Security and proper use of personal data is of utmost importance to us. Our privacy policy does not regulate rights and obligations but serves to explain the users what data we use in order to provide our goods and services, why and how do we process it and when is it necessary to disclose it to third parties. The policy also serves to inform about the rights that users have concerning the processing of personal data done by „Shterev Consult“ EOOD.
To make this document clear and user friendly, we use illustrative examples throughout. These examples are not a part of the Privacy Policy and are not exhaustive.
I. Basic principles in personal data processing
We process personal data in a lawful, well-meaning and transparent manner. The personal data is processed for concrete, explicitly stated and legitimate purposes and is NOT processed for any other reasons. The processed data is appropriate, associated with and limited to what is necessary according to our purposes (“reducing data to the minimum”);
The processed data can be kept up to date by taking all necessary means to guarantee timely deletion or correction of inaccurate personal data considering our purposes (“accuracy”);
The processed data is kept in a state that allows identifying the subject for a period no longer than the necessary (“limited storage”);
The processed data is kept in a state that guarantees a necessary level of security, including protection from unauthorized or illegal processing and from accidental loss, destruction or damage by taking suitable technical and organizational measures (“integrity and confidentiality”).
II. Personal data administrator
The personal data Administrator is „Shterev Consult“ EOOD, VAT number 121133816, with headquarters and registered office 1618 Sofia, ul. Belmeken, bl. 42. If you have questions concerning privacy or security and want to contact our employees, you can do it via this e-mail address: sshterev@consultbg.eu.
This privacy policy can be altered according to the national and the European legislation. All changes take effect the moment they’re published on this page. We advise you to check our website regularly so that you can see the latest changes. The changes can not be made if they imply weaker security of personal data without your agreement.
III. What types of data do we process
We collect personal data so that we can improve our goods and services. Here are the types of information that we need:
1. Information you provide: we receive and keep all information you provide that has to do with „Shterev Consult“ EOOD’s services. For example: information concerning searches you conducted, your client profile, e-mail, phone number, address, inquiries, applications for access to personal information, etc.
2. Automatic information: We automatically receive and store certain types of information when you use the „Shterev Consult“ EOOD site, such as information about your use, including your interaction with the content and services available through the site. Like many websites, we use cookies and other unique identifiers and receive certain types of information when your web browser or device accesses the site. For example: the Internet Protocol (IP) address used to connect your computer or other device to the Internet; e-mail and password; information about your computer, device, and connection information, such as the device type and application or browser type, browser plugins and versions, operating system, or time zone settings; the location of your device or computer; content engagement information such as content downloads, streams, and playback details, including duration and number of concurrent streams and downloads, as well as streaming and download quality; network information, including information about your ISP; Device metrics, such as when a device is used, application usage, connectivity data, and any errors; Site metrics (e.g., technical errors, your interactions with the features and content of the service, preferences for settings and backup information, the location of your app device, information about uploaded images and files (e.g., file name, dates, and the location of your images)), etc.
We may also use device identifiers, cookies, and other technologies on devices, applications, and web pages to collect information about browsing, use, or other technical information for fraud prevention purposes.
3.Information from other sources:We may receive information about you from other sources, such as: delivery information of goods purchased through the site, information on the number of page views.
IV. On what basis do we collect and process your personal data
We collect and process your personal information lawfully and in accordance with this Privacy Policy. We process data only when you have given your explicit consent to the processing of personal data, or the processing is necessary to perform a contract to which you are a party or to take steps on your own initiative before entering into a contract (just using the site, without having to purchase anything, is considered such a step). Data processing is also necessary for the purposes of our legitimate interest, namely: when we can’t offer our services or enter into a contract for trade without processing certain types of data; for improving our website and bringing more value and better services to our customers. For example, collecting site search information is a legitimate interest of ours because it is the basic method of determining the quality of our services and just how much our goods are needed. Because of the above mentioned grounds for collecting and processing personal data, if you consider that you do not wish to provide „Shterev Consult“ EOOD with the personal data necessary to conclude a Purchase and Sale Agreement, it will be effectively impossible for „Shterev Consult“ EOOD to provide you with goods and services.
