Privacy policy

Mandatory information on the rights of personal data protection persons


Information about the company that processes Your data:


Name: Square Design Ltd.
UIC / BULSTAT: 204036764
Headquarters and address of management: 9200 Provadia, 15 Shipka Str
Correspondence address: town of Provadia 9200, SPZ 1
Phone: 0896656649
Email: hi@kaid.bg
Website: kaid.bg

Information on the competent data protection supervisory authority

Title: Commission for Personal Data Protection
Headquarters and address of management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Address for correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Telephone: 02 915 3 518
Website: www.cpdp.bg


Square Design Ltd. (hereinafter referred to as “Administrator” or “the Company”) operates in
accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European
Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the
processing of personal data and on the free movement of such data. This information is intended to
inform you about all aspects of the processing of your personal data by the Company and the rights you
have in connection with this processing.
Grounds for collecting, processing and storing your personal data
Art. 1. The administrator collects and processes your personal data in connection with the use of the eshop kaid.bg and concluding contracts with the company on the grounds of art. 6, para. 1, Regulation
(EU) 2016/679 (GDPR), and in particular on the following grounds:
Explicit consent received from you as a customer;
Fulfillment of the obligations of the Administrator under a contract with you;
Compliance with a legal obligation that applies to the Administrator;
For the purposes of the legitimate interests of the Administrator or a third party;
Goals and principles in the collection, processing and storage of your personal data
Art. 2.
(1) We collect and process the personal data that you provide to us in connection with the use of the eshop and concluding a contract with the company, including for the following purposes:
creating a profile and providing full functionality when using the online store;
concluding and executing a distance contract;
individualization of a party to the contract;
accounting purposes;
statistical purposes;
information security protection;
ensuring the implementation of the contract for the provision of the respective service.
sending an information bulletin if you wish;
(2) We keep the following principles in the processing of Your personal data:
legality, good faith and transparency;
restriction of processing purposes;
relevance to the purposes of processing and minimizing the data collected;
accuracy and timeliness of data;
limitation of storage in order to achieve the objectives;
integrity and confidentiality of the processing and ensuring an appropriate level of security of personal
data.
(3) During the processing and storage of personal data, the Administrator may process and store
personal data in order to protect the following legitimate interests:
fulfillment of its obligations to the National Revenue Agency, the Ministry of Interior and other state and
municipal bodies.
What types of personal data our company collects, processes and stores
Art. 3.
(1) The company performs the following operations with the personal data provided by you for the
following purposes:
Registration of a user in the e-shop and execution of a contract for distance purchase - the purpose of
this operation is to create a profile for using the e-shop to purchase goods and provide contact
information for the delivery of purchased goods. Registering and creating an account to use the online
store is not a mandatory step in providing the service and it is available to a large extent without
creating an account.
Conclusion from the impact assessment: Based on the impact assessment, the operation "User
registration in the e-shop and execution of a distance sales contract" is admissible and provides
sufficient guarantees to protect the rights and legitimate interests of the subjects of data in accordance
with the requirements of the GDPR.
Conclusion and execution of a commercial transaction with a client or partner - the purpose of this
operation is the conclusion and execution of a contract with a commercial partner or client and its
administration. Given the limited scope of the personal data collected and the fact that some of them
are collected from publicly available sources, an impact assessment is not required to carry out an
impact assessment of the operation.
Sending a newsletter (newsletter) - the purpose of this operation is to administer the process of
sending newsletters to customers who have stated that they wish to receive. Given the limited scope of
the collected personal data, the conduct of impact assessment it is not necessary to carry out an impact
assessment of the operation.
Exercising the right to refuse or make a claim - the purpose of this operation is to administer the
process of exercising the right to refuse or claim by the client. Given the limited scope of the personal
data collected, an impact assessment is not required to carry out an impact assessment of the
operation.
(2) The administrator shall process the following categories of personal data and information for the
following purposes and on the following grounds:
Your personal data (e-mail, name, etc.)
