Bulgaria
Contact us 02/974 0220
Call us
Live chat
Online ordering

Privacy policy

VERSION OF: NOVEMBER 2020

1. ABOUT US

1.1. This Privacy Policy (the “Privacy Policy” or the “Policy”) explains the manner in which we, EDENRED Bulgaria AD, a joint stock company, organised and existing under the laws of Bulgaria, Unified Identification Code (UIC) 130526402, having its registered seat and address of management at 1784, Sofia, Bulgaria, 137, Tsarigradsko Shausse Blvd, 3rd floor, acting on the territory of the Republic of Bulgaria as an Agent of PPS EU for the provision and/or distribution of certain Regulated Services associated with the Programme, where necessary (hereinafter referred to as “Edenred”, the “Company” or “we” or “us”), process personal data regarding the usage of MyEdenred, a web platform (also referred to as the Platform), where Cardholders of Edenred Mastercard Giftcard can register and manage their Card/s. 

1.2. We invite you to carefully read this Privacy Policy in order to be properly informed about the way we, as personal data operators, process your data and we respect your rights as data subjects.

1.3. All capitalised terms used in this Privacy Policy have the meaning, as defined in Section 2 of the Terms and Conditions (“T&C”) for the use of the Edenred Platform available on the Edenred’s web page. In addition, any terms used in this Policy that coincide with the terms set out in the Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the General Data Protection Regulation, the “GDPR”). Will have the meaning attributed to them in the GDPR.

YOUR ACCESS TO AND USE OF THE SERVICES ON THE EDENRED PLATFORM REPRESENT YOUR FULL AND UNCONDITIONAL ACCEPTANCE TO AND COMPLIANCE WITH THIS PRIVACY POLICY. IF YOU DO NOT CONSENT WITH THIS THIS POLICY, OR, AS APPLICABLE, THE UPDATED PROVISIONS OF THIS POLICY, PLEASE STOP USING THE SERVICES IMMEDIATELY.

In any case, upon using the Edenred Platform and Edenred Services in accordance with this Policy and by providing with and giving access to your personal data to the Company, its affiliated companies, companies and entities from the Edenred group or other enterprises, agencies or providers of Edenred for the purposes of optimal use and quality of the Edenred Services, the granting of your consent, as a data subject and User/Cardholder, for the processing of your personal data will mean your freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of the personal data relating to you.

For any of your or Edenred’s rights and obligations concerning personal data processing on the Edenred Platform, not expressly covered by this Policy, the mandatory legal provisions of the GDPR and the Bulgarian laws will apply accordingly.

2. WHAT INFORMATION DO WE COLLECT ABOUT YOU?

2.1. If you are a Cardholder of Cards containing E-money issued by us, we will process the personal data required by the legislation in force in order to issue these Cards, respectively information regarding your Card (activation code, serial number, PAN, account number, Card’s date of issuance and expiry, Card’s balance), information regarding the transactions that you performed with the Card, with the Partner Retailers, where you used the Card, as well as any other data categories that you directly supply in the context of creating a User account or in any other manner that results from using the Edenred Websites listed under point 2.3. This data may, among others, include names, address/es, email, Username, Password, phone number/s. We will also process any other personal data that you will directly provide (by mail, in writing or by phone).

For verification and security purposes, such as the application of Strong Customer Authentication measures, we are required to collect certain personal information from you including your mobile phone number. We will pass this data to our third party service providers as required for the administration of Strong Customer Authentication measures.

2.2. If you are a Cardholder of Cards containing E-money, additional to the data mentioned under point 2.1 above, when the legislation imposes measures for preventing money laundering and fighting terrorism, we may collect and process additional personal data, such as, non-exhaustively: date and place of birth, citizenship, official personal identification number, additionally requested documents, etc.

2.3. If you visit www.edenred.bg , my.edenred.bg, we will process your personal data that you provide to use directly in the context of using these or other websites or Edenred Apps, part of the Edenred Platform. At the same time, we process the data generated by accessing and using the Edenred Platform (information about the device being used - computer, phone, tablet - log information, like IP address, searches, type of browser and language used, hardware settings, date and hour of the request), including the data regarding your preferences or other data collected by means of technologies for analysing the activities of the Users on the internet pages (such as cookies; please read and consent also to our Cookies Policy).  

2.4. For a better quality of the Services provided, on the Edenred Apps, we will process the history of the transactions carried out, which we will display for a better management of the expenses, Card balance, as well as the PIN code, which we can provide after proceeding with a security procedure.

In order to ensure the functionality of the Edenred Apps, we will process the data regarding the device used (hardware) and the operation system, the journal information, as well as the IP address, the date and hour of using the Edenred Apps, including data on your preferences regarding marketing communications.

