Privacy Policy

Section I - General Information

As of May 25, 2018, the General Data Protection Regulation, or GDPR for short, adopted by the European Union is in effect. The main purpose of the regulation is to ensure the protection of the data of individuals from all EU member states and to unify the regulations of their processing. ANTARTA JSC, as a personal data controller, takes all organizational and technical protection measures to be able to meet all the requirements of this regulation.

Art. 1 (1) Data concerning the Controller who processes the personal data
Name: Antarta JSC
EIC: BG206866321;
Registered office and registered address. Sofia, Lozenets district, Arsenalski Blvd., 123
Address for correspondence. Sofia, Lozenets district, Arsenalski Blvd., 123
Phone: +359 2 96 30 543
E-mail address: office@antartaspacefood.com

Supervisors:

(2) To contact the competent supervisory authority for personal data protection, you can use the following contact details:

Name: Data Protection Commission

Address. Name of the person responsible for the protection of personal data (Data Protection Authority). "1592 Proff. No. 2 Tsvetan Lazarov
Address for correspondence. 1. "Prof. No. 2 Tsvetan Lazarov
Phone: +359 2 91 53 518
Website: www.cpdp.bg

Section II - Frequently used terms

Art. 2. For this Privacy Policy, the following terms shall have the following meanings:

  1. 'Personal data' means any information relating to an identified natural person or a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
  2. 'Processing of personal data' means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  3. 'Data controller' means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
  4. 'Processor' means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  5. 'Data subject' means an identified or identifiable natural person to whom the personal data relates
  6. 'Consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes, by means of a statement or a clear affirmative action, which signifies the data subject's agreement to personal data relating to him or her being processed.
  7. 'Personal data breach' means a breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.
  8. 'Legitimate interest' means an interest of the controller or of a third party which is sufficiently legitimate to justify the processing of personal data, provided that such interest does not undermine the interests or fundamental rights and freedoms of the data subject.
  9. 'Profiling' means any form of automated processing of personal data consisting in the use of personal data to evaluate certain personal aspects relating to a natural person, to analyze or predict aspects concerning the performance of that natural person's professional duties, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
  10. "Cookies means small text files that are stored on your device (computer, tablet, smartphone, etc.) when you visit our website. Cookies help the Administrator ensure the proper functioning of the website, improve your user experience, and provide you with personalized content and advertisements.

Section III - Basis for collecting, processing and storing your personal data

Art. 3 The Controller collects and processes your personal data in connection with the use of the online shop as well as when concluding distance purchase contracts for goods based on Art. 6 para. 1, Regulation (EU) 2016/679 (GDPR), and on the following grounds:

  1. Your explicit consent as a User;
  2. Performance of the obligations under the distance purchase contract;
  3. Compliance with a legal obligation to report to government and regulatory authorities that applies to the Merchant;
  4. For the purposes of the legitimate interests of the Controller or a third party to the contract (for example, a freight forwarder)

Section IV - Purposes and Principles for the Collection, Processing, and Storage of Your Personal Data

Art. 4. We collect and process the personal data that you provide to us in connection with the use of the website, the conclusion of contracts for the purchase of frozen meals:

  1. Registration of a user profile in the online shop
  2. Send newsletters and emails with information about new products, special offers and discount codes with your prior consent and indicating your email in the subject field;
  3. Sending a reply to a request made to the Merchant;
  4. Execution of the purchase contract concluded with the Merchant;
  5. Statistical and accounting purposes.
  6. Marketing purposes and research into the specifics of the user experience to improve the functionality and design of the online store.

Art. 5. The Controller complies with the following principles when collecting, processing, and storing your personal data:

  1. Legality, fairness and transparency;
  2. Limitation of the purposes of processing;
  3. Data minimization in accordance with the purposes;
  4. Limitation of the storage period to achieve the purposes.
  5. Data accuracy and timeliness;
  6. Integrity and confidentiality of processing and ensuring its security;

Section IV - Types of personal data collected, processed and stored by the Controller.

