PRIVACY POLICY
„DPEX Bulgaria“ Ltd. (referred to as “DPEX Bulgaria”, “we”, “us”, in this policy) takes seriously its responsibility to protect the privacy of the consumers and to secure all personal information, which is made available to it in connection with its day-to-day activities. Personal data mean any specific information relating to you, which allows us to identify you. In example, such information might be your real name, your address, telephone number or payment data, your passwords for access to our Web site and likewise. Data, which directly or in combination with other data, cannot be related to your identity, are not treated as personal data.
DPEX Europe Privacy Policy aims to present in a clear and transparent way:
– What personal data we collect and process about you in connection with your relationship with us as a customer of our services or as a user of our Web site and online applications;
– How do we use your personal data;
– Who we transfer/disclose your personal data to;
– How and how long we keep your personal data;
– What are your rights as a data subject and how you can exercise these rights;
This Privacy Policy is applied to your personal data whenever you visit www.DPEX.eu or use our services but it has no application if you use other Web sites or services, which we do not own or control.
PERSONAL DATA CONTROLLER
The data controller of your personal data is „DPEX Bulgaria“ Ltd., UIC 130373789, registered address: DPEX BULGARIA LTD. Iskar District, Druja 2, 519 Block, Entrance B, Office 2B, BG-1582 Sofia, email: gdpr@dpex.eu, tel.: 0889 379 955
DPEX Europe collects and processes all personal data in compliance with the personal data protection laws applicable in Bulgaria and the European Union.
PERSONAL DATA THAT WE PROCESS AND COLLECT AND WHAT DO WE USE YOUR PERSONAL DATA FOR
Personal data are data, through which an individual can be identified.
Every time you visit our Web site, you provide to us your personal data. In order for you to be able to use our services, we need to collect and process your personal data. DPEX Bulgaria works intently in good faith to minimize the data that it processes, and to protect them to the maximum extent.
We collect and process the following personal data:
– When you are visiting our website, our web server will record and store temporarily for security purposes the connecting data of the computer connecting to the website, the web pages visited on the website, the date and length of the visit, the identification data of the type of browser and operating system used, and the web site, through which the connection to our website is made
– When you are making contact with us on phone, the conversations will be recorded and stored temporarily for purposes of security and improvement of the quality of our service.
– When we receive an message from you that is submitted on any of our contact forms, the contact information will be used by us to contact you and provide the information or assistance needed.
– When you order services, which DPEX Europe provides in the capacity of a postal operator, we collect and process the following personal data:
– sender data and the recipient of each service or parcel (as well as for the ordering person whenever different from the sender or the recipient): name, mobile and phone number, address for collection or receipt of the parcel or other service, e-mail address. The information is necessary as it allows us to execute the requested service, to prepare and issue the documentation relating to the transportation of the parcels, to make contact with you at any time if it is necessary for the successful, accurate and timely performance of the service, and to review and respond to inquiries, complaints and other requests;
– DPEX Europe may use UCN, ID document data, bank account or other payment details. This data is collected whenever the service or the applicable law requires accurate identification of the customer /upon receipt or payment of an amount in cash under Cash on Delivery or Postal Money Transfer services, upon payment of compensations on the basis of claims, etc./, as well as whenever an accounting or other document should be issued in connection with the service, which contains UCN or other ID document data of the customer pursuant to the requirement of the law. This data will also be used to identify and prevent illegal acts.
– The use of certain features on DPEX Europe Web site require registration and access passwords. Upon registration you provide the following personal data: full name, UCN, address, phone number, email address. This data will be used for purposes of the performance of the services you order.
– Some of the data, which you make available to us, DPEX Europe may use in order to respond to information requests from national regulators (CRC, CCP, CPDP) in connection with complaints or other proceedings brought before these authorities, or to provide to other State authorities or law enforcement agencies for the purposes of administrative controls, security controls, prevention and detection of offences and crimes.
In certain cases you will be asked to present to a DPEX Europe officer an ID document for inspection in order to verify that you are the person authorized to receive performance of the ordered service (e.g. upon delivery of registered postal service, upon receipt or payment of an amount in cash under Cash on Delivery or Postal Money Transfer services, in case of doubt that the service involves a minor, etc.). Neither copies of ID documents, nor data contained therein will be collected or stored by DPEX Bulgaria, unless the law expressly requires from DPEX Bulgaria to carry out identification of the customers by collecting and storing a copy of their ID document or of the data contained in that document (e.g., under the Law on the Measures Against Money Laundering).
We will process your personal data where we have a legal basis to do so. The legal basis will depend on the reasons we collected and needed to use your personal data for:
In many instances, it is necessary to handle your information to formalize a contractual arrangement between you, the customer, and us, the postal operator, for the delivery of services such as courier service, Postal Money Transfer, etc.
