Privacy Policy

Cookie Settings

Information about the personal data controller:
“DIGICON” Ltd. is a company registered in the Commercial Register of the Registry Agency under UIC BG205416549, with registered office and management address: Haskovo, 9 G. S. Rakovski Blvd., Tel: +359 887 825093; e-mail: [email protected]

Legal bases and purposes for which we use your personal data
We process your personal data on the following grounds:

  • The contract concluded between you and us, in order to fulfill our obligations under it;

  • Your explicit consent – the purpose is specified in each specific case;

  • A legal obligation provided by law;

  • Our legitimate interest.

In this Privacy Policy you will find detailed information regarding the processing of your personal data depending on the legal basis on which we process them.

FOR THE PERFORMANCE OF A CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS
We process your personal data in order to fulfill contractual and pre-contractual obligations and to exercise the rights under the contracts concluded with you.

Purposes of processing:

  • establishing your identity;

  • managing and fulfilling your request and performing a concluded contract;

  • preparing an offer for concluding a contract;

  • issuing and sending a bill/invoice for the services you use with us;

  • providing you with comprehensive service and collecting the amounts due for the services used;

  • retaining correspondence related to orders placed, request processing, problem reporting, etc.;

  • notifications about anything related to the services you use with us;

  • establishing and/or preventing unlawful actions or actions contrary to our terms for the respective services.


Data we process on this basis:
On the basis of the contract concluded between you and us, we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:

  • contact personal data – contact address, email, telephone number;

  • identification data – full name, date of birth, permanent address;

  • data on orders placed;

  • correspondence related to the overall service – emails, letters, information about your requests for troubleshooting, complaints, petitions, grievances, feedback received from you;

  • credit or debit card information, bank account number, or other banking and payment information related to payments made;

  • data related to order fulfillment such as photos, inscriptions, and other materials.

The processing of certain personal data listed above is mandatory for us in order to conclude and perform the contract with you. Without providing the above data, we would not be able to fulfill our contractual obligations. Such personal data are marked in a specific way with “*” or another symbol. All other personal data are collected voluntarily.

Provision of data to third parties by you
When creating a project, you declare that all data you provide do not infringe third-party rights and that you have obtained the proper consent from the data subject.

Obtaining data via third parties
We may receive data via third parties such as Facebook and Google. They provide only the photos you have specified, which are collected for the purpose of fulfilling your order and are provided voluntarily by you after proper identification through your Facebook or Google profile.

Disclosure of personal data to third parties
We disclose your personal data to third parties, with our main objective being to provide you with high-quality, fast, and comprehensive service. We do not disclose your personal data to third parties before ensuring that all technical and organizational measures have been taken to protect such data, and we strive to exercise strict control to achieve this objective. In such cases, we remain responsible for the confidentiality and security of your data.

We provide personal data to the following categories of recipients (personal data controllers):

  • postal operators and courier companies;

  • persons engaged to maintain equipment, software, and hardware used for personal data processing and necessary for the company’s activities;

  • providers of consulting services in various fields such as legal, accounting, business consulting, and similar;

  • suppliers of photo printing services, albums, and other materials such as Printbox and others;

  • cloud service providers such as Google Drive, Microsoft OneDrive, Dropbox, and others;

  • task and project management applications (to-do) such as Trello, Asana, Notion, and similar;

  • customer communication and customer relationship management (CRM) applications such as Zendesk, Intercom, or similar;

  • applications and website plugins for completing contact and other forms such as Google Forms, Typeform, Microsoft Forms, Contact Form 7, or similar;

  • applications for document and note creation such as Microsoft Office, Google Docs, Sheets, Slides, Evernote, Bear, OneNote, and similar;

  • printing houses;

  • email marketing service providers such as Google. You can ознакомиться with Google’s Terms and Conditions and Privacy Policy at the following addresses:

  • software provider for photo and image processing – Printbox.

When we delete data collected on this basis
Data processed by Printbox are retained for the following periods:

  • Photos and images from completed and paid projects – 400 (four hundred) calendar days from the project order date;

  • For unpaid projects created by a registered user – 45 (forty-five) calendar days from the last project entry/order;

  • Photos and images provided but unused for finalizing an order for a specific project (so-called “test project”) – 30 (thirty) calendar days from the date of provision;

  • Unused photos and images remaining from ordered and paid projects – 60 (sixty) calendar days.

The stated periods are maximum retention periods; we reserve the right to delete the provided data before the maximum period expires.

When a user profile is deleted, all user data associated with it are also deleted. Deletion is permanent and cannot be reversed.

FOR COMPLIANCE WITH LEGAL OBLIGATIONS
The law may require us to process your personal data. In such cases we are obliged to carry out the processing, for example:

  • obligations under anti-money laundering legislation;

  • compliance with obligations related to distance selling and off-premises sales under consumer protection law;

  • provision of information to the Consumer Protection Commission or third parties as provided by consumer protection law;

  • provision of information to the Personal Data Protection Commission in connection with obligations under data protection legislation;

  • obligations under the Accounting Act and the Tax and Social Security Procedure Code and other related legislation, in connection with lawful accounting;

  • provision of information to courts and third parties within judicial proceedings, in accordance with applicable legal requirements;

  • age verification for online purchases.

