PERSONAL DATA PRIVACY POLICY FOR DATA SUBJECTS MAKING PURCHASES THROUGH DIGITEQ LTD'S WEBSITE

1. Introduction:

Thank you for your interest in our company, Digiteq Ltd (hereinafter referred to as "Digiteq").

This privacy policy applies to www.digiteq.com, owned and operated by Digiteq Ltd.

Visitors to the Digiteq website www.digiteq.com fall into two categories:

• Unregistered: Individuals who visit Digiteq's website without registering.
• Registered: Visitors who register on Digiteq's website by providing personal data.

If you wish to make purchases of goods from Digiteq through our website, it is necessary to provide and process your personal data.

The protection of your personal data is a priority for Digiteq, and we guarantee the utmost protection of your personal data.

Digiteq complies with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation) - hereinafter referred to as GDPR. We also comply with applicable Bulgarian laws - the Personal Data Protection Act and relevant local legal frameworks for data protection, processing your data in accordance with this Digiteq Privacy Policy.

As a controller, Digiteq has implemented numerous technical and organizational measures to ensure the most comprehensive protection of your personal data processed through this website.

This Privacy Policy explains which personal data and what information Digiteq processes, why it is collected and processed, and aims to inform you on how to access and update your information, as well as inform you of your rights.

2. Principles related to the processing of your personal data:

2.1. Digiteq processes your personal data for the purpose of concluding sales in the online store of Digiteq and fulfilling obligations under the sales contracts, adhering to the following principles:

a) Personal data is processed lawfully, fairly, and transparently. The GDPR specifies that processing is lawful when at least one of the following elements is present:

• The subject has given consent for one or more specific purposes.
• It is for the performance of a contract to which the subject is a party.
• For compliance with a legal obligation applicable to the controller.
• For the performance of a task carried out in the public interest.
• For the protection of vital interests of the data subject.
• It is necessary for the legitimate interests of the controller, unless those interests are overridden by the interests, rights, and freedoms of the data subject, especially if the data subject is a child.

b) Personal data is collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.

c) Personal data collected and processed during sales in the online store of Digiteq is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.

d) Personal data is accurate and, where necessary, kept up to date.

e) Personal data is erased or rectified without delay when found to be inaccurate or disproportionate to the purposes for which it is processed.

f) Personal data is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

g) Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

2.2. Employees who process personal data undergo initial and periodic training on data protection and are familiarized with applicable legislation.

3. Definitions:

Our privacy policy aims to be clear and understandable. To ensure this, we would first like to explain the terminology used.

In this data protection declaration, we use the following terms:

a) Personal data: Any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

b) Data subject: Any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.

c) Processing: Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

d) Restriction of processing: The marking of stored personal data with the aim of limiting their processing in the future.

e) Profiling: Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

f) Controller or controller responsible for the processing: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

g) Processor: A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

h) Recipient: A natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

i) Third party: A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

j) Consent: Any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

4. Name and address of the controller:

The controller for the purposes of the General Data Protection Regulation (GDPR), other data protection laws applicable in Member States of the European Union, and other provisions related to data protection is:

Digiteq Ltd, with EIK 030007837

Residential complex Mladost 1, bl. 39, entrance G

Sofia 1111

Bulgaria

Phone: 02/9740900

Email: moc.qetigidobfsctd@eciffo

Website: www.digiteq.com

If you wish to contact us regarding this Privacy Policy or data protection in the company, please use the following methods:

By email: moc.qetigidobfsctd@eciffo

By mail: Sofia, Residential complex Mladost 1, bl. 39, entrance G, to the Data Protection Officer

5. Cookies:

The Digiteq website uses "cookies".

Cookies are text files that are placed on your device when you visit our website via your internet browser. When you visit it again, the cookie enables our website to recognize your device. Thus, cookies allow us to recognize our website users. The purpose of this recognition is to make it easier for users to utilize our website. With the help of a cookie, information and offers on our website can be optimized with the user in mind. The website user who uses cookies, for example, does not have to re-enter access data every time the website is accessed because this is handled by the website and the cookie stored on the user's device. Another example is the cookie of a shopping cart in an online store. The online store remembers the items a customer has placed in the virtual shopping cart through a cookie.

You can, however, refuse cookies through the appropriate setting in your internet browser or display when a cookie is sent. Additionally, already set cookies can be deleted at any time via an internet browser or other software programs. This is possible in all popular internet browsers. If you deactivate the setting of cookies in the internet browser you use, some functions or services of our website may not function properly without cookies.

