Mandatory information on the rights of natural persons with regard to personal data protection (Privacy notice)

General information

The European Union’s General Data Protection Regulation (“GDPR”), coming into effect in 25 May 2018, lays out a new set of rules for how the personal data of people living within the EU should be handled. It sets out the protection of personal data as a guaranteed right for all citizens across EU.

As a personal data processor when offering hosting services, Bluebagcoffee.eu is compliant with all the requirements of the regulation and meets the high standards “Data privacy by design and by default”. Only the required legal minimum of personal data is gathered, processed and kept secure with the appropriate technical and organizational measures.

Information about the Controller

  1. Name: Blue Bag Coffee LTD
  2. VAT/BULSTAT :204463485
  3. Seat and registered address: Sofia 1480, Manastriski Livadi neighb., Pirin №44 street
  4. Correspondence address: Sofia 1680, Manastirski Livadi neighb., General Stefan Toshev №59 street.
  5. Telephone: +359 878 580 171/ +359 878 367638
  6. Email: info@bluebagcoffee.eu
  7. Controller’s registration number with the Commission for Personal Data Protection № 1443380

Information about the Data Protection Officer

  1. Name: Inna Ivanova
  2. VAT/BULSTAT : 204463485
  3. Seat and registered address: Sofia 1680, Manastirski Livadi neighb., General Stefan Toshev №59 street.
  4. Correspondence address: Sofia 1680, Manastirski Livadi neighb., General Stefan Toshev №59 street.
  5. Telephone: +359 878 367638
  6. Email: info@bluebagcoffee.eu

Information about the Supervisory Authority

  1. Name: Commission for Personal Data Protection
  2. Seat and registered address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia
  3. Correspondence address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia
  4. Telephone: 02 915 3 518
  5. Email: kzld@government.bgkzld@cpdp.bg
  6. Website: cpdp.bg

Bluebagcoffee.eu operates in accordance with the Personal Data Protection Act and Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

 

Grounds for collecting, processing and storing your personal data

Art. 1. (1) „Bluebagcoffee.eu“ (Blue Bag Coffee LTD) shall collect and process your personal data in relation to the sale of goods/services, in real and virtual area, conclusion of contracts with the Company on the grounds of Art. 6, Para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:

  • explicit consent provided by you as a customer;
  • fulfillment of the obligations of Blue Bag Coffee LTD under contract with you;
  • compliance with a legal obligation applicable to Blue Bag Coffee LTD;
  • for the purposes of the legitimate interest of Blue Bag Coffee LTD.
  • Blue Bag Coffee LTD shall be a controller regarding your data as the User of our services/goods. With regard to the personal data you process using our Internet shop, eu shall act as a processor.

Purposes and principles for collecting, processing and storing your personal data

Art. 2. (1) Blue Bag Coffee LTD shall collect and process the personal data you provide to us in connection with the buying of goods/services and for the conclusion of a contract with the Company as well as for subscribing to our events, including for the following purposes:

  • creating a profile for the sale of from our side of goods/services at our Internet shop or at our shop located at General Stefan Toshev 59 street, Sofia;
  • individualization of a party to this contract;
  • registration of a participant in an event organized by Blue Bag Coffee LTD;
  • accounting purposes;
  • statistical purposes;
  • information security;
  • securing the implementation of this contract for the provision of the respective goods / service;
  • sending information e-mails, announcements about changes in services/stocks, and recommendations to improve the use of the platform/goods, new and upgraded subscription plans etc.;
  • improving and personalizing the service by suitable offers, ads, promotional campaigns, events and other products and services that might be of interest to you;
  • provision of technical support via email/telephone contact with us;

 (2) bluebagcoffee.eu shall comply with the following principles when processing your personal data:

  • lawfulness, fairness and transparency;
  • limitation of the purposes for processing;
  • relevance with processing purposes and minimization of data collection;
  • accuracy and age of the data;
  • limitation of storage for the achievement of the purposes;
  • integrity and confidentiality of processing, and ensuring an adequate level of security for the personal data.

(3) When processing and storing personal data, bluebagcoffee.eu may process and store personal data to protect the following legitimate interests of theirs:

  • fulfilling their obligations to the National Revenue Agency, the Ministry of Interior and other governmental or municipal authorities.

What kind of personal data shall bluebagcoffee.eu collects, process and store?

