Privacy Policy
(effective from May 24, 2018)
I. SCOPE AND APPLICATION
Adventure Facility Concepts and Management Ltd. (“we,” “our,” or “us”), with VAT number 202387264, headquartered in Sofia 1784, 111V Tsarigradsko Shose Blvd., as a data controller, recognizes the importance of safeguarding your personal data.
This General Data Protection Policy (“General Policy”) aims to inform you about:
- The categories of personal data we collect and process:
(i) When you register on or use our website at www.fuuntopiaworld.com, or any of its associated websites and social media pages, or when you use another application or online service that refers to this data protection policy (collectively referred to as “services”);
(ii) When you apply for positions we have advertised or upon your hiring and employment with us as our employee or subcontractor;
(iii) When you contact us (including via our websites) or request information about the goods and services we offer;
(iv) When performing a task assigned to us, including the sale of goods and services we provide; - The sources and methods we use to collect and protect the personal data we process.
- The purposes for which we process personal data and the legal grounds for such processing.
- The collection and processing of personal data related to children.The circumstances under which we may disclose your personal data to others.
- The retention period of your personal data and when we will delete it.
- Your rights regarding the processing of your personal data.</strong
- The protection of your personal data.
- How to contact us regarding questions about the processing of your personal data.
This Privacy Policy applies to all cases in which we process personal data. Our specific policies for the protection of certain categories of personal data apply in addition to this Policy.
We may periodically update this Privacy Policy. In such cases, we will post a notice on our website and the updated version of the policy.
If you have any questions regarding this General Policy, please do not hesitate to contact us through the methods described at the end of this document.
For the purposes of this General Policy:
- “Personal data” means any information related to an identified or identifiable individual (“data subject”); an identifiable individual is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
- “Sensitive personal data” includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as processing of genetic data, biometric data solely for identifying an individual, health data, or data concerning an individual’s sexual life or sexual orientation.
We do not process sensitive personal data unless necessary to fulfill our statutory obligations, such as those arising from labor or anti-discrimination legislation. We ask that you do not send or provide sensitive personal data about yourself (or anyone else) unless we have expressly and in writing requested this data from you, and only after we have confirmed that we have obtained the necessary consent and met all other legal requirements for data processing.
Data that cannot be associated or linked to a specific individual is not considered “personal data.”
II. CATEGORIES OF PERSONAL DATA WE PROCESS
The personal data we process includes:
- Basic information such as your name (including title), the organization you represent or work for, and your position.
- Contact information such as mailing address, email address, phone number, fax number, and Skype ID.
- Financial information such as your credit/debit card number or bank account in connection with a specific transaction or series of related transactions.
- Technical information such as data generated as a result of using our website or an integrated application (e.g., app, plugin), as well as information related to materials and communications we receive from you or send to you electronically.
- Information related to business meetings, such as details you provide in connection with your participation in business seminars, conferences, and other commercial events organized by us or by any of our associated businesses.
- Other personal data provided to us by you or on your behalf, or generated in connection with the preparation and execution of an order you have assigned to us, such as order or payment history.
III. SOURCES AND METHODS OF PERSONAL DATA COLLECTION
- Personal Data You Provide Directly
Some of the personal data we collect and process is provided directly by you (e.g., when you register on or use any of our operated websites, or when you contact us by phone or online for job opportunities or to obtain information about the products and services we offer or the status of your order).
Personal data you provide directly includes, in particular:
* Identification data such as your name, date of birth, permanent address, delivery or correspondence address, phone number, email address, password, and username in cases where you create a personal account on one of our operated websites (where this functionality is available).
* In some cases, the personal data you provide may include age, gender, interests, or membership in a professional organization.
* Personal data contained in electronic communications you send us, such as information included in an email message addressed to us or one of our employees or sales representatives.
* Order-related data created by you in the context of placing and fulfilling orders through one of our operated websites or by other means, such as order history, including data on order placement and/or acceptance dates and their fulfillment status.
* Financial information such as your debit or credit card number or bank account details in connection with a specific financial transaction or series of related transactions.
* Account-related data that you generate or that is linked to your customer profile on the respective website, such as data you enter when updating your profile or information on products you have added to your cart or wish list.
* Social plugin interaction data that you generate when using specific social plugins, like Facebook’s “like” or “follow” button, to express your opinion on content we publish on our websites or social media pages.
* Other data you have provided at our request, where we are legally obligated or permitted to collect it to identify you or verify information we have received.
In certain cases, where permitted by law, we collect data related to criminal convictions and offenses. For example, if the law requires us to avoid hiring individuals convicted of specific crimes for certain positions, we will process the data you provide to the extent necessary to fulfill this legal obligation. - Personal Data We Collect Automatically
Some of the personal data we process is collected automatically when you register on or use a website we operate to contact us or place an order. This information is provided by the devices you use (e.g., personal or work computer, smartphone, tablet) to access our websites, social media pages, or the applications and other online services we offer, such as your device ID or unique identifier associated with your device or browser, location data, device type, or browser type.
