ПОЛИТИКА ЗА ЗАЩИТА НА ЛИЧНИТЕ ДАННИ
PERSONAL DATA PROTECTION POLICY
The team of the company "HUS Estate " Ltd. ( owner of the website www.husestate.com ) takes the security and protection of the personal data of the visitors of our website extremely seriously. With this document we inform you how and for what purposes we will process the personal information you provide when using our website.
This privacy policy covers issues related to personal data, including what information we collect as a Data Controller, how we use it and what rights users have in this regard.
“HUS Estate ” Ltd. (hereinafter referred to as “HUS Estate”) is a data controller under Regulation (EU) 2016/679 (hereinafter referred to as the “Regulation”).
Administrator identification: "HUS Estate " Ltd.
Headquarters and management address: Plovdiv, "Southern" district, Ring Road, Hus Base and management address: Plovdiv, "Southern" district, Ring Road, Hus Base
UIC : 204946740, VAT number: BG 204946740
Manager: Simeon Pishtalov
I. “Hus Estate” treats as personal data any information that identifies a specific natural person or that relates to a natural person by which the same can be identified. The processing of personal data is an action or set of actions that can be performed in relation to personal data by automated or other means.
How do we collect information about you? The team at www.husestate.com may collect, store and use the following types of personal information when you use the site: www.husestate.com
1. We collect personal data after the explicit consent of the person to whom it relates. When you register on our site or use any of the forms, you provide us with certain information voluntarily, which we process and store. This information may include: name, surname, last name, email address, phone number, comments and any other information you provide to us. You may choose to share location data or photos with us. We may prefer to reduce the volume of data that we store and process, according to the purposes of the processing.
In the event of a contractual relationship, for the purpose of fulfilling the contract, we necessarily receive the following personal data: name, surname, family name, personal identification number, address, email, telephone number.
2. In case you decide to purchase a product or order a certain service through the website www.husestate.com , we collect information about your address, telephone number and details about the product or service you ordered.
3. When connecting your profile to your Facebook account / Instagram, TikTok or Google or other third-party services, we also receive information from these profiles (e.g. friends or contacts). The information we receive from these services depends on the settings and privacy statements, so each individual should check what they are.
4. We also receive technical information when you use our site. Every time you use the site, mobile application or other internet service, the system creates and records certain information automatically. Here are some of the categories of information we collect:
a/ Log Data. When you use the Site, our servers record information (“log data”), including information that your browser automatically sends when you visit a website or that your mobile application automatically sends when you use it. This log data includes your Internet Protocol address, the address and activity of the websites you visit, searches, browser type and settings, date and time of your request, how you used the Site, cookie data, and device data. If you would like more details about the information we collect, please contact us via the contact form.
b/ Cookie Data. We also use cookies (small text files sent from your computer each time you visit our website) or similar technologies to capture data. When we use cookies or other similar technologies, we use session cookies (which last until you close your browser) or persistent cookies (which last until you or your browser deletes them). For example, we use cookies to store your language preferences or other settings so you don’t have to set them each time you visit the site. Some of the cookies we use are associated with your profile (including information about you, such as the email address you have given us), and other cookies are not.
c/ Device Information. In addition to log data, we collect information about the device you use to access our website, including device type, operating system, settings, unique device identifiers, and crash data that helps us understand when something breaks. Whether we collect some or all of this information often depends on the type of device you use and its settings. For example, there are different types of information depending on whether you use a Mac, PC, iPhone, or Android phone. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.
II. What we do with the information we collect. Purposes and duration of processing:
Goals
"Hus Estate" processes and stores the personal data specified above solely for the purpose of fulfilling its contractual obligations and more precisely processing its users' requests, making deliveries, as well as for the following purposes:
a/ On the basis of Art. 6, item 1, letter "b" of the Regulation - for the implementation of pre-contractual relations;
b/ On the basis of Art. 6, item 1, letter "b" of the Regulation - for the performance of contractual obligations that have already arisen. xxxxxx
1, letter "e" of the Regulation - for retargeting in connection with the purposes of marketing, remarketing or optimization ;
Deadline
The data is stored and processed as long as the user's account is active and for 1 year after its deactivation or deletion, as well as for as long as it is needed to provide our services. In case the person makes the relevant request, the information is destroyed immediately.
