POLICY FOR PROTECTION OF PERSONAL DATA FOR PHYSICAL PERSONS AND POLICY FOR USE OF BISQUITHS

The policy of Baron Ltd and Baron Attractions Ltd is fully compliant with Regulation (EC) 2016/679 (the "Regulation"). By using the website of Baron Ltd and Baron Attractions Ltd. - https://shop.baron.bg/, it is possible to process personal data and we want the user's consent in advance and we announce the current policy for their protection.

The processing of personal data, such as name, address, e-mail address or telephone number, always complies with the General Data Protection Regulation (GDPR) and is in line with country-specific data protection provisions. With this Privacy Statement, we want to inform you about the scope and purpose of the data we collect, use and process. Consumers are informed by this declaration about the protection of their personal data and the rights they have under the Regulation.

Baron OOD and Baron Attractions Ltd. have implemented a number of technical and organizational measures to ensure the complete protection of the personal data of individuals acquired and processed through our site.

1. Definitions

The Data Protection Declaration of Baron Ltd and Baron Attractions Ltd is based on the terminology used in the General Data Protection Regulation (GDPR). The Data Protection Declaration should be understandable to the general public as well as to our clients and business partners. To ensure this, we would first like to explain the terminology used.

In this privacy statement we use the following terms:


1.1. Personal data

Personal data - any information that can be used for identification of an individual ("user"). An individual who can be identified directly or indirectly, in particular by indicating data such as name, location data, online identifier, and more.


1.2. Data Subject / User

Data subject ("user") is any identified or identifiable natural person whose personal data are processed by us under the terms of the Regulation.


1.3. Processing

Processing, storing, adapting or modifying, retrieving, consulting, using, disclosing, transmitting, distributing or otherwise providing or combining, limiting, deleting or destroying personal data.

1.4. Restrict the processing

Restriction of processing is the marking of stored personal data in order to limit their processing in the future.


1.5. Profiling

Profiling - any form of automated processing of personal data.


1.6. Controller / Administrator

The controller or the controller responsible for processing is a natural or legal person, public body, agency or other body which, individually or jointly with others, defines the purposes and means of processing personal data; where the objectives and means for such processing are determined by the EU legal framework.


1.7. Recipient

The recipient is a natural or legal person, a public authority, an agency or other body to which personal data is disclosed, whether or not a third party. Public authorities that may receive personal data in a specific investigation in accordance with EU law are not considered to be third parties; the processing of these data is in accordance with applicable data protection rules in accordance with the purposes of the processing.


1.8. Third person

Third country is a natural or legal person, a public authority, an agency or a body other than the data subject, the controller, the processor and the persons directly entitled to the processing of personal data by the controller or processor.


1.9. Consent

The consent of the user is any free, specific, informed and unambiguous indication, by means of a statement or by clear positive action and gives consent to the processing of his / her personal data.


2. Name and address

Baron Ltd and Baron Attractions Ltd

Bulgaria, Haskovo, 2, Balkan Str

Phone: + 359 876 66 99 66

Email: baronsales2@gmail.com

Website:  https://shop.baron.bg/


Supervisor:

Commission for Personal Data Protection at address: Sofia, "Ivan Evstatiev Geshov" 15, tel .: 02 940 20 46 fax: 02 940 36 40;

e-mail:kzld@government.bgkzld@cpdp.bg ; Web site: www.cpdp.bg.


3. "Cookies"

The website uses cookies. "Cookies" are text files that are stored in the user's device.

By using cookies, Baron Ltd. and Baron Attractions Ltd. can provide users of this site with user-friendly services that would not be possible without setting cookies.

Using cookies, the information on our site can be optimized according to the user's behavior and desire. "Cookies" allow us to recognize our users. The purpose of this recognition is to make it easier for users to use our site.

The user may at any time prohibit the use of cookies by setting up the Internet browser used. Now saved cookies can be deleted at any time via an Internet browser or other software applications used to visit our site. This is possible with all browsers and applications. If the data object disables the cookie usage and logging setting in the browser used, not all features on our website can be fully usable.


4. Collecting common data and information

The site of Baron Ltd. and Baron Attractions Ltd. collects general data and information on its visit. These general data and information are stored in the log files of the SiteGround Spain S.L. server, which strictly adhere to the Data Protection Regulation. You can find information about this at https://www.siteground.com/privacy.htm. The collected can be (1) the types and versions of the browser used, (2) the operating system used by the access system, (3) the site from which it reaches our website (so called References), (4) 5) date and time of access to the website, (6) IP address, (7) internet service provider, (8) any other information that may be used in the event of a cyber attack on our site.

