Privacy policy

 

DATA PROCESSING AND SECURITY POLICY ACCORDING TO REGULATION

2016/679

  1. GENERAL PROVISIONS

1.1. On 28 May 2018 Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 about the protection of individuals regarding to the processing of personal data and the free movement of such data came into force on 28 May 2018 and repealed Directive 95/46 / EC ("GDPR").

1.2. The present Data Processing And Security Policy (hereinafter referred to as the "Policy") aims to inform our customers how their personal data will be processed by Dinomika Ltd, a company established in the Republic of Bulgaria, registered in the Bulgarian Trade Register under UIC 175213159, with headquarters and address of management: Sofia , Bulgariq, 26 Golo Bardo Str., ent. 3, ap.60 ("Administrator") in connection with visiting and using the www.roombre.com website.

1.3. This website www.roombre.com is managed by Dinomika Ltd. in accordance with the Personal Data Protection Act and Regulation 2016/679 (EC).

1.4. In this Policy, you may become familiar with your rights as a subject of the personal data that has been collected, processed and stored by Dinomika Ltd as an Administrator of Personal Data in the sense of Art. 4, item 7 of the GDPR. As a Personal Data Administrator, we process your personal data for the purposes, terms and manner described below, following the principles and rules of the GDPR and the Bulgarian legislation the Personal Data Protection Act.

1.5. Personal data protection is of great importance. The Administrator does not sell your personal data to third parties.If we grant some kind of your data to third parties, these should be considered our contractors, who process information on our behalf and follow our instructions for higher standart of protection of your personal data.  

2. WHAT IS PERSONAL DATA

2.1. „Personal data is any information that relates to an identified or identifiable living individual (such as name, age, date of birth, phone number, email adress, etc.

2.2. Personal data about race or ethnic origin, political views, religious or philosophical believes, labour union memberships and processing of genetic and biometrical data for the exact identifying of a natural person, health or data about the sexual life or sexual orientation of a natural person are specific category of personal data. The Administrator does not process such information.

2.3. For the purposes of this Policy, the term "processing" of personal data should be understood in the sense set out in Art. 4, item 2 of the GDPR, namely: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

3. COLLECTION AND USE OF PERSONAL DATA

3.1. The Administrator collects, uses, stores and processes your personal data that is required to perform the Services by the Administrator through the Website. Your data is used to compile and send personalized information about the services we provide. They can also be used for statistical purposes, which are related to improving the quality of our services as well as marketing activities.

3.2. You could create an account in the website by entering specified data. Entnering this personal data is part of the process of registration to the website. This will create a profile to store your personal information or to identify you later.

4. WHAT PERSONAL DATA WE COLLECT

When creating an account, the Administrator will process the data you provide on your account when you open the website, perform platform transactions, or use other services. This information may include:

  • Contacts information such as name, address, date and place of birth, phone number.
  • Profile information such as username and password
  • Financial information such as bank accounts, bank transfers and trading information
  • Information for identity confirmation such as ID, passport, national ID card or driving license and in special circumstances social security number.

In addition to the data we collect in the process of creating an account, we collect and store all correspondence between Dinomika OOD and the customers, as well as records with the behavior of the websites operated by Dinomika OOD.

5. FOR WHAT PURPOSES AND ON WHAT BASIS WE USE YOUR PERSONAL DATA

5.1. The Administrator collects your personal data for the following purposes:

  • Using the services of the website
  • For processing of services on a legal basis - execution of a contract concluded between a client and Dinomika OOD. Data may also be used to fulfill legal obligations, such as accounting documents, payment of amounts, etc.
  • Customer service and removal /correction of possible mistakes when executing a contract. Personal data is processed on the basis of performance of the contract.
  • For communication with customers, we can contact them by phone or email to help with completing an order; for information about current status of services; about the current status of your website profile.
  • Send and deliver a custom message to your preferred channel of communication;
  • Marketing activities of the Administrator on the grounds of given consent;
  • Administration, processing and reply to a message / inquiry;
  • Receive news / newsletters from the Administrator.

