POLICY FOR PROTECTION OF PERSONAL DATA
This document establishes the rules that “BIONAT” EOOD, UIC 115815816, Bulgaria, Plovdiv, 15 Rogoshko shose applies for the Customers of services it offers, but not limited to:
- Import and distribution of herbal cosmetics;
- Conclusion of contracts for sale and purchase of cosmetic products;
Art. 1. (1) BIONAT collects and processes personal data of the Customers of services pursuant to Art. 4, para. 1, pt. 2 and 3 of the Personal data protection Act and in particular on the following basis:
- Express consent of the Client;
- Performance of obligations BIONAT to the Customers.
(2) By accepting the terms and conditions for using the service provided by BIONAT Customers expressly agree that BIONAT has the right to process their personal data provided when registering to use the services or the conclusion of the contract.
(3) BIONAT is registered as a personal data administrator at the Commission for Personal Data Protection under number No 243872 of 07.12.2012.
Art. 2. (1) BIONAT collects and processes personal data provided by the Customers for the purpose of providing Services under the contract with the Customers, including the following purposes:
- accounting purposes;
- information security protection;
- securing the implementation of the contract to provide the relevant service;
- settlement of disputes between the Client and third parties;
(2) BIONAT follows the following principles to the processing of personal data of the Customers.
- lawfulness and good faith;
- accurate determination of the purposes of the processing;
- relevance to the objectives of treatment;
- accuracy and timeliness
- Customers consent for data processing.
Art. 3. (1) BIONAT does not collect and process personal data and Customers shall not provide personal data which refer to the following:
- disclosing racial or ethnic origin;
- disclosing political, religious or philosophical beliefs, membership in political parties or organizations, associations with religious, philosophical, political or trade union purposes;
- concerning health, sexual life or human genome;
(2) Paragraph 1 shall not apply in cases of art. 5 para. 2 of the Personal Data Protection Act.
Art. 4. (1) When collecting and processing personal data of Customers, BIONAT provides sufficient protection in compliance with the developments in information technology against accidental or unlawful destruction or accidental loss, unauthorized access, modification or distribution, as well as other illegal forms of processing.
(2) Customers shall undertake due diligence to store and protect personal data when provided by BIONAT.
(3) Customers undertake to maintain up to date the personal data provided by BIONAT.
Art. 5. In cases where data are derived from the Client to which they relate BIONAT has the right to be provided with, upon preliminary assessment of the need to provide in order to ensure fair processing of data regarding individual to the individual, for any specific case, the following information:
- the recipients or categories of recipients, to which data may be disclosed;
- data about the obligatory or voluntary nature of data provision and the consequences of refusing to provide them;
- information about the right of access and right to correct the data collected.
Art. 6. BIONAT provides the Customers with access to personal data collected in the process of registration for using the Services.
Art. 7. BIONAT provides the Commission for Personal Data Protection with access to its registries and shall not hamper the controlling of the processing.
Art. 8. BIONAT provided state authorities with personal data of the Customers upon express written order and in cases stipulated by law and in volume that shall not exceed the purposes they are requested for.
Art. 9. After achieving the objectives of processing personal data of Customers, BIONAT shall destroy the data or shall transfer them to another personal data administrator in accordance with the requirements of Art. 25, para. 1 of the Personal Data Protection Act.
Art. 10. (1) Customers shall be entitled with access to personal data concerning them by sending a BIONAT request for granting electronic access.
(2) BIONAT provides access only to data relating to the relevant natural person who has sent the request for access.
Art. 11. (1) The natural person subject of the data may at any time require by BIONAT following:
- confirmation as to whether data related to him are being processed, information for the purposes of such processing, for the categories of data and the recipients or categories of recipients to whom the data are disclosed;
- communication in an intelligible form containing personal data of the individual that are being processed, and any available information as to their source;
- information about the logic involved in any automatic processing of personal data related to that natural person.
(2) The individual whose data are being processed may require action under para. 1 free of charge, at most once every 12 months.
Art. 12. The natural person whose data are being processed by BIONAT may at any time require by BIONAT following:
- to delete, rectify or block his personal data, processing of which does not meet the requirements of the Personal Data Protection Act;
- to inform the third parties to which personal data have been disclosed, for any deletion, rectification or blocking carried out in accordance with the above sentence, except in cases where this is impossible or involves a disproportionate effort.
Art. 13. (1) Requests to BIONAT under this policy should contain at least the following:
- name, address and other data for identification of the relevant natural person;
- description of the request;
- preferred form of provision of information;
- signature, date of application and correspondence address.
(2) Where the request is submitted by a procurator of the person, also notarized power of attorney shall be applied.
Art. 14. (1) BIONAT shall rule on the request of the individual in accordance with Art. 13 para. 1 within 14 working days of its submission.
(2) The term under para. 1 may be extended by BIONAT up to 30 working days when there is objectively required longer period for gathering all requested data and this seriously impedes the activity of BIONAT.
(3) BIONAT shall notify in writing the individual making the request about the acceptance or shall reasonably refuse the fulfilment of the request. The notification shall be sent by BIONAT to the natural person by registered mail with return receipt or in person against signature.
(4) The lack of notification by BIONAT to the individual in this article shall be considered a rejection.
Art. 15. The individual to whom the data relate is entitled to the following:
- object before BIONAT the processing of his/her personal data upon existence of legal grounds for that; when the objection is justified, the personal data of the data subject may no longer be processed;
- to contest the processing of his/her personal data for direct marketing purposes;
- to be informed before his/her personal data are disclosed for the first time to third parties or used on their behalf for the purposes of item 2 and be given the opportunity to appeal against such disclosure or use.
Art. 16. (1) The individual agrees that BIONAT has the right to store information or gain access to information stored in the terminal device of the recipient of the services offered by BIONAT via its website.
(2) BIONAT shall provide the recipient of the service with an opportunity at any time to receive information about data stored in the end device. Relevant natural person shall exercise this right through inquiry by e-mail to BIONAT and legitimation by an ID card.
(3) If the individual did not expressly challenge the storing of information, or gaining access to the information stored in the end device, BIONAT has the right to carry out these activities without express consent of the individual. The ability of the individual to lodge the appeal pursuant to this paragraph is provided via the main page of BIONAT on the Internet.
(4) BIONAT shall provide no explicit opportunity for the individual to disagree on this article in the cases of provision of a service to an information society explicitly requested by the recipient of the information society service.
Commission for Personal Data Protection
- Address: Bulgaria, Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
- : 359 2 940 20 46, fax 359 2 940 36 40
- E-mail: firstname.lastname@example.org, email@example.com
- Website: www.cpdp.bg