Product successfully added to cart!
Product removed from cart.
0
Privacy Policy
0
BG

Privacy Policy

The protection of personal data and the safeguarding of the personal and financial information of our clients is our highest priority. Therefore, we process your information exclusively on the basis of applicable legislation, specifically REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (commonly known as GDPR), the Personal Data Protection Act (PDPA) and the Electronic Commerce Act (ECA).

The restaurant is owned by “OBENTO” EOOD, which provides a service – food delivery to an address or on-site.

WHO PROCESSES AND IS RESPONSIBLE FOR YOUR PERSONAL DATA

“OBENTO” EOOD (“us”) is a commercial company registered in the Commercial Register at the Registry Agency. Website OBENTOSUSHI.BG: http://OBENTOSUSHI.BG/

The services we provide to you require the processing of your personal data by “OBENTO” EOOD as a DATA CONTROLLER, in compliance with the conditions and requirements for the protection of personal data in accordance with GDPR.

Responsible for the processing of your personal data is “OBENTO” EOOD.

TYPES OF DATA WE PROCESS

As our clients, you create a user profile containing the following personal data, namely:

  • Billing data - names, phone, city, country, postal code, address;
  • First and last name of the delivery recipient;
  • Delivery address - country, city, postal code, address;
  • Delivery phone;
  • Delivery method;
  • Payment method;
  • Order number;
  • Payment status;
  • Delivery status.
  • Amount due;
  • Email;
  • Order history;

As our clients, you can place a delivery order by phone, in which case we collect the following personal data:

  • Billing data - names, phone, city, country, postal code, address;
  • First and last name of the delivery recipient;
  • Delivery address - country, city, postal code, address;
  • Delivery phone;
  • Delivery method;
  • Payment method.

 “OBENTO” EOOD also creates the following types of data in the process of providing its commercial services, namely:

- user profile /username and password/, cookies and Google Analytics, performance and functionality cookies, essential cookies, described in detail in the Cookie Policy.


GROUNDS FOR PROCESSING

OBENTO EOOD processes your personal data on the basis of Art. 6, paragraph 1, points (a), (b), (c) and (f) of GDPR, namely:

- Art. 6, paragraph 1, point (a) of GDPR - you have given consent for the processing of your personal data for the purposes of direct marketing – advertising, commercial messages, promotions, offers, etc. The data processed on this basis are cookies and Google Analytics, performance and functionality cookies, essential cookies, in accordance with the Cookie Policy;

- Art. 6, paragraph 1, point (b) of GDPR - processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract. The data processed on this basis are described in detail in Section II.

- Art. 6, paragraph 1, point (c) of GDPR - processing is necessary for compliance with a legal obligation to which we are subject, such as obligations for accounting of commercial activities, etc. The data processed on this basis are: two names, phone number, delivery address.

- Art. 6, paragraph 1, point (f) of GDPR - processing is necessary for the purposes of the legitimate interests of http://OBENTOSUSHI.BG/, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. The data processed on this basis are: two names, email and user profile.


PURPOSES OF PROCESSING

A/ For the purpose of concluding or performing a contract for the delivery of dishes offered by http://OBENTOSUSHI.BG/:

-  Identifying a client when ordering online through the user profile;

-  Identifying the recipient of the shipment;

-  Order delivery;

-  Updating your personal data;

-  Handling and responding to customer complaints/inquiries/requests under Art. 15-22 of GDPR/grievances;

-  Corrections of amounts due when there are grounds for this;

-  Payment of amounts for accepted orders;

-  Processing by data processors - assignment, reporting, acceptance, payments;

-  Verification by sending an email to ensure the security of access to your profile data and when changing a password;

B/ In fulfillment of its legal obligations, http://OBENTOSUSHI.BG/ processes your data for the following purposes:

- Issuing invoices, preparing detailed reports when provided for in the individual client agreement;

- For financial and accounting processing of the client agreement and for tax and social security control by the relevant competent authorities;

- Fulfillment of the Controller’s accountability obligation by recording legally significant evidential data in electronic protocols - technical logs;

C/ For the purposes of the legitimate interests of http://OBENTOSUSHI.BG/, namely:

- tracking the execution of each delivery;

- ensuring all matters related to complaints;

- facilitating communication and assisting individuals in the initial period of using our services /providing solutions for problems with user profiles, etc./;

- Preventing and investigating abuses in online orders and related deliveries, as well as losses and fraud;

- Analyzing statistical data obtained after anonymization of your data.

