MENU

Website Privacy Policy

Privacy Policy

for data processed through this web page

EKO Bulgaria EAD (hereinafter referred to as “EKO BG” or the “Company”), the parent company Hellenic Petroleum S.A. (hereinafter referred to as “HELPE”) and all its other subsidiaries (hereinafter referred to as the “Group”) are responsible for and prioritize the protection of personal data and the privacy of personal life. In this context, we publish this notice in accordance with Article 13 of the General Data Protection Regulation of EU to inform you of the use of your personal data.

If you have any questions regarding this notice and the way we process your personal data, you may contact us at any of the contacts below.

Person responsible for processing – Personal Data Controller:

EKO Bulgaria EAD

Seat: Sofia 1756, Izgrev district, 3, Lachezar Stanchev Str., Litex Tower Complex, 9th floor, Republic of Bulgaria.

E-mail address: office@eko.bg

Representative: Andreas Triantopoulos, Executive Director

Contact details of the official responsible for the personal data protection (DPO)

Desislava Vasileva

E-mail: office@eko.bg

contact telephone: +359 2 448 5500

Address: Sofia 1756, Izgrev district, 3, Lachezar Stanchev Str., Litex Tower Complex

Collecting and processing of personal data

The table below lists the purposes of processing of personal data provided by visitors of our website, the categories of such data, and the legal basis for its processing:
      

Purpose of processing personal data

Personal data

Legal basis for processing

  • Communicating with EKO BG through an online contact form
  • Receiving and administration of complaints and recommendations from clients of EKO BG
  • Name and surname, telephone number, e-mail address
  • Implementation of contractual and legal obligations of EKO BG
  • The legitimate interest of EKO BG to maintain high quality of its goods and services, to provide information about them and to have direct communication with its clients.
  • Implementation of marketing activities
  • Name and surname, date of birth, telephone number, e-mail address, city, EKONOMY card number
  • Implementation of contractual and legal obligations of EKO BG
  • The legitimate interest of EKO BG to promote its business activities
  • Information about login and activity of the user on the website
  • IP address of the users of the www.eko.bg website
  • The legitimate interest of EKO BG to maintain and ensure complete and easy use of the www.eko.bg website


The personal data provided by the visitors on our website is used exclusively and only for the purposes for which they were sent according to the relevant collection point.


In addition to the above, the objectives of the Company listed in the above table require EKO BG to evaluate the stay of each user on the website www.eko.bg, the measuring of the clicks on each subsection in the website and the receiving proposals/observations by the users for improving our goods and services.



Third Party Disclosure


The Company may disclose the above personal data to other companies of the Group, organizations providing software and hardware support and support of websites, web hosting companies and contractors providing other IT or marketing services.


Protection


The Company collects, maintains and processes your personal data in a way that protects it. In particular, your personal data is processed only by authorized personnel for this purpose or by service providers of the Company and/or the Group that are bound by the Company with the same obligations to protect your personal data by taking all appropriate organizational and technical measures to ensure data security and to protect against accidental or unlawful destruction, accidental loss, alteration, unauthorized disclosure or access and any other form of unlawful processing.


Storage period


The personal data that you provide on the site is stored only for as long as necessary for the purposes for which it was collected or as otherwise required by law.


Rights of the subjects


This section presents your rights with respect to your personal data. These rights are subject to certain exceptions or limitations.


Please submit your request in a responsible way. The Company will respond as soon as possible and in any case within one month of receipt of the request. If your request requires more time, you will be informed. In order to exercise your rights, you may contact us at e-mail: office@eko.bg or at any of the other contact details of the Company and the person responsible for the protection of personal data indicated at the beginning of this document.


The Company guarantees the continuous exercise of the following rights:


  1. Right of information/notification


You have the right to request and receive clear, transparent and easily understandable information about how we process your personal data.


  1. Right of access


You have the right to access your personal data free of charge, except in the following cases where a reasonable fee can be set to cover the administrative expenses of the Company and/or the Group:


  • manifestly unfounded or excessive/repeated requests, or
  • additional copies of the same information.

  1. The right of rectification


You may request a correction of your personal data if it is inaccurate or incomplete.



  1. The right of deletion


You may request the deletion or removal of your personal data when it is no longer necessary for the purposes for which it was collected or if there is no valid reason to continue its processing. The right of deletion is not absolute, to the extent that there is a specific legal obligation or other legal basis for keeping your personal data by the Company and/or the Group.


  1. Right to Restrict Processing


In some cases, you have the right to restrict or remove further processing of your personal data. In cases where processing is restricted, your personal data remains stored by the Company without further processing.


  1. The right of data portability


You have the right to request the personal data you have provided in a structured, publicly used and machine-readable format and forward it to another administrator responsible for processing.


  1. Right to object


You have the right to object at any time and for reasons related to a particular situation in the processing of your personal data, unless the Company and/or the Group demonstrates imperative and valid reasons for such processing.


Withdrawal of consent


If the processing of your personal data is based on your consent, you have the right to withdraw that consent at any time without prejudice to the lawfulness of the processing carried out until the withdrawal of your consent.


  1. Rights related to the making of automated individual decisions and profiling


The Company and the Group do not make automated individual decisions, including profiling.



Submitting a claim


For further information and advice on your rights or complaints, you may contact the personal data protection authority of the Republic of Bulgaria, namely the Commission for Personal Data Protection.


Changes to this notice


We aim to review and keep this notice up-to-date in order to comply with the relevant legal and regulatory requirements, while at the same time provide optimal protection of your personal data. All updates will be shared through this website.


Last modified: 15 February, 2021


Definitions


Personal data: any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier, including but not limited to, name and surname, telephone, e-mail address , identification number.


Data subject: The identified or identifiable natural person to whom the Personal Data and/or the Sensitive Personal Data refer.


Processing: any action or series of actions, taken or not by automatic or other means, with respect to Personal Data or a set of Personal Data such as collecting, recording, organizing, structuring, storing, adapting or changing, retrieving, consulting, using, disclosing by delivering, distributing or otherwise providing access, arranging or combining, restricting, deleting or destroying.


Person responsible for processing (Personal Data Controller): For the purposes of this Notice, the Company and the other companies of the Group that individually or jointly determine the purposes and manner of processing Personal Data are determined as responsible for processing.


Personal data processor: a natural or legal person, a public authority, an agency or other entity that processes personal data on behalf of the Person responsible for Processing.


Consent: any freely expressed, concrete, informed and unambiguous expression of the will of the Data subject by means of a statement or other clear affirmative action by which the Data subject agrees, for example, by a declaration or with a clear positive action and consent the Personal Data relating to it to be processed.


Personal Data Breach: A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Personal Data transmitted, stored, or otherwise processed.


This document constitutes a privacy notice within the meaning of Art. 13 and Art. 14 of Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).