Subscribe to our newsletter
Submit your email
PERSONAL DATA PROCESSING AND PROTECTION POLICY
On 28.05.2018 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”) entered into force.
The present Personal Data Processing and Protection Policy (hereinafter referred to as the “Policy”) is intended to inform users about what kind of personal data is processed by “DORADO 1” EOOD (hereinafter referred to as the “Personal Data Controller” or only the “Controller”) in connection with visiting and using www.mallofsofia.bg website, including participation in our promotional campaigns, games, events, receiving our newsletter, and other similar actions. The Policy also concerns the activities related to processing of personal data, which is performed by the Controller when data subjects use the social media pages maintained and managed by the Controller in connection with the activities of Mall of Sofia shopping center, the access and use of external links to the Internet websites of our partners, as well as the relations connected with marketing, management and video surveillance at Mall of Sofia.
In this Policy you can become acquainted with your rights as data subject in relation to the personal data, which is collected, processed and stored by us as Controller within the meaning of Art. 4, item 7 of the GDPR. As Controller, we process your personal data for the purposes, within the terms and in the manner described below, in compliance with the principles and rules set forth in the GDPR and the Bulgarian legislation in force - the Personal Data Protection Act (PDPA).
For the purposes of this Policy, the term “processing” of personal data shall be interpreted in the sense set out in Art. 4, item 2 of the GDPR, namely: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
If you have any questions related to your rights and legitimate interests in relation to the processing of personal data, including issues related to this Policy, you can contact us in any of the following ways:
“DORADO 1” EOOD is a company incorporated in the Republic of Bulgaria, registered in the Commercial Registry under UIC 201476584, with seat and registered address: Sofia 1756, Izgrev district, 5 “Lachezar Stanchev” Str., Sopharma Business Towers complex, building B, floor 7.
“DORADO 1” EOOD is owner of a shopping center, operating under the trademark “Mall of Sofia”. In our shopping center there are more than 130 business premises, including shops of leading international and Bulgarian brands for women's, men's and children's fashion, shoes, accessories and jewelry, home goods, coffee shops, restaurants, fast food and supermarket Billa, 12 cinema halls of Cinema City and the largest IMAX screen in Bulgaria.
In June 2018 the company “DORADO 1” EOOD became part of the family of GTC Group - one of the leading investors in Central, Eastern and Southeastern Europe. Since its establishment in 1994, the group has been building and managing modern first class office buildings and shopping centers throughout the CEE region. GTC Group has been on the Bulgarian market for more than 10 years.
“DORADO 1” EOOD is the Controller of your personal data and the owner of this website: www.mallofsofia.bg.
The personal data protection officer of the Controller is Ms Nelly Naseva.
E-mail address: dataprotection@mallofsofia.bg
III. Types of personal data and categories of subjects, whose personal data is processed by us
We process personal data of the following groups of individuals:
Whenever the collection, process or storage of personal data of persons below the age of 16 years is necessary, „Dorado 1” EOOD shall collect, process or store personal data of such persons only when an explicit consent from their parent/adoptive parent/legal guardian or other person holder of parental responsibilities is received by the Controller.
As a visitor on www.mallofsofia.bg, you have the opportunity to browse all its sections and menus, to search for information on it, without having to enter any of your personal data or register on the website. The lack of registration on our website does not limit in any way your online activity, site navigation, and access to its content.
Keep in mind that the site www.mallofsofia.bg uses the so-called “cookies” in order to offer you better, optimized and up-to-date services, product information, and commercial terms, as well as to provide personalized content to our website users. Through the “cookies”, including other similar technologies, the Controller can obtain specific user information such as: the pages you view; the things you download; the links you follow; the duration of the site visit; your IP address; the domain from which you enter our website, etc. This information helps us learn more about how you use the technologies related to us and to provide you with adequate services and information. For more information about the “cookies”, which we use, please read the Cookies Use Policy published on our website.
In the “Contacts” section you also have the option to send a message to us by entering a name and email address. Entering the specified personal data is not a registration on our website. In this way, you will not be created a profile on which your personal data will be stored or through which you will be subsequently identified.
