**Privacy Policy**
We consider ensuring the right to personal data protection as a fundamental commitment of "BUY TICKETS BG" LTD, therefore we will use and apply all necessary means and efforts to process your data in full compliance with Regulation (EU) 2016/679 ("General Data Protection Regulation" or GDPR) and applicable Bulgarian legislation. As transparency is one of the main principles of this legal framework, we have prepared this document to inform you about the way we collect, use, disclose, and protect your personal data when you interact with us regarding the subject of our activity - selling tickets for events, concerts, shows, theatrical performances, and others (hereinafter referred to as "Events") through our electronic platform www.kupibileti.bg.
We reserve the right to periodically update and amend this Privacy Policy to reflect any changes in the way we process your personal data or changes in your legal requirements. In case of such changes, we will publish the amended version of the Privacy Policy on our website, so we kindly ask you to periodically review its contents.
**I. Who are we and how to contact us?**
1. The electronic platform WWW.KUPIBILETI.BG (hereinafter referred to as "Platform") is owned by "BUY TICKETS BG" LTD (hereinafter referred to as "KUPIBILETI" or "we"), a limited liability company registered with the Commercial Register with UIC: 205210570, with headquarters and management address in Sofia (capital), Stolichna municipality, Sofia city, Triaditsa district, postal code 1414, Bulgaria Square 1, NDK, entrance A3, conducting its business at Sofia (capital), Stolichna municipality, Sofia city, Triaditsa district, postal code 1414, Bulgaria Square 1, NDK, entrance A3. For the purposes of data protection legislation, we are the data controllers in processing your personal data.
**II. What categories of personal data do we process?**
1. We collect your personal data directly from you, so you decide what kind of information to provide us. For example, the information we receive from you is as follows:
2. When you create a profile on KUPIBILETI.BG, you send us your email address, first name, middle name, and last name.
3. When making a purchase, you provide us with the following information: desired ticket, first and last name, delivery address, payment method, phone number.
4. On our website, we may store and collect information through cookies in accordance with the Cookie Policy. https://www.kupibileti.bg/bg/page/Cookies
We do not collect or process sensitive data or data falling into special categories of personal data under the General Data Protection Regulation in any other way.
You can view the Privacy Policy of the shipping company "Econt Express" at the following address - https://www.econt.com/econt-express/privacy-policy
**III. What are the purposes and legal grounds for processing?**
1. We will use your personal data for the following purposes:
a) Concluding a contract for the purchase and sale of a ticket for an Event through our electronic platform.
This general purpose may include, if necessary, the following:
By ordering a ticket through www.kupibileti.bg, we conclude a contract with you for the sale of tickets. The main purpose for which we collect and use the aforementioned personal data is to facilitate the execution of this contract - including sending the tickets to you, respectively - organizing the receipt of the tickets within our network of partners.
Your contact information may be used by our team in case of changes in certain events or their cancellation. Your payment-related data, besides its execution, may also be used by KUPIBILETI.BG in cases of refund.
creating and managing a profile on the KUPIBILETI.BG platform
resolving issues arising during and after the purchase of a ticket;
assisting, including responding to your inquiries regarding the purchased tickets on the KUPIBILETI.BG online platform.
Here's the translation of the text:
**b) Improvement of our services**
We always aim to offer you the best experience when purchasing tickets for your favorite entertainment Event online. For this purpose, we may use certain information about your buyer behavior, encourage you to fill out satisfaction surveys after completing an order, or conduct market research and studies directly or with the help of partners.
These activities are based on our legitimate interests in conducting business while ensuring that your fundamental rights and freedoms remain unaffected.
**c) Marketing**
In most cases, we require your prior consent to send you marketing messages. You can change your decision and withdraw your consent at any time by adjusting your settings via email.
**d) Protection of our legitimate interests**
There might be instances where we use or disclose information to protect our rights and commercial activities. These might include:
Measures to protect the website and users of the KUPIBILETI.BG platform against cyber-attacks;
Measures to prevent and detect attempts at fraud, including disclosing information to competent public authorities;
Measures to manage various other risks.
The main reason for these types of processing is our legitimate interests related to protecting our business activities while ensuring a balance between our interests and your fundamental rights and freedoms.