We collect data about your interactions with our websites and social media pages, such as location information and IP address. We use “cookies” and similar technologies, like pixel tags and web beacons, to gather statistical information that allows us to better understand user behavior and assess the effectiveness of our online advertising. This may include information on which of our websites you visited and which links you clicked on. For more details on the cookies we use and how you can control them, please refer to our policy on cookies and similar technologies.
We do not engage in automated decision-making, including profiling, as a result of automated processing of personal data. - Personal Data We Collect from Other Sources
In addition to the personal data collected directly from you or your device, we also gather information from other sources. For example, in certain cases, we collect information related to your credit history and other similar data from credit bureaus or licensed credit or financial institutions with whom you have had or currently have financial or business relationships, as long as this is not prohibited by law.
Personal data provided by third parties includes data contained in your public social media profile, which we gain access to if you choose to log in to your customer profile using your social media account, such as Facebook or Google+. Please be aware that much of the data you post on social media profiles, such as your public profile, location data, languages, public posts, and comments, is publicly accessible, which entails certain responsibilities and privacy risks. You control which data is shared with us through the settings on the respective social network site and through the consents you grant us regarding the processing of your data stored on social network sites.
IV. PURPOSES AND LEGAL BASES FOR PROCESSING PERSONAL DATA
We collect, store, and otherwise process personal data only to the extent allowed by law and in line with our internal data protection policies. We process personal data for various business purposes, based on different legal grounds. Under the law, we must have a legitimate basis to process your personal data, and depending on this basis, you have certain rights. More information about your rights can be found in Section IX.
Specifically, we process personal data on the legal grounds listed below for one or more of the following purposes:
- Processing of Personal Data in Relation to Contract Conclusion and Execution
We may collect and process your personal data to conclude and fulfill a contract with you or to take certain steps upon your request before entering into a contract. The main purposes for processing personal data on this basis include:
* Identifying clients who wish to order or have ordered products and services from us, as well as individuals interested in becoming or who are already our suppliers or subcontractors;
* Establishing the legal feasibility of concluding a contract, as well as any additional requirements for its validity, such as obtaining third-party consent;
* Preparing and communicating contract proposals, amendments, and drafts, including contracts entered into remotely;
* Providing additional information and clarifications about the characteristics and use of our products and services;
* Fulfilling client orders for products and services;
* Preparing bills, invoices, credit/debit notes, and protocols for sales or complimentary provision of products and services;
* Tracking payments made for orders;
* Contacting clients, suppliers, and subcontractors on matters related to the performance or modification of supply contracts;
* Providing oral and written technical advice, including recommendations for the optimal and safe use of our products and services;
* Sending notifications, newsletters, and alerts about product recalls;
* Fulfilling obligations under issued product warranties;
* Coordinating activities for the execution of contracts with clients or subcontractors;
* Conducting credit risk assessments, particularly when deferred payment arrangements are involved;
* Addressing and analyzing complaints related to our products and services and taking necessary measures to resolve issues encountered;
* Detecting and preventing unauthorized actions by clients, including any actions that violate valid contracts with us;
* Preventing unauthorized disclosure, use, modification, or destruction of confidential or other legally protected information;
* Ensuring the normal operation of our e-commerce platforms and other sales and distribution channels for our products and services;
* Registering client profiles on the websites we operate and maintain. - Processing Personal Data to Fulfill Statutory Obligations under EU and Member State Legislation
Specifically, we process personal data to fulfill our legal obligations arising from our roles as an employer, purchaser, and vendor of goods and services. We process personal data to meet obligations related to:
* Social security contributions for employees and subcontractors, including obligations under the Social Security Code, Health Insurance Act, and income taxation laws, along with their equivalents in other EU member states;
* Sales (including remote sales) of goods and services to consumers under the Consumer Protection Act;
* Identifying clients when required for fulfilling obligations under the Anti-Money Laundering Act or the Anti-Terrorism Financing Act;
* Accounting for our business transactions, including taxing the goods and services we supply and receive;
* Assisting competent authorities during audits, inspections, and reviews, as well as in any other cases where these authorities exercise their lawful control rights;
* Participating in court proceedings and related processes as a party or third obligated party, including the obligation to provide data and information relevant to the resolution of a particular legal dispute. - Processing Personal Data with Your Consent
In certain cases, upon obtaining your consent for specific types of processing, we may use your data:
* For direct marketing of products and services we or our affiliates offer, which may involve phone calls, letters, text messages, or emails. For example, if you subscribe to our newsletter or wish to receive promotional offers, we may request information such as your name, phone number, email address, and other relevant details. If you no longer wish to receive promotional and marketing communications from us, you can notify us at any time or follow the “unsubscribe” instructions included in our communications. We take measures to limit our marketing content to a reasonable and proportionate amount, sending only content that we believe might be of interest or relevance to you based on the information we have.