Art. 6. The Controller shall process the following categories of personal data and information in relation to the purposes and grounds set out below:

  1. Your individual personal data (name and surname, telephone, e-mail, address, etc.).

Purposes for which the data is collected:

  • To provide feedback to the User in relation to responding to their queries;
  • User registration on the website;
  • Sending newsletters, emails with special offers, promotions, promo codes and new website features, subject to the User's explicit consent;
  • Execution of a purchase of distance contract for frozen meals: 

Grounds for processing your personal data:

By accepting the General Terms and Conditions and registering in the e-shop or placing an order via the "Order as Guest" option, a contractual relationship is created between the Administrator and the User, on which basis personal data is processed - Art. 1 (b) GDPR. Your data for sending a newsletter as well as for sending a message via the contact form and are processed based on your explicit consent - Art. 6 para. 1 (a) GDPR.

  1. Delivery data (names, telephone, address, etc.)

Purpose for which the data is collected:

Fulfillment of the Administrator's obligation to deliver the ordered frozen meals:

Basis for processing your personal data:

Upon acceptance of the General Terms and Conditions and the Privacy Policy, a contractual relationship is created at the time of concluding the contract by registering in the e-shop or placing an order via the "Order as a guest" option, based on which we process your personal data - Article 6, para. 1 (b) GDPR.

  1. User experience data (number of orders, products ordered, frequency of visits, last visit, time spent on the site, products viewed)

Purpose for which the data is collected:

Optimization of the content and design of individual pages, with the aim of personalizing the conditions for the sale of goods at a distance, to increase customer satisfaction with the Merchant, as well as the overall improvement of the services provided.  The information is anonymized and encrypted and, on this basis, no specific user and their individualizing data can be accessed unless they are a registered user.

Reason for processing your personal data:

Upon acceptance of the General Terms and Conditions, Privacy Policy or Cookie Policy at the time of logging in to the website, subsequent consent when performing a specific action, including by registering in the e-shop or placing an order via the "Order as a guest" option, on which basis we process your personal data - Art. 1 (a) GDPR.

Section V - Storage period of your personal data

Art. 7. (1) The Controller shall only keep your personal data that it has collected for the period necessary to achieve the purposes set out in this Policy, and where it has the right or obligation under law to keep them for a longer period. Various factors determine the length of the retention period, such as:

  1. The duration of the provision of services, if necessary to establish, exercise or defend legal claims,
  2. Legal obligation to retain data under national law.
  3. Operational Needs - The controller considers how long the data is needed to provide the services, improve the user’s experience and provide adequate customer support.
  4. Technical implementation - The controller shall also assess technical aspects such as anonymization or pseudonymization capabilities that may allow data to be processed for longer periods in a way that does not allow data subjects to be identified.

(2) Storage periods for personal data under this policy for the following:

  1. Regarding data related to your user account - The period for which your user account is active and has not been deleted;
  2. Regarding data related to purchases and transactions - For a period of 5 years after the transaction;
  3. For data collected through marketing activities (e.g., newsletter subscriptions) - Until such time as the data subject explicitly withdraws consent;
  4. Regarding data collected by cookies and similar technologies - The retention period varies depending on the type of cookie, but no longer than 2 years;
  5. Regarding data from communication with the customer service team - The period is no longer than 2 years after your last communication.

Art. 8. The specific retention periods for different categories of data are determined based on a balance between these criteria, giving priority to legal requirements and the fundamental rights of data subjects.

Art. 9. (1) After the expiry of the applicable retention period, the Data Controller shall take measures to erase or anonymize your personal data.

(2) The erasure shall be carried out in a secure manner using approved methods that ensure that the data cannot be recovered or accessed after the erasure process.

(3) In cases where complete erasure is not technically feasible or not desirable due to legitimate business interests, the Data Controller may anonymize the data to remove the possibility that it can be linked to you.

Section VI - Protection of Personal Data and Incident Response

Art. 10 (1) The Controller shall implement a set of digital and managerial measures designed to ensure a sustainable level of protection of the personal data processed, consistent with the risks that may affect their confidentiality, integrity and availability.

