PRIVACY POLICY of www.ebikebansko.com

This document discloses the Privacy Policy and the protection of personal data that is collected from users of the Site with the address (URL) www.ebikebansko.com

This Privacy Policy aims to inform you about how the owner of www.ebikebansko.com  treats your personal data as an Administrator, and also about how you could control your preferences and settings in relation to this treatment.

Please read this Privacy and Personal Data Protection Policy carefully before accessing the Site and its services. If you do not agree with any of the terms, you should not visit the Site or use in any way the services it offers.

This Privacy Policy is an integral part of the General Terms of Use of the Site www.ebikebansko.com. All definitions given in the Terms and Conditions are also applicable in this Privacy Policy.

This Policy is effective from 01.07.2023.

ADMINISTRATOR OF PERSONAL DATA

“CholSki” Ltd. is a personal data administrator within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and for the repeal of Directive 95/46/EC (hereinafter referred to as “GDPR”) and the Personal Data Protection Act (hereinafter referred to as “DPA”).
In order to fulfill the requirements of the applicable legislation for the protection of personal data, the company responsible for the protection of your personal data in its capacity as a Data Administrator is:

  1. Name of the company: “CholSki” Ltd.; UIC: 205721198
  2. Headquarters and address for correspondence: Bulgaria, city of Bansko, zip code 2770, 12 Bulgaria Str.;
  • business email for customer communication: contact@ebikebansko.com
  • phone: 0898 915 999;
  1. Supervisory authorities:
    Commission for the Protection of Personal Data
    Address: Sofia 1592,. Blvd. “Prof. Tsvetan Lazarov” No. 2,
    phone: (02) 940 20 46
    fax: (02) 940 36 40
    Email: kzld@government.bg, kzld@cpdp.bg
    Website: www.cpdp.bg

The Administrator collects and processes all personal data in accordance with the personal data protection laws applicable in Bulgaria and the European Union.

PRINCIPLES FOR PROCESSING PERSONAL DATA

When processing personal data, the Administrator observes the following principles:
1) collects personal data only if there is a legal basis, processes them in good faith and in a transparent manner in relation to the data subject – principle of legality, good faith and transparency;
2) collects personal data for specific, explicitly indicated and legitimate purposes and does not process these personal data in a way that is incompatible with the original purposes – principle of limitation of purposes;
3) processes only such volume and type of personal data related to and limited to what is necessary in relation to the purposes for which they are processed – principle of reducing data to a minimum;
4) keep personal data accurate and up-to-date – principle of accuracy;
5) store the personal data in a form that allows the identification of the data subject for a period no longer than is necessary for the purposes for which the personal data are processed – principle of storage limitation;
6) complies with the principles of data protection by design and data protection by default, taking into account the achievements of technical progress, the costs of implementation and the nature, scope, context and purposes of the processing, as well as the risks arising from the processing with varying probability and burden on the rights and freedoms of individuals, and introduces appropriate measures to protect personal data and achieve compliance with Regulation (EU) 2016/679.
7) guarantees an appropriate level of personal data security, including protection against unauthorized or illegal processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures – principle of integrity and confidentiality.

BASIS FOR COLLECTION OF PERSONAL DATA

The Administrator collects and processes your personal data based on the following grounds:

  • Explicit consent received from you as a User – on the basis of Art. 6, para. 1, b. “a” of the GDPR. The consent obtained for the processing of personal data is voluntary and is given on a case-by-case basis. Your consent to the processing of personal data can be withdrawn at any time by submitting a Consent Withdrawal Form in free text to the Administrator. The withdrawn consent has effect going forward, and the same does not affect the legality of the processing of the personal data provided by you before the submission of the Consent Withdrawal Form;
  • The Supplier processes the personal data of the users in accordance with Art. 6, para. 1, b. “b” from GDPR – the processing is necessary for the performance of the contract with you;
  • Legitimate interest of the Administrator.

WHAT DATA WE COLLECT FROM OUR USERS

Before accessing the services of the Site, you should express your express consent to process your personal data according to this Policy. We collect personal information that you voluntarily provide to us when you visit the site.

  1. The Administrator does not collect and store “sensitive” categories of personal data such as political beliefs, ethnic origin, sexual orientation, data on the subject’s state of health, religious or philosophical beliefs, etc.
  2. Personal data collected by the data subject when individuals contact the Administrator through the contact form on the site/make a request to rent a bicycle.
    When the person sends a message to the Administrator using the contact form, the Administrator collects and stores the person’s name and e-mail address, as well as the information provided in the message.
    Purpose for which the data is collected: The Administrator collects and stores the specified information for the purposes of communication with the individual.
  3. Personal data collected automatically.
    On our website, we collect data about all visitors, namely:
  • Browser ID;
  • History of pages visited, in order to establish your preferences for certain types of content;
  • History of the searches you have made on our pages;
  • Device data. We collect device data, such as information about your computer, phone, tablet or other device that you use to access the Website. Depending on the device used, this partition data may include information such as your IP address or proxy server, device and application identifiers, location, browser type, hardware model, internet service provided and/or mobile operator, operating system and information for system configuration.
    Purpose for which the data is collected: Improving the security of the services provided by us and preventing misuse of the user account by third parties.
  1. Personal data collected from users when concluding a bicycle rental contract:
  • three names and data from an identity card;
  • email;
  • address;
  • telephone.
    Purpose for which the data is collected: to fulfill the obligations under the contract with the person and to communicate with the User.

