Главно съдържание

Privacy Policy

Privacy Policy

With this Privacy Policy we would like to inform you what information we process for participants in the BILLA Card loyalty program and how we use it.

“BILLA Bulgaria” EOOD, UIC: 130007884, with headquarters and management address: city of Sofia, 55 Bulgaria Blvd. (“BILLA”), as an administrator of personal data, collects and processes personal data in compliance with the requirements of local and European legislation in the field of personal data protection, in particular the Personal Data Protection Act (“PDPA”) and Regulation (EU) 2016/ 679 of the European Parliament of the Council from 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC ("Regulation").

1. What type of data do we process?

1.1. Data provided upon registration in the loyalty program To participate in the BILLA Card loyalty program (the "Program") it is necessary to fill in a registration form in the Program. The form can be filled in on paper, online at www.billa.bg or through the mobile application BILLA APP, as well as through a self-service terminal. All fields in the form marked with an asterisk (*) must be filled in, and the remaining information can be provided voluntarily, at your discretion. The form contains the following fields to be filled in:
• name and surname [required fields]
• date of birth [required field]
• postcode [required field]
• address [it must be indicated when filling in a form online or through a self-service terminal]
• gender / salutation (Mr. or Ms.) [when filling in a form online or through a self-service terminal – the preferred salutation Mr. or Mrs. must be indicated, when filling in a paper form - the gender is an optional field]
• email and/or phone number [when filling in a form online or through a self-service terminal - email must be indicated, when filling in a paper form, at least one communication channel must be indicated - email and / or mobile number]. The data that must be provided are the minimum necessary for us to register you in the Program so that you can take advantage of the offers of the BILLA Card. In case you refuse to provide the necessary information for the fulfillment of our rights and obligations under the contract, BILLA will not be able to register you in the Program, respectively you will not take advantage of the offers of the BILLA Card. More information on what data, for what purposes and on what legal basis we process can be found in item 2.1. in this Privacy Policy. If you have voluntarily provided us with personal data, we use them only to fulfill our contractual relationship or to administer the Program. For example, you can voluntarily provide us with contact details, other than those required for registration in the Program – in a paper form, if you have filled in the obligatory field "Contact details" with your email and subsequently provide us with your mobile number, the mobile number is provided by you voluntarily. In this case, we may send you information about the Program and / or non - personalized advertising messages both by email and by telephone (eg SMS / Viber). You have the right to request the deletion of all personal data saved for you at any time. BILLA uses the voluntarily provided data only for the abovementioned purposes. The data can be processed for other purposes only if you provide your agreement (e.g. consent for the receipt of personalized messages).

1.2. Data provided when registering a client profile Each participant in the Program can have a client profile, which is available on www.billa.bg and through the mobile application BILLA APP. For participants, who have chosen to register in the Program by submitting a form online at www.billa.bg or through the mobile application BILLA APP, the profile is generated automatically upon confirmation of registration in the Program (the registration is confirmed by opening the link contained in the message for confirmation). The email address that is filled in the registration form is used as a user name and the password is the one set by the participant. Participants, who have chosen to register in the Program through submitting a paper form or have submitted a form through the self-service terminal, can create a profile on www.billa.bg by filling an email address, password, card’s barcode and activation code provided by BILLA. The way of obtaining the code is described on www.billa.bg and in the mobile application BILLA APP.

2. For what purpose do we process the data?

2.1. Loyalty program administration For the purpose of administering the Program and fulfilling our contract with you we process the personal data that you have provided us by registering into the Program, when registering a client profile and filling in additional data for you in the account (e.g. delivery address of a physical card), information about your visits of websites, applications and other digital channels of BILLA, data for your participation in activities organized by BILLA, as well as data for your purchasing behavior. Said data we link to your personal data, which you have provided us by registering in the Program. Otherwise, we wouldn’t be able to fulfill our contractual engagements to you. We process your personal data, including your contact details, so that we can identify you as a contract party and can communicate with you. In addition to email, we can communicate with you by phone (eg SMS / Viber). The contact details allow us to fulfill our obligation to inform you in case of changes in the terms of the Program (eg changes in the General Terms and Conditions of the Program, changes in this Privacy Policy), as well as other facts and circumstances related to the Program. For your purchasing behavior we process the following data: place of purchase (store), goods and product groups, sales price, purchase of goods with discounts, discounts and / or object of other offers and special offers, customer classification and profiling according to criteria (customer with the highest value of the purchase / inactive customer / frequency of purchases / customers with preferences for certain brands or goods or services / etc.) and establishing similarity to other of our customers by criterion (selling price / frequency / value of the purchase). We process this data so that we can provide you with the basic services of the BILLA Card, namely discounts and vouchers for discounts when purchasing goods. We also process data about your participation in activities and initiatives organized by BILLA (eg types of activities in which you took part, purchased goods, etc.) and data about your visits to BILLA websites, applications and other digital electronic channels (which products you view on the sites, which brochures, etc.). We use the data to improve the quality and diversity of our activities and products and to optimize them according to your search and interests. We also process the data we receive in connection with your inquiries to BILLA, made in writing and / or by calling the Customer Service Center, the type and volume of data depend on the nature of the inquiry. The legal basis for processing the data related to the administration of the Program is the conclusion and implementation of a contract, including the provision of BILLA Card services (Article 6, paragraph 1 (b) of the Regulation) and protection of the legitimate interest of BILLA for the effective administration of the Program (Art. 6, para. 1 (f) of the Regulation).

