Privacy policy

Zeleneyko Ltd. (“the administrator”, “the company” or “Zeleneyko”), BULSTAT Unified Identification Code (UIC): BG206053563, address Krivolak 9, 1164 Sofia, Bulgaria, telephone number +359 889 659 191 and email address: contact@zeleneyko.com.

Information on the competent supervisory authority for the protection of personal data:

Name: Data Protection Authority
Address: Rue de la Presse, 35, 1000 Brussels
Telephone number: +32 (0)2 274 48 00
Company number: 0694.679.950
Website: https://www.autoriteprotectiondonnees.be/citoyen

The administrator carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 01 October 2015 on the protection of natural persons with regard to the processing of data of a personal nature and the free movement of such data. This information is intended to inform you about all aspects of the processing of your personal data by the Company and the rights you have in relation to this processing.

Basis for collecting, processing and storing your personal data
Art. 1. The administrator collects and processes your personal data in connection with the use of the website https://zeleneyko.com/, the conclusion of contracts with the company on the basis of Art. 1, of Regulation (EU) 2016/679 (GDPR), and in particular for the following reasons:
• Explicit consent obtained from you as a customer;
• Performance of the administrator’s obligations under a contract with you;
• Compliance with a legal obligation applicable to the director;
• For the purposes of the legitimate interests of the administrator or a third party.

Goals and principles in the collection, processing and storage of your personal data
Art. 2. (1) We collect and process the personal data that you provide to us in connection with the use of the website https://zeleneyko.com/ and the conclusion of a contract with the company, including for the following purposes:

  • Arranging consultations;
  • Individualization of a party to the contract;
  • Accounting purposes;
  • Information security protection;
  • Ensuring the implementation of the contract for the provision of the respective service.

(2) We follow the following principles when processing your personal data:

  • legality, good faith and transparency;
  • restriction of processing purposes;
  • relevance to the purposes of processing and minimizing the data collected;
  • accuracy and timeliness of data;
  • limitation of storage in order to achieve the objectives;
  • integrity and confidentiality of the processing and ensuring an appropriate level of security of personal data.

(3) During the processing and storage of personal data, the Administrator may process and store personal data in order to protect the following legitimate interests:

  • fulfillment of its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal bodies.

What types of personal data our company collects, processes and stores
Art. 3. The Company performs the following operations with the personal data provided by you for the following purposes:

  • Conclusion and execution of a commercial transaction with a client or partner – the purpose of this operation is the conclusion and execution of a contract with a commercial partner or client and its administration. Given the limited scope of the personal data collected and the fact that some of them are collected from publicly available sources, an impact assessment is not required to carry out an impact assessment of the operation.
  • Organizing a consultation – the purpose of this operation is to provide contact information in order to arrange the desired consultation. Given the limited scope of the personal data collected, an impact assessment is not required to carry out an impact assessment of the operation.
  • Sending information messages – the purpose of this activity is to administer the process of sending messages to customers that relate to improvements or changes in services. Given the limited scope of the personal data collected, an impact assessment is not required to carry out an impact assessment of the operation.
  • Art. 4. (1) The administrator shall process the following categories of personal data and information for the following purposes and on the following grounds: Data for request for consultation (name, surname, telephone, e-mail)
    Purpose for which the data are collected:
    Receiving contacts of the user in order to provide feedback for arranging a consultation and an introductory meeting.
    Grounds for processing your personal data – Your data for sending a newsletter are processed on the basis of your explicit consent – Art. 6, para. 1, p. (a) GDPR.

Other data that the Administrator processes – When registering for the newsletter, the Administrator collects data about the used IP address.
Purpose for which the data are collected:
Interface localization.
Grounds for data processing – the IP address is collected on the basis of realization of the legitimate interests of the administrator – art. 6, para. 1, p. (f) the GDPR;

Your data for issuing an invoice to a natural person (PIN)
Purpose for which the data are collected:
Issuance of an invoice for provided services.
Grounds for processing your personal data – Art. 6, para. 1, p. (b) GDPR.

(2) The administrator does not collect or process personal data relating to the following:

  • reveal racial or ethnic origin;
  • disclose political, religious or philosophical beliefs, or trade union membership;
  • genetic and biometric data, health data or data on sexual life or sexual orientation.

(3) Personal data is collected by the Administrator from the persons to whom it relates.
(4) The company does not perform automated decision making with data.

Term of storage of your personal data
Чл. 5. (1) The administrator stores your personal data for a period not longer than the withdrawal of consent for processing. The administrator takes the necessary care to delete and destroy all your data without undue delay or to anonymize it (ie to make it in a form that does not reveal your identity).
(2) The Administrator keeps your personal data provided in connection with a request for consultation for a period of 5 years for the purpose of protecting the legal interests of the Administrator in court or administrative disputes, and the accounting documents are stored for the relevant statutory period.
(3) The Administrator notifies you in case the data retention period needs to be extended in order to fulfill a regulatory obligation or in view of the legitimate interests of the Administrator or otherwise.
Art. 6. The Administrator shall store the personal data of the legal representatives of its business partners for the term of the contract, for observance of the legitimate interests and legal obligations of the Administrator, as this term may exceed the term of the concluded contract.