2.5. On the Edenred Platform no data will be collected and disclosed on the race or ethnicity, political, religious, philosophical or other such beliefs, union membership or personal data concerning the health or sexual life of Users, any genetic or biometric data.

3. WHAT IS PERSONAL DATA USED FOR AND WHAT ARE THE GROUNDS FOR THE PROCESSING?

3.1. If you are a Cardholder of Cards containing E-money, we will process your personal data in the following manner: 

a) for the processing of your requests related to accessing/using our products

Grounds: The processing of your data for this purpose is based on the contract concluded between a Client and Edenred, as well as on the statutory legal provisions in force. The refusal to provide contact data (email or phone) means that we will not be able to inform you about the amounts debited on your Card. However, this will not limit your use of the functionality of our products. 

b) analyses and statistics regarding the use of our products

Grounds: We are committed to the constant improvement of the quality of our products and Services. Based on our legitimate interest, we use the data that we collect from you or other data that we generate/derive from you or which results from using our products for various statistics, analyses or studies. When we carry out statistical analyses on the use of our products and Services, the analysed data is strictly protected, and the aggregate results are used internally or they can be communicated to the Partner Retailers based on an existing contractual relationship in this regard, without allowing the identification of the data subjects and by observing the applicable legal requirements.

c) in order to send you messages aiming to improve our Services (surveys or questionnaires)

Grounds: Because we want you to have an interaction as good as possible with our products and Services, based on our legitimate interest, we will use your data (email and phone), collected from you as a User of our products or obtained in any other context, which you made available to representatives of our Company, in order to have your opinion about the quality of our products. We will never ask more than your feedback regarding the use of our products and we will use your answers to make our products and Services easier and more efficient to use.

d) direct marketing and other commercial communications

Grounds: We will send these communications if we have your approval. We would like to keep you informed about the news in terms of legislation at the base of Edenred solutions and Services, regarding our products and those of our partners. We will be able to send promotional materials in order to inform you about our products and those of our partners. Additionally, we will be able to send invitations to attend events, participate at promotions or campaigns carried out by Edenred independently or in collaboration with one or several of our partners in order to communicate other similar information that we consider to be of interest to you. Data provision for this purpose is voluntary. The refusal to provide the data for this purpose will not limit your use of the Services.

е) to fulfil legal obligations

Grounds: We have certain legal obligations that involve the processing of personal data, such as:

i)  for certain products, we have specific obligations related to preventing and fighting money laundering and financing terrorism, and that is why we will carry out activities in order to get to know our Clients and Users and any other operations required by law;

ii)  payment of the taxes and of the relevant charges, reporting to the relevant fiscal authorities and maintaining accounting books (e.g., when you participate in a competition organized by us and you win prizes subject to taxes);

iii) archiving the data according to the legislation in force;

f) in order to ascertain, exercise or defend a right during a procedure before a court of law, arbitration court, of an administrative procedure or any other official procedures in which Edenred is involved, as well as to settle your requests, claims and complaints.

Grounds: The processing of your data for this purpose is based on our legitimate interest to defend our rights and interests.

3.2. If you access the Edenred Websites (www.edenred.bg, my.edenred.bg) or if you are a User of the Edenred Apps, we process your personal data in the following manner:

a) for the marketing activities, respectively in order to send, through means of distance communication (e.g., email), commercial communications regarding the products and Services provided by Edenred

Grounds: We will send these communications if we have your approval. You can express your consent for the processing of the data to this end, by filling in and ticking the correct box in the form for accepting commercial communications. The provision of your data to this end is voluntary. The refusal to supply your consent for data processing to this regard will not limit your use of the Services.

b) in order to settle claims, complaints and to monitor traffic and improve your experience on the Edenred Websites

Grounds: Processing your data for this purpose is based on the legitimate interest of Edenred in order to ensure the proper functioning of the Edenred Websites, as well as to permanently improve the experience of the visitors on the Edenred Websites, including by answering different questions or settling different claims. In the absence of such data, we will not have the possibility to help you solving the problem you are dealing with.

c) in order to carry out connected services to the functioning of the Cards (account activation, Card activation, view transaction history, debiting, balance, PIN reveal, Card blocking in case of theft or loss, suggestions and complaints) and to process your requests on accessing/using our products 

Grounds: The processing of your data for this purpose is based on the contract concluded between a Client and Edenred and on the compliance with certain statutory legal requirements, which ensure you have access to the amounts available on a Card or to the Card’s blocking, and the provision of your personal data is necessary in order to use these Services within the App.  

