Information about the personal data controller
“J.B.Creative Studio” LTD, UIC 131445782, is a company registered in the Commercial Register administered by the Registry Agency, with an office and address of management: Sofia, PO Box 1614, Boyana, Blvd. 62A Belovodski Pat Str., Magnolia Building, floor 2, ap. 4; tel: +359 897870562, e-mail: firstname.lastname@example.org.
Collection and use of personal data
We process your personal data on the following reasons:
• The contract concluded between you and us to fulfil our obligations under it;
• Explicit consent from you – the purpose is indicated for each specific case;
• In case of an obligation under the law; In the following paragraphs, you will find detailed information about the processing of your personal data depending on the basis on which we process it
TO CONCLUDE A CONTRACT AND/OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS.
We process your personal data to fulfil the contractual and pre-contractual obligations and to use the rights under the contracts concluded with you.
Purposes of processing:
• confirming your identity;
• management and execution of your request and implementation of a concluded contract;
• preparation of a proposal for ending a contract;
• preparing and sending an invoice for the services you use with us;
• to provide you with the necessary comprehensive service, as well as to collect the amounts due for the services used;
• keeping correspondence in connection with an order, processing requests, reporting problems, etc.
• notice of everything related to the services you use with us;
• customer history analysis;
• identify and/or prevent illegal actions or actions against our terms of service;
Data we process on this basis:
Based on the contract concluded between you and us, we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:
• personal contact details – contact address, email, phone number;
• identification data – three names, unique civil number or personal number of a foreigner, gender, age group, permanent address;
• data on order(s) placed;
• correspondence regarding the overall service – email, letters, information about your requests for troubleshooting, complaints, suggestions, complaints, feedback that we receive from you;
• credit or debit card information, bank account number or other banking and payment information in connection with the payments made;
• credit rating;
• additional information such as:Customer number, code or other identifier created for identification;
1. Customer number, code or other identifier created for identification;
2. IP address when visiting our website;
3. Demographic data;
4. Profile data in social networks;
5. Information from your movements on the site;
The processing of the abovementioned personal data is obligatory for us so that we can conclude the contract with you and fulfil it. Without providing us with the above information, we would not be able to fulfil our contractual obligations.
The personal data we provide to third parties
We provide some of your personal data to third parties with the primary goal to offer you high-quality, agile and comprehensive service. We do not provide your personal data to third parties until we have made sure that all technical and organizational measures have been taken to protect this data and we strive to exercise strict control over the implementation of this purpose. In this case, we’re responsible for the confidentiality and security of your data. We provide personal data to the following categories of recipients (personal data controllers):
• postal operators and courier companies;
• credit agency companies, for initial and ongoing evaluation;
• people who, on assignment, maintain equipment, software and hardware used for personal data processing and necessary for the company’s activity;
• people who are performing consulting services in various fields;
When we delete data collected on this basis
We delete the data collected on this basis two years after the termination of the contractual relationship, regardless of whether due to the expiration of the contract, cancellation or other grounds.
FULFILLMENT OF REGULATORY OBLIGATIONS
The law may oblige us to process personal data. In these cases, we are required to perform the processing, such as:
• Obligations under the Anti-Money Laundering Measures Act;
• Fulfilment of duties related to distance selling, off-site sales, provided for in the Consumer Protection Act;
• Providing information to the Commission for Consumer Protection or third parties presented in the Consumer Protection Act;
• Providing information to the Commission for Personal Data Protection regarding obligations provided for in the legislation for personal data protection;
• Obligations provided for in the Accounting Act and the Tax and Social Insurance Procedure Code and other related normative acts regarding the maintenance of lawful accounting;
• Providing information to the court and third parties, in the framework of proceedings before a court, following the requirements of the regulations applicable to the proceedings;
• Age verification when shopping online;
When we delete personal data collected on this basis
We deleted the data collected under an obligation provided by law after the responsibility for collection and storage is fulfilled or ceases to exist. For example: under the Accounting Act for storage and processing of accounting data (11 years); obligations to provide information to the court, competent state authorities, etc. grounds provided for in the current legislation (5 years);
Providing data to third parties
When there is an obligation for us by law, we can provide your personal data to the competent state body, natural or legal person.
WITH YOUR CONSENT
We process your personal data on this basis only after your explicit, unambiguous and voluntary consent. We will not foresee any adverse consequences for you if you refuse to process personal data.
Consent is a separate basis for the processing of your personal data, and the purpose of the processing is stated in it and is not covered by the purposes listed in this policy. If you give us the explicit consent and until its withdrawal or termination of any contractual relationship with you, we prepare suitable offers for products/services, performing detailed analyzes of your primary personal data;
Detailed analysis is a method of analysis that allows the processing of a large amount of data using statistical models, algorithms, etc. that involve personal data usage, as well as processes of pseudonymization and anonymization of the same, to extract information about trends and various statistical indicators.
