Santa-Sarah-hero-img Santa-Sarah-hero-img Santa-Sarah-hero-img

Welcome to our website.

Please confirm your age to continue.

бг en de

Personal Data Protection Policy (GDPR)

1. SUBJECT 

“Vinarsko Imenie Santa Sarah” AD BG102243774, with registered office and address of management: Goritsa village 8225, 2 Ivailo street, Pomorie region, represented by Ivailo Genowski (hereinafter “Family Wine Estate Santa Sarah” ) is a data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (Regulation (EU) 2016/679) and the Bulgarian Personal Data Protection Act. 

This Privacy Policy, hereinafter referred to as the "Privacy Policy", presents information on the manner in which “Family Wine Estate Santa Sarah”, hereinafter referred to as the "Supplier", "Administrator", "we" and/or "us", owner/operator of the website: https://www.santa-sarah.com, hereinafter referred to as "Website", processes (including but not limited to collecting and storing ) personal data of personal data subjects, such as the users of the Internet page and of the Supplier's services, referred to below for short as "User/s", "You" and/or "You", as well as regarding the rights of the latter in this connection. 

Below you can find brief information about:

  • The Supplier / Administrator.
  • The competent supervisory authority,
  • The legal basis on which we process personal data,
  • The purposes for which we use the personal data,
  • What personal data we collect,
  • Period of storage of personal data,
  • Access to and transmission of personal data,
  • The rights and guarantees that the GDPR provides to data subjects.

 

2.  INFORMATION REGARDING THE ADMINISTRATOR OF PERSONAL DATA

  1. Name: Vinarsko Imenie Santa Sarah AD, EIK BG102243774
  2. Headquarters and address of management: Goritsa village 8225, 2 Ivailo street, Pomorie region
  3. Tel.: 0888908064, e-mail: genowski@santa-sarah.com
  4. Entry in public registers: Commercial register and register of non-profit legal entities.

  

3. INFORMATION REGARDING THE COMPETENT SUPERVISORY AUTHORITY

  1. Name: Commission for the Protection of Personal Data of the Republic of Bulgaria
  2. Address: Sofia 1592, Prof. Blvd. Tsvetan Lazarov" No. 2
  3. Phone: 02 915 3 518
  4. E-mail: kzld@cpdp.bg
  5. Website: https://www.cpdp.bg/

 

4. BASIS FOR COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA

We process your personal data only in connection with our activity and in accordance with the requirements of the applicable legislation, including the Personal Data Protection Act of the Republic of Bulgaria and the General Data Protection Regulation.

We process your personal data in the following cases:

  1. in connection with the sale of our goods and services;
  2. in fulfillment of legal obligations;
  3. with the User’s consent;

  

5.  PURPOSES FOR COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA

We collect, process and store personal data of the Users in connection with the implementation of the services provided by us and communication in connection with the use of the website, as well as for the following purposes:

  • Provision of Goods and Services: We use personal data to process orders, deliver products, and provide customer support related to the purchase of goods and services from Santa Sara Wine Estate.
  • Communication and Marketing: We may use personal data to communicate with users, respond to inquiries, provide information about our products, promotions, and events, and send marketing materials with the user's consent.
  • Legal Obligations: We may process personal data to comply with legal obligations, such as accounting and tax requirements, and to respond to lawful requests from government authorities.
  • Accounting purposes in connection with the use of our services;
  • Protection of our legitimate interests in connection with the fulfillment of our obligations to state and municipal bodies (for example: National Revenue Agency, Ministry of Internal Affairs);
  • Protection of the information security of the website;
  • Statistical information about the use of the website;
  • Provision of advertising content according to the interests of the User;

If a data subject refuses to provide us with some or all of the personal data that is necessary for the relevant purpose stated above, we may not be able to provide the relevant service (for example, to fulfill a contract entered into with the relevant User) or we fulfill the relevant legal requirements (for example, to enable the User to exercise his rights under the GDPR).

 

6. TYPES OF PERSONAL DATA COLLECTED

The personal data we collect may include:

  • Contact Information: Name, address, email address, phone number.
  • Payment Information: Credit card details, billing address, and other payment-related information.
  • Order Information: Details about the products or services ordered, purchase history, and preferences.
  • Communication Data: Information exchanged with us through email, chat, or other communication channels.
  • Device and Usage Information: IP address, device information, browser type, and website usage data collected through cookies and similar technologies.

Cookies are small text files that are stored on your computer or mobile device when you visit a website. They allow the website to remember your actions and preferences for a certain period of time, making your browsing experience more efficient and personalized.

The Family Wine Estate Santa Sarah website uses various types of cookies for different purposes:

Functional Cookies

These cookies remember your actions and preferences, such as language, font size, and display settings, so you don't have to enter them every time you visit the website or navigate between pages.

 

Security Cookies

These cookies are used for security purposes to prevent fraudulent use of login credentials and protect information from unauthorized access.

 

Analytics Cookies

We use analytics cookies to gather information about the number of unique visits, statistics on website usage, and the most viewed or recently viewed pages. This helps us improve the performance and efficiency of our website.

 

Third-Party Cookies

We may also use cookies from third-party services, such as social networks or Google Analytics, to enable features like content sharing or track website traffic. These cookies are subject to the respective privacy policies of the third parties.

 

Advertising Cookies

We may use cookies to personalize advertisements based on your browsing behavior on our website. These cookies help us show you ads that are more relevant to your preferences and interests. 

