Skip to content Skip to footer
Apply Now
0 items - 0.00  0
BrandBld

Privacy Policy

Close

PERSONAL DATA SECURITY POLICY

This document contains the Privacy Policy for individuals (“Policy”) and is related to the General Terms and Conditions, but is not an integral part of them, as it does not regulate rights and obligations, but aims to explain to users what personal data we process, in what way, for what purpose and what are the applicable security measures. Also, it provides information about the rights that you, our customers and users, have in connection with the processing of personal data by “Mutiv BG” Ltd. (www.brandbld.com). If the Policy changes, the changes will be published here.

Date of update: 17.02.2022

Your privacy is extremely important to us. This security policy discloses what personal information we collect from you through our joint relationships and how we use that information.

PERSONAL DATA ADMINISTRATOR

Mutiv BG OOD, UIC 206044443, with registered office and address of management: Razlog, 5 Tsar Samuil Str., e-mail: info@brandbld.com (hereinafter referred to as Abbreviation “BrandBld”, “We”, “Online Store”, “Website”, “Website”, “Administrator”) is a data controller, including personal, in relation to the information collected or provided when browsing the site www.brandbld.com or when making a purchase through the same, as well as when viewing or purchasing a product or service through our Facebook page (collectively referred to as “Site”, “Website”).

The policy also applies in cases where, as individuals (for “Entities”), you voluntarily provide us with personal data electronically (via e-mail), telephone or other means, including on site at our store or office. BrandBld also processes personal data from inquiries made by you to us, as well as for marketing and advertising purposes, profiling, participation in games, promotions and raffles organized by us and for any other purposes not prohibited by law. When processing personal data, BrandBld complies with all applicable data protection regulations, including but not limited to Regulation (EU) 2016/679 (the “Regulation”) and the Personal Data Protection Act, because for us security The personal data of our customers is of paramount importance. That’s why,

APPLICABILITY OF THE POLICY

This Policy applies to all our customers – individuals who use our services by ordering from the Site or who are interested in them by sending inquiries (hereinafter referred to as “data subjects”, “users”).

Partners and third parties who work with or for BrandBld, as well as who have or may have access to personal data, will be expected to know, understand and comply with this policy. No third party may access personal data held by BrandBld without the company having previously entered into a data confidentiality agreement which imposes on the third party obligations no less onerous than those incurred by BrandBld, and entitling BrandBld to verify compliance with the obligations imposed by the agreement.

This policy applies to all employees / workers (and stakeholders) of BrandBld, as well as to external suppliers of products and services with which BrandBld has contracts. Any breach of the General Regulation will be considered a breach of labor discipline, resp. as non-performance of contracts with partners, and in case there is a suspicion of a crime, the issue will be submitted for consideration as soon as possible to the relevant state authorities.

For the visitors of the Site, who do not place orders and do not send inquiries, but only browse our website, the Cookie Policy adopted and published on the Site applies.

DEFINITIONS

“Regulation” – General Data Protection Regulation 2016/679 of 27 April 2016, called GDPR. The purpose of this European legislation is to protect the “rights and freedoms” of individuals and to ensure that personal data are not processed without their knowledge and, where possible, that they are processed with their consent.

“Personal data” – any information relating to an identified or identifiable natural person (“data subject”); identifiable natural person is a person who can be identified directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more features specific to the physical, physiological , the genetic, mental, intellectual, economic, cultural or social identity of that individual.

“Special categories of personal data” – personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, or trade union membership and the processing of genetic data, biometric data for the unique identification of an individual, health data or data on the sexual life of an individual or sexual orientation.

“Processing” means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing, transmitting, disseminating or otherwise making the data accessible, arranging or combining, restricting, deleting or destroying it;

“Administrator” – any natural or legal person, public authority, agency or other entity which alone or jointly with others determines the purposes and means of personal data processing; where the purposes and means of such processing are determined by EU law or the law of a Member State, the controller or the specific criteria for determining it may be laid down in Union law or in the law of a Member State;

“Data subject” – any living natural person who is the subject of personal data stored by the Administrator.

“Consent of the data subject” – any freely expressed, specific, informed and unambiguous indication of the data subject’s will, by means of a statement or clearly confirmatory action expressing his consent to the processing of personal data relating to him;

“Child” – The General Regulation defines a child as anyone under the age of 16. The processing of a child’s personal data is lawful only if a parent or guardian has given consent. The administrator shall make reasonable efforts to verify in such cases that the holder of parental responsibility for the child has given or is authorized to give his or her consent.

“Profiling” – any form of automated processing of personal data, in the form of the use of personal data for the assessment of certain personal aspects related to an individual, and in particular for analyzing or forecasting aspects related to the performance of professional duties of that natural person, his economic condition, health, personal preferences, interests, reliability, conduct, location or movement;

“Violation of the security of personal data” – a breach of security that leads to accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed;

“Recipient” – a natural or legal person, public authority, agency or other entity to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a specific investigation in accordance with Union or Member State law shall not be considered as “recipients”; the processing of such data by those public authorities complies with the applicable data protection rules in accordance with the purposes of the processing;

“Third Party” means any natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and persons who, under the direct supervision of the controller or the processor, have the right to process personal data. ;

PRINCIPLES

When collecting and processing personal data, we are guided by the following principles: legality, good faith, transparency; limitation of objectives; minimizing data; accuracy; storage restriction; integrity and confidentiality; accountability.

SUBJECTS WHOSE DATA WE PROCESS

In connection with its activities, BrandBld concludes and executes distance sales contracts, considers job applications and proposals, forms for exercising the rights of consumer buyers, as well as requests of data subjects, responds to inquiries, issues and receives invoices , processes statistical data, manages a user panel on the site, performs advertising activities through advertising campaigns (promotions, games, etc.). In the course of these activities, BrandBld processes information on the following Data Subjects:

(a) individuals who use the site without registration without leaving any data (in this case we process data, but not personal) and individuals who use the site without registration who have provided a limited amount of personal data voluntarily ( example telephone number and or e-mail address);

(b) natural persons, users of the site with registration as registered users – in these cases we process data about the user, which he entered during registration – e-mail address, delivery address, names, invoicing data, order details, other data, entered by the user.