PURPOSES FOR THE PROCESSING OF PERSONAL DATA

The Administrator collects and processes the personal data of the natural persons, which are provided directly by them or collected automatically for the following purposes:

  • For the normal functioning of all services on the Site;
  • To make contact with the person;
  • To provide services offered on the Site;
  • To conclude a contract for the provision of a bicycle for rent with the person;
  • To improve the efficiency and functionality of the Site;
  • For statistical purposes and analyzes to improve our services;
  • To protect information security;
  • To ensure that our Users are real and to prevent fraud;
    If the purposes change, we will inform you and ask for your express consent to process your personal data in accordance with the new purposes.

HOW LONG DO WE STORE INFORMATION

We will not store your data for a period longer than necessary to achieve the purposes for which we process it. If the basis on which we store your personal data ceases (for example, if we cease to have a legitimate interest in storing your personal data, if the statutory period for storing your personal data has expired or if you have withdrawn your consent to store your personal data), we will delete or destroy them in a secure manner. The Company stores your personal data collected through the Site for a period not longer than necessary and/or due according to the requirements of the applicable law.
We apply the following terms for storing the different types of personal data according to their purpose, namely:

  1. Regarding personal data of the persons who made an inquiry through the contact form on the Site: up to 12 months from sending the inquiry.
  2. Regarding personal data of the persons who made an inquiry by telephone call: up to 1 month after the conversation.
  3. Regarding the data related to the contractual relationship between the Administrator and the Client, they are stored for a period of five years after the conclusion of the distance contract, unless the mandatory norms of the law require the Supplier to keep the data of its partners for a longer period (for the categories of documents that we are required to keep under the Accounting Act and/or the Tax-Insurance Procedure Code).

WHERE WE STORE YOUR PERSONAL DATA

Your personal data that we collect is stored on servers located in Bulgaria.
We store your personal data for a period no longer than is necessary to achieve the above-described goals, or until the services and/or the Site are discontinued. Your personal data collected through the Site will be collected, processed, stored and destroyed in accordance with the applicable Bulgarian and European legislation.

SECURITY MEASURES

The Administrator has taken a wide range of technical and organizational measures to protect your personal data against loss or other forms of illegal processing. All our employees are familiar with our security policy, as stipulated in the Personal Data Protection Act. The personal information of our Users is accessible only to a limited number of qualified employees. We regularly review our security systems and processes. Although we take reasonable measures to maintain a secure site, electronic communications and databases are subject to errors, tampering and breaches and we cannot guarantee that such events will not occur and we will not be liable to visitors for any such events.
In case you wish to receive detailed information about the technical and organizational measures, please do not hesitate to contact us.

PERSONAL DATA OF THIRD PARTIES

We only process and use data that you have voluntarily provided to us, and we rely on this data being owned and provided by you lawfully.
This means that each user is responsible not to provide the Administrator with data of third parties in violation of their rights to the protection of personal data.
Therefore, any person bears unlimited personal liability if they provide us with data to a third party without their knowledge or consent in accordance with the requirements of applicable data protection legislation, regardless of the type of data or the reasons for which provide: names, email address, and more.

WHO WE SHARE AND DISCLOSURE YOUR PERSONAL INFORMATION WITH

Sometimes we save some of the information on our servers or send it to third parties. This is necessary so that we can provide you with the best experience when using our services, and sometimes – and at all, so that we can ensure the availability and accessibility of the service you use.
Your personal data will not be transferred to third parties unless:
● provide us with your express, informed and freely given consent;
● the third parties in question provide us with support under contract for the purpose of providing our products or services;
● this is required by law or by virtue of an official act of a public body;
● this is required in connection with the sale of a business, our company or its assets that are subject to confidentiality.
Our employees and partners are properly informed about the importance of their duty of confidentiality and are responsible for fulfilling this duty.
For any other purposes not expressly mentioned in this Policy, we will ask for your express consent, identifying our partners and the purposes for the transfer and sharing of data.