5.2. Periodically, your personal information may be used to send important messages and policy changes.

5.3. Your personal information may be used for internal purposes such as checks, data analysis, and surveys to improve the services of the Administrator.

5.4. The legal basis on which we process your personal data is your consent under Art. 6, par. 1, letter "a" of the GDPR; a contractual obligation in connection with the provision of services, if such are agreed - according to Art. 6, par. 1, letter "b" of the GDPR; processing is necessary to comply with a legal obligation to us as an Administrator - Art. 6, par. 1, letter "c" of the GDPR as well as on the basis of the legitimate interest of the Administrator - Art. 6, par. 1, letter "e" of GDPR.

6. COOKIES POLICY

6.1. Cookies are technology that can be used to provide personalized information from a website. An HTTP cookie, commonly referred to simply as a “cookie”, is a packet of information sent from a web server to an Internet browser, and then returned by the browser every time it gets accessed to that server.

6.2. Keep in mind that the www.roombre.com site can use the so-called Cookies in order to offer you better, optimized and up-to-date services, product and service information, and provide personalized content to its website users. By using cookies, including other similar technologies, the Administrator can obtain specific user information such as: the pages you are viewing; the things you download; the links you follow; the duration of the site visit; Your IP address; the domain from which you enter our site, etc. This information helps us learn more about how you use our related technologies and provide you the right services and information.

7. DISCLOSURE OF YOUR PERSONAL DATA

7.1. In some cases, the Administrator may disclose certain personal information to strategic subcontractors who work with him to provide services related to the Administrator's activities or to help him with clients’ marketing. Personal information may be shared by us for the purpose of performing the services and the contracts concluded with the clients, to post-office and courier services companies, to banking institutions in order to process payments related to the services rendered to clients, to legal representers, court authorities, for concluding contracts or debt collections, to state authorities when needed and after following the legal order.

7.2. For cases where the Administrator shares information about you with third-party Providers of the Administrator, the Administrator has mechanisms to ensure that they provide a data protection level according to the agreed standard. Your data is also considered confidential to our partners.

7.3. It may be necessary, by law and / or at the request of public authorities or officials who, under applicable law, are authorized to request and collect such information in accordance with the legal procedures, the Administrator to disclose your personal information.

8. TRANSFER IN THIRD COUNTRIES

8.1. The administrator does not transfer your data to third countries outside the EU. In individual cases, your data may be transferred to third countries by the power of a contract between the Administrator and a contractor of certain non-EU services. In such cases, the Administrator shall ensure that this transfer is made in full accordance with the legal provisions, thereby ensuring the level of protection of your data.

9. PROTECTION OF PERSONAL INFORMATION

9.1. The Administrator takes precautions, including administrative, technical and physical measures, to protect your personal information from loss, theft and misuse, as well as unauthorized access, disclosure, alteration or destruction

9.2. The administrator takes and follows organizational and technical measures for the protection of your personal information. Access to your data is limited to the necessity of performing the duties of the Administrator.

10. DATA STORAGE PERIOD

10.1. The period for which we process and store your personal information is determined by the content of your message. The minimum period is the one needed for administrating and answering your message.

If your message entails obligations to perform certain actions or activities (for example, to check something, etc.), the period for processing your personal data will be extended until the relevant activities / actions have been completed or until another legally prescribed period in connection with our legitimate duties, rights and interests.

10.2. The administrator keeps your personal data for no longer than the duration of your account. Upon deletion of your account, the Administrator takes the necessary care to erase and destroy all your data without undue delay or to anonymize (to bring them in a form that does not disclose your person) unless another term according to a signed contract between the client and the administrator.

11. YOUR RIGHTS IN RELATION TO YOUR DATA

11.1. If you have provided your personal data to the Administrator, you have the following options at any time:

         11.1.1.Right of consent.

The data subject (visitor or user of the site) should consent to processing his or her data.

Consent must be given freely, explicitly, in an informed and unambiguous manner.

