1. Data related to your profile in the raya.bg Internet store, created for you after entering into an informal contract with the Administrator, and accepting the General Terms and Conditions for using the raya.bg website:

Terms and Conditions for using the raya.bg website:

• Given name and surname;
• E-mail address;
• Telephone
• Password.

2. Data for an online order submitted through the raya.bg Internet store, made by you, concluding an informal remote agreement with the Administrator while applying the General Terms and Conditions:

• Names of the person who will receive the delivery parcel;
• Delivery address – country, city/town, postal code, address;
• Phone of the person who will receive the delivery parcel;
• Invoice data – company name, contact person, phone, city, country, postal code, address

3.  Loyal customer data received upon the execution of an informal or formal contract with the Administrator for the issuance of a Loyalty card for customers with preferences to get additional discounts on their orders:

• Personal and surname;
• E-mail address.
• Contact phone number;

1.  Data of your profile in the “raya.bg” Internet store:

• Company – a legal entity and/or name of another personified or non-personified entity/organization;

2.  Contact data and a sent message – provided when filling out a contact form on the raya.bg Internet store or when sending us an email, conventional mail, telegram, phone call, sending a text message (SMS) and other forms of communication and/ or expression:

• Given name and surname;
• E-mail address;
• Phone number;
• Address;
• Internet site;
• Content of the comment / message;

3.  Data of the online ordering through the “raya.bg” Internet store:

• History of orders.

1.  Data of your profile in the “raya.bg” Internet store:

• Given name and surname;
• E-mail address;
• Company – a legal entity and/or name of another personified or non-personified entity/organization.

2.  Data of an online order submitted through the “raya.bg” Internet store:

• Delivery address – country, city, postal code, address;
• Phone for delivery;
• Invoice data – company name, phone, city, country, postal code, address;
• Way of delivery;
• Method of payment;
• Order number;
• Payment amount;
• Status and history of payments;
• Status and history of deliveries;
• History of orders;

3.  Loyal customers’ data (Loyalty Cards):

• Given name and surname;
• E-mail address;
• Contact phone number

1. Data of your profile in the “medenfarmuk.co.uk” Internet store:

• Given name and surname;
• E-mail address;
• Company – a legal entity and/or name of another personified or non-personified entity/organization;

2. Data of an online order submitted through the “raya.bg” Internet store:

• Delivery address – country, city, postal code, address;
• Phone for delivery;
• Invoice data – company name, phone, city, country, postal code, address;
• Way of delivery;
• Method of payment;
• Order number;
• Payment amount;
• Status and history of payments;
• Status and history of deliveries;
• History of orders.

3. Loyal Customers’ (Loyalty Card) data:

• Given name and surname;
• E-mail address;
• Contact phone number.

1. Your profile data in the “raya.bg” online store is processed for the purposes of:

• Complying with the Administrator’s accountability obligation by recording legally significant authentication data in electronic protocols – technical logs;
• Delivery of ordered products;
• Providing support in case of technical malfunctions, operators informing customers in a phone call or in connection with complaints, tracking deliveries, payments, etc.;
• Verification by sending an email to ensure the security of access to your account data and when changing your password;
• Authentication when logging into your account;
• Sending messages via email and/or push notifications for the purposes of direct marketing and advertising – with your express consent;
• Compliance with the provisions of laws, court resolutions, legal orders and decisions of authorities and supervisory bodies. This includes using your personal data to collect and verify accounting data as well as to comply with accounting reporting rules.

2. The data for an online order submitted through the “raya.bg” Internet store are processed for the purposes of:

• Delivery of ordered products;
• Providing support in case of technical malfunctions, operators informing customers in a phone call or in connection with complaints, tracking deliveries, payments, etc.;
• Preventing and investigating abuse/misuse of online orders and related supplies, as well as losses and fraud;
• Compliance with the provisions of laws, court resolutions, legal orders and decisions of authorities and supervisory bodies. This includes using your personal data to collect and verify accounting data as well as to comply with accounting reporting rules;
• Analyzing statistical data obtained after making your data anonymous.

3. Contact data and a sent message are processed for the purposes of:

• Your identification as the sender/author of a message or a published comment;
• Communication with you.

4. Loyal customer data is processed for the purposes of:

• Execution of contractual obligations for applying a price discount on orders;
• Authentication and identification of the position of a “loyal customer” and the rights arising from it;

1. We use the following providers of cloud services, hosting, reverse proxy, CDN, servers / clusters and co-location:

• Hosting from ICDSofit Bulgaria, you can find their GDPR statement here: https://www.icdsoft.com/en/privacy

2. Consultants and suppliers in various fields for the purpose of protecting our legitimate interests in maintaining and improving the quality of the services we provide to you, to meet all legal requirements, to protect our legal rights and interests in judicial, pre-trial and administrative proceedings.

• Courier companies for the delivery of our products: Econt, Speedy, A1Post, Bulgarian Post, DHL – among others.

