POLICY FOR PERSONAL DATA PROTECTION OF SMART-BOX.BG OOD,
And CONFIDENTIALITY POLICY. COOKIES.
SMART-BOX.BG OOD (hereinafter referred to as Controller of the Company) performs its activity in compliance with the Law on Personal Data Protection and Regulation (EU) 2016/679 of the European Parliament and of the Council of 01 October 2015 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This information aims to inform you about all aspects of processing your personal data by the Company and the rights you have in reference with this processing.
2. Main provisions
3. The Company shall take the due care and be responsible for the protection of the information the User pursuant to the existing national and European legislation that became known to them due to the use of the services and/or the use/visiting of the mobile application SmartBox – subject-matter of the General Terms for the Users and the incorporated Personal Data Protection Policy (hereinafter referred to as Policy).
4. The following personal data are provided for the registration of a User in the mobile application SmartBox: Name and surname; e-mail account; year of birth; telephone; city; gender. In addition, information about the performing of the registration and consent with these General Terms and the Personal Data Protection Policy (date, time, type of browser (web or mobile) and IP address) is stored.
5. Aiming to examine and resolve the received complaints, inquiries or other questions and correspondence sent in the communication to the mobile application SmartBox, received through e-mail, the Company shall store and process this information and the result of this processing.
6. The Company may also process other data related to the User, in the cases where the latter provides voluntarily such data by filling in the relevant electronic forms in the mobile application, adding preferences, settings, etc.
7. Each User shall provide personal data for the purposes of registration in SmartBox and using the functionality of the mobile application SmartBox; maintenance and administration of the mobile application SmartBox and the functionalities provided through it; detection and correction of technical problems; detecting and avoiding malicious acts; establishing communication; receipt, processing and exchange of electronic written documents, notices, complaints and others between the User and the Company.
8. The Company shall not collect or process personal data that refer to the following:
9. Grounds for processing your personal data – with the acceptance of the General Terms and registration in SmartBox, or with concluding of a written agreement between the Company and you, contractual relations are established based on which, we process your data – art. 6, para. 1, letter (b) GDPR;
10. The Company shall observe the following principles in the processing of your personal data:
11. The Company shall store and use log files with the following purposes:
12. The Company shall collect, use and process the information specified above for the purposes envisaged in the General Terms for use of the mobile application SmartBox by the Users and the Policy for Data Protection, an inseparable part of them, that may be:
13. Each User shall provide personal data aiming to use the services provided by SmartBox, including the processing of the provided personal data in case of necessity of a subsequent legitimation.
14. Each User shall provide personal data aiming to exercise the rights and legal interests of the Company, including under judicial procedure; in reference to the protection of personal data of the User, in reference to the providing of the personal data stored and processed by the Company upon a request by competent and control governmental and administrative authorities, including by judicial bodies.
15. The Company shall be obliged to notify each User when their processes personal data are provided pursuant to the existing legislation.
16. The Company shall process the personal data provided by the User after the explicit consent thereof has been obtained, on legal grounds and/or legitimate interest.
17. The Company shall store your personal data for a term not longer than the existence of your profile in SmartBox or until the withdrawal of the consent for processing. After the deleting of your profile or the successful completion, the Company shall take the due care to erase and eliminate all your data, without any undue delay, or to anonymize them (i.e., to make them in a form not disclosing your identity).
18. The Company shall store your personal data provided in reference to online placed offers for a period of 5 years for the purposes of protection of the legal interests of the Company in judicial or administrative disputes with users of the mobile application, and the accounting documents shall be stored for the relevant statutory period.
19. The Company shall notify you in case the term for storage of data may be extended in view of execution of a legal obligation or in view of legitimate interests of the Controller or another.
20. The Company shall store the personal data of the legal representative of its commercial partners for the term of validity of the agreement for observance of the legitimate interests and the legal obligations of the Controller, and this term may exceed the term of the concluded agreement.
21. The term for storage of data shall continue pro rata until the final completion of the arisen dispute or proceeding before all instances in case of arisen legal dispute or proceedings requiring data protection and/or a request from a competent governmental authority. In case of changes in the applicable law – the terms for storage shall be extended and/or reduced respectively to the changes.