V. Objectives for personal data processing
We process your personal data in order to provide and improve the goods and services on the site. These objectives include:
- Purchase and delivery of products and services. We use your personal data to accept and handle orders, deliver products and services, make payments and communicate with you about orders, products, services and promotional offers.
- Provide, troubleshoot and improve the services of „Shterev Consult“ EOOD. We use your personal data to provide functionality, analyze performance, correct errors and improve website usability and efficiency.
- Recommendations and personalization. We use your personal information to recommend features, products and services that may be of interest to you, identify your preferences and customize your experience on the site.
- Fulfillment of statutory obligations. In some cases, we have a legal obligation to collect and process your personal information. For example, we process personal data in order to fulfill the obligations arising from accounting and tax law. Also, when a consumer purchases a product from „Shterev Consult“ EOOD under consumer protection law, „Shterev Consult“ EOOD is obliged to provide a guarantee for the product if, at the time of its delivery, it is defective, which manifests itself within two years after making it available to the user. In order to fulfill this obligation, „Shterev Consult“ EOOD should process the basic data of the consumer (by which the right to claim is established), as well as the data for the respective contract (by which it is established whether the commodity is under warranty).
- Communicating with you. We use your personal information to communicate with you regarding the goods and services we provide through various channels (e.g., by phone, email, chat). Fraud and Credit Risk Prevention. We process personal information to prevent and detect fraud and abuse and to protect the security of our customers.
- Objectives for which we seek your consent. We may also request your consent to process your personal data for the specific purpose that we communicate to you. When you agree to process your personal data for a specific purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose. However, if the processing is necessary for other lawful purpose, we can continue to process the data.
VI. Categories of individuals to whom we disclose the user’s personal data
Our customers’ personal data is an important part of our business and we do not sell it to third parties. „Shterev Consult“ EOOD may only share the customer’s personal data (or a portion of it) as described below and with third parties who comply with practices that are at least as protective as those described in this Privacy Policy. „Shterev Consult“ EOOD may share personal information of its clients with third parties who process personal data. Data processors are persons who process personal data on behalf of „Shterev Consult“ EOOD on the basis of a written agreement. They may not process personal data provided to them for purposes other than the performance of the work entrusted to them by „Shterev Consult“ EOOD. Processors are obliged to follow all instructions of „Shterev Consult“ EOOD. „Shterev Consult“ EOOD takes the necessary measures to ensure that the processors involved strictly comply with the data protection legislation and instructions of „Shterev Consult“ EOOD and that they have taken the appropriate technical and organizational measures to protect the personal data.
Examples of personal data processors are:
- Courier service providers;
- Service providers for the deployment and / or maintenance of information systems that sometimes need to access personal data processed in the systems concerning providing the services;
- Law firms, accounting firms or other consultancy providers;
- Hosting Service Providers
„Shterev Consult“ EOOD may share personal information of its clients with banks and payment institutions. For the purpose of servicing the consumers’ payments, whether by bank transfer or through a payment institution, it is necessary to exchange data between „Shterev Consult“ EOOD and the respective bank or payment institution. Third parties that have to do with the transformation (e.g. merger or acquisition) or the transfer of an enterprise. In the case of conversion of „Shterev Consult“ EOOD, as well as in the case of transfer of assets in accordance with the applicable legislation, it is possible that the personal data of the users, administered by „Shterev Consult“ EOOD, may be provided to a third party successor. Authorities. The legislation of the Republic of Bulgaria requires „Shterev Consult“ EOOD to store certain personal data for the users for a fixed period. In the presence of statutory prerequisites, such personal data processed by „Shterev Consult“ EOOD should be made available to the competent authorities.
