PRIVACY POLICY

Information about the data controller:

Website: yachtsnesebar.com

The legal basis and purposes for which we use your personal data

We process your personal data on the following grounds:

The contract concluded between us and you for the purpose of fulfilling our obligations under it;
Your explicit consent – the purpose is specified for each specific case;
Where required by law;
In the following sections, you will find detailed information about the processing of your personal data, depending on the legal basis on which we process it.

FOR THE PERFORMANCE OF A CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS

We process your personal data to fulfill our contractual and pre-contractual obligations and to exercise our rights under the contracts we have entered into with you.

Purposes of processing:

  • to verify your identity;
  • processing and fulfilling your request and performing the terms of the contract;
  • drafting a proposal for the conclusion of a contract;
  • preparing and sending an invoice for the services you use with us;
  • in order to provide you with the comprehensive service you need and to collect payment for the services you have used;
  • retaining correspondence related to orders placed, processing requests, reporting issues, etc.
  • notifications regarding everything related to the services you use with us;
  • analysis of the customer's history;
  • to identify and/or prevent unlawful actions or actions that violate our terms and conditions for the relevant services;

Data we process on this basis:

Based on the contract concluded between us and you, we process information regarding the nature and content of the contractual relationship, as well as any other information related to the contractual relationship, including:

personal contact information – contact address, email address, phone number;
identification information – full name, personal identification number or foreigner identification number, permanent address;
information about orders placed;
correspondence related to our overall service—including emails, letters, information regarding your requests for issue resolution, complaints, requests, feedback, and other communications we receive from you;
credit or debit card information, bank account numbers, or other banking and payment information related to payments made;

Other information such as:

Customer number, code, or other identifier created for identification purposes;
Social media profile information;
Information about your activity on the website.
The processing of the personal data listed above is necessary for us to enter into and fulfill the contract with you. Without the personal data listed above, we would not be able to fulfill our obligations under the contract.

We share personal data with third parties

We share your personal data with third parties, with the primary goal of providing you with high-quality, fast, and comprehensive service. We do not share your personal data with third parties until we have verified that all technical and organizational measures have been taken to protect this data, and we strive to maintain strict oversight to ensure this objective is met. In this case, we remain responsible for the confidentiality and security of your data.

We disclose personal data to the following categories of recipients (data controllers):

  • postal operators and courier companies;
  • persons who, under contract, maintain the equipment, software, and hardware used for the processing of personal data and necessary for the company’s operations;
  • individuals providing consulting services in various fields.

When do we delete the data collected on this basis?

We delete the data collected on this basis two years after the termination of the contractual relationship, regardless of whether the termination was due to the expiration of the contract, termination, or any other reason.

TO FULFILL REGULATORY OBLIGATIONS

The law may require us to process your personal data. In such cases, we are obligated to carry out the processing, for example:

  • Obligations under the Anti-Money Laundering Act;
  • Compliance with obligations regarding distance selling and off-premises sales, as provided for in the Consumer Protection Act;
  • Providing information to the Consumer Protection Commission or third parties as provided for in the Consumer Protection Act;
  • Providing information to the Personal Data Protection Commission in connection with obligations set forth in the personal data protection regulations;
  • Obligations set forth in the Accounting Act, the Tax and Social Security Procedure Code, and other relevant legislation regarding the maintenance of proper accounting records;
  • Providing information to the court and third parties in the context of court proceedings, in accordance with the requirements of the laws and regulations applicable to such proceedings;
  • Age verification when shopping online.

When do we delete personal data collected on this basis?

We delete data collected in accordance with a legal obligation once the obligation to collect and store such data has been fulfilled or has ceased to apply. For example:

in accordance with the Accounting Act regarding the storage and processing of accounting data (11 years),
obligations to provide information to the court, competent government authorities, and other grounds provided for in applicable law (5 years).

Disclosure of Data to Third Parties

When we are legally required to do so, we may disclose your personal data to the competent government authority, natural person, or legal entity.

After you give your consent

We process your personal data on this basis only after receiving your explicit, unambiguous, and voluntary consent. We will not impose any adverse consequences on you if you refuse the processing of your personal data.

