This Privacy Notice in relation to the processing of personal data by FoodObox 2021 EOOD is designed to help you understand what personal data we collect, why we collect it and what we do with it. Please take the time to read this Privacy Notice carefully. We want you to be aware of how we use your information and the ways in which you can exercise your rights. 

This Privacy Notice applies to your personal information when you visit our web- based site: https://foodobox.com/ (“Site”) https://foodobox.com/ (“Site”) or use our services in connection with brokering Sellers’ offerings of beverages and non-perishable food takeaway products, including those with expiration dates, defective packaging and/or cosmetic defects, for reservation for purchase by Buyers through this Site (“Services”), and does not apply to other websites/e-commerce sites and/or services that we do not own or control. 

WHO WE ARE 

The company providing Services to you is FoodObox 2021 EOOD, UIC 206757546, headquarters and registered address: BULGARIA, Sofia, Sredets district, 57 NEOFIT RILSKI, fl. 2. 

Data Protection Officer is: Jane Dimitrova Dimitrova, email: ddimitrova@foodobox.com, tel.: +359887566588. 

We respect the right to privacy and work continuously to keep the data we process minimized and as secure as possible. However, in order for you to use our Services, we must process certain personal data. When you register an account on our Site and/or use our Services, you acknowledge that you have read and understood this Privacy Notice in relation to the processing of personal data by FoodObox 2021 EOOD. 

DESCRIPTION OF PERSONAL DATA AND PURPOSE OF PROCESSING 

Personal data is data that identifies and relates to someone as an individual. 

We collect certain personal data in order to provide you with our Services. We only process personal data for lawful reasons. We do not sell or otherwise distribute your personal data. In individual cases, we only share your personal data with selected service providers where it is necessary for the provision of our Services and as specifically described below.  

“FoodObox 2021 EOOD, as Data Controller, processes personal data as follows: 

Sellers who have registered an account on the Site: 

Categories of Subjects: 

In connection with the provision of our Services through this Site, we process personal data of the following categories of subjects: 

  • legal representatives of Sellers – Legal entities; 
  • sellers’ proxies – legal entities; 
  • contact persons of the Sellers – legal entities.

Categories of personal data 

“FoodObox 2021 EOOD. processes the following categories of personal data of the persons mentioned above: 

  • Physical identity data – three names; 
  • Contact details – email, telephone

Purpose of processing: 

“FoodObox 2021 EOOD will process the above data for at least one of the following purposes: 

  • entering into a contractual relationship by registering an account on the Site; 
  • identification of Sellers-legal entities and their representatives and confirmation of the data provided; 
  • performance and provision of the Services offered by us; 
  • maintaining communication with Sellers; 
  • providing technical support;  
  • accounting services, including issuing invoices and confirming payment; 
  • debt collection; 
  • administering and defending legal claims and actions.

Grounds for processing 

  • Performance of pre-contractual and contractual obligations in connection with the provision of our Services; 
  • performance of legal obligations.

Duration of processing 

  • We will process the personal data as long as the Seller’s/User’s account exists on our Site/System and up to 5 (five) years after its deletion or after the completion of any dispute procedures. Accounting data and documents relating to payments made will be kept for up to 10 years from the occurrence of the accounting event.

Personal data obtained from our contact form on the Site: 

Where we have received an enquiry from an individual via one of our contact forms available on the Site, we will use the contact details they have provided to contact them and provide them with the information or assistance they require. 

The personal data obtained through the contact form will be stored for up to 6 (six) months from the receipt of the relevant enquiry. 

Personal data of persons who have subscribed to our newsletter: 

We will use your email address to send you updates about our Services, promotions, discounts and bonuses that you can enjoy. We will only do this if you give us your express consent to receive this information. 

Your consent is voluntary and we will not refuse you our Services if you do not provide it to us. However, we believe that you will benefit greatly from receiving this information because it will reflect our latest projects and ideas to improve our services and customer satisfaction.  

We will not use your contacts to advertise third party products or services. 

You may withdraw your consent to receive this information at any time by unsubscribing from our newsletter or addressing your withdrawal to the Privacy Officer by any means convenient to you. 

METHOD OF COLLECTION OF PERSONAL DATA 

We only process and use data that Sellers have voluntarily provided to us. This means that it is each Seller’s responsibility not to provide data to third parties in breach of their data protection rights, as we have no practical ability to control whether Sellers provide data to us with third parties’ knowledge and consent given in accordance with legal requirements.  

Therefore, any person is fully personally liable if they provide data to us without their knowledge or consent in complying with the requirements of applicable data protection law, including in respect of the data of individuals representing the Vendor Entities. 

