GENERAL DATA PROTECTION POLICY
(Effective as of May 24, 2018)

I. SCOPE AND APPLICATION

“Adventure Facility Concepts and Management” Ltd. (“we,” “our,” or “us”), UIC 202387264, with registered office at 111V Tsarigradsko Shose Blvd., Sofia 1784, Bulgaria, as a data controller, recognizes the importance of protecting your personal data.

This General Data Protection Policy (“General Policy”) is intended to inform you about:

The categories of personal data we collect and process:

(i)        when you register on or use our website www.funtopiaworld.com or any of its associated websites and social media pages, or when you use another application or online service that refers to this privacy policy (collectively referred to as the “Services”);

(ii)       when you apply for a job we have advertised or when you are hired or engaged by us as an employee, worker, or contractor;

(iii)      when you contact us (including through any of our websites) or request information about the goods and services we offer;

(iv)      in connection with the performance of work you have assigned to us, including the sale of goods and services we provide.

  1. We would also like to inform you about:

    • The sources and methods through which we collect and protect the personal data we process;

    • The purposes for which we process personal data and the legal basis for doing so;

    • The collection and processing of personal data relating to children;

    • The circumstances under which we share your personal data with third parties;

    • How long we retain your personal data and when we will delete it;

    • Your rights in relation to the processing of your personal data;

    • How we protect your personal data;

    • How you can contact us regarding any matters related to the processing of your personal data.

    This General Data Protection Policy applies in all cases where we process personal data. Our specific policies concerning particular categories of personal data apply in addition to this General Policy.

    We may update this General Data Protection Policy from time to time. In such cases, we will post a notice on our website along with the updated version of the policy.

    If you have any questions regarding this General Policy, please do not hesitate to contact us using one of the methods listed at the end of this document.

For the purposes of this General Policy:

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Sensitive personal data” includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, health data, or data concerning a person’s sex life or sexual orientation.

We do not process sensitive personal data unless it is necessary for compliance with our legal obligations — for example, those arising under labor or anti-discrimination laws. We kindly ask that you do not send or otherwise provide us with any sensitive personal data relating to you (or to anyone else), unless we have explicitly requested such data in writing and confirmed that we have the necessary consents and that all other legal requirements for processing such data have been met.

Data that cannot be linked or associated with an identified or identifiable natural person is not considered personal data.

II. CATEGORIES OF PERSONAL DATA WE PROCESS

The personal data we process may include:

  • Basic information, such as your name (including title), the organization you represent or work for, and your job title.

  • Contact information, such as your postal address, email address, telephone number, fax number, and Skype ID.

  • Financial information, such as your credit/debit card number or bank account details, in relation to a specific transaction or a series of related transactions.

  • Technical information, such as data generated through your use of our website or any integrated applications (e.g., apps, plugins), as well as information related to electronic materials and communications that we receive from you or send to you.

  • Information related to business meetings, such as details you provide in connection with your participation in business seminars, conferences, and other commercial events organized by us or by our affiliated businesses.

  • Other personal data that you have provided to us or that has been provided on your behalf, or that is generated in connection with the preparation and execution of an order you have placed with us — for example, order or payment history.

 

III. SOURCES AND METHODS OF COLLECTING PERSONAL DATA

  1. Personal data you provide to us directly

Some of the personal data we collect and process is provided directly by you (e.g., when you register on or use one of our operated websites, or when you contact us by phone or online in relation to a job opportunity, to request information about our products and services, or to inquire about the status of an order you have placed).

The personal data you provide directly may include:

  • Identification data, such as your name, date of birth, permanent address, shipping or mailing address, phone number, email address, password, and username (when creating a customer account on one of our websites that supports such functionality);

  • In some cases, personal data may also include your age, gender, interests, or membership in a professional organization;

  • Personal data contained in electronic communication you send us, such as the information included in an email addressed to us or to one of our employees or sales representatives;

  • Data generated by you in connection with placing and fulfilling orders through our websites or otherwise, such as order history, including the date of placement and/or acceptance of orders and their fulfillment status;

  • Financial information, such as your debit or credit card number or bank account details, in relation to the execution of a specific financial transaction or series of related transactions;

  • Data linked to your customer profile on the relevant website, such as data you enter when updating your profile or information about products you add to your shopping cart or wish list;

  • Data generated when using certain social plugins, such as Facebook’s “like” or “follow” buttons, which reflect your interaction with specific content we have published on our websites or social media pages;

  • Other data you provide at our request when we are legally obligated or entitled to collect such data for the purposes of identifying you or verifying information we have received.