For each message which you want to address to us through the form on the site, you must re-enter the name and email address in the empty boxes. Your name and email address can be saved on the site if you have allowed the use of the relevant cookies. For more information about the “cookies used by us, please read the Cookies Use Policy published on our website.
On our website you can find a subscription button for our newsletter - you should enter a name, surname and e-mail address. Entering the specified personal data is not a registration on our website. Entering the data aims to include you for the service provided by us under for sending the newsletter of Mall of Sofia to the e-mail address provided by you.
On our page, you can find a button for downloading the application of Mall of Sofia - for mobile phones and other similar portable devices (tablets, laptops, etc.), which work under the respective operating systems “iOS” for “Apple” and “Android” for “Google”.
By using the application you can keep track of the services offered by Mall of Sofia shopping center, such as the cinema program; a useful map of the shopping center sites; information about events, games, promotions and other similar commercial campaigns.
You can also use our mobile application to take advantage of the promotional services of Mall of Sofia for dry cleaning, taxi services and car cleaning /car wash/. Through the application you can scan vouchers to find out in which commercial sites of Mall of Sofia you can shop with them, store your free taxi service coupons, and receive other useful user information directly from your smartphone or tablet in real time.
Keep in mind that in order to use the application, you should grant access /explicit consent/ to your personal information stored on your device, such as access to your camera, in order to scan vouchers, access to your location, etc.
Mall of Sofia has a Facebook page. In this way we are closer to our customers. Our page allows us to communicate with our customers quickly and interactively, to promote events, games and other similar activities organized at Mall of Sofia shopping center by our partners and us. On our page you have the opportunity to rate our shopping center, to share your opinion on the level of service of the shopping center, to communicate with our representative through Facebook, and to keep you up to date with the latest services and products, which we offer.
We monitor the activity of our visitors on our Facebook page, such as the likes of our posts, the number of shares of our posts, etc. When you like our Facebook page, you give us access to some of the personal data you have entered in your Facebook account.
On our website there is a dedicated button for direct access to the Facebook page of Mall of Sofia in order to facilitate our users who want to access the content of the page and to make it easier for you to directly share your opinion about us and our partners.
YOUTUBE
Mall of Sofia has a YouTube channel which aims to advertise the activity of the shopping center and its partners - products, services, events, promotions, etc. You can like our videos, subscribe to our channel, or choose whether to get notifications about our YouTube activity.
We monitor the activity of our visitors on our YouTube channel, such as the number of likes, shares, views, and comments on our videos.
By subscribing to our YouTube channel, you give us access to the data you have entered into your YouTube account.
On our website there is a dedicated button for direct access to our YouTube channel in order to facilitate the visitors of the site who want to access its online content.
Mall of Sofia has a profile on the social network PINTEREST for sharing photos and information, which purpose is to advertise the activity of the shopping center and its partners - products, services, events, promotions, etc.
We monitor the activity of our visitors to our PINTEREST account in order to improve the quality of our services.
By subscribing to our PINTEREST account, you give us access to the data you have entered in your account on this social network.
There is a dedicated button on our website for direct access to our PINTEREST account to facilitate the visitors of the site.
We organize events, games, competitions, promotions, campaigns and other activities (hereinafter collectively referred to as the “Activities”), in which you can participate. If you wish to be part of our Activities - at the Mall of Sofia shopping center or any of our social networks, your personal data may be collected and processed by the Controller, and details about it will be given in the terms and conditions of the Activity itself. By participating in the Activity in the provided way, you agree that your personal data will be processed for the purposes of the relevant marketing activities.
For the purposes of the relevant Activity, as Controller we can process the following personal data for limited time and for the relevant marketing purposes: names, e-mail address, phone, photos, videos, data from social networks to which we have access, etc. depending on the conditions of the respective Activity.
- for carrying out the respective Activity - up to 14 days after ending the respective Activity for the data of the participants.