D/ For marketing purposes:

- analysis of consumer demand and behavior;

- sending messages about promotions, offers;

- sending advertising and/or informational messages.


MINORS

http://OBENTOSUSHI.BG/ does not provide services to persons under 18 years of age.

A person under 18 years of age may use our services only with the assistance of an adult person acting as a representative of the minor.

In the event that http://OBENTOSUSHI.BG/ receives information that it has collected personal data from a person under 18 years of age, such data will be immediately deleted, unless the law requires us to store such data.

Please contact us if you believe that we have mistakenly or unknowingly collected information from a person under 18 years of age at the following contacts: http://OBENTOSUSHI.BG/

METHOD OF DATA COLLECTION

http://OBENTOSUSHI.BG/ processes only data that has been provided by you – our client. This means that you bear the responsibility not to provide data of third parties in violation of their personal data protection rights, as http://OBENTOSUSHI.BG/ does not have access to these persons and has no practical ability to control whether our clients provide data of third parties with their knowledge and consent given in accordance with legal requirements.

Therefore, each data subject bears full personal responsibility if they provide us with data of a third party without their knowledge or without obtaining their consent in compliance with the requirements of applicable personal data protection legislation, including with regard to the names, phone numbers and addresses of shipment recipients provided to us by a client.

 

WHERE WE STORE YOUR DATA

The data we collect from you is stored within the European Economic Area ("EEA") in compliance with national and European legislation, and specifically REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (commonly known as GDPR).


WHO HAS ACCESS TO YOUR DATA

http://OBENTOSUSHI.BG/ does not provide your personal data to third parties without a legal or contractual basis, nor does it distribute data to third countries and international organizations outside the borders of the EU and EEA.

http://OBENTOSUSHI.BG/ uses the web-based platform FAST MENU through which it fulfills the order you have placed. The transfer of your data to FAST MENU and/or other personal data processors is carried out solely for the purpose of providing the service/delivery you have selected, for marketing campaigns aimed at improving the quality of services provided to you, and/or for the purpose of fulfilling legal obligations of http://OBENTOSUSHI.BG/, namely:

- Transport/courier companies for order fulfillment;

- Companies for technical analysis of the service, such as hosting companies;

- Technical support companies, such as restaurant POS systems; CRM and call center systems used for managing outgoing and incoming phone calls for IT support and communication;

- Banks servicing payments made by you;

- Persons providing consulting services in various fields – legal, accounting, auditing, including compulsory debt collection, etc.;

- State administrative bodies – NRA, etc., when applicable in cases provided by law.

 

PROCESSING AND STORAGE PERIOD. DATA DESTRUCTION

After the completion of a specific delivery and/or service, or after your consent is given, your personal data is stored for the following periods:

- 10 years for accounting documents, starting from the beginning of the year following the year in which the accounting document was issued - two names, phone number, delivery address.

- 5 years from the completion of a specific delivery and/or service, for the purpose of tracking the execution of each delivery and ensuring all matters related to complaints and legal claims - two names, phone number, delivery address, email and user profile.

- 3 years from receiving consent – for email for sending commercial and advertising messages, informational materials, surveys, etc., as well as cookies and Google Analytics, performance and functionality cookies, essential cookies.

The destruction of personal data is carried out in compliance with a prescribed procedure in accordance with the internal documents of http://OBENTOSUSHI.BG/


SECURITY MEASURES 

http://OBENTOSUSHI.BG/ has implemented technical and organizational measures to protect your personal data against loss or other forms of unlawful processing in accordance with Art. 32 of GDPR.

Personal data is accessible only to those persons who need access in order to perform their work in connection with the execution of our deliveries and/or services. These persons are trained and authorized accordingly.

The web-based platform FAST MENU, through which http://OBENTOSUSHI.BG/ processes your orders, applies encryption of information.

 

WHAT ARE YOUR RIGHTS

1. Right of access:

At any time, you have the right to request information regarding your personal data that we store, the basis, purposes, periods for processing and storage, whether it has been provided to a personal data processor, whether it has been destroyed, etc.

