General Data Protection Regulation
Data processed for the purposes of creating and managing an account on the site
Personal data protection policy
15 March 2021 г.
What are the purposes and grounds for processing your personal data? How long do we store your personal data?
Data processed for the purposes of creating and managing an IEES website account.
Creating an account on our site is possible after filling out a registration form containing the fields required. The personal data you fill in for the purpose of creating an account on our website includes:
- First Name (mandatory);
- Last Name (mandatory);
- Email address (mandatory);
- Phone (optional);
- Middle name (optional);
- If you need an invoice, we require data mandatory for invoicing: your name, Financially Liable Person (FLB), address, UIC, VAT.
We collect these personal data so that we can identify you and such that you can place orders and acquire services expediently. We may also process certain of your personal data for the purpose of managing the account created by you - for example, to forward a message of successful account registration, information pertaining to the recovery of a forgotten password and other messages.
The creation of an account by filling out the registration form is entirely voluntary. We process your personal data provided to us when registering for an account on our website, based on your consent provided when you first log in to your account. The personal data provided by you when registering for an account on our website will be stored by us for the entire period while your registration is maintained.
Data processed following registration and payment through the IEES-BAS "Acad. Evgeni Budevski" wesite.
As a registered user of our website, you have the opportunity to purchase the services and products we offer. When placing orders and services through our website, sometimes we process additional information, including:
- Postal address;
- Phone number.
The personal data provided by you are processed for the following purposes:
- Execution and processing of orders for services and other products offered by us;
- Sending a confirmation by e-mail as regards the status of your order;
- Processing your payment for purchased (items, services, inventory);
- Delivery of the products purchased by you to your address;
- Correspondence maintenance in connection with orders and product deliveries.
The basis for data processing is the conclusion and execution of a contract for the sale of a chosen service or product by you. Your personal data pertaining to the purchases you have made through our website, including your identification data, which are necessary in order to comply with our legal obligations under the tax and accounting legislation, as well as for protection in the event of legal disputes, may be stored for a maximum period of 10 years as established in the tax and accounting legislation.
Personal data processed in order to comply with our legal obligations
When you purchase a service or product from us, some legal obligations arise for us. In order to comply with them, we must process your personal data, including your identification data, contact details and other information provided to us by you.
For example, we may process your personal data for the purpose of issuing an invoice and complying with our obligations as a supplier within the meaning of the Value Added Tax Act. In addition, according to the applicable accounting and tax legislation, we are obliged to file an accounts report registering the invoices issued and taxes incurred.
Your data may also be processed in order to fulfill our obligations under the applicable consumer law - for example, when filing complaints, refusing a purchase, return of products purchased and restoration of their value equivalent, resolving consumer disputes and the like.
The reason for processing these personal data is precisely the fulfillment of the obligations provided by the law.
Your personal data processed for the purposes of issuing invoices and fulfilling other legal obligations under our tax, accounting, consumer and other laws may be stored for a maximum statutory period of 10 years, starting from January 1 of the year following the year, during which the taxes due for the sales made by us had to be paid.
Data collected through “cookies”
We may analyze the use of our website with the aid of cookies, through which we collect information about the device or devices you use or have used to access our website (Example the brand and model of your device, operating system, browser or IP address) and also how you use the e-bookstore. We do not store your emails, names or other personal information, we do not store or access information about websites you visit other than our website, or any other information not described in this Policy.
Data processed for the purposes of our legitimate interests
We may process your identification data, data on orders and purchases made by you through our e-bookstore, data on payments made by you, data on questions sent by you, complaints and the like, so that we can protect ourselves in case of legal claims filed by you against us.
Също така можем да обработваме Вашите идентификационни данни с цел включването Ви в нашата електронна база данни с клиенти с цел улеснено и по-бързо издаване на фактура за извършени от Вас покупки не само от електронната ни книжарница, но и от всяка наша физическа книжарница в цялата страна.
We may also process your identification data in order to include you in our electronic customer database to facilitate a speedy issuance of invoices for purchases made by you not only from our e-bookstore, but also from each of our hard-book stores throughout country.
We will process these personal data only if your interests, fundamental rights and freedoms that require the protection of personal data do not take precedence over our legitimate interest.
The basis for processing your data is the protection of our legitimate interest to protect ourselves in the event of legal claims in connection with purchases made from our e-bookstore, as well as to maintain a database of our customers in order to easily and quickly issue invoices from any of our hard-book stores and electronic bookstore.
The data processed for the purpose of protection against legal claims will be stored by us until the expiration of the 5-year limitation period for filing legal claims in accordance with the Law on Obligations and Contracts.
To whom can we disclose your personal data?
We work with partners and providers who may process your personal data as independent personal data administrators or act on our behalf as processors of personal data. We disclose to these recipients only those personal data of yours that are minimally necessary to effectuate the respective service. In addition, when we disclose your data to processors on our behalf, we take all necessary measures to ensure that your data is processed in compliance with all legal requirements and that the processor has taken the necessary technical and organizational measures to protect the data.
The persons to whom we may disclose your personal data include payment service providers who will process your payment for the products you have purchased and courier service providers that will deliver the purchased products to you.
We may also disclose some of your data to our accounting service providers for the purpose of recording issued invoices and other accounting documents in our accounting records.
Upon request from state authorities in accordance with the applicable legislation (example NRA, Consumer Protection Commission, courts, etc.) we may be legally obliged to disclose your personal data to these authorities.
What are your rights as regards the protection of your personal data?
Right of access
You have the right to ask us to confirm whether we are processing your personal data and, if so, to access this data and information about the purposes of processing, deadlines and recipients of personal data. We will provide you with free access to your data, and upon request we will provide you with a copy of the data.
Right of correction
You have the right to request a correction of inaccuracies in your personal data or addendum to incomplete personal data.
Right to “forfeit recall”
You have the right to request that we delete personal data relating to you that are no longer necessary for the purposes for which they were collected, or in respect of which you have withdrawn your consent to processing or exercised your right to object to processing. In certain legal cases, we may refuse to delete your personal data.
Right to limit processing
In certain cases, you may ask us to restrict the processing of your personal data, in which case it will only be stored, but not otherwise processed.
Right to data portability
You have the right to receive the data we process for you in a structured, widely used and machine-readable format, as well as to transfer the data to another administrator. .
Right to object to processing
You have the right to object to the processing of your personal data for the purposes of direct marketing and profiling related to direct marketing. If you make such a remonstrance, we will discontinue the use of your data for direct marketing.
Right to withdraw consent
You have the right to withdraw your consent to the processing of your personal data at any time, this does not affect the lawfulness of processing based on consent before it is withdrawn.
Right to appeal
You have the right to lodge a complaint with the Data Protection Commission if you believe that there has been a breach of the applicable data protection legislation.
You may contact us to ask questions regarding the processing of your personal data, including in connection with the exercise of your rights as described in this Policy, as follows:
Post: Acad. Georgi Bonchev Str., block 10, Sofia - 1113,
Email address: firstname.lastname@example.org
Phone: +359 2 979 27 48
Contact person: Bistra Nikolova, Data Protection Officer.
In order to exercise your rights related to the protection of personal data, it is sufficient to send us a statement, which should contain:
- your name, address and other identification data that will allow us to identify you unambiguously;
- description of your request;
- preferred form of communication.