**IV. How long do we keep your personal data?**
1. We store your personal data in KUPIBILETI within the legally established deadlines.
**V. To whom do we send your personal data?**
Depending on the case, we may disclose or grant access to some of your personal data to the following categories of recipients:
Partners on the KUPIBILETI platform;
Partner ticket offices;
Courier service providers;
Payment/banking service providers;
Our lawyers, professional consultants, and auditors;
Marketing/telemarketing service providers;
Market research-related service providers;
Insurance companies;
IT service providers;
Other companies with which we may develop joint programs for marketing our goods and services on the market.
If required by law or if necessary to protect our legitimate interests, we may disclose specific personal data to public authorities.
Access to your data by private third-party entities is carried out in accordance with legal provisions on data protection and information confidentiality, based on contracts concluded with them.
**a) Your data outside the European Economic Area**
As a general rule, your personal data is stored and processed throughout the European Union and the European Economic Area (EEA). In case your personal data is transferred outside the European Union or the EEA, the transfer will be made:
Based on a decision of the European Commission, determining that the respective third country provides an adequate level of protection;
Based on binding corporate rules or
Based on standard contractual clauses adopted by the European Commission.
If we find that any of these measures are insufficient to ensure an adequate level of protection, for each specific case, we will adopt additional technical and/or organizational security measures in line with the recommendations of the European Commission. You can contact us at any time using the contact details listed above to learn more about the countries to which we transfer your data and the guarantees we have put in place regarding these transfers.
Please note that General Usage Information automatically collected through some of the cookies used by the website may be transferred to a Google server in the United States, as we use Google Analytics to analyze this information – a web service provided by Google LLC ("Google").
On our behalf, Google will use this information to evaluate website usage and compile reports on its functionality and visitation, providing us with additional services related to it.
We should also note that we use social plugins ("plugins") provided by the social networks Facebook and Twitter.
Here is the translation:
These services are provided by:
• Facebook Inc. 1601 Willow Road, Menlo Park, California, 94025, USA. You can find a general overview of these plugins and their appearance here: [Facebook Developer Docs](https://developers.facebook.com/docs/plugins)
• Twitter Inc. 1355 Market St #900, San Francisco, California 94103, USA. You can find a general overview of these plugins and their appearance here: [Twitter Developer Docs](https://developer.twitter.com/en/docs/twitter-for-websites/)
When you visit our page, these plugins establish a direct connection between your browser and the servers of Facebook/Twitter. The content of the plugin is transmitted directly to your browser and integrated into the web page. By integrating Facebook/Twitter plugins, these platforms receive information that your browser has accessed the respective page on our website, even if you do not have a profile on the social network or are not currently logged in. This information (including your IP address) is transferred directly to the servers of Facebook/Twitter and stored there.
If you are logged into your profile on the respective social network, the platform may link your visit to our website to your profile. For example, when you click on the "like" button (for Facebook), the respective information will be sent to and stored on Facebook's servers.
Additionally, this information will be published on the respective social network and shown to your contacts there. For the scope and purpose of this data collection, information on further processing and use of data by Facebook/Twitter, and your legal rights and privacy settings associated with this, please refer to the privacy policy of:
• Facebook: www.facebook.com/about/privacy
• Twitter: www.twitter.com/en/privacy
If you do not want such automatic linkage of data collected by visiting our website to your Facebook/Twitter profile, you should log out of the network before visiting our website.
Google LLC, Facebook Inc., and Twitter Inc. are parties to the "Privacy Shield" framework for personal data transfers between the EU and the USA. This ensures an adequate level of protection for your data. The full text of the framework for protecting personal data between the EU and the USA can be found at the following address: www.privacyshield.gov/EU-US-Framework
You can prevent Google Analytics from tracking usage data by using the browser opt-out add-on, which you can find here: www.tools.google.com/dlpage/gaoptout. You can also entirely prevent the loading of these plugins through add-ons for your browser, such as the script blocker "NoScript" (noscript.net/).
VI. How do we protect the security of your personal data?
1. We are committed to ensuring the security of personal data by applying appropriate technical and organizational measures while complying with industry standards.
2. We store your data on secure servers using the latest encryption algorithms and ensure the storage of backups.
3. We use the payment processing service E-Pay GO for payments. All payment information is encrypted using SSL technology.