ANALYSIS OF THE WEB SPACE

We need statistical information about the use of our website to make it more accessible, to measure reach and to do market research.
For this purpose, we use the web analysis tools described in this section.
Google Analytics is offered by GoogleInc., 1600 AmphitheaterParkway, MountainView, CA 94043, USA (“Google”). We use GoogleAnalytics with the additional function offered by Google to anonymize IP addresses. Google abbreviates the IP address already within the EU and only in exceptional cases in the USA, in both cases only abbreviated IP addresses are recorded.
Our website uses the services provided by Google Analytics to analyze and regularly improve the use of our website. An analysis of your user activity on the site is carried out with the help of “cookies”, which are stored on your computer, generate information about your user behavior and transmit it to Google.
Under normal circumstances, a shortened version of your IP address is sent to Google’s servers, but in exceptional cases the full IP address may also be sent. Google uses this information on our behalf to create a report on the user’s activity on our website. The IP address identified by Google Analytics is not combined with other Google data.
If you activate the anonymous mode on this website, your IP address will be intercepted in the member states of the European Union or in other countries that have signed the agreement on the European Economic Area. In exceptional cases, the full IP address may be transferred to a Google server in the USA and truncated there.
Google uses this information on behalf of the operator of this website to analyze your use of the website, to compile reports on website activities and to provide other services for the website operator in connection with the use of the website and the Internet.
You can refuse the use of cookies by selecting the appropriate settings on your browser, but please note that if you do this, you may not be able to use the full functionality of this website
Terms of use for users:
http://www.google.com/analytics/terms/de.html,
The data privacy statement:
https://policies.google.com/privacy?hl=en
Facebook pixel to create custom audiences.
If a user clicks on an ad placed by us that plays on Facebook, the URL of our linked page will be added by the Facebook Pixel. If our site allows data sharing with Facebook via pixels, this URL parameter is saved in the user’s browser via a cookie that our linked site sets itself. This cookie is then read by the Facebook Pixel and allows the data to be forwarded to Facebook.
Accordingly, we only use the Facebook pixel to display the Facebook advertisements placed by us to Facebook users who have also shown an interest in our online offer or who have certain characteristics (e.g. interests in certain topics or products that are based on the visited websites) that we transmit to Facebook (so-called “Custom Audiences”). The collected data is anonymous to us, so it does not allow us to draw any conclusions about the user’s identity. However, the data is stored and processed by Facebook so that a connection to the respective user profile is possible and Facebook can use the data for its own advertising purposes in accordance with Facebook’s data usage guidelines (https://www.facebook .com /about/privacy/). The data may allow Facebook and its partners to place advertisements on and off Facebook.
Data processing related to the use of the Facebook pixel is carried out on the basis of our primarily legitimate interest in the evaluation, optimization and economic functioning of our online offer as well as our advertising measures in accordance with Article 6 (1) GDPR.

RIGHTS OF DATA SUBJECTS UNDER GDPR

Right of access to your personal data. You have the right to request and receive confirmation from the Administrator as to whether personal data relating to you is being processed by sending a request in free text by e-mail.
Right to rectification of personal data: if you find that the personal data we process about you is inaccurate, you have the right to have us correct that personal data. You may at any time correct or complete inaccurate or incomplete personal data relating to you by sending a request to the Administrator by email in free text.
Right to erasure of personal data (the right to be “forgotten”)
You have the right to ask the Administrator to delete part or all of your personal data, and the Administrator has the obligation to delete them without undue delay, when any of the following grounds are present:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • You withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
  • You object to the processing of your personal data and there are no overriding legal grounds for the processing;
  • personal data were processed illegally;
  • personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the Administrator;
    The Administrator is not obliged to delete the personal data if it stores and processes them:
  • to exercise the right to freedom of expression and the right to information;
  • to comply with a legal obligation that requires processing provided for in EU law or Member State law that applies to the Administrator or for the performance of a task in the public interest or in the exercise of official powers granted to him;
  • for reasons of public interest in the field of public health;
  • for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;
  • for the establishment, exercise or defense of legal claims.
    In order to exercise your right to be forgotten, it is necessary to send by email a request for the deletion of your personal data that the Administrator processes through a free text request.
    Right to restriction of processing: in certain circumstances, such as if you doubt the accuracy of your personal data or you have objected to our legitimate purpose for processing your personal data, you have the right to request that we restrict the processing of your personal data until a solution is found. You have the right to request the Administrator to restrict the processing of data related to you by sending us a free text request by email when:
  • dispute the accuracy of the personal data, for a period that allows the Administrator to verify the accuracy of the personal data;
  • the processing is illegal, but you do not want the personal data to be deleted, but only to have its use limited;
  • The administrator no longer needs the personal data for the purposes of processing, but you require them to establish, exercise or defend your legal claims;
  • You have objected to the processing pending verification of whether the legal grounds of the Administrator take precedence over your interests.
    Right to data portability. If you have consented to the processing of your personal data or the processing is necessary for the performance of the contract with the Administrator, or if your data is processed in an automated manner, you can:
  • to ask the Administrator to provide you with your personal data in a readable format and to transfer them to another Administrator;
  • to ask the Administrator to directly transfer your personal data to an administrator specified by you, when this is technically feasible.
    Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint regarding the processing of your personal data by us with the relevant supervisory authority.
    The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for the data subject or similarly significantly affects him;
    Right to judicial or administrative protection in the event that the data subject’s rights have been violated.
    You can exercise all rights by contacting us via email: contact@ebikebansko.com .
    We will contact you and inform you in detail about the procedure for exercising your rights.