(2) Examples of technical measures include:

  1. Use of cryptographic protocols for data transmission and storage (e.g. TLS 1.3);
  2. security mechanisms in place to monitor and prevent malicious access attempts;
  3. access authentication mechanisms, including multi-factor authentication;
  4. periodic auditing of systems and updating of critical software;
  5. real-time monitoring for anomalies and suspicious activity.

(3) Our organizational approaches include:

  1. limiting access to personal data based on functional responsibilities and the principle of minimum necessary rights
  2. control over users' rights according to their functional roles;
  3. planned testing of the effectiveness of security measures.

(4) In the event of an incident in which data protection is compromised and there is a potential risk to the rights and freedoms of the individuals concerned, we will take prompt action to inform - without undue delay and within no later than 72 hours of becoming aware of the event.

(5) The notification will contain where applicable:

  1. Basic information about the nature and scope of the breach;
  2. contact details of our data protection contact person;
  3. the possible consequences for the individuals concerned;
  4. actions taken or planned to limit the damage and remedy the incident.

Section VII - Special categories of personal data

Art. 11 (1) The controller shall not collect, process or store any special categories of personal data (also known as "sensitive data") as defined in Article 9 of the GDPR. This includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, data concerning a person's sex life or sexual orientation.

(2) In the event that the Controller begins to process special categories of personal data in the future, we will update this Privacy Policy in a timely manner to inform you of:

  1. The specific categories of sensitive personal data processed and the precise purposes of the processing
  2. The clearly stated legal basis for the processing under Article 9(2) of the GDPR, such as the data subject's explicit consent or legal obligations
  3. The appropriate technical and organizational measures in place to protect that data in the light of the higher risk to the rights and freedoms of natural people
  4. The additional rights that data subjects may exercise in relation to their sensitive personal data

Section VIII - Automated decision-making, including profiling


Art. 12. (1) The Controller does not currently apply any automated decision-making technologies, including profiling, which could have legal effects on you or could significantly affect you, within the meaning of Article 22 §1 of the General Data Protection Regulation (GDPR).

(2) If such a form of processing is introduced in the future, the Policy will be promptly updated with clear and understandable information on:

  1. the existence and type of automated decision-making and/or profiling;
  2. the nature of the algorithms and logic used to form decisions;
  3. the significance and possible consequences of such processing for you as a data subject;
  4. the possibilities for exercising your rights under Article 22 §3 GDPR, including:

    1. the right to request the intervention of a natural person;

    2. the right to express your views;

    3. the right to contest an automated decision;

  5. the technical and organizational measures taken to protect your fundamental rights and legitimate interests in the context of such processing.

Art. 13. Automated decisions will not be applied to you without a proper legal basis, including where it is:

  1. Necessary for the conclusion or performance of a contract between you and the Controller;
  2. Permitted by European Union or national law which provides for appropriate measures to protect your rights and freedoms;
  3. Based on your explicit consent.

Section IX - User's rights in the collection, processing and storage of personal data. Withdrawal of consent to the processing of personal data.

Art. 14. As a data subject, you have a full set of rights under the General Data Protection Regulation (GDPR), which you may exercise at any time against the Data Controller.

Art. 15. Basic rights you can exercise:

  1. Right of access - to obtain confirmation as to whether personal data relating to you is being processed and, if so, access to the data itself and related information (Art. 15 GDPR);
  2. Right to rectification - to request rectification of inaccurate or incomplete personal data (Article 16 GDPR);
  3. Right to erasure ('right to be forgotten') - where the grounds set out in Article 17 GDPR apply, for example where the data is no longer necessary or consent has been withdrawn;
  4. Right to restrict processing - under the terms of Article 18 GDPR, for example in the event of a dispute about the accuracy or lawfulness of processing;
  5. Right to data portability - to receive the personal data you have provided in a structured, commonly used and machine-readable format and/or to transfer it to another controller (Article 20 GDPR);
  6. Right to object - to object to processing based on legitimate interest, including profiling and processing for direct marketing purposes (Article 21 GDPR);
  7. The right not to be subject to automated decision-making - including profiling where it produces legal effects concerning you or significantly affects you (Art. 22 GDPR).