2. Right to rectification: 

You have the right to request the rectification of your personal data if it is incorrect, including the completion of incomplete personal data. 

3. Right to erasure /right to be forgotten/:

You have the right to erase all personal data processed by http://OBENTOSUSHI.BG/ and its personal data processors at any time, unless the processing is necessary for at least one of the following purposes, namely:

a) for exercising the right to freedom of expression and the right to information;

b) for compliance with a legal obligation which requires processing provided for by Union law or Member State law which applies to http://OBENTOSUSHI.BG/ and/or its personal data processors;

c) for archiving purposes in the public interest, for scientific or historical research or for statistical purposes in accordance with Article 89(1), insofar as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of such processing, or

d) for the establishment, exercise or defense of legal claims.

4. Right to restriction

You have the right to request http://OBENTOSUSHI.BG/ to restrict the processing of your personal data under the following circumstances:

a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;

b) the processing is unlawful but the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;

d) the data subject has objected to processing pursuant to Art. 21(1) of GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

5. Right to portability:

Where http://OBENTOSUSHI.BG/ processes your personal data by automated means on the basis of your consent or on the basis of a contract, you have the right to receive a copy of your data in a structured, commonly used and machine-readable format transferred to you or to another party. This includes only the personal data you have provided to us.

6. Right to object to processing based on legitimate interest: 

You have the right to object to the processing of your personal data based on the legitimate interest of http://OBENTOSUSHI.BG/ - We will not continue to process your personal data unless it is demonstrated that there are compelling legal grounds for this which override your interests and rights or due to legal claims.

7. Right to be informed of a breach under Art. 34 of GDPR:

Where the personal data breach is likely to result in a high risk to your rights and freedoms, http://OBENTOSUSHI.BG/ shall, without undue delay, communicate to the data subject the personal data breach, describing the nature of the personal data breach and indicating at least:

- the name and contact details of the officer from whom more information can be obtained;

- the likely consequences of the personal data breach;

- a description of the measures taken or proposed by the controller to address the personal data breach, including, where appropriate, measures to mitigate its possible adverse effects.

The above information will not be sent in the event of a security breach where http://OBENTOSUSHI.BG/ has met any of the following conditions:

a) has implemented appropriate technical and organizational protection measures and those measures were applied to the personal data affected by the personal data breach, in particular measures which render the personal data unintelligible to any person who is not authorized to access it, such as encryption, or

b) has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects referred to above is no longer likely to materialize, or

c) notification would involve disproportionate effort.

In the latter case, http://OBENTOSUSHI.BG/ will publish a notice on its OBENTOSUSHI.BG website so that data subjects are equally effectively informed.


EXERCISING YOUR RIGHTS

We take the protection of personal data very seriously, which is why we have a customer service team that processes your requests in connection with the above-mentioned rights. You can always contact them at the following contacts: http://OBENTOSUSHI.BG/

Please note that when your requests are manifestly unfounded or excessive, particularly because of their repetitive nature, we may:

1. charge a fee, taking into account the administrative costs of providing the information or communication or taking the requested action, or

2. refuse to act on the request.

We will make reasonable efforts to honor your request within 30 days of receiving your application. If necessary, this period may be extended by a further two months, taking into account the complexity and number of requests.


WITHDRAWAL OF CONSENT

At any time, you have the right to withdraw your consent for the processing of your personal data only for those purposes and that type of personal data necessary for achieving the specific purposes that we process on the basis of Art. 6, paragraph 1, point (a) of GDPR, described in detail in Sections III and IV of this policy, as well as in the Cookie Policy.

In the event that you wish to withdraw consent you have given for the processing of the following personal data, namely: email for sending commercial and advertising messages, informational materials, surveys, etc., as well as cookies and Google Analytics, performance and functionality cookies, essential cookies, you can submit a written request to the above-mentioned email or follow the active link to fill in our consent withdrawal form, or see the Cookie Policy.

 

REPORTS OF IRREGULARITIES AND COMPLAINTS

If you believe that we have violated your rights in connection with your personal data, or that there is a risk of a breach of the security of your personal data, you can submit a report to the following contacts: http://OBENTOSUSHI.BG/

Exercising the above rights does not deprive you of the right to file a complaint. You can submit one to the supervisory authority of Bulgaria – the Commission for Personal Data Protection. More information can be found at: www.cpdp.bg.