Consent is a separate legal basis for the processing of your personal data, and the purpose of the processing is specified therein; it does not overlap with the purposes listed in this policy. If you provide us with the relevant consent, and until its withdrawal or the termination of any contractual relationship with you, we prepare product/service offers tailored to you by conducting detailed analyses of your basic personal data;

Detailed analysis is a method of analysis that enables the processing of large volumes of data using statistical models, algorithms, and other tools that involve the use of personal data, as well as processes for pseudonymizing and anonymizing such data, in order to extract information about trends and various statistical indicators.

Data we process on this basis:

On this basis, we process only the data for which you have given us your explicit consent. The specific data is determined on a case-by-case basis. Typically, this data includes names, phone numbers, email addresses, and other addresses.

Withdrawal of Consent

Consent may be withdrawn at any time. Withdrawal of consent does not affect the fulfillment of contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the purposes described above, we will not use your personal data and information for the purposes specified above. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal.

To withdraw your consent, simply use our website or contact us.

When do we delete the data collected on this basis?

We delete the data collected on this basis upon your request or 12 months after it was initially collected.

How We Protect Your Personal Data

To ensure adequate protection of the company’s data and that of its customers, we implement all necessary organizational and technical measures as required by the Personal Data Protection Act.

To ensure maximum security when processing, transferring, and storing your data, we may use additional security measures such as encryption, pseudonymization, and others.

Personal data we have received from third parties

We do not receive data from third parties.

Consumer Rights

Every user of the website is entitled to all rights regarding the protection of personal data under Bulgarian law and European Union law.

Users may exercise their rights by using the contact form or by sending an email to us.

Every User has the right to:

  • Right to be informed (regarding the processing of his personal data by the controller);
  • Access to your own personal data;
  • Correction (if the data is inaccurate);
  • Deletion of personal data (the „right to be forgotten“);
  • Restriction of processing by the controller or processor;
  • Portability of personal data between different controllers;
  • Objection to the processing of his personal data;
  • The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects him or her;
  • The right to seek judicial or administrative remedies in the event that the data subject’s rights have been violated.

The user may request deletion if any of the following conditions apply:

  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • The user withdraws the consent on which the data processing is based, and there is no other legal basis for the processing;
  • The data subject objects to the processing, and there are no legitimate grounds for the processing that override the data subject’s interests;
  • The personal data was processed unlawfully;
  • Personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State to which the controller is subject;
  • The personal data was collected in connection with the provision of information society services to children, and consent was given by the person with parental responsibility for the child.

The user has the right to restrict the processing of their personal data by the adminthe controller, when:

  • Challenge the accuracy of the personal data. In this case, the restriction on processing shall apply for a period that allows the controller to verify the accuracy of the personal data;
  • The processing is unlawful, but the User does not wish to have the personal data erased; instead, the User requests that its use be restricted;
  • The controller no longer needs the personal data for the purposes of processing, but the user requires it for the establishment, exercise, or defense of legal claims;
  • Objects to the processing pending verification of whether the controller’s legitimate grounds override the User’s interests.

Right to data portability.

The data subject has the right to receive the personal data concerning him or her that he or she has provided to a controller, in a structured, commonly used, and machine-readable format, and has the right to transmit those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent or a contractual obligation and the processing is carried out by automated means. When exercising the right to data portability, the data subject has the right to receive and have the personal data transferred directly from one controller to another, where technically feasible.

Right to object.

Users have the right to object to the controller regarding the processing of their personal data. The data controller is required to cease processing unless it demonstrates compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims. In the event of an objection to the processing of personal data for direct marketing purposes, the processing must be discontinued immediately.

Complaint to the supervisory authority

Every User has the right to file a complaint regarding the unlawful processing of their personal data with the Personal Data Protection Commission or with the competent court.

Maintenance of a register

We maintain a record of the processing activities for which we are responsible. This record contains all of the following information:

  • The administrator's name and contact information
  • The purposes of the processing;
  • Description of the categories of data subjects and the categories of personal data;
  • The categories of recipients to whom the personal data has been or will be disclosed,
  • Including recipients in third countries or international organizations;
  • Where possible, the timeframes for erasing the various categories of data;
  • Where possible, a general description of the technical and organizational security measures.

The data collected on this basis is retained for a period not exceeding 12 months, in accordance with the requirements of the Commission for Personal Data Protection.