* For participation in various surveys, events, and commercial or non-commercial gatherings, such as parties organized by us or affiliated businesses;
* For fulfilling specific obligations toward you arising from law or contract, provided that processing of relevant personal data (e.g., health information or other sensitive personal data) is not prohibited by law.
You have the right to withdraw your consent for processing your personal data at any time. More information about this right can be found below. - Processing Personal Data When We Have a Legitimate Interest
We may process your personal data when we have a legitimate interest to do so, such as our interest in:
* Continuously improving and developing the products and services we offer, including their functionalities, design, and/or content;
* Encouraging and monitoring the introduction and implementation of enhanced and/or innovative measures for the safe use of our products and services, offered either by us or by affiliates;
* Monitoring and analyzing our performance in the relevant market;
* Developing the skills of our employees and subcontractors to better serve clients in relevant markets;
* Personalizing the products and services we offer to enhance your overall satisfaction with them and your interactions with us;
* Monitoring the technical status of our IT systems and resources, including our online stores and other websites, and resolving any issues affecting their functionality, security, or integrity.
V. COLLECTION AND PROCESSING OF CHILDREN’S PERSONAL DATA
We understand the importance of taking additional measures to protect the personal data of children who use our products and services, including websites operated by us. We do not collect personal data from children under the age of 16, nor do we process data related to children under 16 without parental consent or, if applicable, without the consent of another legal representative who may legally provide consent for the processing of a child’s personal data (e.g., the child’s guardian).
We do not permit children under the age of 16 to create their own customer profiles on our websites or otherwise provide us with their personal data.
If we become aware that we have collected or are processing personal data of a child without the required parental consent, we will take steps to delete this information without undue delay.
VI. CASES IN WHICH WE SHARE YOUR DATA WITH THIRD PARTIES
- To entities processing data on behalf of the Company.
We may delegate the processing of your personal data to third parties—subcontractors who assist us in handling this data. These third parties process your data on our behalf and in accordance with our instructions for some or all of the purposes outlined in this General Policy. We do not permit third-party subcontractors to use your personal data for their own purposes, including for direct marketing purposes.
We require all third parties processing your personal data on our behalf to handle this data in accordance with the law and to ensure its security by implementing necessary technical and organizational measures. Categories of recipients processing personal data on our behalf include:
* accounting and audit firms that process personal data for the purposes of accounting and auditing our financial statements, as well as for fulfilling our legal obligations in labor, tax, and social security law;
* information society service providers, including hosting services, and/or information and technical service providers related to the maintenance, security, and development of our information and communication infrastructure and resources;
* licensed postal operators and transport or courier companies, in cases where we send you ordered products;
* licensed payment service providers for processing payments to/from you;
* licensed security firms performing private security activities to ensure the safety and access control of buildings and premises owned or lawfully used by us.
* To government authorities to which we are legally obligated to provide your personal data, such as courts or administrative bodies with regulatory, supervisory, or other similar functions (e.g., the Consumer Protection Commission, the Commission for Personal Data Protection, the Commission for Protection of Competition, and other competent authorities permitted by law to collect and process personal data). - To protect our legitimate interests
In certain cases, when justified by our legitimate interests, we may disclose your personal data to third parties, such as:
* our legal advisors and representatives in connection with obtaining legal advice or preparing and organizing our defense in current or potential legal disputes, including for the purposes of mediation or other alternative dispute resolution procedures;
* entities that have acquired part or all of our business or activities as a result of our reorganization (e.g., merger, consolidation, etc.), a transaction concluded by us (e.g., sale, exchange), or an act of a competent authority. - To entities for whom we have obtained your explicit consent, such as:
* businesses that may provide you with information or offers for their own products and services.
VII. HOW LONG WE RETAIN YOUR PERSONAL DATA AND WHEN WE WILL DELETE IT
We retain your personal data for as long as necessary or as permitted for the purposes for which we process it. After achieving these purposes or if the legal basis for data processing no longer applies (e.g., when consent is withdrawn), we will delete personal data without undue delay.
The criteria determining the retention period of your personal data include: (a) the period during which we maintain a commercial relationship with you and provide our services, (b) retention periods required by applicable laws, and (c) the period necessary to retain data in relation to participation in or defense of rights and legitimate interests in judicial and administrative proceedings, including the expiration of applicable statutes of limitation.
For example, we will retain personal data contained in our accounting documentation for the periods specified by the Accounting Act.
