свали
мобилното приложение
PRIVACY POLICY
Last updated: 21st of of May 2025
We, “Philly Vibe” AD, in the capacity of owner and operator of the web site www.pizzalab.bg (the “”Website”or “”the Site”) and the mobile application “PizzaLab Family” (“The Application”) respect the privacy of your personal information and, as such, make every effort to ensure your information is protected and remains private.
This Privacy Policy describes the basic principles and principles for the collection, processing and use of your personal data, the purposes for which we use the data, the ways in which the data is processed, and your rights in relation to your personal data in order to exercise them in accordance with the requirements of the General Data Protection Regulation.
Please read this Policy carefully before providing us with your personal data.
We are keeping the right to change this Privacy Policy regularly as we shall notify you of by posting the revised Privacy Policy on the Website and in our Application. The changes shall be effective on the “Last Updated” date indicated at the beginning of this Privacy Policy. We encourage you to periodically review the Privacy Policy for the updated information about our data protection practices.
DATA PROCESSOR DETAILS:
Name: “PHILLY VIBE” AD
UIC: 203418843
Head address of the company: Sofia, 115 z Tzarigradsko shousse Blvd., the Mall, level 2, Pizza Lab
National call center: 070042888
Email: dpo@pizzalab.bg
With reference to Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (“General Data Protection Regulation” or “GDPR”), “Philly Vibe” AD has the capacity of PROCESSOR of the data of its customers and buyers of its products, and other individuals whose data is being processed and stored by the Company through using the web site https://pizzalab.bg and mobile application “PIZZALAB FAMILY”, including data of users/buyers of products ordered through the site or application; data of all contractors of the company; data of visitors of the site or application; data of subjects who create and store profiles on the site or in the mobile application; data of persons using free Internet, and other individuals whose data the company processes and stores in relation with the services it provides.
“Philly Vibe” AD keeps registers related to the subjects’ data which is processed and stored within appropriate deadlines.
The Company has developed appropriate policies and internal rules and has undertaken the necessary technical and organizational measures to guarantee the protection of data of its customers, employees, contractors and other individuals- data subjects.
DEFINITIONS
“Personal data” is any information which directly identifies or is capable of identifying an individual.
For the purposes of this Privacy Policy, “Your Information” or “Personal Data” means information about you, which may include personal information and/or financial information and would allow us to determine the actual identity of an individual – for example, name, email address, telephone, postal address.
“Data subject” is an individual who can be identified directly or indirectly by an identification /such as name, address, date of birth, identification number, location data, online identification/.
“Controller” means the legal entity which determines the purposes of collecting the data alone or together with another legal entity. Under the rules of the GDPR it is the legal entity “Philly Vibe” AD.
“Processing of personal data” means any operation or operations performed upon personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
“Processor” means a natural or legal person processing personal data of data subjects on behalf of and under the authority of the Data Controller.
"Account" or “Profile” means a unique account created for You to access our Service or parts of our Service.
"Cookies" are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
“Service" means any of the services included in the content of the website or mobile application regarding ordering, transportation and distribution of foods, available through the application or website of "Philly Vibe" AD.
“Web site” is the site www.pizzalab.bg
“Application” means the application “PizzaLab Family”
“Device" means any device that can access the Service such as a computer, a cellphone or a digital tablet.
"Service supplier" means a natural or legal person who processes data on behalf of the Controller to facilitate the Service or deliver the products.
For the purpose of the Policy the Suppliers are considered as Data Processors according to the GDPR.
“Customer” or “Client” means physical person who has an access to or use the Service. According to the GDPR you as “customer” or “client” could be named as a personal data subject as you are the person who is using the Service.
GROUNDS FOR PROCESSING PERSONAL DATA
„Philly Vibe“ AD complies with the GDPR (Regulation (EU) 2016/679) and shall process data of data subjects only under the terms and conditions enlisted in the GDPR.
According to GDPR the grounds for data processing are:
The consent is used when subscribing to a newsletter (for direct marketing purposes); when contacting the company via the email address announced on the Site or Application; when creating a profile by the Client.
The Company processes personal data on this basis when ordering products advertised on the Site or the Application, through the Site itself or when using the Application.
TYPES OF DATA WE ARE COLLECTING
While using our Service on the Site or Application, we may ask you to provide us with certain personal information that can be used as to contact you or to identify you. Personal information may include:
• Email address
• First and last name
• Phone number
• Address - zip code, city, street, etc.