VII. What methods do we use to protect your personal data
We work diligently to protect the security of your information when transferring it, using a Secure Sockets Layer (SSL) certificate that encrypts the information you enter. In addition, we maintain physical, electronic, and procedural safeguards regarding the collection, storage and disclosure of your personal information. Our security procedures mean that we may sometimes ask for proof of identity before disclosing your personal information. Devices that store your personal data offer security features to help protect them against unauthorized access and data loss. It’s important to protect yourself against unauthorized access to your password and to your computers and devices. Be sure to sign out when you’re done using a shared computer.
VII. How long do we store your personal data
„Shterev Consult“ EOOD stores the personal data of users for as long as is necessary to achieve the goals set out in this Privacy Policy or to comply with the requirements of the law. In order to fulfill our obligations arising from tax and accounting legislation, data about a consumer is stored for a period of 11 years, from the termination of his last contract, insofar as the consumer has no outstanding obligations to „Shterev Consult“ EOOD. After this period has expired, they will be anonymized or deleted, unless: they are necessary for pending court, arbitration, administrative or enforcement proceedings, or in the case of a complaint from the consumer, which should be considered by „Shterev Consult“ EOOD; the user has exercised his right to request a restriction on the processing of personal data concerning him / her; „Shterev Consult“ EOOD endeavors to ensure that the processed personal data of the users is updated (and corrected if necessary) and that no data is stored that is not necessary for achieving the goals described above.
IX. General information on the rights of individuals
„Shterev Consult“ EOOD takes action at the request of an individual to exercise a right under this section only if able to identify the person concerned. Only individuals who can be identified by „Shterev Consult“ EOOD have the opportunity to exercise their rights under this section. If the purposes for which „Shterev Consult“ EOOD processes personal data do not require or no longer require the identification of an individual, „Shterev Consult“ EOOD has no obligation to maintain, obtain or process additional information in order to identify the person for the sole purpose of taking action at the request of that person. „Shterev Consult“ EOOD notifies individuals of the actions taken within one month of receiving a request under this section, in some cases this period may be extended by another two months. „Shterev Consult“ EOOD shall provide individuals with information on actions taken in connection with their claims for the exercise of rights under this section without undue delay and in any event within one month of receipt of the request. If necessary, this period may be extended by another two months, taking into account the complexity and number of requests. „Shterev Consult“ EOOD shall inform the person concerned of any such extension within one month of receipt of the request, indicating the reasons for the delay. In case of refusal to fulfill the request, „Shterev Consult“ EOOD informs the respective individuals about their rights. If „Shterev Consult“ EOOD does not take action at the request of an individual, „Shterev Consult“ EOOD shall notify them (without delay and within one month after receiving the request) for the reasons for not taking action, as well as for the possibility of filing Appeal to the Commission for Personal Data Protection and Legal Prosecution. In certain cases „Shterev Consult“ EOOD may request additional information to verify the identity of individuals. In the event that „Shterev Consult“ EOOD has reasonable concerns about the identity of the individual who requests this section, „Shterev Consult“ EOOD may request the provision of additional information necessary to confirm the identity of the individual.The actions taken by „Shterev Consult“ EOOD for and in connection with claims for the exercise of rights under this section are completely free of charge to the persons, unless their claims are manifestly unfounded or excessive. When the case is such (for example, because of its repetitive nature), „Shterev Consult“ EOOD has the right, at its sole discretion: (a) to refuse to comply with the request; or (b) request payment of a reasonable fee, determined on the basis of the administrative costs necessary to provide the requested information or to take the requested action.
X. Users have the right to access personal data concerning them
Consumers have the right to receive information from „Shterev Consult“ EOOD whether personal data related to them is being processed. If so, users have the right to access the relevant data.Correcting inaccurate or out of date personal dataIf the personal data processed by „Shterev Consult“ EOOD is inaccurate or out of date, users have the right to request that „Shterev Consult“ EOOD corrects them.
