Privacy Notice
Privacy Notice
Privacy Notice
Privacy Notice
Effective date:
Effective date:
Effective date:
Effective date:
Jun 11, 2025
Jun 11, 2025
Jun 11, 2025
Jun 11, 2025
1. INTRODUCTION
1.1. This Privacy Notice (“Privacy Notice”) governs the privacy relations between Website Visitors, and The Bridge Global Ltd (the “Company”), in regard to how the Company processes and protects Visitors' personal data when visiting and using the https://shop.thebridge.bg/
and its subdomains (the “Website”). The Company encourages Visitors to seek out and read the Privacy Notice to understand how the information that the Company collects about them is used and protected.
1.2. The Privacy Notice is reviewed regularly to ensure that any new services or updates, as well as any changes to the Company's model and practices are taken into consideration. Visitors' continued use of the Website after the Company makes changes is deemed to be acceptance of those changes, so please review the Privacy Notice periodically for updates.
1.3. Unless stated otherwise herein, references shall be made to the Company Terms of Use, and all the defined terms used in this Privacy Notice, shall have the same meaning as the one given to them in these terms, as the case may be.
2. DEFINITIONS
"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control", for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
"CCPA" means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. Seq, and its implementing regulations, as may be amended from time to time.
"Controller" means The Bridge Global Ltd, EIC 206919585, a company duly registered under the laws of the Republic of Bulgaria.
"Data Protection Laws" means all applicable and binding privacy and data protection laws and regulations, including those of the European Union, the European Economic Area and Visitors' Member States, Switzerland, the United Kingdom, Canada, Israel and the United States of America, including the GDPR, the UK GDPR, and the CCPA, applicable to, and in effect at the time of, the Processing of Personal Data hereunder.
"Data Subject" means the identified or identifiable person to whom the Personal Data relates.
"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
"Personal Data" or "Personal Information" means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to or with an identified or identifiable natural person or Visitor, which is processed by Company solely on behalf of the Visitor.
"Sensitive Data" means Personal Data that is protected under a special legislation and requires unique treatment, such as “special categories of data”, “sensitive data” or other materially similar terms under applicable Data Protection Laws, which may include any of the following: social security number, tax file number, passport number, driver’s license number, or similar identifier (or any portion thereof); financial or credit information, credit or debit card number; information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning a person’s health, sex life or sexual orientation, or data relating to criminal convictions and offenses; or Personal Data relating to children.
"Standard Contractual Clauses" means (a) in respect of transfers of Personal Data Subject to the GDPR, the Standard Contractual Clauses between controllers and processors, and between processors and processors, as approved by the relevant jurisdiction’s authorities.
"Processor" means any third party that carries out specific Processing activities of Personal Data under Company's instructions.
3. PRINCIPLES
3.1. While Processing Personal Data, Company will respect the following principles:
Fairness and Lawfulness - when Processing Personal Data, the individual rights of the Data Subjects must be protected. Personal Data must be collected and processed lawfully, in a fair manner, in good faith and must be proportionate to the objective.
Purpose Limitation - Personal Data handled by Company should be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the types of Personal Data collected are not excessive for the purpose for which they are collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.
Transparency - the Data Subjects must be informed of how Visitors' Personal Data is being handled. When the Personal Data is collected, the Data Subject must be informed of:
The existence of the present Privacy Notice
The identity of the Controller
The purpose of Personal Data Processing
Whether the Personal Data is disclosed to Third-parties
Accuracy - Personal Data kept on file must be correct and if necessary, kept up to date. Inaccurate or incomplete Personal Data should not be kept on file and deleted.
4. PRIVACY BY DESIGN
4.1. The Company will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures in order to meet the requirements of the applicable Data Protection Laws, and protect Visitors' rights.
4.2. The Company will implement appropriate technical and organizational measures for ensuring that, by default, only Personal Data which are necessary for each specific purpose of the Processing are processed. This obligation applies to the amount of Personal Data Company collects, the extent of the Processing, the period of storage and accessibility.
5. COLLECTED DATA
5.1. The Company may collect the following types of Personal Data when Visitors visit the Website and use the services.
First NameFamily NameFocal point of economic activities (Region)Company NameJob TitleEmail AddressPhone NumberLinkedInFood PreferencesBioOther information freely provided by the Data Subject
5.2. The Company does not collect Sensitive Data, nor are Company’s services directed to persons under the age of thirteen (13), and the Company does not knowingly collect or process the Personal Data of such persons.
6. PURPOSES AND LEGAL BASIS
6.1. The following table describes the various purposes for which the Company collects and Processes Personal Data. Please note that not all of the uses below will be relevant to every Visitor.
Purpose | Description | Legal basis |
|---|---|---|
Providing Company’s services | Provision of Company’s services | Necessary for the performance of a contract or Company’s legitimate interest to provide and administer Company’s services |
Providing Company’s Website | Operating and administering Company’s Websites and to provide Visitors with the content they access and request | Legitimate interest in providing online content to Company’s Visitors and prospective Visitors regarding Company’s service offering and related information |
Improving Company’s Website | Analyzing overall trends and helping us improve the user experience on Company’s Website | Legitimate interest in providing a relevant and well-functioning website for the benefit of Company’s Website visitors |
Promoting the security of Company’s Website and services | Tracking use of Company’s Website and services, and verifying and investigating any suspicious activity | Legitimate interest in promoting the safety and security of Company’s Website, and in protecting Company’s rights and the rights of others |
Sending communications | Sending marketing information | Legitimate interest in conducting direct marketing or where Visitors have provided prior consent |
Aggregating data | Aggregating data for statistical, research, Website and service improvement and other purposes. Aggregated data cannot lead to Visitors’ identification | Legitimate interest in minimizing the amount of Personal Data processed as part of the noted processing activity |
7 . SECURITY AND RETENTION
7.1. Visitors’ Personal Data is securely hosted on a server based in the European Economic Area (the “EEA”).
7.2. In addition, the Company applies industry standards and adequate technical and organizational measures, in accordance with applicable laws, to ensure that Visitors' data is kept secure.