Agreements of this kind will be stored by us in files protected and archived in a safe and appropriate manner.

         11.1.2. Right of access to data.

You have the right to ask for access to the personal data that is collected and processed for you.

You may request copies of your personal data collected for you multiple times.

We will give access to the personal data of the person whose personal data is being processed. If you want your personal data to be provided to another person, we should be given an explicit power of attorney.

        11.1.3. Right of rectification.

You have the right to ask us to update or correct your personal information.

When we receive such a request, it will be accepted and the corresponding updating or corrective action will be taken within a reasonable time.

         11.1.4. Right of objection.

You have the right to object to the processing of your personal data by submitting an objection to us.

You can always object to the processing of personal data in connection with direct marketing.

We have the right to either accept or reject the objection by always motivating our response to you in case of rejection to know why we have not met your request.

If your objection is against the processing of your personal data in relation to direct marketing, we will always accept your objection.

         11.1.5. Right to delete or "the right to be forgotten".

You may require us to delete the personal data processed for you. Please note that this right is not absolute but must be considered in relation to its function in equilibrium with the other fundamental rights and obligations of the Administrator and the data subject, in accordance with the principle of proportionality.

Please note that there are separate hypotheses in the GDPR, where there is an obligation for us to delete your personal data. In other cases, we do not have such an obligation.

If the consent to the processing of personal data has expired or been withdrawn, the Administrator may have an obligation to delete the personal data.

Outside of these cases, we may either accept or reject the request for data deletion, and in case of a refusal, we will provide reasons for it.

         11.1.6. Right to restrict the processing.

You may request that we limit the processing of your personal data in certain hypotheses specified in the GDPR.

We have the right to accept or reject your request, and in the case of a refusal, we will provide reasons for it.

          11.1.7. Right of personal data portability.

If your personal data is processed on your explicit consent or on the basis of a contractual obligation to process it and if the processing is done in an automated manner, you have the right of portability of your personal data.

This is your right to require the administrator to transfer some or all personal data that he processes to another administrator, or to get the personal data that concerns you and which you have provided to the administrator in a structured, widely used and machine readable format.

When circumstances foreseen in the GDPR are applicable, we are obliged to perform the requested action.

         11.1.8. Right to appeal.

If you believe that the legal relationship between you and the Community is violated, you must file a complaint to the competent authority for personal data protection in the Republic of Bulgaria, namely: Commission for personal data protection (CPDP)


You may contact CPDP in the following ways:

address for correspondence: Sofia, Bulgaria, 2 Prof. Tsvetan Lazarov str.

phone number: 02/915 35 18;

e-mail: kzld@cpdp.bg;

website: www.cpdp.bg.

Beyond this, if you believe that your rights or legitimate interests are violated, you also have the right of legal protection in court.

        11.1.9. Right of withdrawal of consent to the processing of personal data.

You have the right to withdraw your consent to the processing of your personal data at any time, but only when the processing of personal data is based on your explicit consent under Art. 6, par. 1, b. A "by GDPR.

Subsequent withdrawal will not affect the legitimacy of the processing that has been done until that moment, and which has been based on a given consent.

Such requests should be considered and respected by us within a reasonable time without undue delay.

Keep in mind that the withdrawal will take effect in future. It will not affect the legality of the data processing so far. Therefore, if there is a request from a state or court authority to access these data, we should provide them.

11.2. The deletion of personal data will also occur if they are not necessary for the intended purpose or the storage of your data is inadmissible on other grounds provided by law.

12. CHANGES OF THE POLICY

If there are any subsequent updates to the Policy, we will post the changes to this page and change the update date of the same, so that you can always know what information is collected from us online, how we use it, and what options and opportunities are provided to you .

13. Contact us

"Dinomika" Ltd:

address: Bulgaria, Sofia, Ivaylo str. 13;

e-mail: info@roombre.com;

phone number: +359 887 904 444.

Publishing changes and updates will be made public to get to know them.

 

Last Updated: 17.06.2019