VIII. HOW WE PROTECT YOUR PERSONAL DATA
When processing your personal data, we implement necessary technical and organizational measures to protect this data from unauthorized access, alteration, or deletion. These measures include:
- establishing internal policies for processing personal data to prevent unauthorized access to our systems and the premises where your personal data is stored;
- imposing a confidentiality obligation on our employees, subcontractors, and suppliers;
- delegating the processing of your personal data only to organizations that handle personal data in accordance with the law and guarantee its security by implementing necessary technical and organizational measures.
IX. YOUR RIGHTS REGARDING THE PROCESSING OF YOUR PERSONAL DATA
At any time during our processing of your personal data, you have certain rights, as outlined below.
You can exercise your rights under this policy and the General Data Protection Regulation by sending an email or letter to our Data Protection Officer, specifying your request and, where possible, signing it either by hand or with a qualified electronic signature. If you cannot sign your request in one of our preferred ways, we may ask you to provide additional information to verify your identity.
We will respond to your request free of charge and without unreasonable delay. In cases where we receive repeated requests from you, we may refuse to take action on the request or determine a fee (based on incurred costs) that you must pay for the provision of information, communication, or actions requested.
- RIGHT OF ACCESS AND INFORMATION
You have the right to request and obtain:
* information on the purposes of processing your personal data, the categories of personal data we process, and the recipients or categories of recipients to whom your personal data has been or will be disclosed, as well as any information regarding the source of your personal data;
* a copy of the personal data we process, in electronic or other suitable form. - RIGHT TO RECTIFICATION AND COMPLETION
If you find that the personal data we process is inaccurate and/or incomplete, you can ask us to correct and/or complete it. - RIGHT TO OBJECT
When we process your personal data based on our legitimate interest, you have the right to object to such processing. We will discontinue such processing without undue delay and delete your data unless we can provide compelling reasons to continue processing it, reasons that outweigh your rights and legitimate interests, or the processing is necessary for establishing, exercising, or defending legal claims. Furthermore, you have the right to object at any time to the processing of your personal data for marketing and advertising purposes. We will cease such processing immediately upon receiving your objection. - RIGHT TO RESTRICTION OF PROCESSING
You have the right to ask us to restrict the processing of your personal data in the future when:
* you believe that the personal data we process is inaccurate and require us to correct it, during the time it takes us to verify the accuracy of your data and make the necessary correction;
* it is established that we are processing your personal data unlawfully, but you do not wish for the data to be deleted, instead preferring that we retain part of your data;
* we no longer need your personal data, but you ask us to retain it for the purpose of exercising rights or defending against third-party claims; or you have objected to the processing of your personal data (when this processing is based on our legitimate interest), if it is necessary to verify whether we have an interest or legal obligation to process your personal data. - RIGHT TO ERASURE (RIGHT “TO BE FORGOTTEN”)
You have the right to ask us to delete your personal data, and we are obligated to delete it without undue delay when:
* the personal data is no longer needed for the purposes for which it was collected or otherwise processed;
* you have withdrawn your consent to the processing of the data, where the data was processed based on your consent, and there is no other legal basis for processing;
* you have objected to the processing and we have no legitimate grounds for processing that outweigh your interests, rights, and freedoms;
* your personal data has been processed unlawfully;
* personal data must be deleted to comply with our legal obligations;
* the personal data was collected in connection with the provision of information society services.
In some cases, we may not be able to fulfill your request if the processing of your personal data is necessary for:
* exercising the right to freedom of expression and information;
* complying with our legal obligations;
* establishing, exercising, or defending legal claims. - RIGHT TO WITHDRAW CONSENT
In cases where we process your personal data based on your consent, you have the right to withdraw this consent with immediate effect. In this case, we will cease processing your personal data in the future. - DATA PORTABILITY
In cases where we process your personal data based on your consent or in fulfillment of our contractual obligations to you, and insofar as it does not infringe the rights and freedoms of other persons, you have the right to receive the data you have provided us in a structured, commonly used, and machine-readable format, or—if technically feasible—request that we transfer this data to a third party. - RIGHT TO LODGE A COMPLAINT
If you believe that we are processing your personal data in violation of applicable law, you have the right to lodge a complaint with the competent authority. You can contact the supervisory authority responsible for your place of residence or country or the authority responsible for us.
The competent authority in the Republic of Bulgaria is the Commission for Personal Data Protection, located at:
Sofia 1592, Prof. Tsvetan Lazarov Blvd., No. 2, Tel: 02/915-3518, Email: kzld@cpdp.bg.
X. CONTACT METHODS
For any questions regarding the processing of your personal data or the exercise of your rights, you can contact our Data Protection Officer by one of the following methods:
By email, by sending an electronic message to dpo@funtopia.eu
or
By mail, to the address: Sofia 1784, “Tsarigradsko Shose” Blvd. No. 111B, fl. 1