7.3. In the event of a Personal Data breach, the Company shall without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the breach to the competent Supervisory Authority, unless said breach is unlikely to result in a risk to Visitors’ rights and freedoms. If the breach is likely to result in a high risk to Visitors’ rights and freedoms, the Company shall communicate this breach to the affected Visitors, if it is feasible, without undue delay.
7.4. The Company will store Visitors' Personal Data for as long as necessary to satisfy the purposes for which Visitors' Personal Data was collected or to comply with applicable legal requirements. Visitors' information might be retained for a period based on the contract Visitors have with the Company, in accordance with relevant industry standards or guidelines, and in accordance with the Company's legitimate business interests, including prevention of promotion abuse and similar activities. The Company might further retain information for business practices based on the Company’s legitimate interest such as product and service improvement, fraud prevention, record-keeping, in the event of complaint or enforcing the Company's legal rights.
8. PROCESSORS
8.1. The Company may disclose Personal Data that the Company collects, or Visitors provide, to:
To the Company’s Affiliates.
To Processors including but not limited to contractors, service Providers, and other third parties the Company uses to support its business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which the Company disclose it to them.
8.2. The Company may share Visitors' Personal Data to any other relevant third parties, in particular if the Company is requested to do so to comply with a court order or law enforcement authorities request, or if the Company find it necessary, as determined in the Company’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend its interest or as otherwise required or permitted by law.
8.3. Unless otherwise stated, the Processors who receive data from the Company are prohibited to use this Personal Data beyond what is necessary.
9. TRANSFERS
9.1. If transferring Personal Data, the Company is committed to ensuring that the data importer maintains materially similar security measures for storage and Processing of Personal Data as the Company does.
9.2. Transfers from the EEA to countries that offer an adequate level of data protection. Personal Data may be transferred from EU Member States and Norway, Iceland, and Liechtenstein (“EEA”) to countries that offer an adequate level of data protection under or pursuant to the adequacy decisions (the “Adequacy Decisions”), as applicable, without any further safeguard being necessary.
9.3. Transfers from the EEA to other countries. If the Processing of Personal Data by Processor includes a transfer (either directly or via onward transfer) to other countries that have not been subject to a relevant Adequacy Decision, and such transfers are not performed through an alternative compliance mechanism recognized by Data Protection Laws (as may be adopted by Processor in its own discretion), the terms set forth in the applicable Standard Contractual Clauses shall apply.
10. LINKS
10.1. The Website may contain links which direct Visitors to third party websites. The Company rejects any liability relating to the privacy rules in force on said third party websites, the collection and use of Visitors' Personal Data by the latter and relating to the contents of said websites.
11. DATA SUBJECT RIGHTS
11.1. As Data Subjects, Visitors shall have one or more of the following data subject rights with respect to the Personal Data that the Company Processes.
Access – Visitors have a right to access Visitors' Personal Data, including receiving a copy, and to obtain certain information about the Company’s processing activities.
Rectification – the GDPR grants Visitors the right to correct inaccurate Personal Data and/or complete incomplete Personal Data.
Deletion – Visitors have the right to request erasure of Personal Data (the right to be forgotten). The Company shall take reasonable steps to inform any other Processors also processing the data.
Restrict Processing – Visitors have the right to restrict processing of Personal Data, under certain circumstances.
Portability – Visitors have the right to data portability to:
receive a copy of the Personal Data in a structured, commonly used and machine-readable format;
transmit the Personal Data to another data controller (including directly by another data controller where possible).
Object – Visitors have the right to object to processing for profiling, direct marketing, and statistical, scientific, or historical research purposes.
Automated decision making – Visitors have the right to not be subject to automated decision making, including profiling, which has legal or other significant effects on Visitors.
Withdraw consent – Visitors may, at any time, withdraw Visitors' consent to the Company’s processing when the processing is based solely on Visitors' consent.
11.2. These rights can be exercised by writing to the Company. Upon receipt of Visitors' requests, the Company shall reply without undue delay and within the applicable statutory deadlines. If the request is submitted by a person other than the Visitor, without providing evidence that the request is legitimately made on Visitors' behalf, the request will be rejected.
11.3. Any request to exercise rights is free of charge unless Visitors' request is unfounded or excessive (e.g. if Visitors have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such a case, the Company may charge Visitors a reasonable request fee according to applicable Data Protection Laws.
11.4. The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
12. CHANGES
12.1. The Company reserves the right to make any changes to this Privacy Notice at any time, as the Company deems necessary or desirable. If the Company makes any material changes restricting or affecting in any way Visitors' rights, the Company may notify Visitors prior to the change becoming effective.
12.2. Visitors’ continued use of the Website after any such changes shall constitute Visitors' consent to such changes. If Visitors do not agree to any given modifications to this Privacy Notice, Visitors should stop using the Website.
13. CONTACT
13.1. Please contact the Company at the address below and the Company will treat Visitors' requests or complaints confidentially.
● Email - network@thebridge.bg
● Address - 19 Triaditsa, Sofia, Bulgaria
13.2. If Visitors feel their Personal Data has been mishandled or if the Company has failed to meet Visitors' expectations, Visitors are encouraged to contact the Company but Visitors are entitled to complain directly to the relevant Supervisory Authority.
