Who processes and is responsible for your personal data?
Categories of personal data, processed by Delicatessen
1. Delicatessen can processes publicly available personal data and/or personal data provided by you. The main types of personal data, which are processed are:
1.1. Personally identifiable information (name);
1.2. Contact information (including real and online addresses, phone numbers, fax numbers, and others);
1.3. Information of representation (legal representation or appointed as such) for legal persons;
1.4. Data regarding communication between Delicatessen and you, browsing habits, browsing preferences, and satisfaction ratings (activity in service usage, complaints, requests, etc.)
1.5. Information regarding visits and usage of the Website, including operations and usage histories.
1.6. Data, received when fulfilling responsibilities, resultant of legal pressures (such as data requests by law authorities or courts);
1.7. Data from the profile in the Website (including name, real and online address, telephone number and others).2. Delicatessen can process data, created and generated by Delicatessen in the process of providing our services:
2.1. Data regarding the device used on the Website, the type of device used, the operating system of the device used, the IP address, the location of the device;
2.2. IP addresses collected when the site is used (anonymized);
2.3. Data regarding your preferred services and products;
2.4. Information regarding the visitation of the Website and the usage of the Website, including operations and usage history of the Website.
2.5. Data, received when fulfilling responsibilities, resultant of legal pressures (such as data requests by law authorities or courts);
2.6. Video recordings when visiting the shops or the central office;
3. With the aim of improving our services and better fulfilling our responsibilities, Delicatessen has the rights to process all data, which is available in public registries (including public databases online) as well as information received by third-parties in regards to fulfillment of legal requirements.
4. Delicatessen has the right and obligation to confirm the validity of the personal data, recorded in our database, for which purpose it requires for you to verify the data provided, and correct them if necessary.
5. Different types of personal information can be processed independently or in conjunction with others.
Goals and legal grounds for processing personal data
1. Processing of personal data, which is necessary for the signing or performance of contracts with us or in regards to the preparation of the signing of contracts with us. Delicatessen processes your data for the following reasons:
1.1. Identification of clients when signing new contracts or altering existing contracts with us, clarifications of the used services, or the performance of signed contracts;
1.2. Preparation of proposal contracts, sending of contractually binding information;
1.3. Performance of responsibilities resultant of contracts signed with you or a company represented by you, application of rights and assurance of compliance with contracts.
1.4. Administration and response to client complains/inquiries/petitions/claims; returning of money and products; replacement of products;
1.5. On to Technical assistance for the creation of account(s) and the recovery of lost passwords for access to the Website and for electronic invoices;
1.6. Technical maintenance and the removal of all technical difficulties - on location or through remote access to your device;
1.7. Payment of obligations, rescheduling of amounts due; management of debt collection;
1.8. Warranty and service;
1.9. Updating of proposals to dealers; sharing of important information in regards to changes in our policies or other administrative information;
1.10 Control and administration of actions; in online shopping; control of payments.
2. In our performance of legal duties, Delicatessen processes your data for the following reasons:
2.1. Creation of invoices;
2.2. To carry out tax and social security control by the relevant authorities;
2.3. Fulfillment of responsibilities in regards to the sales from distance, sales outside of the commercial site, as described in the applicable customer protection laws;
2.4. Providing information to the Commission for personal data protection in regards to legal obligations, in compliance with data protection regulations - Regulation (EU) 2016/679 on the 27th of April 2016 and others;
2.5. Responsibilities, as written in the applicable accounting, tax, and social security laws and other normative measures, in regards to proper and legal accounting.
3. Delicatessen processes data provided with explicit written consent from the client for the following reasons:
3.1. Creation and management of a personal project on the Website; technical assistance in the creation of account(s) and the restoration of forgotten passwords for access to the Website;
3.2. Direct marketing of products and services;
3.3. Participation and management of surveys, promotional games, and promotional campaigns;
3.4. Participation in and the creation of loyalty client cards.
4. Data processing is necessary for the purposes of the legitimate interests of Delicatessen.
4.1. For the purposes of security and the protection of property, interests, and securities of Delicatessen, its customers and its employees, Delicatessen uses CCTV cameras and other recording equipment
4.2. Surveying and assessing customer satisfaction, as well as the efficacy of advertising, which we offer, and to answer to your expectations, by providing adequate advertising.
4.3. Analysis of purchase data, user preferences and client behavioral habits;
4.4. Guarantee the quality of client service through video and audio recordings.
Categories of third-parties which have access and process your personal data
1. Transport/courier companies and postal operators in regards to the fulfillment of contractual obligations and sending correspondences and communications in regards to contracts between you and Delicatessen;
2. Persons, who Delicatessen hires to maintain software and equipment, needed to processes your personal data;
3. Debt collectors, notaries, lawyers, prosecutors, or other third persons, in the case of when the client cannot fulfill their contractual obligations;
4. Banks which process payments made from you;
5. Persons, to whom Delicatessen has placed the responsibilities of handling certain products or services which we are performing for you;
6. Persons in consulting positions to Delicatessen such as lawyers, accountants, etc;
7. Agencies, institutions, or persons, to whom we are obligated to provide your personal data due to existing laws;
8. Licensed security contractors who process the video footage from the offices and locations of Delicatessen or maintain other registers in the process of securing the perimeter of said offices or locations.
