Your data controller is “FITNES VKASHTI” EOOD, Unified Identification Code 203993395, address: Sofia, 52 Petar Parchevich Street, 5th floor, apartment 9, e-mail: firstname.lastname@example.org.
The company is owned by Rumyana Ilieva Ilieva and it may act as a data controller jointly with other companies controlled by Rumi Ilieva. (hereinafter referred to as “I” or “WE”)
This document contains information about the method of personal data processing, the type of personal data collected, the purpose of using the personal data, the ground for processing, third party access to these data, the security measures undertaken with respect to the personal data collected, as well as the options that you have with respect to the use of the personal data you have provided.
All data are collected and processed in accordance with the personal data protection legislation that is currently in force in Bulgaria.
What types of personal data do we process?
1. Your personal data
1.1. When I develop an individual plan:
This is necessary for obtaining more detailed information so that I can help you. For this purpose, I will need: your name, e-mail, telephone number, age, height, weight, health status – if you suffer from any diseases, it is necessary to align your menu with the recommendations of your doctor; it would be also good to know if you have given birth; what you want to achieve, whether you have tried any other exercise plans I have developed and, if yes, which ones of them; other things about you that you consider important or that could help me prepare your individual plan; your food preferences; as well as your photographs. I need your photographs so that we can track your progress together.
I do not share photographs on my website, so don’t worry about that!
The reviews with photographs that you can see have been given to me by my clients because they wanted to share them.
1.2. When you create your profile: name and e-mail, so that we can service it and so that you can receive different services, programmes and information that you have ordered from us.
1.3. When you have subscribed for articles, exercises, recipes and other materials: name, e-mail
In this case, your personal data is processed based on your express consent to receive information from me.
1.4. When you make a payment to me for an exercise plan, a meal plan, for paid services through your website account:
Name, e-mail, payment details (PayPal account). IMPORTANT! I do not obtain any access to your bank account! In order to comply with the Bulgarian accounting and taxation legislation, I need information about the payment method you have selected and whether the payment has been made. In this case, the ground for processing of your personal data is compliance with legal requirements – for financial and accounting purposes (e.g. in order to issue an invoice, etc. required under the accounting and taxation legislation of the Republic of Bulgaria).
Your personal data collected and processed by fitnessrum.com will be used for the following purposes:
– customer identification and binding the respective customer with the orders they have placed;
– delivery of the services ordered by the customer to the e-mail address indicated by the customer;
– advertising and marketing purposes;
– sending you messages with information.
2. Transfer of personal data to third parties:
We do not provide your personal data to third parties, except for certain specific cases!
We may provide access to some of your personal data for the purpose of storage or organising our work or to data processors for financial and accounting purposes, whom we have signed contracts with, and where we have foreseen specific clauses for privacy and protection of personal data the processor may have access to in the course of their work. In most cases the information accessed by the processors is not sufficient to identify you.
Sometimes we share pictures and stories of our customers, but this can only happen with their express written consent!
3. Procedures for ensuring security
In accordance with the applicable personal data protection legislation, we comply with the mandatory procedures to prevent unauthorised access to and improper use of any personal data.
We use appropriate business systems and procedures in order to protect and ensure the safety of the personal data you provide to us. We also employ procedures for ensuring security and technical and physical prohibitions for access to and use of personal data on our servers. Personal data may be only accessed by authorised staff for the purpose of their work related to the provision of a service to the relevant customer/user.
We store your personal information for as long as necessary in order to ensure the provision of the service and in accordance with the requirement of the Bulgarian legislation that is currently in force.
The storage period for financial and accounting purposes is 10 years.
The data we process based on your consent are destroyed immediately after withdrawal of your consent, unless there is a different ground for their processing.
4. Your rights with respect to your personal data
I take the protection of your rights very seriously. You have certain rights under the applicable legislation with respect to the data about you that we process, particularly:
1. You have the right to request access and obtain information about the personal data about you that are stored, as well as information about the purposes of processing, the categories of personal data, the recipients to whom your data may be disclosed, etc.;
2. You have the right to request the correction of inaccurate data about you or to complete incomplete data at any time, if this is appropriate and/or necessary with a view to the purpose the data are processed for;
3. You can withdraw your consent to use your personal data that you have previously provided to me at any time, if your consent is the only ground for the processing of such data. The specific grounds are mentioned above. In some cases, the withdrawal of your consent for using or processing your personal data may prevent you from using certain products or services provided by us;
4. If you decide that you do not want us to process your personal data, you have the right to be “forgotten”, i.e. you can request deletion of your personal data at any time, if:
4.1. your personal data are no longer necessary for the purposes for which they have been collected or otherwise processed;
4.2. you have withdrawn your consent for processing of your personal data and your consent is the only ground for the processing of such data;
4.3. your personal data have been processed unlawfully;
4.4. you have objected against the processing of your personal data;
4.5. in other cases, foreseen by the law governing the protection of personal data;
5. There are a number of cases where you have the right to request restriction of the processing of your personal data instead of their deletion;
6. You also have the right to object to the processing of your personal data by sending an e-mail to email@example.com;
7. If you are concerned that your personal data may be processed unlawfully, you can contact the national data protection supervisory body of the Republic of Bulgaria, which is: Commission for Personal Data Protection, Sofia, 2 Prof. Tsvetan Lazarov Street, e-mail address: firstname.lastname@example.org and website: www.cpdp.bg;
You can exercise all rights listed above by sending a written application in free text, including via e-mail, which shall contain the following information as a minimum:
1. name, address and other identification data of the respective person;
2. description of the request;
3. preferred form of communication;
4. date of submission of the application and correspondence address.
The period for review of your application is one month as of the date of receipt of the application.
5. And here is some information about the “cookies”
5.1. What are “cookies”
“Cookies” are small text files stored on your computer or mobile device. The function of the “cookies” is to distinguish you from the other users of the same website or to keep certain information about your preferences. They are used by most websites to facilitate browsing.
Each “cookie” is unique for the browser and contains anonymous information. Its content includes the name of the domain it comes from, its “life duration” and significance, usually in the form of a randomly generated number.
(3) What type of cookies do we use and what is their purpose?
(а) Security and identification
The purpose of “cookies” intended to ensure the connection security, is:
· To recognise the user within the specific session
· To control security
· To ensure the information entered by the user is only visible to that user
The cookies designed to ensure security and identification are automatically deleted after the end of the session on your browser or are stored for a limited period in order to insure the smooth operation of the website.
The cookies used by the owner do NOT store any personal data entered.
(b) Performance and functionality
Performance “cookies” aim to collect statistical information and provide content based on the users’ individual preferences. We use them to anonymously measure the number of visits, the pages viewed, the visitors’ activity and the repeated visits of the website. These “cookies” help us analyse traffic, which allows us to improve our website and the overall user experience.
(4) Management and deletion of “cookies”
A large part of the “cookies” we use will improve browsing through our website, while the remaining part of them are important to ensure the security of access.
Based on the browser you use, you can:
· Allow or reject the storage of cookies from all sources
· Set a notification, where each new “cookie” will ask for your permission to accept it or reject it
Most browsers are set up to accept “cookies” by default. Nevertheless, if you do not want “cookies” to be stored on your computer, you can restrict them by changing the settings of your browser.
It is important to know that if you decide to stop cookies, some sections of our website may not function properly!