Privacy Policy

Introduction

Security and proper use of personal data is of utmost importance to us. Our personal data policy does not regulate rights and obligations but serves to explain the users what data we use in order to provide our goods and services, why and how do we process it and when is it necessary to disclose it to third parties. The policy also serves to inform about the rights that users have concerning the processing of personal data done by Maru.bg EOOD.
To make this document clear and user friendly, we use illustrative examples throughout. These examples are not a part of the Personal Data Policy and are not exhaustive.

Basic principles in personal data processing

We process personal data in a lawful, well-meaning and transparent manner. The personal data is processed for concrete, explicitly stated and legitimate purposes and is NOT processed for any other reasons. The processed data is appropriate, associated with and limited to what is necessary according to our purposes (“reducing data to the minimum”)
The processed data can be kept up to date by taking all necessary means to guarantee timely deletion or correction of inaccurate personal data considering our purposes (“accuracy”);
The processed data is kept in a state that allows identifying the subject for a period no longer than the necessary (“limited storage”);
The processed data is kept in a state that guarantees a necessary level of security, including protection from unauthorized or illegal processing and from accidental loss, destruction or damage by taking suitable technical and organizational measures (“integrity and confidentiality”).

Personal data administrator

The personal data Administrator is Maru.bg EOOD., BULSTAT Unified Identification Code (UIC) BG207700975, with headquarters and registered office addressSofia, 289 Cophenhagen bul.. If you have questions concerning privacy or security and want to contact our employees, you can do it via this e-mail address: svilen@maru.bg
This personal data policy can be altered according to the national and the European legislation. All changes take effect the moment they’re published on this page. We advise you to check our website regularly so that you can see the latest changes. The changes can not be made if they imply weaker security of personal data without your agreement.

What types of data do we process

We collect personal data so that we can improve our goods and services. Here are the types of information that we need:
Information you provide: we receive and keep all information you provide that has to do with EL SMART’s services. For example: information concerning searches you conducted, your client profile, e-mail, phone number, address, inquiries, applications for access to personal information, etc.
Automatic information: We automatically receive and store certain types of information when you use the Maru.bg EOOD. site, such as information about your use, including your interaction with the content and services available through the site. Like many websites, we use cookies and other unique identifiers and receive certain types of information when your web browser or device accesses the site. For example: the Internet Protocol (IP) address used to connect your computer or other device to the Internet; e-mail and password; information about your computer, device, and connection information, such as the device type and application or browser type, browser plugins and versions, operating system, or time zone settings; the location of your device or computer; content engagement information such as content downloads, streams, and playback details, including duration and number of concurrent streams and downloads, as well as streaming and download quality; network information, including information about your ISP; Device metrics, such as when a device is used, application usage, connectivity data, and any errors; Site metrics (e.g., technical errors, your interactions with the features and content of the service, preferences for settings and backup information, the location of your app device, information about uploaded images and files (e.g., file name, dates, and the location of your images)), etc.
We may also use device identifiers, cookies, and other technologies on devices, applications, and web pages to collect information about browsing, use, or other technical information for fraud prevention purposes.
Information from other sources: We may receive information about you from other sources, such as: delivery information of goods purchased through the site, information on the number of page views.

What are cookies?

We use cookies to deliver our services and to deliver you successfully any of the products on our site. For more information on cookies and how we use them, please read our Cookies Policy.

On what basis do we collect and process your personal data

We collect and process your personal information lawfully and in accordance with this Privacy Policy. We process data only when you have given your explicit consent to the processing of personal data, or the processing is necessary to perform a contract to which you are a party or to take steps on your own initiative before entering into a contract (just using the site, without having to purchase anything, is considered such a step). Data processing is also necessary for the purposes of our legitimate interest, namely: when we can’t offer our services or enter into a contract for trade without processing certain types of data; for improving our website and bringing more value and better services to our customers. For example, collecting site search information is a legitimate interest of ours because it is the basic method of determining the quality of our services and just how much our goods are needed. Because of the above mentioned grounds for collecting and processing personal data, if you consider that you do not wish to provide Maru.bg EOOD. with the personal data necessary to conclude a Purchase and Sale Agreement, it will be effectively impossible for Maru.bg EOOD. to provide you with goods and services.

