Personal data privacy policy

Personal data protection is of great importance to SIKO-S Ltd. and we would like the process of your personal data processing to be completely clear and open to you. That is why we have a policy which sets out how your personal data will be processed and protected.

1. 1. Who is responsible for your personal data?

SIKO-S Ltd., UIC 131141624, registered office and management address: Sofia, 11 Neofit Bozveli Street, 1st Floor, Office 1, is the personal data administrator and is responsible for your data, in accordance with the relevant legislation on personal data protection and in compliance with applicable European laws and other data protection legislation.

2. Why do we need to use your personal data?

We collect your personal data when you enter into a purchase contract at our stores or remotely, and when we deliver the ordered goods or when you register and use our website, for marketing and advertising purposes, profiling, participation in games, promotions and sweepstakes organized by us as well as for any other purposes not prohibited by law. As we are located in the European Union, we process your personal data in accordance with applicable European laws and other data protection legislation.

We do not collect or process more or other types of personal data than is necessary for us to fulfil the relevant purposes. We will only use personal data as set out in this policy unless you have given us your explicit consent to another use of your personal data. If we intend to use your personal data that we process with your consent for purposes other than those set out in that consent, we will notify you in advance and, where the processing is based on your consent, we will only use your personal data for different purposes with your permission..

If you have not opted out of receiving updates and special offers through direct marketing, we will use your personal data to send you updates, information surveys and invitations by email, text messages, phone calls and regular mail.

3. What personal data do we process?

  • full name, permanent address;
  • data relating to electronic communication services;
  • data for the preparation of quotations, contracts, invoices, goods receipts and other documents, and for proving their authenticity; data processed on electronic communications networks, e-mails, letters, information about trouble shooting requests, complaints, applications, complaints;
  • information on the type and content of an offer proposal, marketing survey or proposal, the contractual relationship, and any other information relating to the contractual relationship, including call records
  • other feedback received from customers;
  • personal contact details: contact address, telephone number and contact information (email, telephone number);
  • video recordings which are made to improve security;
  • marketing preference surveys about products or services;
  • credit or debit card information, bank account number or other banking and payment information in connection with payments made to Siko-S Ltd.;
  • customer number, code or other identifier created by Siko-S Ltd. to identify customers;
  • data provided via the Company’s website or mobile applications;
  • information about the terminal electronic communication devices used, the type of devices, the operating system used, IP address when visiting our website;

Where we process personal data, and the other data described, for the purposes of providing products and services, paying for them, fulfilling customer requests for products or services, and in order to comply with our legal obligations, this processing is mandatory, in order to fulfil these purposes. Without this data, we could not provide the relevant services. If we are not provided with identification data, we would not be able to conclude a contract for a product or service.

4. For what purpose is the processing of personal data carried out?

  • Establishing the identity of the customer through all stages of communication;
  • Managing and fulfilling customer requests for products or services, fulfilling contracts for products and services;
  • Preparation of a contract proposal;
  • Preparation and sending of bills/invoices for products and/or services produced and provided by Siko-S Ltd;
  • Providing the necessary comprehensive customer service, and to collect amounts due for products and services received;
  • Providing the technical service with a view to delivering maximum quality products and services as agreed;
  • Any technical assistance to maintain the quality of products and services of Siko-S Ltd;
  • Preparation of contract proposals and actual conclusion of contracts, sending courier services with pre-contract information and draft contracts until a contract is reached;
  • Notification of everything related to the products and services that customers receive from Siko-S Ltd;
  • Sending various notices, notification of problems, discrepancies, errors or to respond to requests, complaints, suggestions, etc. submitted by customers;
  • Analysis of customer history and preparation of a customer profile in order to determine the most appropriate offer from Siko-S Ltd.;
  • Evaluating and measuring the effectiveness of Siko-S Ltd’s advertisements, and proposing advertising content that is relevant to customers’ needs;
  • Researching and analysing customer demand for products or services, based on anonymous or personalised information to identify key trends, to improve our understanding of customer behaviour and in order to collaborate with third parties to introduce new products or services to our customers;
  • Carrying out processing by a data processor for contract, assignment, reporting, acceptance, payment;
4.1. To comply with regulatory obligations:
"Siko-S Ltd. processes personal identification data, data for the preparation of offers, contracts, invoices, bills of goods, accounts and other personal data in order to comply with obligations that are stipulated in a legal act, for example:
  • obligations to provide information to state control authorities;
  • provision of information to the Data Protection Commission in relation to obligations set out in data protection legislation, such as the Data Protection Act, Regulation (EU) 2016/679 of 27 April 2016, etc.;
  • obligations provided for in the Accounting Act and the Tax and Social Security Procedural Code and other related regulations in relation to the keeping of proper and lawful accounting records;
  • provision of information to the court and third parties in the context of court proceedings, in accordance with the requirements of the procedural and substantive regulations applicable to the proceedings;
4.2. Web Analytics
The website(s) of Siko-S Ltd. use Google Analytics*, the web analysis service of Google LLC, Mountain View, CA 94043 USA (“Google”). Google Analytics uses cookies. The information collected via the Google Analytics cookie about how users use the website(s) is generally forwarded to Google’s IT infrastructure in the USA and stored there. The data processing is carried out on the basis of the statutory provisions of § 96 Paragraph 3 of the Austrian Telecommunications Act as well as Article 1, letter ‘a’ (prior consent) and/or ‘f’ (legitimate interest) of the Regulation. The task of Siko-S Ltd. within the meaning of the Regulation (legitimate interest) is the improvement of the commercial offers and the web presentation of the website(s) of Siko-S Ltd. The user data (IP address) used by these Google Analytics cookies is pseudonymised. In this procedure, the last digit of your IP address is deleted. As a consequence, only a rough localisation is now possible, which allows the personal data of the users of the website(s) of Siko-S Ltd. to be protected according to the requirements of the Regulation.
  • If users of the Siko-S Ltd. website(s) wish to prevent Google from analysing their data, the following settings must be made:
Disabling the use of cookies in the browser used