(c) natural persons who have made inquiries (including by phone), requests, initiatives, signals, complaints or other correspondence to us, including through the website, telephone, e-mail or otherwise;

(d) natural persons for whom information is contained in inquiries (including by phone), requests, initiatives, signals, complaints or other correspondence addressed to us;

(e) natural persons with whom we conclude contracts (civil, including commercial or employment, mostly distance contracts) electronically (through the website or social networks, as well as through electronic correspondence) or on site at our office or commercial establishment;

(f) natural persons whose data we have obtained by providing them to third parties (for example, in the case of a gift order).

PERSONAL DATA WE PROCESS

Depending on the reason for the processing of personal data, the type of such data may differ. The functionalities provided on the Site are not intended for storage and processing of special categories of data within the meaning of Art. 9 and Art. 10 of the Regulation. (NB! Read Article 9 and Article 10 – of the Regulation here). We only require such personal data that we need to provide the activity / service / product required by us. In the course of using the site by individuals, we may process other data that do not contain personal data, but relate to the subject, such as its IP address, data on its activity on the site and more. similar.

Data provided when placing an order
In order to fulfill a distance contract (order) concluded between you and BrandBld, we require certain information from you. You decide whether and how to use the opportunities for concluding a distance selling contract provided through the Site or Facebook page. In the forms through which personal data are entered, we clearly indicate the mandatory or voluntary nature of the provision of data. The data, the completion of which is obligatory, are such without which it is impossible to conclude the respective contract. These are: names, email address, delivery address, contact phone number, your payment information (eg bank card), billing information, including PIN, if you want an invoice for an individual. If you provide data to third parties,

Data provided during registration on the Site
In case you have chosen to store information about you on the Site by registering an account in the same, we store the above data and history of orders placed by each account registered on the Site. The required data match those required when ordering. Along with them, we also process IP address, activity data (time and date of registration, acceptance of Security Policy and General Terms and Conditions, login to an account, etc.);

Data provided when concluding other contracts
In cases where BrandBld concludes other contracts with individuals other than distance selling, we require three names, PIN, address, email address.
Data provided by, through and on other websites and applications called third parties
In certain cases, you have the opportunity to share information with social networks or use their sites to create your account or link your account on our website with the relevant social network. In this case, the social network may provide us with automatic access to certain personal information they have collected about you (e.g. the content you are viewing, the content you want, and information about the ads you have shown or clicked on, etc. .n.). By linking your social network account to your account on our website, you allow us to access your personal data processed by the respective social network and to collect, use and store this information in accordance with this Security Policy. This linking of a social network profile with registration on our website is done in the event that you click on a link provided to create a Registration on our website by including in social media, thus you voluntarily establish a link to the relevant site for social media. In case you have chosen to register on our site through a social network, we may process your data such as names, telephone, email, gender, marital status, age, photo, education, place of residence, place of residence and other data you have provided to these platforms and which are visible to us in case you log in with them on our site. thus you voluntarily establish a connection with the relevant social media site. In case you have chosen to register on our site through a social network, we may process your data such as names, telephone, email, gender, marital status, age, photo, education, place of residence, place of residence and other data you have provided to these platforms and which are visible to us in case you log in with them on our site. thus you voluntarily establish a connection with the relevant social media site. In case you have chosen to register on our site through a social network, we may process your data such as names, telephone, email, gender, marital status, age, photo, education, place of residence, place of residence and other data you have provided to these platforms and which are visible to us in case you log in with them on our site.

In the event that you provide your personal data to BrandBld via Viber, Skype, Facebook or another platform / social network, we inform you that these platforms / websites / social networks have their own privacy policies and that we do not accept any responsibility or liability for these rules insofar as their processing cannot be controlled by BrandBld. In this regard, we encourage you to check these policies before sending us your personal information through these websites / applications.
Data provided when publishing a comment, review, publication
If you leave a post or comment on this website, your IP address will be retained, along with your names, if you enter this information. This is for the safety of the website operator. If your text violates the law, he would like to be able to trace your identity. Apart from that, BrandBld has an obligation to store this data (called “traffic”) for certain periods and for certain purposes, as set out below. Due to the fact that sending comments, inquiries and other messages to the site, Facebook page / group or their administrators is sending an electronic statement, according to the Law on Electronic Document and Electronic Certification Services (“ZEDEUU”) the administrator has an obligation to maintain logs. the fact of sending the statement for a period of 1 year. The log shall contain the date of the statement,

Data of employees and data collected during the processing of job applications
We process data when concluding employment contracts and when evaluating and processing a job application. When concluding employment contracts, we require three names, PIN, address, age, gender, education data, work experience, bank data, and subsequently we process health data. When processing CVs, we process names, address, email address, age, gender, education, work experience, photo, data provided voluntarily by the candidate during an interview or in the CV.

Data provided in connection with correspondence, complaints and alerts
In order to resolve complaints, alerts, disputes, inquiries, requests or other questions addressed in communication to BrandBld, received through electronic forms on the Site, by calling BrandBld, by sending by regular or electronic mail, BrandBld stores and processes this information and the result of this processing. These can be names, email address, phone, address.

In addition, due to the fact that sending comments, inquiries and other messages to the site, Facebook page or their administrators is sending an electronic statement, according to the Law on Electronic Document and Electronic Certification Services (ZEDEUU) we have an obligation to keep a log of the fact of sending the statement (without its content) for a period of 1 / one / year. The log contains the date of the statement, the name and email address of the sender, and the identification of the sender.

If you provide us with personal information about someone else, you should only do so with the authorization of that person. You must inform them how we collect, use, disclose and store personal information in accordance with this Privacy Policy for individuals.