- in respect of the personal data contained in the documents related to fulfillment of our obligations arising from contractual relations between us and the winners - 5 years after fulfillment of all obligations of the parties under the contractual obligation;
- Within the terms specified in art. 12, par. 1 of the Accountancy act for storage of accounting information as follows:
- 10 years - agreements, accounting registers and financial statements, including documents tax control, audit and follow-up financial inspections;
- 3 years - all other carriers of accounting information
- for marketing purposes (e.g. marketing survey; statistical analysis etc.) the storage period is 1 year after fulfillment of all obligations of the parties under the contractual obligation within which personal data has been collected from users;
The Controller also processes the personal data of visitors of Mall of Sofia, including at the parking area, through video surveillance of the sites. In this way we collect video images of the visitors in the shopping center and the parking, as well as video images of the cars and other vehicles in the parking, including registration plates of all vehicles.
- the term for processing of personal data obtained through video monitoring in the public areas of Mall of Sofia shopping center is 2 months. After expiration of the term, the video files are destroyed by the Controller without undue delay.
- processing of personal data obtained through video monitoring in case of violation of public order, a crime or any other action which is prohibited by law or there is a recorded incident in the shopping center, it shall be kept for a period of 5 years as of occurrence of the relevant antisocial act /incident/ or until completion of the actions and procedures taken by the enforcement authorities for investigation and identification of the offenders, as well as until completion of any court proceedings.
Keep in mind that “DORADO 1” EOOD has a legal obligation to assist the judicial authorities by handing over such video files upon request if there are any actions which are prohibited by the law, legal claims and others in connection with the rights and legitimate interests of the visitors of the shopping center and the parking area, the people working in the shopping center, etc.
You have the right to object to the processing of your personal data through video monitoring for the term and purpose stated above.
In the shopping center and the parking area, you will see dedicated signs indicating that the sites are under video monitoring.
The present page contains links to other webpages, which are owned by other controllers.
“DORADO 1” EOOD is not responsible for collection and processing of your personal data by other controllers, nor for the personal data, which is provided by you to those controllers, the content of their pages and their advertisements.
All visitors and users of the site and Mall of Sofia shopping center have the rights listed below according to the current European and Bulgarian legislation.
We strive to always process your personal data in a lawful manner, acting in good faith and in a transparent manner, to collect it for specific, explicit and legitimate purposes, to minimize the collection, processing and storage of your data to the necessary minimum. We always stand to ensure that your personal data is processed in a way which guarantees an appropriate and adequate level of security.
As controller of your personal data, we at “DORADO 1” EOOD are ready to answer your questions about processing and storing your data in order to always keep you aware of what data we collect, process and store; for what purpose and for what period we do so, who else can access them, what are your rights and our obligations.
Rights |
Essence of the right |
Actions which shall or may be undertaken by the Controller |
1. Right of consent |
The data subject (visitor or user of the site, the applications of Mall of Sofia, and the shopping center) shall give consent for processing their data. The consent shall be given freely, explicitly, in an informed and unambiguous way. |
The consent is given by implicit action or by signing an explicit declaration, given by the Collector. Consents of this kind will be stored by us in files protected and archived in a safe and appropriate way. |
2. Right of access to data |
You have the right to request access to the personal data which is collected and processed about you. You may request provision of a copy of the personal data collected about you multiple times. |
The Data Protection Officer shall collect the relevant personal data and respond to you in writing within two weeks (in a confidential manner) after identifying the person who has requested access to it. We will give access to personal data ONLY to the person whose personal data is being processed. If you wish your personal data to be provided to another person, we should be provided with an explicit power of attorney. In case of complicated circumstances or multiple requests, the two-week term may be extended up to 20 days; in such case you will be notified of the extension of the term. We have the right to charge an administrative fee of reasonable amount upon receipt of more than one request for a copy of your data. |
3. Right of rectification |
You have the right to ask us to update or rectify your personal data. |
When we receive such request, it will be accepted and the relevant actions for update or rectification will be taken within reasonable time. You will be notified in writing about the actions we have taken. |
4. Right to object |
You have the right to object to the processing of your personal data by submitting an objection to us. You can always object to the processing of personal data in connection with direct marketing. |
