Purposes of data collection via the site https://sleepme.eu, user rights and method of storage.
Sleepme.eu collects and uses the information for the purposes of:
1. direct marketing
2. fulfillment of contractual obligations to Users
Sleepme.eu processes users’ personal data on the basis of a contract concluded between the User and Sleepme.eu. The user agrees to the processing of his personal data for the purposes of direct marketing by marking a check box. The user can withdraw the given consent at any time by checking the checkbox located ______.
Users’ personal data are stored for a period of 5 years.
2. USER RIGHTS
Each User of the site enjoys all the rights to protect personal data according to Bulgarian legislation and the law of the European Union. Each User has the right to:
1. Information (in connection with the processing of his personal data by the administrator)
2. Access to your own personal data
3. Correction (if data is inaccurate)
4. Deletion of personal data (right to be forgotten)
5. Restriction of processing by the administrator or processor of personal data
6. Portability of personal data between individual administrators
7. Objection to the processing of his personal data
8. The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for the data subject or similarly significantly affects him
9. Right to judicial or administrative remedy in the event that the data subject’s rights have been violated
The user can request deletion if one of the following conditions is present:
1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed
2. The user withdraws his consent on which the data processing is based and there is no other legal basis for the processing
3. The data user objects to the processing and there are no overriding legal grounds for the processing
4. The personal data were processed unlawfully
5. Personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State that applies to the controller
6. The personal data were collected in connection with the provision of information society services to children and the consent was given by the holder of parental responsibility for the child.
The user has the right to limit the processing of his personal data by the administrator when:
1. Dispute the accuracy of the personal data.. In this case, the restriction of processing is for a period that allows the administrator to verify the accuracy of the personal data
2. The processing is unlawful, but the User does not want the personal data to be deleted, but instead requests the limitation of its use
3. The Administrator no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise or defense of legal claims
4. Object to the processing pending verification of whether the legal grounds of the administrator take precedence over the interests of the User
5. Right of Portability
The data subject has the right to receive the personal data concerning him and which he has provided to an administrator in a structured, widely used and machine-readable format and has the right to transfer such data to another administrator without hindrance from the administrator to whom the personal data data is provided when the processing is based on consent or a contractual obligation and the processing is carried out in an automated manner. When exercising the right to data portability, the data subject has the right to obtain a direct transfer of the personal data from one administrator to another, when this is technically feasible.
Right to object.
Users have the right to object to the administrator against the processing of their personal data. The administrator of personal data is obliged to terminate the processing, unless it proves that there are compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims. In case of objection to the processing of personal data for the purposes of direct marketing, the processing should be stopped immediately.
Complaint to the supervisory authority
Every User has the right to file a complaint against illegal processing of his personal data to the Commission for the Protection of Personal Data or to the competent court.
3. OBLIGATIONS OF THE PERSONAL DATA ADMINISTRATOR:
The personal data administrator has the following obligations:
1. Processes data in accordance with the principles of personal data protection laid down in the regulation, being able to prove this (accountability)
2. Ensures data protection by design and by default
3. Notifies the supervisory authority and the data subject in case of breach of personal data security, as well as documentation of any breach of personal data security, including the facts related to the violation, its consequences, the actions taken to deal with the violation
4. Carry out a data protection impact assessment
5. Implements appropriate technical and organizational measures to ensure data security, such as:
– Ensuring ongoing confidentiality, integrity, availability and resilience of processing systems and services;
– Timely restoration of availability and access to personal data in the event of a physical or technical incident;
– Regular testing, assessment and evaluation of the effectiveness of technical and organizational measures;
– Cooperation with the supervisory authority for the protection of personal data in fulfilling the obligations arising from the regulation.
6. Prepares and implements internal procedures regarding acceptance, examination and response within one month to requests from Users to exercise their rights as subjects of personal data
4. REGISTER MAINTENANCE
Sleepme.eu maintains a register of processing activities for which I am responsible. This register contains all the information below:
1. the name and contact details of the administrator
2. the purposes of processing;
3. description of the categories of data subjects and the categories of personal data;
4. the categories of recipients to whom the personal data are or will be disclosed, including recipients in third countries or international organizations;
5. the different categories of data;
6. where possible, a general description of the technical and organizational security measures,
Contact details If you wish to contact us regarding matters relating to the protection of personal data, you may do so in the following ways:
To the email address: email@example.com, Plovdiv 4027, Golyamo Konarsko shose, TED mattress factory or contact our Data Protection Officer – Brand Building Company EOOD by e-mail: firstname.lastname@example.org or at: Plovdiv, 1 Mara Gidik St., 2nd floor, office 5
5. BODIES REGULATING THE ACTIVITY
The authorities regulating the activity of Sleepme.eu are the Commission for the Protection of the User /CCP/ and the Commission for the Protection of Personal Data (PCPD), with the following coordinates:
phone: 0700 111 22
address: city of Sofia, Slaveykov Square, No. 4A, floors 3, 4 and 6
address: Sofia 1592, Prof. Blvd. Tsvetan Lazarov” No. 2
Users can use the European Online Dispute Resolution (ODR) platform available at https://ec.europa.eu/odr/</ a> – a single access portal that allows consumers and traders in the EU to settle disputes between themselves.
Alternative dispute resolution (ADR) between consumers and merchants is an out-of-court conciliation proceeding on a voluntary basis.
General conciliation commissions assist in reaching an agreement between consumers and traders in disputes over contracts for the sale of goods and the provision of services.
The general conciliation commissions are determined on a regional basis, and the General Conciliation Commission with its headquarters in Plovdiv and the territory of Plovdiv region, Smolyan region, Pazardzhik region and Stara Zagora region is competent to resolve disputes between “Sleepme.eu” and the User;
The consolidated list of recognized ADR authorities of the Member States of the European Union can be found at https://webgate.ec.europa.eu/odr/main/index.cfm?event=main.adr.show