XI. Deletiton of personal information (“Right to be forgotten”)
Users have the right to request from „Shterev Consult“ EOOD to delete their personal data in the following cases:
- personal data is no longer needed for the purposes for which it was collected or processed;
- the consumer has withdrawn his consent on which the processing of personal data is based and there is no other legal basis for the processing of the personal data;
- the consumer has objected to the processing of personal data which is based on the legitimate interest of „Shterev Consult“ EOOD, unless there are other legitimate grounds for processing that take precedence over the interests, rights and freedoms of the user, or the processing of data is necessary for the establishment, exercise or defense of legal claims;
- the consumer has objected to the processing of personal data for the purposes of direct marketing and there are no other legitimate grounds for processing that data;
- personal data relating to the respective user wasprocessed illegally;
personal data must be deleted by „Shterev Consult“ EOOD in order to comply with a legal obligation arising from the law of the Republic of Bulgaria or the law of the European Union.
XII. Restrict the processing of my personal data
As of May 25, 2018, users have the right to request from „Shterev Consult“ EOOD to restrict the processing of related personal data in the following cases:
- the accuracy of personal data is challenged by the user for a period that allows „Shterev Consult“ EOOD to verify the accuracy of the personal data;
- the processing is unlawful, but the user does not want the personal data to be erased, but calls for restricting its use instead;
- „Shterev Consult“ EOOD no longer needs personal data for the purposes of processing, but the user requires it for the establishment, exercise or defense of legal claims;
the consumer has objected to the processing of personal data based on the legitimate interest of „Shterev Consult“ EOOD, pending verification that the legitimate grounds of „Shterev Consult“ EOOD have priority over the interests of „Shterev Consult“ EOOD.
XIII. Portability of my personal data
As of May 25, 2018, users have the right to receive from „Shterev Consult“ EOOD the personal data provided by them in a structured, widely used and machine-readable format, as well as to transfer this data to another administrator without hindrance from „Shterev Consult“ EOOD insofar as:
- „Shterev Consult“ EOOD processes this data for the purpose of concluding or executing a contract with the consumer, or on the basis of the consent of the latter; and
- the processing of the relevant data is done in an automated manner.
Users have the right to request „Shterev Consult“ EOOD to transfer their personal data directly to another administrator, when technically feasible.
XIV. Objection to the processing of personal data
Consumers have the right, at any time and on grounds relating to their particular situation, to object to the processing of personal data concerning them when „Shterev Consult“ EOOD processes their data to protect their legitimate interests. In certain cases, this right is unconditional and „Shterev Consult“ EOOD will always suspend the processing of data in case of objection from the users. These are the cases in which „Shterev Consult“ EOOD processes personal data for direct marketing purposes.
In all other cases, depending on the nature of the objection and the circumstances put forward by the relevant consumer, „Shterev Consult“ EOOD will carry out an internal review of the objection and rule on it in accordance with this section, by: (a) informing the consumer that it will suspend the processing of his / her personal data; or (b) reasonably refuses to suspend the processing of his / her personal data, if there are legal grounds for doing so.
You can exercise your right of access to your personal data, correct, delete, restrict their processing and portability here.
XV. Right to complain to a supervisory authority
Consumers have the right to file complaints or alerts to the Commission for Personal Data Protection (CPDP) in the event that they believe „Shterev Consult“ EOOD violates personal data protection legislation. Complaint instructions are published on the CPDP website https://www.cpdp.bg
After 25.05.2018, consumers may also file complaints with other supervisory authorities within the territory of the European Union as provided for in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), or hereinafter referred to as “GDPR”.
XVI. Cookies
What is a cookie
Cookies are usually small text files, given ID tags that are stored on your computer’s browser directory or program data subfolders. Cookies are created when you use your browser to visit a website that uses cookies to keep track of your movements within the site, help you resume where you left off, remember your registered login, theme selection, preferences, and other customization functions.The website stores a corresponding file(with same ID tag)to the one they set in your browser and in this file they can track and keep information on your movements within the site and any information you may have voluntarily given while visiting the website, such as email address.
