office@pavelhomes.eu
In accordance with GDPR, we are a controller of personal data and, as such, legally responsible for its processing. For any questions or requests regarding your rights related to the processing of your personal data, please contact us.
The following terms and conditions regarding the protection of personal data are designed to inform you, as a user of our website, about the processing of personal data and your rights regarding this processing, in compliance with the General Data Protection Regulation ("GDPR").
Throughout this document, several abbreviations will be used, as follows: TCUPC = Terms and Conditions of Use and Privacy Policies DEVICE = computer, mobile device, or any other equipment used to access the internet SITE = the aforementioned website, referenced in this document DCP = personal data GDPR = General Data Protection Regulation
We have always respected your right to privacy, and our website has been designed to uphold this right and ensure your data security. To enable you to benefit from our products/services, and to ensure that the products and services we offer, including online, function properly for you, we need to collect certain personal data. We assure you that all collected data is kept to a minimum and that we rely on legitimate legal grounds.
By using any of the services and products offered by the SITE and/or by registering an account, you agree to read and understand our privacy and cookie policy as outlined below. To ensure readability, each section includes a title and a brief, simple explanation. Detailed legal information is also provided below.
Principles of our Privacy Policy • We request your consent for cookie usage • We request your consent when completing forms • We provide control over personal data for viewing, editing, and deleting • We protect forms with CAPTCHA to prevent abuse • We collect only the necessary minimum of data • We use secure passwords • Newsletter subscriptions use double opt-in • Account deletion uses double confirmation
Deleting Cookies To offer a pleasant browsing experience, we use small files called cookies placed on your computer. These cookies remember your visits to our website, providing you with a smoother navigation experience (e.g., avoiding manual login with every visit). Some cookies belong to third parties (Google, Facebook) and provide anonymized statistical data on site usage, helping us improve our website. Without cookies, the site might repeatedly display the same message, ask for login data each time, or not remember items previously added to your shopping cart. You can delete our cookies at any time by using your browser's cookie deletion options.
Data We Process When Using Our Services Examples: • Placing cookies on your DEVICE. • Needing your contact details when you reach out to us, enabling us to respond. • Requiring your complete home or work address to deliver our products.
We process these data for the legitimate purpose of our business activities, including: • Offering the requested services/products; • Conducting statistics and measurements to improve service/product quality; • Informing users/customers (buyers) about their account status; • Informing users/customers about order status; • Evaluating our products and services; • Conducting commercial, promotional, marketing, advertising, media, administrative, market research, statistical, sales tracking, and consumer behavior monitoring activities; • Enhancing existing services/products and developing new ones; • Facilitating access to our services/products; • Providing notifications about potentially interesting services/products, promotions, and special offers; • Enhancing security and protecting against cyber-attacks, fraud, and abuse.
In line with data protection laws, we securely manage the personal data provided to us solely for the specified purposes.
How We Process Personal Data We process personal data collected via website forms to create user accounts, fulfill distance contracts, enable contract execution, advertising and marketing purposes, customer relations, and data analysis (such as market research, customer surveys, customer analysis, segmentation, and profiling) to determine purchasing behavior, site activity, repeated purchases, and purchasing data.
These user data will be stored in our database. This processing is based on Art. 6, paragraph 1, sentence 1, letter f) GDPR. We may contact you for these purposes via email, SMS, phone, mail, social media, or Google tools.
We also process user behavior data, such as session data, session video recordings, browsing behavior, location data, demographic information, IP address, operating system, and browser type. These statistical data help us enhance, personalize, communicate, and market our website, including cookie-based behavioral advertising. This processing is based on Art. 6, paragraph 1, letters a), b), c), f), GDPR.
Data Recipients To achieve these goals, we employ service providers (Processors) under Art. 28 GDPR, such as hosting providers, platforms supporting online order processing, online transaction processors, billing and delivery services, user activity monitoring, email/SMS communication, telemarketing, or marketing campaign services. These may include external service providers.
We contractually ensure these service providers comply with European data protection laws, guaranteeing high data protection standards even when data are transferred internationally without EU Commission adequacy decisions. We do not transfer personal data to other recipients unless legally required. For further information about international data transfer protections, please contact us.
Data Provision and Retention Period Providing certain personal data is mandatory, such as for distance contracts and user account registration: full name, email, password, phone number, billing and delivery addresses, and payment method details.
For online card payments (Visa/Maestro/Mastercard) or installment payments, card details are required by the authorized bank processor.
Users aged 18+ opting into newsletters provide their email addresses voluntarily. Refusal to provide optional data does not affect transactional decisions.
Data are stored until contractual relations end or at user request unless legally obliged to retain data further. Storage and transfer of data to public authorities for legal compliance rely on Art. 6, paragraph 1, letter c), GDPR.
