Безплатна доставка на всички продукти в рамките на страната!

Privacy policy

Information about the company that processes your data:

  • Name: Cannabico Ltd.
  • UIC / BULSTAT: 205760863
  • Headquarters and address of management: Sofia, 263A Tsar Boris III Blvd., Entr. 1, Fl. 5, Ap. 13
  • Address for correspondence: Sofia, 263A Tsar Boris III Blvd., Entr. 1, Fl. 5, Ap. 13
  • Phone: 00359 883 375342
  • Email: sales@cannabico.bg
  • Website: https://www.cannabico.bg

Information on the competent data protection supervisory authority

  • Title: Commission for Personal Data Protection
  • Headquarters and address of management: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2
  • Address for correspondence: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2
  • Telephone: 00359 2 915 3 518
  • Website: www.cpdp.bg

Cannabico Ltd(hereinafter referred to as “Administrator” or “the Company”) operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This information is intended to inform you about all aspects of the processing of your personal data by the Company and the rights you have in connection with this processing.

Grounds for collecting, processing and storing your personal data

The administrator collects and processes your personal data in connection with the use of the website https://www.cannabico.bg and the conclusion of contracts with the company pursuant to Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:

  • Explicit consent received from you as a customer;
  • Fulfillment of the obligations of the Administrator under a contract with you;
  • Compliance with a legal obligation that applies to the Administrator;
  • For the purposes of the legitimate interests of the Administrator or a third party;

Objectives and principles in the collection, processing and storage of your personal data

We collect and process the personal data you provide to us in connection with the use of the e-shop and the conclusion of a contract with the company, including for the following purposes:

  • creating a profile and providing full functionality when using the online store;
  • concluding and executing a distance contract;
  • individualization of a party to the contract;
  • accounting purposes;
  • statistical purposes;
  • information security protection;
  • ensuring the implementation of the contract for the provision of the respective service;
  • sending an information bulletin if you wish.

We follow the following principles when processing your personal data:

  • legality, good faith and transparency;
  • restriction of processing purposes;
  • relevance to the purposes of processing and minimizing the data collected;
  • accuracy and timeliness of data;
  • limitation of storage in order to achieve the objectives;
  • integrity and confidentiality of the processing and ensuring an appropriate level of security of personal data.

During the processing and storage of personal data, the Administrator may process and store personal data in order to protect the following legitimate interests:

  • fulfillment of its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal bodies.

What types of personal data our company collects, processes and stores

The company performs the following operations with the personal data provided by you for the following purposes:

  • Conclusion and execution of a trade transaction with a client or partner – the purpose of this operation is the conclusion and execution of a contract with a trade partner or client and its administration. Given the limited scope of the personal data collected and the fact that some of them are collected from publicly available sources, an impact assessment is not required to carry out an impact assessment of the operation;
  • Sending a newsletter (newsletter) – the purpose of this operation is to administer the process of sending newsletters to customers who have stated that they wish to receive. Given the limited scope of the personal data collected, an impact assessment is not required to carry out an impact assessment of the operation;
  • Exercising the right of refusal or making a claim – the purpose of this operation is to administer the process of exercising the right of refusal or complaint by the client. Given the limited scope of the personal data collected, an impact assessment is not required to carry out an impact assessment of the operation.

The controller processes the following categories of personal data and information for the following purposes and on the following grounds:

  • Your personal data (e-mail, name, etc.)
    • Purpose for which the data is collected: 1) Making contact with the user and sending information to him, 2) for the purpose of registering a user in the online store, and 3) sending a newsletter.
    • Grounds for processing your personal data – By accepting the general conditions and registration in the e-shop or placing an order without registration, or by concluding a written contract, a contractual relationship is created between the Administrator and you, on which basis we process your personal data – Art. . 6, para. 1, p. (b) GDPR. Your data for sending a newsletter are processed with your explicit consent – Art. 6, para. 1, p. (a) GDPR.
  • Delivery details (names, phone, address, etc.)
    • Purpose for which the data is collected: Fulfillment of obligations of the administrator under a contract of sale and delivery of purchased goods.
    • Grounds for processing your personal data – By accepting the general conditions and registration in the e-shop or placing an order without registration, or by concluding a written contract, a contractual relationship is created between the Administrator and you, on which basis we process your personal data – Art. . 6, para. 1, p. (b) GDPR.
  • Additional data provided by you – If you want to complete your profile, you can fill in data for name, surname, phone number.
    • Purpose for which the data is collected: Completion of information about the user in his user account.
    • Grounds for data processing: You have given your explicit consent for the processing of his personal data for one or more specific purposes – 6, para. 1, p. (a) the GDPR at the time of registration in the online store. Providing this information is not required for registration in the online store.