III. Rights you may exercise in relation to your personal data:
All rights are exercised, and the relevant requests and notifications in relation to the rights of data subjects are submitted via the CONTACT FORM ON ISSUES RELATED TO PERSONAL DATA by e-mail or by post to the management address specified above. Requests are made in a manner that allows the identity of the applicant to be identified. With regard to some rights, technical possibilities for their exercise may be applicable, for example, an Unsubscribe Button. In any case, the administrator must respond to the request or take a decision regarding the declared right to the address or e-mail provided in the contact form, within one month of its receipt.
According to the General Data Protection Regulation, the data subject has the right to:
• Awareness (in relation to the processing of his personal data by the administrator); When there is a risk of a breach of the security of your personal data, the administrator is obliged to inform you of the nature of the breach and what measures have been taken to remedy it, as well as whether the supervisory authority has been notified of the breach.
• Access to your own personal data and the right to withdraw consent to processing. As a data subject, you have the right to request confirmation as to whether your personal data are being processed and, if so, to receive access to your data and the following information: for what purpose the data is being processed, what personal data, the recipients of the data, the period of processing. Requests for access must be made in writing/electronic form and addressed to the controller. You also have the right to withdraw your consent to the processing of your personal data at any time.
• Correction (if the data is inaccurate). As a data subject, you have the right to request correction of your personal data that is inaccurate/outdated. For this purpose, you must submit a separate request. Your request will be responded to by the administrator in the following manner – in writing, to the e-mail address provided.
• Erasure of personal data (right to be forgotten). As a data subject, you have the right to “be forgotten”, i.e. to request that your personal data be erased without undue delay, i.e. the controller erase your personal data from all systems and records where they are stored, including informing all third parties/processors to whom the data have been provided. A request for erasure may be submitted on the grounds provided for in the Regulation, including where any of the following grounds exist: the personal data are no longer necessary for the purposes for which they were collected; where you have withdrawn your consent; where you have objected to the processing; where the processing is unlawful; where the personal data must be erased for compliance with a legal obligation under Union or Member State law to which the controller is subject; where the personal data were collected in connection with the provision of information society services. The administrator may refuse to delete personal data on the grounds specified in the Regulation - when the processing of the specific data is for the purpose of: exercising the right to freedom of expression and information; performing a legal obligation or a task in the public interest or exercising official authority vested in the administrator; for public health purposes; for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes; or establishing, exercising or defending legal claims.
• Restriction of processing by the controller or processor of personal data. As a data subject, you have the right to request the controller of your personal data to restrict their processing. Restriction is permitted in the following cases: – when you consider that your personal data are inaccurate, in which case the restriction is for a period necessary for the controller to verify the accuracy; – when the processing of your personal data is unlawful, but you do not want them to be deleted, but only want their use to be restricted; – when the controller no longer needs your personal data for the purposes of the processing, but you, as a data subject, require them for the establishment, exercise or defence of legal claims; – when you have objected to the processing pending verification of whether the legitimate grounds of the controller override your interests. To this end, if any of the above conditions apply, you should submit a request.
• Portability of personal data, including between different controllers. The data subject has the right to portability – to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent or a contractual obligation and the processing is carried out by automated means. When exercising the right to data portability, the data subject has the right to obtain the direct transfer of the personal data from one controller to another, where this is technically feasible.
• Objection to the processing of his/her personal data. As a data subject, you have the right to object to the processing of your personal data at any time, including for direct marketing purposes. The controller must give reasons for whether to accept the objection or why the personal data are being processed if the objection is rejected. • The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects him/her. The data subject has the right to contest the automated decision at any time.