Art. 3. (1) bluebagcoffee.eu shall perform the following operations with personal data and for the following purposes:

  • Registration of a user on the website and implementation of a contract for the provision of goods/services. The purpose of this operation is for the user to provide Name, Telephone, and Address for delivery of the product he has ordered through our eu Internet shop.
  • By accepting the terms of use when sending an order from our online store or when sending an order made by phone, the Customer / User agrees to the terms of use. On the basis of the Impact Assessment referred to above, the Data Protection Officer considers that the Operation “Conclusion of a Goods / Service Delivery Contract” is permissible for performance and provides sufficient safeguards to protect the rights and legitimate interests of the data subjects in compliance with GDPR requirements.
  • Conclusion and implementation of a commercial transaction with a customer or a partner. The purpose of this operation shall be to conclude and implement a contract with a business partner or customer and the administration thereof.
  • Sending information and notification e-mails. The purpose of this operation shall be to administer the process of sending notification messages to customers about goods/service improvements or expiration.
  • Sending a newsletter – the purpose of this operation is to administer the process of sending newsletters to customers who have declared they wish to receive this information.

(2) Bluebagcoffee.eu shall process the following categories of personal data and information for the following purposes, and for the following reasons:

  • Data: Your personalizing data (name and surname, e-mail, country, phone)
    • Purpose for which data is collected: 1) To register the User. 2) To establish contact with the User and to send information to them, including, when the User has asked, to send newsletters or advertising messages.
    • Grounds for processing your personal data. By accepting the terms and conditions, registering on the website and purchasing goods/service, a contractual relationship shall be established between eu and you, on which basis we shall process your personal data – Art. 6, Para. 1, Item (b) of the GDPR.
  • Additional data provided by you. If you want to update your profile, you can fill in the contact details and the administration contact email.
    • Purpose for which data is collected: Updating the information in the User’s account.
    • Grounds for data processing:By accepting the terms and conditions, registering on the website and purchasing good or service, a contractual relationship shall be established between eu and you, on which basis we shall process your personal data – Art. 6, Para. 1, Item (b) of the GDPR.
  • Other data that bluebagcoffee.eu shall process. When logging in to our website or your account, eu shall collect data about the IP address you use.
    • Purpose for which data is collected: Improving security of the service and interface localization, statistical and marketing research.
    • Grounds for data processing: The data processing is necessary for the implementation of the contract by which the data subject is a party – Art. 6, Para. 1, Item (b) of the GDPR. Before the creation of the User’s profile, the IP address shall be collected on the basis of the legitimate interests of the Controller – Art. 6, Para. 1, Item (e) of the GDPR.
  • Your invoice data. If you would like an invoice to be issued to you as a natural person, you should provide us with your Name and Surname.
    • Purpose for which data is collected: Issuing an invoice for payments under a contract for the provision of goods and/or services.
    • Grounds for processing your personal data. By accepting the terms and conditions, registering on the website or signing a written contract, a contractual relationship shall be established between Blue Bag Coffee LTD and you, on which basis we shall process your personal data – Art. 6, Para. 1, Item (b) of the GDPR.

(3) Blue Bag Coffee LTD shall not collect or process personal data that relates to the following:

  • reveal racial or ethnic origin;
  • reveal political, religious or philosophical beliefs, or trade union membership;
  • genetic and biometric data, health data, or data on sexual life or sexual orientation.

(4) Personal data shall be collected by Blue Bag Coffee LTD from the persons to whom it relates.

(5) The Company shall not perform automated decision making with data.

Personal data storage period

Art. 4. (1) Blue Bag Coffee LTD shall store your personal data for no longer than 10 years. Upon expiry of this period, Blue Bag Coffee LTD shall take reasonable care to erase and destroy all your data without undue delay.

(2) Blue Bag Coffee LTD shall notify you in case the storage period needs to be extended in order to achieve the purposes, the implementation of the contract, in view of the legitimate interests of bluebagcoffee.eu or otherwise.

(3) Blue Bag Coffee LTD shall keep the personal data that they are required to keep under the applicable legislation for the required term, which may exceed the duration of your registration, at our Internet shop bluebagcoffee.eu.

Transfer of your personal data for processing

Art. 5. (1) Blue Bag Coffee LTD may, at their sole discretion, transmit all or part of your personal data to personal data processors for the fulfillment of the processing purposes, subject to the requirements of Regulation (EU) 2016/679.

(2) Blue Bag Coffee LTD shall notify you in case of intent to transmit all or part of your personal data to third countries or international organizations.