4.2.1. Data collected about website visitors:
All websites collect data about visitors – registered users and visitors without registration, namely the following categories of data:
  • IP address;
  • Highly unique user identifier;
  • Device identifier (device ID) for mobile applications, highly unique;
  • Browser identifier, highly unique;
  • History of pages visited, including secondary processing to identify preferences for certain types of content;
  • Certain types of behaviour – e.g. a list of ads viewed according to their category and interaction with them – ad availability in the visible part of the browser; clicks made; button presses to hide the ad, etc.

4.2.2. Google Conversion Tracking
Google Conversion Tracking allows us and Google to recognise that someone has clicked on our Google ad and then been redirected to our page. However, we can’t see which other web pages you have loaded. The information collected through Google Conversion Tracking is only for the purpose of compiling statistics on the success and usage of our AdWords advertising campaigns. However, we do not collect or receive personally identifiable information from users.

4.2.3. Statistical research and analysis
Google’s website(s) contain a single pixel file or web beacon that is called up from the ESP’s server. In this way, technical information concerning the browsers used and the user’s IP address and the time of the request to the site are first collected. This information is used to technically improve the service on the basis of the technical data, or to refine the target groups and their reading habits on the basis of recall locations (which can be determined using the IP address) or access times. Statistical research also includes determining whether the site(s) were opened, when they were opened and which links were clicked. This information is not used to track users, but to recognize their reading habits in order to tailor content to them or send different content according to their interests.

4.2.4. Browser view and data management
The Siko-S Ltd. website(s) may contain links that refer to the webpage of other websites. These links serve the newsletter online presentation and also provide the opportunity to stop receiving it and are not involved in the process of data management.

4.2.5. Social networks:
Your access to social networks such as Facebook, Google +, YouTube, Twitter and other such sites provides for a separate registration and acceptance of the terms and conditions of these sites. Siko-S Ltd. is not responsible for the protection of your personal data upon acceptance of these terms and conditions and in this regard it is necessary to read the terms and conditions of these sites in detail.

4.2.6. Google AdWords
This website uses Google AdWords, a remarketing and behavioural targeting service provided by Google. With this service, the advertising activity of is connected to the Adwords advertising network via cookies (see information about cookies here). Siko-S Ltd. does not identify or collect user data via Google Adwords.

5. How do we process your personal data?

By “consent”, SIKO-S Ltd. will mean any freely given, specific, informed and unambiguous indication of the data subject’s wishes, by means of a statement or a clear affirmative action, which signifies his or her agreement to personal data relating to him or her being processed. The data subject may withdraw his or her consent at any time.
SIKO-S Ltd. only understands “consent” to mean cases where the data subject has been informed of the intended processing and has given his or her consent without being subjected to pressure. Consent obtained under pressure or on the basis of misleading information will not be a valid basis for processing personal data.
For special categories of data, SIKO-S Ltd. will require to obtain the data subjects’ explicit written consent, unless there is an alternative lawful basis for processing. In most cases, consent to process personal and special categories of data is routinely obtained by SIKO-S Ltd. using standard consent documents – e.g. when a new customer signs a contract or at the time of recruitment of new staff etc.
SIKO-S Ltd. does not collect or process personal data of children aged 16 or under, except with parental consent under applicable local law. If we learn that personal data of a child has been accidentally collected, we will promptly delete the data in question.