Purpose for which the data is collected: 1) Making contact with the user and sending information to
him, 2) for the purposes of registering a user in the online store, and 3) sending a newsletter.
Grounds for processing Your personal data - By accepting the general conditions and registration in the
e-shop or placing an order without registration, or by concluding a written contract, a contractual
relationship is created between the Administrator and you, on which basis we process your personal
data - Art. . 6, para. 1, p. (b) GDPR. Your data for sending a newsletter are processed with your explicit
consent - Art. 6, para. 1, p. (a) GDPR.
Delivery details (names, phone, address, etc.)
Purpose for which the data is collected: Fulfillment of obligations of the administrator under a contract
of sale and delivery of purchased goods.
Grounds for processing your personal data - By accepting the general conditions and registration in the
e-shop or placing an order without registration, or by concluding a written contract, a contractual
relationship is created between the Administrator and you, on which basis we process your personal
data - Art. . 6, para. 1, p. (b) GDPR.
Additional data provided by You - If You want to complete Your profile, You can fill in data for name,
surname, phone number.
Purpose for which the data is collected: Supplementing information about the user in his user account.
Grounds for data processing: You have given your explicit consent for the processing of his personal
data for one or more specific purposes - 6, para. 1, p. (a) the GDPR at the time of registration in the
online store. Providing this information is not required for registration in the online store.
(3) The administrator shall not collect or process personal data, which refer to the following:
reveal racial or ethnic origin;
disclose political, religious or philosophical beliefs, or trade union membership;
genetic and biometric data, health data or data on sexual life or sexual orientation.
(4) The personal data are collected by the Administrator from the persons to whom they refer.
(5) The company shall not perform automated decision-making with data.
Art. 4.
(1) The company performs the following operations with the personal data provided by you, as legal
representatives or proxies of legal entities-trade partners, for the following purposes:
Concluding and executing a commercial transaction: For concluding and executing a commercial
transaction with a commercial company, we process only the three names of the legal representative or
the person authorized by the company. Conclusion of the impact assessment: Given the small volume of
individuals whose data are processed and given the limited amount of personal data that are collected,
an impact assessment is not necessary for this operation.
(2) The personal data have been collected by the Administrator from the persons to whom they also
refer from the Commercial Register to the Registry Agency.
(3) The company does not perform automated decision making with data.
Art. 5.
The administrator can use the so-called. Cookies for the purpose of providing full functionality of the
website, improving the user experience, statistical purposes, easy access, etc., with which you agree by
using our website. You can control and / or delete cookies at any time through the settings of the
browser you use. Cookies do not constitute personal data and are not used to identify visitors and users
of the e-shop.
Term of storage of your personal data
Art. 6.
(1) The administrator stores your personal data for a period not longer than the existence of your
account in an online store. After deleting your account, the Administrator takes the necessary care to
delete and destroy all your data without undue delay or to anonymize it (ie to make it in a form that
does not reveal your identity).
(2) The administrator processes your personal data, which you provided when placing an order without
registration in the e-shop, until the completion of the order, unless you have given your explicit consent
when processing your order to process your data for the purpose of improving the service, providing
recommended content for you, individual ideal conditions, promotions, and for statistical purposes.
(3) The Administrator stores your personal data provided in connection with online orders for a period
of 5 years for the purposes of protecting the legal interests of the Administrator in court or
administrative disputes with users of the online store.
(4) The Administrator shall notify you in case the term for data storage needs to be extended in view of
fulfillment of a normative obligation or in view of legitimate interests of the Administrator or otherwise.
(5) The administrator stores the personal data, which it is necessary to keep by virtue of the applicable
legislation for the respective envisaged term, which may exceed the term of existence of your account in
the e-shop or until the completion of the order.
Art. 7.
The Administrator keeps the personal data of the legal representatives of its business partners for the
term of the contract, for observance of the legitimate interests and legal obligations of the
Administrator, as this term may exceed the term of the concluded contract.