• Information about Customer`s activity when using the Services - This may include information about your device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data. When you access the Service via a mobile device, we may automatically collect certain information, including, but not limited to any type of mobile device you use, the unique identifier of your mobile device, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, unique device identifiers and other diagnostic data. We may also collect information that your browser sends when you visit our Service or when you access the Service via a mobile device.
The customer`s activity on the Website, including personal data, is recorded in system logs (a special computer program used to store a chronological record containing information about events and activities related to the IT system used to provide services by the Administrator). The information collected in the logs is processed primarily for purposes related to the provision of services. The Processor also processes it for technical and administrative purposes, in order to ensure the security of the IT system and manage this system - in this regard, the legal basis for the processing is the legitimate interest of the Processor.
Special categories of personal data, such as health data, genetic data, etc. are not processed. It`s a customer` s decision, given his health condition, which product to use, as the company has indicated allergens and ingredients of the relevant products in order to enable the customer to make his own assessment of the product selection.
In the process of making orders, we may also request about the payment method you have chosen. If you have chosen to pay by bank card, please note that we work with MyPOS, where you must provide information about your bank card - number, validity, issuer, cardholder name, etc. This data is processed and stored in MyPOS, we do not store bank card data and such data is not kept in the Customer's profile. Please read the Privacy Policy of MyPOS, which we have an agreement with: https://merchant.mypos.com/bg-bg/terms-conditions/doc:PP?_gl=1*1v2ndu1*_up*MQ..*_gs*MQ..&gbraid=0AAAAADPa-BIYSWZruArskzoBokFaZG3V1.
When placing an order by phone through our Call Center, we collect data about you - names, contact phone number and delivery address, as well as voice data. All calls to the call center are recorded and stored for a period of up to 1 year from the date of the call for the purpose of fulfilling your order. If you do not want to be recorded, please end the calls or do not accept them, in which case your order will probably not be fulfilled.
We are not collecting the personal information about children under the age of 13. If we find out that we have personal information about a child under the age of 13, we will delete that information from our servers. We encourage parents to search online with their children.
Purposes of using personal data
The provision of personal data is carried out in connection with any of the following situations:
CREATING OF PROFILES/ ACCOUNTS
The Customer may create an account through which to place orders for the Administrator's products. For this purpose, the Customer shall enter his/her email address, name and telephone number as mandatory information. The remaining information is recommendable and not necessary for creating the account.
If the Customer uses Apple or Facebook login, he can hide his real e-mail.
If the Customer requires delivery service, then he must add an address to his profile when making an order.
The security of the information in the accounts is important to us. The information about your account/profile is protected by a password for your privacy and security. In order to protect against unauthorized access, after ordering, you must log out of the account and not use the screen sharing option when the account is opened on a computer. However, no shopping through accounts on the Internet or method of electronic storage is 100% secure. If you have any questions about the security of your account, please inform us at the contacts specified in this Privacy Policy.
When you delete your account, we delete your data, except in the cases where the law requires this.
Payment methods and protection
For the purposes of payment by bank card, we use the services of an external secure payment processing company - MyPOS, to receive payments. We do not receive, store, share or use your payment information for any purpose.
When placing an order through their profile, the Customers can enter a bank account, and payment is made through the MyPOS online payment system. In this case, the Pizza Lab Site directly redirects to the MyPOS site, where the Customers enters their card details, and then the data is sent directly to the bank that serves the Processor.
After entering the card details, the checks specified by the servicing bank are undertaken and depending on the configuration and the results of the checks, the operation may be terminated with an appropriate message or a commercial password may be requested to continue. This is monitored by the MyPOS system.
For the purpose of avoiding violations please do not enter card details on an insecure website that resembles the official Pizza Lab website, as it may expose your financial data to hackers.
WHO WE SHARING YOUR DATA WITH:
When you place an order on our Site or through the Application PizzaLab Family, we transfer your data to Glovo and a Glovo courier delivers your order to the address you provided.
• With organizations providing us with services that help us improve the safety and security of applications and services, such as: IT system and IT service providers, providers responsible for providing web hosting, cloud storage providers - for information maintenance and security of IT systems. The data that information maintenance employees have access to is encrypted, but in case of need or threat to data security, certain data may be provided in order to prevent damage or violations.
• With professional service providers such as accountants, consultants, lawyers, advertising and marketing partners and others.
• With payment processing and intermediary platforms, including MyPOS.
We have agreements with the above persons and all these are Processors of your personal data.
• Upon request by a government authority or institution to fulfill legal obligations or to comply with certain legal regulations, or for the purposes of filing claims and lawsuits or detecting crimes;
• We may disclose your personal information for any other purpose with your consent.
