Privacy Policy

‍Information about the Controller who processes and stores your data:

‍

Information about the Administrator:

Name:COVENT - CLIMA LTD

EIK/BULSTAT:102687052

Headquarters and address of management:gr. Burgas, Zh.k. Vazrazhdane, bl. 4, ch. B, et al. 7

Address for correspondence:gr. Burgas, Zh.k. Vazrazhdane, bl. 4, ch. B, et al. 7

Email: office@kovent-klima.com

Website: https://www.kovent-klima.com/

‍

Information on the competent supervisory authority for personal data protection:

Name:Commission for Personal Data Protection

Headquarters and address of management: gr. Sofia 1592, blvd. “Prof. Tsvetan Lazarov” № 2

Address for correspondence: gr. Sofia 1592, blvd. “Prof. Tsvetan Lazarov” № 2

Phone: 02 915 3 518

Website: www.cpdp.bg

‍

Concepts used

• “Personal data”- any information relating to an identified or identifiable living natural person. Separate data which, when combined together, can lead to the identification of a specific person, also constitute personal data. For example, such are: first and last name, home address, email address, identity card number, location data, Internet Protocol (IP) address.
• “Website” -a specific location on the global Internet network accessible through its unified address (URL) over HTTP, HTTPS or other standardized protocol and containing files, programs, text, sound, picture, image, or other materials and resources
• “Processing” - any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or other means by which the data becomes available, arrangement or combination, restriction, deletion or destruction.
•  “Administrator” - a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for its designation may be laid down in Union law or in the law of a Member State.

Grounds for collecting your personal data by the Controller.

Art.1. After receiving your consent and in connection with compliance with a legal obligation, the Controller collects and processes your personal data in connection with the use on the basis of Art. 6 para. 1, Regulation (EU) 2016/679 (GDPR) and more specifically:

to the following:

• Explicitly obtained consent from you as a customer
• Compliance with a legal obligation that applies to the Controller
• For the purposes of the legitimate interest of the Administrator

Purposes and principles for the collection, processing and storage of your personal data.

Art. 2 (1)We collect and process the personal data that you provide us in connection with the use of an online store for the following purposes:

• Accounting purposes;
• Statistical purposes;
• Protection of information security;

(2)We adhere to the following principles when processing your personal data:

1. Principle of legality, good faith and transparency - the collection, processing and storage of personal data is carried out in accordance with the regulations. Prior to the collection of personal data, the subject is provided with information about the purposes for which the personal data are collected/processed/stored.
2. Limitation of the purposes of processing- the collection and processing of personal data is expressed in the collection of data in the minimum volume necessary to fulfill the purposes for which they are collected.
3. Accuracy and timeliness of data- the data are processed and stored with due regard for their accuracy and ensuring their timely maintenance in an up-to-date form, and if necessary, delete and/or correct inaccurate personal data in a timely manner;
4. Integrity and confidentiality of processing and ensuring an appropriate level of security of personal data- the use of only such technical means of protection or the application of other appropriate measures which ensure that only personal data necessary for each specific purpose are processed and the data are kept for the minimum period strictly necessary to achieve the purpose.

(3)The controller does not collect or process personal data relating to the following:

1. Racial or ethnic origin;
2. Political, religious and philosophical beliefs, or membership in trade union, political or non-governmental organizations;
3. Genetic and biometric data, health data or data on sex life or sexual orientation.

(4) Personal data are collected by the Administrator from the persons to whom they relate.

(5) The Company does not collect data on persons under 16 years of age, except with the express consent of their parent or legal representative.

(6) The controller processes the following categories of personal data and information in connection with the purposes and grounds listed below.

Personal data that is collected, processed and stored and the period of their storage.

Art. 3 (1)We collect the following personal data from you: e-mail:

Purpose for which the data is collected:

• Sending information with current news and/or promotional terms for services and/or products provided by the Administrator, incl. responses to a message received through the contact form.

Legal basis - Art. 6 para. 1, b. (b) GDPR

(2) The content received from users who have provided their personal data on the basis of paragraph 1 may not be sent more often than once a week by the Administrator.

(3)Customer data and documents on transactions and operations performed, as well as documents related to the establishment and maintenance of commercial or professional relations are stored for a period of 5 years.

(4)The administrator stores your personal data that he has collected only for the period necessary to achieve the purposes specified in this Policy, as well as when by law he has the right or obligation to store them for a longer period. Various factors determine the duration of the storage period, such as: the duration of the provision of services, if necessary in order to establish, exercise or defend our legal claims, or whether we have a legal obligation to store the data. The deadlines are as follows:

— up to 2 years for personal data shared by users in the online store, in the presence of explicit consent for sharing the relevant data by the user

- 5 years upon expiry of the limitation periods for making claims specified in the Law on Obligations and Contracts;

— 10 years under the Accounting Act for storage and processing of accounting data;

— 5 years of obligations to provide information to the court, competent state authorities and other grounds provided for in the current legislation;

- Customer data and documents on transactions and operations performed, as well as documents related to the establishment and maintenance of commercial or professional relations are stored for a period of 5 years (Art. 171, para. 1 of the GDPR).

Rights of Users.

Art. 4Right of access to personal information — Users have the right to receive a copy of the personal information we hold about them, as well as information about how we use it. Any user can exercise this right by sending his request in free text, by email to the Administrator.

Art. 5 (1)Right to rectification of personal information — Users have the right to ask us to correct the personal information we hold about them if it is inaccurate or incomplete.