Transfer of your personal data for processing
Art. 8.
(1) The controller may, at its own discretion, transfer part or all of your personal data to personal data
processors for the fulfillment of the processing purposes with which you have agreed, in compliance
with the requirements of Regulation (EU) 2016/679 (GDPR) .
(2) The administrator notifies you in case of intention to transfer part or all of your personal data to
third countries or international organizations.
Your rights in the collection, processing and storage of your personal data
Withdrawal of consent for the processing of your personal data
Art. 9.
(1) If you do not wish the personal data provided by you to be processed for marketing purposes and to
receive a newsletter, you may at any time withdraw your consent for processing by filling in the
withdrawal form in Annex № 1 or by request in free text, and send it to us by email.
(2) After we receive your request, we will send you to the e-mail you specified for receiving newsletters
and advertising messages, a letter with detailed instructions for your verification as a recipient of
newsletters and a personal data subject for whom withdrawal of consent has been requested. .
(3) The withdrawal of the consent shall not affect the legality of the processing of personal data, which
the Administrator has performed so far.
Right of access
Art. 10.
(1) You have the right to request and receive from the Administrator confirmation whether personal
data related to you are processed by sending a request in free text by e-mail.
(2) You have the right to access the data related to you, as well as the information related to the
collection, processing and storage of your personal data
(3) After we receive your request, we will send you an email with the instructions you used to register or
place orders in the e-shop, with detailed instructions for your verification as a subject of personal data
to which access has been requested.
(4) After performing the verification, according to par. 3, The administrator provides you, upon request,
a copy of the processed personal data related to you, in electronic or other appropriate form.
(5) The provision of access to the data is free of charge, but the Administrator reserves the right to
impose an administrative fee in case of recurrence or excessiveness of the requests.
Right of correction or completion
Art. 11.
(1) You can at any time correct or fill in the inaccurate or incomplete personal data related to you
through the option "Edit account".
(2) You may correct or complete inaccurate or incomplete personal data relating to you directly through
your account on the Website or by making a request to the Administrator by email, using the form in
Appendix № 4 or by request in free text.
Right to delete ("to be forgotten")
Art. 12.
(1) You have the right to request from the Administrator deletion of part or all personal data related to
you, and the Administrator has the obligation to delete them without undue delay, when there is any of
the following reasons:
personal data are no longer needed for the purposes for which they were collected or otherwise
processed;
You withdraw your consent on which the data processing is based and there is no other legal basis for
the processing;
You object to the processing of personal data relating to you, including for the purposes of direct
marketing, and there are no legal grounds for processing to take precedence;
personal data have been processed illegally;
personal data must be deleted in order to comply with a legal obligation under EU law or the law of a
Member State that applies to the Controller;
personal data have been collected in connection with the provision of information society services.
(2) The administrator shall not be obliged to delete the personal data if he stores and processes them:
for exercise the right to freedom of expression and the right to information;
to comply with a legal obligation requiring processing provided for in EU law or the law of a Member
State applicable to the Administrator or for the performance of a task in the public interest or in the
exercise of official powers conferred on him;
for reasons of public interest in the field of public health;
for archiving purposes in the public interest, for scientific or historical research or for statistical
purposes;
for the establishment, exercise or defense of legal claims.
(3) In order to exercise your right to be forgotten, it is necessary to send by e-mail a request for deletion
of your personal data, which the Administrator processes, by filling in the form in Appendix № 2 or by
request in free text, after which the Administrator will send to the email you used to register or place
orders in the e-shop, a letter with detailed instructions for your verification as a user of the store and a
subject of personal data for which a request for deletion has been requested.
(4) After certifying the identity of the person who sent the request and the person to whom the data
relate in accordance with the instructions sent to you, we will delete all data that we process for you, in
accordance with para. 3.
(5) If there is an order made by you, which is in the process of processing, the earliest moment in which
you can request to be "forgotten" is when the order is successfully completed.