6. Social Networks:

Access to social networks like Facebook, Google+, LinkedIn, YouTube, and others requires separate registration and acceptance of the terms and conditions of these sites. Digiteq is not responsible for the protection of your personal data when accepting these terms and conditions. Please familiarize yourself with the terms and conditions of these sites.

7. Collection and Processing of Data:

If you order a product, we ask for your personal data to process your order and deliver the goods.

With your registration on our website, we will save the data you provide to facilitate your purchases from our website. By creating a profile in our store, you will have access to a faster ordering process, save personal settings, and view previous orders.

Registered individuals are free to change the personal data provided during registration and ordering at any time.

If you need to contact us in another way to place an order (such as by phone, email, or in-person at a store), we will collect information about you through these channels to process your order and deliver the goods.

The types of data processed by Digiteq Ltd:

• Personal data provided by you, necessary for identification and performance of Digiteq's contractual obligations:

1. Personal identity: Your first and last name, names, address, and other data of the authorized person included in the authorization document to represent the data subject before Digiteq Ltd;

2. Contact details: Your address for delivery, invoicing, for sending repaired or replaced goods and for correspondence (street, number, block, entrance, floor, apartment; region; postal code, city, country or other: e.g., parcel to the courier's post office), email address, phone number;

3. Bank account information - data collected when making a payment to Digiteq or for the refund of the paid price for the returned online purchased goods within the legal period or if it is not possible to repair or replace the product in case of a justified complaint (bank account information is not mandatory to be provided as the data subject may wish to use the cash on delivery service or cash payment (on-site at a Digiteq store).

4. Access profile data - Your username for access to www.digiteq.com, password, order history;

5. Other information related to purchased products: Your letters, emails, information about the complaint, complaints, requests, complaints, or other feedback we receive from you about the purchased products.

You can always choose which personal data you want to provide to us (if at all you wish to provide your personal data). However, if you want to place an order, we require (at a minimum) your first and last name, delivery address, and contact phone number. If you choose not to provide this data, we will not be able to process your order and deliver the goods.

• Data provided by you using a device (your computer, tablet, phone, or other device):

When you visit (call) our website, we collect information automatically, some of which may be personal data. This information includes data such as (1) your internet protocol address (IP address), (2) the date and time of access to our website, (3) the types and versions of the browser used, (4) information about the device's operating system (5) your language settings (6) your internet service provider (7) browsing history (8) the internet page from which the access system reaches our website (the so-called referents).

When using this data, Digiteq does not draw conclusions about you. This information is necessary for the purposes of (1) correctly presenting the content of our site (2) optimizing the content of our site, (3) ensuring the long-term viability of our IT and website technology systems, and (4) protecting the functioning of the site, for example, protection against cyberattacks and, if necessary, enabling the investigation of crimes. The legal basis for processing the IP address is Article 6 (1) (f) of the GDPR. Our legitimate interest is based on the purposes listed above for processing this data. It will not be transferred to third parties unless there is a legal obligation to transfer the data or if the transfer serves the purposes of criminal prosecution.

• Data generated and processed by Digiteq in the process of selling goods: (1) order number, customer number, information on invoices and the amount of the obligations contained therein; (2) data necessary for the preparation of invoices for deliveries, as well as for proving their authenticity - type, quantity, and value of the purchased goods; (3) information on the payment method chosen by you, (4) payments made and due; (5) information on changes, additions, or refusals of orders, reporting of damages, receipt of information and assistance regarding the purchased products.

8. Providing Personal Data from the Data Subject to the Controller, as a Contractual or Legal Obligation. Possible Consequences of Failure to Provide Personal Data:

We clarify that providing personal data may be partly required by law (e.g., tax regulations) or may be a result of contractual provisions (e.g., information about the contractual partner). The data subject, for example, must provide us with personal data when a contract is concluded with him/her. Failure to provide personal data would result in the contract with the natural person not being concluded and fulfilled.

Before providing personal data, the data subject can contact our contact person. Our contact person will explain to the data subject whether providing personal data is required by law or contract or is necessary for the conclusion of the contract.

