LAST UPDATED ON JUNE 13, 2019


This updated Privacy policy (“Policy”) regulates the personal data protection of natural persons who use the site and the E-shop at https://www.escreo.com (“Site”/”E-shop”), property of “3 EN 3” OOD.

With this Policy we declare that processing of personal data by us shall always comply with the requirements of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation”/”Regulation”), and the Bulgarian Personal Data Protection Act.

I. Definitions

Personal data is any information or set of information, which identify you or could be used for your identification. This includes information, which you share with us through the Site, for example, when you are making an order and thus concluding a distance contract.

Processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data.

Our contact details

“3 EN 3” OOD, UIC 203326551, represented by the manager Yasen Emilov Rusev

Seat and address of management: Sofia, region “Iskar”, residence area “Drujba” 1, 25 “Tirana” str., entr. “C”, 5th floor, app. 110

Address for the exercise of activity: Sofia Tech Park, Incubator Building, 1st floor, 111B “Tsarigradsko shose” blvd.

Email:  hello@escreo.com
Phone: 0700 10 324

III. Categories of personal data we process

We can collect your personal data the following ways:

1. Data you give us when you are making an order and concluding a distance contract: names, address, phone, email;

2. Data you give us upon request for a newsletter: email;

3. Data you give us through the contact form on the Site: names, phone, email;

4. Data you give us through our Facebook lead ads: names, phone, email, company, etc.

5. Data you send to us in the form of feedback.

We do not collect or process your bank accounts. Only as part of the refund procedure, as described in the Terms and conditions, we may need such.

We do not collect sensitive personal data about you.

We do not perform automated decision-making and profiling.

We consciously do not collect data related to children.

IV. Purposes of processing personal data

We collect and process your data for the following purposes:

1. Your identification and performance of the obligations under the orders made and the distance contracts concluded;

2. Delivery of the ordered goods and services and providing data to couriers;

3. Sending of correspondence and instructions regarding the order made, respectively the distance contract concluded;

4. Establishing contact by telephone or email regarding the order made, respectively the distance contract concluded;

5. Responding to inquiries, complaints and other requests;

6. Keeping of accounting and fulfillment of the requirements of the Accountancy Act and other legislation;

7. Sending newsletters or other correspondence for direct marketing purposes in cases of explicit consent given;

V. Legal basis for the processing of personal data

We have the right to process your personal data only if we have a legal basis for doing so.

The data we receive through the Site, we collect and process on the basis of Art. 6(1), letter “b” of the Regulation, namely processing is necessary for the performance of a distance contract to which you are a party or in order to take steps at your request prior to entering into a distance contract.

You can subscribe to our newsletter by ticking the relevant checkbox when making an order or directly through the Site. In this case, we can process your data on the basis of Art. 6(1), letter “a” of the Regulation, namely you have given us consent to process your personal data for direct marketing purposes. We will consider the latter also as a consent in the sense of Art. 6(4) of the Electronic Commerce Act and Art. 261(1) of the Electronic Communications Act.

You can withdraw your consent any time, either by clicking the “unsubscribe” button at the end of each email you receive, or by contacting us at: hello@escreo.com.

VI. Categories of recipients of personal data

Your personal data may be disclosed to:

1. persons, if provided for in a legal act` including state bodies, in respect of which there is a legal requirement for the provision of certain categories of personal data;

2. processors of personal data under a contract, namely companies providing accounting services, IT services, the application service, marketing services, advertising services, consultancy services, couriers, forwarders, carriers, auditors, lawyers, law firms, banks, as part of the refund procedure, etc., processing personal data only on our instructions, unless processing is required by current legislation;

Processors are required to provide sufficient guarantees for the application of appropriate technical and organizational measures in such a way that the processing proceeds in accordance with the requirements of the Regulation and protects the rights of data subjects.

3. persons who, under our direct authority, process your personal data, have committed to confidentiality and are aware of the personal data protection laws.

VII. Non-provision of personal data

In cases when we process your personal data pursuant to Art. 6(1) l. “b” of the Regulation (contract), and you cannot provide these data, we may not be able to provide the service you have requested from us, for example, if you do not provide us with your name, there is no possibility of ordering goods and/or services and concluding the distance contract; if you do not provide us with your address, there is no possibility to execute the distance contract, respectively to deliver the ordered goods and/or services, including via couriers; if you do not provide us with your phone and email, there is no possibility to confirm the order made, deliver the ordered goods and/or services, including via couriers and, when necessary, contact you regarding the execution of the order made.

VIII. Period for which the personal data will be stored

Your personal data is stored for a period of 5 years as of your last interaction with the E-shop, for example an order made via the E-shop or a visit made to the E-shop.

IX. Your rights

The Data Protection Regulation guarantees you a certain set of rights that you can exercise in relation to your personal data processed by us. Specifically, you have:

1. Right to receive information if we process your personal data and, if so, to obtain a copy of the information we process about you;

2. Right to question any information we have about you that you think is wrong or incomplete and want it to be corrected or supplemented;

3. Right to want from us to discontinue the use of your personal data, such as:

3.1. you may want to erase them (the right to be forgotten); or

3.2. request limitation of processing; or

3.3. object to the use of your personal data (especially in the case of processing it for direct marketing purposes);

There may be grounds for us to keep or continue to use your data, which we will share with you when you exercise one of the above rights.

4. Right to receive your personal data in a structured, widely used and machine-readable format and the right to request that we transfer this data to another administrator;

5. Right to withdraw your given consent to use your personal data;

You can exercise the above rights by sending us an email at hello@escreo.com.

We will try to respond to all legitimate requests within one month. Sometimes it can take us more than a month, in which case we will let you know.

6. Right to complain to a supervisory authority if you are not satisfied with the way we have used your personal data and you believe we have breached the provisions of the Regulation;

The supervisory authority in the Republic of Bulgaria is the Commission for Personal Data Protection, address: Sofia 1592, “Prof. 2 Tzvetan Lazarov Str., website: www.cpdp.bg.

X. Security of the personal data

We have implemented appropriate security measures to prevent accidental loss, use or access to your personal data in an unauthorized manner, change or disclosure. In addition, we restrict access to your personal data to those employees, external service providers, and other third parties who have a necessity of access to them (so called principal “necessity to know”). They will process your personal data only on our instructions.

We have put in place procedures to deal with any alleged violation of personal data and will notify you and the competent authorities for an infringement when we are legally obliged to do so.

If you believe that any information about you is false or inaccurate, please inform us as soon as possible.