• Right to judicial or administrative redress in the event that the rights of the data subject have been violated. As a data subject, you have the right to lodge a complaint against the processing of your personal data or failure to comply with your rights in relation to the protection of personal data with the competent supervisory authority – the Personal Data Protection Commission, address: 2, Prof. Tsvetan Lazarov Blvd., Sofia 1592 (www.cpdp.bg). Also, a person who has suffered material or non-material damage as a result of a violation of the Regulation has the right to receive compensation from the controller or processor of personal data for the damage caused.
Security. We have taken numerous technical, legal and organizational measures to protect the personal data of each individual. In order to avoid unauthorized access, we implement encryption procedures in some areas. We also use SSL protocols to prevent the possibility of data misuse by third parties. We do not share data with third parties, except in cases where we need to deliver an ordered product.
We may use the services of third parties who act as processors of personal data for the above-mentioned processing purposes. These persons process personal data on our behalf and are obliged to comply with the applicable personal data protection regulations. These persons are carefully selected by us and have access only to data that they need to provide the services they are engaged in and within the framework of the consent expressed to us. In the event that these persons are outside the EU and do not meet the necessary requirements of the GDPR, based on its status as a regulatory act, we will ensure the protection of personal data through contractual or other legal instruments. It is also possible that personal data may be provided to state or municipal authorities that exercise different types of control within the framework of the law.
Advertising. By confirming the request for account registration, confirming an order for a service or product, the user gives his explicit consent to the processing and transfer of his personal data for one or more of the following purposes:
a/ Including the user's assessment and opinion in marketing research by electronic methods - by e-mail or messenger.
b/ Receiving electronic messages about products, services, etc. advertising messages on all owned devices. c/ Receiving personalized advertising that is tailored to the user's preferences. Personalization is carried out based on an assessment of user behavior data; d/ Receiving personalized commercial offers tailored to the user's behavior and relevant to his preferences by e-mail, mail or messenger. For this purpose, the user's consumption data based on his purchasing behavior, his participation in advertising campaigns, as well as the use of the site may be subject to analysis and prediction of the user's interests. e/ Receiving non-personalized advertising. Users will also receive information about current products, services, initiatives, etc. advertising messages.
Declaration. In the process of processing personal data, Hus Estate complies with the principles of European and national legislation related to the protection of personal data of individuals. By implementing a package of organizational, technical and legal measures, we strive to guarantee a high level of security of personal data, protection against unauthorized processing, destruction or damage.
Data subjects have the right to file a COMPLAINT against an administrator and/or processor of personal data for a violation of their rights under Regulation (EU) 2016/679 and/or the Personal Data Protection Act or a REPORT for a violation of the legislation when your rights are not affected.
The complaint or report must contain:
1. data about the sender – name, correspondence address and permanent address, contact telephone number, e-mail address (if available);
2. the nature of the complaint or report;
3. date of knowledge of the violation, if any;
4. identification of the person against whom the complaint or report is filed;
5. other information or documents, when this is provided for by law or in the Rules of Procedure of the Personal Data Protection Commission and its administration;
6. date and signature (for electronic documents – electronic signature, for paper documents – handwritten).
You can file a complaint or report with the Personal Data Protection Commission in one of the following ways:
1. In person on paper – at the registry office of the CPDP at the address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd. (see the location of the CPDP ).
2. By letter to the address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., Personal Data Protection Commission.
3. By fax - 029153525.
4. To the CPDP e-mail address – kzld@cpdp.bg . IMPORTANT! When submitting a complaint in this way, it must be formatted as an electronic document, signed with a qualified electronic signature (QES). Complaints that are scanned or photographed and submitted to its e-mail address, but not signed with a QES, are not considered by the CPDP.
5. Through the Secure Electronic Service System , maintained by the State Agency for Electronic Governance.
