General Data Protection Regulation
We believe that the data protection rights of BMG Data will be guaranteed, so we will use and put all the necessary resources and efforts to process your data in full compliance with General Data Protection Regulation (GDPR) 2016/679 (EU) and any other applicable Bulgarian legislation. Since one of the fundamental principles of this legal framework is transparency, we have prepared this document through which we want to inform you about the way we collect, use, transmit and protect your personal data when you interact with us in relation to products and services through our website.
Who are we, and how do you contact us?
BMG Data is the trade name of BMG Data Ltd., a Bulgarian corporation with headquarters in Sofia, 14, Nikola Gabrovski Str., Fl.1, with UIC 203394424 and a single tax registration number BG203394424, hereinafter “BMG Data” or “we”. For the purposes of data protection legislation, we are an administrator in the processing of your personal data.
Because your views are always important to us, and we are always ready to provide you with any additional information you may need in connection with the processing of your data, we encourage you to contact the Privacy Officer by e-mail to firstname.lastname@example.org or by post or courier to Bulgaria, 1172 Sofia, 14, Nikola Gabrovski Str., fl. 1 – by writing the following text: in connection with the protection of BMG Data’s personal data.
Which categories of personal data are we processing?
In general, we collect your personal data directly from you, so you decide what kind of information you provide us. For example, the information we get from you is the following:
– When you create a BMG Data account, you send us your e-mail address, your first and last name;
– You can also add additional information to your personal account (My Account) from the BMG Data site such as: mobile phone number, delivery address, additional e-mail address, etc .;
– When you place an order, you provide us with the following information: your desired product, your first and last name, shipping address, billing details, payment method, phone number, bank card dates.
In addition, we may collect and subsequently process certain information about your browsing behavior on our website to personalize your online experience and make suggestions that are tailored to your profile. We invite you to learn more in this regard by reading the section on processing below.
We do not collect or otherwise process sensitive data included in special categories of personal data in the General Data Protection Regulation. In addition, we do not wish to collect or process data of minors under the age of 16.
What are the purposes for the processing of Personal data?
We will use your personal data for the following purposes:
– Provide services to BMG Data in your favor;
This general objective may include, where appropriate, the following:
– creating and managing a profile on the BMG Data site;
– processing of orders, including acceptance, validation, shipping and invoicing;
– resolving issues related to order cancellations or any other issues related to orders, purchased goods or services;
– returning the products in accordance with the legal provisions;
– reimbursement of the value of the products in accordance with the legal provisions;
– Assistance, including answering your questions about your orders or BMG Data’s goods and services.
Processing your data for these purposes is in most cases necessary for the conclusion and performance of a contract between BMG Data and you. Additionally, the implementation of these goals requires processing under applicable law, including tax and accounting legislation.
Improve our services
We would always like to offer you the best shopping experience online. For this purpose, we can use certain information about your buyer behavior, invite you to fill in your satisfaction surveys after completing an order, or conduct it directly, or with partners, market research, and research.
We base our activities on our legitimate business interests by always ensuring that your fundamental rights and freedoms are unaffected.
We would like you to always be aware of the best offers for the products / services you are interested in. In this regard, we may send you all kinds of messages via e-mail channels (e-mail / SMS, etc.) that contain general and thematic information, information on similar products or products complementing the products you buy, information about offers and promotions, product information added to the Account / Carts tab and other business communications such as market research and consumer opinion polls, and we can provide personalized recommendations on the website. In order to provide you with information of interest to you, we may use certain information about your buyer behavior (for example, products / products that have been added to the list of desirable products / purchased products) to create an account. We always guarantee that this processing is done in compliance with your rights and freedoms and that the decisions taken in connection with them do not have any legal consequences for you and do not substantially affect you in a similar way.
In most cases, we require your prior consent to send you marketing messages. You can change your mind and withdraw your consent at any time like:
– Use the Unsubscribe link in the messages you receive from us;
– by contacting us using the contact details above.
In certain situations, we can base our marketing activities on our legitimate interest in promoting and developing our business. In any case, when we use your information about our legitimate interests, we take care and take the necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you may at any time, using the remedies described above, cease processing your personal data for marketing purposes and we will respond to your request.
Protecting our legitimate interests
There may be cases in which we use or transmit information to protect our rights and our commercial activities. These may include:
– measures to protect the website and users of the BMG Data platform against cyber attacks;
– measures to prevent and detect attempts of fraud, including the transmission of information to competent public authorities;
– measures to manage various other risks.
The main reason for these types of processing is our legitimate interest in protecting our business by making sure that we ensure that all the measures we undertake ensure a balance between our interests and your fundamental rights and freedoms.
In addition, in some cases, our processing is based on legal provisions such as the obligation to protect the goods and the values provided by the applicable legislation in this respect.
How long do we keep your personal data?
As a rule, we store your personal data while you have an account with BMG Data. You may always ask us to delete certain information or to close your account and we will respond to this request by retaining certain information, even after the account is closed when the applicable law or legitimate interests impose it.
Who do we send your personal information to?
As the case may be, we may transmit or give access to some of your personal data to the following categories of recipients:
– companies in the group of companies to which BMG Data belongs;
– partners of BMG Data;
– courier service providers;
– payment / banking services providers;
– Providers of marketing / telemarketing services;
– Market research service providers;
– IT service providers;
– other companies with whom we can develop joint programs to market our goods and services.
If we are legally bound or if this is necessary to protect our legitimate interests, we may disclose certain personal data to public authorities as well.