User Rights As a data subject, you can freely contact us anytime using the provided contact details to exercise your GDPR rights: • Right of access (Art. 15 GDPR) • Right to rectification (Art. 16 GDPR) • Right to erasure (Art. 17 GDPR) • Right to restrict processing (Art. 18 GDPR) • Right to data portability (Art. 20 GDPR) • Right to object (Art. 21 GDPR) • Right to withdraw consent (Art. 7 GDPR) • Right to lodge complaints with supervisory authorities (Art. 77 GDPR)
Users may download, access, edit, or delete their data via account management tools or by contacting us directly.
Data Security We do not share data with third parties unless legally permitted and contracted explicitly for business purposes. Your data are never sold.
Additional Protection Our website is hosted securely (ISO 27001 standard) and uses SSL encryption technology. Passwords are securely masked.
Additional Information Personal data entered during account creation or orders are securely stored and processed by us, our affiliates, and collaborators for the activities described. International transfers occur only to partners adhering to European data protection standards.
Important: Control Over Data Usage You can manage cookies and personal data via your browser or account management anytime. You can update, download, or delete your data or request assistance from us.
Conclusion: Our site may inform users about offers via newsletters and special communications, without promoting spam. You may unsubscribe anytime.
Personal data may be shared only with partner companies adhering to strict European data protection standards or legal requirements.
We may also share data with public authorities if legally required.
Cookies are small files that are stored on the user's DEVICE and contain two pieces of information:
the name of the cookie, which acts like a variable name and serves to identify one cookie from another,
the content of the cookie, which holds limited information, a code decipherable only by the server.
Cookies are used so that the server can recognize a specific user during their visit to the site, allowing for certain customizations or services such as generating a shopping cart or authentication.
Cookies do not contain any personal information such as your name, surname, email address, or similar data; if such information is collected, it is securely stored on the server.
There are two types of cookies: session cookies, which are automatically deleted when the browser is closed, and permanent cookies, which remain on the DEVICE until their expiration date.
Another classification of cookies is between cookies set by this SITE and cookies set by third parties.
The SITE’s own cookies do not contain any "plain text" personal data that might be collected through forms.
Third-party cookies may belong to traffic analysis systems or various widgets used to integrate with social media platforms.
Third-party providers are also obligated to comply with current legislation and the SITE’s privacy policies.
Access to the site is conditional upon acceptance of the terms and conditions of use and the privacy policy.
For users who had previously logged in persistently before the implementation of new terms and conditions, the user account is updated to record the moment of acceptance of the new terms and conditions.
For users who log in after accepting the new terms and conditions, the user account is updated to record the login moment as the time of acceptance of the new terms and conditions.
To respect your privacy, we have chosen to use only the minimum necessary cookies required to efficiently manage this site. These cookies are, however, mandatory, meaning that without them, we could not achieve the site's objectives
Contact Form The contact form collects the following Personal Data (PD): • Name or pseudonym • Email address • Phone number (optional)
All these data are necessary to ensure effective communication with the user who completed the form.
The form does not retain the user's ID, even for authenticated users, so no link can be established between the form's author and other PD completed by an authenticated user.
The form requires explicit consent for the Terms and Conditions of Use and Privacy Policy (TCUPC) and records the date and time of the agreement.
The form is protected with a Captcha system.
Since the collected data are limited and are not connected through a unique ID to any visitor, it is not possible to provide automatic visualization or deletion, even for authenticated users.
Users who wish to view or delete their data must send a request to the site administrator's email address from the address mentioned in the form to prove ownership of the data.
Deletion will be done by encrypting the name and email address with a public key. Decryption will require a private key, to which the data controller does not have direct access and which is not stored on the server for security reasons. Encrypting the name and email address is necessary to demonstrate that consent to the TCUPC was given with that name and email address.
Comment Forms Depending on the platform's version and type, there may be two types of comment forms: one for pages/articles and another for products. Both follow the specifications below.
The form collects the following PD: • Name or pseudonym • Email address
For authenticated users, these two fields are auto-filled with the profile data but can be manually modified without saving changes to the user profile.
All these data are necessary to ensure effective communication with the user who completed the form.
The form does not retain the user's ID, even for authenticated users, so no link can be established between the form's author and other PD completed by an authenticated user.
The form requires explicit consent for the TCUPC and records the date and time of the agreement.
The form is protected by a Captcha system for unauthenticated users. For authenticated users, login itself is considered sufficient protection, so Captcha is not used.
Since the collected data are limited and not connected through a unique ID to any visitor, automatic visualization or deletion of these data is not possible even for authenticated users.
Users who wish to view or delete their data must send a request to the site administrator's email address from the address mentioned in the form to prove ownership of the data.