It is also possible that we will process your personal data for one of the following purposes:
To adhere to a legal requirement (e.g., for client identification as mandated by the Law on Measures Against Money Laundering, to conform with customs regulations governing international parcels or parcels containing excise goods, to satisfy accounting obligations under the Accounting Act, VATA, CITA, etc.);
– you have consented to us using your personal data (e.g. for marketing purposes);
– it is in our legitimate interests as a postal operator (e.g. for administrative purposes).
We intend to utilize your email address and phone number to share updates on our current services, promotions, discounts, and bonuses. This information typically encompasses our most recent projects and innovations aimed at enhancing service quality and customer satisfaction, and we wish to keep you informed. We will proceed with this communication only upon receiving your consent, which allows us to occasionally send you information via email, SMS, phone, or any combination of these channels. Your consent is optional, and we will not withhold our services if you choose not to provide it.
We will not use your contact data in order to market products or services of a third party.
You can revoke your consent at any time by a written statement delivered to the Data Protection Officer: by e-mail communication or by a notice filed at any DPEX Bulgaria office.
PERSONAL DATA OF THIRD PARTIES
We only process and use data, which you have made available to us voluntarily, and we rely that all such data is owned and transferred by you in compliance with the law.
This means that each customer shall be responsible not to provide to DPEX Bulgaria data belonging to third parties, in violation of their rights for protection of personal data, since DPEX Bulgaria has no access to these individuals and has no practical ability to control whether their personal data is transferred with their knowledge or consent, given in accordance with the legal requirements
Henceforth, it is the sole responsibility of each customer to assume full accountability for submitting the personal data of third parties to us without their awareness or consent, as stipulated by the pertinent legislation governing personal data protection. This pertains to various data types, including but not limited to: names, phone numbers, email addresses, parcel collection or delivery addresses, and any other information.
MINORS
We do not provide services to minors, nor allow persons under the age of 18 to carry out registration on our Web site or to use its functionality. If you are under the age of 18, please, get help from an adult in order to use our services.
Parcels, which are addressed to minors, shall be delivered to their parents or guardians upon presentation of documents certifying their capacity (e.g. a birth certificate or a judgment of competent court), and subject to inspection of the ID document of the representative.
If we become aware that we have collected personal data from or belonging to a person under 18 years of age, we will promptly delete it, unless we are legally obliged to store this information.
Please contact us if you believe that we have collected unwittingly or by mistake information from or belonging to a person under 18 years of age.
SHARING YOUR PERSONAL DATA AND SUBCONTRACTORS
DPEX Europe does not share, sell, disclose or otherwise distribute your personal data to third parties and will not do so in the future, unless it is required by law, it is necessary for the purposes of the contract between you and DPEX Europe, or you expressly consented to this.
Without contradiction to the aforementioned, it may be necessary to share your personal information, such as names, addresses, and telephone numbers for communicating with the parcel’s sender and recipient, with our subcontractors and collaborators during the execution of your service. To facilitate the delivery of domestic and international parcels, DPEX Europe collaborates with several subcontractors possessing sufficient logistical infrastructure and professional expertise, both within the borders of Bulgaria and in every state involved in parcel deliveries. This requirement is essential for DPEX Europe to offer services that align with market trends and consumer demand, encompassing parameters such as territorial scope, volume, and quality.
In addition, DPEX Europe works with subcontractors – professionals in their field, who provide additional security for your data and at a certain time may have access to DPEX Europe systems and databases, including: for security purposes, for the maintenance of the infrastructure and the postal servers, for the provision of secure servers and connectivity.
In other cases, your data may be provided to our trusted suppliers – accountants, auditors, legal and other advisers in connection with the accounting of our activities, the audit of our financial statements, our obligations to national and EU regulators, our legal affairs and the exercising of our legal rights in connection with our contractual relationship with you.
All service providers are carefully selected according to their capacity for the protection and processing of personal data. They carry out the processing of your personal data only on the basis of our specific guidelines and instructions, with due diligence and confidentiality, in strict compliance with the Privacy Policy adopted by the DPEX Europe.
PERIOD OF STORAGE AND DELETION OF PERSONAL DATA
We commit to retaining your data only for the duration required to fulfill the intended purposes of processing. In determining the suitable retention period, we take into account factors such as the quantity, characteristics, and sensitivity of the personal data, as well as the specific purposes for which they are processed. Additionally, we assess the feasibility of achieving these purposes through alternative means.
