Data Privacy Statement

THREENEXT LTD., (“We”) will remain committed to protection of data privacy, transparency and choice of individual persons who visit this website (“You”).

By using this website, you consent to our collection and use of the personal data as set forth in this privacy policy.

 

1. Introduction

At THREENEXT LTD., we are committed to protecting the personal data of our customers, employees, partners, and all individuals with whom we interact. This Privacy Policy outlines how we collect, process, and safeguard personal information in accordance with the Bulgarian Personal Data Protection Act (Закон за защита на личните данни), the EU General Data Protection Regulation (GDPR), and other applicable data protection laws. As a provider of Point of Sale solutions, we understand the importance of maintaining the confidentiality and security of personal data entrusted to us, and we are dedicated to ensuring transparent and lawful data processing practices in all our operations.

 

2. Scope

This policy applies to all personal data collected, processed, stored, or transmitted by THREENEXT LTD., whether in electronic or physical form. It also covers personal data shared with or received from third parties.

 

3. Personal Data

3.1. As used in this Notice:

“customer” means an individual who (a) has contacted us through any means to find out more about any goods or services we provide, or (b) may, or has, entered into a contract with us for the supply of any goods or services by us; and “personal data” means data, whether true or not, about a customer who can be identified:

(a) from that data; or (b) from that data and other information to which we have or are likely to have access.

3.2. Depending on the nature of your interaction with us, some examples of personal data which we may collect from you include your name and identification information such as your NRIC number, social security number, income, assets, contact information such as your address, email address or telephone number, nationality, gender, date of birth, marital status, photographs and other audio-visual information, employment information ,financial information such as credit card numbers, debit card numbers or bank account information, information about your transactions with us, our affiliates, or others and information received from consumer reporting agencies.

3.3. Other terms used in this Notice shall have the meanings given to them in the PDPA or other laws (where the context so permits).

 

4. Collection, Use And Disclosure Of Personal Data

4.1 We generally do not collect your personal data unless (a) it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your personal data to us (your “authorised representative”) after (i) you (or your authorised representative) have been notified of the purposes for which the data is collected, and (ii) you (or your authorised representative) have provided written consent to the collection and usage of your personal data for those purposes, or (b) collection and use of personal data without consent is permitted or required by the PDPA or other laws. We shall seek your consent before collecting any additional personal data and before using your personal data for a purpose which has not been notified to you (except where permitted or authorised by law).

4.2 We may collect and use your personal data for any or all of the following purposes:

(a) performing obligations in the course of or in connection with our provision of the goods and/or services requested by you;

(b) verifying your identity;

(c) responding to, handling, and processing queries, requests, applications, complaints, and feedback from you;

(d) managing your relationship with us;

(e) provide the financial products and services you requested;

(f)processing payment or credit transactions;

(g) sending you and your end customers marketing information about our goods or services including notifying you of our marketing events, initiatives and promotions, lucky draws, membership and rewards schemes and other promotions;

(h) complying with any applicable laws, regulations, codes of practice, guidelines, or rules, or to assist in law enforcement and investigations conducted by any governmental and/or regulatory authority;

(i) any other purposes for which you have provided the information;

(j) transmitting to any unaffiliated third parties including our third party service providers and agents, and relevant governmental and/or regulatory authorities, whether in Bulgaria or abroad, for the aforementioned purposes;

(k)operating our website and/or its subdomains (“Website”); and

(l) any other incidental purposes related to or in connection with the above.

 

4.3. We may disclose your personal data:

(a) where such disclosure is required for performing obligations in the course of or in connection with our provision of the goods or services requested by you; or

(b) to third party service providers, agents and other organisations we have engaged to perform any of the functions listed in clause 4.2 above for us.

4.4 Subject to obtaining necessary consent in certain jurisdictions, we may also share your personal data for the purposes mentioned below:

a) Affiliates: We share your data with our subsidiaries, ensuring they follow similar protective practices outlined in this Policy.

b) Business Partners: Collaborating with third parties like independent software vendors, payment service providers, payment facilitators, merchant acquirers,  system integrators, resellers, and others may involve sharing your data for service delivery and marketing purposes, subject to your consent.

c) Third-Party Service Providers: Engaging external parties for various functions necessary to provide our Services might require sharing your data, with strict limitations on its use beyond our requirements.

d) Business Transfers: In the event of mergers or acquisitions, your data may be transferred to the new entity or disclosed to advisors beforehand.

e) Legal Compliance: We disclose data to comply with the law, protect rights, or respond to legal processes and government requests.

f) Sharing Anonymized Information: We may share anonymized or pseudonymized data with third parties, ensuring confidentiality while enabling association if needed. Each sharing instance adheres to strict privacy safeguards to protect your personal information.

4.5. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).

 

5. Accuracy

We generally rely on personal data provided by you (or your authorised representative). In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at the contact details provided below.