Technical data collected during the use of the Site
In addition, we collect information from your computer, phone, tablet or other device you use. This information may include the following:
● the identifier of the device you are using, the type of this device and the unique symbol for this device, “log data” or “log data”, including information that your browser automatically sends us when you visit a website; this log data includes the address of the Internet Protocol, the address and activity of the websites you visit, searches, type and settings of the browser, date and time of your request, how you used the site, cookie data and device data; if you want to get more details about the information we collect – contact us via the contact form.
● location information transmitted by the device, if you have set it to display location data – note that mobile devices allow you to control or disable the use of location services from any application on your mobile device in the device settings menu;
● computer and connection information, such as pageview statistics, IP address, site browsing history, language, date and time settings;
● logs to make your searches easier – quick links to repeat previous searches allow you to repeat your searches instead of entering them each time. The functionality can be used with or without registration. When using the Site, a cookie with a randomly generated number is stored in your browser, allowing the Site to show you quick links to repeat previous searches. The site stores and displays the last 10 searches associated with this browser, and when you log in to your account you can save and use it in it. If you use the Registration Service (currently inactive function), the last 10 searches are stored in your account;
● logs related to security, technical support, development, etc .:

  • To ensure the reliable operation of services and identify technical problems;
  • To ensure the security of services and detect malicious actions;
  • To develop and improve the services on the site;
  • To measure the traffic and usability of the site;
  • Logs in cases where this is required by law (such as logs of electronic declarations of intent);
  • User login (account) – this log allows you to detect and automatically block unauthorized attempts to access accounts; it is maintained for a period of up to 1 / one / year, containing the date and time of login to the account, status, whether the login is via mobile version, application or desktop browser, IP address;
  • server logs, security application logs (Web Application Firewalls), etc. devices falling into this category. These logs are needed to identify technical problems, detect malicious activity and more. from the above objectives; they are stored for up to 1 / one / year. Logs can contain the following information: date and time, IP address, URL, browser and device information. In addition, some devices may use cookie-based security technology;
  • cookies – for the operation of the Site it is necessary to use cookies. In connection with this, a Policy for the use of cookies has been adopted; read the Policy for more details on: the type of cookies we use, the period for their storage and use, etc .;

We may prefer to reduce the amount of data we store and process according to the purposes of the processing.

We do not require or will collect and process personal data that reveals: racial or ethnic origin; political, religious or philosophical beliefs; membership in trade unions; genetic and biometric data; data on health status, as well as data on sexual life or sexual orientation. If the subject himself, on his own initiative and desire, provides such categories of data, then BrandBld is not responsible for the provision, but only undertakes to provide them with the same protection measures as those provided for the requested personal data. We do not transfer data to third countries. Also, we do not make automated decisions regarding personal data and do not process data from persons under 16 years of age. If you are under 16,

FOR WHAT PURPOSE DO WE PROCESS YOUR DATA

The main purpose for which WE process your personal data is generally related to the provision of services through the Site and social networks, namely the conclusion of a contract for distance selling and delivery of goods and services ordered by you, as well as accounting of revenue. We also use your personal information to provide and improve our Services, to provide you with a personalized experience on our site, to contact you about your account and our Services, to provide you with a customer service, to provide you with personalized advertising and marketing according to your interests, to perform raffles and games organized by us, and in certain cases to detect and investigate fraudulent or illegal activities.

BrandBld collects, uses and processes the information described above for the purposes set out in this Policy, which may be related to:
• concluding a contract for the purchase and sale of goods / services at a distance between you and BrandBld through the Site or social networks – we require your data for identification, contact and payment in order to conclude a contract with you, respectively, to send you the order;
• concluding a consumer loan agreement when you have requested the purchase of goods or services from the Site through credit;
• processing payments and preventing fraudulent transactions (we may transfer your data to a third party to perform these functions);
• concluding employment contracts and processing and evaluating submitted CVs;
• protection and enforcement of the legitimate interests of other users of the Services, third parties and the Site – the legitimate interest pursues goals related to the legitimate interests of BrandBld and / or third parties. These objectives include:

  • detection and resolution of technical or problems with the functionality, development and improvement of the purpose of the Site;
  • communication with you, including electronically, on important issues related to the services provided by us and the implementation of contracts;
  • targeting our marketing, updating services and offering you promotional offers based on your preferences.
  • reception and processing of received signals, complaints, requests and other correspondence;
  • exercising and protecting the rights and legitimate interests of the Site, including in court, and providing assistance in exercising and protecting the rights and legitimate interests of other users of the Site and / or affected third parties;
  • administering the website and application and keeping them safe and secure;
  • analyzing and improving the use of our website, application and retail, (including using information about how you navigate our website, App and / or stores;
  • measuring and analyzing our advertising and sending you suggestions and recommendations based on the information you share with us;
  • communicate with you about your account, troubleshoot your account. When we contact you by phone to ensure efficiency, we may use automatic or pre-recorded calls and text messages;
  • informing you about products and services for which we wish to send you information by e-mail, mail, mobile phone and / or other digital means (depending on your stated preferences), including social media platforms – only when we have received explicit consent from You for that;
    • your registration on the website (in this case we will also use your personal information to maintain and update your account (such as changing your address or changing your marketing preferences)
    • administering all competitions / raffles / games on a lottery basis, conducted by BrandBld
    • provide you with location-based services (such as advertising, search results and other customized content);
    • the fulfillment of legal obligations of BrandBld, which includes:
  • fulfillment of obligations provided by law for preserving or providing information in view of our tax obligations to the state (for example, on the basis of the Accounting Act and other tax laws – VAT, VAT Act, CITA, TSPC, etc.);
  • fulfillment of legal obligations on the basis of the Labor Code, the Commercial Register Act and the register of non-profit legal entities, etc. normative acts;
  • execution of an order received by us from competent state or judicial bodies (for example, on the basis of the Ministry of Interior, the Criminal Procedure Code, the Energy Act);
  • fulfillment of obligations provided for in the Regulation on Personal Data Protection, related to your notification of various circumstances related to your rights, the Services provided or the protection of your data, etc. similar;
  • fulfillment of obligations provided for in the Consumer Protection Act, such as ensuring the right of withdrawal, the right to a legal guarantee;
     protection of BrandBld in court;
    Your data may be processed on the basis of your explicit consent, and the processing in this case is specific and to the extent and scope provided in the relevant consent. We usually require such consent from you when we wish to process your personal data without any legal obligation or legitimate interest in BrandBld. Most often we require such consent when we want to offer you information about new promotions, products and more.
  • PERIOD OF STORAGE OF YOUR PERSONAL DATA
  • When storing data, WE apply the general principle of data storage in a minimum amount and for a period not longer than necessary to provide the Services and perform contracts, ensuring their security and reliability and the requirements of the law. We will retain your personal information for a period of time that requires the fulfillment of the objectives set forth in the present “Privacy Policy”. According to the type of data and the purposes for which the data is collected, there is a specific time for collection, with the expiration of which the information is completely erased.

