PRIVACY NOTICE TO OUR CUSTOMERS
Dear Sirs and Madams,
This notice contains information about:
who is responsible to process your personal data
what kind of personal information do we collect
how do we collect your personal data
how do we process your personal data
who do we share your personal data with
how long do we keep your personal data
how can you access, amend or take back the personal data that you have given to us
how do we store and transfer your data internationally
the legal bases on which we process your data
Do not hesitate to contact us at firstname.lastname@example.org should you have any queries related the protection of your personal data. We take privacy seriously and will get back to you as soon as possible.
1. WHAT KIND OF PERSONAL INFORMATION DO WE COLLECT?
A number of the personal data we collect from you are required to enable us to fulfil our contractual duties to you or to others. If you are a customer of Bulgaars Wijncenter, we need to collect and use information about you or individuals at your organization in the course of providing you with our products. We may collect some or all of the information listed below to help us with this: Name; Age; Contact details; Business activities, Extra information that you choose to tell us.
Please note that the above list of the ways in which we collect your personal details is not exhaustive.
Should you decline to provide us with such data, we may not be able to fulfil our contractual duties or may even not be able to continue with our relationship. This will depend on the type of personal data in question and the grounds on which we may be processing it.
2. HOW DO WE COLLECT YOUR PERSONAL DATA?
Bulgaars Wijncenter may collect your personal data in one of the following ways:
a) Personal data you give to us
You can share your information with us in numerous ways including by phone, e-mail or during our personal meetings. You may also be sharing personal information on our website.
b) Personal data we collect automatically
When you visit our website or our applications, we may collect technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform.
3. HOW DO WE PROCESS YOUR PERSONAL DATA?
We may use your personal data for storing your details and updating them when necessary on our database, so that we can:
contact you in relation to the marketing of our products and
facilitate the sales and delivery of our products
We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests.
4. WHO DO WE SHARE YOUR PERSONAL DATA WITH?
We may share your information with any of the following groups:
Tax, audit, or other authorities, when we believe that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation)
Third party service providers who perform functions on our behalf (including external consultants and professional advisers such as lawyers, auditors and accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems
5. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We will not keep your personal data for longer than is necessary for the purposes for which we collect it unless we believe that the law or other regulation requires us to preserve it (for example, because of a request by a tax authority or in connection with any anticipated litigation). When it is no longer necessary to retain your data, we will delete the personal data that we hold about you from our systems.
6. HOW CAN YOU ACCESS, AMEND OR TAKE BACK THE PERSONAL DATA THAT YOU HAVE GIVEN TO US?
As long as we hold your personal data, the EU Data Protection law gives you the following rights in relation to your personal data:
a) Right to object: this right enables you to object to us processing your personal data where we do so for one of the following reasons:
because it is in our legitimate interests to do so
to enable us to perform a task in the public interest or exercise official authority
to send you direct marketing materials, or
for scientific, historical, research, or statistical purposes
The “legitimate interests” category above is the one most likely to apply, and if your objection relates to us processing your personal data because we deem it necessary for our legitimate interests, we must act on your objection by ceasing the activity in question unless:
We can show that we have compelling legitimate grounds for processing which overrides your interests, or
we are processing your data for the establishment, exercise or defense of a legal claim
b) Right to withdraw consent: Where we have obtained your consent to process your personal data for certain activities, for example, for automatic profiling, you may withdraw this consent at any time and we will cease to carry out that particular activity that you previously consented to unless we consider that there is an alternative legal basis to justify our continued processing of your data for this purpose, in which case we will inform you of this condition;
c) Data Subject Access Requests (DSAR): You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. We may ask you for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so
d) Right to erasure: You have the right to request that we “erase” your personal data in certain circumstances. Normally, the information must meet one of the following criteria:
The data are no longer necessary for the purpose for which we originally collected and/or processed them
Where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing
e) The data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR).
It is necessary for the data to be erased in order for us to comply with our obligations as a data controller.
7. HOW DO WE STORE AND TRANSFER YOUR DATA?
In order for us to carry out the purposes described in this policy, your personal data may be transferred:
To third parties
To a cloud-based storage provider
We want to make sure that your personal data is stored and transferred in a way, which is secure. We will therefore only transfer data outside of the European Economic Area or EEA (i.e. the Member States of the European Union, together with Norway, Iceland and Liechtenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data. For this purpose, Bulgaars Wijncenter has implemented the following safeguards to ensure the security of your personal data:
By way of a data transfer agreement with a third party, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws, or
By transferring your data to an entity which has signed up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions, or
By transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation, or
Where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside the EEA), or
Where you have consented to the data transfer.
8. LEGAL BASES FOR US PROCESSING YOUR DATA
There are a number of different grounds that we are lawfully able to process your personal data under the requirements of the EU Data Protection law, as follows:
Bulgaars Wijncenter may process your data where it is necessary for the purposes of the legitimate interests pursued by Bulgaars Wijncenter or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms, which require protection of personal data.
In certain circumstances, we will seek to obtain your explicit consent before we undertake certain processing activities with your personal data. This means that:
you have to give us your consent freely, without us putting you under any type of pressure
you have to know what you are consenting to – so we’ll make sure we give you enough information
you should only be asked to consent to one processing activity at a time – we therefore avoid “bundling” consents together so that you don’t know exactly what you’re agreeing to, and
you need to take positive and affirmative action in giving us your consent – we’re likely to provide a tick box for you to check so that this requirement is met in a clear and unambiguous fashion.
Performance of our contract
In some case, we will need to process your personal data in order to execute the obligations under our contract or in order to undertake the necessary steps to enter into a contract.
Compliance with legal obligation
Processing of your personal date may also be needed for compliance with a legal obligation to which Bulgaars Wijncenter is subject, for example, because of a request by a tax authority or in connection with any anticipated litigation.
We do not think that any of the above activities prejudice you in any way. However, you do have the right to object to us processing your personal data in certain circumstances.