 

 

6. Protection

To safeguard your personal data from unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks, we have implemented stringent IT system and network security policy and introduced appropriate administrative, physical and technical measures such as up-to-date antivirus protection, encryption, strict authentication and access control mechanisms, and the use of privacy filters to secure all storage and transmission of personal data by us, and disclosing personal data both internally and to our authorised third party service providers and agents only on a need-to-know basis.

You should be aware, however, that no method of transmission over the Internet or method of electronic storage is completely secure. While security cannot be guaranteed, we strive to protect the security of your information and are constantly reviewing and enhancing our information security measures.

 

7. Data Security

We take the security of personal data seriously. We have implemented technical, administrative, and physical measures to protect personal data from unauthorized access, disclosure, alteration, and destruction.

 

8. Data Access and Correction

If you wish to make (a) an access request for access to a copy of the personal data which we hold about you or information about the ways in which we use or disclose your personal data, or (b) a correction request to correct or update any of your personal data which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.

Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.

 

9. Retention Of Personal Data

9.1. We may retain your personal data for as long as it is necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable laws.

9.2. We will cease to retain your personal data, or remove the means by which the data can be associated with you, as soon as it is reasonable to assume that such retention no longer serves the purpose for which the personal data was collected, and is no longer necessary for legal or business purposes.

 

10. Transfers of Personal Data Outside of Bulgaria

We may transfer personal data to recipients outside of Bulgaria, including to countries within and outside the European Economic Area (EEA). Such transfers are carried out in strict compliance with the Bulgarian Personal Data Protection Act (Закон за защита на личните данни) and Chapter V of the GDPR. When transferring data outside the EEA, we ensure appropriate safeguards are in place through standard contractual clauses adopted by the European Commission, binding corporate rules, or other legally recognized transfer mechanisms. We only engage with partners and service providers who demonstrate adequate levels of data protection and commit to maintaining the security and confidentiality of personal data.

 

11. Withdrawing Your Consent

11.1  The consent that you provide for the collection, use and disclosure of your personal data will remain valid until such time it is being withdrawn by you in writing. You may withdraw consent and request us to stop using and/or disclosing your personal data for any or all of the purposes listed above by submitting your request in writing or via email to THREENEXT LTD at the contact details provided below.

11.2. Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.

11.3. Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue providing our goods or services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 11.1 above.

11.4. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose personal data where such collection, use and disclose without consent is permitted or required under applicable laws.

 

12. Data Breach Response

In the event of a personal data breach, THREENEXT LTD will promptly respond in accordance with the Bulgarian Personal Data Protection Act and GDPR requirements. We will notify the Bulgarian Commission for Personal Data Protection (Комисия за защита на личните данни) within 72 hours of becoming aware of the breach, where required, and inform affected individuals if the breach is likely to result in a high risk to their rights and freedoms. We maintain records of all data breaches and the remedial actions taken to address them.

 

13. Complaints and Inquiries

Individuals may contact us to inquire about our Privacy Policy practices or file complaints regarding the handling of their personal data.

 

14. Use of Cookies

14.1 The Website may place and access certain cookies on your computer and/or any other electronic device used to access the Website. We use cookies to improve your experience using the Website and to improve the efficacy of our Services. We have carefully chosen these cookies and had taken steps to ensure that your privacy is protected and respected at all times.

14.2  Users of the Website are advised that if they wish to deny the use and saving of cookies from this Website onto their computers and/or other electronic devices, they should take the necessary steps within their internet browsers’ security settings to block all cookies from this Website

14.3 You can choose to delete the cookies at any time. However, you may lose any information that enables you to access the Website more quickly and efficiently including but not limited to personalisation settings.

 

15. External Websites

The Website contains links to external websites. We make no representations as to the quality, suitability, functionality or legality of the material on external websites that are linked to, or to any goods and services available from, such websites. The material is only provided for your interest and convenience. We do not monitor or investigate such external websites and we accept no responsibility or liability for any loss arising from the content or accuracy of the material and any opinion expressed in the material should not be taken as our endorsement, recommendation or opinion. This Policy does not extend to your use of such external websites. You are advised to read the privacy policy or statement of such external websites before using them.

 

16. Compliance With Laws and Regulations

THREENEXT LTD. adheres to all applicable data protection and privacy laws, including but not limited to the Bulgarian Personal Data Protection Act (Закон за защита на личните данни), the EU General Data Protection Regulation (GDPR), and the Electronic Commerce Act (Закон за електронната търговия). We regularly review and update our practices to ensure ongoing compliance with these regulations and any amendments thereto. We monitor legislative changes and implement necessary adjustments to our policies and procedures. We maintain appropriate technical and organizational measures to demonstrate our commitment to compliance and accountability in all aspects of our data processing activities.

 

17. Data Protection Officer

If you have any questions or concerns about this Privacy policy or our data protection practices, you may write to us at:

Email: n.nunev@3next.bg