placing orders in the online store with detailed instructions for verifying you as a subject of personal data to which access is requested.

(4) After verification, the Administrator provides you, upon request, with a copy of the personal data being processed related to you in electronic or other appropriate formats.

(5) Access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repeat or excessive requests.

Right to rectification or completion

Art. 11. (1) You can correct or complete inaccurate or incomplete personal data related to you at any time through the "Profile Edit" option.

(2) You can correct or complete inaccurate or incomplete personal data related to you directly through your profile on the website or by sending a request to the Administrator via email using the form in Appendix No. 4 or through a free-text request.

Right to deletion ("right to be forgotten")

Art. 12. (1) You have the right to request the Administrator to delete part or all of the personal data related to you, and the Administrator has the obligation to delete it without undue delay when any of the following grounds exist:

The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
You withdraw your consent on which the processing is based and there is no other legal basis for the processing;
You object to the processing of personal data related to you, including for the purposes of direct marketing, and there are no legitimate grounds for the processing that override the objection;
The personal data has been unlawfully processed;
The personal data must be deleted to comply with a legal obligation under EU law or the law of a member state to which the Administrator is subject;
The personal data has been collected in connection with the offering of information society services.

(2) The Administrator is not obligated to delete the personal data if it processes it:

For the exercise of the right of freedom of expression and information;
To comply with a legal obligation requiring processing under EU law or the law of a member state to which the Administrator is subject, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Administrator;
For reasons of public interest in the area of public health;
For archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes;
For the establishment, exercise, or defense of legal claims.

(3) To exercise your right to be forgotten, you must send an email request for the deletion of your personal data that the Administrator processes, by filling out the form in Appendix No. 2 or through a free-text request, after which the Administrator will send an email to the address you used for registration or placing orders in the online store with detailed instructions for verifying you as a user of the store and a subject of personal data for which deletion is requested.

(4) After verifying the identity of the person who made the request and the person to whom the data relates, in accordance with the instructions sent, we will delete all data we process about you.

(5) If you have placed an order that is in process, the earliest moment you can request to be "forgotten" is upon the successful completion of the order.

Right to restriction of processing

Art. 13. You have the right to request the Administrator to restrict the processing of personal data related to you by sending a free-text request via email when:

You contest the accuracy of the personal data, for a period enabling the Administrator to verify the accuracy of the personal data;
The processing is unlawful, but you do not want the personal data to be deleted but only its use restricted;
The Administrator no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise, or defense of legal claims;
You have objected to processing pending the verification whether the legitimate grounds of the Administrator override your interests.

(2) After receiving your request, we will send an email to the address you used for registration or placing orders in the online store with detailed instructions for verifying you as a user of the store and a subject of personal data for which processing restriction is requested.

(3) After verification, the Company will cease processing your data but will not delete any publications you may have made in the online store if any.

Right to data portability

Art. 14. (1) If you have consented to the processing of your personal data or the processing is necessary for the performance of the contract with the Administrator, or if your data is processed by automated means, you may:

Request the Administrator to provide your personal data in a readable format and transfer it to another Administrator;
Request the Administrator to transfer your personal data directly to a specified Administrator, where technically feasible.

(2) You can exercise your right to data portability by sending an email with the completed form in Appendix No. 3 or a free-text request, after which the Administrator will send an email to the address you used for registration or placing orders in the online store with detailed instructions for verifying you as a user of the store and a subject of personal data for which portability is requested.

(3) After verification, the Company will send the data it processes about you in XML format to the email specified by you.

Right to receive information

Art. 15. You can request the Administrator to inform you about all recipients to whom personal data, for which rectification, deletion, or restriction of processing has been requested, has been disclosed. The Administrator may refuse to provide this information if it would be impossible or require disproportionate effort.

Right to object

Art. 16. You may object at any time to the processing of personal data by the Administrator relating to you, including for the purposes of profiling or direct marketing.

Your rights in the event of a personal data breach

Art. 17. (1) If the Administrator detects a personal data breach that may result in a high risk to your rights and freedoms, it shall notify you without undue delay of the breach and the measures taken or to be taken.

(2) The Administrator is not required to notify you if:

It has implemented appropriate technical and organizational measures to protect the data affected by the breach;
It has taken subsequent measures ensuring that the breach does not result in a high risk for your rights;
Notification would require disproportionate effort.

Entities to whom your personal data is disclosed

Art. 18. (1) For the purposes of processing your personal data and providing the service in its full functionality and in view of your interests, the Administrator may disclose the data to the following entities that process data:

Data Processor

Purpose of personal data processing

(2) Data processors comply with all requirements for lawfulness and security in processing and storing your personal data.

Art. 19. The Administrator does not transfer your data to third countries.

Your cart is empty

Your cart

Estimated total

Privacy policy

Language