d) analyses and statistics regarding the use of our products

Grounds: We are committed to the constant improvement of the quality of our products and Services. Based on our legitimate interest, we use the data that we collect from you or other data that we generate/derive from you or which results from using our products for various statistics, analyses or studies. When we carry out statistical analyses on the use of our products and Services, the analysed data is strictly protected, and the aggregate results are used internally or they can be communicated to the Partner Retailers based on an existing contractual relationship in this regard, without allowing the identification of the data subjects and by observing the applicable legal requirements.

e) creating profiles in order to personalise promotional offers

Grounds: Edenred may segment its own clients depending on several criteria in order to classify them in different categories for marketing and/or analysis purposes. The processing of your data for this purpose is based on your legitimate interest. These profiles do not imply exclusively automatic decision making. We want to offer you products and services as relevant as possible, in agreement with your profile and area of interest. That is why you may receive various personalized commercial communications from us, to improve your shopping experience and to help you benefit from advantageous offers from our third-party partners. The promotional offers of our partners presented within the Apps may be general or personalized. The general promotional offers displayed within the Apps do not involve personal data processing, as a result they will be displayed to all Users of the Apps. The customization of the offers will be carried out depending on one or several from the following criteria: residence county/city, gender, age, shopping habits resulting from your transactions made with the Cards, displayed in the Apps.

f) to fulfil legal obligations

Grounds: We have certain legal obligations that imply the processing of personal data, such as specific obligations regarding preventing and fighting money laundering and terrorism financing, reporting to the relevant fiscal authorities and keeping accounting records.

g) in order to ascertain, exercise or defend a right during a procedure before a court of law, arbitration court, of an administrative procedure or any other official procedures in which Edenred is involved, as well as to settle your requests, claims and complaints

Grounds: The processing of your data for this purpose is based on our legitimate interest to defend our rights and interests.

h) in order to send you messages aiming to improve our Services (surveys or questionnaires) 

Grounds: Because we want you to have an interaction as good as possible with our products and Services, based on our legitimate interest, we will use your data (email and phone), collected from you as a User of our products or obtained in any other context, which you made available to representatives of our Company, in order to have your opinion about the quality of our products. We will never ask more than your feedback regarding the use of our products and we will use your answers to make our products and Services easier and more efficient to use.

4. USE OF THE EDENRED WEBSITES AND EDNRED APPS (EDENRED PLATFORMS)

4.1. Edenred does not oblige any person to provide all the data and information requested, however, reserves the right, in the absence of the necessary information and data, not to allow the opening of the User account on the Edenred Platform.

4.2. Please provide us only with genuine data and information and, especially, do not provide identification data that doesn’t belong to you (for example, not to use a fake email address or one belonging to another person). Consequently, Edenred reserves the right to check the truthfulness of the data and information provided by you during the procedure of creating an User account, as well as the right to refuse the opening of a User account if the information provided is not genuine or, as the case may be, to suspend or close such an account. Also, as an User you understand and accept that you are exclusively and fully responsible for the information provided during the creation and subsequent use of the User account, both in relation to Edenred, as well as to any other third party that may be prejudiced.

4.3. The User account is personal and you have the obligation:

  • not to transfer (temporarily or permanently, free of charge or subject to a fee) the right to use the Edenred Platform or the User account to any third-party.
  • to keep confidentiality of the access data in the Edenred Platform and immediately notify the Company about any unauthorised use and about any potential security breach that you suspect or identify.

5. WHOM DO WE DISCLOSE YOUR DATA TO?

5.1. On a case by case basis, we can disclose your personal data, exclusively for the processing purposes to:

a) the companies that are part of the Edenred group;

b) our service suppliers (acting as operators, or as persons empowered by us) and which we contract for the administrative and processing services of our transactions, for marketing, other services suppliers (e.g., the company producing Cards, suppliers of payment services, courier companies, suppliers of IT services);

c) market research agencies carrying out market studies for us;

d) other companies and enterprises with whom we can develop joint programs of offers on the market of our products and services;  

e) public authorities, if the disclosure is necessary in order to comply with an obligation provided for by the applicable legislation;

f) your employer, Edenred commercial partner (Client), upon its request.

5.2. The transmission of your personal data to the above-mentioned recipients will be done only based on a confidentiality commitment and a commitment to ensure the adequate level of security by such recipients, guaranteeing that the personal data is kept safe and its transmission is carried out in accordance with the legislation in force.

