POLICY FOR PROCESSING AND PROTECTION OF PERSONAL DATA
Effective from: May 20, 2018
Last change: October 16, 2020
1.What is personal data?
Personal data is information that relates an identified or identifiable individual, indirectly meaning that when combined with other information, such as your name, postal address, e-mail address, telephone number, etc. under.
2.How do we process your personal data?
We at Bionox AN LTD. (the site administrator https://imunofan.bg/) will use your personal data only for the purposes of fulfilling the contract for delivery of goods to which you are a party when ordering goods from our site.
We do not collect or process more or other types of personal data than we need to accomplish this purpose.
We will only use personal data as set out in this policy, unless you have given us your explicit consent to another use of your personal data, such as through an explicit statement of consent to send marketing messages.
In case you agree, we will use your personal data for the purposes of direct marketing by sending you promotional offers and messages. We will send you special offers, information surveys and invitations via e-mail, text messages, telephone calls and regular mail only if you expressly agree to this. At any time, by sending a letter to our email, you have the right to opt out of receiving messages and offers.
- What personal data do we process?
In order to fulfill our obligations with you under our contract for the sale and delivery of goods, we will process the following categories of your personal data:
- postal address;
- phone number;
- history of the orders you have ordered, which you can track from your profile on the site if registration is required;
The listed categories of personal data are only those that you provide to us when making a request for delivery of goods from us. We will not ask for other personal data from you fulfilling the contract for the sale and delivery of goods.
We may be required to process and store personal data on legal grounds and to achieve regulatory compliance, such as to prevent, establish or investigate a crime, prevent loss, fraud or other financial misconduct.
- Using the Home page of https://imunofan.bg/:
- “Cookies”: Our Website uses “cookies” and other technologies to improve the user’s performance and the functioning of the Website, usability and security, as well as for the purposes of research related to advertising effectiveness. Please see our “cookie” policy for more details.
- Third Party Websites: For the convenience of our visitors, this portal contains links to various websites that are not linked, controlled or managed by us. The policies and procedures we describe here do not apply to these websites. We are not responsible for the security or protection of any data collected by these third parties. We encourage you to contact these websites directly for information on their data protection policies.
- To whom do we share your personal data?
We will disclose your personal data only for the purposes and only to those third parties listed below – unless we have received additional consent from you to transfer personal data to other categories of third parties given elsewhere, such as by declaration of consent for a specific purpose. We will take appropriate measures to ensure that your personal data is processed, protected and transferred in accordance with applicable law.
- External service providers:
When necessary, we engage other companies and individuals to perform on our behalf certain tasks that complement our services, such as companies that deliver our goods – postal operators, shipping companies, etc. We will share or give access to such information to external service providers only to the extent necessary for the respective purposes. This information may not be used by them for any other purpose, in particular for their own purposes or for the purposes of third parties. External suppliers are obliged by contract with us to respect the confidentiality of your personal data.
- Business transformation of a company and purchase of shares:
In connection with the conversion, restructuring, merger, sale or other transfer of assets, we will transfer information, including personal data, on a reasonable scale to the acquirer of those units or assets, and as necessary for the transfer of ownership, provided that the receiving party has agreed to treat your personal data in a manner that complies with applicable personal data protection legislation.
- Public authorities:
We will disclose your personal data to public authorities when required by law. For example, we will grant requests from courts, administrative and other public state or municipal bodies, which may include similar state or municipal authorities.
We do not transmit your personal data or any information that may concern you outside the territory of the Republic of Bulgaria.
- Processing of personal data of children:
We do not collect or process personal data of children under the age of 18, except with the consent of a parent or guardian in accordance with applicable local law. If we learn that a child’s personal data has been accidentally collected, we will delete the data in question in a timely manner.
- Processing of special categories of personal data (“sensitive” data):
We do not collect or process the so-called special categories of personal data as following: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the sole purpose of identifying an individual, data on the health condition or data on the sexual life or sexual orientation of the individual.
- Security of your data:
We take the security of your personal information seriously. We apply the appropriate level of protection and for this purpose we have developed reasonable physical, electronic and technical procedures to protect the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to transmitted, stored or otherwise processed personal data. Access to your personal data is allowed only to those employees, service providers or related persons on the principle of need for information for official purposes or who need it to perform their official duties. In the event of a leak of data containing personal data, we will follow all applicable notification rules in such cases.