(2)The right of the user to correct his personal information can be exercised by means of an e-mail notification addressed to the Controller and it should correspond to the following content:

• Associated email;
• Data that you wish to be corrected;
• The data you wish to include for the purpose of the required correction;

Art. 6 (1)Right to erasure of personal information - sometimes called “the right to be forgotten”. This right enables Users to request that their personal information be deleted or removed from our systems and records. However, this right applies only in certain circumstances.

(2) The User's right to request deletion of personal information may be exercised by sending the following required content to the email address for contacting the Controller:

• The data that you wish to be deleted;

Art. 7 (1)Right to restrict the processing of personal information - Users can request that we stop the use of their personal information. However, this right applies only in certain circumstances.

(2)This right shall apply in the event that:

1. Challenge the accuracy of the personal data, for a period that allows the Administrator to verify the accuracy of the personal data;
2. the processing is unlawful, but you do not want the personal data to be deleted, only their use to be restricted;
3. The controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defense of your legal claims;
4. You have objected to the processing pending verification whether the legitimate grounds of the Controller override your interests.

Art. 8 (1)Right to data portability - allows you to receive your personal information in a format that allows you to transfer this personal information to another organization.

(2)In order to exercise the right of portability, you should send a list of the data you wish to exercise to the specified e-mail address for contacting the Controller.

Art. 9Right to object to the processing of personal information - You can object at any time to the processing of personal data by the Controller that relate to him, including if they are processed for direct marketing purposes.

Art. 10 (1)Right to withdraw consent to the processing of personal information — only applies where we process personal information based on your consent. If you do not want all or part of your personal data to continue to be processed by the Company for specific or all processing purposes, you can withdraw your consent to processing at any time.

(2)The controller may ask you to verify your identity and identity with the data subject.

(3)By withdrawing consent to the processing of personal data, you will again be able to review the information available on the website.

(4)You can withdraw your consent to the processing of your personal data for direct marketing purposes at any time.

(5)The withdrawal of consent does not affect the lawfulness of the processing of personal data that the Controller has carried out up to this point.

(6)In order to exercise the right to withdraw consent to the processing of personal information, you should address your request by sending a text in which you expressly declare your desire to do so.

Persons to whom your personal data is provided

Art. 11 (1) In connection with the fulfillment of its legal obligations, the maintenance of the website and professional performance of the services offered, the Administrator may, without requesting the express additional consent of the respective user, provide personal data to its employees, as well as to other legal entities that are related persons within the meaning of the Commercial Law. As well as to: National Revenue Agency, State Agency national security, freight forwarders, accounting firms, law firms that assist in the implementation of our activity and commercial companies that maintain the online store and information security of IT systems.

(2)The controller provides personal data to other third parties if he is obliged to do so by virtue of an applicable law, court order, subpoena or government act.

(3) The controller may provide personal data if it considers this action to be necessary for the protection of legal rights, protection of your safety or that of others, as well as as as part of criminal or other legal investigation or proceedings in the Republic of Bulgaria or abroad.

Art. 12When transferring personal data to a third party, the company shall implement appropriate technical and organisational measures to ensure the rights of users and the protection of personal data. The controller shall select only third parties who have taken the necessary safeguards to protect the personal data provided to them and, in view of the existing risks, ensure an appropriate level of security, including where appropriate:

• pseudonymisation and encryption of personal data;
• the ability to ensure the continued confidentiality, integrity, availability and sustainability of processing systems and services;
• the ability to promptly restore the availability and access to personal data in the event of a physical or technical incident;
• a process of regularly testing, evaluating and evaluating the effectiveness of technical and organisational measures with a view to ensuring the security of processing.

Art. 13 (1) The controller does not transfer personal data provided to him by data subjects to third countries outside the European Union. If such a transfer is necessary, the Controller will notify the data subject in advance in writing of this and of the reason for the transfer.

(2) It is possible to provide analytical data to third parties based on the use of cookies. If you would like to know more about the cookies we use, please visit Cookie Policy.

(3) As a general rule, your personal data is stored and processed throughout the European Union and the European Economic Area (EEA). In the event that your personal data is transferred outside the European Union or the EEA, the transfer will take place subject to any of the following guarantees:

1. Binding corporate rules by the relevant supervisory authority;
2. On the basis of standard contractual terms and conditions adopted by the European Commission;
3. An approved code of conduct or certification mechanism in the presence of legally binding and enforceable obligations of the processing third party.

(4)If we determine that one of these measures is not sufficient to provide an adequate level of protection, on a case-by-case basis, we will adopt additional technical and/or organizational security measures in accordance with the recommendations of the European Commission. You can contact us at any time using the contact details listed above to learn more about the countries to which we transfer your data, as well as the safeguards we have put in place with respect to such transfers.

Art. 14 (1)The Administrator reserves the right to change and update the Privacy Policy, and users are informed about the changes by means of a message on the website.

(2) The Parties agree that any additions and amendments to this document will have effect against the User after their publication on the Administrator's website and if the User does not declare within 14 days of their publication that they reject them,

Art. 15 In the event of a violation of your rights under the aforementioned or applicable data protection legislation, you have the right to lodge a complaint with the Commission for Personal Data Protection as follows:

Name

Commission for Personal Data Protection

Headquarters and address of management

gr. Sofia 1592, blvd. “Prof. Tsvetan Lazarov” № 2

Telefon

02 915 3 518

E-Mail

kzld@cpdp.bg

Website

www.cpdp.bg

This Privacy Policy was adopted on 20.11.2023.