Privacy Policy
Last updated: 12.06.2023
The present Privacy Policy governs your use of the products, services, content, functions, technologies, etc., provided by BEE HONEY AND BEE PRODUCTS OOD, with UIN 201108109, with registered seat and address at Bulgaria,PLOVDIV 4000, UL. LEGIYA, NO. 2
When this policy mentions "we," "us," or "our," it refers to BEE HONEY AND BEE PRODUCTS OOD, the Data Controller of your personal data.
By clicking a button or checking a box, which are followed by the expression “I agree” or “Accept” and which you hereby adopt as your electronic signature under art. 3, paragraph 10 of Regulation (EU) № 910/2014, you consent to being bound by this Privacy Policy.
By accepting this Privacy Policy, you expressly agree to our use and disclosure of your personal information and instruct us to perform these actions in the manner described in this Privacy Policy.
1. General provisions
1.1. The present Privacy Policy constitutes an inseparable part of the General terms and Conditions of BEE HONEY AND BEE PRODUCTS OOD.
We, which refers BEE HONEY AND BEE PRODUCTS OOD, with UIN 201108109, with registered seat and address at Bulgaria,PLOVDIV 4000, UL. LEGIYA, NO. 2 attach great importance to the data protection of our customers. In this Privacy Policy we inform the Customers about the collection, use and processing of their personal data when they register or use our services and everything connected to them.
All personal data of customers is collected, processed and stored in accordance with the principles established in the applicable legislation and in the General Data Protection Regulation.
1.2. You must read the present Privacy Policy carefully in order to be informed about the policies and practices that will be applied to the Customer’s personal data, how the data will be used and how we will treat it. In the event that you do not agree with this Privacy Policy, you should cease to use our Services (as defined in the Agreement with you). By providing us with your personal data and maintaining a contractual relationship with us, once you have read this Privacy Policy, we will assume that you have agreed to the collection, use and disclosure of your personal data in accordance with the conditions established in this Privacy Policy, unless you notify us otherwise.
2. Personal information we collect.
We collect three general categories of personal data, depending on the legal basis of their processing
2.1. Information that we collect for the adequate execution of our contract with you.
We ask for and collect from you the following information when you wish to use our services. This information is necessary for the adequate and correct performance of our contractual obligations. Without the collection of such personal data, we will not be able to provide you with our services.
- Names of the person ordering the product/service
- Names of the person who will receive the products/service
- Telephone number
- Email address
- Delivery address
2.2. Information we collect with your consent or that of a third party.
You may choose to provide us with additional personal information about yourself or about third parties. In the event that you provide us with personal data of third parties, you declare that you have obtained their consent for the disclosure of such personal data. This personal data will be processed on the basis of your consent or the consent of the third party for whom you have provided us with data. Such information could be:
- Any other information disclosed by you in connection with the ongoing communication between us for the purpose of providing customer service;
- Any additional personal data, such as contact details or other delivery addresses, for the purpose of providing additional services you might ask of us to perform;
- Data related to your complaints - we are obliged to keep a register of complaints and collect data about such complaints
2.3. Information that we collect on the basis of our legal obligations and legitimate interests
In the event that you use our services and websites, you agree that we will collect, including automatically, information that can be considered personal data. This information is necessary for the fulfilment of our legal obligations, as well as for satisfying our legitimate interests to improve the functionalities of our services:
- Data from official documents for the purposes of issuing invoices, in accordance with the statutory procedure, as well as for the purposes of providing an opportunity to refund VAT, customs duties and other similar taxes and fees.
- Information about the use of our services - we store information about the use of our services, such as the orders you have placed
- Access information: we automatically collect data regarding the accesses to our web pages, such information includes non-exhaustively: IP addresses, date and exact time of access, information about the browser through which it is accessed, other unique identifiers.
- Cookies: we use cookies and other similar technologies that could be implemented in the future, which allow us to provide our services in a way convenient for you. For more information about the Cookies we use, please read the Cookies Policy.
- Payment card usage data (for the purpose of executing a payment transaction, if applicable). We cannot see the payment card data entered by you, but this data is processed automatically and securely by the Virtual POS placed on our sites, and the relevant information is used by the financial institution for the purposes of initiating and processing the card transaction.
3. How we use the personal information we collect
We use, store and process information, including personal data, for the purpose of providing our products to end clients. We do not use your personal information for profiling, marketing or any other similar purposes.
In the future we may implement systems, which process the information we receive, for the purpose of improving the functionality of our sites, our customer support, as well as introducing easier means for communication, and for the purpose of improving the security of our online services.
4. Sharing personal data
4.1. With your consent
In the event that you have instructed us explicitly, we may disclose personal information about you to any third party in accordance with your instructions, for example for the purpose of providing “after-sales (warranty service provided by third parties.
4.2. With other members of our corporate group.
We may share your Personal Data with members of our Corporate group of companies or within our corporate family of companies that are related by common ownership or control, so that we may adequately comply with our obligations to you or with the applicable law, or to manage the risk, or to help detect and prevent potentially illegal and fraudulent acts and other violations of our policies and agreements and to help us manage our legitimate needs.
4.3. With third-party service providers
We may share personal information with third-party service providers for the purposes of fulfilling our contractual obligations to provide you with products and services, as follows:
4.3.1. For the purpose of providing warranty services of subcontractors: We may share your names and contact details to our subcontractors, to whom we escalate certain service activities.
4.3.2. For the purposes of fulfilling our obligations under the applicable legislation, for accounting and tax purposes, for the purposes of issuing invoices: We may share data on your ID card to the accounting firms whose services we use.
4.3.3. For the purpose of delivering goods and services: We may share your names, contact details and addresses, including the delivery address you have provided, with the courier companies whose services we use for freight forwarding.
