Privacy Notice from ROO BRANDS LTD
1. In which cases may ROO BRANDS LTD collect/process your personal data?
When we have to issue an invoice or other document to you as our
customer, or send you your ordered goods or other items.
When you contact us/our employees using public information about us
and/or using our contact details published on our website, an
e-shop or on Internet.
When you register on our website, for instance to place orders or
receive news or other services.
When you state your interest to take part in a recruitment
procedure following an advertisement by ROO BRANDS LTD and/or when
you submit/provide your CV, motivation letter, etc., or when you
become or were our employee.
When you come within the reach of a CCTV in the building where our
offices and manufacturing site are located in Sofia (7 Amsterdam
St.), or within its vicinity.
When you provide your personal data to us or give your consent to
our processing such data.
2. Why may ROO BRANDS LTD process your personal data?
ROO BRANDS LTD may process your personal data for various reasons,
depending on our relationship and on the basis of the relevant applicable
legal grounds under the privacy laws, such as legitimate business purposes
of ROO BRANDS LTD, execution and/or performance of an existing contract
with you, compliance of ROO BRANDS LTD with its legal obligations, and
based on your freely given, specific, informed and unambiguous consent to
processing your data.
Activities, actions, interests
Legitimate business purposes of ROO BRANDS LTD
Economic activity of ROO BRANDS LTD;
Execution and/or performance of a contract
Lawful creation, implementation and termination of
commercial, employment and civil relationships;
Ensure compliance with the health and safety
Compliance with legal obligations
Compliance of ROO BRANDS LTD with its obligations
under the existing labour, civil, tax, social
security and other laws;
Ensure safety and security conditions for its
employees and assets;
Prevention and/or investigation of incidents,
violations and criminal offences;
To register on our website;
To address your request to exercise a right, etc.
3. What types of personal data does ROO BRANDS LTD process?
Depending on the specific purpose, ROO BRANDS LTD may process various sets
Your names, address, personal identification number (e.g. to issue
an invoice, for courier delivery);
Your contact details (address, telephone, e-mail), for the purposes
of correspondence, a contract, delivery;
Video images, when coming within the reach of a CCTV.
About our employees engaged under labour/civil law contracts:
Physical identity: name, passport data, personal identification
number, place of birth, address, telephone;
Economic identity: remuneration, bank data, borrowing / repayment
of loans, allowance, distraint, other debts;
Social identity: education, qualifications, employment history,
professional experience, marital status, children;
Health identity: current health status, common diseases, chronic
diseases, follow-up care, sheltered employment, disability,
pregnancy and child-birth;
4. How long are your personal data kept/processed?
We keep your personal information for periods corresponding to the specific
business purpose or purposes for which the information is collected, and/or
for the period provided by law. The criteria for setting time limits that
are not legally prescribed depend on:
The purpose of data collecting and the achievement of such purpose.
The grounds for data collecting (e.g. in the case of consent, you
may at any time withdraw your consent).
There are cases in which, by virtue of legal provisions applicable to our
activities or pursuant to internal rules, time lines may be shorter or
longer. For instance:
Personal data in accounting records: 10 years;
Video images in the VIDEO SURVEILLANCE Register are kept for 13 to
16 days, depending on the number of days in the relevant month;
thereafter, they are deleted from DVR/NVR and from back-up records;
Personal data in the STAFF Register are kept for the legally
required time periods: from 3 to 50 years, depending on the types
5. How can you obtain access to your personal data we process, object to
the processing, request limitation of processing, or request supplement,
rectification or erasure of your data?
In order to express your wish to have access to your personal data we
process, or to object to the processing, request limitation of processing,
or request supplement, rectification or erasure of your data, please
contact us using the contact form on our websitewww.roobar.com , or write to e-mail: [email protected] or our address:
Sofia, 7, Amsterdam St.
6. Who may access your personal data?
Access to processed personal data is strictly governed by the internal
rules of ROO BRANDS LTD depending on the purposes of processing. Such
access may have:
personal data subjects, to their own data;
authorised employees of ROO BRANDS LTD, on a ‘need to know’ basis,
according to their designated roles and duties;
persons to whom data disclosure is prescribed by a statutory
instrument (such as authorities of the Ministry of Interior,
courts, prosecution offices, the National Social Security
Institute, the National Revenue Agency, etc.).
We do not sell or provide in any way personal data to anyone, except as
7. What is Shopify's platform and why we use it?
Our store is hosted on Shopify Inc. They provide us with the online
e-commerce platform that allows us to sell our products and services to
Your data is stored through Shopify’s data storage, databases and the
general Shopify application. They store your data on a secure server behind
a firewall. For more information, you may also want to read Shopify’s Terms
of Service (
) or Privacy Statement (
Payments: If you choose a direct payment gateway to complete your purchase,
then Shopify stores your credit card data. It is encrypted through the
Payment Card Industry Data Security Standard (PCI-DSS). Your purchase
transaction data is stored only as long as is necessary to complete your
purchase transaction. After that is complete, your purchase transaction
information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as
managed by the PCI Security Standards Council, which is a joint effort of
brands like Visa, MasterCard, American Express and Discover. PCI-DSS
requirements help ensure the secure handling of credit card information by
our store and its service providers.
8. How can you exercise the right to portability of your personal data we
You have the legal right to obtain the personal data concerning you which
we process in a structured, commonly used and machine-readable format, and
you have the right to transmit such data to another controller, under
certain legal conditions. You may also request this from us and we will
make it if technically feasible.
9. What security measures do we apply to ensure personal protection?
In full compliance with the legal requirements for personal data
protection, we apply strict organisational and technical security measures,
personal data encryption;
measures to ensure the ongoing confidentiality, integrity,
availability and resilience of processing systems;
measures to restore the availability and access to personal data in
a timely manner in the event of a physical or technical incident;
regular testing and evaluating the effectiveness of measures for
ensuring the security of the processing.
10. How can you lodge a complaint?
For Bulgaria, the competent authority is the Commission for Personal Data
Protection: 2 Tsvetan Lazarov Blvd., 1592 Sofia, Tel.: +359 2 915 3580;
Fax: +359 2 915 3525; E-mail:[email protected] Website: http://www.cpdp.bg/.
Or choose the competent National Data Protection Authority according your
location in the EU
11. How can you contact us regarding data privacy issues?
E-mail: [email protected] or at our
address: Sofia, 7, Amsterdam St.
12. Who are we and how to contact us?
ROO BRANDS LTD, Company No (EIK) 202037280
Seat and registered office: 1000 Sofia, 28, Banat St.