Right of access to personal data

Art. 16. (1) You have the right to obtain confirmation from us as to whether personal data relating to you is being processed. If such processing is carried out, you have the right to access the personal data and the following information:

  1. the purposes of the processing of your personal data;
  2. the relevant categories of personal data we process;
  3. the recipients or categories of recipients to whom the personal data have been or will be disclosed, recipients in third countries or international organizations;
  4. where possible, the intended period for which the personal data will be kept and, if this is not possible, the criteria used to determine this period;
  5. the existence of a right to ask us to rectify or erase personal data or to restrict the processing of personal data relating to you or to object to such processing
  6. where the personal data is not collected from you, any available information about its source;

(2) In exercising the right of access, we will provide you with a copy of the personal data that is being processed. We may charge a reasonable fee based on administrative costs for any additional copies you request. Where you make the request by electronic means and unless you request otherwise, the information will be provided to you in a commonly used electronic form.

(3) The right to obtain a copy under paragraph (2) must not adversely affect the rights and freedoms of others.

 Right to rectify personal data

Art. 17. (1) You have the right to ask us to correct inaccurate personal data relating to you without undue delay. Considering the purposes of the processing, you have the right to request that incomplete personal data be completed, including by providing an additional statement.

(2) Where you exercise your right to rectification, we will take reasonable steps to notify all recipients to whom your personal data has been disclosed of the corrections made, unless this proves impossible or requires a disproportionate effort. Upon your request, we will inform you of these recipients.

(3) Upon receipt of a correction request, we will verify the accuracy of the information provided and make the necessary corrections within 30 days of receipt of the request and notify you of the action taken.

Right to erase personal data ("right to be forgotten")

Art. 18. (1) As a data subject, you have the right to request the Controller to erase the personal data relating to you without undue delay where one of the following grounds applies:

  1. The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  2. You withdraw your consent on which the processing is based pursuant to Article 6(1)(a) or 9(2)(a) of the GDPR and there is no other legal basis for the processing;
  3. You object to processing pursuant to Article 21(1) of the GDPR and there are no legitimate grounds for the processing which override, or you object to processing pursuant to Article 21(2) of the GDPR;
  4. The personal data has been unlawfully processed;
  5. The personal data must be erased to comply with a legal obligation;
  6. The personal data has been collected in connection with the provision of information society services under Article 8(1) of the GDPR;

(2) The right to erasure does not apply to the extent that processing is necessary:

  1. To comply with a legal obligation that requires processing;
  2. For the establishment, exercise or defense of legal claims.

The right to restrict processing

Art. 19 (1) As a data subject, you have the right to request us to restrict processing where one of the following applies:

  1. You contest the accuracy of the personal data, for a period that allows us to verify the accuracy of the personal data;
  2. The processing is unlawful, but you do not want the personal data erased, but instead request restriction of its use;
  3. The controller no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defense of legal claims;
  4. You have objected to processing under Article 21(1) of the GDPR, pending verification that the controller's legitimate grounds override your interests.

(2) Where processing is restricted pursuant to par. 1, such personal data shall be processed, except for storage, only with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person.

(3) If there is a restriction of processing pursuant to par. 1, you will be informed before the restriction of processing is lifted.

Right to data portability

Art. 20. (1) As a data subject, you have the right to receive the personal data relating to you which you have provided us with in a structured, commonly used and machine-readable format, and you have the right to transfer those data to another controller without hindrance from us where:

  1. The processing is based on consent under Article 6(1)(a) or 9(2)(a) of the GDPR or on a contract under Article 6(1)(b) of the GDPR;
  2. The processing is carried out by automated means.

(2) Where you exercise your right to data portability pursuant to par. 1, you have the right to request that the personal data be transferred directly from the Controller to another controller where this is technically feasible.

(3) The exercise of the right under par. 1 shall not affect the right to erasure. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us.

(4) The right under par. 1 may not adversely affect the rights and freedoms of others.