Data type
Storage period
Reason for processing

Explanations

Registration data (name, surname, e-mail address, telephone, address)
and
information about the registration and compliance with the Terms
(date, time, IP address)

Retention
period For the entire period of maintaining the account on the Site and up to 5 / five / years from the termination of registration
Reason
Execution of contractual relations; fulfillment of legal obligations; protection of legitimate interests;

The data identifies you as a registered user of the Site. In order to resolve possible disputes that have arisen or become known after the termination of the agreement for use of the Site and in connection with ZEDEUU (see below), this data is stored for up to 5 / five / years after termination of the account.

Important! On the basis of ZEDEUU (see below) part of this data must (activity, IP address) should be stored by the administrator for up to 1 / one / year from the termination of the account. The extension of the storage period is due to the protection of the legitimate interests of the administrator.

Personal data from orders and from invoices, payment documents (orders, statements), reports and other accounting, reporting and payment documents issued or received by the administrator.

Personal data from employment records of employees.

Retention
period For the period in which the rights and obligations of the parties to the legal relationship under which the accounting, reporting or payment document is issued, up to 5 years from the termination of the legal relationship;
Certain data are also stored for a longer legally defined period than the one mentioned above, as they represent accounting information – transaction data, invoicing data – between 5 and 50 years.

Grounds
Fulfillment of legal obligations and protection of the legitimate interests of the administrator.

Your data is identified as a party to the distance selling contract and is stored in order to ensure your rights, respectively. fulfillment of our legal obligations as taxpayers. Storage is also necessary in order to ensure the rights of buyers (individuals), when they are provided for a period (eg 2-year warranty). Legal obligations also require determining the retention period as described.

Personal data from correspondence, complaints and signals, requests, initiatives

Retention period
Data from correspondence, complaints, signals, requests, initiatives are stored for a period of up to 5 / five / years on the basis of the Law on Obligations and Contracts (limitation periods for filing claims);

Reason
Protection of the legitimate interests of the administrator

In order to resolve complaints, signals, disputes, inquiries, requests or other issues addressed to us in communication received by electronic means on the Site, by sending by regular or e-mail, We store and process this information and the result of this processing. Given the statute of limitations under Bulgarian law in order to resolve disputes, this information is stored for up to 5 / five / years.

Log certifying the sending of a comment, inquiry, order or other statement of intent (contains sender, recipient, date and time of the statement)
Storage
period For a period of 1 / one / up to 5 years.

Grounds
Fulfillment of legal obligations and protection of the legitimate interests of the administrator

Due to the fact that sending a comment, feedback, inquiry, other statement is sending an electronic statement from you to us according to ZEDEUU, the company is obliged to maintain a log of the fact of sending the statement for a period of 1 / one / year.

The legitimate interest of the administrator allows in certain cases to extend the period of storage of this data up to 5 years from the date of the statement.

Quick searches
do not contain personal data

Storage period
Until you delete them; until the termination of your registration or up to 6 / six / months, if you use this functionality without registration
Reason
Consent of the subject and protection of the legitimate interests of the administrator

This option allows you to repeat your searches instead of entering them each time. The functionality can be used with or without registration. Quick links are stored to repeat the last 10 searches. You can change the setting from the browser you are using.

Settings and System logs
do not contain personal data, they may contain information such as: date and time, IP address, URL, browser version and device information
Storage period
Until you delete them or cancel your registration. In case they are stored in the biscuit – between 6 / six / and 12 / twelve / months from the last use
Reason
Consent of the subject. Fulfillment of legal obligations and protection of the legitimate interests of the administrator

This category includes settings such as language selection and more. similar.
The control over the settings is yours and you can change them through your browser.
Server logs, Web Application Firewalls, and more. devices falling into this category. These logs are needed to identify technical problems and / or detect malicious activity.

Information stored in a mobile application
For the period of its use (until its uninstallation)
Information required for the technical provision of the Services (such as settings, etc.)

Cookies Storage period
Between 6 and 12 months – according to the type of cookie and the settings of your browser
Reason
Consent of the subject and protection of the legitimate interests of the GMS
For a description of the cookies used, see “Cookies Policy”

Exceptions to the rules on retention periods
Please note that we will not delete or anonymize your personal data if it is necessary for pending court, administrative, arbitration, enforcement or proceedings before your complaint before us. Deletion will be carried out after the need for data is eliminated, and it is possible that this will be after the expiration of the deadlines mentioned above.

You can always ask us to delete certain information or close your account, and we will respond to this request by retaining certain information, even after closing the account when applicable law or legitimate interests so require. If we have a legal obligation, or if we reasonably need to comply with regulatory requirements, resolve disputes, prevent fraud or abuse, or enforce our terms, we may retain some of your personal information for a limited period of time, even after you delete it. Your profile.

In order to ensure the reliability of the services and prevent data loss for technical reasons, the Site applies a data reservation policy. The maximum period for updating (deleting data) from all backups is 30 days.