1. INTRODUCTION
1.1. This Privacy Notice (“Privacy Notice”) governs the privacy relations between Website Visitors, and The Bridge Global Ltd (the “Company”), in regard to how the Company processes and protects Visitors' personal data when visiting and using the https://shop.thebridge.bg/
and its subdomains (the “Website”). The Company encourages Visitors to seek out and read the Privacy Notice to understand how the information that the Company collects about them is used and protected.
1.2. The Privacy Notice is reviewed regularly to ensure that any new services or updates, as well as any changes to the Company's model and practices are taken into consideration. Visitors' continued use of the Website after the Company makes changes is deemed to be acceptance of those changes, so please review the Privacy Notice periodically for updates.
1.3. Unless stated otherwise herein, references shall be made to the Company Terms of Use, and all the defined terms used in this Privacy Notice, shall have the same meaning as the one given to them in these terms, as the case may be.
2. DEFINITIONS
"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control", for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
"CCPA" means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. Seq, and its implementing regulations, as may be amended from time to time.
"Controller" means The Bridge Global Ltd, EIC 206919585, a company duly registered under the laws of the Republic of Bulgaria.
"Data Protection Laws" means all applicable and binding privacy and data protection laws and regulations, including those of the European Union, the European Economic Area and Visitors' Member States, Switzerland, the United Kingdom, Canada, Israel and the United States of America, including the GDPR, the UK GDPR, and the CCPA, applicable to, and in effect at the time of, the Processing of Personal Data hereunder.
"Data Subject" means the identified or identifiable person to whom the Personal Data relates.
"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
"Personal Data" or "Personal Information" means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to or with an identified or identifiable natural person or Visitor, which is processed by Company solely on behalf of the Visitor.
"Sensitive Data" means Personal Data that is protected under a special legislation and requires unique treatment, such as “special categories of data”, “sensitive data” or other materially similar terms under applicable Data Protection Laws, which may include any of the following: social security number, tax file number, passport number, driver’s license number, or similar identifier (or any portion thereof); financial or credit information, credit or debit card number; information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning a person’s health, sex life or sexual orientation, or data relating to criminal convictions and offenses; or Personal Data relating to children.
"Standard Contractual Clauses" means (a) in respect of transfers of Personal Data Subject to the GDPR, the Standard Contractual Clauses between controllers and processors, and between processors and processors, as approved by the relevant jurisdiction’s authorities.
"Processor" means any third party that carries out specific Processing activities of Personal Data under Company's instructions.
3. PRINCIPLES
3.1. While Processing Personal Data, Company will respect the following principles:
Fairness and Lawfulness - when Processing Personal Data, the individual rights of the Data Subjects must be protected. Personal Data must be collected and processed lawfully, in a fair manner, in good faith and must be proportionate to the objective.
Purpose Limitation - Personal Data handled by Company should be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the types of Personal Data collected are not excessive for the purpose for which they are collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.
Transparency - the Data Subjects must be informed of how Visitors' Personal Data is being handled. When the Personal Data is collected, the Data Subject must be informed of:
The existence of the present Privacy Notice
The identity of the Controller
The purpose of Personal Data Processing
Whether the Personal Data is disclosed to Third-parties
Accuracy - Personal Data kept on file must be correct and if necessary, kept up to date. Inaccurate or incomplete Personal Data should not be kept on file and deleted.
4. PRIVACY BY DESIGN
4.1. The Company will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures in order to meet the requirements of the applicable Data Protection Laws, and protect Visitors' rights.
4.2. The Company will implement appropriate technical and organizational measures for ensuring that, by default, only Personal Data which are necessary for each specific purpose of the Processing are processed. This obligation applies to the amount of Personal Data Company collects, the extent of the Processing, the period of storage and accessibility.
5. COLLECTED DATA
5.1. The Company may collect the following types of Personal Data when Visitors visit the Website and use the services.
First NameFamily NameFocal point of economic activities (Region)Company NameJob TitleEmail AddressPhone NumberLinkedInFood PreferencesBioOther information freely provided by the Data Subject
5.2. The Company does not collect Sensitive Data, nor are Company’s services directed to persons under the age of thirteen (13), and the Company does not knowingly collect or process the Personal Data of such persons.
6. PURPOSES AND LEGAL BASIS
6.1. The following table describes the various purposes for which the Company collects and Processes Personal Data. Please note that not all of the uses below will be relevant to every Visitor.
Purpose | Description | Legal basis |
|---|---|---|
Providing Company’s services | Provision of Company’s services | Necessary for the performance of a contract or Company’s legitimate interest to provide and administer Company’s services |
Providing Company’s Website | Operating and administering Company’s Websites and to provide Visitors with the content they access and request | Legitimate interest in providing online content to Company’s Visitors and prospective Visitors regarding Company’s service offering and related information |
Improving Company’s Website | Analyzing overall trends and helping us improve the user experience on Company’s Website | Legitimate interest in providing a relevant and well-functioning website for the benefit of Company’s Website visitors |
Promoting the security of Company’s Website and services | Tracking use of Company’s Website and services, and verifying and investigating any suspicious activity | Legitimate interest in promoting the safety and security of Company’s Website, and in protecting Company’s rights and the rights of others |
Sending communications | Sending marketing information | Legitimate interest in conducting direct marketing or where Visitors have provided prior consent |
Aggregating data | Aggregating data for statistical, research, Website and service improvement and other purposes. Aggregated data cannot lead to Visitors’ identification | Legitimate interest in minimizing the amount of Personal Data processed as part of the noted processing activity |
7 . SECURITY AND RETENTION
7.1. Visitors’ Personal Data is securely hosted on a server based in the European Economic Area (the “EEA”).
7.2. In addition, the Company applies industry standards and adequate technical and organizational measures, in accordance with applicable laws, to ensure that Visitors' data is kept secure.
