Personal data protection:GDPR
Bozhinov Sie OOD through its online store ww.truckshop.bg carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data.
Basis for collecting, processing and storing your personal data:
- The administrator collects and processes your personal data in connection with the use of the online store www.truckshop.bg and the conclusion of contracts with the company on the basis of Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR) , and more specifically on the following grounds:
Express consent received from you as a customer;
Fulfillment of the Administrator's obligations under a contract with you;
Compliance with a legal obligation that applies to the Administrator;
For the purposes of the legitimate interests of the Administrator or a third party;
Purposes and principles in the collection, processing and storage of your personal data:
- We collect and process the personal data that you provide us in connection with the use of the truckshop.bg online store and the conclusion of a contract with the company, including for the following purposes:
creating a profile and providing full functionality when using the online store;
individualization of a party to the contract;
protection of information security;
ensuring the performance of the contract for the provision of the relevant service.
sending a newsletter if you wish;
- We observe the following principles when processing your personal data:
legality, good faith and transparency;
limitation of processing purposes;
relevance to the purposes of the processing and minimization of the data collected;
accuracy and timeliness of data;
limitation of storage in order to achieve the objectives;
integrity and confidentiality of processing and ensuring an appropriate level of personal data security.
- When processing and storing personal data, the Administrator may process and store personal data in order to protect the following legitimate interests: fulfillment of obligations to the National Revenue Agency, the Ministry of the Interior and other state and municipal bodies.
What types of personal data our company collects, processes and stores:
- The company performs the following operations with the personal data provided by you for the following purposes:
Registration of a user in the e-store and execution of a remote purchase and sale contract - the purpose of this operation is to create a profile for using the e-store to purchase goods and provide contact details for delivery of purchased goods. Registering and creating an account to use the online store is not a mandatory step of providing the service, and it is available to a large extent without creating an account through the "Quick Order" option. Based on the impact assessment, the personal data protection officer considers that the operation "Registration of a user in the e-store and execution of a contract of purchase and sale at a distance" is permissible and provides sufficient guarantees for the protection of rights and the legitimate interests of data subjects in accordance with GDPR requirements.
Conclusion and execution of a commercial transaction with a customer or partner - the purpose of this operation is the conclusion and execution of a contract with a commercial partner or customer and its administration. Given the limited scope of the collected personal data and the fact that some of them are collected from publicly available sources, the Personal Data Protection Officer considers that conducting an impact assessment is not necessary. Sending newsletters and advertising messages - the purpose of this operation is to administer the process of sending newsletters to customers who have indicated that they wish to receive them.
- The administrator processes the following categories of personal data and information for the following purposes and on the following grounds:
Data for registration and receipt of the newsletter (names, e-mail)
Purpose for which the data is collected: Establishing contact with the user and sending information to him, for the purposes of user registration in the online store, as well as for sending an information bulletin.
Basis for processing your personal data - With the acceptance of the general conditions and registration in the electronic store or placing an order without registration, or upon concluding a written contract, a contractual relationship is created between the Administrator and you, on the basis of which we process your personal data - art. . 6, para. 1, b. (b) GDPR. Your data for sending an information bulletin is processed on the basis of your express consent - art. 6, para. 1, b. (a) GDPR.
Additional data provided by you - If you wish to add to your profile, you can fill in your surname, address, phone number and location.
Purpose for which the data is collected: Supplementing information about the user in his user account.
Grounds for data processing: You have provided express consent for the processing of his personal data for one or more specific purposes - art. 6, para. 1, b. (a) of the GDPR at the time of registration in the online store.
Delivery data (names, phone, e-mail, address)
Purpose for which the data is collected: Fulfillment of the administrator's obligations under a contract for distance sales and delivery of the purchased goods, including when exercising the right of return and exchange or refusal of the purchased goods.
Basis for processing your personal data - With the acceptance of the general conditions and registration in the electronic store or placing an order without registration, or upon concluding a written contract, a contractual relationship is created between the Administrator and you, on the basis of which we process your personal data - art. . 6, para. 1, b. (b) GDPR.
- The administrator does not collect or process personal data related to the following:
reveal racial or ethnic origin;
reveal political, religious or philosophical beliefs, or membership in trade unions;
genetic and biometric data, health data or data about sex life or sexual orientation.
- The personal data are collected by the Administrator from the persons to whom they refer.
- The Company does not perform automated decision-making with data.
- The company does not collect and process data for persons under the age of 16, except with the express consent of their parents or legal representatives.
Period of storage of your personal data
- The administrator stores your personal data for a period not longer than the existence of your account in an online store or the placing of the order through the "Quick order" option. Upon deletion of your account or successful completion, the Administrator shall take reasonable care to delete and destroy all of your data without undue delay or to anonymize it (i.e. reduce it to a form that does not reveal your identity).
- The Administrator stores your personal data, provided in connection with online orders, for a period of 5 years for the purpose of protecting the Administrator's legal interests in legal or administrative disputes with users of the online store, and the accounting documents are stored for the relevant statutory period.
- The Administrator notifies you in the event that the data storage period needs to be extended in order to fulfill a legal obligation or in view of legitimate interests of the Administrator or otherwise.
- The Administrator stores the personal data of the legal representatives of its commercial partners for the period of performance of the contract, to comply with the legitimate interests and legal obligations of the Administrator, and this period may exceed the term of the concluded contract.
