PRIVACY POLICY

(IN EFFECT SINCE 07.01.2022)

SCOPE AND APPLICATION

“AAT Consulting” EOOD., hereinafter referred to as “we”, “our” or “us”, with UIC 208069566, with headquarters and address of management: ul. “Orel” No 9, apt. 3, Hladilnika, Sofia, P.O. Code 1407, as a personal data administrator, hereby informs you that this General Data Protection Policy (“General Policy”) aims to inform you about:

  1. The categories of personal data we collect and process:
    1. when you register on or use www.antoanetadimova.bg website and the trading platform or online service that links to this Privacy Policy (collectively, the “Services”);
    2. when you contact us (including through any of our website and platform) or ask us to provide you with information about the services we offer;
    3. in the performance of work that you have assigned to us, including in the provision of services that we offer;
  2. The sources and ways in which we collect and protect the personal data we process.
  3. The purposes for which we process personal data and the legal basis for their processing.
  4. The collection and processing of personal data relating to children.
  5. In which cases we share your personal data with others.
  6. For how long we keep your personal data and when we will delete it.
  7. Your rights in relation to the processing of your personal data.
  8. Protection of your personal data.
  9. How to contact us for questions related to the processing of your personal data.

This privacy policy applies in all cases where we process personal data.

We may periodically update this General Data Protection Policy. In these cases, we will post a notice of this on our website, as well as the updated version of the policy.

If you have any questions related to this General Policy, do not hesitate to contact us in any of the ways described at the end of this document.

For the purposes of this General Policy:

“Personal data” means any information relating to an identified natural person or an identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, identification number, location data, online identifier or by one or more attributes, specific to the physical, physiological, genetic, mental, mental, economic, cultural or social identity of that natural person.

‘Sensitive personal data’ includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the sole purpose of identifying a natural person, health data or data on the sex life or sexual orientation of the natural person.

We do not process sensitive personal data unless this is necessary for the fulfillment of our statutory obligations, e.g. our obligations arising from labour or anti-discrimination legislation. We ask you not to send or otherwise provide us with sensitive personal data relating to you (or anyone else) unless we have explicitly and in writing requested this data from you and after we have confirmed to you that we have the necessary consents to do so and that all other legal requirements for data processing have been met.

Data that cannot be associated with or associated with a specific natural person is not “personal data”.

CATEGORIES OF PERSONAL DATA THAT WE PROCESS

The personal data we process include:

Basic information, such as your name (including a prefix).

Contact information, such as postal address, email address, telephone number, fax number, and Skype name.

Financial information, such as your credit/debit card number or bank account in connection with a specific transaction or series of related transactions.

Technical information, such as data that is generated as a result of the use of our website or an application integrated into it (application, plugin, etc.), as well as information related to materials and communications that we receive from you or send to you electronically.

Information related to business meetings, such as information you provide to us in connection with your participation in business seminars, conferences and other similar events of a commercial nature organized by us or by any of our affiliated businesses.

Other personal data that you have provided to us or that is provided to us on your behalf, or that is generated in connection with the preparation and execution of the order you have assigned to us, such as order or payment history.

SOURCES AND METHODS OF COLLECTION OF PERSONAL DATA

Personal data you provide to us directly

Some of the personal data we collect and process is provided to us directly by you (e.g. when you register on or use our website, our platform or contact us by phone or online in order to obtain information about the services we offer or the status of your order fulfillment).

The personal data you provide directly to us includes, in particular:

  1. Identification data, such as your name, date of birth, permanent address, correspondence address, telephone number and e-mail address, password and username, in cases where you register your own user account on the website or platform we maintain;
  2. In some cases, the personal data you provide to us may include age and gender.
  3. Personal data contained in an electronic communication you have sent to us, such as. the data contained in an email message addressed to us or our employee or sales representative;
  4. Data created by you in the context of the assignment and execution of orders that you have made using a website operated by us or otherwise, such as order history, including data on the date of award and/or acceptance of orders and their execution status;
  5. Financial information, such as your debit or credit card number or bank account in connection with the execution of a specific financial transaction or series of similar transactions.
  6. Personal data that you generate or that is linked to your profile on the website or platform, such as data you enter when updating your customer profile or product information that you have added to your cart or wishlist.
  7. Data that you generate when you use a particular social plug-in, such as the Facebook “like” or “follow” plug-in, to express your attitude towards certain material or content that we have posted on the website, platform or social media page we maintain.
  8. Other data that you have provided to us at our request, where we are required or entitled by law to collect this data for the purpose of identifying you or confirming information we have received.