9. The purpose of processing your personal data is to accept your purchase orders and make sales based on them in the Digiteq online store, and your personal data is processed on the following legal grounds:

a) To establish your identity and conclude the sales;

b) Using the data collected about you to fulfill Digiteq's contractual obligations arising from the sale of the goods:

• For activities related to accepting orders received in the Digiteq online store (i.e., made on this website) and sending the ordered goods (delivery of the goods) to the person who ordered them;
• To establish contact with individuals by phone, electronically, for sending correspondence related to the fulfillment of the orders;
• To process the transaction cancellation;
• To correct due amounts if there is a reason for it;
• To process customer payments or refund paid amounts to the customer;
• To service and respond to inquiries, requests, complaints, suggestions, or complaints;
• To maintain accounting records of the deliveries made;
• To update the provided personal data or information about purchases made by the customer;
• For warranty service of the products;
• To process data by data processors - assignment, reporting, acceptance, payment;

c) Compliance with legal obligations

• To comply with the requirements of the Accounting Act, the Tax and Social Security Procedure Code, and applicable legislation (for issuing invoices, credit, debit notes);
• To ensure control carried out by the revenue administration;
• To provide information about the customer and their purchases upon inquiry/request/check by a competent authority;
• To provide information to the Consumer Protection Commission in connection with obligations under the Consumer Protection Act;
• To provide information to the Data Protection Commission in connection with obligations under data protection legislation - GDPR, the Personal Data Protection Act;

10. Unless your personal data is processed to comply with a legal obligation, for the fulfillment of a contractual obligation of the controller under a contract to which you are a party, or to take steps at your request before concluding a contract, or is processed to protect your or another natural person's vital interests, or to protect the legitimate interest of the controller, when it does not conflict with the legitimate interests of the natural person, your personal data may be processed based on your explicit consent (e.g., for direct marketing), which you can withdraw at any time.

Digiteq uses your personal data solely for the purpose of accepting orders for purchases, making sales based on them in the Digiteq online store, and fulfilling Digiteq's contractual obligations arising from the sale of goods. Digiteq has no right and will not use the data provided for this purpose for other purposes, such as direct marketing. Consent is a separate basis for processing your personal data, and the purpose of processing is stated therein (e.g., for direct marketing), and it does not overlap with the purpose stated in this Privacy Policy. The controller Digiteq ensures technical means for the consent to be given as freely expressed, specific, informed, and unambiguous indication of the data subject's wishes by a statement or clear affirmative action, signifying consent to the processing of related personal data. The controller ensures technical means to guarantee that withdrawing consent is as easy as giving it. The request for consent, as well as the possibility of withdrawal, is presented in clear language, in a manner that distinguishes it clearly from other matters, in an understandable and easily accessible form.

11. Your personal data may be provided to the following categories of third parties and public authorities:

11.1. Data processors who process personal data on behalf and by assignment of Digiteq based on a written agreement or have direct or indirect access to your personal data:

• Courier and transport companies to fulfill contractual obligations for the delivery of purchased goods and accompanying documents (invoices and warranty cards on paper); for the transfer of repaired or replaced goods during warranty service; as well as letters and other correspondence;
• Service providers for the maintenance of sold products;
• Persons maintaining equipment and software used for processing your personal data;
• Persons performing installation and/or maintenance activities at the address for providing the service;
• Banks to service your payments;
• Service providers for organizing, storing, indexing, and destroying archives on paper and/or electronic media;
• Persons hired under civil contracts by Digiteq to support online sales processes of goods, logistics, delivery, etc.;
• Service providers in various fields - consultants, experts, lawyers, in connection with the online sale of goods, their delivery, and complaints about purchased products.

Providing personal data to processors is carried out only when there is a valid reason and based on a written agreement that recipients ensure an adequate level of protection.

Processors have no right to process the provided personal data for purposes other than the work assigned by Digiteq. Processors must follow all instructions from Digiteq.

Digiteq takes necessary measures to ensure that engaged processors strictly comply with data protection legislation and Digiteq's instructions, as well as that they have taken appropriate technical and organizational measures to protect personal data.

11.2. Your personal data may be provided to competent public authorities to fulfill their statutory obligation under the relevant legal and sub-legal acts - court, prosecution, investigation, Ministry of Interior, audit authorities - NRA, NSSI, supervisory authorities - Consumer Protection Commission, Data Protection Commission, etc., when they request data in due order related to the performance of their powers.

12. Period for which your personal data will be stored:

The controller processes and stores your personal data only for the period necessary to achieve the purposes outlined in this Privacy Policy or to comply with statutory requirements established by European legislation or laws or sub-legal acts to which Digiteq is subject.