We guarantee that access to your data by third-party private parties is subject to the legal provisions on data protection and confidentiality of information, based on contracts concluded with them.
To which countries do we transmit your personal data?
We currently store and process your personal information in Bulgaria.
However, some of your personal data may be transmitted to entities located within or outside the European Union.
We will always take steps to ensure that any international transmission of personal data is carefully conducted in order to protect your rights and interests. Data transfers to service providers and other third parties will always be protected from contractual obligations and, where appropriate, from other safeguards, such as standard contract terms issued by the European Commission or certification schemes, such as the Privacy Shelf of personal data transferred from the EU to the United States of America.
You may contact us at any time by using the contact details listed above to understand the countries to which we transmit your data and what safeguards we apply to these data transmissions.
How do we protect the security of your personal data?
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures while adhering to industry standards.
We store your data on secure servers by using the latest encryption algorithms and guaranteeing back-ups.
We use VPOS payment processing to make payments. All billing information is encrypted using SSL technology.
Despite the measures we apply to protect your personal data, we are aware that, in general, the transmission of information over the Internet or other public networks is not completely safe, and there is a risk that data may be reviewed and used by unauthorized third parties. We can not take responsibility for these vulnerabilities of systems that are not under our control.
What are your rights?
The General Data Protection Regulation recognizes a number of rights in relation to your personal data. You may request access to your data, error correction in our files, and / or raise objections regarding the processing of your personal data. You can also exercise your right to file a complaint with the competent supervisory authority or the court. As the case may be, you may also have the right to request the deletion of your personal data, the right to limit the processing of your data and the right to data portability.
To exercise your rights, you can contact us using the contact details listed above. Please consider the following if you wish to exercise these rights:
Identity. We are serious about the confidentiality of all records containing personal data. For this reason, we ask that you send us your requests regarding these records using your email address listed on your BMG Data account. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.
Fees. We will not charge a fee for the exercise of any rights with respect to your personal data except when your request for access to information is unreasonable, repeated or unnecessary, in which case we will charge a reasonable amount. We will inform you of any applicable fees before considering your request.
Response time. We plan to respond to all valid requests within one month, except when the request is particularly complex or if you have made more requests, in which case we will respond within a maximum of two months. We’ll let you know if we’ll need more than a month. We may ask you to tell us exactly what you want or what you worry about. This will help us to act more quickly and shorten the time to respond to your request.
Third-party rights. We will not need to respond to a request if it affects the rights and freedoms of other data subjects in a negative way.
You can ask us:
– confirm that we process your personal data;
– provide a copy of this data;
– to provide you with information about your personal data, such as the data we have, how we use it, who we reveal, whether we pass it abroad, how we protect it, how long we keep it, what rights you have, how you can submit where we have acquired your data, as far as information has not been provided to you by this notice.
You may ask us to correct or supplement your inaccurate or incomplete personal data.
We may try to verify inaccuracies before correcting them.
You may ask us to delete your personal data, but only if:
– they are no longer necessary for the purposes for which they were collected;
– You have withdrawn your consent (if the processing of the data is based on consent);
– exercise a legitimate right of objection;
– they have been unlawfully processed;
– there is a legal obligation in this respect.
We have no obligation to honor your request for the deletion of your personal data if processing is required:
– to fulfill a legal obligation;
– to establish, exercise or defend a legal claim;
There are certain other circumstances in which we are not obliged to comply with your request for data deletion, even though these are the most likely circumstances in which we may refuse your request.
Restrict data processing
You may ask us to restrict the processing of your personal data, but only if:
– their accuracy is being challenged (see the Data Correction section) to be able to verify their accuracy;
– processing is illegal, but you do not want the data to be deleted;
– they are no longer necessary for the purposes for which they were collected, but we still need to identify, exercise or defend a legal claim;
– You have already exercised the right of objection and you are checking whether the dominance of our rights is still in place.
We may continue to use your personal data as a result of a restriction request:
– if we have your consent;
– to establish, exercise or defend a legal claim;
– to protect the rights of BMG Data or any other individual or legal entity.
You may ask us to provide your personal data in a structured, widely used and machine-readable format, or you can ask for it to be directly “transferred” to another data operator, but only if:
– the processing is based on your agreement or the conclusion of a contract with you;
– processing is carried out automatically.
Right of objection
You may object at any time for reasons related to your particular situation to the processing of your personal data based on our legitimate interests if you believe that your fundamental rights and freedoms are dominating these interests.
In addition, you may object at any time to processing your data for direct marketing purposes (including creating accounts) without giving any reason, in which case processing will be terminated at the earliest opportunity.
Making automated decisions
You can ask us not to be the subject of a decision based solely on automatic processing but only when that decision:
– it has legal consequences for you;
– it affects you in a similar way and to a great extent.
This right is inapplicable if the decision taken after an automatic decision has been taken:
– we need to make or execute a contract with you;
– is permitted by law and there are adequate safeguards for your rights and freedoms;
– is based on your explicit consent.
You have the right to complain to the local supervisory authority about the processing of your personal data. In Bulgaria, the contact details of the Data Protection Supervisor are as follows:
Personal Data Protection Commission (CPDP)
Address: Sofia 1592, “Prof. 2 Tsvetan Lazarov
Phone: 02 / 91-53-555, 02 / 91-53-519
Without prejudice to your right to contact the supervisor at any time, please contact us in advance and we promise that we will do our utmost to resolve your issues by mutual agreement.