When we delete personal data collected on this basis
Data collected pursuant to a legal obligation are deleted once the obligation to collect and retain them has been fulfilled or no longer applies. For example:

  • under the Accounting Act for storage and processing of accounting data (11 years);

  • obligations to provide information to courts, competent public authorities, and other grounds provided by applicable law (5 years).

Disclosure of data to third parties
Where we are legally obliged to do so, we may disclose your personal data to competent public authorities or to natural or legal persons.

BASED ON YOUR CONSENT
We process your personal data on this basis only after your explicit, unambiguous, and freely given consent. We will not foresee any adverse consequences for you if you refuse the processing of personal data.

Consent is a separate legal basis for processing your personal data, and the purpose of processing is specified in the consent itself and is not covered by the purposes listed in this policy. If you give the relevant consent, and until you withdraw it or terminate any contractual relationship with us, we prepare and send you suitable service offers.

Data we process on this basis:
On this basis we process only the data for which you have given explicit consent. The specific data are determined case by case. Typically, these data are email and name.

Disclosure of data to third parties
On this basis we may disclose your data to Facebook and Google, marketing agencies, or similar parties.

Withdrawal of consent
The consents you have provided may be withdrawn at any time. Withdrawal of consent does not affect the performance of contractual obligations. If you withdraw your consent for the processing of personal data for one or all of the purposes described above, we will no longer use your personal data and information for those purposes. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To withdraw your consent, you only need to use our website or contact details.

When we delete data collected on this basis
Data collected on this basis are deleted upon your request or 6 months after their initial collection.

Legitimate interest
We also process data on the basis of legitimate interest. These data are collected in order to improve our overall services. On this basis we analyze user behavior on the website and perform detailed analytics. We may collect a customer number, code, or other identifier created for identification, IP address when you visit our website, information about your actions on the site, or similar data.

Detailed analytics is a method of analysis that allows processing of large volumes of data using statistical models that include the use of personal data, as well as processes of pseudonymization and anonymization, in order to extract information about trends and various statistical indicators.

PROCESSING OF ANONYMIZED DATA
We process your data for statistical purposes, meaning analyses in which the results are only aggregated and therefore the data are anonymous. Identification of a specific individual from this information is impossible.

Your data may also be anonymized. Anonymization is an alternative to deletion of data. In anonymization, all personally identifiable elements/elements enabling your identification are irreversibly removed. For anonymized data there is no statutory obligation for deletion, as they no longer constitute personal data.

Why and how we use automated algorithms
For the processing of your personal data we use partially automated algorithms and methods in order to continuously improve our products and services and to adapt them to your needs in the best possible way. This process is called profiling.

How we protect your personal data
To ensure adequate protection of company and customer data, we apply all necessary organizational and technical measures provided for in personal data protection legislation.

The company has established rules to prevent misuse and security breaches.

To ensure maximum security in the processing, transmission, and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, and others.


User Rights
Each user of the website enjoys all personal data protection rights under Bulgarian law and European Union law.

The user may exercise their rights via the contact form or by sending a message to our email address.

Each user has the right to:

  • information (regarding the processing of their personal data by the controller);

  • access to their own personal data;

  • rectification (if the data are inaccurate);

  • erasure of personal data (the “right to be forgotten”);

  • restriction of processing by the controller or processor;

  • portability of personal data between controllers;

  • objection to the processing of their personal data;

  • not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects them;

  • judicial or administrative protection if the data subject’s rights have been violated.

The user may request erasure if one of the following conditions applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

  • the user withdraws consent on which the processing is based and there is no other legal ground for processing;

  • the user objects to processing and there are no overriding legitimate grounds for processing;

  • the personal data have been processed unlawfully;

  • the personal data must be erased to comply with a legal obligation under Union or Member State law applicable to the controller;

  • the personal data were collected in relation to the offer of information society services to a child and consent was given by the holder of parental responsibility.

The user has the right to restrict processing of their personal data by the controller where:

  • they contest the accuracy of the personal data (restriction applies for a period enabling verification of accuracy);

  • the processing is unlawful but the user opposes erasure and requests restriction instead;

  • the controller no longer needs the data for processing purposes, but the user requires them for the establishment, exercise, or defense of legal claims;

  • they object to processing pending verification whether the controller’s legitimate grounds override the user’s interests.

Right to data portability
The data subject has the right to receive the personal data concerning them that they have provided to a controller in a structured, commonly used, and machine-readable format and has the right to transmit those data to another controller without hindrance from the controller to which the data were provided, where processing is based on consent or on a contractual obligation and is carried out by automated means. When exercising the right to data portability, the data subject also has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right to object
Users have the right to object to the controller against the processing of their personal data. The controller must cease processing unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims. Where an objection is made to processing for direct marketing purposes, the processing must cease immediately.

Complaint to the supervisory authority
Each user has the right to lodge a complaint regarding unlawful processing of their personal data with the Personal Data Protection Commission or with the competent court.


Record-keeping
We maintain a record of processing activities for which we are responsible. This record contains all of the following information:

  • the name and contact details of the controller;

  • the purposes of the processing;

  • a description of the categories of data subjects and categories of personal data;

  • the categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organizations;

  • where possible, the envisaged time limits for erasure of the different categories of data;

  • where possible, a general description of the technical and organizational security measures.

Details of the Personal Data Protection Commission