We understand that privacy and security of the personal information you share with us is extremely important. Because of that, our Privacy Policy sets out how we process your data and what are the measures we take to secure it. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.
This Privacy Policy applies to you if you provide us your personal data over the phone (call or SMS), online, through online registration form, via post or courier, social media, corporate or promotional website, through mobile application or other way. This Policy gives effect to our commitment to protect your personal information and has been adopted by all of the companies and businesses in our group (for more information, please look at section “Who are we?”).
When we say ‘we’ or ‘us’ in this Policy, we’re generally referring to the separate and distinct legal entities that are part of the group. These include:
It also includes any other businesses we add to this group in the future.
As a Controller of personal data, and in order to be able to fulfill our obligations under the General Data Protection Regulation, we may use your personal data for one, several or for all purposes listed below:
The processing of your personal data is based on one of the following lawful basis of processing:
4.1. With companies in the group
We may share your personal data with other companies in our group (described in the “Who we are?” section) when we have your consent to that. That’s how we can provide first-class service.
4.2. With our partners and/or providers
We work with partners and providers who can also process your personal data on our behalf but only if they meet our storage, processing and data protection standards! Such partners are:
We only provide them with information that is necessary to get the relevant product and / or service from us that you have requested or have shown interest for. For example, if you have indicated that you are interested in marketing information from us and / or our partners, you may see advertising messages about our products and / or services on websites you visit.
4.3. Other organisations or individuals:
We may provide your personal data to other organizations in certain cases. For example:
In any case, we will inform you before providing this information to third parties. If this is not feasible, we will inform you as soon as we have provided your data to third parties.
If for purposes described in this Privacy Policy we have to transfer your personal data to a third party (another of our group or our supplier and / or partner) whose headquarter is outside the EU or country with adequate level of security, you will be notified of this as well as of the measures with which your personal data will be protected. Your data may be transferred on the basis of a contract between us and the third party, in a manner approved by the relevant regulatory autority, and under an external arrangement approved by the relevant regulatory autority (eg. Data Shield in the Relationship between EU and US – ‘Privacy Shield’ or others).
When you explicitly agree to this, we will gladly share with you by email or phone our special offers, ideas, products and / or services when we have something to share with you.
If you do not agree or wish to withdraw your consent to receive emails from us, you may do so in one of the following ways:
7.1. Right to access and correction of your personal information
You have access to your personal data processed for the purposes outlined above. If we process this data and receive a request from you (or from a third party authorized by you), we will provide this access for free. You may also request a copy of your personal data we process.
Before we provide access to your personal data to you or to a person authorized by you, we may request proof of identity and details of your relationship with us or our partners so we can find the data that relates to you.
If any personal data we store and process for you is inaccurate or obsolete, you are entitled to ask us to correct them, including by adding a statement.
7.2. Right to delete your personal data
You may request to delete your personal details without undue delay if:
Under certain conditions, we may refuse to delete your personal information in the cases provided for by law.
7.3. Right to data portability and right of appeal
You may obtain the data we process for you in a structured, widely used and machine readable format to transfer your data to another Controller.
You have the right to file a complaint with the local regulator, the Personal Data Protection Commission (CPDP) or the court if you think your rights are being violated. For this purpose, you can visit the CPDP website at https://www.cpdp.bg/, where you will learn more.
7.4. Right of withdrawal of consent
You have the right to withdraw your consent to the processing of your personal data on our behalf at any time by submitting a request to us:
7.5. Right of objection
You have the right at any time to submit to us an objection to the processing of your personal data for purposes related to direct marketing, including profiling, in so far as it relates to direct marketing. The objection can be made by phone or by e-mail to the contact details listed above in p.7.4.
7.6. Restrict the processing of personal data
You have the right to request that we limit the processing of your personal data when you believe your personal data is inaccurate, the processing of your personal data is improper, we do not need your personal data for processing purposes, or you have objected to the processing of your personal data. In this case, personal data will only be stored but not processed.
7.7. The right not to be subject to an automated solution involving profiling
You have the right not to be subject to a fully automated solution, including profiling, when it generates legal issues for you or affects you considerably.
If you would like to exercise any of the rights described here, please contact us at the contacts listed in p. 7.4.
We store a record of your personal information in order to provide you with high quality and consistency of our services within the group. We always store and process your data in accordance with the law and we never keep it for longer than is necessary. In the massive case, unless otherwise specified, your data is stored for 5 (five) calendar years from the date of receipt or till the consent is withdrawn.
We treat your personal data as strictly confidential. To protect them, we take a number of measures, including:
If you wish to exercise any of the rights described in this Privacy Policy, or if you have a question or complaint about this Policy or the way your personal data is processed, please contact us in one of the following ways:
By email: privacy@mediaposthitmail.bg
By post: To Data Protection Officer of Mediapost Hit Mail Bulgaria, Sofia, 25, Petar Dertliev Blvd., Fl. 2
By phone: contact us on 02/962 86 29 in working hours from 09:00 to 17:30
This privacy Policy was most recently updated in 15.09.2020.