“BILLA Bulgaria” EOOD, UIC: 130007884, with headquarters and management address: city of Sofia, 55 Bulgaria Blvd. (“BILLA”), as an administrator of personal data, collects and processes personal data in compliance with the requirements of local and European legislation in the field of personal data protection, in particular the Personal Data Protection Act (“PDPA”) and Regulation (EU) 2016/ 679 of the European Parliament of the Council from 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC ("Regulation").
1. What type of data do we process?
1.1. Data provided upon registration in the loyalty program To participate in the BILLA Card loyalty program (the "Program") it is necessary to fill in a registration form in the Program. The form can be filled in on paper, online at www.billa.bg or through the mobile application BILLA APP, as well as through a self-service terminal. All fields in the form marked with an asterisk (*) must be filled in, and the remaining information can be provided voluntarily, at your discretion. The form contains the following fields to be filled in:
• name and surname [required fields]
• date of birth [required field]
• postcode [required field]
• address [it must be indicated when filling in a form online or through a self-service terminal]
• gender / salutation (Mr. or Ms.) [when filling in a form online or through a self-service terminal – the preferred salutation Mr. or Mrs. must be indicated, when filling in a paper form - the gender is an optional field]
1.2. Data provided when registering a client profile Each participant in the Program can have a client profile, which is available on www.billa.bg and through the mobile application BILLA APP. For participants, who have chosen to register in the Program by submitting a form online at www.billa.bg or through the mobile application BILLA APP, the profile is generated automatically upon confirmation of registration in the Program (the registration is confirmed by opening the link contained in the message for confirmation). The email address that is filled in the registration form is used as a user name and the password is the one set by the participant. Participants, who have chosen to register in the Program through submitting a paper form or have submitted a form through the self-service terminal, can create a profile on www.billa.bg by filling an email address, password, card’s barcode and activation code provided by BILLA. The way of obtaining the code is described on www.billa.bg and in the mobile application BILLA APP.
2. For what purpose do we process the data?
2.2. Sending non – personalized messages (direct marketing) We may use your contact information to send you news and information about products, services, promotions, games and raffles with prizes, surveys, studies, initiatives and other advertising messages. For example, by email and / or by phone (eg SMS / Viber) you can receive an information bulletin about the current offers in BILLA stores (newsletter), an information bulletin about the BILLA Card loyalty program, etc. You can object to receiving impersonal messages at any time, without giving a reason, by sending a letter by mail to: city of Sofia, 55 Bulgaria Blvd. or by email on firstname.lastname@example.org or by sending a request through your client profile on www.billa.bg or in the mobile application BILLA APP, as well as by using the functionalities on mydata.billa.bg. In the event of such notification, BILLA will suspend the sending of non - personalized messages, as this will not affect your membership in the Program and you will be able to continue to take advantage of the offers of the BILLA Card. The legal basis for processing the data is protection of the legitimate interest of BILLA (Art. 6, para. 1 (f) of the Regulation). We send non-personalized messages in order to present and promote our products and services, to develop our product portfolio, to improve customer service, to evaluate the company's performance and to plan our future activities.
