Privacy Policy

In its capacity as a personal data administrator, "Mashinhead" EOOD (the "Company"), BULSTAT: 200677342, with headquarters and management address: Plovdiv, Shesti Seotemvri Blvd. No. 222A, processes your personal data in accordance with the requirements of the General Data Protection Regulation (EU Regulation 2016/679) and the Personal Data Protection Act. In order to comply with the legal requirements, with this privacy policy, as a personal data administrator, we will inform you of your rights, the type of personal data that is collected, the basis for their processing, the methods of their storage and use, as well as the cases in which they are are provided to third parties.
According to Art. 4 of EU Regulation 2016/679, "personal data" is any information relating to an identified natural person or a natural person who can be identified, directly or indirectly, in particular through an identifier such as name, identification number, location data , online identifier or by one or more characteristics specific to the physical, physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person. In accordance with our obligations under Regulation 2016/679 of the European Parliament and of the Council ("General Data Protection Regulation"), as a personal data controller we ensure that the processing of personal data such as name, address, telephone and email address, IP address, will always be in accordance with the Regulation and the applicable Bulgarian legislation in the field of personal data protection.
I. Collection and Use of Personal Data
The company collects and processes your personal data in connection with the use of the website https://machinehead.bg, for the following purposes: normal functioning of the site and ensuring its protection; communicating with potential and current customers, including answering inquiries, including sending offers and information about products and services offered; possibly for marketing activities and implementation of advertising campaigns; conclusion of contracts with the company on the basis of Art. 6, para. 1 and Art. 9, para. 2, Regulation (EU) 2016/679 (GDPR), and more specifically on the following grounds:
• Express consent received from you;
• Fulfilling the duties of the Administrator under a contract with you or taking steps to conclude one;
• Compliance with a legal obligation that applies to the Administrator;
• For the purposes of the legitimate interests of the Administrator or a third party.
The company does not collect personal data beyond those that are necessary to carry out its activities or those that have been given by you with your express and free consent.
II. The personal data we process
1. When you write to our contact e-mail or call us by phone - we process the personal data provided (e-mail address, names, possibly phone, position in the company if you are calling on behalf of a legal entity or organization) and only to answer your inquiry on the basis of a pre-contractual relationship or a contractual relationship - if the reason for contacting us is an order placed by you/a contract concluded. If you do not place an order, we store this data for up to 6 months, then it will be deleted.
2. At your request and with your express consent, we can use your e-mail address to send you our electronic newsletter with news, promotions, special offers, storing and using your e-mail address until you withdraw your consent/ your unsubscribing to receive the electronic newsletter Personal data is collected on the basis of explicit consent (Article 6, Paragraph 1, Letter "a" of the Regulation). Consent is expressed by entering some of the above-mentioned data and ticking the checkbox "I agree that my personal data will be used to receive the newsletter and I am familiar with the Privacy Policy". In cases where we process personal data based on your consent, they will be stored until you withdraw your consent and exercise your right to be forgotten/delete all personal data you have provided
3. Personal data (names, e-mail address, telephone, position) provided for the performance of a contract will be stored for the duration of its performance and until the expiration of the statute of limitations for seeking rights under the contract on the basis of protection of legitimate interest.
4. In order to ensure the normal functioning and security of the site, as well as to ensure a better user experience, the machinehead.bg site uses "cookies" and tracks the IP address. Registration of the IP address is part of system administration and does not imply direct identification of the visitor. Every time you open the website https://machinehead.bg / and/or the various sections in it, we receive information in the form of an information protocol with the following content:
• Your IP address and the page from which you were referred to our site;
• Information about your stay on our website and the sections you have visited;
• Information about your browser and operating system;
• Other type of technical information, according to the technical requirements of the information system;
Personal data are collected on the basis of explicit consent (Article 6, Paragraph 1, Letter "a" of the Regulation). Consent is expressed by pressing the button "I agree" in the field "I am familiar with the privacy policy of "Machinhead" EOOD, and those that are strictly necessary for the normal functioning of the site and protection from unregulated access and hacker attacks - on the basis of protection of legitimate interest.