Despite the measures we apply to protect your personal data, we are aware that transmitting information over the internet or other public networks is not entirely secure, and there is a risk that data may be viewed and used by unauthorized third parties. KUPIBILETI cannot be held responsible for vulnerabilities in systems not under our control.
VII. What are your rights?
The General Data Protection Regulation acknowledges a series of rights regarding your personal data.
1. Right to access your data, correct errors in our files, and/or object to the processing of your personal data.
2. Right to lodge a complaint with the competent supervisory authority or the courts. Depending on the case, you may also have the right to request the deletion of your personal data, the right to restrict the processing of your data, and the right to data portability.
3. Right to request the data we store about you to be provided to you in a machine-readable format (e.g., computer) and/or transferred to another organization, but only when we process your data based on a contract or your consent and the processing is done automatically.
VIII. Access to your personal data
1. By requesting from us, you may:
confirm that we process your personal data;
provide a copy of this data;
provide information about your personal data, such as the data we have, how we use it, to whom we disclose it, how long we keep it, how you can file a complaint, and where we obtained your data, to the extent that the information has not already been provided through this request.
Here's the translation:
a) Correction
- You can request us to correct or supplement your inaccurate or incomplete personal data.
b) Data Erasure
You may request us to delete your personal data if:
they are no longer necessary for the purposes for which they were collected;
you have withdrawn your consent (if data processing is based on consent);
you exercise a lawful right to object;
they have been unlawfully processed;
there is a legal obligation in this regard.
We are not obliged to comply with your request to delete your personal data if processing is required:
to fulfill a legal obligation;
to establish, exercise, or defend a legal claim;
Other circumstances that do not imply a legal obligation to erase data.
c) Restriction of Data Processing
You may ask us to limit the processing of your personal data, but only if:
their accuracy is contested (see the data correction section) so that we have the opportunity to verify their accuracy;
processing is unlawful, but you do not wish the data to be deleted;
they are no longer necessary for the purposes for which they were collected, but we still need to establish, exercise, or defend a legal claim;
We may continue to use your personal data as a result of a request for restriction:
if we have your consent; or to establish, exercise, or defend a legal claim;
to protect the rights of KUPIBILETI or another natural or legal person.
IX. Right to Object
1. You can object at any time for reasons related to your specific situation against the processing of your personal data based on our legitimate interests if you believe that your fundamental rights and freedoms are infringed.
2. You may object at any time to the processing of your data for direct marketing purposes (including profiling) without specifying any reason, in which case the processing will be terminated at the earliest opportunity.
3. Right to object to: fully automated decision-making, including profiling; where there is another legal basis; when processing is based on our legitimate interest or for direct marketing purposes.
X. Automated Decision Making
You may ask us not to be subject to a decision based solely on automated processing, but only when that decision:
has legal consequences for you; or
affects you in a similar and significant way.
This right does not apply if the decision taken following automated decision-making:
is necessary for us to conclude or perform a contract with you;
is permitted by law and there are adequate guarantees for your rights and freedoms;
or is based on your explicit consent.
XI. How to Exercise Your Rights?
To exercise any of your rights, you can contact us using our contact information by phone, email, postal mail, or by filling out a form at our office. We will respond to any request for access to personal data no later than one month after submission in electronic form, unless you specify another preferred method.
You can send your request to the email address of KUPIBILETI – office@kupibileti.bg
Your written request should include:
• Your name;
• The email address with which you are registered in your personal profile;
• Preferred form of communication (e.g., regular or email);
• Signature (in the case of paper submission);
• Date of the request;
• Mailing address;
• Authorization - if the request is made on behalf of someone else.
The company may request additional information necessary to confirm your identity (e.g., by clicking a confirmation link or providing a verification code) to exercise your rights.
XII. Complaints
You have the right to lodge a complaint with the competent supervisory authority regarding the processing of your personal data. According to current legislation, the leading supervisory authority is the CPDP.
Contact details for the Data Protection Supervisory Authority in Bulgaria are: Commission for Personal Data Protection, Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2, Phone: 02/91-53-519 or 02/91-53-555, Email: kzld@cpdp.bg
Data protection policies or changes to them take effect upon their publication on www.kupibileti.bg.