4.3.4. For the purpose of providing online content: Our hosting services providers and other online service providers automatically record information about you, such as IP addresses, access and other data about your behaviour on our sites.
4.3.5. For the purpose of accepting payments with cards on our websites: Our acquiring financial institution (acquirer) automatically processes your payment data, such as PAN, CVC, Emboss name, Expiration date and other similar information, in case you use the functionality to pay for goods or services by payment card.
5. Data retention period
We will store your personal data in accordance with the legal requirements for the storage of the respective category of personal data.
In the event that there is no applicable legal requirement for storage for the relevant categories of personal data, your personal data will be stored by us for a period not longer than that required for the expiration of the statute of limitations for any legal relationship that may occur between us.
6. Fulfilling our legal obligations
We may share your information, including personal information, with courts, investigating authorities, public authorities or other third parties authorized by law, to the extent permitted by law, for the purposes of: (i) fulfilling our legal obligations; (ii) compliance with procedural requirements and protecting against legal claims; (iii) responding to inquiries by authorities investigating crimes or other illegal activities or investigating other conducts that may expose us, you or any of our customers to a legal risk; (iv) implementing and administrating our General Terms and Conditions; (v) protecting our rights, property or privacy, those of our employees, those of the companies in our corporate family, or the public.
7. Sharing information outside the European Economic Area (EEA).
We use a variety of third - party service providers when providing our goods to you.
To facilitate our global operations we may transfer, store, and process your information within our family of companies or with service providers based in Europe. Laws in these countries may differ from the laws applicable to your Country of Residence. We do not transfer any personal data outside the EEA, except where our hosting service providers and other online service providers provide our online content to you from such points. Where we transfer store, and process your personal information outside of the EEA we have ensured that appropriate safeguards are in place to ensure an adequate level of data protection, for example complying with applicable Adequacy Decisions. We will provide further information on the means to ensure an adequate level of data protection on request.
8. Your rights
You may exercise any of the rights described in this section by sending an email to office@med-bg.com. Please note that we may ask you to verify your identity before taking further action on your request.
8.1. Data Access and Portability
You have the right to access and to receive and/or transfer the personal data which we process for you upon your request. You will receive a reply within one month at the latest, unless it is not possible to do so due to the nature of your request and/ or its complexity, in which case we will notify you of the need to extend this deadline.
In particular you have the right to:
- receive a copy of your personal data in a structured, commonly used, machine-readable format that supports re-use;
- transfer your personal data from one controller to another;
- store your personal data for further personal use on a private device; and
- have your personal data transmitted directly between controllers without hindrance.
The Applicable law may entitle you to request copies of your personal information held by us.
We reserve the right to deny you the exercise of this right in the event that we can prove that the nature of your request is manifestly unfounded or excessive.
8.2. Rectification of Inaccurate or Incomplete Information
You have the right to ask us to correct inaccurate or incomplete personal information concerning you (which you cannot correct on your own via our online service). You will receive a reply within one month at the latest, unless it is not possible to do so due to the nature of your request and/ or its complexity, in which case we will notify you of the need to extend this deadline.
We reserve the right to deny you the exercise of this right in the event that we can prove that the nature of your request is manifestly unfounded or excessive.
8.3. Erasure (“The right to be forgotten”)
You have a right to ask to erase the personal information we are processing about you. You will receive a reply within one month at the latest, unless it is not possible to do so due to the nature of your request and/ or its complexity, in which case we will notify you of the need to extend this deadline. We reserve the right to deny you the exercise of this right in the event that we can prove that the nature of your request is manifestly unfounded or excessive or that we do not have the right to erase your personal data because of an existing legal obligation.
8.4. Right to restriction of processing
You have the right to ask us to restrict the processing of your personal data. We reserve the right to deny you the exercise of this right in the event that we can prove that the nature of your request is manifestly unfounded or excessive or that we do not have the right to restrict the processing of your personal data because of an existing legal obligation.
8.5. Objection to Processing.
You have the right to object to the automatic processing of your personal data and to request that the latter be processed through human intervention. You will receive a reply within one month at the latest, unless it is not possible to do so due to the nature of your request and/ or its complexity, in which case we will notify you of the need to extend this deadline.
We reserve the right to deny you the exercise of this right in the event that we can prove that the nature of your request is manifestly unfounded or excessive
8.6. Withdraw of Consent
Where you have provided your consent to the processing of your personal information by us you may withdraw your consent at any time and, in the event that there is no other ground for the lawful processing of your personal data, we will be obliged to stop processing the relevant personal data.
8.7. Lodging complaints
You have the right to lodge a complaint with the competent data protection authorities in the event that you believe that we have violated any of your rights when processing your personal data. The competent authority is Commission for Personal Data Protection with address 2, Prof. Tsvetan Lazarov blvd., 1592 Sofia and contacts kzld@cpdp.bg, +359 2 915 3580, +359 2 915 3548.
9. Security
We are constantly implementing and updating our administrative, technical and physical safeguards to improve the security of your information against unauthorized access, loss, destruction or alteration. Some of the measures we apply are encryption, pseudonymization, firewall and access control to personal data. In case you know or you suspect that an unauthorized access to your personal data has occurred, please contact us via the contact details on our website beehoney1.mypos.site.
10. Changes to the Privacy Policy
We reserve the right to modify this Privacy Policy at any time in accordance with this provision. If we make changes to this Privacy Policy, we will make the revised Privacy Policy available on our website and with this we will consider that all customers have been duly informed. In the event that you do not object to the changes made, you will be bound by the provisions of the new Privacy Policy without the need to seek further confirmation by you.