2.2. Sending non – personalized messages (direct marketing) We may use your contact information to send you news and information about products, services, promotions, games and raffles with prizes, surveys, studies, initiatives and other advertising messages. For example, by email and / or by phone (eg SMS / Viber) you can receive an information bulletin about the current offers in BILLA stores (newsletter), an information bulletin about the BILLA Card loyalty program, etc. You can object to receiving impersonal messages at any time, without giving a reason, by sending a letter by mail to: city of Sofia, 55 Bulgaria Blvd. or by email on mydata@billa.bg or by sending a request through your client profile on www.billa.bg or in the mobile application BILLA APP, as well as by using the functionalities on mydata.billa.bg. In the event of such notification, BILLA will suspend the sending of non - personalized messages, as this will not affect your membership in the Program and you will be able to continue to take advantage of the offers of the BILLA Card. The legal basis for processing the data is protection of the legitimate interest of BILLA (Art. 6, para. 1 (f) of the Regulation). We send non-personalized messages in order to present and promote our products and services, to develop our product portfolio, to improve customer service, to evaluate the company's performance and to plan our future activities.

2.3. Sending personalized messages If you have explicitly provided your consent, we may send you personalized messages - for example, a discount coupon for your birthday, advertising, offers, special offers, discounts, etc., which are tailored to your individual interests and preferences. These offers are especially for you, in addition to the main offers, which can be used by each participant in the Program. We can send you personalized messages by email and / or telephone (eg SMS / Viber). In order to be able to send you personalized messages that meet your interests and preferences, we process all your personal data, which we generally process in connection with the administration of the Program (see item

2.1 in this Privacy Policy). In this case, however, the selection and preparation of appropriate proposals for you can be done through profiling. The purpose of this analysis is to determine which proposal would be most suitable for you. We can send personalized messages only if you have provided your consent. We should inform you that any consent to the processing of your personal data may be revoked at any time, without giving reasons, by sending a letter by mail to: city of Sofia, 55 Bulgaria Blvd. or by email on mydata@billa.bg or by sending a request through your client profile on www.billa.bg or in the mobile application BILLA APP, as well as by using the functionalities on mydata.billa.bg. In the event of such notification, BILLA will suspend the sending of personalized messages, as this will not affect your membership in the Program and you will be able to continue to take advantage of the offers of the BILLA Card, and you will continue to receive only non –personalized messages from us. Withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal. The legal basis for processing the data is your consent (Art. 6, paragraph 1 (a) of the Regulation. If you have not declared consent or withdrawn it, your data will not be used for the above purposes.

3. How long do we store the data? We terminate the use of your personal data for the purposes related to the contractual relationship after the termination of the contract, but we do not delete them before the expiration of 3 years from the termination of the contract or 3 years from the last use of the card (more information on the conditions of termination of the participation in the Program can be found in the General Terms of the Program [link]). When a law or other normative act requires your personal data (or some of them) to be processed for a longer period of time, we will process them within the period provided by law. Your data can also be anonymized. Anonymization is an alternative to deleting data. Upon anonymization, all personally identifiable items / items that allow you to identify yourself are irrevocably deleted. There is no legal obligation for anonymized data to be deleted, as they do not constitute personal data. 4. With whom do we share the data? In order to be able to provide the BILLA Card services, BILLA uses the services of external parties - service providers. For example:
• persons who perform storage, maintenance and destruction of data archives for the participants in the Program;
• “Customer Center” service providers;
• agencies that prepare advertising and marketing for the participants in the Program;
• agencies that conduct customer surveys, etc. These persons are assigned by BILLA to process the personal data of the participants in the Program on behalf of BILLA on the basis of a written agreement. They process the data only for the purposes set by BILLA and have access only to your data to the extent and for the period of time necessary to provide the services and always within the scope and time in which BILLA has the right to process the data. These persons are obliged to comply with the data protection legislation and the instructions of BILLA. As a rule, BILLA strives not to send personal data to participants in the Program outside the territory of the European Union (EU) and the European Economic Area (EEA). However, in certain cases it may be necessary to send certain data to data processors outside the EU and the EEA. In the event that such transmission is required, this will be done in compliance with the applicable data protection provisions. A list of the data processors is published on www.billa.bg. BILLA may provide personal data of participants in the Program to state bodies and institutions, which under current legislation have the right to require the provision of information, including personal data, such as courts, prosecutors, regulatory authorities (Consumer Protection Commission, Commission for Personal Data Protection, etc.), etc. In case BILLA expands the program by attracting other traders as partners of the Program to provide the participants in the Program with preferential conditions when purchasing goods and / or using the services provided by them, BILLA will not transfer to the partners the personal data of the participants (you can find more information for the Program’s partners in the General Terms of the Program [link]). In addition to the above, we will disclose your personal information to third parties only if you have given your express consent or in cases permitted by law.

