Privacy Policy

Information about the Personal Data Controller

BULEKO-2000 Ltd. is a company registered in the Commercial Register of the Registry Agency with UIC: 130174132, e-mail: office@buleko2000.com, tel.: +359 884 88 55 39.

Grounds and purposes for which we use your personal data

We process your personal data on the following grounds:

  • The General Terms and Conditions for the use of the Website;
  • Your explicit consent – the purpose is specified for each particular case;
  • A legal obligation provided for by law;

In the following paragraphs you will find detailed information regarding the processing of your personal data depending on the ground on which we process them.

For the performance of a contract

We process your personal data for the purposes of using the Website in accordance with the rules of the General Terms and Conditions.

Purposes of processing (where applicable):

  • establishing your identity;
  • providing the functionalities of our website.

On this basis we process only personal data related to the user profile created by you.

The data collected on this basis are deleted 2 years after the termination of the contractual relationship, regardless of whether this is due to expiration of the contract term, termination, or any other reason.

After your consent

We process your personal data on this basis only after your explicit, unambiguous, and voluntary consent. We will not impose any adverse consequences for you if you refuse the processing of your personal data.

Consent is a separate legal ground for the processing of your personal data and the purpose of the processing is specified in it, and it does not overlap with the purposes listed in this policy. If you give the relevant consent and until its withdrawal or the termination of any contractual relations with you, we may prepare product/service offers suitable for you by performing detailed analyses of your basic personal data.

Data we process on this basis:

On this basis we may process personal data for the purposes of direct marketing, including data regarding website usage and data from social media profiles.

Provision of data to third parties

On this basis we may provide your data to marketing agencies, Facebook, Google, or other similar parties.

Withdrawal of consent

The consents provided may be withdrawn at any time. The withdrawal of consent does not affect the performance of contractual obligations. If you withdraw your consent for the processing of personal data for one or all of the methods described above, we will no longer use your personal data and information for the purposes specified above. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To withdraw your consent, you only need to use our website or simply contact us through our contact details.

When we delete data collected on this basis

The data collected on this basis are deleted upon your request or 12 months after their initial collection.

How we protect your personal data

To ensure adequate protection of the company’s and its clients’ data, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.

The company has established rules to prevent abuse and security breaches, which support the processes of protecting and ensuring the security of your data.

For the purpose of maximum security when processing, transferring, and storing your data, we may use additional protection mechanisms such as encryption, pseudonymization, and others.

Users’ Rights

Every User of the website enjoys all rights for the protection of personal data according to Bulgarian legislation and the law of the European Union.

The User may exercise their rights by sending a message to our email address.

Every User has the right to:

  • Be informed (regarding the processing of their personal data by the controller);
  • Access their own personal data;
  • Rectification (if the data are inaccurate);
  • Erasure of personal data (the “right to be forgotten”);
  • Restriction of processing by the controller or processor of personal data;
  • Portability of personal data between different controllers;
  • Object to the processing of their personal data;
  • The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects them;
  • Protection through judicial or administrative procedures if the rights of the data subject have been violated.

The User may request erasure if one of the following conditions applies:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • The User withdraws their consent on which the processing is based and there is no other legal ground for the processing;
  • The User objects to the processing and there are no overriding legitimate grounds for the processing;
  • The personal data have been processed unlawfully;
  • The personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller;
  • The personal data were collected in relation to the offer of information society services to children and consent was given by the holder of parental responsibility for the child.

The User has the right to restrict the processing of their personal data by the controller when:

  • They contest the accuracy of the personal data. In this case the restriction of processing is for a period allowing the controller to verify the accuracy of the personal data;
  • The processing is unlawful, but the User does not wish the personal data to be erased and instead requests the restriction of their use;
  • The controller no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise, or defense of legal claims;
  • The User objects to the processing pending verification of whether the legitimate grounds of the controller override those of the User.

Right to data portability

The data subject has the right to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent or on a contractual obligation and the processing is carried out by automated means. When exercising the right to data portability, the data subject also has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right to object

Users have the right to object to the processing of their personal data before the controller. The personal data controller must cease the processing unless they demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims. When an objection is made to the processing of personal data for the purposes of direct marketing, the processing must be terminated immediately.

Complaint to the supervisory authority

Every User has the right to lodge a complaint regarding unlawful processing of their personal data with the Commission for Personal Data Protection or with the competent court.