Personal data we collect automatically

Some of the personal data we process is collected by us automatically when you register or use the website and platform to contact us or to place an order. This information is provided by the devices (e.g. your personal or work computer, smartphone or tablet, etc.) that you use to visit our website and platform or our social media page, such as a device ID or unique identifier, related to the device or browser you are using, location data, the type of device or the browser you are using.

We collect data about your interaction with the website, platform and social media pages you use, such as location information and IP address.

We do not carry out automated decision-making, including profiling, as a result of automated processing of personal data.

Personal data we collect from other sources

Personal data provided by third parties includes the data contained in your public social media profile, which we access when you choose to log in to your user profile using your social media account, such as Facebook or Google. Please note that much of the data you have posted on your social media profiles, such as your public profile, location or location data, language, public postings and comments, is publicly available, which entails certain responsibilities and risks to your privacy. You control what data is shared with us through the settings of the website of the respective social network, as well as the consents you provide to us in connection with the processing of your data stored by the social media sites.

THE PURPOSES FOR WHICH WE PROCESS PERSONAL DATA AND THE LEGAL BASIS FOR PROCESSING IT

We collect, store and otherwise process personal data to the extent that this is not contrary to the law and in accordance with our own privacy policies. We process personal data for various business purposes, and this processing is carried out on different legal grounds. According to the law, we must have a legal basis in order to process your personal data. Depending on the basis on which we process your personal data, you have certain rights. More information about your rights can be found in Section IX.

In particular, we process the personal data collected by us on the legal grounds set out below for one or some of the following purposes:

We may collect and process your personal data for the purposes of concluding and performing a contract with you.

The main purposes for which we process personal data on this basis are:

  • identification of the client who wishes to order or has ordered services offered by us;
  • establishing the legal possibility of concluding a contract, as well as additional requirements for the validity of the contract, such as the existence of consents from third parties;
  • preparation and communication of proposals for the conclusion and amendment of contracts and draft contracts, including contracts concluded at a distance;
  • providing additional information and explanations about the characteristics and how we use the products and services we offer.
  • execution of a service order made by the user;
  • preparation of invoices, invoices, credit/debit notes and records of sales or services made by us;
  • tracking of payments made on orders placed;
  • providing oral and written technical advice and information, including advice on the optimal and safe use of the products and services we offer;
  • sending messages, newsletters and notifications for the withdrawal of certain products from the market;
  • consideration and analysis of complaints and signals related to our products and services, as well as taking the necessary measures to eliminate the problems that have arisen in the performance of contracts concluded by us or the use of products and services supplied by us;
  • detection and prevention of unlawful actions taken by a user, including actions contrary to a legally valid contract concluded by us;
  • preventing unauthorized disclosure, use, modification or destruction of confidential information or other information protected by law;
  • ensuring the normal functioning of the online stores operated by us and other similar channels for sale and distribution of our products and services;
  • registering customer profiles on the websites we maintain and operate;

We process your personal data in order to fulfill regulatory obligations that we have under the legislation of the European Union and EU member states.

In particular, we process personal data in fulfillment of our legal obligations arising from the fact that we are a Service Provider. In this regard, we process personal data in order to fulfill our specific obligations arising from or related to:

  • the sale (including remote sale) of consumer services within the meaning of the Consumer Protection Act;
  • the identification of consumers, when this is necessary for the fulfillment of our obligations under the Measures Against Money Laundering Act or the Measures against the Financing of Terrorism Act;
  • the lawful accounting of the business operations in which we participate, including the taxation of the supplies of services performed by us;
  • our obligation to cooperate with the competent authorities in the course of their inspections, audits and inspections, as well as in all other cases in which these authorities exercise their control powers on a legal basis;
  • our participation in legal proceedings and related procedures in our capacity as a party or as a third party obliged party, such as our obligation to provide data and information relevant to the resolution of a specific litigation.

We may collect and process your personal data with your consent

In certain cases, after obtaining your consent for a certain way of processing your personal data, we may use this data:

  • For the purposes of direct marketing of products and services offered by us or by persons affiliated with us, which may be marketed in the form of telephone calls, letters or short text messages or emails. For example, if you subscribe to our newsletter or wish to receive promotional offers, we may ask you to provide data, such as your name, telephone number, email address, as well as other relevant information. If you do not wish to receive any further promotional and marketing communications from us, you may notify us at any time or simply follow the “unsubscribe” instructions contained in the communications and messages sent to you. We take measures to limit the marketing content we send to a reasonable and proportionate amount by sending you only such content that we believe may be of interest to you or that could be relevant to you based on the information we have.
  • to fulfill specific obligations towards you that arise from law or contract, insofar as the processing of relevant personal data (e.g. health information or other sensitive personal data) is not prohibited by law.

