When using the website www.gemamex.com, your personal data is processed by ET “Gemamex”, VAT: 121295099, with headquarters and management address Sofia 1421, Lozenets Street No 4, phone: 02 / 9 631 144, email: email@example.com.
- phone: +359 2 / 9 631 144,
- email: firstname.lastname@example.org
We process your personal data on the following grounds:
- When purchasing a product from the site or in one of our offices;
- When legal acts assign us this obligation; – In all other cases, with your express consent expressed in writing at our office or at https://shop.gemamex.com/GDPR/
When purchasing a product
We process your personal data to fulfill our obligations to you.
We use your personal data to:
- manage the order and prepare the necessary documents.
- to send the products quickly and to the right place.
- – to notify you of a change in terms of purchase, delivery delay or other similar circumstances. – to maintain customer history and for easier future shopping.
On this basis, we process the following data:
- personal contact details – contact address, telephone number and email.
- identification data – the three names for receiving the goods.
- – any other information that is necessary to provide the specific service and without which the service could not be provided.
Provision of personal data to third parties:
We provide your personal data to third parties in order to offer quality and comprehensive service. We provide your personal data to third parties in order to offer quality and comprehensive service. We do not provide your personal data to third parties before ensuring that all technical and organizational measures are taken to protect this data and we strive to implement strict controls to fulfill this purpose.
We provide personal data to the following categories of recipients (administrators of personal data):
- postal operators and courier companies with a view to sending shipments containing contracts, additional agreements, products and other documents;
- persons hired on a civil contract, supporting the processes of sales, logistics, delivery, etc.;
- lawyers registered under the Law on the Bar;
- payment service banks;
- – persons to whom we assign to maintain equipment, software and hardware used to process personal data and necessary for the company’s activities
Legal processing obligations
It is possible that the law stipulates an obligation for us to process personal data. In these cases, we are required to carry out the processing, such as:
- obligations under the Anti-Money Laundering Measures Act;
- – fulfillment of obligations in relation to distance sales, off-premise sales provided for in the Consumer Protection Act;
Provision of information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;
- obligations stipulated in the Accounting Act and the Tax and Insurance Procedural Code and other related legal acts, in connection with the keeping of legal accounting;
- – provision of information to the court and third parties, within the framework of proceedings before a court, in accordance with the requirements of the normative acts applicable to the proceedings;
We process your personal data only after express, unequivocal and voluntary consent. We do not foresee any adverse consequences for refusing to process personal data.
If we receive the relevant consent, until it is withdrawn or terminated, we will prepare suitable offers for you for products and services;
Withdrawal of consent
Consents may be withdrawn at any time. Upon withdrawal of consent to the processing of personal data, we will not use your personal data and information for the purposes specified above.
To withdraw the given consent, it is only necessary to contact us at the indicated contacts.
We delete data collected after consent upon express request or 3 years after initial collection.
Protection of personal data
To ensure adequate data protection of the company and its customers, we implement all necessary organizational and technical measures provided for in the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council, as well as the best practices from international standards. The company has adopted policies to prevent abuse and security breaches. In order to ensure maximum security during data processing, transfer and storage, we may use additional security mechanisms such as encryption, pseudonymisation and others. We work with software processing personal data that ensure high security standards.
Personal data we have received from 3rd parties
In some cases, we have to process your personal data, which were not provided to us by you or collected by us, but received from third parties. These are the following data:
- CV data
- data from social networks such as Facebook – user profile data
- – data from our Partners – in fulfillment of contractual obligations or after express consent
Rights of Users
As a user, you can exercise your rights by emailing email@example.com or at the company’s offices.
You have all the rights to protect your personal data according to Bulgarian legislation and the law of the European Union. Every user has the right to:
- awareness (in relation to the processing of his personal data by the administrator);
- access to your own personal data;correction (if the data is inaccurate);
- deletion of personal data (right “to be forgotten”);
- restriction of processing by the controller or personal data processor;
- portability of personal data between individual administrators;
- objection to the processing of his personal data;
- not be subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for you or similarly significantly affects you;
- right to judicial or administrative protection in the event that your rights have been violated.
You can request deletion of your data if:
- personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
- objections to processing and there are no overriding legal grounds for processing;
- personal data were processed unlawfully;
- personal data must be deleted in order to comply with a legal obligation established by law;
- – the personal data were collected in connection with the provision of information society services to children and the consent was given by the holder of parental responsibility for the child.
You can restrict the processing of personal data by us when:
- dispute the accuracy of personal data;
- the processing is unlawful, but you do not want the personal data to be deleted, but instead request the restriction of its use;
- we no longer need the personal data for the purposes of processing, but you require it for the establishment, exercise or defense of legal claims;
- object to processing pending verification that our lawful grounds for processing take precedence over your interests.
Right of portability
You have the right to receive the personal data concerning you and which you have provided to us in electronic format and to transfer this data to another controller without hindrance from us, where the processing is based on consent or a contractual obligation and the processing is carried out in an automated manner.
Right to object
You have the right to object to us processing your personal data. We will stop the processing unless we demonstrate that there are compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of you as the data subject, or for the establishment, exercise or defense of legal claims. In case of objection to the processing of personal data for the purposes of direct marketing, the processing will be stopped immediately.
Right of appeal to the supervisory authority
You can file a complaint against illegal processing of your personal data to the Commission for the Protection of Personal Data or to the competent court.
Maintaining a register
We maintain a register of the processing activities for which we are responsible. This register contains all the information below:
- name and contact details for us;
- a description of the categories of data subjects and the categories of personal data we process;
- the categories of recipients to whom personal data is or will be disclosed, including recipients in third countries or international organizations;
- when possible, the deadlines for erasure of the different categories of data;
- where possible, a general description of the technical and organizational security measures.
“Cookies” are small pieces of text information sent by the web server and stored on the user’s device. The default settings of cookies allow only the server that created them to read the information contained in them.
- Cookies are used to collect information related to the user’s use of the Website. Cookies enable the following: Cookies enable the following:
- maintaining the client’s session (after login), thanks to which the client, entering each sub page of the site, does not need to re-enter his username and password;
- adaptation of the content of the Site to the preferences of the Client and optimization of the use of websites; in particular, these files enable the recognition of the user’s equipment and the corresponding personalized display of an Internet page, tailored to individual preferences and the equipment used.
- collection of anonymous general statistics that help to better understand how users use the website. This allows improving the website, its structure and content in line with user expectations.
- the website uses two main types of cookies: session cookies and persistent cookies. Session cookies are the temporary files stored in the User’s terminal device until the User exits, leaves the Site or closes the software (browser). Permanent cookies are stored on the User’s terminal device for the period specified in the file parameters or until they are deleted by the User.
- gemamex.com within the website also uses the mechanisms of external organizations, partners and advertisers; in particular, it is the social functions of Facebook and Google that are directly related to the saving of “cookies” on the end device of the user.
- In cases where the software used to view Internet pages (browser) by default allows the storage of cookies in the Client’s terminal equipment, users can at any time change the cookie settings in the browser settings (this applies to any type of cookies) or to delete these files from their devices. In the case of geolocation services, the user gives direct consent by accepting the browser settings.
- Cookies do not contain personal data of users
More information about GDPR can be found HERE