Using these common data and information, Baron Ltd and Baron Attractions Ltd makes no conclusions about the data subject. Rather, this information is needed to: (1) create the proper content of our site, (2) optimize content on our site, (3) provide quality access to information, (4) provide law enforcement authorities with the necessary information for prosecution in case of cyber attack.

Therefore, Baron Ltd and Baron Attractions Ltd. analyze statistically anonymous data and information collected in order to increase data protection and security and to ensure an optimal level of protection of the personal data it processes. Anonymous log file data on the server is stored separately from all personal data provided by the user.


5. Ability to contact through the site

The site of Baron Ltd and Baron Attractions Ltd. contains information that allows quick electronic contact with us as well as direct communication, which also includes the submission of direct information by e-mail via a form on the site. If a user contacts Baron Ltd. and Baron Attractions Ltd directly via e-mail or through the contact form, the personal data transmitted by the data subject is automatically stored. Such personal data, transmitted on a voluntary basis by the user, are processed and stored for connection to it. This personal data is not shared with third parties.


6. Delete and Block Personal Data

 Baron OOD and Baron Attractions Ltd. process and store the user's personal data only for the period necessary to achieve the purpose or for a period provided for in the Regulation.

If the storage purpose is not applicable or if the storage period laid down by the European legislator or other competent legislator expires, personal data shall be routinely blocked or deleted in accordance with the legal requirements.


7. Consumer rights

7.1. Confirmation right

Every user has the right to receive from a confirmation whether the personal data relating to him is processed. If a data subject wishes to take advantage of this confirmation right, he or she may at any time contact us.


7.2. Right of access

Each user has the right to receive information about his / her personal data stored at any time, as well as a copy of this information. Furthermore, according to the Regulation, the consumer is entitled to request access and information on:

- the purpose of the processing;

- the categories of personal data concerned;

- the recipients or categories of recipients to whom personal data has been or will be disclosed, in particular recipients in third countries or international organizations;

- where applicable, the envisaged period for which personal data will be stored;

- the right to request the correction or deletion of personal data or the limitation of the processing of personal data;

- the right to lodge a complaint with a supervisor;

- the availability of automated decision making, including profiling, as referred to in Art. 22 (1) and (4) of the Regulation, as well as the foreseeable consequences of such processing.

The user has the right to receive information about whether his or her personal data is transmitted to a third country or an international organization. Where this is the case, the consumer has the right to be informed of the transfer precautions taken.

If a user wants to take advantage of this right of access, he or she can contact us at any time.


7.3. Right to repair

Each user has the right to request, without undue delay, correction of inaccuracies in his / her personal data. Taking into account the purposes of the processing, the user has the right to have incomplete personal data filled in, by providing a supplementary statement to that effect.

If the user wishes to exercise this right of repair, he or she may at any time contact us.


7.4. Right to delete

Every user has the right to request the deletion of personal data without delay and we are obliged to delete them without undue delay when one of the following reasons exists:

- personal data are no longer required in relation to the purposes for which they were collected or processed;

- the consumer withdraws the consent on which the processing of his / her personal data is based, in accordance with Art. 6 (1a) or Art. 9 (2a) of the Regulation and where there is no other legal reason for continuing to process them;

- the user objects to the processing, according to Art. 21 (1) of the Regulation and there are no legitimate grounds for their processing or the consumer objects to their processing, according to Art. Article 21 (2) of the Regulation;

- personal data has been tampered with;

- personal data are collected in connection with the provision of services referred to in Art. 8 (1) of the Regulation;


If one of the above reasons is relevant and the user wishes to request the deletion of the personal data stored by Baron Ltd and Baron Attractions Ltd, he or she may at any time contact us. Employee of Baron Ltd and Baron Attractions Ltd. will immediately make sure that the deletion request is met immediately.

When the controller has made the personal data public, it is obliged, according to Art. 17 (1), to erase personal data provided to third parties, taking into account available technology and enforcement costs, take reasonable steps, including technical measures, to inform other data controllers that the user has requested to be deleted. The employees of Baron Ltd and Baron Attractions Ltd. will organize the necessary actions on a case-by-case basis.


7.5. Right to restrict the processing of personal data

Each user has the right to request a limitation on the processing of his or her personal data when one of the following applies:

- the accuracy of personal data is disputed by the user, enabling the controller to check their accuracy;

- the processing is illegal and the user's data is opposed to the rules for deletion, and instead seeks to limit their use,

- it is no longer necessary to process personal data, but it is required to establish, exercise or protect legal claims;

- the user objects to the processing of his / her personal data, according to Art. Article 21 (1) of the Regulation.


