Personal data protection policy

1. INTRODUCTION
   1.1. This personal data protection policy shall arrange the way “Fitspo Nutrition” Ltd. (Limited) or in his capacity of FitSpo brand sole owner „Fitspo Nutrition” Ltd. collects, processes and stores the personal data, in accordance with the requirements of the ‘General Data Protection Regulation’ (Regulation (EU) 2016/679), the Personal Data Protection Act of the Republic of Bulgaria and other Bulgarian or international laws and regulations.
   1.2. The confidentiality of our users’ information is one of our top priorities. „Fitspo Nutrition” Ltd. in his capacity of Personal Data Controller and in accordance with the current legislation and good practices, applies the required technical and organizational measures for the protection of personal data of the natural persons.
   1.3. This policy provides information on how and what types of personal data we collect from and on you, why we need them, to whom they may be provided or disclosed and how they are protected. Please, read it carefully. When you provide your personal data to „Fitspo Nutrition” Ltd., whether electronically or on paper, you accept and agree with the practices described in this personal data privacy and protection policy. Please, in case you have any questions relating to this policy, contact our personal personnel responsible for personal data protection  and, in case you do not accept any terms of our personal data protection policy, we do not recommend using any products and services provided by „Fitspo Nutrition” Ltd. where you are required to provide your personal data.
2. CONTACT INFORATION

Information on „Nuhealth” JSC as a Personal Data Controller. 

With regard to the processing of your personal data, you may contact us at the following points of contact:

“FITSPO NUTRITION” LTD, Registration ID: 206043697

Address: 176, “Vasil Aprilov” Blvd.4027 Northern Industrial Zone, City: Plovdiv, Country: Bulgaria

Tel.: +359 884 613 734, web: www.fitsponutrition.com, e-mail: info@fitsponutrition.com

You can receive any information with regard to the processing of your personal data from:

If, in your opinion, we infringe upon your rights relating to the processing of your personal data, in accordance with the requirements of the ‘General Data Protection Regulation’ (Regulation (EU) 2016/679), you have the right to submit a complaint to:

To: “FITSPO NUTRITION” LTD, Registration ID: 206043697

Address: 176, “Vasil Aprilov” Blvd.4027 Northern Industrial Zone, City: Plovdiv, Country: Bulgaria

Tel.: +359 884 613 734, web: www.fitsponutrition.com, e-mail: info@fitsponutrition.com

Attention: Personal Data Privacy Responsible Officer

You can also exercise your rights in any of the offices of “FITSPO NUTRITION” Ltd. The most current and complete list you can find at https:// https://fitsponutrition.com/contact-us.

In the event that you wish to file a complaint regarding the processing of your personal data carried out by us or regarding the way in which we have considered your complaint, you have the right to file a complaint with the Commission for the Protection of Personal Data (PCPD), at the address: Sofia 1592, Prof. Blvd. Tsvetan Lazarov” No. 2 or in the ways described on the commission’s website: https://www.cpdp.bg/index.php?p=pages&aid=56 or the local Data Protection Supervising Authority according to Article 51 of the Regulation (EU) 2016/679

3. LEGAL BASIS
3.1. This personal data protection policy (‘Policy’) is issued pursuant to the Personal Data Protection Act and its subordinate legislation (‘Bulgarian Law’), and the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’).
3.2. Both the Bulgarian Law and the GDPR lay down rules for the way „FITSPO NUTRITION” Ltd. shall collect, process and store personal data. These rules shall be applied by „FITSPO NUTRITION” Ltd. as a Personal Data Controller, irrespective of whether the data are being processed electronically, on paper or other media.
3.3. To ensure the compliance of personal data processing with the legal requirements, the personal data is collected and used lawfully, the required security of the processing operations is provided and „FITSPO NUTRITION” Ltd. has taken all the required measures to prevent unlawful disclosure of processed personal data. Under the general principles adhered to by „FITSPO NUTRITION” Ltd., your personal data is:

• collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);

• adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);

• kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);

• processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’);

• „FITSPO NUTRITION” Ltd. shall be responsible and able to prove its adherence to the general principles of personal data processing (‘reporting’).