We must also take into account durations during which it may be necessary to preserve your personal data to comply with our legal responsibilities (e.g., to address a claim from you, safeguard our legal rights in the event of a lawsuit filed against us, or fulfill our legal duty to maintain accounting records for statutory tax audit purposes).
If your personal data are contained in accounting documents, in hard or soft copy, which documents may be requested from DPEX Europe for the purposes of statutory tax audit, the data will be stored for a period of 10 years.
Your personal data provided during registration on the website of DPEX Europe, will be kept and processed for the duration of the registration, until you request deregistration and deletion of your account.
Your personal data supplied in connection with a DPEX Europe service, will be kept for the period of time during which you can file complaints or other claims against us and we may need to exercise our rights of defense.
The personal information you provide via our contact forms, even in cases of incomplete website registration, will be retained for a duration of 6 months for security reasons and to facilitate future communication with you. However, extensions to this timeframe may apply under certain circumstances.
When you have consented to our use of your personal data for marketing purposes, we will keep and process such personal data until you withdraw your consent.
Once we no longer possess legal justifications to retain your personal data (e.g., the expiration of a legitimate interest, the end of the statutory data storage period, or your withdrawal of consent for data processing), we will securely delete or destroy the information.
SECURITY MEASURES
DPEX Europe has implemented various technical and organizational safeguards to safeguard your personal data from loss or any unauthorized processing. Your personal data, as required, is accessible solely to employees or subcontractors (and their personnel) who require access for fulfilling their obligations related to our association with you. These individuals receive training on the proper processing of your personal data and are committed to adhering strictly to the policies, standards, and guidelines of DPEX Europe concerning the protection of personal data.
YOUR RIGHTS
Under certain circumstances, you have the right by law to:
Inquire about whether we possess personal information related to you and, if affirmative, request details regarding the information and the reasons for its retention and usage.
Request access to your personal information, commonly referred to as a “data subject access request.” This allows you to obtain a copy of the personal information we hold about you and verify the lawfulness of its processing.
Request the correction of any incomplete or inaccurate personal information that we hold about you.
Request the deletion or removal of your personal information, prompting us to delete or remove it when there is no valid reason for continued processing. You also have the right to request deletion or removal when you have objected to processing (refer to below).
Object to the processing of your personal information when we rely on a legitimate interest (or that of a third party), and your specific situation gives you reason to oppose such processing. You also have the right to object when we process your personal information for direct marketing purposes.
Object to automated decision-making, including profiling. You can choose not to be subjected to any automated decision-making or profiling by us using your personal information.
Request the restriction of processing of your personal information, allowing you to request the suspension of processing, for instance, if you wish to verify its accuracy or the purpose for processing.
Request the transfer of your personal information in an electronic and structured format to you or another party, commonly known as the right to “data portability.” This allows you to receive your data in an electronically usable format and transfer it to another party in the same format.
Withdraw consent. In situations where you have provided consent for the collection, processing, and transfer of your personal information for a specific purpose, you have the right to withdraw your consent at any time. Upon receiving notice of withdrawal, we will cease processing your information for the originally agreed-upon purpose(s), unless there is another lawful basis for processing.
To exercise any of these rights, kindly submit your request to the Data Protection Office of DPEX Europe. To facilitate comprehensive assistance, ensure you provide accurate information about yourself and specify your request.
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, you should be aware that when your requests are clearly unfounded or excessive, especially if made repeatedly, we may:
- charge you with a reasonable fee, taking into consideration the administrative cost associated with the provision of the information, with the communication or with the undertaking of the requested action, or
- we may refuse to act.
We will make reasonable tries to honor your request within 30 days of receipt of your request. If necessary, this period may be extended by another one month, taking into account the complexity and number of the requests.
We can ask specific information that will help us to verify your identity and to respect your right to access the information (or any of your other rights). This is an appropriate additional security measure, ensuring that your personal information will not be disclosed to persons who are not entitled to receive it.
CHANGES TO THE PRIVACY POLICY
DPEX reserve the right to change our Privacy Policy from time to time, provided that any changes will be communicated to the customers by way of notice on our website.
SUPERVISORY AUTHORITY
If you think we have violated your rights in relation to your personal information, you can file complain to the Supervisory Authority of Bulgaria, which is the Commission for Personal Data Protection. More information can be found at: www.cpdp.bg. Also, you can submit your complaint in the country where you live, in the country where your workplace is as well as in the country where you consider your rights violated.
DATA PROTECTION OFFICER OF DPEX Bulgaria
Data Protection Officer: DPEX BULGARIA LTD. Iskar District, Druja 2, 519 Block, Entrance B, Office 2B, BG-1582 Sofia, email: gdpr@dpex.eu
Request form for exercising rights in relation to personal data protection