Cookies are often indispensable for websites that have huge databases, need logins, have customizable themes, other advanced features.
Cookies usually don’t contain much information except for the url of the website that created the cookie, the duration of the cookie’s abilities and effects, and a random number. Due to the little amount of information a cookie contains, it usually cannot be used to reveal your identity or personally identifying information.However, marketing is becoming increasingly sophisticated and cookies in some cases can be agressively used to create a profile of your surfing habits.
What are the types of cookies and what are they used for
1. Session cookies
They are used for example on e-commerce websites so you can continue browsing without losing what you put in your cart. Session cookies also help to improve site load time. They expire when you close your browser.
2. Permanent cookies
They persist even when the browser is closed. They have an expiration date though and by law, you can’t make them last more than 6 months. They’re used to remember your passwords and login info so you don’t have to re-enter them every time. Furthermore, it can be used for personalization and to store the preferences of visitors, such as selected language or currency.
3. Third-party cookies
Cookies attributes usually corresponds to the website domain they are on. Not for third-party cookies, they are installed by third-party websites, such as advertisers. They gather data about your browsing habits, and allow them to track you across multiple websites and they can track you through different websites. Through them it is possible to determine which pages you visit, in what order and how long you stay in them. Most often used to analyze the visits and the interests of consumers on a particular topic.
We use services from the following partners:
Google Analytics
We use the service Google Analytics, property of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA („Google“), through which we collect and process information about your physical location and other technical information about your visit to the Website. The information, collected by Google in relation to the use of the Website includes the Internet Protocol (IP) address, used to connect your computer or device to the Internet, the “clicks” to, through and from our Website (including their date and time), information about the interaction with the Website (like possible views, clicks and mouse movements) Google Analytics uses different technologies to determine the location, including the IP address, GPS and other sensors, which could, for example, supply Google with information about devices in close proximity, Wi-Fi hotspots and charging status. This information will be transferred to a Google server in the USA, where it will be stored and analyzed. The results will be transferred to us in anonymous form. In this process, the data collected from you will not be associated with your full IP address. We have activated the IP Anonymization of Google Analytics, offered by Google on our website, so that the last 8 bits (IPv4) or the last 80 bits (IPv6) of your IP address will be erased. In addition, Google is a certified organization under the EU-U.S. Privacy Shield, which guarantees an adequate level of data protection in the United States. For more information, see the General Conditions and Privacy Policy of Google LLC. Please, consult Google’s page periodically about all changes or updates to these conditions and to the information, gathered through Google Analytics.
How do we use cookies
We offer certain site features, services, applications, and tools that are available only through the use of cookies. You’re always free to block, delete, or disable them if your browser, installed application, or device so permits. However, if you decline cookies or other similar technologies, you may not be able to take advantage of certain site features, services, applications, or tools. You may also be required to re-enter your password more frequently during your browsing session.
What can not cookies do
Cookies are plain text files. They are not compiled so they cannot execute functions or make copies of themselves. They cannot browse through or scan your computer or otherwise snoop on you or dig for private information on your hard disk.
Because cookies are just harmless files, or keys, they cannot look into your computer and find out information about you, your family, or read any material kept on your hard-drive. Cookies simply unlock a computer’s memory and allow a website to recognise users when they return to a site by opening doors to different content or services.
What can I do to manage cookies stored on my computer
Cookies can be disabled or removed by tools that are available in most commercial browsers. The preferences for each browser you use will need to be set separately and different browsers offer different functionality and options. For more information on how you can block, delete, or disable cookies, please review your browser or device settings.
Cookie settings in Internet Explorer
Cookie settings in Firefox
Cookie settings in Chrome
Cookie settings in Safari web and iOS.
If you are most concerned about third-party ad cookies generated by advertisers, you can exclude them from here: Your Online Choices site.
Please remember that if you choose to block or disable cookies, some sections of our site may not work properly.
Last update: 21.01.2020