We cease using your personal data for purposes related to the contractual relationship after the contract's termination but do not delete them before one year from the termination of the contractual relationship (e.g., the contract is terminated with a refusal of the transaction (purchase) - the consumer/natural person who has the quality of a consumer under the CPA has the right to unconditionally withdraw from a distance contract within 14 days; or with the expiration of the warranty period according to its terms) and expiration of statutory retention obligations - e.g., according to tax and accounting legislation, a 10-year retention period is provided for accounting documents, counting from January 1 of the reporting period following the reporting period to which they relate (Article 12 of the Accounting Act, Article 38 of the Tax and Social Security Procedure Code - invoices, credit notes, etc.), expiration of the period specified in the Consumer Protection Act for filing a claim for damages caused by a defective product provided to natural persons who have the quality of consumers under the CPA (3 years from the date on which the claimant knew or should have known about the damage, the defect, and the identity of the manufacturer), expiration of the periods specified in the Obligations and Contracts Act for filing claims (5 years), obligations to provide information to the court, competent state authorities and other grounds provided in the current legislation (5 years).

After the expiration of the retention periods, personal data is deleted/destroyed (by applicable methods - e.g., shredding, burning, or permanent deletion from electronic means, for which a protocol is drawn up by a commission appointed by the order of the Manager), unless:

• They are needed for ongoing judicial, arbitration, administrative, or enforcement proceedings, or if a complaint has been received from you that needs to be reviewed by Digiteq;
• You have exercised your right to request a restriction of processing of your personal data.

13. Your rights:

You have the following rights regarding your personal data:

a) Right to confirmation: You have the right to obtain from Digiteq confirmation as to whether or not personal data concerning you is being processed. If you wish to exercise this right, you may contact our contact person or another employee at any time.

b) Right of access: You have the right to obtain free information from Digiteq at any time about your personal data stored and a copy of this information. Furthermore, you have the right to obtain access and explanation regarding the processing of your personal data, which includes the following information:

• The purposes of the processing;
• The relevant categories of personal data concerning you;
• The recipients or categories of recipients to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organizations;
• Where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
• The existence of the right to request rectification or erasure of personal data or restriction of processing of personal data concerning you, or to object to such processing;
• The right to lodge a complaint with a supervisory authority;
• Where personal data is not collected from you, any available information as to its source;
• The existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you;
• Where personal data is transferred to a third country or an international organization, you have the right to be informed of the appropriate safeguards relating to the transfer.

If you wish to exercise this right of access, you may contact our contact person or another employee of Digiteq at any time.

Explanation regarding the processed data includes the information provided by Digiteq through this Privacy Policy.

Upon your request, Digiteq may provide you with a copy of your personal data that is being processed.

Providing access to your personal data cannot adversely affect the rights and freedoms of third parties or lead to a violation of a statutory obligation of Digiteq.

When your requests for access are manifestly unfounded or excessive, in particular because of their repetitive character, Digiteq may charge a reasonable fee based on the administrative costs of providing the information or refuse to act on the request.

Digiteq assesses each case individually to determine whether a request is manifestly unfounded or excessive.

In the event of a refusal to provide access to personal data, Digiteq justifies its refusal and informs you of your right to lodge a complaint with the CPDP.

c) Right to rectification: You have the right to obtain from Digiteq without undue delay the rectification of inaccurate or incomplete personal data concerning you. Considering the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary declaration.

Upon a successful request for data rectification, Digiteq notifies other recipients to whom the data has been disclosed (e.g., service providers, public authorities) so that they can reflect the changes.

If you wish to exercise this right of rectification, you may contact our contact person or another employee of Digiteq at any time.

d) Right to erasure (Right to be forgotten): You have the right to obtain from Digiteq the erasure of personal data concerning you without undue delay, and Digiteq has the obligation to erase personal data without undue delay where one of the following grounds applies:

• The personal data is no longer necessary for the purposes for which they were collected or otherwise processed;
• You withdraw consent on which the processing is based, and there is no other legal ground for the processing;
• You object to the processing and there are no overriding legitimate grounds for the processing;
• You object to the processing of personal data for direct marketing purposes;
• The personal data has been unlawfully processed;
• The personal data must be erased to comply with a legal obligation of Digiteq;
• The personal data has been collected in relation to the offer of information society services to a child under the age of 16 pursuant to Article 8(1) of the GDPR.

Digiteq is not obliged to erase personal data to the extent that processing is necessary:

• For exercising the right of freedom of expression and information;
• For compliance with a legal obligation of Digiteq;
• For reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i), and Article 9(3) of the GDPR;
• For archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the GDPR, to the extent that the right to erasure is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
• For the establishment, exercise, or defense of legal claims.

If any of the above grounds apply and you wish to request the erasure of personal data held by Digiteq, you may contact our contact person or another employee of Digiteq at any time.

e) Right to restriction of processing: You have the right to obtain from Digiteq the restriction of processing where one of the following applies:

• You contest the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
• The processing is unlawful, and you oppose the erasure of the personal data and request the restriction of their use instead;
• The controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise, or defense of legal claims;
• You have objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.