5.1. After your consent
In some cases, we process your personal data only after your prior written consent. Consent is a separate basis for processing your personal data and the purpose of the processing is stated in the consent.
Consents given may be withdrawn at any time. Withdrawal of consent has no impact on the performance of the contractual obligations of Siko-S Ltd. If you withdraw your consent to the processing of personal data for any or all of the purposes set out therein, Siko-S Ltd. will not use your personal data and information for the purposes set out above. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal.
We have a large portfolio of products on offer. When you give us consent to data processing, this consent applies to all our products that you have purchased. To withdraw the consent you have given, all you need to do is use our store network, our website or simply our contact details.
5.2. In view of our legitimate interest
These are purposes related to the legitimate interests of Siko-S Ltd. and/or third parties. These purposes include:
  • Ensuring the proper functioning and use of the Site by you and other users, maintaining and administering the Services, resolving disputes, identifying and preventing malicious activity;
  • Detecting and resolving technical or functionality problems, developing and improving the Services.
  • Communicating with you, including electronically, about important matters relating to the Services.
  • Receiving and processing signals, complaints, requests and other correspondence received;
  • Enforcing and protecting the rights and legitimate interests of Siko-S Ltd., including through legal proceedings, and assisting in enforcing and protecting the rights and legitimate interests of other users of the Site and/or affected third parties.
For these purposes, it may be necessary to process some or all of the above categories.

6. What rights do you have?

You, as a data subject, have the following rights in relation to the data processing as well as the data that is recorded about them:
  • To make requests to confirm whether personal data relating to you is being processed and, if so, to obtain access to the data and information about who the recipients of that data are.
  • To request a copy of your personal data from the controller;
  • To ask the controller to rectify personal data where it is inaccurate or no longer up to date;
  • Request the controller to erase personal data (right “to be forgotten”);
  • To ask the controller to restrict the processing of personal data, in which case the data will only be stored but not processed;
  • To object to the processing of your personal data;
  • To object to the processing of personal data concerning you for direct marketing purposes.
  • To lodge a complaint with a supervisory authority if you believe that any provision of the Regulation has been breached;
  • To request and be provided with your personal data in a structured, commonly used and machine-readable format;
  • Withdraw your consent to the processing of your personal data at any time by a separate request to the controller;
  • Not be subject to automated decisions that significantly affect you without the possibility of human intervention;
  • To object to automated profiling that occurs without your consent;

SIKO-S Ltd. provides all necessary conditions to ensure the exercise of the data subject’s rights. Data subjects may make data access requests, have the right to lodge complaints with SIKO-S Ltd. relating to the processing of their personal data, the processing of a data subject’s request and an appeal by the data subject concerning the manner in which complaints are processed.
A request to exercise the rights of data subjects may be submitted as follows:
  • Electronically to the following email address;
  • On the spot at any of the stores of Siko-S Ltd. by a written request;
  • By post to the address of our Head Office – Siko-S Ltd., Sofia, 11 Neofit Bozveli Street by a written request.

The request for the exercise of personal data rights should contain precise information on:
  • Name and ID number – so that we can identify you;
  • Address, telephone, e-mail - so that we can contact you and provide you with the best quality service;
  • Description of the request – so we know which right you want to exercise;

SIKO-S Ltd. provides information on the actions taken in relation to a request to exercise the subjects’ rights within one month of receipt of the request. If necessary, this period may be extended by a further two months, taking into account the complexity and number of requests from a particular person. SIKO-S Ltd. shall inform the person of any such extension within one month of receipt of the request, indicating the reasons for the delay.
SIKO-S Ltd. is not obliged to respond to a request in the event that it is unable to identify the data subject, the description of the request is not specified or is not sent in the ways provided for in this Policy.
SIKO-S Ltd. may request the provision of additional information necessary to confirm the identity of the data subject where there are reasonable concerns about the identity of the individual making the request.
Where the request is made by electronic means, the information shall, where possible, be provided by electronic means unless the data subject has requested otherwise.

