Terms below shall have the following meanings:
Basic principles for the processing of personal data
We process personal data lawfully, fairly and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency");
We process personal data collected for specific, explicit and legitimate purposes and do not further process them in an incompatible with those purposes manner ("purpose limitation");
The processed personal data are appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed ("minimization of data");
The processed personal data may be kept up to date at any time by taking all reasonable measures to ensure the timely erasure or correction of inaccurate personal data, taking into account the purposes for which they are being processed ("accuracy");
The personal data processed by us are stored in a form that allows the data subject to be identified for no longer than is necessary for the purposes for which the personal data are processed ("storage limitation");
The personal data processed by us are stored in a manner that ensures an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures ("integrity and confidentiality");
In the event you have questions about the privacy in Eri Digital or you want to contact us about a privacy issue, you may contact us at the following e-mail: firstname.lastname@example.org.
What personal data we process
How do we use personal information?
Categories of persons to whom we disclose user personal information
Eri Digital can share personal information of its Users with third parties who are Data processors. Data processors are persons who process personal data on behalf of Eri Digital on the basis of a written agreement. They are not allowed to process the personal data they have been provided with for purposes other than the performance of the work assigned to them by Eri Digital. Data Processors are required to follow all of the Eri Digital's instructions.
Eri Digital takes the necessary steps to ensure that the engaged processors strictly adhere to Eri Digital's personal data protection policies and instructions and that they have taken appropriate technical and organizational measures to protect personal data.
Examples of Data processors are
Eri Digital may share personal information of Users with attorneys, account houses, or other consultant service providers in case of dispute or for optimization purposes;
Eri Digital can share personal information of its Users with banks and payment institutions. In connection with the servicing of consumer payments made by bank transfer or through a payment institution, it is necessary to exchange data between Eri Digital and the respective bank or payment institution.
Third persons in connection with the transformation (e.g. merger or acquisition) or transfer of an enterprise. In the event of an Eri Digital transformation, as well as in the event of transfer of assets in accordance with the applicable law, it is possible that the personal data of the Users administered by Eri Digital may be provided to a third person who is the legal successor.
Authorities. The legislation of the Republic of Bulgaria requires Eri Digital to store certain User personal data for a certain period of time. Where legally established preconditions exist, such personal data processed by Eri Digital should be provided to the competent authorities.
What methods we use to protect your personal information
We work hard to protect the security of your information during the transmission by using a Secure Sockets Layer (SSL) certificate that encrypts the information you enter. In addition, we maintain physical, technical and procedural guarantees regarding the collection, storage and disclosure of your personal information. Our security procedures mean that we can sometimes ask for proof of identity before disclosing personal information to you. Devices that store your personal data offer security features to protect against unauthorized access and data loss. It is important to protect yourself against unauthorized access to your computers and devices.
How long do we store your personal data?
Upon the expiration of the deadlines for the processing of personal data, they are anonymized or deleted/ destroyed unless:
Eri Digital makes efforts to ensure that processed user data is updated (and corrected if necessary) and that unnecessary data is not being stored.
As a general rule, we delete all merchant information after 1 year of inactivity.
General Information on the Rights of Individuals
Eri Digital takes actions at the request of an individual to exercise the rights under this section only if it is able to identify the person concerned.
Only persons who can be identified by Eri Digital have the ability to exercise their rights under this section. If the purposes for which Eri Digital processes personal data do not require or no longer require the identification of an individual, Eri Digital is under no obligation to maintain, obtain or process additional information to identify the person for the sole purpose of taking action at the request of that person.
Eri Digital notifies individuals of the action taken within one month of receiving a request under this section, and in certain cases this period may be extended by up to two months.
Eri Digital provides individuals with information on the actions taken in connection with their requests for exercising rights under this Section without undue delay and in any event within one month of receipt of the request. If necessary, this period may be extended by a further two months, taking into account the complexity and the number of requests. Eri Digital informs the person concerned of any such extension within one month of receipt of the request, indicating the reasons for the delay.
In the event of a rejection, Eri Digital notifies the individuals concerned of their rights.
If Eri Digital does not take action at the request of an individual, Eri Digital shall notify him/ her without delay within one month of receipt of the request for the reasons not to act and of the possibility of filing a complaint to the Commission for Personal Data Protection and seeking legal protection.
In certain cases, Eri Digital may request additional information to verify the identity of the individuals
If Eri Digital has reasonable concerns about the identity of the individual submitting a claim under this section, Eri Digital may request the provision of additional information necessary to verify the identity of the individual.
The actions taken by Eri Digital regarding claims for exercising rights under this section are completely free to individuals unless their claims are manifestly unfounded or excessive. When a person's claim is manifestly unfounded or excessive (for example because of its repeatability), Eri Digital is entitled, in its sole discretion: (a) to refuse to execute the request; or (b) require the payment of a reasonable fee, determined on the basis of the administrative costs necessary to provide the requested information or to take the requested action.
Users of the website shall have the following rights:
Right of access by the data subject
Users have the right to obtain from Eri Digital information on whether personal data relating to them is being processed. If so, users have the right to access the relevant data.
Right to rectification
In the event that personal data processed by Eri Digital is inaccurate or out of date, users are entitled to require Eri Digital to correct them.
Right to erasure ("right to be forgotten")
Users have the right to request from Eri Digital the deletion of personal data related to them in the following cases:
Right to restriction of processing
As of 25.05.2018, users have the right to request Eri Digital to restrict the processing of personal data related to them in the following cases:
Right to data portability
As of 25.05.2018, users have the right to obtain from Eri Digital the personal data provided by them in a structured, widely used and machine readable format, as well as to transfer this data to another Controller without hindering Eri Digital, insofar as:
Users have the right to request Eri Digital to transfer their personal data directly to another Controller when this is technically feasible.
Right to object
Consumers are entitled, at any time and on grounds relating to their particular situation, to object to the processing of personal data relating to them when Eri Digital processes their data to protect their legitimate interests.
In certain cases, this right is unconditional and Eri Digital will always discontinue the processing of data upon consumer objection.
For example, these are the cases where Eri Digital processes personal data for direct marketing purposes.
In other cases, depending on the nature of the objection and the circumstances exposed by the user, Eri Digital will conduct an internal review of the objection and will rule thereon in accordance with this section by: (a) informing the consumer that it will cease processing of his/ her personal data; or (b) reasonably refuses to discontinue the processing of his/ her personal data, provided there is a legitimate reason for doing so.
You have the right to access, correct, delete, restrict, and limit your access to your personal information, and your portability through our built-in GDPR module.
Right of appeal to a supervisory authority
Users have the right to file complaints or alerts with the Commission for Personal Data Protection (CPDP) if they believe Eri Digital violates privacy laws. Instructions for submitting complaints are posted on the CPDP website: https://www.cpdp.bg
After 25.05.2018, consumers may also submit complaints to other supervisory authorities within the European Union as provided for in Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) or also called "GDPR".