7.3. In the event of a Personal Data breach, the Company shall without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the breach to the competent Supervisory Authority, unless said breach is unlikely to result in a risk to Visitors’ rights and freedoms. If the breach is likely to result in a high risk to Visitors’ rights and freedoms, the Company shall communicate this breach to the affected Visitors, if it is feasible, without undue delay.
7.4. The Company will store Visitors' Personal Data for as long as necessary to satisfy the purposes for which Visitors' Personal Data was collected or to comply with applicable legal requirements. Visitors' information might be retained for a period based on the contract Visitors have with the Company, in accordance with relevant industry standards or guidelines, and in accordance with the Company's legitimate business interests, including prevention of promotion abuse and similar activities. The Company might further retain information for business practices based on the Company’s legitimate interest such as product and service improvement, fraud prevention, record-keeping, in the event of complaint or enforcing the Company's legal rights.
8. PROCESSORS
8.1. The Company may disclose Personal Data that the Company collects, or Visitors provide, to:
To the Company’s Affiliates.
To Processors including but not limited to contractors, service Providers, and other third parties the Company uses to support its business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which the Company disclose it to them.
8.2. The Company may share Visitors' Personal Data to any other relevant third parties, in particular if the Company is requested to do so to comply with a court order or law enforcement authorities request, or if the Company find it necessary, as determined in the Company’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend its interest or as otherwise required or permitted by law.
8.3. Unless otherwise stated, the Processors who receive data from the Company are prohibited to use this Personal Data beyond what is necessary.
9. TRANSFERS
9.1. If transferring Personal Data, the Company is committed to ensuring that the data importer maintains materially similar security measures for storage and Processing of Personal Data as the Company does.
9.2. Transfers from the EEA to countries that offer an adequate level of data protection. Personal Data may be transferred from EU Member States and Norway, Iceland, and Liechtenstein (“EEA”) to countries that offer an adequate level of data protection under or pursuant to the adequacy decisions (the “Adequacy Decisions”), as applicable, without any further safeguard being necessary.
9.3. Transfers from the EEA to other countries. If the Processing of Personal Data by Processor includes a transfer (either directly or via onward transfer) to other countries that have not been subject to a relevant Adequacy Decision, and such transfers are not performed through an alternative compliance mechanism recognized by Data Protection Laws (as may be adopted by Processor in its own discretion), the terms set forth in the applicable Standard Contractual Clauses shall apply.
10. LINKS
10.1. The Website may contain links which direct Visitors to third party websites. The Company rejects any liability relating to the privacy rules in force on said third party websites, the collection and use of Visitors' Personal Data by the latter and relating to the contents of said websites.
11. DATA SUBJECT RIGHTS
11.1. As Data Subjects, Visitors shall have one or more of the following data subject rights with respect to the Personal Data that the Company Processes.
Access – Visitors have a right to access Visitors' Personal Data, including receiving a copy, and to obtain certain information about the Company’s processing activities.
Rectification – the GDPR grants Visitors the right to correct inaccurate Personal Data and/or complete incomplete Personal Data.
Deletion – Visitors have the right to request erasure of Personal Data (the right to be forgotten). The Company shall take reasonable steps to inform any other Processors also processing the data.
Restrict Processing – Visitors have the right to restrict processing of Personal Data, under certain circumstances.
Portability – Visitors have the right to data portability to:
receive a copy of the Personal Data in a structured, commonly used and machine-readable format;
transmit the Personal Data to another data controller (including directly by another data controller where possible).
Object – Visitors have the right to object to processing for profiling, direct marketing, and statistical, scientific, or historical research purposes.
Automated decision making – Visitors have the right to not be subject to automated decision making, including profiling, which has legal or other significant effects on Visitors.
Withdraw consent – Visitors may, at any time, withdraw Visitors' consent to the Company’s processing when the processing is based solely on Visitors' consent.
11.2. These rights can be exercised by writing to the Company. Upon receipt of Visitors' requests, the Company shall reply without undue delay and within the applicable statutory deadlines. If the request is submitted by a person other than the Visitor, without providing evidence that the request is legitimately made on Visitors' behalf, the request will be rejected.
11.3. Any request to exercise rights is free of charge unless Visitors' request is unfounded or excessive (e.g. if Visitors have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such a case, the Company may charge Visitors a reasonable request fee according to applicable Data Protection Laws.
11.4. The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
12. CHANGES
12.1. The Company reserves the right to make any changes to this Privacy Notice at any time, as the Company deems necessary or desirable. If the Company makes any material changes restricting or affecting in any way Visitors' rights, the Company may notify Visitors prior to the change becoming effective.
12.2. Visitors’ continued use of the Website after any such changes shall constitute Visitors' consent to such changes. If Visitors do not agree to any given modifications to this Privacy Notice, Visitors should stop using the Website.
13. CONTACT
13.1. Please contact the Company at the address below and the Company will treat Visitors' requests or complaints confidentially.
● Email - network@thebridge.bg
● Address - 19 Triaditsa, Sofia, Bulgaria
13.2. If Visitors feel their Personal Data has been mishandled or if the Company has failed to meet Visitors' expectations, Visitors are encouraged to contact the Company but Visitors are entitled to complain directly to the relevant Supervisory Authority.
1. INTRODUCTION
1.1. This Privacy Notice (“Privacy Notice”) governs the privacy relations between Website Visitors, and The Bridge Global Ltd (the “Company”), in regard to how the Company processes and protects Visitors' personal data when visiting and using the https://shop.thebridge.bg/
and its subdomains (the “Website”). The Company encourages Visitors to seek out and read the Privacy Notice to understand how the information that the Company collects about them is used and protected.