6. PERSONAL DATA TRANSFER

The personal data supplied by us can be transferred outside of Bulgaria, but only to European Union states, the States which are contracting parties to the Agreement on the European Economic Area and the Swiss Confederation. In case of payments made from a mobile phone, the data can be transferred to third countries, to sub-processors, in order to carry out specific processing activities, based on an act / adequacy decision of the European Commission or appropriate safeguards sufficient to implement proper technical and organizational measures and based on a proper legal data transfer procedure provided for by the legislation applicable in terms of data protection, such as the standard contractual provisions approved by the European Commission for the transfer of personal data to a third country.

7. DURATION OF THE PROCESSING

7.1. In general, we will process your personal data as much as it is necessary for the processing purposes mentioned above, except for in the situations in which the legal provisions foresee or oblige us otherwise. Therefore:

• regarding the issuance of Cards with electronic currency, we will keep your data for a period of 7 years calculated from the moment our contractual relationship with your employer or with the Client that offered you that Card is terminated, except for in the case when we have to store them for a longer period of time or, as the case may be, for an additional period reasonably necessary to exercise or protect our rights in relation with the products/Services offered and the personal data processed;

• regarding the commercial communications sent by Edenred or its partners, we will keep your email address or your phone number in the data base as long as its subscription is active; from the moment we receive your unsubscribe request, we will deactivate the sending option of such notices to your email address or phone number;

• regarding the online accounts that you create on the Edenred Apps, we will keep your personal data as long as your account is active and after, during the period necessary to evidence the operations carried out through your account; if you are a beneficiary of our products or a contact person for one of the partners (Client or Partner Retailer) and you choose the option to deactivate the User account, Edenred will interpret such an action as your wish to unsubscribe from receiving commercial communications by which we keep you updated about the products and Services offered by us. To this end, if you choose to deactivate the User account, we will not send communications of this type anymore. Nevertheless, we would like to inform you that deactivating your account will not automatically lead to deleting your personal data. In the event in which you do not want your personal data to be processed or if you want to delete your data, you can exercise the rights detailed under point 8 below; 

• regarding the contact form and the form to request a customized offer, we will keep your personal data during the period necessary to provide answers to your messages and requests and evidence the correspondence carried out with you;

• regarding the programs for recommending clients/merchants, we will keep your personal data for a period of up to 1 year;

• regarding the performance of analysis on the navigation on the Edenred Websites and your interactions with the Edenred Websites, we will keep data for a period of up to 3 years;

• regarding the online account that you create within the Edenred Apps, we will keep your personal data as long as your account is active and after, during the period necessary to evidence the operations carried out through the account; if you choose the option to deactivate the User account, Edenred will interpret such an action as your wish to unsubscribe from receiving commercial communications by which we keep you updated about the products and Services offered by us. To this end, if you choose to deactivate the User account, we will not send communications of this type anymore. Nevertheless, we would like to inform you that deactivating your account will not automatically lead to deleting your personal data. In the event in which you do not want your personal data to be processed or if you want to delete your data, you can exercise the rights detailed under point 8 below; 

7.2. Edenred may delete all your personal data when the Company considers that it is no longer necessary for the purposes for which it was collected.

7.3. In any case, if you withdraw your approval and there are no legal grounds for processing or you oppose the processing and there are no legitimate reasons for the processing of your personal data that would prevail, we will stop processing the data.

8.  YOUR RIGHTS

8.1. Regarding this data processing, you have the right to request access to your personal data. You have the right to obtain from Edenred the confirmation that it processes your personal data, as well as information regarding the specifics of the processing, such as the purposes of the processing, the categories of personal data concerned, the recipients to whom personal data will be disclosed, the envisaged period for which the personal data will be stored, if possible, etc., as well as to request rectification (modification) or deletion of the data or restricting the processing, you have the right of erasure (‘right to be forgotten’), the right to object or oppose the processing within the limits and conditions provided by law, as well as the right to data portability (you have the right to request us to supply the personal data in a structured form, frequently used and which can be automatically read, for example, in Excel) and to be informed in case of a data breach, when necessary. Also, if you choose to offer your consent, you have the right to withdraw it at any moment, without affecting the processing carried out by Edenred based on the consent expressed by you before you withdrawal of your consent. Furthermore, you have the right to submit complaints to the Bulgarian Personal Data Protection Commission.

8.2. For any additional questions regarding the manner in which personal data is processed and for exercising the rights mentioned above, please fill out the following form.

9. UPDATING THE INFORMATION INCLUDED IN THIS POLICY

9.1. Edenred can periodically update this Policy, as the activity and Services provided expand or change, or in the event in which Edenred is legally obliged to make amendments. In the event in which Edenred proceeds as such, the latest version of the Policy will be displayed on its own websites. Therefore, please check periodically if such updates exist. In the event in which Edenred makes major amendments to the practices mentioned in the present Policy, we will inform you by using the available contact data.