If one of the above conditions is available and the user requests that the personal data stored by Baron Ltd and Baron Attractions Ltd be restricted, he or she may at any time contact us. The employee of Baron Ltd and Baron Attractions Ltd. will restrict their handling.


7.6. Right of data portability

Every user has the right to receive the personal data we have been provided in a structured electronic format. The user has the right to provide this data to another administrator, provided the processing is based on Art. 6 (1a), Art. 9 (2a) of the Regulation or a contract pursuant to Art. 6 (1b) of the Regulation.

Furthermore, in the exercise of the data portability right under Art. 20 (1) of the Regulation, the consumer is entitled to provide personal data directly from one controller to another where this is technically feasible in accordance with the Regulation.

In order to establish the data portability, the User may at any time be with us.


7.7. Right of objection

Every user has the right to object at any time to the processing of personal data relating to him under Article 6 (1) of the Regulation.

Baron OOD and Baron Attractions Ltd. will not process personal data in case of objection, unless we have good reasons for processing it that outweigh the interests, rights and freedoms of the consumer or for the establishment, exercise or protection of legitimate actions.

If Baron OOD and Baron Attractions Ltd. process personal data for direct marketing purposes, the user has the right to object at any time to their processing for this purpose. This refers to direct marketing profiling. If the user does not wish to process his or her data for direct marketing purposes, we are required to comply with this application.

7.8. Automated decision making, profiling

Each user has the right to refuse automated processing, including profiling, which produces legal effects with respect to it or a similar substantial impact on it, insofar as the decision is not necessary for the conclusion or performance of a contract between us and the consumer.


7.9. Right of Withdrawal

Each user has the right to withdraw his / her consent to process his or her personal data at any time.

If the user wishes to withdraw his / her consent, he or she may at any time contact us.


8. Method of payment: Cash on delivery and delivery

In order to execute the user order and the so-called a distance contract that occurs upon an online order and / or payment, we use the services of courier company Econt Express.

We pass the personal data to the courier company: Name, Surname, Phone, and Address so that we can execute the order and / or collect payments to it if a "cash payment" method is selected that is also collected by the courier upon delivery of the ordered product (s). The company strictly adheres to the provisions on personal data protection. More information can be found at  http://www.econt.com.


9. Data protection provisions regarding the use of Google Analytics on our site

In our site, we have integrated a Google Analytics script. The purpose of this tool is to collect and analyze data about visitors' behavior on the web site: which pages were visited, how often and for how long a given subpage was viewed. Web analytics are primarily used to optimize the website and possibly to conduct a cost-benefit analysis of Internet advertising.


Google Analytics is owned by Google Inc., 1600 Pkwy, Mountain View, CA 94043-1351, USA.


For web analytics using Google Analytics, we use "_gat. _anonymizeIp ". Using this application, the IP address of the user's Internet provider is abridged by Google and anonymised.

Google Analytics puts a cookie on the device of the user who visited our website. The definition of cookies is explained above. Using the cookie, Google can analyze the use of our site. Each time we visit each of the pages on our site that have the Google Analytics tracking code integrated, the user's web browser will send data to Google Analytics. During this process, Google receives personal user information, such as IP address and location.


The cookie is used to store information such as access time, the location from which access was made, and the frequency of visits to our site. Every time we visit our website, such personal information, including an IP address, will be provided to Google. This personal data is stored by Google in the United States and the company may transfer this personal data to third parties.

The user may prohibit the use of cookies from our site at any time by properly setting up the browser used and thus refusing the storage of cookie information. Such a setting on any browser will prevent Google Analytics from burning a cookie on the user's device. In addition, cookies that are already in use by Google Analytics can be deleted at any time from the web browser's settings and / or the app of the user who visited our site.


The user has the right to object to the collection of data generated by Google Analytics related to the use of this site as well as the processing of this data by Google. To do this, the user must download a browser add-on from  https://tools.google.com/dlpage/gaoptout and install it. Through JavaScript, this add-on will prohibit Google Analytics, provide Google's visit and behavior data and information. Installing the add-on in the browser is considered as an objection to the processing of personal data. If the user's device is reinstalled, you will need to reinstall this add-on banner to Google Analytics. If the browser add-on is uninstalled by the user, it may be necessary to reinstall and activate the browser add-on.

Further information and applicable Google privacy policy can be found at  https://www.google.com/intl/bg/policies/privacy . The information that Google Analytics collects, its processing and storage is described in detail at  https://www.google.com/analytics.