When we share your data with third parties, the data shared will be limited to what is required by the third party to ensure the necessary processing.
We have to warn you that when you share personal information or otherwise interact in public areas with other users, this information can be visible by all users and may be publicly distributed outside them, for which “Philly Vibe” AD as the Personal Data processor is not responsible.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We store your personal information for as long as necessary to achieve our goals. When placing an order, your data is kept until the order is fulfilled, unless you have given us consent your data to be used for marketing purposes (for the purposes of sending a newsletter, promotional offers, participation in advertising campaigns, etc.).
Data provided on the basis of your consent is kept until the relevant consent is withdrawn.
Profile data is kept until you delete the profile.
Please note that the processor is obliged to keep certain data according to the deadlines established by law - for example, in accounting operations.
SOCIAL MEDIA
As the Processor uses channels, pages, and accounts on some social media we inform that media is public and any content you post to such social media platforms is subject to the applicable social media platform’s terms of use and privacy policies.
Any information or content that you voluntarily publish on a social media becomes public and controlled by the applicable privacy settings you have set on the social media. Once you have shared any user content or made it public, that content may be reshared by others. If you remove information that you have posted on a social media sharing service, copies may still remain visible in cached and archived pages or if other users or third parties using the social media sharing service re share, copy or save that User Content.
If you post messages, any content on such social media platforms is subject to the relevant terms of use and privacy policies of the relevant social media platform. We recommend that you carefully review the information in these Privacy Policies to better understand your rights and obligations regarding such content, as well as for more information about how they process the data you provide to them or share through them:
The website www.pizzalab.bg contains references to Facebook, Instagram, Youtube. If you use Facebook, please note that the controller of personal data for users outside the United States or Canada is Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Facebook's privacy policy is published at https://facebook.com/about/privacy.
YouTube is owned by YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA and is a subsidiary of Google Inc. YouTube's privacy policy can be found at https://www.google.com/intl/bg/policies/privacy/.
If you use Instagram, you can find more information about data protection at https://help.instagram.com/155833707900388 and https://www.instagram.com/about/legal/privacy. Instagram is owned by Instagram LLC, 1 Hacker Way 14, Menlo Park, California, USA.
COOKIES AND SIMILAR TECHNOLOGIES
Cookies are small text files installed on the device of that user who is checking the web site. The cookies collect information which makes the use of the web site easier as for example to remember the user's visits to the website and the activities performed by the respective user. A detailed description of the cookies used on the website is available in the cookie management tool (link available at the bottom of the website in "Cookie Settings").
Below is a general description of the categories of these tools that we use on the website.
a) ESSENTIAL COOKIES - The Processor uses so-called necessary cookies primarily to provide services electronically and to improve the quality of these services. The use of essential cookies on our part is necessary for the proper functioning of the website. These files are installed in particular to remember login sessions or form filling, as well as for purposes related to setting privacy options;
b) ANALYTICAL COOKIES - analytical cookies allow us to check the number of visits and sources of traffic to our website. They help us understand which pages are more and less popular and how users navigate the page. This allows us to study statistics and improve the performance of our website. The information these cookies collect is aggregated, so it is not intended to identify you. If you do not allow these cookies, we will not know when you have visited our website;
c) FUNCTIONAL COOKIES - functional cookies remember and adapt the Website to the User's choices, such as language preferences. If you do not allow these cookies, we will not be able to analyze your choices and adapt the Website accordingly.
d) MARKETING - ADVERTISING COOKIES - marketing and advertising cookies allow you to adjust the displayed advertising content according to your interests, not only on the Website, but also outside it. They may be installed by advertising partners through our website. Based on the information from these cookies and your activity on other websites, your interest profile is built. Marketing and advertising cookies do not store your personal data directly, but identify your internet browser and hardware. If you do not allow these cookies, we will still be able to show you advertisements, but they will not be tailored to your preferences.
e) MARKETING - SOCIAL MEDIA COOKIES - Social media cookies are installed by our partners to adjust the advertising content shown to users on their social media. Information about users from these cookies and activities on other websites or social media is used to build an interest profile, which ensures that the content shown is tailored to the needs of users. If you do not allow the use of these cookies, we will not be able to allow you to like and share the content of our website on social media.
TECHNICAL AND ORGANIZATIONAL MEASURES
The Processor has taken a wide range of technical and organizational measures to protect your personal data against loss or other forms of unlawful processing.