2.3. Sending personalized messages If you have explicitly provided your consent, we may send you personalized messages - for example, a discount coupon for your birthday, advertising, offers, special offers, discounts, etc., which are tailored to your individual interests and preferences. These offers are especially for you, in addition to the main offers, which can be used by each participant in the Program. We can send you personalized messages by email and / or telephone (eg SMS / Viber). In order to be able to send you personalized messages that meet your interests and preferences, we process all your personal data, which we generally process in connection with the administration of the Program (see item
3. How long do we store the data? We terminate the use of your personal data for the purposes related to the contractual relationship after the termination of the contract, but we do not delete them before the expiration of 3 years from the termination of the contract or 3 years from the last use of the card (more information on the conditions of termination of the participation in the Program can be found in the General Terms of the Program [link]). When a law or other normative act requires your personal data (or some of them) to be processed for a longer period of time, we will process them within the period provided by law. Your data can also be anonymized. Anonymization is an alternative to deleting data. Upon anonymization, all personally identifiable items / items that allow you to identify yourself are irrevocably deleted. There is no legal obligation for anonymized data to be deleted, as they do not constitute personal data. 4. With whom do we share the data? In order to be able to provide the BILLA Card services, BILLA uses the services of external parties - service providers. For example:
• persons who perform storage, maintenance and destruction of data archives for the participants in the Program;
• “Customer Center” service providers;
• agencies that prepare advertising and marketing for the participants in the Program;
• agencies that conduct customer surveys, etc. These persons are assigned by BILLA to process the personal data of the participants in the Program on behalf of BILLA on the basis of a written agreement. They process the data only for the purposes set by BILLA and have access only to your data to the extent and for the period of time necessary to provide the services and always within the scope and time in which BILLA has the right to process the data. These persons are obliged to comply with the data protection legislation and the instructions of BILLA. As a rule, BILLA strives not to send personal data to participants in the Program outside the territory of the European Union (EU) and the European Economic Area (EEA). However, in certain cases it may be necessary to send certain data to data processors outside the EU and the EEA. In the event that such transmission is required, this will be done in compliance with the applicable data protection provisions. A list of the data processors is published on www.billa.bg. BILLA may provide personal data of participants in the Program to state bodies and institutions, which under current legislation have the right to require the provision of information, including personal data, such as courts, prosecutors, regulatory authorities (Consumer Protection Commission, Commission for Personal Data Protection, etc.), etc. In case BILLA expands the program by attracting other traders as partners of the Program to provide the participants in the Program with preferential conditions when purchasing goods and / or using the services provided by them, BILLA will not transfer to the partners the personal data of the participants (you can find more information for the Program’s partners in the General Terms of the Program [link]). In addition to the above, we will disclose your personal information to third parties only if you have given your express consent or in cases permitted by law.
5. How do we protect the data? In accordance with the requirements of current legislation and good practices, BILLA takes the necessary technical and organizational measures to keep the personal data of the participants in the Program safe. In addition to the processes that ensure the security of your data, we may use additional mechanisms to encrypt information (for example, from the client's account, the contact form with BILLA). The information provided by you is transferred in encrypted form via an SSL certificate (Secure Socket Layer) in order to prevent misuse of data by third parties. When using an SSL certificate, the site opens at an Internet address that begins with "https: //" and a locked padlock is displayed in the status bar of your web browser. Data security is updated in accordance with the current level of technology.
6. What rights do participants in the loyalty program have? You, as a data subject, have the right to access the data we process for you, the right to correct the data, the right to object to the processing, the right to delete the data, the right to restrict the processing of data, the right to data portability and the right to appeal. You can exercise your right by sending a letter by mail to: city of Sofia, 55 Bulgaria Blvd. or by email on email@example.com or by sending a request through your client profile on www.billa.bg or in the mobile application BILLA APP, as well as by using the functionalities on mydata.billa.bg.
6.1. Right to access the data You have the right, upon request, to be provided with information on the purposes of the processing, the categories of personal data and the legal basis for the processing; the recipients or categories of recipients of personal data, including in third countries or international organizations, where applicable; the period for which your personal data will be stored, and if this is not possible - the criteria used to determine this period; as well as other information relevant to your data and your rights. The information is provided free of charge on paper or in electronic form, each subsequent copy on paper is paid.
6.2. Right to correct the data In the event that the personal data we process about you is inaccurate or out of date, you have the right to request that we correct or supplement it. Also, you have the opportunity, at any time, through the client profile on www.billa.bg or in the mobile application BILLA APP to personally adjust your personal data and preferences for receiving personalized messages. You can adjust your preferences for receiving personalized messages personally and through the Internet portal at www.gdpr.billa.bg .
6.3. Right to object You have the right, at any time, to object to the processing of your personal data. In certain cases, this right is unconditional and in the event of an objection, BILLA will stop processing the data within a reasonable time. These are the cases in which BILLA processes personal data for the purpose of sending non - personalized messages. In addition to the ways described above, you can exercise the right to object by selecting the unsubscribe option in the email or message sent to your mobile number. If you subsequently provide your consent, BILLA may resume sending such messages. In other cases, depending on the nature of the objection and the circumstances in the specific situation, BILLA will conduct an internal inspection of the objection and will inform you of the decision taken - to stop processing your data or a reasoned refusal to stop processing your data on the basis of a legal reason for this.
6.4. Right to delete the data You have the right to ask BILLA to delete your personal data or to restrict their processing. BILLA will delete your data within 1 month of receiving the request. Please note that in certain cases the deletion may not be carried out immediately due to the existence of a regulatory or contractual basis for storing data.