Privacy and Policy
Who is the Data Controller?
The Controller of the personal data processed through the Website is the company named Gradus 1 EOOD, with UIC: 822132592, with contact address: 110B, Simeonovsko shose Blvd., Sofia and email: firstname.lastname@example.org (hereinafter referred to as "the Controller", as well as "we", "us").
The Controller is part of Gradus Corporate Group, which includes the following companies:
- Gradus AD, with UIC:204882907; And the following subsidiaries:
- Gradus 1 ЕООD, with UIC: 822132592;
- Gradus-3 АD, with UIC: 123152751;
- Gradus-98 АD, with UIC: 123120561;
- Lora-2004 ЕООD, with UIC:123658624;
- Millenium 2000 ЕООD, with UIC: 119591422;
- Zhyuliv ЕООD, with UIC: 119053781;
- „Gold Farm 91“ ЕООD, with UIC: 205933500
Depending on the particular situation, the personal data processed by the Controller may be shared with other companies within Gradus Group (for example, if in a contact form a request is made by a data subject to a company other than the Controller). In these cases, the Controller, together with other companies within Gradus Group, shall process the same personal data as joint or independent controllers of personal data, or in relation being controller - personal data processor. For more information on this, please read the section Who we share your personal information with below.
Contact details of Controller
Contact address: 110B, Simeonovsko shose Blvd., Sofia
Contact phone: 02/421 4065
What personal data do we collect and why do we process your personal data?
The Controller, and if necessary the other companies within Gradus Group, shall process only those personal data that are minimum necessary in view of the specific purpose or situation.
We shall collect only the personal data we need to provide you with the appropriate service and the possibility to use the Website or the Facebook page, to respond to your inquiry, or to fulfill our obligation towards you.
We shall collect additional personal data only if we have obtained your explicit consent (for example, to display customized advertising content or for statistical analysis of how the Website is used) or if there is another legitimate reason for doing so.
The cases in which we collect and process your personal data, and the purposes for which we collect it, are as follows:
|Activity||Types of personal data and purpose of processing||Grounds for personal data processing|
|Cookies and social plugins
Better Website performance, determining the trends in user behavior
For the information being processed in connection to the cookies, please read our Cookie Management Policy.
In order to improve the operation of the Website, we process your personal data (for example as how many times you have visited our Website, etc.) based on your prior consent.
|Explicit prior consent given on the initial visit to the Website (for the necessary cookies);
Legitimate interest in maintaining the proper functioning of the Website;
|Using the Contact Form on our Website||When you write to us through our Website, you need to provide a name and a phone number or a contact email so we can contact you. If you share with us other personal information in your request, we shall process this information to the extent that is necessary to answer the questions you have asked us (for example, if you would like to exercise your right to file a claim regarding our product or share praise or a complaint);||Explicit prior consent;
Legitimate interest in improving the quality of our services;
|Visit and actions taken in connection with our Facebook page||When you like, share, or comment on our Facebook posts, when you write us messages on Facebook messenger, or tag us in your posts, we process your personal data that is accessible through Facebook.
|Explicit prior consent;
Legitimate interest in improving the quality of our services;
Regardless of the reason why you share your personal data with us, we recommend that you do not disclose sensitive personal information: such as racial or ethnic origin, religion, union membership, sexual orientation, health status, etc.
For what time your personal data are being retained and stored?
Gradus Group will only retain and store your personal data for the purposes stated above and only for the time required for them.
Please take into consideration that we shall retain the data provided with regards to filing claims and the documents issued in this connection containing personal data for a period of three years following the year of processing the claim.
Who we share your personal data with?
We will not share or disclose your information for marketing or other purposes to third parties.
The Controller will provide access to personal information of Website visitors to other companies within Gradus Group only if necessary and in accordance with the provisions of the law. The access granted will be limited to the personal data needed by the company to which the access is granted for the purpose for which the access is granted.
In limited cases, Gradus Group will disclose personal information to the following persons:
- IT Service providers: in connection with some of the data processing processes, such as to eliminate potential problems with the functioning of the Website and its security, Gradus Group may need to use third party services that will be bound by the implementation of specific data protection measures.
- State bodies and institutions, bodies of local self-government, bodies of the judiciary system: in the cases envisaged by law for the fulfillment of statutory obligation.
As a rule, Gradus Group does not export or provide access to personal data processed in connection with the Website to controllers or data processors in non-EU countries. In the event that personal data are required to be transmitted by Gradus Group to a non-EU or non-EEC country, this will be done in accordance with this policy, timely notification sent to the data subject (if applicable) and in the presence of any of the following conditions:
- where there is a decision by the CPDP or the European Commission that the country concerned provides an adequate level of personal data protection;
- when an agreement has been concluded with the organization to which personal data are sent containing standard data protection clauses approved by the European Commission;
- when the data transfer is necessary in order to fulfill a contract with the relevant user;
How we protect your rights?
Gradus Group shall process your personal data only in accordance for the above purposes and time periods.
When we collect personal data, we do so in a minimal amount and only for pre-defined and clearly determined purposes and storage periods. We only provide access to data to a limited number of people who have been previously trained and instructed on how to handle the data.
Gradus Group maintains appropriate physical, procedural, administrative, organizational and technical safeguards designed to prevent the loss, illegal use, unauthorized access to, disclosure or alteration of personal data controlled and administered by Gradus Group.
If you believe that your personal data processed by Gradus Group is no longer secure, you may contact Gradus Group and share your concerns by using the contact details in this policy.
In the event of a breach of personal data security and where the breach is likely to create a high risk to the data subjects' rights and freedoms, Gradus Group will notify the data subjects of the breach as required by law.
What are your rights?
As a data subject, you have the right to receive confirmation and/or detailed information, incl. a copy of the personal data processed for you (right to access).
In addition, you may object to the collection and further processing of your personal data, and request that your data be corrected (updated) or deleted (when we do not have a valid legitimate basis to continue processing your data).
It is important for you to know that you can withdraw your consent to the processing of personal data at any time by contacting us using the contact details provided or changing your cookie settings on our Website here.
If you believe that your data protection rights have been violated, you have the right to file a complaint with the Commission for Personal Data Protection: 1592 Sofia, 2 Tsvetan Lazarov Blvd., tel. 02 / 91-53-518, e-mail : email@example.com and/or to other supervisory/ regulatory authority.
If you have a question that has not been answered in this policy, you can contact the Data Controller or ask it by using our email at firstname.lastname@example.org or telephone number 02/421 4065
Amendments to this Policy
Any amendments to this policy will be announced on Gradus Group website. In the event of a material change of information, we will further notify you by sending an email insofar as we have reason to process your contact details.