EN
Information about the Data Administrator:
Administrator: "STELVEL-R" Ltd., EIK 207007825
Mailing Address: Burgas Region, Municipality of Nessebar, Nessebar town, Sunny Beach Resort West, Amadeus Complex XIX, Floor 1, Apt. 1A, Republic of Bulgaria
Phone: +35989 270 5119
E-mail: office@stelvelr.com
Website: https://stelvelr.com
Information about the Competent Supervisory Authority for Personal Data Protection:
Name: Commission for Personal Data Protection
Headquarters and management address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2
Mailing address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2Phone: 02 915 3 518
Website: www.cpdp.bg
"STELVEL-R"Ltd., Unified Identification Code (UIC) 207007825 (referred to below as the"Controller" for brevity), conducts its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This information aims to inform you about all aspects of the processing of your personal data by the Controller and the rights you have inconnection with this processing.
Reason for collection, processing, and storage of your personal data Art.1. The Administrator collects and processes your personal data in conjunction with the use of the website https://stelvelr.com and in conjunction with the conclusion of contracts on the basis of Art. 6, para. 1, Regulation(EU) 2016/679 (GDPR), specifically based on the following grounds:
Explicit consent received from you as a Customer;
In connection with the purposes of its activity – Photo Retouching Services, and does not process them further ina manner incompatible with these purposes.
Fulfillment of the Administrator's obligations under a contract with you;
Compliance with a legal obligationthat applies to the Administrator;
For the purposes of the legitimate interests pursued by the Administrator or a third party.
Purposes and principles for the collection, processing, and storage of your personal dataArt.2. (1) We collect and process the personal data that you provide to us in connection with the use of the website or the conclusion of a contract, including for the following purposes:
Providing full functionality when using the website;
In connection with the purposes of our activity – Photo Retouching Services for digital agencies;
Accounting purposes;
Statistical purposes;
Information security protection;
Ensuring the performance of the contract for providing the respective service.
(2) We observe the following principles when processing your personal data:
Legality, good faith, and transparency;
Limitation of processing purposes;
Compatibility with the processing purposes and minimization of the data collected;
Accuracy and timeliness of the data;
Limitation of storage in order to achieve the purposes;
Integrity and confidentiality of processing and ensuring an appropriate level of security for personal data.
Types of personal data collected, processed, and stored by the Administrator Art. 3. (1) The following operations are carried out in connection with the personal data provided by you:
Sending an inquiry on the website –the purpose of this operation is to send information from the user to the Administrator in connection with the desire to receive a specific service. Sending an inquiry is not a mandatory step to use the website, and it is accessible even without sending an email that requires the provision of personal data.
Conclusion from the impact assessment: Based on the conducted impact assessment, the operation"Filling out and sending an inquiry form on the website" is permissible and provides sufficient guarantees for the protection of the rights and legitimate interests of data subjects in accordance with the requirements of the GDPR.
(2) The Administrator processes the following categories of personal data and information for the following purposes and on the following grounds:
Your identifying data (email address, name)
Purpose for which the data is collected: Establishing contact with the user and sending information to them, followed by providing services.
Basis for processing your personal data - By sending an inquiry on the website, you give your consent for the Administrator to process the personal data you have provided.
(3) The Administrator does not collect or process personal data related to the following:
Revealing racial or ethnic origin;
Revealing political, religious, or philosophical beliefs, or membership in trade unions;
Genetic and biometric data, data concerning health, or data concerning sex life or sexual orientation.
(4)Personal data is collected by the Administrator from the individuals to whom they relate.
(5) The Administrator does not engage in automated decision-making with data.
Article 5. The Administrator may use so-called"cookies" for the purpose of providing full functionality of the website, which you agree to by using our website. You can control and/or delete"cookies" at any time through the settings of the browser you use. "Cookies" do not constitute personal data and are not used to identify visitors and users of the website.
Term of storage of your personal data.
Article 6. (1) The Administrator stores your personal data provided in connection with inquiries for a period of 5 years for the purpose of protecting the legal interests of the Administrator in judicialor administrative disputes with users of the website. After this period, the Administrator takes the necessary steps to delete and destroy all your data without unnecessary delay or to anonymize them (i.e. to render them in a form that does not disclose your identity).
(2) The Administrator informs you in case the storage period of the data needs to be extended in order to comply with a legal obligation or for the legitimate interests of the Administrator or other reasons.
(3) TheAdministrator stores the personal data that it is required to keep under applicable law for the respective specified period. Transfer of your personal data for processing.
Article 7. The Administrator may, at their ownjudgment, disclose all or part of your personal data to data processors for the purpose of processing, with which you have agreed, in compliance with the requirements of Regulation (EU) 2016/679 (GDPR).
