The protection of the personal data and the protection of the personal and financial information of our clients are our top priority. That is why we process your information exclusively on the basis of the applicable legislation, in particular REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (better known as GDPR), the Personal Data Protection Act (PDPA) and the Electronic Commerce Act (ECA). is owned by Canella 2011 LTD, which provides the service – delivery of food to an address or on-site. We take delivery orders by phone and online. We shall use the web-based platform Fast Menu for orders placed online.
is a company entered in the Commercial Register at the Registry Agency. The services we provide you with require the processing of your personal data by s CONTROLLER, subject to the terms and requirements for the measure for personal data protection under GDPR. shall be responsible for the processing of your personal data.
As our customers, you can place a delivery order over the phone, in which case we shall collect the following personal data:
As our clients, you have to create a user profile containing the following personal data, namely:
also creates the following types of data in the process of providing its commercial services, namely: user profile /username and password/, cookies and Google Analytics, functionality and performance cookies, essential cookies, as detailed in the Cookie Policy.
shall process your personal data on the basis of Article 6, paragraph 1, letter “a”, letter “b”, letter “c” and letter “f” of GDPR, namely:
А/ For the purpose of concluding or executing a contract for the delivery of the dishes offered by :
B/ In fulfillment of its legal obligations, shall process your data for the following purposes:
For the purposes of the legitimate interests of :
D/ For marketing purposes:
does not provide services to people under the age of 18. A person under the age of 18 may use our services only with the assistance of an adult who acts as a representative of the minor/juvenile. In the event that Raffy Bar & Gelato - receives information that it has collected personal data from a person under the age of 18, they are to be erased immediately unless the law obliges -- to store such data. If you believe that we have mistakenly or unknowingly collected information from a person under the age of 18, please contact us on: получи информация, че е събрал лични данни от лице под 18-годишна възраст, то същите незабавно се изтриват, освен ако закон не задължава нас да съхраняваме такива данни. Моля, свържете се с нас, ако смятате, че погрешно или несъзнателно сме събрали информация от лице на възраст под 18 години, на следните контакти:
shall process only data provided by you – our clients. This means that you are responsible not to provide data of third parties in violation of their rights to personal data protection, because does not have access to these persons and has no practical ability to control whether the clients provide us with data of third parties with their knowledge and consent given in accordance with the legal requirements.
Therefore, every data subject bears full personal responsibility if he/she provides us with data of a third party without his/her knowledge or without obtaining his/her consent in compliance with the requirements of the applicable data protection legislation, including with regard to names, phone numbers and addresses of the recipients of the shipments provided to us by a client.
The data we collect from you shall be stored within the European Economic Area (EEA) in compliance with the national and European legislation, and in particular with REGULATION (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (better known as GDPR).
shall not provide your personal data to third parties without legal or contractual grounds, and it shall not distribute data to third countries and international organisations outside the EU and EEA. shall use the FAST MENU web-based platform to fulfill tour orders. The transfer of your data to FAST MENU and/or to other processors shall be made solely for the purpose of providing the service/delivery of your choosing, for marketing campaigns aimed at enhancing the quality of the services provided to you and/or for the purpose of fulfilling legal obligations of namely:
After the fulfillment of a particular delivery and/or service or after have given your consent, your personal data shall be stored for the following periods:
The destruction of personal data shall be carried out in compliance with a written procedure for that, according to the internal documents of
has implemented a wide range of technical and organisational measures for protection of your personal data against loss or other forms of unlawful processing in accordance with Article 32 of GDPR. The personal data are accessible only to those persons who need access in order to perform their work in connection with the fulfillment of our deliveries and/or services. These persons have been trained and authorised accordingly. The FAST MENU web-based platform, via which processes your orders, encrypts the information.
ou are entitled to request at any time information about your personal data we store, the basis, the purposes, the periods of processing and storage, whether they have been provided to a processor or they have been destroyed, etc.
You have the right to rectification of your personal data if they are incorrect, including the supplementation of incomplete personal data.
You have the right to erasure of all personal data processed by and its processors at any time unless the processing is necessary for at least one of the following purposes, namely:
a) exercising the right of freedom of expression and information;
b) for compliance with a legal obligation which requires processing by Union or Member State law to which and/or its processors are subject;
c) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing or
d) establishing, exercising or defending legal claims.
You have the right to request from - to restrict the processing of your personal data under the following circumstances:
a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims;
d) the data subject has objected to processing pursuant to Article 21, paragraph 1 of GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.
When processes your personal data by automated means on the basis of your consent or on the basis of a contract, you have the right to receive a copy of your data in a structured, commonly used and machine-readable format transmitted to you or to another party. This includes only the personal data you have provided us with.
You have the right to object to the processing of your personal data on the basis of a legitimate interest of We shall no longer process your personal data unless demonstrated that there are compelling legitimate grounds for that, which override your interests and rights, or due to legal claims.
When the personal data breach is likely to result in a high risk to your rights and freedoms, shall communicate the personal data breach to the data subject without undue delay describing the nature of the personal data breach and indicating at least:
The above information shall not be sent in the event of a security breach if - has met any of the following conditions:
a) it has implemented appropriate technical and organisational protection measures, and those measures were applied to the personal data affected by the personal data breach, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption or
b) it has taken subsequent measures which ensure that the high risk to the rights and freedoms of data subjects referred to above is no longer likely to materialize, or
c) the communication would involve disproportionate effort.
In the last hypothesis shall post a message on its website whereby the data subjects are informed in an equally effective manner.
We take the protection of personal data very seriously, and therefore, we have a customer service team that handles your requests in relation to the above rights. You may always contact them on: Please note that where your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may:
1. charge a fee taking into account the administrative costs of providing the information or communication or taking the action requested,
2. or refuse to act on the request.
We shall make reasonable efforts to uphold your request within 30 days of receiving your application. That period may be extended by two further months, where necessary, taking into account the complexity and number of the requests.
You may withdraw your consent to the processing of your personal data at any time only for those purposes and that type of personal data which are necessary for the achievement of the specific purposes, we process on the basis of Article 6, paragraph 1, letter “a” of GDPR, as detailed in Section III and IV of this Policy, as well as in the Cookie Policy.
If you wish to withdraw your consent to the processing of the following personal data, namely: email for sending commercial and promotional messages, information materials, surveys, etc., as well as cookies and Google Analytics, cookies for functionality and efficiency, Essential Cookies, you may sent one to .
If you consider that we have infringed your rights with regard to your personal data and that there is a risk of breaching the security of your personal data, you may report that on:
Exercising the above rights shall not deprive you of the right to lodge a complaint. You may lodge a complaint with the Bulgarian supervisory authority – the Commission for Personal Data Protection. You can find more information at: www.cpdp.bg.