Privacy Policy and Personal Data Protection
Anira Trading Ltd. – Delicatessen, values the sanctity of the private lives of its clients and guarantees the highest degree of protection of their personal data. The current Privacy Policy and Personal Data Protection (also called “Privacy Policy”) is created based on the current bulgarian and european laws regarding data protection. The current Privacy Policy regulates the processing of the personal data of both legal and natural persons who are our clients and clients of our website – www.delicatessen.bg (“the Website”) in regards to services offered by Delicatessen,
including those provided through the Website. The current Privacy Policy, in combination with the Terms of Service, detail the rules which Delicatessen follows when processing the personal data, which we collect from you or for you, or which we provide for you. The current Privacy Policy does not attempt to infringe, annul, or limit your rights, as given to you by the General Data Protection Regulation (“GDPR”) or other applicable privacy laws. If you have any questions or comments regarding the current Privacy Policy, please contact us at info@delicatessen.bg
Please read this Policy carefully and thoroughly before using the Website or providing your personal data, regardless of whether you read it on the Website or in paper form, because by using the Website and providing us with your personal data, you agree to it. If you do not want us to process your data in the way described by the Privacy Policy, do not provide it to us. The act of providing personal data is completely voluntary, regarding the usage of certain services provided by us through the usage of the Website. Please keep in mind that in certain cases we cannot provide you certain services without the necessary data. Please also keep in mind that in
some cases, your consent to data processing is not necessary, if Delicatessen has other legal reasons to process your data such as in pursuance of government and legal compliance.
Who processes and is responsible for your personal data?
Anira Trading Ltd. is a company, registered in the Bulgarian Trade Registry through the Registry Agency with the Unified Identification Code 202541227, which collects, processes, and stores your personal data in the conditions described in this Privacy Policy. Delicatessen is an administrator of said data in accordance with the GDPR. You can contact us on any of the following: Address: Sofia, 76 D Akademik Stefan Mladenov street, Telephone: +359 2 4 266 466; +359 882 10 46 82; E-mail: info@delicatessen.bg
Categories of personal data, processed by Delicatessen
1. Delicatessen can processes publicly available personal data and/or personal data provided by you. The main types of personal data, which are processed are:
1.1. Personally identifiable information (name);
1.2. Contact information (including real and online addresses, phone numbers, fax numbers, and others);
1.3. Information of representation (legal representation or appointed as such) for legal persons;
1.4. Data regarding communication between Delicatessen and you, browsing habits, browsing preferences, and satisfaction ratings (activity in service usage, complaints, requests, etc.)
1.5. Information regarding visits and usage of the Website, including operations and usage histories.
1.6. Data, received when fulfilling responsibilities, resultant of legal pressures (such as data requests by law authorities or courts);
1.7. Data from the profile in the Website (including name, real and online address, telephone number and others).
2. Delicatessen can process data, created and generated by Delicatessen in the process of providing our services:
2.1. Data regarding the device used on the Website, the type of device used, the operating system of the device used, the IP address, the location of the device;
2.2. IP addresses collected when the site is used (anonymized);
2.3. Data regarding your preferred services and products;
2.4. Information regarding the visitation of the Website and the usage of the Website, including operations and usage history of the Website.
2.5. Data, received when fulfilling responsibilities, resultant of legal pressures (such as data requests by law authorities or courts);
2.6. Video recordings when visiting the shops or the central office;
3. With the aim of improving our services and better fulfilling our responsibilities, Delicatessen has the rights to process all data, which is available in public registries (including public databases online) as well as information received by third-parties in regards to fulfillment of legal requirements.
4. Delicatessen has the right and obligation to confirm the validity of the personal data, recorded in our database, for which purpose it requires for you to verify the data provided, and correct them if necessary.
5. Different types of personal information can be processed independently or in conjunction with others.
Goals and legal grounds for processing personal data
1. Processing of personal data, which is necessary for the signing or performance of contracts with us or in regards to the preparation of the signing of contracts with us.
Delicatessen processes your data for the following reasons:
1.1. Identification of clients when signing new contracts or altering existing contracts with us, clarifications of the used services, or the performance of signed contracts;
1.2. Preparation of proposal contracts, sending of contractually binding information;
1.3. Performance of responsibilities resultant of contracts signed with you or a company represented by you, application of rights and assurance of compliance with contracts.