You have the right to withdraw your consent to the processing of your personal data at any time. More information about this right can be found below.

We may process your personal data where we have a legitimate interest in doing so, such as our legitimate interest:

  • to constantly and continuously improve and develop the products and services we offer, including their functionalities, design and/or content;
  • to promote and monitor the introduction and implementation of improved and/or innovative measures for the safe use of the products and services offered by us or by persons related to us;
  • to monitor and analyze our performance on the relevant market;
  • to personalize the products and services we provide to you in order to increase your overall satisfaction with them and your communication with us;
  • to monitor the technical condition of our information systems and resources, including our e-shops and other websites, as well as to eliminate problems related to their proper functioning or to their security and integrity;

COLLECTION AND PROCESSING OF PERSONAL DATA RELATING TO CHILDREN

We understand the importance of taking additional measures to protect the personal data of children who use our products and services, including the websites operated by us. We do not collect personal data from children under the age of 16 or data relating to children under 16 years of age without parental consent or, if applicable, without the consent of another person who may by law consent to the processing of a child’s personal data (e.g. a child’s guardian).

We do not allow children under the age of 16 to create their own customer profiles on the websites we operate or otherwise provide us with their personal data.

If we become aware that we have collected or process personal data of a child without the parental consent required by law, we will take steps to destroy that information without undue delay.

CASES IN WHICH WE SHARE YOUR DATA WITH THIRD PARTIES

To data processors on behalf of the Company

We may outsource the processing of your personal data to third party subcontractors who assist us in the processing of this data. These third parties process your data on our behalf and in accordance with our instructions for all or some of the purposes set out in this policy. We do not allow third party subcontractors to use your personal data for their own purposes, including for direct marketing purposes.

We require all third parties who process your personal data on our behalf to process this data in accordance with the law, as well as to ensure their security, including by taking the necessary technical and organizational measures to protect personal data. The categories of recipients who process personal data on our behalf are:

  1. accounting and auditing companies that process personal data for the purposes of accounting and auditing our financial statements, as well as for the fulfillment of our regulatory obligations in the field of labor, tax and social security legislation;
  2. persons who provide information society services, including hosting services, and/or information and technical services related to the maintenance, security and development of our information and communication infrastructure and resources;
  3. licensed payment service providers for the purpose of processing payments from/to you;
  4. security companies holding a license to carry out private security activities for the purpose of ensuring security and access control in the buildings and premises that we own or use legally;
  5. To state authorities to which we are required by law to provide your personal data, such as courts or administrative bodies exercising regulatory, supervisory or other similar functions (e.g. the Commission for Consumer Protection, the Commission for Personal Data Protection, the Commission for Protection of Competition and other competent authorities that are legally allowed to collect and process personal data);

To protect our legitimate interests

In certain cases, where this is dictated by our legitimate interests, we may disclose your personal data to third parties, such as:

  1. our legal advisers and legal representatives in connection with obtaining legal advice or preparing and organizing our defense in a current or potential legal dispute, including for the purposes of our participation in mediation or other voluntary dispute resolution procedure.

To persons for whom we have obtained your explicit consent, such as:

  1. businesses that can provide you with information or offers about their own products and services.

HOW LONG DO WE KEEP YOUR PERSONAL DATA AND WHEN WILL WE DELETE IT

We keep your personal data for as long as is necessary or permitted in view of the purposes for which we process it. After the realization of these purposes or after our legitimate interest or legal basis for data processing ceases to exist (e.g. when consent to the processing of certain data is withdrawn), we will delete the personal data without undue delay.

The criteria on the basis of which the retention period of your personal data is determined include: (a) the period during which we maintain a commercial relationship with you and provide our services to you, (b) the data retention periods provided for in the laws applicable to us, and (c) the period for which it is necessary for us to retain the data in connection with our participation and the protection of our rights and legitimate interests in judicial and administrative proceedings and the expiration of the relevant limitation periods.

For example, we will store personal data contained in our accounting records for the time limits provided for in the Accountancy Act.

HOW WE PROTECT YOUR PERSONAL DATA

When processing your personal data, we take the necessary technical and organizational measures to protect this data from unauthorized access, modification or deletion. These measures include:

  • establishing internal policies for the processing of personal data, which aim to prevent unauthorized access to the systems we use and to the premises where we store your personal data;
  • establishing an obligation to respect the confidentiality of our employees, subcontractors and suppliers;
  • assigning the processing of your personal data only to such organizations that process personal data in accordance with the law, ensuring their security, including by taking the necessary technical and organizational measures to protect personal data.