If any of the above conditions are met and you wish to request the restriction of processing of personal data held by Digiteq, you may contact our contact person or another employee of Digiteq at any time.

Digiteq may process personal data subject to restriction only for the following purposes:

• For storage;
• With your consent;
• For the establishment, exercise, or defense of legal claims;
• For the protection of the rights of another natural or legal person; or
• For reasons of important public interest.

When the processing of personal data is restricted and the conditions for such restriction are met, Digiteq will inform you before lifting the restriction on processing.

f) Right to data portability: You have the right to receive the personal data concerning you, which you have provided to Digiteq, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another controller without hindrance from Digiteq, where the processing is based on consent or on a contract and the processing is carried out by automated means.

In exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

To exercise your right to data portability, you may contact our contact person or another employee of Digiteq at any time.

g) Right to object: You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you based on the legal grounds of public interest or the legitimate interests of Digiteq or a third party, including profiling based on those grounds.

Digiteq will no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.

To exercise your right to object, you may contact our contact person or another employee of Digiteq at any time.

h) Right to object to personal data processing for direct marketing purposes: Where personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for such marketing, including profiling to the extent that it is related to such direct marketing.

If you object to the processing for direct marketing purposes, Digiteq will no longer process your personal data for these purposes.

To exercise your right to object to direct marketing, you may contact our contact person or another employee of Digiteq at any time.

i) Right to human intervention in automated decision-making: In cases where the controller makes automated individual decisions, including or excluding profiling, which have legal consequences for individuals or affect them significantly in a similar way, these individuals may request a review of the decision with human intervention and express their views.

The controller provides essential information to individuals subject to automated decision-making about the logic used and the significance and anticipated consequences of this processing for the individual.

If you wish to know whether Digiteq makes automated individual decisions and to exercise your rights regarding automated individual decision-making, you may contact our contact person for data protection or another employee of Digiteq at any time.

j) Right to withdraw consent to the processing of your personal data: You have the right to withdraw your consent to the processing of your personal data at any time when the processing is based on your consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. Before giving consent, you are informed about this. Withdrawing your consent is as easy as giving it.

If you wish to exercise your right to withdraw consent, you may contact our contact person at any time.

k) Right to be notified of a personal data breach: The notification that Digiteq sends to you must contain at least the following:

• The nature of the personal data breach;
• The name and contact details of the contact person or another point of contact from which more information can be obtained;
• A description of the likely consequences of the personal data breach;
• A description of the measures taken or proposed by the controller to address the personal data breach.

Cases where no notification to the data subject is required:

• The controller has implemented appropriate technical and organizational protection measures and those measures were applied to the personal data affected by the security breach, such as encryption;
• The controller has taken subsequent measures that ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialize;
• The notification would involve disproportionate effort. In this case, a public communication or similar measure is taken.

l) You have the right to judicial and administrative protection (the right to lodge a complaint with a supervisory authority; the right to effective judicial protection against a supervisory authority; the right to effective judicial protection against the controller Digiteq or processor); m) You have the right to compensation for damages suffered.

14. Existence of automated decision-making:

As a responsible company, we do not use automated decision-making, including profiling.

15. Digiteq does not collect or process special categories of personal data (so-called sensitive personal data), namely such that:

• Reveal racial or ethnic origin;
• Reveal political, religious, or philosophical beliefs, membership in political parties or organizations, associations with religious, philosophical, political, or trade union goals;
• Relate to health, sexual life, or the human genome.

16. Protection of children's privacy:

This website is not intended for children. Digiteq understands and accepts the importance of protecting children's information online and we do not collect or process personal data of individuals under 18 years of age.

17. Control over our data processing activities in Bulgaria is exercised by the following administrative authority:

Commission for Personal Data Protection (CPDP)

Address: Sofia 1431, 15 Acad. Ivan Evstratiev Geshov Blvd.

Tel: + 359 2 915 35 18

Fax: + 359 2 915 35 25

Email: gb.tnemnrevogobfsctd@dlzk, gb.pdpcobfsctd@dlzk

Website: www.cpdp.bg

18. Entry into force and updating of the Privacy Policy for data subjects making purchases through the website of Digiteq Ltd:

This policy enters into force and applies from 25.05.2018.

Digiteq reserves the right to change this privacy policy at any time. To apply the best measures for data protection and to comply with the applicable legislation, we will regularly update this Privacy Policy for data subjects making purchases through the website of Digiteq. Check this page periodically to stay informed if you want to monitor changes.