In certain cases, where permitted by law, we may collect data relating to criminal convictions and offenses. For example, if the law requires us not to hire individuals for specific roles who have been convicted of certain crimes, we will process the relevant data to the extent necessary to fulfill our legal obligations.

2. Personal Data We Collect Automatically

Some of the personal data we process is collected automatically when you register on or use a website operated by us, in order to contact us or place an order. This information is provided by the devices you use (e.g., your personal or work computer, smartphone, tablet, etc.) to access our websites, social media pages, applications, or other online services. It may include your device ID or a unique identifier linked to your device or browser, location data, device type, or the browser you are using.

We collect data about how you interact with our websites and social media pages, such as location information and IP address. We use cookies and similar technologies, including pixel tags and web beacons, to collect statistical data that helps us better understand user behavior and measure the effectiveness of our online advertisements. This may include data on which of our websites you visited and which links you clicked on. For more information about the cookies we use and how to manage them, please refer to our Cookie Policy.

We do not engage in automated decision-making, including profiling, as a result of automated processing of personal data.

3. Personal Data We Collect from Other Sources

In addition to the data we collect directly from you or your device, we may also collect information from other sources. For example, in certain cases, we may obtain data related to your credit history or similar information from credit bureaus or licensed credit or financial institutions with whom you have or have had financial or business relations, where this is legally permitted.

Personal data provided by third parties may also include information contained in your public social media profile, which we may access when you choose to log into your customer account using a social network account such as Facebook or Google+. Please note that much of the information you post on your social media profiles—such as your public profile, location data, language, public posts, and comments—is publicly accessible, which entails certain privacy responsibilities and risks. You control what data is shared with us through the settings on the respective social media platform and the consents you grant regarding the processing of data stored by those platforms.

IV. PURPOSES FOR WHICH WE PROCESS PERSONAL DATA AND THE LEGAL BASIS FOR DOING SO

We collect, store, and otherwise process personal data to the extent permitted by law and in accordance with our internal data protection policies. We process personal data for a variety of business purposes, each based on a specific legal ground. Under applicable data protection law, we must have a legal basis for processing your personal data. Depending on the legal basis used, you have specific rights concerning your data. For more information about your rights, please refer to Section IX.

In particular, we process the personal data we collect based on the legal grounds outlined below and for one or more of the following purposes:

We process your personal data in connection with the conclusion and performance of a contract with you

We may collect and process your personal data for the purpose of entering into and fulfilling a contract with you, as well as when we take steps at your request prior to entering into such a contract. The main purposes for processing data on this basis include:

  • Identifying customers wishing to order or who have ordered our products or services, as well as potential or current suppliers and subcontractors;

  • Determining the legal ability to enter into a contract and any additional requirements for its validity, such as obtaining consent from third parties;

  • Preparing and communicating proposals for contracts, amendments, and draft agreements, including distance contracts;

  • Providing additional information and clarification on the characteristics and use of our products and services;

  • Fulfilling customer orders for products and services;

  • Issuing invoices, credit/debit notes, and delivery protocols for paid or free deliveries of goods and services;

  • Tracking payments made in relation to orders;

  • Communicating with clients, suppliers, and subcontractors on matters related to contract performance or amendments;

  • Providing written and oral technical advice and information, including safe and optimal use of our products and services;

  • Sending notifications, newsletters, or alerts concerning product recalls;

  • Fulfilling obligations under product warranties we issue;

  • Coordinating the execution of contracts with clients or subcontractors;

  • Conducting credit risk assessments, especially in cases involving deferred payment terms;

  • Reviewing and resolving complaints related to our products or services;

  • Detecting and preventing fraudulent activities or contract breaches by clients;

  • Preventing unauthorized disclosure, use, modification, or destruction of confidential or legally protected information;

  • Ensuring proper operation of our online stores and other digital sales and distribution platforms;

  • Registering customer accounts on websites we manage.

We process your personal data to fulfill legal obligations under EU and national legislation

In certain cases, we are legally required to process personal data, for example, due to our roles as an employer, and as a buyer or seller of goods and services. In this regard, we process personal data in order to comply with obligations arising from or related to:

  • Social security for employees, workers, and subcontractors, including obligations under national and EU laws on social and health insurance, as well as personal income taxation;

  • The sale of goods and services (including remote sales) to consumers, as regulated by consumer protection laws;

  • Customer identification requirements under anti-money laundering (AML) and counter-terrorism financing (CTF) legislation;

  • Lawful accounting and taxation of business transactions;

  • Obligations to cooperate with regulatory authorities during audits, inspections, or other legally mandated investigations;

  • Participation in legal proceedings, including the duty to provide data or information relevant to resolving a legal dispute when we are a party or third party to the case.