- What are your legal rights?
As a data subject, you have specific legal rights related to the personal data we collect from you. This applies to all processing activities that we carry out and undertake with your personal data and which are listed above. We respect your individual rights and will answer your questions adequately.
The list that follows contains information about your rights arising from the applicable data protection laws:
- Right of correction: You have the right to correct personal data concerning you. We make reasonable efforts to ensure that personal data at our disposal and under our control, which is regularly processed, is accurate, complete, current and relevant, based on the latest information available to us.
- Right of restriction: You have the right to restrict the processing of your personal data if:
- dispute the accuracy of your personal data for the period we need to verify their accuracy,
- the processing is illegal and you request a restriction on the processing instead of deleting your personal data,
- we no longer need your personal data, but you require it for the establishment, practice or protection of rights and legitimate interests, or
- objections to the processing pending verification that our legal grounds take precedence over yours.
- Right of access: You have the right to ask us for information about the personal data we hold about you, including information about what categories of personal data we hold or control, what they are used for, where we obtained them from, if not directly from you, and to whom they were disclosed, if applicable. You have the right to a free copy of the personal data we hold about you. Under current law, we reserve the right to charge a reasonable fee for each additional copy after the first one you may request.
- Right of portability: At your request, we will transfer your personal data to another controller when technically feasible, provided that the processing is based on your consent or contractual obligation. Instead of receiving a copy of your personal information, you may request that we transfer it directly to another administrator you specify.
- Right to delete: You have the right to delete your personal data if:
- personal data are no longer needed for the purposes for which they were collected or otherwise processed;
- you have the right to object to the further processing of your personal data (see below) and practice this right to object to the processing;
- the processing is based on your consent, you withdraw this consent and there is no other legal basis for the processing;
- personal data have been processed illegally;
Unless processing is necessary for the following reasons:
- to comply with a legal obligation that requires processing by us;
- in particular, for archiving purposes in the public interest;
- for the establishment, practice or protection of rights and legitimate interests.
- Right to object: You can object at any time to the processing of your personal data in connection with your specific situation, provided that the processing is not based on your consent, but on our legitimate interests or those of a third party. In such a case, we terminate the processing of your personal data, unless we prove that there are compelling legal grounds that take precedence over your interests, or for the establishment, practice or protection of legal claims. If you object to the processing, please specify whether you wish to delete your personal data or restrict the processing by us.
- Right to lodge a complaint: In the event of an alleged breach of applicable data protection laws, you may lodge a complaint with the Data Protection Supervisor in your country of residence or at the place of the alleged breach. In the Republic of Bulgaria this body is the Commission for Personal Data Protection (CPDP).
Additional information needed to practice your rights:
- Deadline: We will try to comply with your request to practice rights or request information from us concerning your personal data within 30 days, and this period may be extended for specific reasons related to the specific legal right, or due to the complexity of your request.
- Restriction of access: In certain situations, we may not be able to give you access to all or part of your personal data due to legal provisions. If we deny your request for access, we will notify you of the reason for that denial.
- Impossibility of identification: In some cases, we may not be able to verify your personal data based on the identifiers provided in your request. In such cases, when we cannot identify you as a data subject, we do not have the objective opportunity to comply with your request to practice your legal rights as set out in this section, unless you provide us with additional information that would allow us to identify you.
- Practice Your Legal Rights: To practice your legal rights, please contact us at the addresses listed at the end of this policy.
- Storage of your personal data:
In the general case, we will store the personal data that you have provided to us for the purposes of sale and delivery of goods, as long as we need them to perform the delivery, as well as for a longer period, as required by applicable regulations governing the requirements for accounting and control of the company’s cash flows. We keep the history of your purchases on the site for a period of 3 years ago.
- Changes to current policy:
We reserve the right to change our data protection practices and to update and amend this policy at any time. For this reason, we invite you to consult the policy regularly. This data protection policy is current as of the “latest revision” date, which is listed at the top of this page.