3. State bodies and institutions in connection with audits carried out by them in accordance with legal requirements and restrictions:

• With respect to private entities, we do require and monitor the aforesaid third parties to implement all technical and organizational measures to protect this data.

1. Data provided on a contractual basis:

• Profile data – with the expiration of 5 years from the date of the last online order or, in case of no order – until the erasure of the profile through the functionalities of the e-store or with the expiration of 5 years from the date of your last login, whichever is more recent. The profile data is linked to and determines the data of online orders, and this further determines the application of the term set thereof. In the absence of an order based on the informal contract, you as a user have a legal expectation to use the profile and therefore, we have provided you with a functional possibility to erase/delete your profile at any time before the expiry of the final five-year period.
• Data on online orders – with the expiration of 5 years from the date of the specific order. The term is defined based on the limitation statute for repayment of receivables.
• Loyal customer data – with the termination of the contract.

2. Data in connection with the collection and verification of accounting data and compliance with the accounting reporting

statements, including documents for tax regulation, audits and subsequent financial inspections are stored for 10 years, starting from January 1st of the accounting (reporting) period following the accounting period they refer to; all other carriers of accounting information – three years, starting from January 1st of the accounting period following the accounting period they refer to.

3. Data provided on the basis of consent

– until its withdrawal, in the manner it was provided, including through the functionalities of the e-shop or the blog or by erasure, while in relation to the e-shop – also with the expiry of 5 years from the date of your last login, whichever is more recent; your data on the blog is linked to the comments you publish under articles and videos, and that’s why they represent an act of your constitutional right to free expression in the format and content you choose. Therefore, no deadline is set, and the processing does not cease afterwards, instead you are given the opportunity to remove the published content by exercising your rights as a data subject in accordance with the form and method prescribed in this Policy. When the content of a particular comment contains offensive words or phrases, insulting, slanderous and/or statements damaging the good name of the Administrator, the latter has the right, based on their or third parties’ legitimate interests, to remove the content of the comment from their sites.

After the expiration of the specified period, the data will be deleted, and it cannot be recovered or used any longer. The data is not deleted but continues to be processed only for the purposes of protecting our legal rights and legitimate interests or in compliance of our legal obligations, in the event of pending judicial, administrative, and pre-trial proceedings at the date of expiry of the specified period, or in case of an ongoing investigation regarding mishandlings, complaints and potential violations received or brought to our attention – until their completion.

1. Right of access, including the right to a copy of the data being processed:

• At any time, you have the right to request information about your personal data we store. You can contact us and based on a written request and verification of your identity, this data will be provided to you;

2. Right to correct inaccurate personal data

• You have the right to request correction of your personal data if it is incorrect, including adding to incomplete personal data. You can do this in your profile through the mobile application or by contacting us with a written request, after proper authentication of your identity.

3. Right to erasure (“Right to be forgotten”) in the following cases:

• Dismissal of the need for processing;
• Withdrawal of one’s consent when processing is based on consent;
• Illegal processing of data;
• Legal obligation of deleting data.

The right to be forgotten is not an absolute right and may not be respected in cases provided for by law or due to lack of proper authentication of your identity.

4. Right to restriction of processing in the following cases:

• When the accuracy of the data is disputed, for the period its accuracy must be verified; or
• When the processing of the data is without legal basis, but instead of deleting it, you want its limited processing; or
• When data is needed for the establishment, exercising or defending your legal claims; or
• When an objection has been filed to the processing of the data, pending verification of whether or not the controller’s grounds have been legitimate.

In the event of correction, erasure, or restriction of processing, we will notify each recipient whose personal data has been disclosed, unless this is impossible or it requires a disproportionate volume of efforts.

5. Right to portability to machine-readable data, and according to it:

• We provide the data directly to you; or
• Upon your request and technical possibility, the data is provided to another administrator of your choice.

6. Right to object to processing based on legitimate interest:

• You have the right to object to the processing of your personal data based on the legitimate interest of the Administrator or a third party. The administrator will discontinue processing your personal data unless it is proven there are compelling legal grounds for doing so and they take precedence (priority) over your interests and rights, or it is necessary due to legal disputes and other procedural and non-procedural actions.

7. Right to object to direct marketing:

• You have the right to object to receiving marketing communications, including profiling and analysis for direct marketing purposes.

8. Right to complain to a supervisory body in the Member State of your main residence

place of work or place of the alleged violation if you consider the processing of your personal data violates the provisions of Regulation (EU) 2016/679. For Bulgaria, where the seat of the Administrator is located, the supervisory body is the Personal Data Protection Commission.

The aforesaid rights are exercised by means of a written request in a form set by the Administrator, and you can receive one at the Administrator’s headquarters or by electronic means – after sending a request to the Data Protection Officer and filling in the electronic form received in the reply e-mail together with attaching the requested documents. If you have a registration for “raya.bg”, you can use the automatic form for exercising rights as a data subject located in your profile in the e-store website. You will receive an answer to your inquiry within one month after we receive your written request.

Methods used for automated individual decision-making, including profiling:

We do NOT use automated algorithms and/or profiling.