Your rights when collecting, processing or storing your personal data

Withdrawal of consent to process your personal data

Art. 6. (1) If you do not wish all or any of your personal data to continue to be processed by bluebagcoffee.eu for a particular or for any processing purpose, you may, at any time, withdraw your consent to processing by a request in free text.

(2) bluebagcoffee.eu may require you to prove your identity and your identity with the data subject.

(3) Your account shall become inactive if you withdraw your consent for the processing of personal data, which is required for creating and maintaining your registration for the use of the services.

Right of access

Art. 7. (1) You shall have the right to request and obtain from bluebagcoffee.eu confirmation as to whether or not personal data about you is being processed.

(2) You shall have the right to access the data relating to it as well as the information relating to the collection, processing and storage of your personal data.

(3) bluebagcoffee.eu shall provide you, upon request, with a copy of the processed personal data about you, in electronic or other appropriate form.

(4) Providing access to the data shall be free of charge, but bluebagcoffee.eu shall reserve the right to impose an administrative fee in the event of recurrence or disproportionate claims.

Right to rectification or filling in

Art. 8. You can rectify or fill in the inaccurate or incomplete personal data about you directly through your website profile or by sending a request to bluebagcoffee.eu.

Right to erasure (‘right to be forgotten’)

Art. 9.(1) You shall have the right to request from bluebagcoffee.eu the erasure of the personal data about you, and bluebagcoffee.eu shall have the obligation to erase it without undue delay where one of the following grounds applies:

  • the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;
  • you withdraw your consent on which the data processing is based and where there is no other legal ground for the processing;
  • you object to the processing of the data about you, including for the purposes of the direct marketing, and there are no overriding legitimate grounds;
  • the personal data has been unlawfully processed;
  • the personal data has to be erased for compliance with a legal obligation in the EU or Member State law to which Blue Bag Coffee LTD is subject;
  • the personal data has been collected in relation to the offer of information society services.

(2) bluebagcoffee.eu shall not be obliged to erase the personal data, if they store and process the data:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by the EU or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • for reasons of public interest in the area of public health;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
  • for the establishment, exercise or defense of legal claims.

(3) In order to exercise your right to be ‘forgotten’, you should submit a written request sent to info@bluebagcoffee.eu as well as to authenticate your identity at our place with the person to whom the data provided to bluebagcoffee.eu relates, by presenting your identity card on the spot for identification purposes and, if necessary, entering your login details in the account of the person to whom the data is related, to an employee of bluebagcoffee.eu.

– you can delete your personal data and your personal profile in our website, with this button:

(4) bluebagcoffee.eu shall not erase the data that we have a legal obligation to store, including for protection against claims brought against us or proof of our rights.

Right to restriction

Art. 10. You shall have the right to request from bluebagcoffee.eu restriction of processing of data about you where one of the following applies:

  • you contest the accuracy of the personal data, for a period enabling eu to verify the accuracy of the personal data;
  • the processing is unlawful, but you oppose the erasure of the personal data and only request the restriction of their use instead;
  • eu no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of your legal claims;
  • you have objected to processing, pending the verification whether the legitimate grounds of eu override those of yours.

Right to data portability

Art. 11. (1) You may, at any time, see or request by email, the data about you that are stored and processed in connection with the use of bluebagcoffee.eu Internet shop.
You can export your personal data on our website with this button:

You can also rectify your personal data on our website here:

(2) You can request bluebagcoffee.eu to transmit your personal data directly to another controller, chosen by you, where technically feasible.

Right to receive information

Art. 12. You may request from bluebagcoffee.eu to inform you of all recipients to whom personal data has been disclosed for which rectification, erasure or limitation of the processing has been requested. Bluebagcoffee.eu may refuse to provide this information if this would not be possible or would require disproportionate effort.

Right to object

Art. 13. You shall have the right to object, on grounds relating to your particular situation, at any time, to processing of personal data about you, by bluebagcoffee.eu including profiling or direct marketing.

Your rights upon personal data security breach

Art. 14. (1) If bluebagcoffee.eu become aware of a breach in your personal data that is likely to result in a risk to your rights and freedoms, we shall, without undue delay, notify you about this breach and about the measures that have been undertaken or are to be undertaken.

(2) bluebagcoffee.eu shall not be obliged to notify you if:

  • we have implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach;
  • we have taken subsequent measures which ensure that the high risk to your rights and freedoms is no longer likely to materialize;
  • the notification would involve disproportionate effort.