We have the right to accept or reject the objection while we will always give reasons in our response to you in case of rejection in order that you are aware why we have not accepted your request. If you object to the processing of your personal data in connection with direct marketing, we will always accept your objection. We hereby inform you that we are not conducting profiling. |
5. Right of erasure or "the right to be forgotten" |
You may request from us to erase the personal data which we process about you. Please note that this right is not absolute and should be considered in relation to its function to balance other fundamental rights and obligations of the Controller and the data subject in accordance with the principle of proportionality. Keep in mind that there are separate cases in the GDPR, in which there is an obligation for us to erase your personal data. In other cases we do not have such an obligation. |
If the consent for processing of personal data has expired or is revoked, “DORADO 1” EOOD may have an obligation to erase the personal data. Apart from these cases, we may either accept or reject the request for erasure of data, and in case of rejection, we will provide reasons for that. Within two weeks of submitting your request for erasure of your personal data, you will receive a response from the Controller regarding the satisfaction of your request or its refusal and the reasons thereof. |
6. Right to have the processing restricted |
You have the right to request restriction of the processing of your personal data in certain cases specified in the GDPR. |
We have the right to accept or reject your request; in case of rejection, we will state reasons for that. Within two-weeks term, you will receive a response from us regarding the acceptance of your request or its refusal and the reasons thereof. |
7. Right of data portability |
If your personal data is processed on the basis of your explicit consent or on the basis of a contractual obligation for processing and if the processing is done in an automated manner, you have the right to data portability. This entitles you to require from the controller to transfer some or all of the personal data processed by him/her to another controller or to receive the personal data, which concerns you and which are provided by you to the controller in a structured, widely used and machine-readable format. |
When there are circumstances provided in the GDPR, we are obliged to perform the requested action. Keep in mind that we have the right to charge a reasonable administrative fee for the service. |
8. Right to lodge a complaint |
If you consider that your rights in relation to protection of your personal data have been violated, you have the right to lodge a complaint with the competent supervisory data protection authority in the Republic of Bulgaria, namely the Commission for Personal Data Protection (CPDP). |
You can contact the CPDP in the following ways: at the address for correspondence: Sofia 1592, 2 “Prof. Tsvetan Lazarov” Blvd; phone number: 02/915 35 18; e-mail: kzld@cpdp.bg; website: www.cpdp.bg Apart from the abovementioned, if you consider that your rights or legitimate interests are violated, you are also entitled to legal protection. |
9. Right to withdraw the consent for processing of personal data |
You have the right to withdraw the consent for processing of your personal data at any time, but only when the processing of personal data is based on an explicit consent you have given under Art. 6, para 1, letter “a” of the GDPR. Subsequent withdrawal will not affect the lawfulness of processing made until this moment on the basis of the consent already given. |
Such requests shall be considered and accepted by us within a reasonable time without undue delay. Keep in mind that the withdrawal takes effect in the future. It will not affect the legality of data processing so far. Therefore, if there is a request from a court authority to access such data, we shall provide them with it. |
All rights listed above can be exercised by:
NOTES:
Each person acting on behalf of “DORADO 1” EOOD or a third party, such as the data processor, is obliged to immediately notify the data protection officer for breach in security. The latter will endeavor to terminate the breach and will inform the Commission for Personal Data Protection within 72 hours when there is such a requirement under the GDPR.
Your personal data may be disclosed to third parties – the so-called recipients of personal data. Apart from governmental bodies and institutions to which the controller has legal obligations to disclose personal data, such recipients of personal data may also be companies, part of GTC Group, which are solely based in the European Union.
Except the cases above, your personal data may be provided to other persons - controllers/ processors outside our team. For example, advertising agencies, marketing experts and business partners, in connection with the legitimate interests of the controller.
Disclosure of your personal data to third parties fully complies with the requirements of Regulation 2016/679. The recipients of your personal data may be persons in respect of whom there is a statutory obligation for the controller to disclose it: /for example, the Consumer Protection Commission, the Commission for Personal Data Protection, judicial and enforcement authorities, etc/.
Your personal data will not be delivered to recipients based in third countries or international organizations for which an adequate level of protection is not available, in accordance with Art. 45 of the GDPR.
If there are any subsequent updates to the privacy policy of “DORADO 1” EOOD, we will publish the changes on the page of http://mallofsofia.bg/
and will change the date of their update so that you are always aware what information we collect online, how we use it and what options and opportunities in this regard are provided to you.
Publishing the changes and updates will be made publicly on the page of http://mallofsofia.bg/ so you become acquainted with them.
Last update:
20.07.2018
“DORADO 1” EOOD team