Privacy policy

Personal Data Controller

  1. Name: “DD” Ltd.

  2. UIC: 110014896

  3. Registered office and management address: Sofia, Prof. Zhivko Stalev St. 67B

  4. Phone: +359886445536

  5. Email: find@hinapska.com

“DD” Ltd. (the “Company” or the “Controller”) conducts its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“General Data Protection Regulation” or the “Regulation”). This Privacy Policy (the “Policy”) aims to inform every Client (as defined below) about the processing of data that identify or can identify the specific Client.

For the purposes of the Policy, a “Client” is any natural person party to a sale–purchase contract with the Company, as well as a natural person who has expressed intent to enter into pre-contractual relations with the Controller and/or a user of the Online Store https://hinapska.com/, accessible at https://hinapska.com/, as well as a director, manager, representative, proxy, employee, partner, shareholder, or beneficial owner of a legal entity or other legal formation using the Online Store.

1. What personal data do we process?

The Company, as controller, processes the following groups of Client personal data:

  • Physical identity – names, Personal Number (EGN), address, phone, email address;

  • Economic identity – bank account information.

Personal data are collected by the Controller from the data subjects themselves.

2. How do we collect personal data?

We collect personal data:

  • during registration on the Online Store’s website and when using the Online Store without registration;

  • through correspondence with the Client, which may include written (including electronic) and oral communication;

  • via cookies when you use or browse our website.

In some cases, we may collect information from third parties or public sources.

Our website collects data in log files. This information includes your IP address, internet service provider, browser used, operating system, time of visit, and pages viewed.

Our website uses cookies—small files that the website sends to the visitor’s browser and which are stored on the user’s device. They help the website work better for you. For more information, see our Cookie Policy published on the Online Store’s website: www.hinapska.com.

3. Do we process special categories of personal data?

The Company does not process special categories of Client personal data.

4. For what purposes do we process personal data?

We process Client personal data for the following purposes:

  • providing information and assistance you have requested from us;

  • identifying and contacting clients and beneficial owners;

  • all activities related to the existence, amendment, and termination of the relationship between the Company and the Client;

  • offering and promoting additional services;

  • compliance with regulatory requirements;

  • protection in case of disputes and cooperation with supervisory authorities to the extent required by law.

If we do not process this personal data, we may be unable to provide our services or the assistance you requested.

5. What is the legal basis?

Personal data are collected, processed, and used on the basis of:

  • performance of a contract or taking steps prior to entering into a contract;

  • compliance with a legal obligation applicable to the Company;

  • the Company’s or a third party’s legitimate interests, where data subjects’ rights and interests do not override them—e.g., dispute resolution; prevention, detection, investigation of fraud, violations, or unlawful conduct; establishment, exercise, or defense of legal claims;

  • your consent, where required by applicable law.

6. How long do we store the data?

We store personal data for the duration of the contractual relationship and until settlement of contractual claims, and for a subsequent period (e.g., to comply with archiving and accounting record-keeping obligations). If judicial or other proceedings are initiated, data may be stored until their completion, including all possible appeal periods, after which they will be deleted or archived as permitted by law. Specifically, accounting and tax records containing personal data are stored for 10 years, counted from 1 January of the year following the reporting period to which they relate.

Where your data are processed based on your consent, we will process them only as long as we have your consent.

7. With whom do we share data? Are data transferred to third countries?

The Company may, at its discretion, transfer some or all personal data to processors for the purposes stated, in compliance with the Regulation.

We may share data with:

  • third-party service providers engaged to perform functions or activities on our behalf;

  • third parties such as supervisory authorities, tax and financial authorities, judicial, administrative, and law-enforcement bodies, all in accordance with applicable law.

This list is not exhaustive; other lawful grounds for storage, disclosure, or processing may apply.

The Company will inform the data subject if it intends to transfer some or all of their personal data to third countries or international organizations.

8. Are the data protected?

The Company implements and maintains appropriate technical and organizational measures to protect personal data against unauthorized access or unlawful use and/or accidental loss, alteration, disclosure, access, and/or damage or copying. These measures aim to ensure ongoing confidentiality and integrity of personal data. The Company regularly reassesses the measures to maintain constant data security.

9. Do we perform automated decision-making?

The Company does not perform automated decision-making using personal data.

10. What are Clients’ rights under data protection law?

Clients may exercise the rights below by written notice to the Company.

  • Withdrawal of consent – where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

  • Right of access – confirmation whether your data are processed; access to the data; a free copy (except in cases of excessive or repeated requests); and key information about the processing. The Company may charge an administrative fee in case of repetitive or excessive requests.

  • Right to rectification – correction without undue delay of inaccurate, incomplete, or outdated data.

  • Right to erasure (“right to be forgotten”) – where, for example, data are no longer needed; consent is withdrawn with no other legal ground; you object and there are no overriding legitimate grounds; data were unlawfully processed; erasure is required by law; or data were collected in relation to information-society services. The Company may refuse erasure where processing is necessary for freedom of expression and information; legal obligations or public interest tasks; public-health interests; archiving/public interest, scientific or historical research, or statistical purposes; or the establishment, exercise, or defense of legal claims.

  • Right to restriction of processing – in cases of contested accuracy; unlawful processing where you prefer restriction over deletion; where data are no longer needed by the Company but required by you for legal claims; or pending verification of overriding legitimate grounds after an objection.

  • Right to object – you may object at any time on grounds relating to your particular situation to processing based on the Company’s legitimate interests. If justified, the Company will stop processing unless it demonstrates compelling legitimate grounds overriding your interests.

  • Right to data portability – to receive your data in a structured, commonly used, machine-readable format and transmit them to another controller, or to have them transmitted directly where technically feasible.

  • Right to lodge a complaint – with the Commission for Personal Data Protection (CPDP), the competent supervisory authority.

Commission for Personal Data Protection
Address: 2 Prof. Tsvetan Lazarov St., 1592 Sofia, Bulgaria
Tel.: (02) 91 53 519 | Fax: (02) 91 53 525
Email: kzld@cpdp.bg
Website: www.cpdp.bg

11. What happens if this Policy changes?

In case of a material change in how the Company processes Clients’ personal data and/or in the types of data processed and/or any other aspect covered by this notice, the Company will promptly notify Clients by issuing and providing an updated version of this notice.