Right of restriction
Art. 13.
(1) You have the right to ask the Administrator to restrict the processing of data related to you by
sending us a request in free text by email when:
challenge the accuracy of personal data for a period that allows the Administrator to verify the accuracy
of personal data;
the processing is illegal, but you do not want the personal data to be deleted, only their use to be
restricted;
The controller no longer needs the personal data for the purposes of processing, but you require them
for the establishment, exercise or protection of your legal claims;
You have objected to the processing pending verification that the legal grounds of the Administrator
take precedence over your interests.
(2) After receiving your request, we will send you to the email you used to register or place orders in the
e-shop, a letter with detailed instructions for your verification as a user of the store and the subject of
personal data for which the request was made. to limit processing.
(3) After performing the verification according to par. 2, the Company will suspend the processing of
your data, but will not remove the publications you have made in the online store, if any.
Right of portability
Art. 14.
(1) If you have given consent for the processing of your personal data or the processing is necessary for
the performance of the contract with the Administrator, or if your data are processed in an automated
manner, you may:
to ask the Administrator to provide you with your personal data in a readable format and to transfer
them to another Administrator;
to ask the Administrator to directly transfer your personal data to an administrator specified by you,
when this is technically feasible.
(2) You can exercise the right of portability by sending us by e-mail a completed form according to
Annex № 3 or a request in free text, after which the Administrator will send to the e-mail you used to
register or place orders in the e-shop, a letter with detailed instructions for verifying you as a store user
and personal data subject for whom portability has been requested.
(3) After performing the verification according to par. 2, the Company sent to the e-mail specified by
you the data that it processes for you in XML format.
Right to receive information
Art. 15. You may request the Administrator to inform you of all recipients to whom the personal data for
which correction, deletion or restriction of processing has been requested have been disclosed. The
administrator may refuse to provide this information if this would be impossible or would require a
disproportionate effort.
Right to object
Art. 16. You may object at any time to the processing of personal data by the Administrator relating to
him, including if they are processed for the purposes of profiling or direct marketing.
Your rights In case of a breach of the security of your personal data
Art. 17.
(1) If the Administrator finds a violation of the security of your personal data, which may pose a high risk
to your rights and freedoms, he shall notify you without undue delay of the violation, as well as of the
measures that have been taken or are to be taken. .
(2) The administrator is not obliged to notify you if:
has taken appropriate technical and organizational protection measures with regard to the data affected
by the infringement security;
has subsequently taken steps to ensure that the breach does not pose a high risk to your rights;
notification would require a disproportionate effort.
Persons to whom your personal data is provided
Art. 18.
(1) For the purposes of processing your personal data and providing the service in its full functionality
and in view of your interests, the Administrator may provide the data to the following persons who are
data processors:
Processing personal data
financial institutions,
fraud detection and prevention companies,
partners and providers of logistics services, transport and delivery,
customer service providers,
partners and service providers related to marketing and advertising.
(2) The processors of personal data shall comply with all requirements for legality and security in the
processing and storage of your personal data.
Art. 19. The administrator does not transfer your data to third countries.
Art. 20. In case of violation of your rights under the above or applicable legislation on personal data
protection, you have the right to file a complaint to the Commission for Personal Data Protection as
follows:
Title: Commission for Personal Data Protection.
Headquarters and address of management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Address for correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Telephone: 02 915 3 518
Website: www.cpdp.bg.
Art. 21. You can exercise all your rights regarding the protection of your personal data through the
forms attached to this information. Of course, these forms are optional and you can submit your
requests in any form that contains a statement to that effect and identifies you as the data holder.
Art. 22. If the consent relates to a transfer, the controller shall describe the possible risks for the
transfer of the data to third countries in the absence of a decision on adequate protection and
appropriate means of protection.
Appendix № 1
Withdrawal form of consent for processing purposes
Your Name*: .........................
