top of page

Privacy Policy

Information about the Data Controller:

Y.S. Brothers Ltd. is a commercial company with registered office and management address at: Burgas, 8005, Slavyaykov district, No. 85, block 68, entrance 2, floor 4, apartment 10, registered in the Commercial Register at the Registry Agency with UIC 207798670.

Grounds for Processing Your Personal Data:

We process your personal data based on the following grounds:

1. Explicit Consent: The purpose is specified for each particular case.
2. Legal Obligation:

In the following sections, you will find information regarding the processing of your personal data based on the grounds on which we process them.

FOR CONTRACT EXECUTION OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS

We process your personal data to fulfill contractual and pre-contractual obligations and to exercise rights under the contracts concluded with you.

Purposes of Processing:

- Compliance with the general terms of use of the website.
- As required by law.

We do not provide your personal data to third parties, as our main goal is to offer you quality, fast, and comprehensive service.

We use an SSL certificate to ensure secure shopping for our customers. The certificate provides an encrypted connection between you and the site when you enter your personal data.

FOR LEGAL OBLIGATIONS

We may be legally required to process your personal data. In such cases, we are obliged to perform the processing, for example:

- Obligations under the Anti-Money Laundering Act;
- Compliance with obligations related to distance selling and off-premises sales as provided in the Consumer Protection Act;
- Providing information to the Commission for Consumer Protection or other third parties as stipulated in the Consumer Protection Act;
- Providing information to the Commission for Personal Data Protection concerning obligations under data protection regulations;
- Obligations under the Accounting Act and the Tax and Social Security Procedure Code, and other related regulations for lawful accounting;
- Providing information to courts and third parties in the course of judicial proceedings as required by applicable legislation;
- Verifying age when shopping online.

Data collected under a legal obligation is deleted after the obligation to collect and store it has been fulfilled or has ceased. For example:

- According to the Accounting Act for the storage and processing of accounting data (11 years),
- Obligations to provide information to courts and competent state authorities, and other bases as provided in applicable legislation (5 years).

When a legal obligation exists for us, we may provide your personal data to competent state authorities or other natural or legal persons.

AFTER YOUR CONSENT

Consent is a separate ground for processing your personal data, and the purpose of processing is specified in the consent, which does not overlap with the purposes listed in this policy. If you provide us with the relevant consent and until its withdrawal or termination of any contractual relationship with you, we prepare suitable offers for products/services.

Data collected on this basis is deleted upon your request or one year after its initial collection.

Y.S. Brothers has the right to collect and use information about CUSTOMERS after they place an order for goods or services. The information through which the individual can be identified may include:

- First name and surname
- Address
- Phone number
- Email
- Any other information voluntarily provided during the order.

This information also includes any other data that the CUSTOMER inputs, uses, or provides when utilizing the services offered by Y.S. Brothers.

Y.S. Brothers does NOT retain information regarding payment instruments used by CUSTOMERS, namely name, number, CVV of the bank card used by the CUSTOMER to complete an order.

PROCESSING OF ANONYMIZED DATA

We process your data for statistical purposes, which means for analyses in which the results are summarizing and therefore the data is anonymous. Identification of a specific person from this information is impossible.

How We Protect Your Personal Data

To ensure adequate protection of the company's and its clients' data, we apply all necessary organizational and technical measures as provided in the Personal Data Protection Act.

For maximum security during the processing, transfer, and storage of your data, we may use additional protective mechanisms such as encryption, pseudonymization, etc.

Rights of Users

Every user of the site is entitled to all rights for the protection of personal data under Bulgarian legislation and European Union law.

Every user has the right to:

- Be informed (regarding the processing of their personal data by the controller);
- Access their personal data;
- Correct (if the data is inaccurate);
- Delete personal data (the right to be forgotten);
- Restrict processing by the controller or the processor;
- Data portability between different controllers;
- Object to the processing of their personal data;
- Not be subject to a decision based solely on automated processing, including profiling, that has legal effects concerning them or similarly significantly affects them;
- Seek protection through judicial or administrative means if their data subject rights have been violated.

A user can request deletion if one of the following conditions is met:

- The personal data are no longer necessary for the purposes for which they were collected or processed;
- The user withdraws their consent on which the processing is based and there is no other legal basis for processing;
- The user objects to the processing and there are no legitimate grounds for processing that outweigh their interests;
- The personal data have been unlawfully processed;
- The personal data must be deleted to comply with a legal obligation under Union law or the law of a member state applicable to the controller;
- The personal data were collected in relation to the offering of information society services to children, and consent was given by the person holding parental responsibility for the child.

The user has the right to restrict the processing of their personal data by the controller when:

- They contest the accuracy of the personal data. In this case, the restriction of processing is for a period that allows the controller to verify the accuracy of the personal data;
- The processing is unlawful but the user does not wish for the personal data to be deleted and instead requests the restriction of their use;
- The controller no longer needs the personal data for processing purposes, but the user requires them for the establishment, exercise, or defense of legal claims;
- The user objects to the processing pending verification of whether the legitimate grounds of the controller override the interests of the user.

Right to Data Portability

The data subject has the right to receive personal data concerning them, which they have provided to the controller, in a structured, commonly used, and machine-readable format and has the right to transfer those data to another controller without hindrance from the original controller when the processing is based on consent or a contractual obligation and is carried out by automated means. When exercising their right to data portability, the data subject has the right to request a direct transfer of personal data from one controller to another, where technically feasible.

Right to Object

Users have the right to object to the processing of their personal data by the controller. The data controller must cease processing unless they demonstrate compelling legitimate grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. If the objection is against the processing of personal data for direct marketing purposes, the processing should cease immediately.

Complaint to the Supervisory Authority

Every user has the right to lodge a complaint against the unlawful processing of their personal data with the Commission for Personal Data Protection or with the competent Bulgarian court.

Commission for Personal Data Protection

- Headquarters and Management Address: Sofia 1592, Blvd. "Prof. Tzvetan Lazarov" No. 2
- Correspondence Address: Sofia 1592, Blvd. "Prof. Tzvetan Lazarov" No. 2
- Phone: +359 2 91-53-518
- Websitewww.cpdp.bg

Date: May 29, 2024

bottom of page