22. Withdrawal of the consent for processing your personal data:
23. Right of access:
24. Rights of correction or addition: you may correct or add incorrect or incomplete personal data related to you directly through your profile in the website or by sending a request to the Controller.
25. Right of erasure („to be forgotten“):
25.1. You have the right to request from the Controller the erasure of part or all personal data related to you and the Controller shall have the obligation to erase them without any undue delay where there is any of the below specified grounds:
25.2. The Controller shall not be obliged to erase the personal data if they store and process them:
25.3. In case you exercise your right to be forgotten, the Company will erase all your data, with the exception of the following information:
25.4. To exercise your right to be forgotten, it is necessary that you submit through your profile in SmartBox or by sending a request to the Controller by e-mail.
25.5. The Controller may request that you prove your personal identity and identity with the person the data are about.
25.6. If there is an order placed by you for the service that is in a course of processing, the earliest time at which you can request to be “forgotten” is at the successful completion of the order.
25.7. With the erasure of your personal data, your account will become inactive Of course, you can review SmartBox and the offered products and place orders as a guest, or make a new registration.
25.8 The Controller shall not erase the date they are legally obliged to store, including to protect in reference to judicial claims brought against them, or for proving their rights.
26. Right of limitation: You have the right to request from the Controller to limit the processing of data related to you if:
27. Right of transferability:
28. Right to receive information: You can request from the Controller to inform you about all recipients to whom the personal data for which correction, erasure or limiting the processing have been requested were disclosed. The Controller may refuse to provide this information if this would be impossible or would require disproportionately great efforts.
29. Rights of remuneration: you may object at any time against the processing of personal data by the Controller that are related to them, including if they are processed for the purposes of profiling or direct marketing.
30. Your rights in case of violation of the safety of your personal data:
30.1. If the Controller finds a violation of the security of your personal data which may give rise to a high risk for your rights and freedoms, they shall notify without undue delay about the violation and about the measures that were undertaken or is pending to be undertaken.
30.2. The Controller shall not be obliged to notify you if:
31. Policy for cookies:
Cookies are short text files or small packs of information that are stored through the Internet browser on your end device (computer, tablet, laptop or mobile phone) when you visit various sites and pages in Internet. The main purpose of cookies is to make the user recognizable when they return to the website again. Some cookies have a more specific application such as, for example, to memorize the user behaviour on the site and to facilitate the user during the use of the website.
30.2. How are cookies used on this website?
30.3. What cookies are used on this website?
30.5. Turning off or blocking of cookies: The controlling, turning off or blocking of cookies is managed from the settings of your browser. Have in mind that the full banning of the use of all cookies may reflect on the functional performance of the site, its efficiency and the access to certain information. All cookies used on this website are eliminated/erased automatically after a certain period of time. This period is different depending on the purpose of the particular cookie.
31. The Company does not use technologies that process personal data so that the data subject (natural person User) is subject of a solution based only on automatic processing, including profiling which causes legal consequences for the data subject or affects them to a significant extent except if there are the grounds envisaged in the applicable legislation for protection of rights, freedoms and legitimate interests of the data subject.
32. The Company shall not be responsible for accuracy of the data provided by the User, does not perform any checks in this regard and does not guarantee the actual identity of the natural persons who provided the data. In all cases of doubt, of ascertained fraud and/or misuse, the User should notify the Company immediately.
33. Each user may specify their questions and requests related to exercising their rights related to protection of personal data to the Controller at the address of the registered address of the Company or to e-mail: firstname.lastname@example.org.
34. Actuality and change of the rules. Aiming to apply the most actual measures for protection and aiming to observe the existing legislation, we will regularly update these Rules through our internet site. We kindly ask you to review regularly the current version of those rules, to be permanently informed about how we take care of the protection of the personal data we collect.
In case a User does not agree with the General Terms and with the Personal Data Protection Policy, the Company denies to provide access to the services offered by SmartBox and to be party to legal relations with the relevant User.