Collected and stored personal data may be provided to third parties in the following cases:
• when this is required by law;
• if this is duly requested by a competent state or judicial authority;
• when we have received your consent to do so.
III. Technical security regarding the protection of personal data The company has introduced all technical and organizational measures necessary for the processing and protection of personal data in accordance with EU Regulation 2016/679 and the applicable Bulgarian legislation. The measures taken correspond to the specific risks associated with the processing and storage of the provided personal data. Organizationally and technically, the protection of your data from loss, modification, theft or illegal access by unauthorized third parties is ensured.
IV. Sharing and Disclosure of Personal Data with Third Parties In certain cases, the Company may disclose some personal data to our partners or subcontractors who work with us, through the provision of services related to the Company's activities or assist the Company in its marketing activities. The Company may disclose your personal data to third parties, including such third parties located outside the European Union, subject to compliance with the requirements of the Regulation, such as:
• Third parties with whom the Company has contractual legal relations for the use of servers on which the site is hosted;
• Generally recognized service providers that have publicly declared compliance with GDPR and e-privacy policies, such as Google. Consent also includes placing and using marking unique depersonalized identifiers, including using cookies, localStorage or other suitable generally accepted web technology;
• Third parties providing services to the Company such as accountants, auditors, lawyers, notaries, advertising and PR agencies or companies engaged in systematic data administration.
The company will share personal data with third parties only after the express provision of the technical and legal mechanisms, in which the processing of the shared personal data will take place, in accordance with the requirements of Regulation 679/2016 and the Bulgarian legislation.
The Company undertakes to take all actions to ensure the legitimate processing of personal data, according to the privacy requirements specified in this Policy. V. Your rights as a data subject
According to the Regulation, each subject of personal data has the following rights:
1. Right of Access
You have the right to find out free of charge what personal data we process and whether we process any.
2. Right to rectification
In the event of a discrepancy between your data and that which we process, you have the right to request that we correct, without undue delay, any data held by us that is inaccurate.
3. Right to restriction of processing
Under certain circumstances, you have the right to request restriction or blocking of the processing of certain data. Such cases are the need to check the accuracy of your personal data, the basis for processing or the illegality of their processing.
4. Right to erasure
In cases where the basis for processing has ceased to exist, you have the right to request the deletion of all data processed by us.
5. Right to data portability
In case you want to use your personal data provided electronically for the same service, but from another provider, you have the right to request their transmission to another provider in a machine-readable format. This right only applies to data that you have provided to us with your consent.
6. Right to object
If you do not agree with the way we process your personal data, you have the right to object. This right applies only to data the processing of which is necessary for the performance of a task in the public interest or in the exercise of official powers granted to the controller, as well as to data the processing of which is necessary for the purposes of the legitimate interests of the controller or to a third party, except where the interests of the data subject prevail over such interests.
7. Right to Withdraw Consent
When providing data based on your consent, you have the right at any time to request the withdrawal of consent for the processing of the specific type of personal data.
8. Right of appeal
If you are not satisfied with the way in which the application submitted by you has been administered in relation to any of the above-mentioned rights or you believe that we are not lawfully processing your personal data, you have the right to file a complaint with the Commission for the Protection of Personal Data data, which is the supervisory authority responsible for the implementation of EU Regulation 2016/679 and the Personal Data Protection Act.
If you wish to exercise any of the above-mentioned rights, you can send the corresponding application with your exact request to the following email address: office@machinehead.bg CONTACTS OF THE COMMISSION FOR THE PROTECTION OF PERSONAL DATA (PCPD)
Sofia 1592, Prof. Blvd. Tsvetan Lazarov" No. 2
Center for information and contacts - tel. 02/91-53-518
Reception - working hours 9:00 a.m. - 5:30 p.m.
Email: kzld@cpdp.bg
Website: www.cpdp.bg
In order to update this Privacy Policy, it may be changed in whole or in its individual parts, at any time, without special notice. Please periodically check the currentness of this Policy, as the date of the last update will be indicated. This policy has been updated as of 30.08.2024.