Objectives for personal data processing

We process your personal data in order to provide and improve the goods and services on the site. These objectives include:
Purchase and delivery of products and services. We use your personal data to accept and handle orders, deliver products and services, make payments and communicate with you about orders, products, services and promotional offers.
Provide, troubleshoot and improve the services of Maru.bg EOOD. We use your personal data to provide functionality, analyze performance, correct errors and improve website usability and efficiency.
Recommendations and personalization. We use your personal information to recommend features, products and services that may be of interest to you, identify your preferences and customize your experience on the site.
Fulfillment of statutory obligations. In some cases, we have a legal obligation to collect and process your personal information. For example, we process personal data in order to fulfill the obligations arising from accounting and tax law. Also, when a consumer purchases a product from Maru.bg EOOD. under consumer protection law, Maru.bg EOOD. is obliged to provide a guarantee for the product if, at the time of its delivery, it is defective, which manifests itself within two years after making it available to the user. In order to fulfill this obligation, Maru.bg EOOD. should process the basic data of the consumer (by which the right to claim is established), as well as the data for the respective contract (by which it is established whether the commodity is under warranty).
Communicating with you. We use your personal information to communicate with you regarding the goods and services we provide through various channels (e.g., by phone, email, chat). Fraud and Credit Risk Prevention. We process personal information to prevent and detect fraud and abuse and to protect the security of our customers.
Objectives for which we seek your consent. We may also request your consent to process your personal data for the specific purpose that we communicate to you. When you agree to process your personal data for a specific purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose. However, if the processing is necessary for other lawful purpose, we can continue to process the data.

Categories of individuals to whom we disclose the user’s personal data

Our customers’ personal data is an important part of our business and we do not sell it to third parties. Maru.bg EOOD. may only share the customer’s personal data (or a portion of it) as described below and with third parties who comply with practices that are at least as protective as those described in this Privacy Policy. Maru.bg EOOD. may share personal information of its clients with third parties who process personal data. Data processors are persons who process personal data on behalf of Maru.bg EOOD. on the basis of a written agreement. They may not process personal data provided to them for purposes other than the performance of the work entrusted to them by Maru.bg EOOD. Processors are obliged to follow all instructions of Maru.bg EOOD.. Maru.bg EOOD. takes the necessary measures to ensure that the processors involved strictly comply with the data protection legislation and instructions of Maru.bg EOOD. and that they have taken the appropriate technical and organizational measures to protect the personal data.

Examples of personal data processors are:

  • Courier service providers;
  • Service providers for the deployment and / or maintenance of information systems that sometimes need to access personal data processed in the systems concerning providing the services;
  • Law firms, accounting firms or other consultancy providers;
  • Hosting Service Providers

Maru.bg EOOD. may share personal information of its clients with banks and payment institutions. For the purpose of servicing the consumers’ payments, whether by bank transfer or through a payment institution, it is necessary to exchange data between Maru.bg EOOD. and the respective bank or payment institution. Third parties that have to do with the transformation (e.g. merger or acquisition) or the transfer of an enterprise. In the case of conversion of Maru.bg EOOD., as well as in the case of transfer of assets in accordance with the applicable legislation, it is possible that the personal data of the users, administered by Maru.bg EOOD., may be provided to a third party successor. Authorities. The legislation of the Republic of Bulgaria requires Maru.bg EOOD. to store certain personal data for the users for a fixed period. In the presence of statutory prerequisites, such personal data processed by Maru.bg EOOD. should be made available to the competent authorities.

What methods do we use to protect your personal data?

We work diligently to protect the security of your information when transferring it, using a Secure Sockets Layer (SSL) certificate that encrypts the information you enter. In addition, we maintain physical, electronic, and procedural safeguards regarding the collection, storage and disclosure of your personal information. Our security procedures mean that we may sometimes ask for proof of identity before disclosing your personal information. Devices that store your personal data offer security features to help protect them against unauthorized access and data loss. It’s important to protect yourself against unauthorized access to your password and to your computers and devices. Be sure to sign out when you’re done using a shared computer.

How long do we store your personal data

Maru.bg EOOD. stores the personal data of users for as long as is necessary to achieve the goals set out in this Privacy Policy or to comply with the requirements of the law. In order to fulfill our obligations arising from tax and accounting legislation, data about a consumer is stored for a period of 11 years, from the termination of his last contract, insofar as the consumer has no outstanding obligations to Maru.bg EOOD. After this period has expired, they will be anonymized or deleted, unless: they are necessary for pending court, arbitration, administrative or enforcement proceedings, or in the case of a complaint from the consumer, which should be considered by Maru.bg EOOD.; the user has exercised his right to request a restriction on the processing of personal data concerning him / her; Maru.bg EOOD. endeavors to ensure that the processed personal data of the users is updated (and corrected if necessary) and that no data is stored that is not necessary for achieving the goals described above.