DO WE SHARE YOUR PERSONAL DATA TO THIRD PARTIES

BrandBld, respectively the Site, does not provide your personal data to third parties, unless there is a legal basis for this – an obligation under law or contract, a legitimate or vital interest, your consent. We try to minimize the personal data we disclose, as this is always directly related and necessary to achieve the goal. We do not sell, rent or otherwise disclose your personal information to third parties for their marketing and advertising purposes without your consent. We guarantee that access to your data from private third parties is carried out in accordance with the legal provisions in the field of data protection and confidentiality of information, based on contracts concluded with them.

We may disclose your personal information when we are subject to a legal obligation. In certain cases, BrandBld is obliged to disclose your data to public authorities such as the police, prosecutors, courts, in connection with the prevention or detection of crime. This includes exchanging information with other companies and organizations to protect against fraud and reduce credit risk. You should be aware that if we are asked by the police or another regulatory or government agency that investigates alleged illegal activities, to provide you with personal information or other information that we receive about you, we have the right to do so after verifying the merits of the request of the state authorities. When we receive sales revenue, we may be obliged by the revenue authorities to provide sales data, containing data from your orders, including personal ones. In this regard, we provide your data to the accounting firms we work with. It is the legal obligation of the Site and of BrandBld to protect the security of the networks and the data processed by the company. In this regard, we apply a number of measures, the implementation of which may require the processing of your data by IT companies that take care of security in our company.

We could have a contractual obligation to provide your data in the case of a distance selling contract concluded with you, under which we are obliged to provide the goods or services requested by you by courier. The same is true if you have chosen to purchase, pay for a product or service from our Site through payment, credit or banking services, to whose providers you personally share your data or assign it to us. If you have chosen to insure a product / service during the purchase through the Site, then through the order your data is shared with the insurance companies. If we install a purchased product through a subcontractor, we may provide your data to the same to perform the service / warranty service.

Our legitimate interest justifies in certain cases the provision of personal data to third parties. Such would be the situation with initiated proceedings before the Commission for Personal Data Protection, the Commission for Consumer Protection and other state authorities. There is a legitimate interest in BrandBld when we engage other companies and individuals to perform certain tasks on our behalf, complementing our services, under data processing contracts. We would like you to always be aware of the best offers for the products / services you are interested in. In this regard, we may provide certain of your data – only with your express consent, to providers of marketing / telemarketing services and other companies with whom we may develop joint programs to market our goods and services.

Our website may also contain links to and from third party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before submitting information to these websites. Our site uses YouTube LLC, represented by Google Inc. to integrate videos. Typically, when you visit an embedded video page, your IP address will be sent to YouTube and cookies will be installed on your device. However, our YouTube videos are integrated in privacy mode (in which case YouTube is still in contact with Google’s DoubleClick service. but personal data is not used in accordance with Google’s privacy policy). As a result, YouTube does not store any visitor information unless you are watching the video itself. If you click on the video, your IP address will be sent to YouTube and YouTube will know that you watched the video. If you signed in to YouTube through your profile, this information will also be associated with your profile (you can prevent this by logging out of YouTube before clicking on the video to watch it). We have no information about the possible collection and use of your data from YouTube. For more information, see the YouTube Privacy Statement at www.google.com/intl/en/policies/privacy/. As a result, YouTube does not store any visitor information unless you are watching the video itself. If you click on the video, your IP address will be sent to YouTube and YouTube will know that you watched the video. If you signed in to YouTube through your profile, this information will also be associated with your profile (you can prevent this by logging out of YouTube before clicking on the video to watch it). We have no information about the possible collection and use of your data from YouTube. For more information, see the YouTube Privacy Statement at www.google.com/intl/en/policies/privacy/. As a result, YouTube does not store any visitor information unless you are watching the video itself. If you click on the video, your IP address will be sent to YouTube and YouTube will know that you watched the video. If you signed in to YouTube through your profile, this information will also be associated with your profile (you can prevent this by logging out of YouTube before clicking on the video to watch it). We have no information about the possible collection and use of your data from YouTube. For more information, see the YouTube Privacy Statement at www.google.com/intl/en/policies/privacy/. If you signed in to YouTube through your profile, this information will also be associated with your profile (you can prevent this by logging out of YouTube before clicking on the video to watch it). We have no information about the possible collection and use of your data from YouTube. For more information, see the YouTube Privacy Statement at www.google.com/intl/en/policies/privacy/. If you signed in to YouTube through your profile, this information will also be associated with your profile (you can prevent this by logging out of YouTube before clicking on the video to watch it). We have no information about the possible collection and use of your data from YouTube. For more information, see the YouTube Privacy Statement at www.google.com/intl/en/policies/privacy/.

TO WHICH COUNTRIES DO WE TRANSMIT YOUR PERSONAL DATA

We currently store and process your personal data in Bulgaria.

However, some of your personal data may be transferred to entities located inside or outside the European Union, including in countries for which the European Commission has not recognized an adequate level of personal data protection.

We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Data transfers to service providers and other third parties will always be protected from contractual obligations and, where appropriate, from other guarantees, such as standard contractual clauses issued by the European Commission or certification schemes such as the Privacy Shield of personal data transmitted from the EU to the United States.

You may contact us at any time using the contact details provided at the end of the Policy to find out which countries we are transmitting your data to and what are the safeguards we apply to such data transfers.

YOUR RIGHTS IN RELATION TO YOUR PERSONAL DATA

According to the General Data Protection Regulation, you have the following rights:

Right to be informed
This Policy aims to inform you in detail about the processing of your personal data in connection with the processing of your personal data. When there is a risk of breach of security of your personal data, the controller is obliged to inform you about the nature of the breach and what measures have been taken to eliminate it, as well as whether the supervisory authority has been notified of the breach. The data subject may also request information on all recipients to whom the personal data for which correction, deletion or restriction of processing has been requested have been disclosed.