Transfer of your personal data for processing
Чл. 7. (1) The controller may, at its discretion, transfer some or all of your personal data to personal data processors for the fulfillment of the processing purposes you have agreed to, subject to the requirements of Regulation (EU) 2016/679 (GDPR).
(2) The administrator notifies you in case of intention to transfer part or all of your personal data to third countries or international organizations.

Your rights in the collection, processing and storage of your personal data
Withdrawal of consent for the processing of your personal data
Art. 8. (1) If you do not wish all or part of your personal data to continue to be processed by the Company for specific or all purposes of processing, you may at any time withdraw your consent to processing, by request in free text, which to send to e-mail address: contact@zeleneyko.com
(2) The administrator may request that you certify your identity and identity with the person to whom the data relate.

Right of access
Art. 9. (1) You have the right to request and receive from the Administrator confirmation whether personal data related to you are processed.
(2) You have the right to access the data related to you, as well as the information related to the collection, processing and storage of your personal data.
(3) The administrator shall provide you, upon request, with a copy of the processed personal data related to you, in electronic or other appropriate form.
(4) The provision of access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of recurrence or excessiveness of the requests.

Right of correction or completion
Art. 10. You can correct or fill in the inaccurate or incomplete personal data by making a request to the Administrator.

Right to delete (“to be forgotten”)
Art. 11. (1) You have the right to request from the Administrator deletion of part or all personal data related to you, and the Administrator has the obligation to delete them without undue delay, when there is any of the following reasons:

  • personal data are no longer needed for the purposes for which they were collected or otherwise processed;
    You withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
    You object to the processing of personal data relating to you, including for the purposes of direct marketing, and there are no legal grounds for processing to take precedence;
  • personal data have been processed illegally;
    personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the Controller;
    personal data have been collected in connection with the provision of information society services.

(2) The administrator is not obliged to delete personal data if it stores and processes:

  • to exercise the right to freedom of expression and the right to information;
  • to comply with a legal obligation requiring processing provided for in EU law or the law of a Member State applicable to the Administrator or for the performance of a task in the public interest or in the exercise of official powers conferred on him;
  • for reasons of public interest in the field of public health;
  • for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
  • for the establishment, exercise or defense of legal claims.

(3) In case of exercising your right to be forgotten, the Company will delete all your data, except for the following information:

information that is needed to verify that your right to be forgotten has been exercised.

(4) To exercise your right to be forgotten, you need to submit an application to the email address: contact@zeleneyko.com
(5) The administrator may request you to certify your identity and identity with the person to whom the data relate.
(6) The administrator shall not delete the data, which he has a legal obligation to store, including for protection on the occasion of court claims against him or proving of his rights.

Right of restriction
Art. 12. You have the right to ask the Administrator to restrict the processing of data related to you when:

  • challenge the accuracy of personal data for a period that allows the Administrator to verify the accuracy of personal data;
  • the processing is illegal, but you do not want the personal data to be deleted, only their use to be restricted;
  • The controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or protection of your legal claims;
  • You have objected to the processing pending verification that the legal grounds of the Administrator take precedence over your interests.

Right of portability
Art. 13. (1) You can at any time download the data that are stored and processed for you in connection with the use of the services of ZeleNeyko Ltd., with a request by email.

(2) You can ask the Administrator to directly transfer your personal data to an administrator specified by you, when this is technically feasible.

Right to receive information
Art. 14. You may request the Administrator to inform you of all recipients to whom the personal data for which correction, deletion or restriction of processing has been requested have been disclosed. The administrator may refuse to provide this information if this would be impossible or would require a disproportionate effort.

Right to object
Art. 15. You may object at any time to the processing of personal data by the Administrator relating to him, including if they are processed for the purposes of profiling or direct marketing.

Your rights in the event of a breach of the security of your personal data
Art. 16. (1) If the Administrator finds a violation of the security of your personal data, which may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the violation, as well as of the measures that have been taken or are to be taken. .
(2) The administrator is not obliged to notify you if:

  • has taken appropriate technical and organizational protection measures with regard to the data affected by the security breach;
  • has subsequently taken steps to ensure that the breach does not pose a high risk to your rights;
  • notification would require a disproportionate effort.

Art. 19. In case of violation of your rights under the above or applicable legislation on personal data protection, you have the right to file a complaint to the Commission for Personal Data Protection as follows:

Name: Data Protection Authority
Address: Rue de la Presse, 35, 1000 Brussels
Telephone number: +32 (0)2 274 48 00
Company number: 0694.679.950
Website: https://www.autoriteprotectiondonnees.be/citoyen

Art. 20. You can exercise all your rights regarding the protection of your personal data by submitting your requests in any form that contains a statement to that effect and identifies you as the owner of the data.

Art. 21. If the consent relates to a transfer, the controller shall describe the possible risks for the transfer of the data to third countries in the absence of a decision on adequate protection and appropriate means of protection.