1.4. Administration and response to client complains/inquiries/petitions/claims; returning of money and products; replacement of products;
1.5. On to Technical assistance for the creation of account(s) and the recovery of lost passwords for access to the Website and for electronic invoices;
1.6. Technical maintenance and the removal of all technical difficulties – on location or through remote access to your device;
1.7. Payment of obligations, rescheduling of amounts due; management of debt collection;
1.8. Warranty and service;
1.9. Updating of proposals to dealers; sharing of important information in regards to changes in our policies or other administrative information;
1.10 Control and administration of actions; in online shopping; control of payments.
2. In our performance of legal duties, Delicatessen processes your data for the following reasons:
2.1. Creation of invoices;
2.2. To carry out tax and social security control by the relevant authorities;
2.3. Fulfillment of responsibilities in regards to the sales from distance, sales outside of the commercial site, as described in the applicable customer protection laws;
2.4. Providing information to the Commission for personal data protection in regards to legal obligations, in compliance with data protection regulations – Regulation (EU) 2016/679 on the 27th of April 2016 and others;
2.5. Responsibilities, as written in the applicable accounting, tax, and social security laws and other normative measures, in regards to proper and legal accounting.
3. Delicatessen processes data provided with explicit written consent from the client for the following reasons:
3.1. Creation and management of a personal project on the Website; technical assistance in the creation of account(s) and the restoration of forgotten passwords for access to the Website;
3.2. Direct marketing of products and services;
3.3. Participation and management of surveys, promotional games, and promotional campaigns;
3.4. Participation in and the creation of loyalty client cards.
4. Data processing is necessary for the purposes of the legitimate interests of Delicatessen.
4.1. For the purposes of security and the protection of property, interests, and securities of Delicatessen, its customers and its employees, Delicatessen uses CCTV cameras and other recording equipment
4.2. Surveying and assessing customer satisfaction, as well as the efficacy of advertising, which we offer, and to answer to your expectations, by providing adequate advertising.
4.3. Analysis of purchase data, user preferences and client behavioral habits;
4.4. Guarantee the quality of client service through video and audio recordings.
Categories of third-parties which have access and process your personal data
1. Transport/courier companies and postal operators in regards to the fulfillment of contractual obligations and sending correspondences and communications in regards to contracts between you and Delicatessen;
2. Persons, who Delicatessen hires to maintain software and equipment, needed to processes your personal data;
3. Debt collectors, notaries, lawyers, prosecutors, or other third persons, in the case of when the client cannot fulfill their contractual obligations;
4. Banks which process payments made from you;
5. Persons, to whom Delicatessen has placed the responsibilities of handling certain products or services which we are performing for you;
6. Persons in consulting positions to Delicatessen such as lawyers, accountants, etc;
7. Agencies, institutions, or persons, to whom we are obligated to provide your personal data due to existing laws;
8. Licensed security contractors who process the video footage from the offices and locations of Delicatessen or maintain other registers in the process of securing the perimeter of said offices or locations.
Access and processing of data by third parties
The data which we collect from you is stored inside of the European Economic Area (EEA), but can also be moved outside of the EAA for processing. In any case, the transfer of your personal data will be carried out in compliance with the applicable laws. For transfers outside the EEA, Delicatessen will use the Standard contractual agreements and the Protection of privacy of personal data for countries where adequate privacy protection measures have not been taken by the European Commission. To be able to provide enough of a guarantee in regards to the protection of privacy and the protection of your rights and freedoms when transfering the data for processing outside the EEA, we (as Administrators) decide upon the purpose and the means of the data processing. Additionally, with every agreement we sign, we also sign a privacy agreement. The data processing agreement is pursuant of the decision of the Commission on the
5th of February 2010 in regards the standard contractual clauses when transferring personal data to the persons who will process it, when they are based in third countries (published pursuant to Directive 95/46/E0 of the European Parliament and Council), as it is altered with Decision of the Commission (EU) 2016/2297 from the 16th of December 2016 for the agreement upon the standard contractual clauses, which the Commission deems appropriate in that they provide enough guarantees for the protection of personal privacy and the basic rights and freedoms of natural persons, as well as in regards to the practice of said rights.
For how long is your data stored
The duration of the storage of your personal data depends on the purposes for which it is collected:
1. Personal data, processed with the aim of signing/or altering contracts between Delicatessen and you or a company represented by you are stored for the duration of the contract or until the finalization of all financial obligations between the signees. Delicatessen may store some of your personal data for longer durations — until the expiry of the limitation period for the purposes of protection in the case of eventual claims by clients in regards to the performance or cancelation of contracts with us, as well as for a longer period in the case of an existing legal dispute in regards to the contract itself;
2. Personal data, processed in the aim for the creation of accounting or financial documents for the purposes of tax and social security control, such as invoices, debit notices, credit notices, protocols or contracts are stored for at least 11 years after the limitation period for the repayment of claims, unless the applicable legislation does not demand an even longer period;
3. Personal data, processed in the aim of the management of your profile in the Website, is stored until the explicit withdrawal of the agreement or until receiving a complaint for the processing of personal data;
4. Personal data, processed to be used in direct marketing, is stored until the explicit withdrawal of the given permission for direct marketing or until receiving a complaint for the processing of personal data;
5. Data from video footage of CCTV security cameras is stored for 30 (thirty) days after the creation of said footage.
You rights in regards to the processing of your personal data
1.General Terms
In regards to the processing of personal data, you have the following rights, which you are free to exercise at any moment, while we store or process your personal data, by sending a request to the address of Delicatessen, as stated above, or by sending an email info@delicatessen.bg.