- Contact data:
The data of the personal data administrator are: Bionox AN LTD., with VAT number BG202780736, with registered office and address of management: 1504 Sofia, Al. Dondukov 86, entr. A, floor 1, apartment 3, represented by the Manager Nikolay Vasilev.
Please send your inquiries regarding data protection and any requests regarding the practice of your legal rights to the following addresses.
- “Cookie” policy
What are “cookies” and local data storage (“cookies” and similar technologies)?
- “Cookies” are small text files that are downloaded to your computer or mobile device when you access websites. First-party “cookies” are those that are determined by the website you are visiting. Third-party “cookies” are those “cookies” that are used by domains other than the website you are visiting.
- Like “cookies”, local storage technology, if used, allows websites to store information on a computer or mobile device. Local storage is usually permanent, and unlike “cookies”, data in local storage is not automatically transferred to the Internet every time the website that stored is visited.
- How do we use “cookies” and similar technologies?
We use “cookies” and similar technologies on our Website in order to:
- improve the performance of relevant websites and the user experience,
- We measure the exposure of ads and online media by determining when, how often, on which websites certain online ads, media, and other content appear on your device.
Types of “cookies”:
Our website may use the following types of “cookies”:
- Essential “cookies”:
These “cookies” are strictly necessary for the website to perform its functions. We use these “cookies”, for example, in the following cases:
- to establish the authenticity and identity of our users when they use our Site so that we can provide our services;
- so that we can perform our duties and maintain the security of our services.
- Performance and functionality “cookies”:
These “cookies” are not strictly necessary, but allow us to customize your online experience with our websites. We use these “cookies” for example:
- to remember your preferences so that you do not have to enter information that you have already provided each time (for example, when entering your data for access to our services);
- Advertising “cookies”.
We use these “cookies”, such as:
- to obtain information about how you use our websites, such as pages you visit or how you respond to advertisements, to provide you with advertisements that are tailored to you;
- to determine which are the most popular parts of our Sites;
- to monitor the use of our services and our Sites (frequency and time);
- to monitor the success of a product;
- to determine how often you and other users visit our Sites;
Often these “cookies” are intended to provide ads that are tailored to you – both on and off our Sites. This type of advertising is known as “interest-based advertising”. Many of these types of “cookies” belong to our service providers.
- Session “cookies”:
We may also use session “cookies”, for example:
- to allow you to move between the individual pages of our Site without having to log in again. This practice is known as single sign-on;
- to recognize you when you return to our Site to use our services;
- to take the answers to the tests to show your result;
- to keep the answers to a completed questionnaire once (and not have to fill out the questionnaire repeatedly).
- How do we use “cookies”?
We use “cookie” information to make our websites more enjoyable and easy for users to use and to provide you with a personalized experience on our site.
- Third party “cookies”:
We also use certain third-party “cookies” as part of our services. These “cookies” are managed by the respective sites and are not controlled by us. Listed below are the third-party “cookies” we use, some of which can be turned off using the general settings of your browser. For others, you need to visit the relevant sites and follow the instructions provided.
- How to delete “cookies”?
You can choose whether to accept “cookies” or not. If you want to know when your computer receives a “cookie”, you can set your browser to notify you. This allows you to accept or decline a “cookie”. Your computer can be set to reject all “cookies”. If you want to know how to do this, visit aboutcookies.org. Please note that changes to your browser that disable the “cookie” feature will prevent parts of our Sites from functioning properly, including the login and playback features.
- Changes to our “cookie” policy:
Any future changes to our” Cookie” Policy will be posted on this page. All changes take effect immediately, except for existing customers, for whom these changes take effect 30 days after their publication, unless otherwise stated.
- Can website users block “cookies”?
Yes, you can change your browser’s privacy settings to block all “cookies”; however, this can seriously affect the functionality of the website and its use by you, as many websites may not function properly. Your browser may allow you to delete all “cookies” when you close it. However, this option also deletes persistent “cookies”, which can store your preferences and personalized settings on the websites you visit regularly. It is possible to save the “cookies” you want, as your browser may allow you to specify which sites you always allow or which sites you do not allow the use of “cookies”.
- Where can I find more information about cookies?
Detailed information on how organizations use “cookies” can be found at: www.allaboutcookies.org