Right to object

Art. 21. (1) As a data subject, you have the right to object to processing of personal data concerning you which is based on Article 6(1)(e) or (f) of the GDPR, including profiling based on those provisions.

(2) In the cases referred to in paragraph 1, the Controller shall cease processing the personal data unless it is demonstrated that compelling legitimate grounds exist for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.

(3) Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for this type of marketing, which includes profiling, insofar as it is related to direct marketing.

(4) Where you object to processing for direct marketing purposes, personal data may no longer be processed for those purposes.

Art. 22. In the context of the use of information society services and notwithstanding Directive 2002/58/EC, the Data Subject may exercise the right to object by automated means using technical specifications.

Right not to be subject to a decision based solely on automated processing

Art. 23. (1) As a data subject, you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

(2) The Controller does not currently use automated decision-making or profiling systems that produce legal effects or significantly affect you. All decisions relating to the processing of your orders are made with human intervention.

(3) In the event that such systems are introduced in the future, this policy will be updated, and you will be notified accordingly. The controller will provide you with detailed information about the logic of the system, its significance and intended consequences for you, as well as your rights in relation to such processing.

Art. 24. (1) To exercise your rights under this section, you may apply in the following ways:

  1. In free text, by e-mail to: office@antartaspacefood.com, clearly indicating in the application which right you wish to exercise (for example: "Request for access to personal data", "Request for erasure of personal data", "Objection to processing", etc.);
  2. By completing the relevant form and sending it to: office@antartaspacefood.com. For your convenience, forms have been prepared and are available in the "Attachments" section at the bottom of this Privacy Policy.

(2) When submitting your application, you must identify yourself appropriately so that your identity can be verified and to prevent unauthorized access to your personal data. The controller may request additional information to confirm your identity if there is reasonable doubt about the identity of the individual making the application.

(3) For rights for which no special forms are provided (right to restriction of processing, right to object), you may use free text, clearly describing your request and the grounds for it.

Art. 25. (1) You may object at any time to the processing of personal data by the Merchant which relates to him, including if they are processed for profiling or direct marketing purposes. This can be done by clicking on the "Unsubscribe", respectively "Unsubscribe" button located at the bottom of each information email.

(2) In the event that such an unsubscribe option is not available, you should contact the Controller and inform them of your unwillingness to have your personal data processed for profiling or direct marketing purposes.

Section X - Persons who have access to your personal data

Art. 26. (1) In connection with the performance of the contract by the Controller and the provision of the full functionality of the website, the latter may provide your data to the following data processors:

  1. Employees responsible for processing and sending orders from the website to users;
  2. Employees in the accounting department and legal department;
  3. Hosting service provider;
  4. Employees of a freight forwarding company that delivers goods, in cases where the delivery is made by a third party;
  5. Employees in a marketing department or employees of an external marketing agency that takes care of the planning, execution and analysis of advertising campaigns, branding strategies and digital presence of the company;
  6. Government and regulatory authorities;

Purposes of processing personal data:

  1. Processing the order details and making delivery to an address;
  2. Processing of accounting records in fulfilment of the Administrator's obligations under applicable law;
  3. Protecting the legitimate and legal interest of the company in relation to its commercial activities;
  4. The provision of information society services;
  5. Reporting to state and regulatory authorities, as well as to the presence of complaints filed in connection with the activities of the company;

(2) People who process personal data shall comply with all legal and security requirements in their processing and storage.

Section XI - International Data Transfer

Art. 27. (1) As a general rule, your personal data shall be stored and processed throughout the European Union and the European Economic Area (EEA).

(2) If we determine that one of these measures is not sufficient to ensure an adequate level of protection, the Data Controller shall, on a case-by-case basis, adopt additional technical and/or organizational security measures in accordance with the recommendations of the European Commission.

Art. 28. (1) In certain cases, your personal data may be processed outside the European Economic Area ("EEA") where this is necessary for the use of external service providers or technology platforms whose location is outside the EEA.

(2) Such transfers will only take place where there is a legal basis and where an adequate level of protection equivalent to that provided within the EEA is ensured.

