Our company strives to provide an adequate level of protection of the collected personal data and to process them only for acceptable purposes, with acceptable means and to use providers of cloud, hosting and email services with a reliable reputation. The Company only collects data that is relevant and limited to what is necessary for the purposes for which it is processed.
- It does not apply for the collection of information through other channels.
- By using our website, you consent to the collection, use and disclosure of your information as set below in this policy.
- Information on the data processor
For the purposes of the EU General Data Protection Regulation (GDPR) (EU) 2016/679, the responsible entity is:
- Cardinal Bites Ltd.
- UIC: 206100746
- Address of management: Sofia 1000, Sredets district, 33 Alabin Street, office 128
- For data protection issues, you can contact us at the following email: firstname.lastname@example.org.
“Our Websites” and “Cardinal Bites Websites” refer to any website owned and / or operated by Cardinal Bites Ltd. (as described above), https://www.cardinalbites.com/ and https://cardinalbites.bg (including all subdomains).
- Principles of personal data processing
In the processing of personal data, Cardinal Bites adheres to the principles of legality, transparency, relevance of the processing to the purposes, as well as data minimization.
- What types of data do we collect?
The personal data we collect can be divided into two groups. The data from the first group (Group 1) are collected in relation to the processing of orders, execution of deliveries and contracts with customers, and the data from the second group (Group 2) are collected in relation to visiting our website and improving the services of Cardinal Bites.
Data necessary for order processing and delivery:
- Customer name
- Contact – phone number and / or e-mail
- Town and delivery address
- Preference for delivery within a certain time range
- Date and time of the order
- Payment information, information contained in invoices and accounting documents issued by Cardinal Bites Ltd.
- Order history
- IP address of the computer placing the order
- Information from cookies for functionality
When you visit our website, our server temporarily records your access details in its logs. These logs contain the following data and are stored until they are automatically deleted:
- IP address of the computer submitting the request;
- The date and time of your request;
- The requested URI;
- The amount of data transferred in response;
- Whether the request was successfully processed or not;
- Identifying data about the browser and operating system you are using;
- The referring website from which you submitted the request;
- The name of your ISP;
- The purpose of recording this data is to enable you to maintain the website (by establishing a TCP / IP connection), to provide our servers, the technical administration of our infrastructure, and the optimization of our services. Only in case of unauthorized access or cyber-attacks on our infrastructure will your IP address be analyzed.
You are not required to provide additional information to access our website.
- Basis for processing
Personal data are processed on the basis of Art. 6 (1) (a) and (f) of Regulation (EU) 2016/679, namely:
- The subject has consented to the processing of his or her personal data for one or more specific purposes.
- Fulfillment of the obligations of Cardinal Bites under a contract with the client.
- Processing is necessary for the purposes of the legitimate interests pursued by the administrator or by a third party.
- Use of personal information
The data will be used solely for the purposes set out in this policy. We may use users’ personal information for the following:
- Execution and processing of orders
- Execution of deliveries
- Sending feedback requests
- Downloading a report or other analytical information
- Administer our website
- Providing anonymized statistical information for our users
- Storage of personal data
The data we collect is stored within the European Economic Area in compliance with national and European legislation and REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (GDPR). The company takes the necessary measures to prevent unauthorized access, modification, dissemination, as well as other illegal forms of data processing.
Personal data is processed only by the competent persons in Cardinal Bites Ltd, as well as by providers of cloud, hosting and email services with a reliable reputation. The company utilises digital service providers that provide a high level of technical protection and cybersecurity.
Cookies are files consisting of letters and numbers that are sent from websites to the user’s device and stored in the file directory of the browser used by the user. They collect information about how the site is used in order to identify the user and improve the services of the website.
- I accept cookies
- More information
- Withdrawal of consent
Users may withdraw their consent to the processing of their personal data at any time. In case you wish to withdraw your consent for processing, you can submit one to the above e-mail.
- Right to access, correct, delete or restrict
The user has the right to object at any time to the processing of his personal data. When processing personal data for direct marketing purposes, the user also has the right to object at any time. The procedure for exercising the rights under this section, including the right of access, the right to delete, correct or restrict processing, is by submitting a written request to the above e-mail. Cardinal Bites will provide the consumer with information on the action taken on the request.
- Provision of personal data to third parties
Personal data may be provided to the following third parties:
- To courier companies, warehouse providers and fulfillment centers in order to organize deliveries
Personal data may also be provided in the following cases:
- To the extent required for the execution of an order
- To the extent required by law
- In connection with current or future court proceedings
- In connection with fraud prevention
Except as provided in this policy, we will not provide your personal information to third parties. Without your consent, we will not provide your personal information to any third party for direct marketing or another third party.
- Retention periods