Your rights in the collection, processing, and storage of your personal data.
Withdrawal of consent for the processing of your personal data.
Article 9. (1) You have the right to request and receive confirmation from the Administrator whether personal data related to you is being processed by sending a request in free text via email.
(2) You have the right to access the data related to you, as well as information regarding the collection, processing, and storage of your personal data.
(3)Providing access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repetitiveness or excessiveness of requests.
Right to correction or filling.
Article 10. (1) You can correct or complete inaccurate or incomplete personal data related to you at any time by sending a request to the Administrator via email in free text.
Right to erasure ("right to be forgotten").
Article 11. (1) You have the right to requestf rom the Administrator the erasure of some or all of your personal data, andt he Administrator has the obligation to erase them without unnecessary delay, when one of the following grounds applies:
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
you withdraw your consent on which the processing is based and there is no other legal ground for the processing;
you object to the processing of the personal data concerning you, including for direct marketing purposes, and there are no overriding legitimate grounds for the processing;
the personal data have been unlawfully processed;
the personal data must be erased for compliance with a legal obligation in Union or Member State law to which the Administrator is subject;
the personal data have been collected in relation to the offer of informati on society services.
(2) The Administrator is not obliged to erase the personal data if it stores and processes them:
for exercising the right of freedom of expression and information;
for compliance with a legal obligation which requires processing by Union or Member State law to which the Administrator is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Administrator;
for reasons of public interest in the area of public health;
for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
for the establishment, exercise or defense of legal claims.
(3) To exercise your right to be forgotten, you must send a request for deletion of your personal data processed by the Administrator via email in free text.
(4) Once we verify the identity of the person sending the request and the person to whom the data relates in accordance with your instructions, we will erase all data we process for you in accordance with paragraph 3.
Right to restriction of processing.
Article 12. You have the right to request the Administrator to restrict the processing of your data by sending us a free-text request via email in the following cases:
you dispute the accuracy of the personal data, for a period enabling the Administrator to verify the accuracy of the personal data;
the processing is unlawful, but you do not want the personal data to be erased and only request the restriction of their use;
the Administrator no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims;
you have objected to processing pending the verification whether the legitimate grounds of the Administrator override your interests.
(2) Once we receive your request, we will send you an email with detailed instructions for verifying your identity as a user of the website and as a data subject for whom the request for restricting processing has been made.
(3) After performing the verification according to paragraph 2, the Administrator will cease processing your data.
Right to data portability.
Article 13. (1) If you have provided consent for the processing of your personal data, or if the processing is necessary for the performance of a contract with the Administrator, or if your data is being processed by automated means, you have the right to:
request the Administrator to provide your personal data in a readable format and transfer it to another Administrator;
request the Administrator to directly transfer your personal data to the Administrator specified by you, where technically feasible.
(2) You can exercise the right to data portability by sending us a free-text request via email, after which the Administrator will send you an email to the address you used for registration on the website, with detailed instructions for verifying your identity as a user of the website and as a data subject for whom the request for data portability has been made.
(3) After performing the verification according to paragraph 2, the Administrator will send the data that is processed for you to the email address you specified .Right to receive information.
Article 14.You may request the Administrator to inform you about all recipients to whom the personal data, for which correction, erasure or restriction of processing has been requested, has been disclosed. The Administrator may refuse to provide this information if it would be impossible or would require disproportion at eeffort .Right to object.
Article 15. You have the right to object at any time to the processing of personal data by the Administrator, including if they are processed for profiling or direct marketing purposes. Your rights in case of a personal data breach.
Article 16. (1) If the Administrator identifies a breach of the security of your personal data that may result in a high risk to your rights and freedoms, they will inform you of the breach without unnecessary delay, as well as the measures that have been taken or are planned to be taken.
(2) TheAdministrator is not obliged to inform you if:
They have taken appropriate technical and organizational measures to protect the data affected by the security breach.
They have subsequently taken measures to ensure that the breach will not lead to a high risk to your rights.
Notifying you would require disproportionate efforts.
Entities to whom your personal data is disclosed.
Article 17. The personal data provided by you may be disclosed to third parties depending on contractual relationships and for the purpose of providing the requested service. In such cases, the transmission is subject to appropriate safeguards (such as standard contractual clauses).
Article 18. In case of violation of your rights, in accordance with the above or applicable data protection legislation, you have the right to lodge a complaint with the Commission for Personal Data Protection, as follows:
Name: Commission for Personal Data Protection
Registered office and management address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2 Correspondence address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2
Phone: 02 915 3 518
Website: www.cpdp.bg