7. Security of your data.

SIKO-S Ltd. takes a responsible attitude towards data security. We apply the appropriate and necessary level of protection and, to this end, we have developed effective physical, electronic and administrative procedures to safeguard the data we collect from accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to personal data transmitted, stored or otherwise processed. Our information security policy and related procedures comply with international standards and are regularly reviewed and updated as necessary to meet our business needs, changes in technology and regulatory requirements. Access to your personal data is only permitted to those employees, service providers or affiliates of Siko-S Ltd. on a need-to-know basis for business purposes or who require the information to perform their job duties.
It is a principle of our structure that all employees/workers are responsible for ensuring the security of the data for which they are responsible and which Siko-S Ltd. holds, and that the data is held securely and not disclosed under any circumstances to any third party unless Siko-S Ltd. has given such rights to that third party by entering into a confidentiality agreement/clause. In this regard, all personal data is only accessible to those who need it, and access can only be granted in accordance with established access control rules. All personal data is treated with the utmost security and stored:
  • in a private room with controlled access; and/or
  • in a locked cabinet to which authorised persons have access; and/or
  • a computerised password-protected system in accordance with the internal requirements set out in the organisational and technical arrangements for controlling access; and/or
  • computer media that is protected in accordance with organisational and technical measures to control access to information.

Siko-S Ltd. has made arrangements to ensure that computer screens and terminals cannot be viewed by anyone other than authorised Siko-S Ltd. employees/workers. All employees/workers are required to be trained and accept the relevant contractual clauses/declarations/rules to comply with the organisational and technical access measures before being given access to information of any kind. Personal data shall only be deleted or destroyed in accordance with internal data retention and destruction procedures.
In the event of a data leak containing personal data, Siko-S Ltd. will follow and comply with all applicable notification norms in such cases.

8. Retention of personal data.

In general, we will retain your personal data for as long as necessary to achieve the purposes set out in this Privacy Policy or to comply with the requirements of legislation. We will delete personal data we have collected from you if it is no longer necessary to achieve the purposes for which it was originally collected. However, we may be required to keep your personal data for a longer period due to legal regulations, for example:
  • 1 (one) year – after the termination of the contract or until all financial obligations have been finally settled and statutory data retention obligations, such as obligations under the Electronic Communications Act and the Electronic Document and Electronic Certification Services Act, have expired;
  • 11 (eleven) years under the Accounting Act for the storage and processing of accounting data;
  • 5 (five) years under the Obligations and Contracts Act (limitation periods for making claims);
  • 5 (five) years pursuant to obligations to provide information to the court, competent state authorities and other grounds provided for in applicable law.

Please, note that we will not delete or anonymise your personal data, if it is necessary for pending judicial, administrative, arbitration, enforcement or complaint proceedings before us.

9. Provision of information.

Siko-S Ltd. strives not to provide your personal data to third parties in any other way, except in the conditions described in this Policy and the hypotheses provided by law. However, in certain cases, if necessary, certain data will be sent to persons outside the EU/EEC, subject to the requirements of applicable law and as described in this Privacy Policy, for example:
  • Where disclosure of your personal data is duly requested by a competent public or judicial authority;
  • Where there is a decision of the Data Protection Commission or the European Commission that the country concerned provides an adequate level of protection for personal data;
  • Where an agreement has been entered into with the organisation to which the personal data is transferred containing the standard data protection clauses approved by the European Commission by Decision No. 2010/87/EU;
  • Where it is necessary to transfer data to an organisation in the USA, the transfer is made as long as the Privacy Shield Framework Agreement with the US Department of Commerce is signed. The U.S. Department of Commerce is responsible for managing and administering Privacy Shield and ensuring that companies meet their commitments.
  • Where necessary, we engage other companies and individuals to perform certain tasks on our behalf that are complementary to our services under data processing contracts;
  • Change of ownership – in the event of a merger, acquisition or sale of assets affecting the processing of personal data, you will be notified in advance;
  • Where we have obtained your explicit consent to transfer;

General policy information
This Personal Data Policy may be amended or supplemented due to changes in applicable Bulgarian or European legislation, at the initiative of SIKO-S Ltd. or a competent authority.
Siko-S Ltd. will inform users of amendments or additions to this Privacy Policy by publishing the updated Privacy Policy on the website of Siko-S Ltd –
Users are advised to periodically check the most up-to-date version of this Privacy Policy on the Siko-S Ltd. website.

10. Contact details for Siko-S Ltd. and the Data Protection Supervisor.

Please direct your data protection queries and any requests regarding the exercise of your legal rights to the Data Protection Information Department.
Contact telephone number: 0700 15 0 15
Address: Sofia, 11 Neofit Bozveli Street
All requests will be brought to the attention of our Data Protection Officer at Siko-S Ltd.
In case of violation of your rights under the applicable data protection legislation, you have the right to file a complaint with the supervisory authority:
Data Protection Commission:
Headquarters and correspondence address. 1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd., Phone 02 915 3 518, E-mail:, Website:

11. Updating our Privacy Policy

We will update our Privacy Policy in line with any changes to the data protection legislation. The latest version is always available on our website.

This Privacy Policy is current as of January 1, 2022.