1.2. The Privacy Notice is reviewed regularly to ensure that any new services or updates, as well as any changes to the Company's model and practices are taken into consideration. Visitors' continued use of the Website after the Company makes changes is deemed to be acceptance of those changes, so please review the Privacy Notice periodically for updates.
1.3. Unless stated otherwise herein, references shall be made to the Company Terms of Use, and all the defined terms used in this Privacy Notice, shall have the same meaning as the one given to them in these terms, as the case may be.
2. DEFINITIONS
"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control", for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
"CCPA" means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. Seq, and its implementing regulations, as may be amended from time to time.
"Controller" means The Bridge Global Ltd, EIC 206919585, a company duly registered under the laws of the Republic of Bulgaria.
"Data Protection Laws" means all applicable and binding privacy and data protection laws and regulations, including those of the European Union, the European Economic Area and Visitors' Member States, Switzerland, the United Kingdom, Canada, Israel and the United States of America, including the GDPR, the UK GDPR, and the CCPA, applicable to, and in effect at the time of, the Processing of Personal Data hereunder.
"Data Subject" means the identified or identifiable person to whom the Personal Data relates.
"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
"Personal Data" or "Personal Information" means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to or with an identified or identifiable natural person or Visitor, which is processed by Company solely on behalf of the Visitor.
"Sensitive Data" means Personal Data that is protected under a special legislation and requires unique treatment, such as “special categories of data”, “sensitive data” or other materially similar terms under applicable Data Protection Laws, which may include any of the following: social security number, tax file number, passport number, driver’s license number, or similar identifier (or any portion thereof); financial or credit information, credit or debit card number; information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning a person’s health, sex life or sexual orientation, or data relating to criminal convictions and offenses; or Personal Data relating to children.
"Standard Contractual Clauses" means (a) in respect of transfers of Personal Data Subject to the GDPR, the Standard Contractual Clauses between controllers and processors, and between processors and processors, as approved by the relevant jurisdiction’s authorities.
"Processor" means any third party that carries out specific Processing activities of Personal Data under Company's instructions.
3. PRINCIPLES
3.1. While Processing Personal Data, Company will respect the following principles:
Fairness and Lawfulness - when Processing Personal Data, the individual rights of the Data Subjects must be protected. Personal Data must be collected and processed lawfully, in a fair manner, in good faith and must be proportionate to the objective.
Purpose Limitation - Personal Data handled by Company should be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the types of Personal Data collected are not excessive for the purpose for which they are collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.
Transparency - the Data Subjects must be informed of how Visitors' Personal Data is being handled. When the Personal Data is collected, the Data Subject must be informed of:
The existence of the present Privacy Notice
The identity of the Controller
The purpose of Personal Data Processing
Whether the Personal Data is disclosed to Third-parties
Accuracy - Personal Data kept on file must be correct and if necessary, kept up to date. Inaccurate or incomplete Personal Data should not be kept on file and deleted.
4. PRIVACY BY DESIGN
4.1. The Company will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures in order to meet the requirements of the applicable Data Protection Laws, and protect Visitors' rights.
4.2. The Company will implement appropriate technical and organizational measures for ensuring that, by default, only Personal Data which are necessary for each specific purpose of the Processing are processed. This obligation applies to the amount of Personal Data Company collects, the extent of the Processing, the period of storage and accessibility.
5. COLLECTED DATA
5.1. The Company may collect the following types of Personal Data when Visitors visit the Website and use the services.
First NameFamily NameFocal point of economic activities (Region)Company NameJob TitleEmail AddressPhone NumberLinkedInFood PreferencesBioOther information freely provided by the Data Subject
5.2. The Company does not collect Sensitive Data, nor are Company’s services directed to persons under the age of thirteen (13), and the Company does not knowingly collect or process the Personal Data of such persons.
6. PURPOSES AND LEGAL BASIS
6.1. The following table describes the various purposes for which the Company collects and Processes Personal Data. Please note that not all of the uses below will be relevant to every Visitor.
Purpose | Description | Legal basis |
|---|---|---|
Providing Company’s services | Provision of Company’s services | Necessary for the performance of a contract or Company’s legitimate interest to provide and administer Company’s services |
Providing Company’s Website | Operating and administering Company’s Websites and to provide Visitors with the content they access and request | Legitimate interest in providing online content to Company’s Visitors and prospective Visitors regarding Company’s service offering and related information |
Improving Company’s Website | Analyzing overall trends and helping us improve the user experience on Company’s Website | Legitimate interest in providing a relevant and well-functioning website for the benefit of Company’s Website visitors |
Promoting the security of Company’s Website and services | Tracking use of Company’s Website and services, and verifying and investigating any suspicious activity | Legitimate interest in promoting the safety and security of Company’s Website, and in protecting Company’s rights and the rights of others |
Sending communications | Sending marketing information | Legitimate interest in conducting direct marketing or where Visitors have provided prior consent |
Aggregating data | Aggregating data for statistical, research, Website and service improvement and other purposes. Aggregated data cannot lead to Visitors’ identification | Legitimate interest in minimizing the amount of Personal Data processed as part of the noted processing activity |
7 . SECURITY AND RETENTION
7.1. Visitors’ Personal Data is securely hosted on a server based in the European Economic Area (the “EEA”).
7.2. In addition, the Company applies industry standards and adequate technical and organizational measures, in accordance with applicable laws, to ensure that Visitors' data is kept secure.