5. How do we protect the data? In accordance with the requirements of current legislation and good practices, BILLA takes the necessary technical and organizational measures to keep the personal data of the participants in the Program safe. In addition to the processes that ensure the security of your data, we may use additional mechanisms to encrypt information (for example, from the client's account, the contact form with BILLA). The information provided by you is transferred in encrypted form via an SSL certificate (Secure Socket Layer) in order to prevent misuse of data by third parties. When using an SSL certificate, the site opens at an Internet address that begins with "https: //" and a locked padlock is displayed in the status bar of your web browser. Data security is updated in accordance with the current level of technology.

6. What rights do participants in the loyalty program have? You, as a data subject, have the right to access the data we process for you, the right to correct the data, the right to object to the processing, the right to delete the data, the right to restrict the processing of data, the right to data portability and the right to appeal. You can exercise your right by sending a letter by mail to: city of Sofia, 55 Bulgaria Blvd. or by email on mydata@billa.bg or by sending a request through your client profile on www.billa.bg or in the mobile application BILLA APP, as well as by using the functionalities on mydata.billa.bg.

6.1. Right to access the data You have the right, upon request, to be provided with information on the purposes of the processing, the categories of personal data and the legal basis for the processing; the recipients or categories of recipients of personal data, including in third countries or international organizations, where applicable; the period for which your personal data will be stored, and if this is not possible - the criteria used to determine this period; as well as other information relevant to your data and your rights. The information is provided free of charge on paper or in electronic form, each subsequent copy on paper is paid.

6.2. Right to correct the data In the event that the personal data we process about you is inaccurate or out of date, you have the right to request that we correct or supplement it. Also, you have the opportunity, at any time, through the client profile on www.billa.bg or in the mobile application BILLA APP to personally adjust your personal data and preferences for receiving personalized messages. You can adjust your preferences for receiving personalized messages personally and through the Internet portal at www.gdpr.billa.bg .

6.3. Right to object You have the right, at any time, to object to the processing of your personal data. In certain cases, this right is unconditional and in the event of an objection, BILLA will stop processing the data within a reasonable time. These are the cases in which BILLA processes personal data for the purpose of sending non - personalized messages. In addition to the ways described above, you can exercise the right to object by selecting the unsubscribe option in the email or message sent to your mobile number. If you subsequently provide your consent, BILLA may resume sending such messages. In other cases, depending on the nature of the objection and the circumstances in the specific situation, BILLA will conduct an internal inspection of the objection and will inform you of the decision taken - to stop processing your data or a reasoned refusal to stop processing your data on the basis of a legal reason for this.

6.4. Right to delete the data You have the right to ask BILLA to delete your personal data or to restrict their processing. BILLA will delete your data within 1 month of receiving the request. Please note that in certain cases the deletion may not be carried out immediately due to the existence of a regulatory or contractual basis for storing data.

6.5. Right to restrict the data processing In certain cases, you have the right to request a restriction on the processing of your personal data. For example, if you dispute the accuracy of your personal data, we may limit their processing to the period in which we verify its accuracy. You may also request a restriction on processing in cases where you no longer participate in the Program, but the data should be stored by BILLA within the time limits provided by law or contract. 6.6. Right to data portability You may request us to provide you with the personal data you have provided to us (for example, the data provided during registration in the Program) in a structured, widely used and machine-readable format, and you may request that we transfer this data to another administrator when this is technically feasible. 6.7. Right to appeal In case of complaints, questions and ambiguities regarding the processing of personal data, you can contact us at any time. The contact details are as follows: “BILLA Bulgaria” EOOD City of Sofia, 55 Bulgaria Blvd. Data protection official: mydata@billa.bg Customer Service Center: tel.: 0700 12 10 In addition, we inform you that you have the right to file a complaint or report to the Commission for Personal Data Protection, if you believe that there is a violation of personal data protection legislation. The contact details are as follows: Commission for Personal Data Protection City of Sofia, 2 Prof. Tsvetan Lazarov Blvd. email: kzld@cpdp.bg tel.: +359 2 91 53 518 7. Other terms The current Privacy Policy is published on www.billa.bg, in the mobile application BILLA APP, on the self – service terminals, as well as can be provided at the BILLA stores upon request. An excerpt from the Privacy Policy and the General Terms and Conditions of the Program is published on the back of the paper registration form. In order to comply with current legislation and apply the latest protection measures, we will update this Privacy Policy if necessary. The changes come into force on the day of their publication on www.billa.bg . If the changes we make are significant, we will inform you by sending a message by email and / or telephone, as well as posting a message on our websites and mobile applications. We encourage you to regularly review the current version of this Privacy Policy in order to be informed about how we take care of the protection of your personal data.

The current Privacy Policy is valid from 10.09.2020.