Transmission of your personal data for processing
- The administrator may, at its own discretion, transfer part or all of your personal data to processors of personal data for the fulfillment of the processing purposes to which you have agreed, subject to compliance with the requirements of Regulation (EU) 2016/679 (GDPR).
- The administrator notifies you in case of intention to transfer part or all of your personal data to third parties or international organizations.
Your rights in the collection, processing and storage of your personal data:
Withdraw consent to the processing of your personal data:
- If you do not want all or part of your personal data to continue to be processed by the Company for specific or all processing purposes, you can withdraw your consent to processing at any time by filling out the form in your profile or by requesting in a free text.
- The administrator may ask you to verify your identity and identity with the person to whom the data relates by asking you to enter an email address and password to access the site on site at the Company's office in front of our employee.
- With the withdrawal of consent to the processing of personal data, which is mandatory for the creation and maintenance of a profile in the online store, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or make a new registration.
- If there is an order placed by you that is being processed, the earliest you can withdraw your consent to processing is upon successful completion of the order.
Right of access:
- You have the right to request and receive confirmation from the Administrator as to whether personal data related to you are being processed, and if you are a registered user, you can at any time see in your profile the personal data that you have provided and that are being processed for you.
- You have the right to access the data related to you, as well as the information related to the collection, processing and storage of your personal data.
- The administrator provides you, upon request, a copy of the processed personal data related to you, in electronic or other appropriate form.
- Providing access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repetitive or excessive requests.
Right to rectification or completion:
- You can correct or complete inaccurate or incomplete personal data related to you directly through your profile on the website or by making a request to the Administrator.
Right to erasure ("to be forgotten")
- You have the right to request from the Administrator the deletion of part or all of your personal data, and the Administrator has the obligation to delete them without undue delay when any of the following grounds are present:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
You withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
You object to the processing of your personal data, including for direct marketing purposes, and there are no overriding legal grounds for the processing;
the personal data were processed unlawfully;
the personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the Administrator;
personal data were collected in connection with the provision of information society services.
- The administrator is not obliged to delete the personal data if it stores and processes them:
to exercise the right to freedom of expression and the right to information;
to comply with a legal obligation that requires processing provided for in EU or Member State law applicable to the Administrator or for the performance of a task in the public interest or in the exercise of official powers conferred on him;
for reasons of public interest in the field of public health;
for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;
for the establishment, exercise or defense of legal claims.
- In case of exercising your right to be forgotten, the Company will delete all your data, except for the following information:
information that is necessary to verify that your right to be forgotten has been met - email, IP address;
technical information about the functioning of the online store, which information cannot be linked in any way to your person;
e-mail with which you registered in the online store.
- To exercise your right to be forgotten, it is necessary to:
submit a request through your online store account
by sending a request by email to the Administrator
from the My Personal Information page
- The administrator may ask you to verify your identity and identity with the data subject.
- If there is an order placed by you that is being processed, the earliest you can request to be "forgotten" is upon successful completion of the order.
- By deleting your personal data, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or make a new registration.
- The administrator does not delete the data that he has a legal obligation to store, including for defense in connection with legal claims made against him or to prove his rights.
Right to Limit:
- You have the right to request the Administrator to limit the processing of your related data when:
dispute the accuracy of the personal data, for a period that allows the Administrator to verify the accuracy of the personal data;
the processing is illegal, but you do not want the personal data to be deleted, but only to have its use restricted;
The administrator no longer needs the personal data for the purposes of processing, but you require them to establish, exercise or defend your legal claims;
You have objected to the processing pending verification of whether the legal grounds of the Administrator take precedence over your interests.
Right to information:
- You can at any time download or view the data that is stored and processed for you in connection with the use of the Administrator's services, directly through your profile or by e-mail request.
Your rights in the event of a breach of the security of your personal data:
- If the Administrator detects a violation of the security of your personal data, which may create a high risk for your rights and freedoms, he notifies you without undue delay about the violation, as well as about the measures that have been taken or are about to be taken.
- The administrator is not obliged to notify you if:
has taken appropriate technical and organizational measures to protect the data affected by the security breach;
has subsequently taken measures to ensure that the breach will not result in a high risk to your rights;
notification would require a disproportionate effort.
Third parties to whom we provide your personal data:
Courier companies and postal services carrying out the delivery of confirmed orders through the Site - "Ekont Express" OOD, EIC: 117047646 and "SPIDI" AD, EIC 131371780
- The administrator does not transfer your data to third countries.
- In the event of a violation of your rights under the above or applicable personal data protection legislation, you have the right to file a complaint with the Commission for Personal Data Protection as follows:
Personal Data Protection Commission:
Headquarters and address of management
Sofia 1592, Prof. Blvd. Tsvetan Lazarov" No. 2
Sofia 1592, Prof. Blvd. Tsvetan Lazarov" No. 2
Changes to personal data policies
Used cookies from truckshop.bg
1. WLID: Allows us to find the customer's wish lists, is kept for 6 months
2. PCC: Allows us to find a customer's permanent or abandoned cart, kept for 6 months
3. PPLastShow: Limits how often pop-ups are shown, keeps for 2 months, contains no personal data
4. PCODE: Enables partner linking and pricing accordingly, retained for 90 days
5. PointsReferrer: Enables correct reward with bonus points, retained for 30 days
6. MIPHPF_SESSION<number>: Saves the client's session ID, only the current browser session is saved