PRIVACY POLICY

Important: The PERSONAL DATA PROTECTION POLICY described below applies to all orders placed online, as well as to orders placed by phone at the telephone numbers indicated on the site. In order to improve the service, telephone calls may be recorded.

PRIVACY POLICY

Purpose, scope and users

Canex Ltd., hereinafter referred to as the "Organization" or the "Company", strives to comply with the applicable laws and regulations related to the protection of personal data in the countries in which the Company operates. This policy sets out the basic principles by which the company processes the personal data of users, customers, suppliers, business partners, employees and other persons, and specifies the responsibilities of business departments and employees during the processing of personal data.

This policy applies to the company and its directly or indirectly controlled wholly owned subsidiaries that operate within the European Economic Area (EEA) or process the personal data of data subjects in the EEA.

The users of this document are all employees, permanent or temporary, and all contractors who work on behalf of the Organization.

Personal data is any information that can be used to identify an individual. You may be asked for personal information each time you interact with us or our partners to provide our products and services. Only in compliance with this Privacy Policy and all applicable legal provisions, the Administrator and its partners may share this information with each other and use it. Your personal data are processed only on the territory of the Republic of Bulgaria, only for the period and for the purposes for which they were provided.

1. What personal data we collect
   1. When you register an account, purchase a product, we may collect various types of information, including but not limited to name, mailing address, phone number, email, preferred method of communication
   2. In cases where it is necessary to issue certain documents, for example an invoice, you may be asked for additional data in accordance with the requirements of the regulatory framework.

• We keep a history of orders placed by each account registered on the site.

2. How we use personal data
   • . We process your personal data to fulfill our obligations as a party to a contract for the sale of goods or services. We may periodically use them to send important messages such as notifications about orders placed, changes to the Terms and Conditions or other policies.

1. If you have given your consent, we process your data to inform you about current promotions and advertising activities. Once given consent can be withdrawn at any time.
2. In the event that you have consented to participate in certain events (competition, raffle, game, etc.), we process the data you have provided us in order to administer these activities.

• The data provided when applying for a job will be used solely for the purposes of selection and assessment of the applicant's suitability for the relevant position.

3. Disclosure to Third Parties

In certain cases, in order to fulfill our obligations under contracts concluded with you or legal ones, it is necessary or we will be obliged to disclose personal data provided by you to our partners (e.g. transport, courier, service, assembly companies, financial institutions, insurers, etc.) or before competent authorities.

4. protection of personal data

The administrator takes precautions, including administrative, technical and physical measures, to protect your personal data from loss, theft and misuse, as well as from unauthorized access, disclosure, alteration or destruction.

When you post to forums, chat rooms or social networking services, the personal information you share is visible to other users and may be read, collected or used by them. In these cases, you are responsible for the personal information you choose to provide.

5. Integrity and retention of personal data

We will retain your personal data for a period necessary to fulfill the specific purpose for which it is processed, after which it will be deleted, unless required by law to retain it for a longer period.

6. Rights of the subject of personal data

You can check the accuracy, completeness and up-to-dateness of your personal data, as well as correct them, by logging into your account.

If you wish to withdraw your consent to the processing of personal data, request a correction, object to its processing or request that your data be deleted ("the right to be forgotten"), you should send a request to this effect by email to eshop@ smartx.bg . In order to avoid abuse, requests with the above content will only be considered if they are sent from the email used to register the account, we reserve the right to request additional data in order to establish the identity of the requester and the data subject concerned .

Submitted requests regarding personal data will be answered within one month, and in the event of the need to extend the specified period, you will be informed of the extension, as well as the reasons for the delay. We may refuse to process requests that are unreasonably repetitive or that threaten the privacy of other users. In all cases, you have the right to file a complaint with the Commission for the Protection of Personal Data, kzld@cpdp.bg, Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Reference Documents

• EU GDPR 2016/679 (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC)
• Personal Data Protection Act
• REGULATION No. 1 of 30.01.2013 on the minimum level of technical and organizational measures and the permissible type of personal data protection
• Policy for the protection of personal data of employees
• Data Retention Policy
• Job description of the data protection officer
• Guidelines for data inventory and data processing
• Procedure for requesting access to natural persons
• Data Protection Impact Assessment Guidelines
• Procedure for Cross-Border Transfer of Personal Data
• Information Security Policies
• Breach notification procedure