Art. 29. To ensure legal certainty and protection of your personal data when transferred outside the EEA, the Controller shall apply one or more of the following safeguards:

  1. Transfer to countries recognized by the European Commission as providing adequate protection of personal data under Article 45 of the GDPR;
  2. use of Standard Contractual Clauses ("SCCs") approved by the European Commission pursuant to Article 46(2)(c) of the GDPR;
  3. in the case of a transfer to the US, reliance on providers included in an adequacy mechanism such as the EU-US Data Privacy Framework (where applicable);

Art. 30. In accordance with the case law of the CJEU in Case C-311/18 (Schrems II), for any transfer outside the EEA:

  1. A Transfer Impact Assessment ("TIA") shall be conducted to assess the legal environment in the receiving country and identify potential risks to the protection of personal data;
  2. where there is legal uncertainty or potential risk, additional technical and organizational measures are put in place, including:

    1. data encryption during transmission and storage;

    2. pseudonymization or anonymization where possible and applicable;

    3. contractual obligations imposing high standards of protection and control.

Art. 31 (1) Personal data may be transferred to the following countries outside the European Economic Area (EEA):

  1. United States of America (USA) - in connection with the use of:

    1. Analytics tools such as Google Analytics,

    2. Advertising and marketing platforms such as Google Ads and Meta/Facebook Ads,

(2) In the context of these services, the Controller transmits certain technical and behavioral data (e.g., IP address, device identifiers, website interaction data) to Google LLC, which acts as a data recipient outside the EEA.

(3) The transfer to Google LLC is subject to valid legal grounds, including Standard Contractual Clauses (SCC), and in accordance with Google's certification under the EU-US Data Privacy Framework mechanism, where applicable.

(4) To protect the rights and interests of data subjects, additional technical measures have been implemented, including IP masking and limiting the association of behavioral data with other identifiers.

Section XII - Use of cookies and tracking technologies

Art. 32. To improve the performance of the website and provide personalized functionalities, this website uses cookies and related technologies that are activated when interacting with the platform. They allow the recognition of your device and store certain information related to your preferences and behavior as a user.

Art. 33. (1) When you first load the website, you will receive a visible notice about the use of cookies, together with the possibility to manage your choices regarding their activation.

(2) Each page of the website provides access to privacy settings through which you can modify or withdraw your consent to the use of certain technologies at any time.

(3) In addition, you can restrict or remove stored cookies through the configuration of your internet browser, in accordance with your individual preferences.

Art. 34. Details of the specific technologies used within the website, including their purposes, storage periods and the involvement of external providers, are described in the separate Cookie Policy, available at [insert link].

(2) Said policy is kept up-to-date and reflects the actual use of tracking technologies, serving as a source of detailed and transparent information on the processing related to online identifiers.

Section XIII - Final provisions

Art. 35. In the event of a violation of your rights under the foregoing or applicable data protection law, you have the right to file a complaint with the Personal Data Protection Commission as follows:

Art. 36. (1) This Privacy Policy may be amended by the Merchant, of which the Merchant will notify all Users accordingly.

(2) The parties agree that any amendment and modification of this document will be effective against the User in one of the following events, whichever event is first in time:

  1.  Upon express notice to the User by the Administrator and if the User does not state within 14 days if it rejects them

Or

  1. after their publication on the Administrator's website and if the User does not declare within 14 days of their publication that he rejects them,

Or

  1. by the User's express acceptance of them through his/her profile on the Merchant's website.

Art. 37 (1) An integral part of this Privacy Policy is the Cookie Policy.

(2) The provisions of applicable law shall apply to matters not covered by this Policy.

Section XIV - Annexes

Art. 38. You can exercise all your rights regarding the protection of your personal data through the forms attached below or through the functionalities in your profile.

  1. Withdrawal of consent form for processing purposes - Annex 1 Download here
  2. Request "to be forgotten" - to delete personal data related to me - Annex 2 Download here
  3. Request for portability of personal data - Annex 3 Download here
  4. Request for rectification of data - Annex 4 Download here

This privacy policy has been adopted and will come into force as of 16.06.2025.