We, at Brutale.bg, attach great importance to the protection of your personal data. Therefore, we inform you, in accordance with the relevant provisions on the protection of personal data – in particular the General Data Protection Regulation (GDPR), which entered into force on May 25, 2018 and the Personal Data Protection Act – about the collection, processing and use of your personal data within the framework of visiting our web page.
- Your Personal Information
- Who is responsible for your personal data and how can you be contacted?
Brutale is the administrator of your personal data and is responsible for its lawful processing.
You can contact us at the email address email@example.com or by phone at 0885558858
- Information about the competent supervisory authority for the protection of personal data
Name: Personal Data Protection Commission
Headquarters and management address: Sofia 1592, “Prof. Tsvetan Lazarov” No. 2
Address for correspondence: Sofia 1592, “Prof. Tsvetan Lazarov” No. 2
Phone: +359 2 915 3580 Fax: +359 2 915 3525
- What personal data do we collect?
When visiting our web page are processed, resp. record the following personal data:
-Name and surname;
-IP address (dynamic static);
We do not collect sensitive personal data about you. This includes details of race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political views, trade union membership, information about your health, and genetic and biometric data. We also do not collect information about criminal convictions and crimes committed.
- How do we collect your personal data?
We may collect personal information about you in the following ways:
Data that you yourself share with us:
– Data you give us when you register to use our services;
– Data you share with us when you talk to us on the phone;
– Data you send us in emails or letters to us;
– Data related to your participation in our promotions or events;
– Data you send to us in the form of feedback;
- For what purpose do we process your personal data?
In addition, we may collect and subsequently process certain information about your browsing behavior on our website in order to personalize your online experience and prepare offers that are tailored to your profile.
We also process your personal data for the purpose of fulfilling legal obligations.
In the event that you have consented to participate in certain events (competition, raffle, game, etc.), we process the data you provide to us in order to administer these activities.
- Disclosure of personal data to third parties
In certain cases, in order to provide the services you have requested from us, we may share your personal information with our partners.
We require all our partners with whom we share your data to respect the security of your personal data and treat it in accordance with the law. We do not allow any of our partners to use your personal data for their own purposes and we only allow them to process your personal data for certain purposes and in accordance with our instructions. In some cases, for example when providing information to courier companies, they are considered separate controllers and process your personal data according to their policies, which you should familiarize yourself with further.
When delivering the items ordered by you, we use SPIDI’s courier services. For this purpose, we provide SPIDI with your personal data that you have specified for delivery. If necessary or commercial agreements, we may also use other licensed courier companies.
Law enforcement authorities, regulators and others: We may disclose your personal data to law enforcement authorities, governmental or public authorities in order to comply with any legal or regulatory requirements. We may disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in legal proceedings or in an administrative or out-of-court proceeding. In these cases, we are not obliged to inform users about the disclosure of their personal data to public authorities.
- Do we collect information from children?
Our Services are not intended for children under the age of 16, and we do not knowingly collect personal data from persons under the age of 16. In the event that we become aware that a person under the age of 16 has provided us with personal data, we will delete it immediately.
We may use your personal information to notify you of relevant services and upcoming offers. We may only use your personal data to send you marketing communications if we have your consent or a legitimate interest to do so. When we rely on our legitimate interest, you should bear in mind that we have carried out the necessary balancing test between your rights/interests and our interests. You can ask us to stop sending you marketing messages at any time – you just need to contact us or use the opt-out links in every message sent to you.
- Your rights related to the protection of personal data
The General Data Protection Regulation guarantees you a certain set of rights that you can exercise in relation to your personal data processed by us. If you wish to exercise any of the rights listed below, please select your account settings/privacy settings or contact us via the contact form.
Specifically, you have:
Right to request access to your personal data. This gives you the opportunity to obtain a copy of your personal data that we hold and to check whether it is being lawfully processed.
Right to request restriction of processing of your personal data. This gives you the opportunity to contact us with a request to stop the processing of your personal data in the following scenarios:
- a) if you want us to prove the accuracy of the data;
- b) when you believe that our use of the data is illegal;
- c) when you require us to store the data even if we no longer need it, as you need to establish to exercise or prove your claims;
- d) when you have objected to the use of your data, but we need to check whether we have legal grounds to use it.
Right to request correction of your personal data we hold about you. This gives you the opportunity to correct any incomplete or inaccurate data we have about you. However, we may need to verify the accuracy of new data you provide to us.
Right to request erasure of your personal data. This right enables you to contact us with a request to delete or remove your personal data when there is no valid reason for us to continue processing it. You also have the right to request that we delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where you suspect that we may have processed your information inconsistently with legal requirements, or when we are required to delete your personal data to comply with legal requirements. Please note that for certain purposes we may be legally required to retain your personal data (See Section 13).
Right to object to the processing of your personal data where it is based on a legitimate interest (or that of a third party) and there is a basis for your specific interests which makes you object to the processing of your personal data on this basis, considering that the processing violates your fundamental rights and freedoms.
Right to request the transfer of your personal data to you or to a third party. We will provide you, or the named third party you have chosen, with your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information for which you have initially provided your consent for us to use.
You have the right to withdraw your consent to the processing of your personal data at any time. This does not affect the lawfulness of the processing that we have already carried out on the basis of your prior consent.
Right to object to automated processing. This concerns the scenarios in which we may process your data in order to present you with personalized content.
No fee is usually required: You have no obligation to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is manifestly unfounded, repetitive or excessive. We may refuse to fulfill your request in the presence of the prerequisites provided for in the relevant legal acts.
Response Time: We will do our best to respond to any legitimate request within one month of its submission. It may take us more than a month if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated. In addition, you have the right to lodge a complaint at any time with the Commission for the Protection of Personal Data.
11.1. How can you exercise your rights?
You can exercise your rights through requests submitted electronically (via the contact form available on the Website) or on paper (at the Company’s address). Please note that for your security, we may take steps to verify your identity before fulfilling your request. When the request is submitted on your behalf (e.g. through a proxy), we will request evidence of the representative authority of the person who submitted the request, namely – a notarized power of attorney or a power of attorney according to Art. 25 of the Law on Advocacy. Note that we may also take steps to verify the identity of your proxy. We would like to inform you that our Company aims at voluntary settlement of any conflicts and disputes. For this reason, we would be grateful if, in the event of a conflict, before submitting a complaint to the Commission for the Protection of Personal Data, you would contact us so that we can familiarize ourselves with your grounds for complaint and claims and do our best to to resolve them. For this purpose, you can again use the contact form to contact us.
- How do we protect your personal data?
All information we receive about you is stored on secure servers and we have implemented technical and organizational measures that are appropriate and necessary to protect your personal data. We implement measures to protect personal data, consisting of encryption of the password of each user registered on our website. Also, all payment information is encrypted using SSL technology. Brutale.BG continuously evaluates the security of its network and the fitness of its internal information security program, which is designed to:
– helps protect your data from accidental or unlawful loss, access or disclosure;
– identifies reasonably foreseeable risks to Brutale.BG’s network security;
– reduces security risks, including through risk assessment and regular testing.
Please note that despite the measures we take to protect your data, the transfer of data over the Internet or other open networks is never completely secure and there is a risk that your personal data may become accessible to unauthorized third parties.
- Where do we store your data and for what period of time?
The data we collect about you will be stored and processed on secure servers to ensure the best possible user experience for users.
We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of complying with legal, accounting or reporting requirements.
To determine the appropriate retention period for your personal data, we take into account the amount, nature and
the sensitivity of your personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and applicable legal requirements.
In case you have any questions regarding the storage period of your personal data, please contact us using the contact form