7.3. In the event of a Personal Data breach, the Company shall without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the breach to the competent Supervisory Authority, unless said breach is unlikely to result in a risk to Visitors’ rights and freedoms. If the breach is likely to result in a high risk to Visitors’ rights and freedoms, the Company shall communicate this breach to the affected Visitors, if it is feasible, without undue delay.
7.4. The Company will store Visitors' Personal Data for as long as necessary to satisfy the purposes for which Visitors' Personal Data was collected or to comply with applicable legal requirements. Visitors' information might be retained for a period based on the contract Visitors have with the Company, in accordance with relevant industry standards or guidelines, and in accordance with the Company's legitimate business interests, including prevention of promotion abuse and similar activities. The Company might further retain information for business practices based on the Company’s legitimate interest such as product and service improvement, fraud prevention, record-keeping, in the event of complaint or enforcing the Company's legal rights.
8. PROCESSORS
8.1. The Company may disclose Personal Data that the Company collects, or Visitors provide, to:
To the Company’s Affiliates.
To Processors including but not limited to contractors, service Providers, and other third parties the Company uses to support its business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which the Company disclose it to them.
8.2. The Company may share Visitors' Personal Data to any other relevant third parties, in particular if the Company is requested to do so to comply with a court order or law enforcement authorities request, or if the Company find it necessary, as determined in the Company’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend its interest or as otherwise required or permitted by law.
8.3. Unless otherwise stated, the Processors who receive data from the Company are prohibited to use this Personal Data beyond what is necessary.
9. TRANSFERS
9.1. If transferring Personal Data, the Company is committed to ensuring that the data importer maintains materially similar security measures for storage and Processing of Personal Data as the Company does.
9.2. Transfers from the EEA to countries that offer an adequate level of data protection. Personal Data may be transferred from EU Member States and Norway, Iceland, and Liechtenstein (“EEA”) to countries that offer an adequate level of data protection under or pursuant to the adequacy decisions (the “Adequacy Decisions”), as applicable, without any further safeguard being necessary.
9.3. Transfers from the EEA to other countries. If the Processing of Personal Data by Processor includes a transfer (either directly or via onward transfer) to other countries that have not been subject to a relevant Adequacy Decision, and such transfers are not performed through an alternative compliance mechanism recognized by Data Protection Laws (as may be adopted by Processor in its own discretion), the terms set forth in the applicable Standard Contractual Clauses shall apply.
10. LINKS
10.1. The Website may contain links which direct Visitors to third party websites. The Company rejects any liability relating to the privacy rules in force on said third party websites, the collection and use of Visitors' Personal Data by the latter and relating to the contents of said websites.
11. DATA SUBJECT RIGHTS
11.1. As Data Subjects, Visitors shall have one or more of the following data subject rights with respect to the Personal Data that the Company Processes.
Access – Visitors have a right to access Visitors' Personal Data, including receiving a copy, and to obtain certain information about the Company’s processing activities.
Rectification – the GDPR grants Visitors the right to correct inaccurate Personal Data and/or complete incomplete Personal Data.
Deletion – Visitors have the right to request erasure of Personal Data (the right to be forgotten). The Company shall take reasonable steps to inform any other Processors also processing the data.
Restrict Processing – Visitors have the right to restrict processing of Personal Data, under certain circumstances.
Portability – Visitors have the right to data portability to:
receive a copy of the Personal Data in a structured, commonly used and machine-readable format;
transmit the Personal Data to another data controller (including directly by another data controller where possible).
Object – Visitors have the right to object to processing for profiling, direct marketing, and statistical, scientific, or historical research purposes.
Automated decision making – Visitors have the right to not be subject to automated decision making, including profiling, which has legal or other significant effects on Visitors.
Withdraw consent – Visitors may, at any time, withdraw Visitors' consent to the Company’s processing when the processing is based solely on Visitors' consent.
11.2. These rights can be exercised by writing to the Company. Upon receipt of Visitors' requests, the Company shall reply without undue delay and within the applicable statutory deadlines. If the request is submitted by a person other than the Visitor, without providing evidence that the request is legitimately made on Visitors' behalf, the request will be rejected.
11.3. Any request to exercise rights is free of charge unless Visitors' request is unfounded or excessive (e.g. if Visitors have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such a case, the Company may charge Visitors a reasonable request fee according to applicable Data Protection Laws.
11.4. The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
12. CHANGES
12.1. The Company reserves the right to make any changes to this Privacy Notice at any time, as the Company deems necessary or desirable. If the Company makes any material changes restricting or affecting in any way Visitors' rights, the Company may notify Visitors prior to the change becoming effective.
12.2. Visitors’ continued use of the Website after any such changes shall constitute Visitors' consent to such changes. If Visitors do not agree to any given modifications to this Privacy Notice, Visitors should stop using the Website.
13. CONTACT
13.1. Please contact the Company at the address below and the Company will treat Visitors' requests or complaints confidentially.
● Email - network@thebridge.bg
● Address - 19 Triaditsa, Sofia, Bulgaria
13.2. If Visitors feel their Personal Data has been mishandled or if the Company has failed to meet Visitors' expectations, Visitors are encouraged to contact the Company but Visitors are entitled to complain directly to the relevant Supervisory Authority.
1. INTRODUCTION
1.1. This Privacy Notice (“Privacy Notice”) governs the privacy relations between Website Visitors, and The Bridge Global Ltd (the “Company”), in regard to how the Company processes and protects Visitors' personal data when visiting and using the https://shop.thebridge.bg/
and its subdomains (the “Website”). The Company encourages Visitors to seek out and read the Privacy Notice to understand how the information that the Company collects about them is used and protected.