SECURITY MEASURES 

We have taken a wide range of technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. Personal Data is accessible only to those individuals who need access to perform their work in connection with the provision of our Services. These individuals are trained and authorised accordingly. Our staff process personal data in accordance with the requirements of legality, confidentiality, ethics and appropriate use of data.  

SUBPROCESSORS 

To provide quality services, we have engaged service providers – processors carefully selected according to their capacity to protect and process personal data. Without them, the implementation of our Services would not be possible. We only use subcontractors – professionals in the relevant field, through whom we provide additional security for your data and to whom we provide only the information necessary for them to carry out their assigned activities, including: 

  • Banks; 
  • IT and other software and hardware service providers; 
  • External accountants, auditors and legal advisers. 

Where required by law, your personal data may be provided to competent government authorities and institutions such as the NRA etc. 

We do not provide your personal data to third parties without a legal or contractual basis, nor do we sell or otherwise distribute it.

INFORMATION WE SHARE 

We do not share information containing personal data with legal entities, organizations and individuals unless one of the following circumstances applies: 

  1. With your consent – we will share information containing personal data with entities, organizations and individuals when we have your consent to do so; 
  1. To perform certain services – with third party processors of personal data – as described above; 
  1. Legal requirements – we will share information containing personal data with other entities, organisations or individuals if we have reason to believe that access, use, retention or disclosure of the information is reasonably necessary and/or required to: 
  • the purposes of a valid law, regulation, legal process or final court order; 
  • collection of amounts due; 
  • enforcement of the applicable Terms of Use, including investigation of potential violations; 
  • detecting, preventing or otherwise dealing with fraud, technical or security problems; 
  • protect against harm to our rights, property or safety, our users or the public as required or permitted by law. 

We may disclose and/or share with our partners or on our Site general and aggregate information about the use of our Services without such information being personally identifiable. For example, we may share information publicly to present trends about the general use of our Services. 

YOUR RIGHTS 

You have the right to request a copy of your personal information at any time, to check the accuracy of the information held, to correct or update that information, to request that your personal information be deleted if there are grounds for doing so as described below. You also have the right to complain where your data protection rights have been breached. We have detailed your rights as a data subject below: 

– you have the right to request confirmation as to whether personal data relating to you is being processed and to request a copy of your personal data and to information relating to the collection, processing and storage of your personal data; 

– you have the right to have your personal data erased on any of the following grounds: the personal data is no longer necessary for the purposes for which it was collected; where you have objected to the processing; where the processing is unlawful; where the data is processed on the basis of your consent and you withdraw that consent; where the personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the Controller is subject. We may refuse to erase your personal data for the following reasons: To exercise the right to freedom of expression and the right to information; to comply with our legal obligation or to perform a task carried out in the public interest or in the exercise of official authority vested in us; for reasons of public interest in the field of public health; for the establishment, exercise or defence of legal claims.  

– You have the right to have your personal data corrected if it is inaccurate or completed if it is incomplete; 

– you have the right to request that the processing of your personal data be restricted if this is applicable and there is a basis for doing so, for example: you contest the accuracy of the personal data, for a period that allows us to verify the accuracy of the personal data; the processing is unlawful but you do not want the personal data to be erased, only its use to be restricted; we no longer need the personal data for the purposes of the processing but you require it for the establishment, exercise or defence of legal claims; you have objected to the processing pending verification that our legitimate grounds override your interests; 

– you have the right to request to receive the personal data concerning you that you have provided in a structured, commonly used and machine-readable format and you have the right to transfer that data to another controller where the processing is based on consent or a contractual obligation and the processing is carried out by automated means; 

– you have the right to object to such processing of your personal data before the Data Protection Officer if there are grounds for doing so. 

You may address any requests to the Data Protection Officer referred to above. In order for us to be able to fully assist you, please provide us with accurate information about you and specify your request. It is possible that in exercising your rights we may request additional information to establish your identity. 

Please note that where your requests are manifestly unfounded or excessive, in particular because of their repetitive nature, we may: 

  1. charge a fee, taking into account the administrative costs of providing the information or communication or taking the action requested, or 
  1. refuse to act on the request.

We will use reasonable endeavours to comply with your request within 30 days of receiving your request. If necessary, this time limit may be extended by two months, taking into account the complexity and number of requests. 

SUPERVISORY AUTHORITY 

If you believe that we have violated your rights in relation to your personal data, you may file a complaint with the supervisory authority of Bulgaria — the Commission for Personal Data Protection with contact details: 1592 Sofia, 2, Prof. Tsvetan Lazarov Blvd.; kzld@cpdp.bg. 

You can also file your complaint in the country where you live, at your place of work or at the place where you believe we have violated your rights.