10. Data protection provisions regarding the use of Facebook

On our site we have links to the Facebook social network.


The Social Network is a place for online meetings on the Internet, an online community where users are allowed to communicate with each other and interact in a virtual space. The social network can serve as a platform for exchanging views and experiences, or to enable users to provide personal or business information. Facebook allows users to create profiles, upload photos, and make contacts with each other.


Facebook is owned by Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, USA. If the user lives outside of the United States or Canada, the data administrator is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbor, Dublin 2, Ireland.


It is possible that every page of our site has a link to our Facebook profile and / or installed Facebook plugins. It is possible that the device from which the user visits our site invites him to install an additional setup and / or the Facebook mobile app. An overview of all possible Facebook plug-ins can be found at https://developers.facebook.com/docs/plugins. During this procedure, Facebook was notified of which subpage on our site visited by the user.


If the user has both entered Facebook simultaneously, Facebook discovers this and collects information that is associated with the user's profile on the social network. If the user clicks on any of the Facebook links / buttons integrated in our site, the social network keeps that information that associates with the personal profile there.

Facebook always gets information about visiting our site when the user is logged in to the social networking system, regardless of whether the user will click on any of the Facebook links on our site or not. If he does not want such a transfer of information to Facebook, it is desirable for the user to leave his / her account on the social network before visiting our site.


The Facebook Privacy Guide is posted at https://facebook.com/about/privacy, where information on the collection, processing, and use of personal data from the social network is provided. It also explains what are the possible settings that Facebook offers to protect the privacy of the user's personal data. Various configuration options have been described that prohibit the transmission of data to Facebook.


11. Data protection provisions regarding the implementation and use of Google+

In our site we have integrated a Google+ social network button. The social networking site is an online meeting place - an online community that usually allows users to interact with each other and interact in virtual space. The social network can serve as a platform for the exchange of views and experiences, or enable the provision of personal or business information. Google+ allows users to create user profiles, upload photos, and make contact with each other.


Google+ is owned by Google Inc., 1600 Mountain View, CA 94043-1351, USA.


When you visit our site, the integrated Google+ button is downloaded and visualized automatically by the user's device. During this process, Google was notified of which particular subpage on our site was visited by the user. You can find detailed information about Google+ at  https://developers.google.com/+/.


If a user has logged in to Google+ when visiting our site, Google recognizes the user account and receives time information and which specific pages are visited by the user. This information is collected using the Google+ button, and Google associates it with the corresponding Google+ profile.


If the user clicks on the button integrated on our website and thus recommends Google+ 1, Google associates this information with the personal Google+ user account and stores personal data. Google stores the recommendation of the person who marked Google+ 1 one or more pages of our site making this recommendation publicly available under the terms and conditions accepted by the user when registering on the social network. Google+ 1 recommendations, along with other personal details (Google+ account name and account photo), are then stored and processed in other Google services: Google search engine, Google search engine results, Google user account. Google may also link the visit to this site with other personal data stored on Google and stores that personal information to improve or optimize the various Google services.


If the user does not want to provide this data to Google, he can prevent this by leaving his Google+ account before visiting our site.

Additional information and Google's data protection regulations can be found at  https://www.google.com/intl/bg/policies/privacy/. More Google referrals for the Google+ button 1 can be found at https://developers.google.com/+/web/buttons-policy.


12. Data Protection Provisions on the Application and Use of Twitter

On our website we have links and buttons to and from Twitter. Twitter is a multilingual, publicly available and microblogging service where users can post and distribute so-called tweets, short messages that are limited to 280 characters. These short messages are available to everyone, including those who are not on Twitter. Posts are also displayed on the so-called followers of the user. Followers are other Twitter users who follow user tweets. In addition, Twitter allows the use of hashtags, links or retweets.


Twitter is owned by Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.


There is an integrated Twitter button on every page of our site. More information about them can be found at  https://about.twitter.com/de/resources/buttons. When using buttons, Twitter gets information on which page of our site is used. The purpose of buttons is to quickly share information in the social network and increase the number of visitors by sharing content.


If the user is logged into Twitter at the same time, Twitter counts the duration and visits of each page of our site and associates this behavior with the social network user account. This information is collected whether the user has clicked on any of the buttons on the social network on our site or not.


The applicable data protection provisions on Twitter are posted at https://twitter.com/privacy?lang=en


13. Data Protection Provisions on the Application and Use of YouTube

On our website we have links and / or videos downloading directly into the content of one or more subpages on our site directly from YouTube. YouTube is an internet video portal that allows free posting and viewing of videos. YouTube allows the publishing of all kinds of videos, as well as access to entire films, TV shows, music videos and videos created by users via the internet portal.


