"O, NO!" Ltd., registered in the Commercial Register at the Registry Agency with UIC 204475174, address: Bulgaria, Sofia 1504, Sredets District, Shipka Str., N° 6, Floor 3, hereinafter referred to as "Administrator", providing services through the GASTRONOMY online store, located on the https://gastronomy dot bg domain, is applying in its commercial activities the following rules for the protection of users personal data.

As a personal data administrator, GASTRONOMY collects and processes certain personal information of private users that complies with the following rules, in the course of protection of user's personal data, collection, processing, storage and erasure.

The Administrator collects and processes users personal data, provided to the online store, that concludes contracts with its users on the grounds of Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR). The Administrator processes the personal data for its services in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR). The Administrator follow these rules, regardless of whether they are processed electronically, on paper or on other media. The administrator shall take the necessary measures to prevent personal data, subject to unlawful disclosure, from being processed.

The administrator requires, collects and stores personal data, which is connected to and limited only to what is necessary for an account to be created. Using a registration form, the Administrator collects the following type of information: name, surname, phone number and delivery address.
All data required during the order process is confidential, it is not provided to any third parties, except for the email and name, provided to the MailChimp platform, after explicit consent of the client.
The administrator do not transfer personal data to third countries.
The Administrator complies with the principles of fairness, lawfulness and transparency in the processing of personal data.
Administrator complies with the purpose limitation of the processing personal data and minimises data collection.

The Administrator is processing the User's personal data for the following purposes:
1. Supply of goods, communication in connection with the provision and/or payment of goods and the required client service.
2. Processing of payments in connection with the contracts, concluded by the Administrator;
3. Sending important information about changing policies or responding to queries from the online platform;
4. Marketing purposes - after obtaining explicit consent from the data subjects;
5. Advertising purposes - new products, services, events, products, promotions, recipes, tips, useful information, after explicit consent;
6. Protect the legitimate company interest in fulfilling the obligations to the state, administrative and municipality authorities.

With the acceptance of the Terms and Conditions and registration in the e-shop or through a social network profile, a contractual relationship is established between the Administrator and the User, based on the processing of the User's personal data - 6, para. 1, b. b) GDPR. You have the right to request and obtain from the Administrator a confirmation if your personal data is being processed. If you are a registered user, you can always see in your account the information that is being processed for you.
Each customer should voluntarily agree its data to be processed in the process of account registration or completing an order through GASTRONOMY online shop.

The GASTRONOMY platform provides its users the ability to view all personal data and, if necessary, request a correction. The Administrator is obliged to examine and execute the application without undue delay.

Every User has the right to request at any time the erasure of his/her profile and all personal data associated with it. The Administrator has the obligation to examine and execute the request without undue delay.
If there is a User’ order that is being processed, the earliest time you can ask for your right "to be forgotten" is when you successfully complete and pay the order.
The Administrator does not delete the data he has a legal obligation to store, including for protection against claims, made against him or proof of his/her rights.
By deleting the user's personal data, his account becomes inactive. The user still will be able to view and browse the online store and the products offered and make orders as a guest or make a new registration.
The processing of personal data for advertising and marketing purposes may be terminated at any time, at the request of the User, by contacting the Administrator via email.

Each User has the right to receive the personal data that concerns him and which he has provided to the Administrator in a readable format.

The Administrator stores your personal data for the whole period of maintenance of your profile in the online store. The data of users who have placed an order without registration are kept for a certain period of time in order to be able to offer after-sales service - delivery time, possibility of recall, etc. The retention period may be extended to meet the commitments of one or both of the parties to the contract (the order) for a period no longer than is necessary. After deleting your account or completing your order, the Administrator takes the necessary care to erase and destroy all your data without undue delay or to anonymise it (ie to bring them in a form that does not reveal your personality).
The Administrator keeps your personal data, provided for completing online orders, for a period of 2 years for the purpose of protecting the legal interests of the Administrator in legal or administrative disputes with online shop users, and the accounting records are kept for the relevant statutory period.

The Administrator shall introduce and implement the necessary measures to ensure an appropriate level of security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organisational measures.
In the GASTRONOMY platform, the User is obliged to provide true and accurate information and to renew it promptly. It is recommended to use complex passwords and take personal precautions for the confidentiality of your username and password, used to access the site's services, to avoid unauthorised breach. For each access through a User's account, the latter assumes responsibility for all actions that will be taken while using the site through his account. By using the Site, the User agrees to take all necessary measures to ensure that the password is not disclosed by third parties. If the User suspects unauthorised use or misuse of his/her account, he/she must immediately inform the Administrator about this.

Data security breach occurs when the personal data, for which GASTRONOMY responds, are affected by a security incident, resulting in violation of the confidentiality, availability or integrity of personal data privacy. Data breach occurs when there is a security breach, leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of data that is transmitted, stored or otherwise processed.
In the event of a personal data breach likely to pose a risk to the rights and freedoms of individuals, the Administrator shall notify the Bulgarian Commission of Personal Data Protection of the violation.
The administrator shall document any violation of personal data security, including the facts of the violation, its consequences, and the action taken to address it.

The Company may amend the Privacy Policy by publishing a notice on this site.
For any questions, regarding your personal information, please contact us at e-mail address:
info at gastronomy dot bg