We May Collect and Process Your Personal Data Based on Your Consent

In certain cases, we will process your personal data only after obtaining your explicit consent. When you provide such consent, we may use your data for purposes such as:

  • Direct Marketing:
    We may use your data to promote our own products and services or those offered by affiliated entities. This marketing may include phone calls, letters, text messages, or emails. For example, if you subscribe to our newsletter or wish to receive promotional offers, we may ask you to provide your name, phone number, email address, and other relevant information.
    If at any time you no longer wish to receive promotional or marketing communications from us, you can inform us or simply follow the “unsubscribe” instructions included in each communication.
    We take steps to ensure that marketing communications are limited to a reasonable and proportionate amount, focusing only on content we believe may be of interest or relevance to you based on the information we have.

  • Participation in Surveys, Events, and Campaigns:
    With your consent, we may process your personal data to enable your participation in surveys, polls, commercial and non-commercial events, such as parties or promotional activities organized by us or our business affiliates.

  • Fulfilling Specific Legal or Contractual Obligations:
    We may process specific categories of personal data (e.g., health-related or other sensitive information) only where permitted by law and necessary for fulfilling our obligations to you under applicable law or a contract.

You may withdraw your consent for the processing of your personal data at any time. More details about this right are provided further below in this policy.

  • We May Process Your Personal Data Based on Our Legitimate Interests

    In some instances, we process personal data because we have a legitimate interest in doing so. These interests include:

    • Continuously improving and developing our products and services, including their features, design, and content;

    • Promoting and implementing innovative and enhanced safety measures for the use of our products and services, including those offered by affiliated entities;

    • Monitoring and analyzing our market performance;

    • Developing the skills of our employees and subcontractors to better serve clients in relevant markets;

    • Personalizing the products and services we offer to improve your overall satisfaction and experience with our brand;

    • Monitoring the technical status of our IT systems and digital resources, including online stores and websites, and addressing any issues related to their proper operation, security, or integrity.

V. COLLECTION AND PROCESSING OF CHILDREN’S PERSONAL DATA

We recognize the importance of taking additional measures to protect the personal data of children who use our products and services, including our websites. We do not knowingly collect personal data from children under the age of 16, or data related to children under 16, without parental consent or, where applicable, the consent of another legally authorized individual (such as a legal guardian).

We do not allow children under the age of 16 to create personal accounts on our websites or otherwise provide us with their personal data.

If we become aware that we have collected or processed personal data of a child without the legally required consent, we will take steps to delete that information without undue delay.

VI. WHEN WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES

With Data Processors Acting on Our Behalf
We may engage third-party service providers (subcontractors) to process your personal data on our behalf. These parties process data in accordance with our instructions and solely for the purposes outlined in this Privacy Policy. We do not permit these third parties to use your data for their own purposes, including direct marketing.

We require all third-party processors to comply with applicable data protection laws and to implement appropriate technical and organizational measures to safeguard personal data. The categories of such data recipients may include:

  • Accounting and auditing firms for the purpose of financial reporting, compliance with labor, tax, and social security obligations;

  • Providers of information society services, including hosting and IT service providers who support the maintenance, security, and development of our IT infrastructure;

  • Licensed postal operators, shipping, and courier companies for product delivery purposes;

  • Licensed payment service providers to process transactions to or from you;

  • Licensed private security firms for ensuring access control and security at premises we own or lawfully use.

With Government Authorities
We may disclose your personal data to government bodies and regulatory authorities when required by law. These may include courts or administrative bodies with regulatory, oversight, or enforcement powers (e.g. Consumer Protection Commission, Data Protection Commission, Competition Protection Commission, and other legally authorized entities).

To Protect Our Legitimate Interests
In certain situations, we may disclose your personal data to protect our legitimate interests, such as:

  • To our legal advisors or attorneys in connection with obtaining legal advice or preparing for current or potential legal proceedings, including mediation or other alternative dispute resolution processes;

  • To third parties acquiring part or all of our business or assets as a result of a corporate restructuring (e.g. merger, acquisition) or by decision of a competent authority.