4. PURPOSES OF THE POLICY
4.1. With the adoption and application of this Policy by „FITSPO NUTRITION” Ltd., in accordance with the Bulgarian Law and Regulation (EU) 2016/679, the rules for protection of natural persons with regard to the personal data processing as well as the rules with regard to the free movement of personal data are established.
4.2. With the adoption and application of this Policy by „FITSPO NUTRITION” Ltd., in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679, the fundamental rights and freedoms of the natural persons, and, more specifically, their right to protection of personal data are protected.
4.3. With this Policy, „FITSPO NUTRITION” Ltd. aims to guarantee:

• The rights of the natural persons—personal data subjects, in accordance with Regulation (EU) 2016/679;

• The compliance with the requirements of the Regulation by „FITSPO NUTRITION” Ltd. as a Controller and/or Processor, including:
  – Data protection by design and by default
  – Records of processing activities
  – Appropriate technical and organizational measures, which shall be reviewed and updated, as needed
  – Measures for risk assessment relating to the processing of personal data
  – The compliance with the requirements where the processing of your personal data is assigned to third parties (Processors)
  – The obligations of all officers, processors, and/or the persons having access to personal data and working under the authority of the processors, and their responsibility upon failure to perform these obligations;
  – Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, „FITSPO NUTRITION” Ltd. as a Controller and/or Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate for the risk.
  – Shall ensure the adherence to the general principles for transfers of personal data to third countries or international organizations outside the EU.

5. SCOPE
5.1. Definitions:
5.1.1.‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
5.1.2. ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

5.2. The data protection policy shall be applied with regard to the processing of personal data of the users, the employees, where they have become known to partners and providers, as described in the records of processing activities established in accordance with Article 30 of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘Records of processing activities’).

6. PURPOSES OF THE PERSONAL DATA PROCESSING
6.1. In accordance with the requirements of Chapter III, Section I, ‘Transparency and modalities’ of the General Data Protection Regulation (Regulation (EU) 2016/679), „FITSPO NUTRITION” Ltd. shall provide transparent information, communication and modalities for the exercise of the rights of the data subjects, in accordance with Article 12 of the Regulation.
6.2. The purposes and the information with regard to the personal data processing by „FITSPO NUTRITION” Ltd. shall be provided in accordance with the ‘Procedure for transparent communication’, ‘Procedure upon collection of personal data’and ‘Procedure upon reception of personal data’.
6.3. The purposes and the information with regard to the personal data processing shall be specified in the following documents provided to the data subjects: ‘Personal data processing information to be provided upon collection’ and ‘Information upon reception of personal data’.

7. TRANSPARENCY.

RIGHTS OF THE PERSONS WHOSE DATA ARE PROCESSED BY „FITSPO NUTRITION” Ltd.

Information on your rights relating to the processing of personal data

• Right to access (Article 15): You have the right for confirmation for processing and access to your personal data.
• Right to rectification (Article 16): You have the tight to rectify your inaccurate or incomplete personal data.
• Right to erasure (Article 17): You have the right to request erasure of your personal data.
• Right to restriction of processing (Article 18): you have the right to request restriction of processing of your personal data.
• Notification obligation (Article 19): You have the right to request to be notified upon any action relating to rectification, erasure or restriction of processing of your personal data.
• Right to object (Article 21)    To object at any time to the processing of your personal data:
  • for the performance of a task carried out in the public interest or based on any official authority, or for the purposes of the legitimate interests, including profiling.
  • processing for direct marketing purposes
  • processing for scientific or historical research purposes or statistical purposes.
• Right to rejection of automated processing (Article 22): You have the right to refuse to be subject to a decision based only on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
• Right to portability (Article 20): You have the right to receive your personal data.
• Right to lodge a complaint and effective judicial remedy (Articles 77, 78 and 79): You have the right to lodge a complaint with the Commission for Personal Data Protection upon any infringement upon Regulation (EU) No 2016/679 of 27 April 2016 and the right to effective remedy against the CPDP, Controller or Processor of your personal data.
• Right to compensation (Article 82):You have right to compensation for material or non-material damage as a result of an infringement upon Regulation (EU) No 2016/679.

