Menu
Your cart
0

Privacy Policy and Personal Data Protection Policy

The administrator of the website available at https://www.dasys.bg/ is "DASYS ENGINEERING" Ltd., UIC 201554346.

The protection of personal data, its security, and confidentiality are of utmost importance to us. This declaration and policy aim to provide users with accessible information regarding the purposes and methods by which we process their personal data and to familiarize them with their rights as data subjects under Regulation (EU) 2016/679 of the European Parliament and the Council (General Data Protection Regulation or GDPR) and the Personal Data Protection Act.

1. Principles of Personal Data Processing:

·    Lawfulness, fairness, and transparency – Processing is carried out based on specific legal grounds, and all information about the processing is presented in an accessible and understandable manner.

·    Purpose limitation – Personal data is collected and processed for specific, explicitly stated, and legitimate purposes and is not processed in ways incompatible with those purposes.

·    Data minimization – Personal data is not collected, processed, or stored in a volume greater than necessary for the purposes for which it is intended.

·    Accuracy – Measures are taken to ensure the accuracy and timeliness of the collected personal data, with an appropriate organization in place to ensure timely deletion or correction of inaccurate data and the resulting consequences.

·    Storage limitation – Personal data is stored in a form that allows the identification of individuals for no longer than necessary for the purposes for which the data is processed.

·    Integrity and confidentiality – Personal data is processed with an adequate level of security and protection against unlawful processing, loss, destruction, alteration, or damage.

·    Accountability – We are responsible for complying with the aforementioned data protection principles and are able to demonstrate compliance with legal requirements at any time.

2. Personal Data We Collect:

·        Your full name

·        Email address

·        Phone number

·        Physical address for delivery and/or correspondence

·         Invoice data

Note No. 1:

When purchasing goods and/or services via bank transfer, the company may receive and/or request data about the IBAN (bank account number) from which the payment was made. Payments made using a bank card are processed through a third-party service provider offering financial services for electronic transactions. In such cases, the third-party financial service provider acts as an independent data controller, while the website merely serves as a platform through which end users can access this service (online payment) in accordance with the third party's privacy policy.

In this specific case, "DASYS ENGINEERING" Ltd. has no control over how the third party processes personal data, as the service is provided within an information system entirely controlled by the third party.

Note No. 2:

To perform certain website functionalities, the system collects information regarding additional categories of personal data, namely: preferred language settings and user-defined currency – more details can be found in the cookie policy.

Note No. 3:

The website's services are not intended for individuals under 18 years of age. The company does not aim to collect personal data of minors concerning the services provided through the website. If the company inadvertently receives information about a minor in connection with the website's services, we will not process it and will delete it unless a legal requirement obligates us to process such data in another specifically established manner.

3. How is personal data collected?

The personal data we process may be collected in the following ways, either together or separately:

1.  Provided personally and voluntarily by the visitor

2.  Through the use of cookies

4. Purpose, Legal Basis, and Retention Period for Data Processing

The commercial activity of "DASYS ENGINEERING" Ltd. involves the sale of goods in physical retail stores and through distance contracts via online stores. User data is processed to fulfill the following obligations of the Administrator:

·     Conclusion, execution, and termination of sales contracts;

·       Management of our online store and compliance with legal obligations under the Electronic Commerce Act;

·        Processing of customer inquiries, complaints, and claims;

·        Provision of warranty and service support;

·        Processing orders and shipping goods to customers, including through courier services;

·         Issuance of invoices and compliance with tax and accounting legislation;

·         Exercise and protection of the Administrator's rights, filing or responding to reports, complaints, and claims before competent state and judicial authorities.

The legal basis for processing is Article 6, Paragraph 1, Letter "b" of Regulation (EU) 2016/679 of the European Parliament and the Council. The duration of data processing and storage is the time necessary to fulfill the specific user's order.

In general, we retain your data until the expiration of the applicable statutory limitation periods following the termination of concluded contracts/service provision, as well as in accordance with the applicable timeframes under tax and accounting laws. Our standard retention period in such cases is 5 + 1 years, starting from the execution or termination of the contract. Storage periods may be reviewed and extended in cases of ongoing pre-trial or judicial proceedings, enforcement proceedings, and any other situations where the processing of personal data is required for legal obligation compliance, the exercise of legal rights, or protection against legal claims.