Your email that you used in the e-shop *: .........................
Feedback data (e-mail) *: .........................
To
Name: Square Design Ltd.
UIC / BULSTAT: 204036764
Headquarters and address of management: 9200 Provadia, 15 Shipka Str
Correspondence address: town of Provadia 9200, SPZ 1
Phone: 0896656649
Email: hi@kaid.bg
Website: kaid.bg
I hereby withdraw my consent to the processing of personal data provided by me for the purposes of
receiving a newsletter, advertising messages or other marketing materials, as I am aware of the
conditions for withdrawal of consent in accordance with the Mandatory Information on the Rights of
Persons of the personal data of the e-shop.
In the case of a breaching of your rights under the above or applicable data protection legislation, you
have the right to lodge a complaint with the Data Protection Commission as follows:
Title: Commission for Personal Data Protection.
Headquarters and address of management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Address for correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Telephone: 02 915 3 518
Website: www.cpdp.bg.
Appendix № 2
Request “to be forgotten" - to delete personal data related with me
Your Name*: .........................
Your e-mail with which you registered or used for orders in the e-shop *: .........................
Feedback data (e-mail) *: .........................
To
Name: Square Design Ltd.
UIC / BULSTAT: 204036764
Headquarters and address of management: 9200 Provadia, 15 Shipka Str
Correspondence address: town of Provadia 9200, SPZ 1
Phone: 0896656649
Email: hi@kaid.bg
Website: kaid.bg
Requesting that all personal data that you collect, process and store, provided by me or by third parties
who are associated with me, according to the specified identification, be deleted from your databases.
I declare that I am aware that some or all of my personal data may continue to be processed and stored
by the controller for the purpose of fulfilling his legal obligations.
In case of a breach of your rights under the above or applicable data protection legislation, you have the
right to lodge a complaint with the Data Protection Commission as follows:
Title: Commission for Personal Data Protection.
Headquarters and address of management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Address for correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Telephone: 02 915 3 518
Website: www.cpdp.bg.
Appendix № 3
Request for portability of personal data
Your Name*: .........................
Your e-mail with which you registered or used for orders in the e-shop *: ...... ...................
Feedback data (e-mail) *: .........................
To
Name: Square Design Ltd.
UIC / BULSTAT: 204036764
Headquarters and address of management: 9200 Provadia, 15 Shipka Str
Correspondence address: town of Provadia 9200, SPZ 1
Phone: 0896656649
Email: hi@kaid.bg
Website: kaid.bg
I ask that all personal data related to me that is collected, processed and stored in your databases be
sent in XML format to:
e-mail: .........................
Administrator - receiving the data: .........................
Name: .........................
Identification number (UIC, BULSTAT, registration number in the CPDP): .........................
Email: .........................
In case of a breach of your rights under the above or applicable data protection legislation, you have the
right to lodge a complaint with the Data Protection Commission as follows:
Title: Commission for Personal Data Protection.
Headquarters and address of management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Address for correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Telephone: 02 915 3 518
Website: www.cpdp.bg.
Appendix № 4
Request for data correction
Your Name*: .........................
Your e-mail with which you registered or used for orders in the e-shop *: .........................
Feedback data (e-mail) *: .........................
To
Name: Square Design Ltd.
UIC / BULSTAT: 204036764
Headquarters and address of management: 9200 Provadia, 15 Shipka Str
Correspondence address: town of Provadia 9200, SPZ 1
Phone: 0896656649
Email: hi@kaid.bg
Website: kaid.bg
Please correct the following personal data that you collect, process and store provided by me or by third
parties related to me as follows:
Data to be corrected:
..................................................
Please correct as follows:
..................................................
In case of a breach of your rights under the above or applicable data protection legislation, you have the
right to lodge a complaint with the Data Protection Commission as follows:
Title: Commission for Personal Data Protection.
Headquarters and address of management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Address for correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Telephone: 02 915 3 518
Website: www.cpdp.bg.