YOUR RIGHTS IN RELATION TO THE PROCESSING OF YOUR PERSONAL DATA

At any time during the period of processing of your personal data by us, you have certain rights as set out below.

You can exercise your rights under this policy and the General Data Protection Regulation by sending an email or letter to our Data Protection Officer, which contains your specific request and which, if possible, is signed by hand or with a qualified electronic signature. If you are unable to sign your request in one of our preferred ways, we may ask you to provide additional information in order to identify you.

We will respond to your request free of charge and without undue delay. In cases where we receive repeated requests from you, we may refuse to act on the request or set a fee (based on the costs we will incur) to be paid for providing the information or communication or taking the requested action, or

RIGHT OF ACCESS AND INFORMATION

You have the right to request and receive:

  • information about the purposes of processing your personal data, what categories of personal data we process and who are the recipients or categories of recipients to whom your personal data is or will be disclosed, as well as any information about the source of your personal data;
  • a copy of your personal data that we process, in electronic or other appropriate form;

RIGHT TO RECTIFICATION AND SUPPLEMENTATION

In case you find that the personal data processed by us is inaccurate and/or incomplete, you can ask us to correct and/or supplement them.

RIGHT TO OBJECT

When we process your personal data based on our legitimate interest, you have the right to object to such processing. We will cease such processing without undue delay and delete your data, unless we provide reasonable reasons for continuing to process your data that override your rights and legitimate interests or the processing of your personal data is necessary for the establishment, exercise or defense of legal claims. In addition, you have the right to object at any time to the processing of your personal data for marketing and advertising purposes. We will terminate such processing without undue delay as soon as we receive your objection.

RIGHT TO RESTRICTION OF PROCESSING

You have the right to ask us to restrict the processing of your personal data in the future when:

  • you believe that the personal data processed by us is inaccurate and you require us to correct them for the time we verify the accuracy of your data and until we make the necessary correction;
  • it is established that for some reason we are processing your personal data unlawfully, but you do not want your data to be deleted, but instead you want us to process some of your data;
  • we no longer need your personal data, but you require us to retain this data for the purpose of exercising rights or defending against third-party claims; or
  • you have objected to the processing of your personal data (where such processing is based on our legitimate interest) if it is necessary to verify whether we have an interest or legal obligation to process your personal data.

RIGHT TO DELETION (“RIGHT TO BE FORGOTTEN”)

You have the right to ask us to delete your personal data, and we are obliged to delete it without undue delay when:

  • the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • You have withdrawn your consent to the processing of the data where the data has been processed on the basis of your consent, and there is no other legal basis for the processing;
  • You have objected to the processing and we have no legitimate grounds for the processing that override your interests, rights and freedoms;
  • Your personal data has been processed unlawfully;
  • Personal data must be deleted in order to comply with our legal obligation;
  • Personal data was collected in connection with the provision of information society services.

In some cases, we will not be able to comply with your request insofar as the processing of your personal data is necessary:

  • on the exercise of the right to freedom of expression and the right to information;
  • to comply with our legal obligation;
  • for the establishment, exercise or defence of legal claims.

RIGHT TO WITHDRAW YOUR CONSENT

In cases where we process your personal data on the basis of your consent, you have the right to withdraw this consent with immediate effect. In this case, we will cease processing your personal data for the future.

PORTABILITY OF YOUR DATA

In cases where we process your personal data on the basis of your consent or for the fulfilment of our contractual obligations towards you, insofar as this does not prejudice the rights and freedoms of others, you have the right to receive the data you have provided to us in a structured, commonly used and machine-readable format or, if technically feasible, to request that we transfer this data to a third party.

RIGHT TO APPEAL

If you believe that we are processing your personal data in violation of applicable law, you have the right to lodge a complaint with a competent authority. You can contact the supervisory authority responsible for your place of residence or your country, or the supervisory authority responsible for us.

The competent authority in the Republic of Bulgaria is the Commission for Personal Data Protection, whose address is: Sofia 1592, blvd. “Prof. 2 Tsvetan Lazarov Str. tel.: 02/915 – 3519 Email: kzld@cpdp.bg

HOW TO CONTACT US

For all questions related to the processing of your personal data or the exercise of your rights, you can contact our Data Protection Officer in one of the following ways:

By e-mail, by sending us an e-mail at info@antoanetadimova.bg or by mail, to the address: ul. “Orel” No 9, apt. 3, Hladilnika, Sofia, P.O. Code 1407.