Privacy Policy Mobile App

1. Definition and nature of personal data
As a result of your use of the iGreet mobile application (hereinafter referred to as the “iGreet app”), we may require you to provide us with your personal data, so that you have the possibility to use the services provided through the iGreet app. The word “personal data” means any data that enables a person to be identified, which includes your family name, first name, email address, telephone numbers, data relating to your transactions on the iGreet app, detail of your orders and subscriptions, bank card number as well as any other information about you that you choose to provide us with.

2. Purpose of this privacy policy
The purpose of this privacy policy is to inform you of the means that we use to collect and process your personal data, with the strictest respect for your rights. In this regard, we inform you that we collect and process your personal data in compliance with the regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 as from its entry into force, namely 25th May, 2018 (hereinafter referred to as the “GDPR”).

3. Identity of the entity responsible for collecting data
The entity responsible for collecting and processing your personal data isthe company iGreet Ltd, a Bulgarian Limited liability compnay (“Druzestvo s ogranichena otgovornost”) registered with the Registry of Trade and Companies of Sofia under the number 203 567 869, whose head office is located at Hipodruma, bul. Geshov 40, 1612 Sofia, BULGARIA (hereinafter referred to as “us” or “we”).

4. Collecting personal data
The legal basis of our processing of your personal data is the following: The legitimate interest resulting from your voluntary provision of your personal data when using the iGreet app and/or requiring information on our services, as these data are aimed at enabling us to better answer to your information requests about our Services; Processing is necessary for the performance of the contract to which you are party for purposes of using our services on our iGreet app. Your personal data is processed to meet one or several of the following requirements:
– To manage your access to the Services provided through the iGreet app and their use;
– To carry out operations necessary for the management of customers with regard to the contracts, orders, deliveries, invoices, fidelity programs, follow-up of the customer relations;
– To constitute a file of registered members, users, customers and prospects;
– To send push notifications, newsletters, entreaties and promotional advertisements. In case you do not wish so, you have the possibility to opt-out of receiving such communications when your data are collected;
– To provide commercial and service use statistics;
– To manage customer’s opinions on products, services or contents;
– To manage unpaid invoices and possible disputes about the use of our products and services;
– To customize our answers to your information requests;
– To respect our legal and regulatory requirements.
We inform you, when collecting your personal data, whether some of these data are mandatory or optional. Mandatory data are necessary for the provision of the Services. You are free to provide or not optional data. We will also inform you of the possible consequences of failure to reply.

5. Recipients of the collected data
The only persons who have the right to access to your personal data are our personnel, the services in charge of control (including external auditor) and our subcontractors. We may also give access to your personal data to government agencies, for the sole purposes of meeting legal requirements, or to representatives of the law, ministerial officers and organizations responsible for the collection of debts.

6. Transfer / sale of personal data
Your personal data will not be exchanged with, transferred or rented to any third party. Besides, we also inform you that we may shared with or disclosed to third-parties your data in an anonymized form so that you may not be identified, for statistical purposes (e.g.: number of users, average number of user contacts, percentage of provided cards, number of active users).

7. Personal data storage period
Data concerning current and potential customer management:
Your personal data shall be stored no longer than the time strictly necessary for the management of our commercial relations with you. However, any data providing the proof of a right or a contract and that must be stored in compliance with a legal obligation shall be so for the period stated by the legislation currently in force. With regard to possible promotion operations towards customers, their data may be stored for a period of 3 (three) years from the end of the commercial relations with them. Personal data relating to potential customers may be stored for a period of 3 (three) years from their collection or the last contact from the potential customer. Beyond that three-year period, we may contact you again to find out if you still wish to receive commercial solicitations.
Identity documents:
When exercising your right of access or correction, data relating to identity documents may be stored for the time limit of one year. When exercising your right to object, these data may be archived for the limitation of 3 (three) years.
Management of opt-out systems:
All information taking into account your right to object shall be stored for at least 3 (three) years from the exercise of this right.