Note: "DASYS ENGINEERING" Ltd. does not collect or process data regarding: Racial or ethnic origin, Political, religious, or philosophical beliefs, Membership in political parties or organizations, associations with religious, philosophical, political, or trade union purposes, Personal data related to sexual life or the human genome.

5. Measures to Ensure Lawful and Fair Processing of Personal Data

In accordance with European data protection legislation, "DASYS ENGINEERING" Ltd. maintains appropriate, necessary, and proportionate technical and organizational measures to protect users' data, including preventing unauthorized access and/or misuse.

Collected data is stored in records located on the hard drives of computer systems with restricted technical and physical access, available only to qualified and trained personnel. The employees of "DASYS ENGINEERING" Ltd. are familiar with applicable legislation and internal policies related to the protection and processing of personal data and adhere to high standards of ethics and confidentiality.

6. Is Personal Data Shared with Third Parties and on What Basis?

"DASYS ENGINEERING" Ltd. shares personal data with the following entities:

·   Accounting services – to fulfill the company's obligations under accounting laws and International Financial Reporting Standards, based on Article 6, Paragraph 1, Letter "c" of Regulation (EU) 2016/679 of the European Parliament and the Council;

·    Authorities – administrative, judicial, and/or executive bodies – when required to disclose trade secrets; in connection with resolving legal disputes before a competent court and/or arbitration tribunal; when mandated by law or absolutely necessary to prevent, detect, or prosecute criminal activity or fraud, based on Article 6, Paragraph 1, Letter "c" of Regulation (EU) 2016/679 of the European Parliament and the Council.

7. What Rights Do Users Have Regarding Their Personal Data Collected by the Administrator?

·     Right to Information – The user has the right to be informed about the data controller, their contact details, what personal data is processed, the purposes of processing, the legal basis and/or legitimate interests, who may receive the data, the retention period, the rights of users, and whether automated decision-making, including profiling, is performed.

·      Right of Access – The user has the right to access their personal data processed by the website.

·      Right to Rectification – The user has the right to request that the administrator correct inaccurate personal data concerning them without undue delay.

·      Right to Erasure – The user has the right to request that the administrator erase their personal data without undue delay.

·     Right to Be Forgotten – If the administrator has made the personal data public and is obliged to delete it, they must take reasonable steps to inform other controllers processing the data that the data subject has requested the deletion of all links, copies, or replications of this personal data.

·    Right to Restriction of Processing – The user has the right to request the restriction of processing under one of the following conditions: The accuracy of the data is contested by the user; The processing is unlawful, but the user does not wish for the data to be erased; The administrator no longer needs the personal data for processing purposes, but the user requires it for legal claims; The user has objected to the processing, and verification by the administrator is pending.

·     Right to Data Portability – The user has the right to receive their personal data from the administrator in a structured, commonly used, and machine-readable format if the processing is carried out by automated means and based on consent or a contractual obligation.

·     Right to Object to Data Processing – The user has the right to object to the processing of their personal data when it is done in the public interest, for the legitimate interests of the administrator, for profiling, or for direct marketing.

·      Right Not to Be Subject to Automated Processing, Including Profiling – The user has the right not to be subject to a decision based solely on automated processing, including profiling.

·      Right to File a Complaint – The user has the right to file a complaint with a supervisory authority (in the Republic of Bulgaria, this is the Commission for Personal Data Protection) if they believe that the processing of their personal data violates the provisions of the Data Protection Regulation.

8. How Can Users Exercise Their Rights?

Users, as data subjects, may exercise their rights at any time. To do so, they must send a request by standard mail or email to the contact details of the data administrator provided below.

9. Contact Details of the Data Administrator:

"DASYS ENGINEERING" Ltd., UIC 201554346
Address: Republic of Bulgaria, Plovdiv 4004, Kuklensko Shose Str. 9P
Phone: +359 32 399 355
Email: dasys@dasys.bg

If you would like to learn more about your rights, how to exercise them, and the relevant procedures, you can visit the information website of the European Data Protection Supervisor or the Personal Data Protection Commission of Bulgaria.

"Dasys Engineering" uses cookies and other tracking technologies (“Cookies”) to enhance site navigation, analyze site usage and assist in our marketing efforts, as further detailed in our Privacy policy.