YouTube is owned by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA and is a subsidiary of Google Inc.

It is possible that when you visit one or more pages on our site, pre-defined videos from the portal are automatically downloaded and previewed. Additional information about YouTube can be found at  https://www.youtube.com/yt/about/en/. While downloading video content, YouTube and Google receive information on which particular subpage on our website was visited by the user.


If the user is logged into YouTube, YouTube recognizes the user account and receives the duration information and which specific pages are visited by the user. This information is collected by YouTube, and Google associates it with the relevant YouTube profile.

YouTube and Google will receive information that the user has visited our site only if it has logged on YouTube; this happens regardless of whether the user will click on a link to or a YouTube video or not. If such a transfer of information to YouTube and Google is not desired by the user, this can be prevented after the user logs out of the video portal before visiting our site.


YouTube's data protection provisions can be found at https://www.google.com/intl/bg/policies/privacy/ .


14. Data protection provisions concerning the application and use of Instagram

We have integrated components and links to the Instagram service. Instagram is a service that can be qualified as an audiovisual platform that allows users to share photos and videos as well as to distribute them to other social networks.


Instagram is owned by Instagram LLC, 1 Hacker Way 14, Menlo Park, California, USA.


When visiting any of the pages of our website, an Internet site has an integrated Instagram component that can send information to the social network for user behavior on any of our site pages and / or get an invitation to install a component or mobile application of the social network.


If the user is logged in at Instagram at the same time, Instagram counts the duration and visits of each page on our site and associates that behavior with the social network user account. This information is collected whether the user has clicked on any of the buttons on the social network on our site or not.


Additional information and applicable Instagram data protection provisions can be found at https://help.instagram.com/155833707900388 and  https://www.instagram.com/about/legal/privacy.


15. Data protection provisions on the application and use of Pinterest

On this site there are integrated components of Pinterest Inc. Pinterest is a social networking site, an online community that allows users to communicate and interact with each other in virtual space. The social network can serve as a platform for exchanging views and experiences or allow the Internet community to provide personal or corporate information. Pinterest allows social network users to publish collections of pictures and individual photos, as well as descriptions of virtual pinnacles (so-called Pinches) that can be shared by other users (so-called commented.


Pinterest is owned by Pinterest Inc., Brann 808, San Francisco, CA 94103, USA.


When visiting our site, each subsite of which is an integrated Pinterest component (Pinterest plug-in), the Internet browser of the user's device, can send an explicit invitation to install a component or mobile social network application. Further information about Pinterest can be found at  https://pinterest.com. Pinterest gets information about which particular subpage is being visited by the user.


If the user logs on to Pinterest, Pinterest tracks the browsing of each subpage on our site and associates that information with the social network profile.

The Pinterest Data Protection Guide, available at https://about.pinterest.com/privacy-policy, provides information about the collection, processing, and use of Pinterest personal data.


16. Data protection provisions regarding the implementation and use of LinkedIn

In our site we have settings and links from and to LinkedIn. LinkedIn is a web-based social networking solution that allows users with existing business contacts to connect and create new business contacts. More than 400 million registered in more than 200 countries use LinkedIn. In this way, LinkedIn is currently the largest business contact platform and one of the most visited websites in the world.


LinkedIn is owned by LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, USA. For questions relating to the protection of personal data, citizens of the European Union are in charge of Wilton Plaza, Wilton Place, Dublin 2, Ireland.


When a link hyperlinks to a linked LinkedIn page, the user's device browser can automatically download the appropriate settings and add-ons to LinkedIn and / or an invitation to install the mobile social network application. Further information on all possible LinkedIn add-ons can be found at https://developer.linkedin.com/plugins. During this / these processes, LinkedIn retrieves information, from which subpage a relevant add-on has been downloaded, when such a setting is available on our site's visited page.

If the user logs on to his LinkedIn account, LinkedIn tracks user behavior as the duration of the visit and exactly which pages are visited on our site. This information is collected through LinkedIn's add-ons and associated with the user's LinkedIn account. If the user clicks on one of the LinkedIn buttons integrated on our site, LinkedIn writes this information to the user profile.

LinkedIn receives information about the visits and duration of our site, whether the user will follow the links to the social network on our site or not if it is logged on to the social networking system. If the user does not want to transmit such type of information to the social network, he / she must log out of his / her account before visiting our site.


LinkedIn lets you manage your notifications.