Data we process on this basis
On this basis, we only process data for which you have given us your clear consent. The specific data are determined for each individual case. Usually, this information presents the user’s email, name, phone and address.
Providing data to third parties
On this basis, we may provide your data to a Digital Marketing Partner Agency.
Withdrawal of consent
Concessions granted may be withdrawn at any time. Withdrawal of consent does not affect the performance of the contractual obligations. Suppose you withdraw your consent to the processing of personal data in any or all of the ways described above. In that case, we will not use your personal information for the purposes presented above. Withdrawal of consent shall not affect the lawfulness of the processing based on consent before its withdrawal. To withdraw your permission, you only need to use our site or just our contact details.
When we delete personal data collected on this basis
The data collected on this basis are stored for a period not longer than 12 months, according to the demands of the Commission for Personal Data Protection.
PROCESSING OF ANONYMIZED DATA
We process your data for static purposes, i.e. for analyzes in which the results are summarized, and therefore the data is anonymous. It is not possible to identify a specific person from this information.
Your data can also be anonymized. Anonymization is an alternative to deleting data. Upon anonymization, all personally identifiable details/details that allow your identification is permanently deleted. There is no legal obligation for anonymized data to be removed, as they do not represent personal data.
Why and how we use automated algorithms
For the processing of your personal data, we use partially automated algorithms and methods to continuously improve our products and services in order to adapt your needs in the best possible way. This process is called profiling.
How we protect your sensitive data
To ensure adequate data protection of the company and its customers, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.
The company has established rules to prevent abuse and security breaches.
To ensure maximum security in the processing, transmission and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.
Personal data we have received from third parties
We receive personal data from the following 3rd parties: Digital Marketing Partner Agency.
Each user of the site enjoys all rights to personal data protection under Bulgarian law and European Union law.
The user can exercise their rights through the contact form or by sending an email.
Each user has the right to:
• Be informed about the processing of his personal data by the Administrator;
• Access to his/her personal data;
• Revision (if the data is inaccurate);
• Removal of personal data (right to be “forgotten”);
• Processing restriction by the controller or the processor of personal data;
• The portability of personal data between individual administrators;
• Objection to the processing of his/her personal data;
• The data subject has the right not to be the point of a decision based solely on automated processing, including profiling, which has legal consequences for the data subject or similarly affects him significantly;
• To judicial or administrative protection in case the data subject’s rights have been violated.
The user may request deletion if one of the following conditions is present:
• Personal data is no longer needed for the purposes for which it was collected or otherwise processed;
• The user withdraws his consent on which the data processing is based, and there is no other legal basis for the processing;
• The data user objects to the processing, and there are no legal grounds for the processing to take precedence;
• Personal data has been processed illegally;
• Personal data must be deleted to comply with a legal obligation under Union law or the law of a Member State that applies to the controller;
• Personal data has been collected in relation to the requirement of information society services to children, and the consent has been given by the parent responsible for the child.
The user has the right to restrict the processing of his/her data by the Administrator when:
• Doubt the accuracy of personal data. In this case, the restriction of processing is for a period that allows the controller to verify the accuracy of personal data;
• The processing is illegal; however, the user does not want his/her personal data to be erased but instead requires restricting their use;
• The Administrator no longer needs the personal data for processing, but the user wants them for the verification, exercise or protection of legal claims;
• Object to the processing pending verification of whether the legal grounds of the Administrator take precedence over the interests of the user;
Right of portability
The data subject has the right to receive the personal data concerning him/her and which he/she has provided to the controller, in a structured, widely used and machine-readable format and has the right to transfer this data to another controller without hindrance from the controller. Data are provided when the processing lies on consent or a contractual obligation, and the processing is carried out in an automated manner. When exercising its right to data portability, the data subject shall also be entitled to receive a direct transfer of personal data from one controller to another where this is technically feasible.
Right to object
Users have the right to object to the controller against the processing of their personal data. The controller of personal data shall be obliged to terminate the processing unless he proves that there are compelling legal grounds for the processing, which take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or protection of legal claims. In the event of an objection to the processing of personal data for direct marketing, the processing should be immediately cancelled.
Complaint to the supervisory authority
Each user has the right to file a complaint against illegal processing of his/her sensitive data to the Commission for Personal Data Protection or the competent court.
Maintaining a register
We maintain a register of the processing activities for which we are responsible. This register contains all the following information:
• The name and contact details of the Administrator;
• The purposes of the processing;
• Description of the categories of data subjects and the categories of personal data;
• The categories of recipients to whom the personal data are or will be disclosed;
• Including recipients in third countries or international organizations;
• Where possible, the deadlines for deleting the different categories of data;
• Where possible, a general description of the technical and organizational security measures;