1.2. The Privacy Notice is reviewed regularly to ensure that any new services or updates, as well as any changes to the Company's model and practices are taken into consideration. Visitors' continued use of the Website after the Company makes changes is deemed to be acceptance of those changes, so please review the Privacy Notice periodically for updates.
1.3. Unless stated otherwise herein, references shall be made to the Company Terms of Use, and all the defined terms used in this Privacy Notice, shall have the same meaning as the one given to them in these terms, as the case may be.
2. DEFINITIONS
"Affiliate" means any entity that directly or indirectly controls, is controlled by, or is under common control with the subject entity. "Control", for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.
"CCPA" means the California Consumer Privacy Act of 2018, Cal. Civ. Code §§ 1798.100 et. Seq, and its implementing regulations, as may be amended from time to time.
"Controller" means The Bridge Global Ltd, EIC 206919585, a company duly registered under the laws of the Republic of Bulgaria.
"Data Protection Laws" means all applicable and binding privacy and data protection laws and regulations, including those of the European Union, the European Economic Area and Visitors' Member States, Switzerland, the United Kingdom, Canada, Israel and the United States of America, including the GDPR, the UK GDPR, and the CCPA, applicable to, and in effect at the time of, the Processing of Personal Data hereunder.
"Data Subject" means the identified or identifiable person to whom the Personal Data relates.
"GDPR" means the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
"Personal Data" or "Personal Information" means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, to or with an identified or identifiable natural person or Visitor, which is processed by Company solely on behalf of the Visitor.
"Sensitive Data" means Personal Data that is protected under a special legislation and requires unique treatment, such as “special categories of data”, “sensitive data” or other materially similar terms under applicable Data Protection Laws, which may include any of the following: social security number, tax file number, passport number, driver’s license number, or similar identifier (or any portion thereof); financial or credit information, credit or debit card number; information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data or biometric data for the purpose of uniquely identifying a natural person, data concerning a person’s health, sex life or sexual orientation, or data relating to criminal convictions and offenses; or Personal Data relating to children.
"Standard Contractual Clauses" means (a) in respect of transfers of Personal Data Subject to the GDPR, the Standard Contractual Clauses between controllers and processors, and between processors and processors, as approved by the relevant jurisdiction’s authorities.
"Processor" means any third party that carries out specific Processing activities of Personal Data under Company's instructions.
3. PRINCIPLES
3.1. While Processing Personal Data, Company will respect the following principles:
Fairness and Lawfulness - when Processing Personal Data, the individual rights of the Data Subjects must be protected. Personal Data must be collected and processed lawfully, in a fair manner, in good faith and must be proportionate to the objective.
Purpose Limitation - Personal Data handled by Company should be adequate and relevant to the purpose for which they are collected and processed. This requires, in particular, ensuring that the types of Personal Data collected are not excessive for the purpose for which they are collected. Subsequent changes to the purpose are only possible to a limited extent and require substantiation.
Transparency - the Data Subjects must be informed of how Visitors' Personal Data is being handled. When the Personal Data is collected, the Data Subject must be informed of:
The existence of the present Privacy Notice
The identity of the Controller
The purpose of Personal Data Processing
Whether the Personal Data is disclosed to Third-parties
Accuracy - Personal Data kept on file must be correct and if necessary, kept up to date. Inaccurate or incomplete Personal Data should not be kept on file and deleted.
4. PRIVACY BY DESIGN
4.1. The Company will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures in order to meet the requirements of the applicable Data Protection Laws, and protect Visitors' rights.
4.2. The Company will implement appropriate technical and organizational measures for ensuring that, by default, only Personal Data which are necessary for each specific purpose of the Processing are processed. This obligation applies to the amount of Personal Data Company collects, the extent of the Processing, the period of storage and accessibility.
5. COLLECTED DATA
5.1. The Company may collect the following types of Personal Data when Visitors visit the Website and use the services.
First NameFamily NameFocal point of economic activities (Region)Company NameJob TitleEmail AddressPhone NumberLinkedInFood PreferencesBioOther information freely provided by the Data Subject
5.2. The Company does not collect Sensitive Data, nor are Company’s services directed to persons under the age of thirteen (13), and the Company does not knowingly collect or process the Personal Data of such persons.
6. PURPOSES AND LEGAL BASIS
6.1. The following table describes the various purposes for which the Company collects and Processes Personal Data. Please note that not all of the uses below will be relevant to every Visitor.
Purpose | Description | Legal basis |
|---|---|---|
Providing Company’s services | Provision of Company’s services | Necessary for the performance of a contract or Company’s legitimate interest to provide and administer Company’s services |
Providing Company’s Website | Operating and administering Company’s Websites and to provide Visitors with the content they access and request | Legitimate interest in providing online content to Company’s Visitors and prospective Visitors regarding Company’s service offering and related information |
Improving Company’s Website | Analyzing overall trends and helping us improve the user experience on Company’s Website | Legitimate interest in providing a relevant and well-functioning website for the benefit of Company’s Website visitors |
Promoting the security of Company’s Website and services | Tracking use of Company’s Website and services, and verifying and investigating any suspicious activity | Legitimate interest in promoting the safety and security of Company’s Website, and in protecting Company’s rights and the rights of others |
Sending communications | Sending marketing information | Legitimate interest in conducting direct marketing or where Visitors have provided prior consent |
Aggregating data | Aggregating data for statistical, research, Website and service improvement and other purposes. Aggregated data cannot lead to Visitors’ identification | Legitimate interest in minimizing the amount of Personal Data processed as part of the noted processing activity |
7 . SECURITY AND RETENTION
7.1. Visitors’ Personal Data is securely hosted on a server based in the European Economic Area (the “EEA”).
7.2. In addition, the Company applies industry standards and adequate technical and organizational measures, in accordance with applicable laws, to ensure that Visitors' data is kept secure.