Persons provided with your personal data

Art. 15. Econt Express Company or other logistic company, which processes your personal data with the goal to deliver you the goods bought from our company Blue Bag Coffee LTD.

Art. 16. The Controller shall not transfer your data to third countries.

 

Other provisions

Art. 17. In case of violation of your rights under the above or applicable data protection laws, you shall have the right to file a complaint with the Commission for Personal Data Protection as follows:

  1. Name: Commission for Personal Data Protection
  2. Seat and registered address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia
  3. Correspondence address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia
  4. Telephone: 02 915 3 518
  5. Email: kzld@government.bgkzld@cpdp.bg
  6. Website: cpdp.bg

Art. 18. You may exercise all of your rights to protect your personal data through the forms enclosed with this information. Of course, these forms shall not be mandatory and you can make your claims in any form that contains a statement about it and identifies you as the data holder.

Art. 19. If the consent relates to transfer, the Controller shall describe the possible risks in the transfer of data to third countries in the absence of a decision for adequate protection and appropriate remedies.

Art. 20(1). When assigning bluebagcoffee.eu to process personal data to a third party for the purposes of provision of goods/services, bluebagcoffee.eu shall act in their capacity of a personal data processor.

(2). In the cases under Para. 1, bluebagcoffee.eu shall act only on your instruction as the User of the service and only as long as they may have control over the personal data you are processing. Bluebagcoffee.eu shall have no control over the content and data that you as a service user choose to be uploaded to the service (including whether or not this data includes personal data). In this case, bluebagcoffee.eu shall have no role in the decision-making process whether the User uses the data processing service, for what purposes and whether it is protected. Accordingly, the responsibility of bluebagcoffee.eu in this case shall be limited to 1) complying with the instructions of the User of the service, pursuant to the contract and the general terms and conditions, and 2) providing information about the goods/service and functionalities through their interface.

 

Cookie Policy

Bluebagcoffee.eu uses cookies which allow the website to function properly. By continuing to use and navigate our website, you agree with our use of cookies.

There are several types of cookies:

  • Essential cookies:

Some cookies are essential in order to enable you to move around our websites and use their features, such as choosing your language or prices according to different VAT values in different countries. These types of cookies also turn on cache options, etc.

  • Analytical cookies:

We also use cookies to track visits on our website and personalize your experience from information we infer from your behavior (Google Analytics cookies). These cookies do not contain personal data. They show us information which pages of our website are visited, the type of browser via desktop/mobile access and other anonymous data. For IP addresses we also use _anonymizelp. We keep data in Google Analytics for no more that 50 months.

  • Functional cookies:

Without these cookies, we cannot enable important features on our website such as uploaded videos, chat sessions, preferred language, etc.

  • Targeting cookies:

These cookies contain information how you use our website that we may share with data providers solely in hashed, non-human readable form. They do not contain personal data. These cookies help us displaying you only information, which is relevant. These are the dynamic cookies of Facebook, Google, Adform, Adwise, etc.
Check your saved cookie preferences here:

You can personalize the use of cookies in your browser settings.

You may find further information on how to disable cookies or manage your cookie settings for the browser that you use from the following list:

Note that by disabling certain categories of cookies, you may be prevented from accessing some features of our website or certain content or functionality may not be available.

 

What security measures have been taken in bluebagcoffee.eu infrastructures to keep your personal data safe?

The security of every type of information, including personal data, located on our infrastructure is a priority for us as a company. Security is something we cannot afford to compromise. That is why we provide the security information that our hosting provider provides on our platform and the way it protects our email accounts and our communication with you. Our site is located on a platform registered at www.superhosting.bg; they in turn state the following:

“Long before GDPR compliance steps were made, a whole new security system was developed and implemented on our infrastructure – SH Protect. It is a multilevel working system monitoring and protecting the websites and personal data of our customers from a considerable number of malicious action attempts. The system is updated every day so that customer information is being secured in the most effective way.
It was 3 years ago when a whole system against DDoS attacks was implemented. It detects around 95% of the common DDoS attacks and is being continuously updated with newly registered attacks.
Our team keeps working on blocking malicious actions towards data stored in our infrastructure as well as improving the quality of the secure systems”.
You can find more information how we keep your website and mail data safe in our blog: https://blog.superhosting.bg/en/security-challenge-accepted.html