To Third Parties with Your Explicit Consent
We may also share your personal data with third parties when you have given us your explicit consent—for example, with companies that may provide you with information or offers about their own products and services.

VII. HOW LONG WE RETAIN YOUR PERSONAL DATA AND WHEN WE DELETE IT

We retain your personal data for as long as necessary or permitted in light of the purposes for which it is being processed. Once these purposes have been fulfilled or the legal basis for processing no longer applies (e.g. if consent is withdrawn), we will delete the data without undue delay.

The criteria we use to determine the appropriate retention period include:
(a) the duration of our business relationship and service provision;
(b) legal retention periods set out in applicable laws; and
(c) the timeframes during which the data may be necessary for the exercise or defense of our legal rights, including statutory limitation periods.

For example, we retain personal data included in our accounting records for the periods specified in the Bulgarian Accounting Act.

VIII. HOW WE PROTECT YOUR PERSONAL DATA

We implement appropriate technical and organizational measures to safeguard your personal data from unauthorized access, alteration, or deletion. These measures include:

  • Internal policies aimed at preventing unauthorized access to our systems and facilities where personal data is stored;

  • Confidentiality obligations for employees, subcontractors, and service providers;

  • Engaging only those data processors that comply with applicable laws and provide sufficient guarantees regarding the implementation of adequate data protection and security measures.

IX. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

While we are processing your personal data, you have the following rights, in accordance with the General Data Protection Regulation (GDPR):

You can exercise your rights by sending a signed request (preferably with a handwritten or qualified electronic signature) via email or letter to our Data Protection Officer. If you cannot sign the request as recommended, we may ask for additional information to verify your identity.

We will respond to your request free of charge and without undue delay. If we receive repetitive requests, we may charge a fee based on administrative costs or decline to act on the request.

RIGHT OF ACCESS AND INFORMATION

You have the right to request and obtain:

  • Information about the purposes of processing, categories of data, recipients or categories of recipients, and data sources;

  • A copy of the personal data we process, in electronic or other suitable format.

RIGHT TO RECTIFICATION

If you discover that your personal data is inaccurate or incomplete, you have the right to request correction or completion.

RIGHT TO OBJECT

When we process your personal data based on our legitimate interest, you have the right to object. We will stop the processing and delete your data unless we demonstrate compelling legitimate grounds that override your rights, or the processing is necessary for legal claims.
You may also object at any time to the use of your data for marketing purposes, in which case we will cease such processing immediately.

RIGHT TO RESTRICTION OF PROCESSING

You may request that we restrict processing when:

  • You contest the accuracy of the data (while we verify it);

  • Processing is unlawful, but you prefer restriction instead of deletion;

  • We no longer need the data, but you require it for legal claims;

  • You have objected to processing based on legitimate interest, pending our assessment of whether we have overriding grounds.

RIGHT TO ERASURE (“RIGHT TO BE FORGOTTEN”)

You have the right to request that we erase your personal data without undue delay when:

  • The data is no longer necessary for the purposes for which it was collected;

  • You withdraw consent (where processing was based on it) and there is no other legal ground;

  • You object and there are no overriding legitimate grounds for processing;

  • The data was unlawfully processed;

  • The data must be deleted to comply with legal obligations;

  • The data was collected in connection with the provision of information society services to a child.

We may be unable to fulfill your request in cases where processing is required for:

  • Exercising the right to freedom of expression and information;

  • Compliance with legal obligations;

  • Establishment, exercise, or defense of legal claims.

RIGHT TO WITHDRAW CONSENT

Where processing is based on your consent, you may withdraw it at any time, and we will stop processing your data going forward.

RIGHT TO DATA PORTABILITY

If we process your data based on your consent or a contract, and provided it does not infringe on the rights of others, you have the right to receive the data in a structured, commonly used, and machine-readable format, or request that we transfer it to another controller (where technically feasible).

RIGHT TO LODGE A COMPLAINT

If you believe your data is being processed unlawfully, you have the right to lodge a complaint with a supervisory authority—either in your country of residence or with the competent authority for us.

The competent authority in the Republic of Bulgaria is:

Commission for Personal Data Protection
2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Phone: +359 2 915 3518
Email: [email protected]

X. HOW TO CONTACT US

For any questions related to the processing of your personal data or the exercise of your rights, you can contact our Data Protection Officer using one of the following methods:

  • By email: Send an electronic message to [email protected]

  • By post: Send correspondence to the following address:
    111B Tsarigradsko Shose Blvd., 1st floor, Sofia 1784, Bulgaria

Scroll to Top