The personal data collected through cookies is used solely for the specific functions related to the user's experience on the website.

You have the ability to manage cookies through your browser settings. Most standard browsers allow you to control cookie settings, including accepting or declining cookies and deleting them. You can find more information on how to manage cookies in your specific browser by visiting the provided links. 

Please note that disabling or blocking cookies may impact the functionality and user experience of our website.

For more information about cookies and their usage on the internet, you can visit the website www.aboutcookies.org.

We do not process, or collect from Users, special categories of personal data (for example: data revealing racial or ethnic origin, political views, genetic or biometric data, as well as data about the sex life and sexual orientation of the User). 

We do not make decisions based solely on automatic data processing, including profiling.

 We do not process personal data of persons under the age of 14, except based on the their parent’s consent who exercises parental rights or their guardian.

We usually receive the personal data directly from the User. However, it is not excluded that we may also receive personal data from other persons, such as: other employees, in the company in which the relevant subject of personal data works, as well as from publicly available sources such as the Commercial Register and the register of non-profit legal entities at the Agency for entries to the Ministry of Justice of the Republic of Bulgaria.

  

7. STORAGE PERIOD OF PERSONAL DATA

Personal data obtained through contact forms will be stored until the request or inquiry is fulfilled, and for a maximum of one year after that for statistics and marketing analyses.

Personal data of customers processed in connection with contracts will be stored for a maximum of ten years, starting from January 1 of the year following the one in which the contract is reported for tax purposes.

Personal data of customers processed in connection with tax documents (invoices) will be stored for a maximum of ten years, starting from January 1 of the year following the year in which the document is reported for tax purposes.

Personal data of partners/suppliers processed in connection with contracts will be stored for a maximum of ten years, starting from January 1 of the year following the one in which the contract is accounted for tax purposes.

Storage periods may be extended if there are indications of potential legal claims or liabilities. Personal data processed based on consent will be stored until a valid consent for its processing is obtained.

After the expiration of the storage periods, personal data will be deleted and/or destroyed.

 

8. ACCESS TO PERSONAL DATA AND TRANSFER TO THIRD PARTIES

Access to personal data is limited to employees, representatives, and partners who require it to fulfill legal and contractual obligations.

Personal data may be transferred to third parties such as accountants, professional consultants, cloud platforms, postal service providers, IT service providers, system administrators, marketing service providers, and third-party information storage service providers.

Personal data may be made available to public authorities based on applicable law or at their request.

There are no intentions to transfer personal data to countries outside the European Economic Community or international organizations.

It's important to note that this summary is based on the information you provided. For a comprehensive understanding of your data processing practices, it's recommended to review your privacy policy or consult legal professionals familiar with data protection regulations. 

 

9. RIGHTS AND GUARANTEES UNDER THE GDPR 

As a data subject, you have the following rights under the General Data Protection Regulation:

  • Right of Access: You have the right to request information about whether your personal data is being processed and to obtain access to and a copy of your personal data.
  • Right to Rectification: You have the right to request the rectification of inaccurate or incomplete personal data without undue delay.
  • Right to Deletion/Right to be Forgotten: Under certain circumstances, you may request the deletion of your personal data from our records without undue delay.
  • Right to Restriction of Processing: In certain situations, you have the right to request the restriction of the processing of your personal data.
  • Right to Data Portability: If your personal data is provided to us by you and processed in an automated manner, you have the right to request that it be transmitted to you or another controller in a structured, commonly used, and machine-readable format, where technically feasible.
  • Right to Object: You have the right to object to the processing of your personal data for certain purposes. We will cease processing your personal data for those specific purposes unless there are overriding legitimate grounds for the processing.
  • Right to Object to Automated Processing, including Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or significantly affects you.
  • Right to Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw your consent at any time. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal.

It's important to note that these rights are subject to limitations set out in applicable legislation. To exercise these rights or obtain further information, individuals can contact the relevant data controller or consult the privacy policy provided by the organization.

Retention of Information: If a user requests the deletion of their personal data, you will retain only the necessary information to protect your legitimate interests or as required by public authorities.

Disclosure of Recipients: You have the right to request information about the recipients to whom the personal data, for which correction, erasure, or restriction of processing has been requested, has been disclosed. However, you may refuse to provide this information if it is impossible or requires a disproportionate effort.

Additional Information for Identity Confirmation: If you receive requests related to the transfer, correction, deletion, restriction, or disclosure of personal data, as well as requests for access to personal data, and you have concerns about the identity of the requesting user, you may request additional information to confirm their identity.

Third-Party Involvement: If your personal data is transferred to a third party as described in Part IX, any requests related to the above-mentioned rights will be forwarded to that third party.

Fees for Requests: Generally, the exercise of data subject rights is free of charge. However, if a request is clearly unfounded or excessive, you may either charge a reasonable fee or refuse to act upon the request.

Contact for Exercising Rights: Users can exercise their rights by contacting you via email at genowski@santa-sarah.com.

Links to Other Websites: If your website contains links to other websites, users are advised to review the privacy policies of those websites as their personal data may be processed by those websites, which is not covered by your Personal Data Protection Policy.

Changes to the Privacy Policy: You reserve the right to change the Privacy Policy at your discretion when necessary.

Please note that the information provided is a summary and should not be considered as legal advice. It is important to consult with a legal professional to ensure compliance with applicable data protection laws and regulations.