Access and processing of data by third parties
The data which we collect from you is stored inside of the European Economic Area (EEA), but can also be moved outside of the EAA for processing. In any case, the transfer of your personal data will be carried out in compliance with the applicable laws. For transfers outside the EEA, Delicatessen will use the Standard contractual agreements and the Protection of privacy of personal data for countries where adequate privacy protection measures have not been taken by the European Commission. To be able to provide enough of a guarantee in regards to the protection of privacy and the protection of your rights and freedoms when transfering the data for processing outside the EEA, we (as Administrators) decide upon the purpose and the means of the data processing. Additionally, with every agreement we sign, we also sign a privacy agreement. The data processing agreement is pursuant of the decision of the Commission on the 5th of February 2010 in regards the standard contractual clauses when transferring personal data to the persons who will process it, when they are based in third countries (published pursuant to Directive 95/46/E0 of the European Parliament and Council), as it is altered with Decision of the Commission (EU) 2016/2297 from the 16th of December 2016 for the agreement upon the standard contractual clauses, which the Commission deems appropriate in that they provide enough guarantees for the protection of personal privacy and the basic rights and freedoms of natural persons, as well as in regards to the practice of said rights.
For how long is your data stored
The duration of the storage of your personal data depends on the purposes for which it is collected:
1. Personal data, processed with the aim of signing/or altering contracts between Delicatessen and you or a company represented by you are stored for the duration of the contract or until the finalization of all financial obligations between the signees. Delicatessen may store some of your personal data for longer durations -- until the expiry of the limitation period for the purposes of protection in the case of eventual claims by clients in regards to the performance or cancelation of contracts with us, as well as for a longer period in the case of an existing legal dispute in regards to the contract itself;
2. Personal data, processed in the aim for the creation of accounting or financial documents for the purposes of tax and social security control, such as invoices, debit notices, credit notices, protocols or contracts are stored for at least 11 years after the limitation period for the repayment of claims, unless the applicable legislation does not demand an even longer period;
3. Personal data, processed in the aim of the management of your profile in the Website, is stored until the explicit withdrawal of the agreement or until receiving a complaint for the processing of personal data;
4. Personal data, processed to be used in direct marketing, is stored until the explicit withdrawal of the given permission for direct marketing or until receiving a complaint for the processing of personal data;
5. Data from video footage of CCTV security cameras is stored for 30 (thirty) days after the creation of said footage.
You rights in regards to the processing of your personal data
In regards to the processing of personal data, you have the following rights, which you are free to exercise at any moment, while we store or process your personal data, by sending a request to the address of Delicatessen, as stated above, or by sending an email firstname.lastname@example.org. You have the right to request Delicatessen to:
• Send you a copy of your personal data at any time;
• Correct without unnecessary delay incorrect or inaccurate personal data, as well as data that is outdated;
• Send you your personal data in a format that is convenient for other administrators to handle (right to transferability);
• Delete your personal data without unnecessary delay in the case of a legal reason to do so;
• Limit the processing of your personal data, in which case your personal data will only be stored and not processed. Our denial for this request can be explicitly stated in writing and we are necessary to have legal grounds to deny the request.
You also can:
• Withdraw your agreement to personal data processing with a request send to Delicatessen;
• Deny the processing of your personal data;
• Deny automated profiling and data processing;
• Request not to be an object of decision based solely on automatic processing and profiling;
2. You have the right to complain to the relevant oversight authorities
You can send complaints directly to the relevant authorities, which in this case is the Commission for personal data protection, Address: Sofia 1592, 2 Prof. Cvetan Lazarov Boulevard (www.cpdp.bg)
In the case that you want to lodge a complaint in regards to the processing of your personal data, you can do so at this address.
3. Automated decision making
The Administrator does not use your personal data for automated decision making. In the case that we want to use automated decision making, you have the right to be informed about that as well as to receive information about the decision making logic used to process your personal data.
4. Denial of direct marketing
You have the right to deny the processing of your date for future purposes of direct marketing or advertising, as well as deny their transfer to third parties and deny third parties the right to use your data for direct marketing or advertising. To do so, you can send an electronic message detailing your specific request about our use of your data for direct marketing or advertising at email@example.com
5. Can you deny giving your personal data to Delicatessen and what are the consequences of this?
For us to sign a contract with you and to provide you with our services in accordance to our legal and contractual obligations, Delicatessen needs some personal data, which allow for the identification of the contract holder, as well as contact and payment information.
Your denial to provide such data prevents us from being able to sign any contracts.
How we protect your data
Delicatessen employs organization, physical, technological, and other necessary measures to guarantee the security and protection of your personal data and also monitors the processing of said data. Along with others, these measures include the following:
- Delicatessen has established certain procedures in the processing, registry, and storage of your personal data with internal protocols, the compliance with which is monitored constantly;
- The access that Delicatessen employees have to your personal data and the permissions they have to process your personal data is limited, in accordance to the employees role and obligations;
- Delicatessen has established obligations for their employees in regards to privacy;
- Access to office equipment and computers of Delicatessen is limited;
- We apply all necessary organizational and technical measures, as described in the GDPR, as well as best practices as outlined in international standards;
- In the pursuit of maximum security in processing, transferring, and storing of your data, we may use additional security measures such as encryption, anonymization, and others. The security measures we take are subject to constant improvement and adaptation to the newest technologies.
Connections to other websites
Personal data of childrenWe do not intentionally collect data of children under 14 years of age. If find out that we have collected the personal data of a child under 14 years of age, we will take the necessary actions to remove the information as soon as possible.