Right of access
You have the right to receive confirmation that your personal data is being processed, access to them and information on how they are processed and your rights in this regard. As a data subject, you have the right to request confirmation of whether your personal data is being processed and, if so, to have access to your data and the following information: for what purpose the data are being processed, what personal data, data recipients, processing time . Requests for access must be made in writing / electronically and addressed to the administrator. In this case, we provide a copy of the processed personal data in electronic or other appropriate form.

Right of correction
You have the right to correct and supplement your personal data in case it is incomplete or inaccurate. For registered users this option is also valid in the user panel on the Site. Unregistered users can obtain this information by requesting the administrator. As a data subject, you have the right to request the correction or addition of your personal data that is inaccurate / out of date or incomplete. You must submit a separate request for this purpose. Your request will be answered by the administrator in writing to the e-mail address provided by you.

Right to be deleted (right to be “forgotten”) and account closure
As a personal data subject, you have the right to “be forgotten”, ie. to request that your personal data be deleted without undue delay, ie. the administrator to delete your personal data from all systems and records where they are stored, including notifying all third parties / processors of personal data to whom he has provided the data.

If you wish, you have the opportunity to close your account on the site at any time. This option is also valid in the user panel on the Site. After closing the account, all or part of the data is deleted. In connection with our obligations, responsibilities and requirements of the law (eg WEU or WEEE), it is possible to store certain data for a certain period (see the section above).

In order to ensure the reliability of the services and prevent data loss for technical reasons, the Site applies a data reservation policy. The maximum period for updating (deleting data) from all backups is 30 days.

A request for deletion may be submitted on the grounds provided for in the Regulation, incl. in the presence of any of the following grounds:

  • personal data are no longer needed for the purposes for which they were collected;
  • when you have withdrawn your consent;
  • when you have objected to the processing of personal data and there are no legal grounds for processing to take precedence;
  • when the processing is illegal;
  • where personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller;
  • when personal data have been collected in connection with the provision of information society services.

Please note that we may refuse to delete part or all of your personal data in cases where there is a substantial reason and / or legal obligation to process it. You will be informed in a timely manner. The controller may refuse to delete personal data on the grounds specified in the Regulation – when the processing of specific data is for the purpose of:

  • to exercise the right to freedom of expression and the right to information;
  • to comply with a legal obligation requiring processing provided for in EU or Member State law applicable to the Administrator or for the performance of a task in the public interest or in the exercise of official powers conferred on him or her;
  • for reasons of public interest in the field of public health;
  • for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
  • for the establishment, exercise or defense of legal claims;

Right of restriction on data processing
The General Data Protection Regulation provides for the possibility to restrict the processing of your personal data if there are grounds for doing so. Restrictions are allowed in the following cases:

  • when you believe that your personal data is not accurate, in which case the restriction is for the period necessary for the administrator to verify the accuracy;
  • when the processing of your personal data is illegal, but you do not want them to be deleted, but you only want their use to be restricted;
  • when the controller no longer needs your personal data for the purposes of processing, but you, as the data subject, require them for the establishment, exercise or protection of legal claims;
  • when you have objected to the processing pending verification that the administrator’s legal grounds take precedence over your interests.

Right to notify third parties
If applicable, you have the right to ask the controller of your personal data to notify third parties when he has provided your data, regarding the correction, deletion or restriction of the processing of your personal data.

Right to data portability
You have the right to receive personal data that concern you and that you have provided in a structured, widely used and machine-readable format and has the right to transfer this data to another controller without hindrance by us, in case that the processing is based on consent or a contractual obligation or the processing is carried out in an automated manner.

Important: The responsibility for the storage of data exported from the Site, as well as for all consequences of their provision to other administrators is entirely yours.
Right not to be the subject of a decision based solely on automated processing
You have the right not to be the subject of such automated processing, including profiling, which has legal consequences for you or similarly affects you significantly, unless the the applicable legislation on personal data protection justifies this and provides appropriate guarantees for the protection of your rights, freedoms and legitimate interests.

Right to withdraw consent
You have the right, at any time, to withdraw your consent given in connection with the processing of personal data on the basis of your prior consent. Such withdrawal shall not affect the lawfulness of the processing based on the consent given until the withdrawal. For services such as subscription to e-mail ads, the subscription for which is based on your wish (consent), there is a possibility to terminate the subscription at any time (withdrawal of consent). In the event of withdrawal of consent, we have the right to request that the identity of the applicant be verified in order to establish the identity of the data subject.

Right to object
You have the right to object to data processed on the basis of a legitimate interest. In the event of such an objection, We will consider your request and, if justified, will comply with it. If we believe that there are compelling legal grounds for processing or that it is necessary to establish, exercise or defend legal claims, we will inform you.

Right to appeal to a supervisory authority
You have the right to lodge a complaint against our company (data controller) with the supervisory authority if you believe that the processing of personal data concerning you violates applicable personal data protection legislation. The supervisory body in the Republic of Bulgaria is the Commission for Personal Data Protection with address: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov ”№ 2, e-mail kzld@cpdp.bg, website: www.cpdp.bg, phone: 02 915 3 518.

HOW YOU CAN EXERCISE YOUR RIGHTS. DEADLINES FOR PRONOUNCEMENT

You can exercise these rights free of charge at any time, by email or by request sent to the addresses listed in the contact form on the Site or at the end of this Security Policy, and you can address your requests both to the administrator and directly to the Data Protection Officer. Requests shall be made in a way that allows the identity of the applicant to be identified. With regard to some rights, technical possibilities for exercising them may be applicable, such as the Unsubscribe button. In any case, the administrator should respond to the request or rule on the exercise of the right to the address provided in the request, including electronic within one month of receipt.

In the event that you exercise these rights manifestly unreasonably or excessively, in particular because of its recurrence, we reserve the right to charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the requested action, or refusing to take action. the request. We will inform you of our fees, if applicable, before ruling on your request.

ACCURACY OF INFORMATION

We are not responsible for the accuracy of the data provided by you, we do not perform checks in this regard and we do not guarantee the actual identity of the individuals who provided the data. In all cases of suspicion on your part, of established fraud and / or abuse, please notify us immediately. You undertake not to violate the rights of others in connection with the protection of their personal data or other rights when providing any information on the Site.