General information on the rights of individuals

Maru.bg EOOD. takes action at the request of an individual to exercise a right under this section only if able to identify the person concerned. Only individuals who can be identified by Maru.bg EOOD. have the opportunity to exercise their rights under this section. If the purposes for which Maru.bg EOOD. processes personal data do not require or no longer require the identification of an individual, Maru.bg EOOD. has no obligation to maintain, obtain or process additional information in order to identify the person for the sole purpose of taking action at the request of that person. Maru.bg EOOD. notifies individuals of the actions taken within one month of receiving a request under this section, in some cases this period may be extended by another two months. Maru.bg EOOD. shall provide individuals with information on actions taken in connection with their claims for the exercise of rights under this section without undue delay and in any event within one month of receipt of the request. If necessary, this period may be extended by another two months, taking into account the complexity and number of requests. Maru.bg EOOD. shall inform the person concerned of any such extension within one month of receipt of the request, indicating the reasons for the delay. In case of refusal to fulfill the request, Maru.bg EOOD. informs the respective individuals about their rights. If Maru.bg EOOD. does not take action at the request of an individual, Maru.bg EOOD. shall notify them (without delay and within one month after receiving the request) for the reasons for not taking action, as well as for the possibility of filing Appeal to the Commission for Personal Data Protection and Legal Prosecution. In certain cases Maru.bg EOOD. may request additional information to verify the identity of individuals. In the event that Maru.bg EOOD. has reasonable concerns about the identity of the individual who requests this section, Maru.bg EOOD. may request the provision of additional information necessary to confirm the identity of the individual.The actions taken by Maru.bg EOOD. for and in connection with claims for the exercise of rights under this section are completely free of charge to the persons, unless their claims are manifestly unfounded or excessive. When the case is such (for example, because of its repetitive nature), Maru.bg EOOD. has the right, at its sole discretion: (a) to refuse to comply with the request; or (b) request payment of a reasonable fee, determined on the basis of the administrative costs necessary to provide the requested information or to take the requested action.

Users have the right to access personal data concerning them

Consumers have the right to receive information from Maru.bg EOOD. whether personal data related to them is being processed. If so, users have the right to access the relevant data.Correcting inaccurate or out of date personal dataIf the personal data processed by Maru.bg EOOD. is inaccurate or out of date, users have the right to request that Maru.bg EOOD. corrects them.

Deletiton of personal information (“Right to be forgotten”)

Users have the right to request from Maru.bg EOOD. to delete their personal data in the following cases:

  • personal data is no longer needed for the purposes for which it was collected or processed;
  • the consumer has withdrawn his consent on which the processing of personal data is based and there is no other legal basis for the processing of the personal data;
  • the consumer has objected to the processing of personal data which is based on the legitimate interest of Maru.bg EOOD., unless there are other legitimate grounds for processing that take precedence over the interests, rights and freedoms of the user, or the processing of data is necessary for the establishment, exercise or defense of legal claims;
  • the consumer has objected to the processing of personal data for the purposes of direct marketing and there are no other legitimate grounds for processing that data;
  • personal data relating to the respective user wasprocessed illegally;
  • personal data must be deleted by Maru.bg EOOD. in order to comply with a legal obligation arising from the law of the Republic of Bulgaria or the law of the European Union.

Restrict the processing of my personal data

As of May 25, 2018, users have the right to request from Maru.bg EOOD. to restrict the processing of related personal data in the following cases:

  • the accuracy of personal data is challenged by the user for a period that allows Maru.bg EOOD. to verify the accuracy of the personal data;
  • the processing is unlawful, but the user does not want the personal data to be erased, but calls for restricting its use instead;
  • Maru.bg EOOD. no longer needs personal data for the purposes of processing, but the user requires it for the establishment, exercise or defense of legal claims;
  • the consumer has objected to the processing of personal data based on the legitimate interest of Maru.bg EOOD., pending verification that the legitimate grounds of Maru.bg EOOD. have priority over the interests of Maru.bg EOOD.

Portability of my personal data

As of May 25, 2018, users have the right to receive from Maru.bg EOOD. the personal data provided by them in a structured, widely used and machine-readable format, as well as to transfer this data to another administrator without hindrance from Maru.bg EOOD. insofar as:

  • Maru.bg EOOD. processes this data for the purpose of concluding or executing a contract with the consumer, or on the basis of the consent of the latter; and
  • the processing of the relevant data is done in an automated manner.

Users have the right to request Maru.bg EOOD. to transfer their personal data directly to another administrator, when technically feasible.

Objection to the processing of personal data

Consumers have the right, at any time and on grounds relating to their particular situation, to object to the processing of personal data concerning them when Maru.bg EOOD. processes their data to protect their legitimate interests. In certain cases, this right is unconditional and Maru.bg EOOD. will always suspend the processing of data in case of objection from the users. These are the cases in which Maru.bg EOOD. processes personal data for direct marketing purposes.
In all other cases, depending on the nature of the objection and the circumstances put forward by the relevant consumer, Maru.bg EOOD. will carry out an internal review of the objection and rule on it in accordance with this section, by: (a) informing the consumer that it will suspend the processing of his / her personal data; or (b) reasonably refuses to suspend the processing of his / her personal data, if there are legal grounds for doing so.
You can exercise your right of access to your personal data, correct, delete, restrict their processing and portability here.

Right to complain to a supervisory authority

Consumers have the right to file complaints or alerts to the Commission for Personal Data Protection (CPDP) in the event that they believe Maru.bg EOOD. violates personal data protection legislation. Complaint instructions are published on the CPDP website https://www.cpdp.bg
After 25.05.2018, consumers may also file complaints with other supervisory authorities within the territory of the European Union as provided for in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), or hereinafter referred to as “GDPR”.