Your personal data (those of them that are necessary) are only accessible to employees or subcontractors (and their employees) who need access to them to perform their duties arising from our relationship with you. These persons are trained in how to process your personal data and have undertaken to do so in strict compliance with the Processor`s policy, standards and instructions regarding the protection of personal data.
OTHER RISKS IN ONLINE ORDERS
When ordering through the site and profile, please keep in mind that cybercriminals can create fake websites that look identical to legitimate ones, but mislead the user into entering their card details or other sensitive information.
In this regard, we recommend that you be careful with addresses that look slightly different from the real website, poor design, grammatical errors and low-quality images, etc.
Please note that there are also risks associated with public Wi-Fi, for example at the airport, coffee shops, etc. Public networks often lack proper security, making it easier for hackers to intercept personal and financial information.
It is recommended to use strong and unique passwords that you change frequently.
It is recommended to monitor your bank statements. Regularly check your transactions for unauthorized purchases and immediately report suspicious activity to your bank.
Limit the personal information you share with others. If a website asks for excessive details of unnecessary personal data, you do not need to provide it.
Please note that despite the measures we have taken to protect your data.
DATA SUBJECTS RIGHTS
Upon each data processing “Philly Vibe” AD provides to the subjects clear and detailed messages (under the form of Privacy Declarations) which contain information regarding what purpose, for what term and in what way the Company collects and processes their personal data; all details of the data processor and the Data protection officer; contact details of the processor; other recipients to whom personal data is revealed; the rights of the subjects and the practical means for their exercise. It is stated that the data shall be collected for specific and legal purposes and shall not be processed by means which are incompatible with these reasons.
„Philly Vibe” AD complies with the rights of data subjects, enlisted in GDPR regarding personal data protection and precisely: right of information- during the individuals’(data subjects) data collection they have to be explicitly informed at least of: who the data processor shall be; for what purpose shall their data be used; categories of personal date; legal grounds of their data processing; for how long shall the data be kept; who else can obtain them; whether their data shall be transferred to a recipient outside EU; the data subjects have to be informed of their right to obtain a copy of the data (personal data access right); right to correct the data; right to delete (right to be forgotten); right of objection before the controller, right of the subjects to file a complaint with the Supervising authority (the Commission for personal data protection) when they consider that their rights are violated; right to withdraw their consent at any time; right to object against direct marketing.
Way of exercising the data subjects’ rights:
The requests should be prepared in written/electronic variant, in a free form (you can use blanks from the controller) and addressed to the Data Protection Officer on the contact details of the controller – on the registered address of the company, by e-mail or by security post at the postal address. The request shall include all details of the data subject, type of data processed and any other information which can assist the controller to locate and identify your personal data. The DPO may request additional information in order to specify the data or the processed activities to which the request is addressed. The controller provides response to the request within a term of 1 (one) month starting from the receipt date. Please note that the controller has the right to decline the request in certain occasions (for example, if it is not clear for which data the access is required or if it is not clear who filed the request, as well as when it is a matter of national and public interest) as in all cases the controller has to motivate the refusal. In the event of refusal you have the right to file a complaint with the Supervising authority for data protection.
Upon request for deletion, the Controller is obliged to erase the data immediately, unless it is necessary to store the data for a legally prescribed period or this is necessary for compliance with a legal obligation by the controller, for the performance of a task carried out in the public interest or for the establishment, exercise or defence of legal claims. The controller shall notify all personal data processors of the request for erasure, but since each of the companies we work with follows its own privacy policies, the request should also be addressed to them.
If you choose the option to delete your profile, you will be notified that this will delete the personal data you provided to „Philly Vibe” AD and you will have the option to click YES or NO. After clicking YES, the profile will be deleted. In such case, this information is sent to the personal data processors to delete the data (for example, Glovo).
You have the right to lodge a complaint against the processing of personal data or failure to comply with the rights of the subjects in relation to the protection of personal data with the competent supervisory authority.
Contacts of the supervisory authority: Commission for Personal Data Protection, address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd. (www.cpdp.bg). )
In the event of personal data breach, “Philly Vibe” AD shall make a specific risk assessment and in specified by GDPR cases shall inform of the breach the Commission for personal data protection, as well as the data subject.
Contact with us
If you have any questions regarding the collection of data including your data rights, please contact us on any of the provided contact details as we could ask you first to identify yourself.
Contact of Data protection officer: dpo@pizzalab.bg, registered address: City of Sofia, Blvd. Tsarigradsko Shose № 115z, The Mall, level 2, Pizza Lab.
свали
мобилното приложение