GENERAL INFORMATION ON POLICY

This Privacy Policy may be amended or supplemented due to changes in applicable Bulgarian or European legislation, at the initiative of BrandBld or a competent authority.

BrandBld will inform users of changes or additions to this Privacy Policy by publishing the updated Privacy Policy on our website.

It is recommended that users periodically check the latest version of this Privacy Policy on the BrandBld website.

HOW WE PROTECT YOUR RIGHTS

SECURITY MEASURES

In order to ensure the best possible data protection of the company and our customers / users / co-contractors / visitors to the Site, WE apply all necessary organizational and technical measures provided for in the General Regulation on Data Protection and the Personal Data Protection Act, as well as best practices from international standards. We apply the appropriate and necessary level of protection and to this end we have developed efficient physical, electronic and administrative procedures to protect the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to transmitted, stored or otherwise processed personal data.

We store your data on secure servers using the latest encryption algorithms and ensure backup storage.
The company has adopted the necessary rules and procedures related to the lawful processing of your personal data, incl. A data breach action plan has established structures to prevent security breaches and breaches, and has designated a Data Protection Officer to assist in the lawful processing, protection and security of your data.

Access to your personal data is allowed only to those employees, service providers or related persons on the principle of the need for information for official purposes or who need it to perform their official duties. All employees are required to be trained and to accept the relevant contractual clauses / declarations / rules for compliance with organizational and technical access measures before they are granted access to information of any kind.

A principle in our structure is that all employees are responsible for ensuring the security of the storage of the data for which they are responsible and which we process, and that the data is stored securely and not disclosed under any circumstances. third parties, unless we have granted such rights to that third party by concluding a contract / confidentiality clause. In this regard, all personal data are available only to those who need them, and access can be granted only in accordance with the established rules for access control. All personal data is treated with the utmost security and stored:
● in a separate room with controlled access; and / or
● in a locked cabinet to which authorized persons have access; and / or
● computerized system, password protected in accordance with the internal requirements specified in the organizational and technical measures for controlling access to; and / or
● computer media that are protected in accordance with the organizational and technical measures for controlling access to information;

Personal data shall be deleted or destroyed only in accordance with internal procedures for the storage and destruction of data.

For maximum security in the processing, transfer and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, back up backup technology.

We use a payment service to process payments. All payment information is encrypted using SSL technology.

When you post to forums, chat rooms or social networking services, the personal information you share is visible to other users and may be read, collected or used by them. In these cases, you are responsible for the personal information you choose to provide.

Despite the measures we take to protect your personal data, we are aware that the transmission of information over the Internet or other public networks is generally not completely secure, and there is a risk that the data may be viewed and used by unauthorized third parties. We cannot accept responsibility for these vulnerabilities in systems that are not under our control. In the event of a leak containing personal data, we guarantee that we will comply with all applicable notification rules in such cases.

COOKIE POLICY

As an integral part of this Privacy Policy for individuals, BrandBld has adopted a Policy for the use of cookies, published and available both on the Site and on our Facebook page.

CONTACT WITH US

DATA PROTECTION RESPONSIBLE PERSON

Questions and requests related to the exercise of the rights to protection of your personal data can be addressed to BrandBld, through the contact form available on the Site or through one of the following contact forms:
“Mutiv BG” Ltd., UIC 206044443, gr. Razlog, 5 Tsar Samuil Street

DATA PROTECTION RESPONSIBLE PERSON
Responsible for data protection is Mutiv BG LTD
Address for correspondence: Razlog, 5 Tsar Samuil Str.
Email: info@brandbld.com

2. Data Collected
Data Storage Location

We are a Cyprus based company and operate web servers hosted in Germany. Our hosting provider Hetzner Online GmbH adheres to the EU/US “Privacy Shield”, ensuring that your data is securely stored and GDPR compliant. For more information on Hetzner Online GmbH privacy policy, please see here: Hetzner Data Privacy Policy

Registration Data

If you register on our website, we store your chosen username and your email address and any additional personal information added to your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit this information.

Purchase Data

To receive product support, you have to have one or more Envato/ThemeRex purchase codes on our website. These purchase codes will be stored together with support expiration dates and your user data. This is required for us to provide you with downloads, product support, and other customer services.

Support Data

If you have registered on our website and have a valid support account, you can submit support tickets for assistance. Support form submissions are sent to our third party Ticksy ticketing system. Only the data you explicitly provided is sent, and you are asked for consent, each time you want to create a new support ticket. Ticksy adheres to the EU/US “Privacy Shield” and you can see their privacy policy here: Ticksy Privacy Policy.

Comments

When you leave comments on the website we collect the data shown in the comments form, and also the IP address and browser user agent string to help spam detection.

Contact Form

Information submitted through the contact form on our site is sent to our company email, hosted by Zoho. Zoho adheres to the EU/US “Privacy Shield” policy and you can find more information about this here: Zoho Privacy Policy.

These submissions are only kept for customer service purposes they are never used for marketing purposes or shared with third parties.

Google Analytics

We use Google Analytics on our site for anonymous reporting of site usage. So, no personalized data is stored. If you would like to opt-out of Google Analytics monitoring your behavior on our website please use this link: Google Analytics Opt-out.