All personal data subjects (users, clients or employees, where such partners’ or providers’ data have become known to you, as described in the records of processing activities) may exercise their rights by sending official notice to any of contact points enlisted bellow:

“FITSPO NUTRITION” LTD, Registration ID: 206043697

Address: 176, “Vasil Aprilov” Blvd.4027 Northern Industrial Zone, City: Plovdiv, Country: Bulgaria

Tel.: +359 884 613 734, web: www.fitsponutrition.com, e-mail: info@fitsponutrition.com

Attention: Personal Data Privacy Responsible Officer

You can also exercise your rights in any of the offices of “FITSPO NUTRITION” LTD. The most current and complete list you can find at https:// https://fitsponutrition.com/contact-us.

8. TRANSFERS OF PERSONAL DATA TO THIRD COUNTRIES OR INTERNATIONAL ORGANIZATIONS
8.1. Any transfer of personal data processed or intended for processing after the transfer to a third country or an international organization outside the EU by „FITSPO NUTRITION” LTD. may take place only under the terms of the General Data Protection Regulation (Regulation (EU) 2016/679), in compliance with the requirements laid down in Chapter V of the Regulation.
8.2. „FITSPO NUTRITION” LTD. shall apply all provisions of the Regulation to prevent any risk for the required level of protection of the natural persons provided for by the Regulation.
8,3, In case „FITSPO NUTRITION” LTD. plans to transfer personal data to a third country or an international organization outside the EU, this transfer may take place only in accordance with the implemented procedure for data transfer outside the EU’ and the data subjects shall be notified in advance by providing them with the respective ‘Personal data processing information to be provided upon transfer of their personal data’ requiring their ‘Consent for personal data transfer’.

9. BREACHES AND NOTIFICATION OF BREACHES
9.1. ‘Personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed by „FITSPO NUTRITION” LTD.

9.2. In the event of a personal data breach, the following shall be notified immediately:

“FITSPO NUTRITION” LTD, Registration ID: 206043697

Address: 176, “Vasil Aprilov” Blvd.4027 Northern Industrial Zone, City: Plovdiv, Country: Bulgaria

Tel.: +359 884 613 734, web: www.fitsponutrition.com, e-mail: info@fitsponutrition.com

Attention: Personal Data Privacy Responsible Officer

You can also provide such information in any of the offices of “FITSPO NUTRITION” LTD. The most current and complete list you can find at https://fitsponutrition.com/contact-us.

9.3. In the event of a personal data breach likely to create a risk for the rights and freedoms of the natural persons, without undue delay and, where feasible, not later than 72 hours after having become aware of it, “FITSPO NUTRITION” LTD shall notify the Commission for Personal Data Protection of the breach.
9.4. In case a specific breach creates a risk for the rights and freedoms of the natural persons, “FITSPO NUTRITION” LTD. shall take action to notify the affected persons in order to minimize any adverse consequences.
9.5. „”FITSPO NUTRITION” LTD. shall take action following the ‘Procedure upon personal data breach’.

10. DESTRUCTION

10.1. “FITSPO NUTRITION” LTD. shall follow the implemented ‘Procedure for destruction of personal data’.

11. Amendments to the privacy policy

11.1. “FITSPO NUTRITION” LTD. may update by amending and supplementing the personal data protection policy at any time in the future, as required under the circumstances.

12. Document owner and approval
12.1. CEO of “FITSPO NUTRITION” LTD. is the owner of this document and shall be responsible to have this procedure reviewed, in accordance with the reviewing and updating requirements of Regulation (EU) 2016/679.
12.2. This version of this document has been publicly available to all data subjects and published on the fitsponutrition.com web site under https://fitsponutrition.com/privacy_policy.

12.3. This procedure was approved by CEO of “FITSPO NUTRITION” LTD. on Date:01.05.2024 and was issued under version control with their signature.

Signature:

Revision history:

Version: 2, Approval: CEO, Name, Effective date of the new version: 01.05.2024