Privacy Policy

The protection of your personal data is of particular importance for BALKAN HERBS OOD. That is why we protect your data by applying all appropriate technical and organizational means at our disposal to prevent unauthorized access, unauthorized or malicious use, and loss or premature deletion of information.

We collect and process personal data only in compliance with the requirements of Bulgarian and European legislation.

This privacy statement is intended to explain to you how and why we process your personal data.

I. How and why do we process your personal data

A) To manage and execute your order;

B) To prepare and send an invoice for the goods you have purchased from us;

C) To send you information about goods of interest, promotions, news, special events or for other advertising purposes;

D) In ​​fulfilment of regulatory obligations:
– fulfilment of obligations in connection with the distance selling provided for in the Consumer Protection Act;
– providing information to the Consumer Protection Commission or to third parties provided for in the Consumer Protection Act;
– providing information to the Commission for Personal Data Protection in connection with obligations provided for in the legislation on personal data protection – Personal Data Protection Act, Regulation (EU) 2016/679 of 27.04.2016. and others.
– obligations provided for in the Accounting Act and the TPSC and other related normative acts in connection with the maintenance of proper and lawful accounting;
– provision of information to the court and third parties, in the framework of proceedings before a court, in accordance with the requirements of the procedural and substantive legal acts applicable to the proceedings.

ІІ. What data do we process

A) Identification data: full name, unique civil number, permanent address;

B) Other data: e-mail;

C) Personal contact details: contact address, telephone number;

When we process your basic personal data and the other data described for the purposes of selling goods, for their payment, as well as in order to comply with our regulatory requirements, this processing is mandatory for these purposes.

III. How we protect your personal data

To ensure adequate protection of your personal data, we apply all necessary organizational and technical measures provided in the GDPR.

To ensure maximum security in the processing, transmission and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.

IV. When we delete your personal data

As a rule, we terminate the use of your personal data for the purposes of the order after the execution of the order, but we do not delete them before the expiration of one year from their execution or until the final settlement of all financial obligations and expiration of statutory data storage obligations, such as obligations under the Accounting Act, storage and processing of accounting data (11 years), expiration of the statute of limitations for filing claims (5 years) specified in the Obligations and Contracts Act, obligations to provide information to the court, competent state authorities and other grounds provided for in the current legislation (5 years). Please note that we will not delete or anonymize your personal data if it is necessary for pending court and administrative proceedings.

V. When and why we share your personal data with third parties

Your data can also be anonymized. Anonymization is an alternative to deleting data. Upon anonymization, all personal data that allow you to be identified are permanently deleted. There is no legal obligation to delete anonymized data, as it does not constitute personal data.
We provide your personal data to third parties, and our main goal to do so is to offer you quality, fast and comprehensive service, taking care of the products and services we offer to meet your expectations. We do not provide your personal data to third parties until we are sure that all technical and organizational measures have been taken to protect this data, and we strive to exercise strict control to achieve this goal. In this case, we remain responsible for the confidentiality and security of your data.

Data processors on behalf of BALKAN HERBS OOD:

– banks or other payment services for the payments made by you;
– postal operators to send parcels containing invoices and other documents, and the need to verify the identity of a person on delivery;
– persons who, on assignment, maintain equipment, software and hardware used for the processing of personal data and is necessary for the construction of the company’s network and for the performance of various reporting services, payment for services and products, technical sending of e-mails, or mobile phone, technical support and others;
– bodies and institutions to which we are obliged to provide personal data under current legislation.

VI. Your rights in connection with the processing of your personal data

A) Right of information

You have the right to request:

– information on whether data relating to you are processed, information on the purposes of such processing, on the categories of data and on the recipients or categories of recipients to whom the data are disclosed;
– a message in an understandable form containing your personal data being processed, as well as any available information about their source;
– information on the logic of any automated processing of personal data concerning you, in case of automated solutions being used.

B) Right of correction
In the event that we process incomplete or erroneous data, you have the right at any time to request:
– to delete, correct or block your personal data, the processing of which does not meet the requirements of the law;
– to notify third parties to whom your personal data has been disclosed of any deletion, correction or blocking, except where this is not possible or involves excessive effort.

C) Right to object

At any time you have the right to:
– object to the processing of your personal data if there is a legal basis for it;
– where the objection is justified, the personal data of the person concerned may no longer be processed;
– object to the processing of your personal data for the purposes of direct marketing.

D) Right to limit processing

You can request a restriction on the personal data being processed if: you dispute the accuracy of the data for the period in which we have to verify its accuracy; or the processing of the data is without legal basis, but instead of deleting it, you want its limited processing; or we no longer need this data (for the specified purpose), but you need it to establish, exercise or defend legal claims; or you have objected to the processing of data pending verification that the data processor’s grounds are lawful.

E) Right of data portability

You can ask us to provide you with the personal data that you have entrusted to us in an organized, well structured, generally accepted electronic format if:

– we process the data according to an order and based on a declaration of consent, which can be withdrawn.

F) Right of appeal

In case you believe that we are violating the applicable regulations, please contact us to clarify the issue. Of course, you have the right to file a complaint to the Data Protection Commission. After May 25, 2018, you will also be able to file a complaint to an EU regulatory body.

Applications for access to information or for corrections are submitted personally or by a person authorized by you through a notarized power of attorney.

We will rule on your request within 14 days of its submission. If a longer period is objectively necessary – to collect all the data and if this seriously hinders our activities – this period can be extended to 30 days. By our decision, we grant or deny access to the information requested by the applicant, but we will always motivate our response.

VII. Relevance and changes

To apply the latest protection measures and to comply with current legislation, we will regularly update the personal data protection policy. We encourage you to regularly review the latest version of the information in order to be timely informed about how we take care of the protection of the personal data we collect.