The administrator does not collect or process personal data relating to the following:

  • reveal racial or ethnic origin;
  • disclose political, religious or philosophical beliefs, or trade union membership;
  • genetic and biometric data, health data or data on sexual life or sexual orientation.

Personal data is collected by the Administrator from the persons to whom it relates.

The company does not perform automated data decision making.

The Company performs the following operations with the personal data provided by you, as legal representatives or proxies of legal entities-trading partners, for the following purposes:

  • Concluding and executing a commercial transaction: For concluding and executing a commercial transaction with a commercial company, we process only the three names of the legal representative or the person authorized by the company. Conclusion from the impact assessment: Given the small volume of individuals whose data are processed and given the limited amount of personal data that are collected, an impact assessment is not necessary for this operation.

The personal data are collected by the Administrator from the persons to whom they also refer from the Commercial Register to the Registry Agency.

The company does not perform automated data decision making.

The administrator can use the so-called. Cookies for the purpose of providing full functionality of the website, improving the user experience, statistical purposes, facilitated access, etc., which you agree to by using our website. You can control and / or delete cookies at any time through the settings of the browser you use. Cookies do not constitute personal data and are not used to identify visitors and users of the e-shop.

Term of storage of your personal data

The administrator stores your personal data for a period not longer than the existence of your account in the online store. After deleting your account, the Administrator takes the necessary care to delete and destroy all your data without undue delay or to anonymize it (e.g. to make it in a form that does not reveal your identity).

The administrator processes your personal data that you provided when placing an order without registration in the e-shop, until the completion of the order, unless you have given your explicit consent when processing your order to process your data for the purpose of improving the service, providing recommended content for you, individual conditions, promotions, and for statistical purposes.

The Administrator stores your personal data provided in relation with online orders for a period of 5 years for the purpose of protecting the legal interests of the Administrator in court or administrative disputes with users of the online store.

The Administrator notifies you in case the data retention period needs to be extended in order to fulfill a regulatory obligation or in view of the legitimate interests of the Administrator or otherwise.

The administrator stores the personal data that it is necessary to keep under applicable law for the relevant period, which may exceed the period of existence of your account in the e-shop or until the completion of the order.

The Administrator keeps the personal data of the legal representatives of its business partners for the term of the contract, for observance of the legitimate interests and legal obligations of the Administrator, and this term may exceed the term of the concluded contract.

Transfer of your personal data for processing

The administrator may, at its discretion, transfer some or all of your personal data to personal data processors for the fulfillment of the processing purposes with which you have agreed, subject to the requirements of Regulation (EU) 2016/679 (GDPR).

The administrator notifies you in case of intention to transfer part or all of your personal data to third countries or international organizations.

Your rights in the collection, processing and storage of your personal data

Withdrawal of consent for the processing of your personal data

If you do not wish the personal data provided by you to be processed for marketing purposes and to receive a newsletter, you can withdraw your consent to processing at any time by filling in the withdrawal consent form in Appendix № 1 or by request in free text, and send it to us by email.

Once we receive your request, we will send you an email to the email you provided for receiving newsletters and advertisements, with detailed instructions for verifying you as a newsletter recipient and personal data subject for whom consent has been withdrawn.

The withdrawal of the consent does not affect the legality of the processing of personal data, which the Administrator has performed so far.

Right of access

You have the right to request and receive confirmation from the Administrator whether personal data related to you are processed by sending a request in free text by e-mail.

You have the right to access data relating to you, as well as information relating to the collection, processing and storage of your personal data.

Once we receive your request, we will send you an email with detailed instructions for verifying you as a data subject to whom access has been requested to the email you used to register or place orders in the e-shop.

After performing the verification, according to par. 3, The administrator provides you, upon request, a copy of the processed personal data related to you, in electronic or other appropriate form.

Providing access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of recurrence or excessive requests.

Right of correction or completion

You may at any time correct or complete inaccurate or incomplete personal data relating to you by completing Appendix №4

You may correct or complete inaccurate or incomplete personal data relating to you directly through your account on the Website or by making a request to the Administrator by email using the form in Appendix № 4 or by request in free text.

Right to “be forgotten”

You have the right to request from the Administrator the deletion of part or all of the personal data related to you, and the Administrator has the obligation to delete them without undue delay when there is any of the following reasons:

  • Personal data are no longer needed for the purposes for which they were collected or otherwise processed;
  • You withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
  • You object to the processing of personal data related to you, including for direct marketing purposes, and there are no legal grounds for processing to take precedence;
  • Personal data have been processed illegally;
  • Personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the Controller;
  • Personal data have been collected in connection with the provision of information society services.

