When using our web site your data is processed by HAPPY EAD, UIC 103924544, with address in Bulgaria, Varna Province, Varna Municipality, 9000 Varna, Odesos District, 25 Tsar Osvoboditel Blvd.

Please, be informed that we, HAPPY EAD, process your personal data for the following reasons:

1. Based on agreement – when you order some of our products;

2. Based on a law – when regulatory framework requires data processing;

3. Based on your explicit consent – in all other cases.

Bellow you, our clients, partners and visitors of our site, will find information about our data processing, depending on the relevant grounds.

1. WHEN YOU ORDER A PRODUCT

We process your personal data to fulfill our obligations to you originating from the agreement you have signed with us, as well as to benefit from our contractual rights.

Purposes of personal data processing:

• Your personal identification;

• Management and provisioning of your ordered products or services;

• Preparation of draft agreement, signed also electronically;

• Preparation and sending a bill/or invoice covering the products and/or services we offer;

• Full scale services linked to our products;

• Communication covering everything linked to our products and services;

• Preparation of user profile and maintaining customer history;

• Keeping correspondence linked to an order (placed and processed), reporting claims, problems, etc.

Type of personal data processed:

• Contact data – address, phone number and e-mail;

• Your identification data – full name, personal ID number or foreigner’s number, permanent address, passport data;

• Data on your customer orders via your user profile;

• E-mail, letters, information on your claim requests, or problems, claims, requests, complaints and any other feedback received by you;

• Any other information we need to provide a specific service when the lack of this information makes it impossible to render thе service;

• Customer number, code or another identifier created for customer identification;

• Other personal data delivered by you or a third party upon the conclusion or during the effect of an agreement with us, more specifically full name, personal ID number or foreigner’s number, permanent address of attorney, data on social networks profile, contact data, contact person, username, password (upon registration on our web page or other similar service).

Without processing the above personal data we can neither sign an agreement with you nor fulfill such agreement.

Provisioning of your data to third parties:

We provide your personal data to third parties to offer quality and complex services and fulfill our obligations originating from the agreement we have signed with you.

We do not submit your personal data to third parties before ensuring that all technical and organizational measures have been triggered to protect this data while striving to exercise strict control over implementation.

We provide personal data to the following categories of recipients (personal data administrators):

• Postal operators and couriers when products and documentation are sent;

• Individuals engaged through an employment or civil contract and involved in the selling, logistic, delivery, etc. processes;

• Payment servicing banks;

• Individuals who have been assigned maintenance of devices, software and hardware processing personal data and needed for the company’s activity;

• Individuals delivering consultancy in different sectors;

• Providers of marketing/telemarketing services;

• Providers of services linked to market research;

• Providers of IT services;

• Other companies acting as our partners in the development of joint programs selling on the market our products and services.

The data gathered on these grounds is erased 5 years after the fulfillment of our contractual liabilities to you. This time period complies with the 5-year period defined in the legislation and covering all possible claims originating from the signed agreement.

II. TO IMPLEMENT LEGAL OBLIGATIONS

We may be bound by law to process your personal data. In these cases we are due to process your data, for example in the following cases:

• Obligations under the Measures against Money Laundering Act;

• Fulfillment of obligations linked to distance sales, sales outside the commercial outlet, as envisaged in the Consumer Protection Act;

• Provisioning of information to the Consumer Protection Commission or third parties, as described in the Consumer Protection Act;

• Obligations subject to the Accounting Act and Tax and Social Insurance Procedure Code, or other related regulations linked to the lawful accounting;

• Provisioning of information to court and third parties within a court proceedings in compliance with the requirements of the applicable regulations;

• Age certification with online purchases.

We erase your data collected legitimately once we fulfill our obligation for data collection or when it is no longer valid.

Provisioning of your data to third parties:

When bound by law we may provide personal data to a competent state authority, or individual, or legal entity.

III. WHEN YOU HAVE PROVIDED YOUR EXPLICIT CONSENT

We process your personal data for the above reason only after explicit, irrevocable and voluntary consent by you. We do not foresee whatever adverse consequences for you should you decline your personal data processing.

If you give us the relevant consent and until its withdrawal, or termination of whatever contractual relations with you we will:

• Prepare customer-tailored products/services;

• Prepare offers containing customer-tailored products/services by partners of the company by processing your basic personal data;

Consent withdrawal

Your consent may be withdrawn at any moment. If you withdraw your consent for personal data processing we will not use your personal data and information for the above purposes.

To withdraw your consent you need to contact us by using the contact data.

Based on your consent we process your email and other information we have been explicitly authorized to do so.

Data collected on the above grounds is erased by your request or two years after the initial collection.

Anonymization and pseudonymization

We process data for strategic goals meaning analyses producing summary results. Therefore, the data employed is anonymous. Hence, it is impossible to identify a specific person in the above information.

Your data may be also anonymized. Anonymization is an alternative to data erasure. With anonymization all personal identifiable elements /elements allowing for identification/ are erased for eternity. The anonymized data is not subject to obligatory erasure since it does not represent personal data.

Your personal data protection

To ensure an adequate protection of company data and our clients we have introduced all necessary organizational and technical measures subject to the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and the Council, as well as the best practices described in international standards.

The company has adopted rules preventing security abuse and breakthrough.

To ensure maximum security when processing, transferring or storing your data we may use some extra tools for encryption, pseudonymization, etc.

We are working solely with data processors that ensure equivalent security standards.

Personal data obtained by third parties

In several cases we need to process your personal data that have not been provided by you or have not been collected by us but received by third parties. These are the following data:

• Data from social media like Facebook – user profile data;

• Data from our partners – fulfilling contractual obligations or after an explicit consent;

• Data from our users – data provisioning to counterparties, recommendations, etc.