8. Safety
We inform you that we take all necessary precautions, as well as all appropriate organizational and technical measures, to maintain the security, the integrity and the confidentiality of your personal data, including to prevent that they be distorted or damaged and that any unauthorized third-party access to them. We also use secured payment systems consistent with the state of the art and applicable regulations.

9. Hosting
We inform you that your personal data are stored, for the term set forth above, on the servers of the company AWS (Amazon Web Services), located in Germany in the European Union. Your personal data shall not be transferred outside the European Union within the use of our Services, except for our processors Google Analytics, Salesforce, Intercom and Keen, which may transfer your data to the United-States. Google LLC has joined the Privacy Shield, which has been deemed adequate to enable data transfers under EU law by the European Commission on July 12, 2016 (see the adequacy determination). To learn more about the guarantees that it provides, please visit the Privacy Shield website.
10. Access to your personal data
In compliance with the GDPR, you have the right to access, rectify and delete any information concerning you. You can exercise this right and have the information concerning you by contacting us at the:
Email Address:
Postal Address: 40 Ivan Evstratiev Geshov Blvd – 1612 Sofia- Bulgaria
Persons the data of which are processed on the basis of our legitimate interest, as specified in article “Collecting personal data”, are reminded that they have the possibility to object to the processing of their personal data at any time. We may however carry on with this processing if there are legitimate reasons for it that should prevail over your rights and freedoms or if it is required in order to establish, exercise or defend our rights before courts.

1. Right to define instructions related to the processing of data after your death
You have the right to define instructions with regard to the storage, the erasure and the communication of your personal data after your death. These instructions may be general directions, which are focused on all personal data concerning you. In such case, they must be registered with a digital trusted third party. These instructions may also be specific to the data processed by our company. You are then required to provide these instructions to us at the:
Email Address:
Postal Address: 40 Ivan Evstratiev Geshov Blvd – 1612 Sofia- Bulgaria
By providing to us these instructions, you hereby expressly consent that they be stored, transmitted and carried out on the terms and conditions set forth herein. You have the right to appoint in your instructions a person in charge of their execution. After your death, this person shall be entitled to take knowledge of these instructions and to request to us their implementation. Failing to such appointment, your heirs shall be entitled to take knowledge of these instructions and to request to us their implementation. You may modify or revoke your instructions at any time, by writing to us at the abovementioned contact addresses.

12. Portability of your personal data
You have a right to portability of the personal data you have entrusted to us, understood as the data you have actively and deliberately declared when accessing to and using our Services. You are reminded that portability right does not apply on data that were processed on another basis than consent or the execution of a contract between us. This right may be exercised free of charge, at any time, including when closing your account on the iGreet app, so that you may recover and store your personal data. In this context, we shall provide your personal data, by any appropriate means, in an open standard, currently used and machine-readable format, in compliance with the state of art.

13. Submission of a complaint before a supervisory authority
You are informed that you have a right to submit a complaint before a supervisory authority which is competent in the member State in which your ordinary residence, your place of work or the place in which the infringement of your rights was committed (GDPR), if you consider that the personal data processing under this Privacy policy is a violation of the applicable regulations. This complaint submission may be exercised without prejudice of other legal action before any administrative or judicial court. In fact, you have also a right to effective administrative and judicial redress if you consider that the personal data processing under this Privacy policy is a violation of the applicable regulations.

14. Restriction of processing
You have the right to obtain restriction of your personal data’s processing where one of the following applies:
Within the period of verification that we carry out, if you contest the accuracy of your personal data;
When the processing of these data is unlawful et you request the restriction of this processing, instead of erasing your data;
When we no longer need your personal data, but you require their maintenance for the exercise of legal claims;
Within the period of verification of the legitimate interests, if you have objected to the processing of your personal data.

15. Modifications
We reserve the right, at our sole discretion, to modify this Privacy policy, in whole or in part. Any changes will be effective from the time of publication of the new Privacy policy. Your use of the iGreet app after the changes have been implemented implicitly expresses your acknowledgement and acceptance of the new Privacy policy. Otherwise, and if the new Privacy policy does not suit you, you must no longer use the Services.

16. Entry into force
This Privacy policy came into force on 7th October 2019