The administrator is not obliged to delete personal data if it stores and processes:

  • to exercise the right to freedom of expression and the right to information;
  • to comply with a legal obligation requiring processing provided for in EU law or the law of the Member State applicable to the Administrator or for the performance of a task in the public interest or in the exercise of official powers conferred on him;
  • for reasons of public interest in the field of public health;
  • for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
  • for the establishment, exercise or defense of legal claims.

In order to use your right to be forgotten, it is necessary to send by e-mail a request for deletion of your personal data, which the Administrator processes, by filling in the form in Appendix № 2 or by request in free text, after which the Administrator will send to the e-mail You have used to register or place orders in the e-shop, a letter with detailed instructions for your verification as a user of the store and a subject of personal data for which a request for deletion has been requested.

After verifying the identity of the person who made the request and the person to whom the data relates in accordance with the instructions sent to you, we will delete all data that we process for you, in accordance with conditions above.

If you have an order that is being processed, the earliest time you can ask to be “forgotten” is when the order is successfully completed.

Right of restriction

You have the right to ask the Administrator to restrict the processing of data related to you by sending us a request in free text by email when:

  • challenge the accuracy of personal data for a period that allows the Administrator to verify the accuracy of personal data;
  • the processing is illegal, but you do not want the personal data to be deleted, only their use to be restricted;
  • the controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defense of your legal claims;
  • you have objected to the processing pending verification that the legal grounds of the Administrator take precedence over your interests.

Once we receive your request, we will send you an email with the email you used to register or place orders in the e-shop, with detailed instructions for verifying you as a user of the store and the subject of personal data for whom a request to restrict processing.

After performing the verification according to par. 2, the Company will stop processing your data, but will not remove the publications you have made in the online store, if any.

Right of portability

If you have consented to the processing of your personal data or the processing is necessary for the performance of the contract with the Administrator, or if your data is processed in an automated manner, you may:

  • to ask the Administrator to provide you with your personal data in a readable format and to transfer them to another Administrator;
  • to ask the Administrator to directly transfer your personal data to an administrator specified by you, when this is technically feasible.

You can use the right of portability by sending us by e-mail a completed form according to Appendix № 3 or a request in free text, after which the Administrator will send to the e-mail you used to register or place orders in the e-shop, a letter with detailed instructions for your verification as a user of the store and a subject of personal data for which portability has been requested.

After performing the verification according to par. 2, the Company sent to the e-mail specified by you the data that it processes for you in XML format.

Right to receive information

You can ask the Administrator to inform you about all recipients to whom the personal data for which correction, deletion or restriction of processing has been requested have been disclosed. The administrator may refuse to provide this information if this would be impossible or would require a disproportionate effort.

Right to object

You may object at any time to the processing of personal data by the Administrator relating to him, including if they are processed for profiling or direct marketing purposes.

Your rights in the event of a breach of the security of your personal data

If the Administrator finds a breach of the security of your personal data, which may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the breach, as well as of the measures that have been taken or are to be taken.

The administrator is not obliged to notify you if:

  • has taken appropriate technical and organizational protection measures with regard to data affected by the security breach;
  • has subsequently taken steps to ensure that the breach does not pose a high risk to your rights;
    notification would require a disproportionate effort.

Persons to whom your personal data is provided

For the purposes of processing your personal data and providing the service in its full functionality and in view of your interests, the Administrator may provide the data to the following persons who are data processors:

Processor of personal data                           Purpose of the processing of personal data

………………. no such ……………………….      ……………………………. no such …………………………….

The processors of personal data comply with all requirements for legality and security in the processing and storage of your personal data.

The administrator does not transfer your data to third countries.

In the event of a breach of your rights under the above or applicable data protection legislation, you have the right to lodge a complaint with the Data Protection Commission as follows:

  • Title: Commission for Personal Data Protection.
  • Headquarters and address of management: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2
  • Address for correspondence: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2
  • Telephone: 00359 2 915 3 518
  • Website: www.cpdp.bg

You can use all your rights regarding the protection of your personal data through the forms attached to this information. Of course, these forms are optional and you can submit your requests in any form that contains a statement to that effect and identifies you as the data holder.

If the consent relates to a transfer, the Controller shall describe the possible risks for the transfer of the data to third countries in the absence of a decision on adequate protection and appropriate means of protection.

Политика на поверителност *
Съгласен съм с политиката на поверителност

×

Basket