You have the right to request Delicatessen to:
• Send you a copy of your personal data at any time;
• Correct without unnecessary delay incorrect or inaccurate personal data, as well as data that is outdated;
• Send you your personal data in a format that is convenient for other administrators to handle (right to transferability);
• Delete your personal data without unnecessary delay in the case of a legal reason to do so;
• Limit the processing of your personal data, in which case your personal data will only be stored and not processed. Our denial for this request can be explicitly stated in writing and we are necessary to have legal grounds to deny the request.
You also can:
• Withdraw your agreement to personal data processing with a request send to Delicatessen;
• Deny the processing of your personal data;
• Deny automated profiling and data processing;
• Request not to be an object of decision based solely on automatic processing and profiling;
2. You have the right to complain to the relevant oversight authorities
You can send complaints directly to the relevant authorities, which in this case is the
Commission for personal data protection, Address: Sofia 1592, 2 Prof. Cvetan Lazarov Boulevard (www.cpdp.bg)
In the case that you want to lodge a complaint in regards to the processing of your personal data, you can do so at this address.
3. Automated decision making
The Administrator does not use your personal data for automated decision making. In the case that we want to use automated decision making, you have the right to be informed about that as well as to receive information about the decision making logic used to process your personal data.
4. Denial of direct marketing
You have the right to deny the processing of your date for future purposes of direct marketing or advertising, as well as deny their transfer to third parties and deny third parties the right to use your data for direct marketing or advertising. To do so, you can send an electronic message detailing your specific request about our use of your data for direct marketing or advertising at info@delicatessen.bg
5. Can you deny giving your personal data to Delicatessen and what are the consequences of this?
For us to sign a contract with you and to provide you with our services in accordance to our legal and contractual obligations, Delicatessen needs some personal data, which allow for the identification of the contract holder, as well as contact and payment information.
Your denial to provide such data prevents us from being able to sign any contracts.
How we protect your data
Delicatessen employs organization, physical, technological, and other necessary measures to guarantee the security and protection of your personal data and also monitors the processing of said data. Along with others, these measures include the following:
– Delicatessen has established certain procedures in the processing, registry, and storage of your personal data with internal protocols, the compliance with which is monitored constantly;
– The access that Delicatessen employees have to your personal data and the permissions they have to process your personal data is limited, in accordance to the employees role and obligations;
– Delicatessen has established obligations for their employees in regards to privacy;
– Access to office equipment and computers of Delicatessen is limited;
– We apply all necessary organizational and technical measures, as described in the GDPR, as well as best practices as outlined in international standards;
– In the pursuit of maximum security in processing, transferring, and storing of your data, we may use additional security measures such as encryption, anonymization, and others. The security measures we take are subject to constant improvement and adaptation to the newest technologies.
Connections to other websites
Sometimes the Website can contain connections/references (hyperlinks) to other websites. We do not operate the connected websites and do not monitor the content, services, and products of said websites. We advise you to use the connected websites carefully and with the necessary attention to their contents and terms of use. Delicatessen does not take responsibility for the privacy policies or the contents of such websites and we advise you to familiarize yourself with their privacy policies. Despite this, whenever Delicatessen receives information about illegal activities or illegal information in such websites, we will take immediate measures to remove the electronic references (links) to them.
Privacy Policy in regards to Cookies
For www.delicatessen.bg to be able to function as intended and to be able to personalize your visits, we sometimes save small files called “Cookies” on your device. This is considered standard practice and is common across almost all websites on the internet. The following document explains how we handle this. To familiarize with our Cookie Policy, please visit www.delicatessen.bg/en/cookies
Personal data of children
We do not intentionally collect data of children under 14 years of age. If find out that we have collected the personal data of a child under 14 years of age, we will take the necessary actions to remove the information as soon as possible.
Changes in the Privacy Policy
It is possible for us to periodically update our Privacy Policy. In changes of the current policy, there will be a message published on the Website along the new Privacy Policy. All changes and additions to the Privacy Policies will be applied only after the publication of its updated contents on the Website.
The current privacy policy is active as of the 25th of May 2018. For additional information, you can contact us at the address described on the Website.