Cases for Using the Personal Data

We use your personal information in the following cases:

  • Verification/identification of the user during website usage;
  • Providing Technical Assistance;
  • Sending updates to our users with important information to inform about news/changes;
  • Checking the accounts’ activity in order to prevent fraudulent transactions and ensure the security
  • over our customers’ personal information;
  • Customize the website to make your experience more personal and engaging;
  • Guarantee overall performance and administrative functions run smoothly.
3. Embedded Content
Pages on this site may include embedded content, like YouTube videos, for example. Embedded content from other websites behaves in the exact same way as if you visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. Below you can find a list of the services we use:
Facebook
The Facebook page plugin is used to display our Facebook timeline on our site. Facebook has its own cookie and privacy policies over which we have no control. There is no installation of cookies from Facebook and your IP is not sent to a Facebook server until you consent to it. See their privacy policy here: Facebook Privacy Policy .
Twitter
We use the Twitter API to display our tweets timeline on our site. Twitter has its own cookie and privacy policies over which we have no control. Your IP is not sent to a Twitter server until you consent to it. See their privacy policy here: Twitter Privacy Policy .
Youtube
We use YouTube videos embedded on our site. YouTube has its own cookie and privacy policies over which we have no control. There is no installation of cookies from YouTube and your IP is not sent to a YouTube server until you consent to it. See their privacy policy here: YouTube Privacy Policy.
4. Cookies
This site uses cookies – small text files that are placed on your machine to help the site provide a better user experience. In general, cookies are used to retain user preferences, store information for things like shopping carts, and provide anonymised tracking data to third party applications like Google Analytics. Cookies generally exist to make your browsing experience better. However, you may prefer to disable cookies on this site and on others. The most effective way to do this is to disable cookies in your browser. We suggest consulting the help section of your browser.
Necessary Cookies (all site visitors)
  • cfduid: Is used for our CDN CloudFlare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. See more information on privacy here: CloudFlare Privacy Policy.
  • PHPSESSID: To identify your unique session on the website.
Necessary Cookies (Additional for Logged in Customers)
  • wp-auth: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
  • wordpress_logged_in_{hash}: Used by WordPress to authenticate logged-in visitors, password authentication and user verification.
  • wordpress_test_cookie Used by WordPress to ensure cookies are working correctly.
  • wp-settings-[UID]: WordPress sets a few wp-settings-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
  • wp-settings-[UID]:WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface.
5. Who Has Access To Your Data
If you are not a registered client for our site, there is no personal information we can retain or view regarding yourself. If you are a client with a registered account, your personal information can be accessed by:
  • Our system administrators.
  • Our supporters when they (in order to provide support) need to get the information about the client accounts and access.
6. Third Party Access to Your Data
We don’t share your data with third-parties in a way as to reveal any of your personal information like email, name, etc. The only exceptions to that rule are for partners we have to share limited data with in order to provide the services you expect from us. Please see below:
Envato Pty Ltd
For the purpose of validating and getting your purchase information regarding licenses for this theme, we send your provided tokens and purchase keys to Envato Pty Ltd and use the response from their API to register your validated support data. See the Envato privacy policy here: Envato Privacy Policy.
Ticksy
Ticksy provides the support ticketing platform we use to handle support requests. The data they receive is limited to the data you explicitly provide and consent to being set when you create a support ticket. Ticksy adheres to the EU/US “Privacy Shield” and you can see their privacy policy here: Ticksy Privacy Policy.
7. How Long We Retain Your Data For
When you submit a support ticket or a comment, its metadata is retained until (if) you tell us to remove it. We use this data so that we can recognize you and approve your comments automatically instead of holding them for moderation. If you register on our website, we also store the personal information you provide in your user profile. You can see, edit, or delete your personal information at any time (except changing your username). Website administrators can also see and edit that information.
8. Security Measures
We use the SSL/HTTPS protocol throughout our site. This encrypts our user communications with the servers so that personally identifiable information is not captured/hijacked by third parties without authorization. In case of a data breach, system administrators will immediately take all needed steps to ensure system integrity, will contact affected users and will attempt to reset passwords if needed.
9. Your Data Rights
General Rights

If you have a registered account on this website or have left comments, you can request an exported file of the personal data we retain, including any additional data you have provided to us.

You can also request that we erase any of the personal data we have stored. This does not include any data we are obliged to keep for administrative, legal, or security purposes. In short, we cannot erase data that is vital to you being an active customer (i.e. basic account information like an email address).
If you wish that all of your data is erased, we will no longer be able to offer any support or other product-related services to you.

GDPR Rights

Your privacy is critically important to us. Going forward with the GDPR we aim to support the GDPR standard. ThemeRex permits residents of the European Union to use its Service. Therefore, it is the intent of ThemeRex to comply with the European General Data Protection Regulation. For more details please see here: EU GDPR Information Portal.

10. Third Party Websites

ThemeREX may post links to third party websites on this website. These third party websites are not screened for privacy or security compliance by ThemeRex , and you release us from any liability for the conduct of these third party websites.
All social media sharing links, either displayed as text links or social media icons do not connect you to any of the associated third parties unless you explicitly click on them.

Please be aware that this Privacy Policy, and any other policies in place, in addition to any amendments, does not create rights enforceable by third parties or require disclosure of any personal information relating to members of the Service or Site. ThemeRex bears no responsibility for the information collected or used by any advertiser or third party website. Please review the privacy policy and terms of service for each site you visit through third party links.

11. Release of Your Data for Legal Purposes

At times it may become necessary or desirable to ThemeRex , for legal purposes, to release your information in response to a request from a government agency or a private litigant. You agree that we may disclose your information to a third party where we believe, in good faith, that it is desirable to do so for the purposes of a civil action, criminal investigation, or other legal matter. In the event that we receive a subpoena affecting your privacy, we may elect to notify you to give you an opportunity to file a motion to quash the subpoena, or we may attempt to quash it ourselves, but we are not obligated to do either. We may also proactively report you, and release your information to, third parties where we believe that it is prudent to do so for legal reasons, such as our belief that you have engaged in fraudulent activities. You release us from any damages that may arise from or relate to the release of your information to a request from law enforcement agencies or private litigants.

Any passing on of personal data for legal purposes will only be done in compliance with laws of the country you reside in.

We'll build the identity
of your brand.

Brand Bld © 2022. All Rights Reserved. Mutiv BG LLC 206044443, registered in the Registry Agency in the Republic of Bulgaria. 2760 Razlog, 5 Tsar Samuil.

+1 840 841 25 69
info@email.com