7.3. In the event of a Personal Data breach, the Company shall without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the breach to the competent Supervisory Authority, unless said breach is unlikely to result in a risk to Visitors’ rights and freedoms. If the breach is likely to result in a high risk to Visitors’ rights and freedoms, the Company shall communicate this breach to the affected Visitors, if it is feasible, without undue delay.
7.4. The Company will store Visitors' Personal Data for as long as necessary to satisfy the purposes for which Visitors' Personal Data was collected or to comply with applicable legal requirements. Visitors' information might be retained for a period based on the contract Visitors have with the Company, in accordance with relevant industry standards or guidelines, and in accordance with the Company's legitimate business interests, including prevention of promotion abuse and similar activities. The Company might further retain information for business practices based on the Company’s legitimate interest such as product and service improvement, fraud prevention, record-keeping, in the event of complaint or enforcing the Company's legal rights.
8. PROCESSORS
8.1. The Company may disclose Personal Data that the Company collects, or Visitors provide, to:
To the Company’s Affiliates.
To Processors including but not limited to contractors, service Providers, and other third parties the Company uses to support its business and who are bound by contractual obligations to keep Personal Data confidential and use it only for the purposes for which the Company disclose it to them.
8.2. The Company may share Visitors' Personal Data to any other relevant third parties, in particular if the Company is requested to do so to comply with a court order or law enforcement authorities request, or if the Company find it necessary, as determined in the Company’s sole discretion, to investigate, prevent or take action regarding illegal activities, to defend its interest or as otherwise required or permitted by law.
8.3. Unless otherwise stated, the Processors who receive data from the Company are prohibited to use this Personal Data beyond what is necessary.
9. TRANSFERS
9.1. If transferring Personal Data, the Company is committed to ensuring that the data importer maintains materially similar security measures for storage and Processing of Personal Data as the Company does.
9.2. Transfers from the EEA to countries that offer an adequate level of data protection. Personal Data may be transferred from EU Member States and Norway, Iceland, and Liechtenstein (“EEA”) to countries that offer an adequate level of data protection under or pursuant to the adequacy decisions (the “Adequacy Decisions”), as applicable, without any further safeguard being necessary.
9.3. Transfers from the EEA to other countries. If the Processing of Personal Data by Processor includes a transfer (either directly or via onward transfer) to other countries that have not been subject to a relevant Adequacy Decision, and such transfers are not performed through an alternative compliance mechanism recognized by Data Protection Laws (as may be adopted by Processor in its own discretion), the terms set forth in the applicable Standard Contractual Clauses shall apply.
10. LINKS
10.1. The Website may contain links which direct Visitors to third party websites. The Company rejects any liability relating to the privacy rules in force on said third party websites, the collection and use of Visitors' Personal Data by the latter and relating to the contents of said websites.
11. DATA SUBJECT RIGHTS
11.1. As Data Subjects, Visitors shall have one or more of the following data subject rights with respect to the Personal Data that the Company Processes.
Access – Visitors have a right to access Visitors' Personal Data, including receiving a copy, and to obtain certain information about the Company’s processing activities.
Rectification – the GDPR grants Visitors the right to correct inaccurate Personal Data and/or complete incomplete Personal Data.
Deletion – Visitors have the right to request erasure of Personal Data (the right to be forgotten). The Company shall take reasonable steps to inform any other Processors also processing the data.
Restrict Processing – Visitors have the right to restrict processing of Personal Data, under certain circumstances.
Portability – Visitors have the right to data portability to:
receive a copy of the Personal Data in a structured, commonly used and machine-readable format;
transmit the Personal Data to another data controller (including directly by another data controller where possible).
Object – Visitors have the right to object to processing for profiling, direct marketing, and statistical, scientific, or historical research purposes.
Automated decision making – Visitors have the right to not be subject to automated decision making, including profiling, which has legal or other significant effects on Visitors.
Withdraw consent – Visitors may, at any time, withdraw Visitors' consent to the Company’s processing when the processing is based solely on Visitors' consent.
11.2. These rights can be exercised by writing to the Company. Upon receipt of Visitors' requests, the Company shall reply without undue delay and within the applicable statutory deadlines. If the request is submitted by a person other than the Visitor, without providing evidence that the request is legitimately made on Visitors' behalf, the request will be rejected.
11.3. Any request to exercise rights is free of charge unless Visitors' request is unfounded or excessive (e.g. if Visitors have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such a case, the Company may charge Visitors a reasonable request fee according to applicable Data Protection Laws.
11.4. The Company may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
12. CHANGES
12.1. The Company reserves the right to make any changes to this Privacy Notice at any time, as the Company deems necessary or desirable. If the Company makes any material changes restricting or affecting in any way Visitors' rights, the Company may notify Visitors prior to the change becoming effective.
12.2. Visitors’ continued use of the Website after any such changes shall constitute Visitors' consent to such changes. If Visitors do not agree to any given modifications to this Privacy Notice, Visitors should stop using the Website.
13. CONTACT
13.1. Please contact the Company at the address below and the Company will treat Visitors' requests or complaints confidentially.
● Email - network@thebridge.bg
● Address - 19 Triaditsa, Sofia, Bulgaria
13.2. If Visitors feel their Personal Data has been mishandled or if the Company has failed to meet Visitors' expectations, Visitors are encouraged to contact the Company but Visitors are entitled to complain directly to the relevant Supervisory Authority.
© 2024 The Bridge. All rights reserved.
© 2024 The Bridge. All rights reserved.