User’s rights

As users you may exercise your rights via our web site or our contact data.

You possess all rights for personal data protection according to Bulgarian and EU legislation. Each user is entitled to:

• Being informed (when the administrator processes personal data);

• Access its own personal data;

• Correction (if data is inaccurate);

• Erasure of personal data (right to be forgotten);

• Restriction of processing by the administrator or the data processor;

• Personal data portability between the individual administrators;

• Object to processing his/her personal data;

• Not to be subject to a decision based solely on automatic processing including profiling, which produces legal effects concerning him or her, or similarly essentially affects him or her;

• Protection via court or administrative procedure in case of breach of your rights;

• You may request your data erasure if:

• the personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;

• you withdraw consent on which the processing is based and where there is no other legal grounds for the processing;

• you object to the processing and there are no overriding legitimate grounds for the processing;

• the personal data has been unlawfully processed;

• the personal data has to be erased for compliance with a legal obligation in law;

• the personal data has been collected in relation to the offer of information society services referred to a child and consent is given or authorised by the holder of parental responsibility over the child;

• You may restrict personal data processing by us when:

• You dispute the accuracy of the personal data;

• Data processing is not lawful but you do not wish erasure of the personal data and, instead, you restrict their usage;

• We no longer need personal data for processing purposes but you request these for ascertainment, exercise or protection of legal claims;

• You dispute data processing while expecting a check whether our legal grounds for processing take priority over your interests.

Right to portability

You shall have the right to receive the personal data concerning you, which you have provided to us and transmit those data to another administrator without hindrance from us where the processing is based on consent or on a contract and the processing is carried out by automated means.

Right to object

You shall have the right to object to processing of your personal data. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests or for the establishment, exercise or defence of legal claims. Where the data subject objects to processing for direct marketing purposes, the personal data shall immediately no longer be processed for such purposes.

Register maintenance

We maintain register of our processing activities. It contains the information described below:

• Our name and contacts;

• Description of the categories of data subjects and the categories of personal data processed by us;

• The categories of recipients to which personal data is or shall be disclosed, including recipients in third countries or international organizations;

• Where possible, set time periods for erasure of the different data categories;

• Where possible, general description of the technical and organizational security measures.

Right to complaint to the supervising authority in charge of personal data protection in Bulgaria

You may lodge a complaint against unlawful data processing to the Personal Data Protection Commission, with seat and registered address in 1592 Sofia, 2 Tsvetan Lazarov Blvd., phone 02 915 3 518, email: kzld@cpdp.bg, web: www.cpdp.bg  or the competent authority.

Cookie Policy

We use cookies to adapt the information and the offered services to your interests thus providing better experience with each visit on our web site. Cookies are linked only to an anonymous user and his/her computer. They do not represent references allowing for personal data abuse. Cookies are used only for statistical purposes to optimize the user’s experience on the web site. You may configure your browser to either inform of or reject the installation of the cookies used by us as described below without hindering your access to web contents. However, consider that the web site may respond slower.

Type of cookies. Depending on their persistence, cookies are session or persistent cookies. While session cookies cease to exist with browser closing by the user the persistent cookies cease to exist they have fulfilled their target (for example to identify you on the web site) or when manually erased. Besides, depending on their purpose, cookies may be classified as strictly necessary – essential for proper website functioning as usually they are generated the moment you login and are used to identify you or continue recognize you as user if you leave the website, or the browser, or the device, and come back later. Thus, they facilitate you surfing on the web eliminating the need of repeated identification. Additionally, cookies check whether a user has the right of access to specific services or zones on the web site. Or performance cookies – they are used to improve your experience with surfing on the web and to improve how a website works by storing the service’s configurations. Or advertisement cookies – they collect information from the advertisements you get on the website and are subdivided into two groups 1) anonymous – collecting information only for the advertising space on the web site regardless of your login as a user, i.e. without explicitly identifying you as user and 2) customer – collecting personal information about you as user of the web site via a third party-company for personalization of such advertising spaces. Or geographical location cookies – used to confirm your geographic location and provide contents or services adequate to your location. Or analysis cookies – they collect information about the user’s surfing on the web site, usually anonymous, but sometimes they recognize you as user unambiguously and unmistakably to collect information what services offered on the web site interest you as a consumer.

We use only permanent cookie for local storage with information that you have visited our website.

Cookie deactivation. If you wish, you may stop accepting cookies on your browser or stop accepting cookies from a particular service. All modern browsers allow for changing the settings of cookies. These settings are usually in Options menu or Preferences menu on your browser. You may deactivate the use of cookies on this website, at any moment, via:

• With Internet Explorer: Instruments -> Options for Internet -> Confidentiality -> Settings

For extra info you may consult Maintenance within Microsoft or use the Help option.

• With Chrome: Settings -> View extended settings -> Confidentiality -> Contents Settings.

For extra info, you may consult Maintenance within Google or use the Help option.

• With Firefox: Instruments -> Options -> Confidentiality -> History -> Personal settings

For extra info, you may consult Maintenance within Mozilla or use the Help option.

• With Safari: Preferences -> Security.

Should you deactivate the use of cookies on this website, most likely you will no longer have access to some website sections or your surfing on the website will be significantly affected.

This confidentiality policy is effective by 25 May 2018.

HAPPY EAD preserves its right to modify and/or amend this Policy at any moment. Changes take effect the moment they are posted on the website unless the updated Policy envisages otherwise. The Policy may be updated at any moment without special notification to the users of the website. HAPPY EAD cannot be held responsible if a user failed to get acquainted with the last version of this Policy.

Confirmed by:

Tedora Popova, CEO