Deletion will be performed via encryption with a public key, with decryption possible only through a private key to which the data controller has no direct access and which is not stored on the server for security reasons.
User Account The user account may have multiple components depending on the version. Only compatible specifications and policies apply.
3.1. New Account Form The new account form is designed to request minimal PD necessary for safe identification and differentiation of users, enabling password reset and other essential account functions.
The form collects the following data: • Username (pseudonym, unrelated to real identity if desired) • Email address • First and last name • Phone number (optional) • Password • Password confirmation
The form requires explicit consent for the TCUPC and records the date and time of the agreement.
The contact form is protected through JavaScript and Ajax password validation, which prevents robotic access and makes Captcha unnecessary.
To enhance security, passwords must contain at least one uppercase letter, one lowercase letter, one digit, and one special character.
3.2. "My Account" Interface and Attachments The "My Account" interface allows editing of: • Email address • First name • Last name • Phone number (optional)
Additionally, it displays delivery and billing addresses saved from the last order.
Due to the complexity of managing preferences for payment, delivery, and billing, and the fact that data may be changed when placing an order, direct editing of delivery and billing information outside the order form is not supported.
Users can download or view editable data where applicable, delete delivery and billing information without affecting the account, or delete the entire account for full control and transparency.
Upon account deletion, the name and email address are encrypted with a public key, along with the consent date and deletion date. Decryption requires a private key, not directly accessible by the data controller and not stored on the server.
3.3. Password Reset In case of password loss, the reset process involves: • Entering the new password without immediate activation • Receiving an email with a unique confirmation code • Activating the password only after clicking the verification link
This ensures enhanced security compliant with GDPR.
3.4. Changing the Password from the Account Password changes can only be made by confirming the previous password, ensuring that only the account holder can modify it.
New passwords must contain at least one uppercase letter, one lowercase letter, one digit, and one special character.
3.5. Shopping Cart The shopping cart process has three steps: • Actual cart: product list, quantity, unit price, subtotal, total • Intermediate step: login/new account/guest checkout • Delivery, payment, and billing information
In Step 1, no PD are collected. In Step 2, PD are collected only if a new account is created, following the "New Account Form" specifications. In Step 3, minimum PD are collected: • Review of first name, last name, email address, and phone number (necessary for delivery) • Delivery method selection (not PD) • Delivery address: county, city, street address (if applicable) • Payment method (not PD) • Billing type: individual or company (company data are not considered PD) • Billing address (if different from delivery address) • Optional order preferences (not considered PD)
Guest checkout requires explicit acceptance of TCUPC.
The shopping process is protected through JavaScript and Ajax-generated step-by-step forms, eliminating the need for Captcha.
Newsletter Subscription Newsletter subscription uses double opt-in for verification: • The user subscribes using a valid email address • A confirmation email is sent • Subscription is completed only after the user clicks the confirmation link
Agreement Updates When new versions of terms or policies are added, users who have not yet consented will see a restricted overlay requiring acceptance before accessing the protected area.
Physical Security Measures Server security complies with ISO 9001 and 27001 standards. Server physical security includes biometric access control, video surveillance, motion detectors, etc. Site access is secured via SSL. Passwords are secured using MD5 encryption. Protection against brute-force attacks: after three failed login attempts from the same IP, CAPTCHA is enforced.
Final Notes For any requests regarding the exercise of rights to withdraw consent, restrict or stop data processing, or delete personal data, please contact us.
Due to potential legislative changes, these privacy notifications may be updated. In such cases, we will inform you and seek new consent if necessary.
Welcome to our website. This platform is operated by [Agency Name] ("we," "us," "our") and serves to promote and facilitate the sale of rural real estate properties, primarily in and around the village of Pavel, Veliko Tarnovo district, Bulgaria.
By using our website, you agree to comply with and be bound by these Terms and Conditions. If you do not agree, please refrain from using the website.
All property listings, descriptions, and details provided on the website are for informational purposes only.
While we strive to ensure that all information is accurate and up to date, we make no guarantees regarding the accuracy, completeness, or current validity of any listing or property details.
All offers are subject to availability, prior sale, change, or withdrawal without notice.
The information published on our site does not constitute a legally binding offer or contract.
If you are interested in a particular property, you must contact us directly to verify all details and arrange further steps, including possible viewings and contractual formalities.
Users are responsible for independently verifying any information regarding properties before making any decisions.
We recommend on-site visits and professional advice (e.g., legal, financial, or technical experts) before committing to any purchase or renovation.
We are not liable for any direct, indirect, incidental, or consequential damages resulting from the use of or reliance on information provided on our website.
We are not responsible for the condition of properties, changes made by sellers, or any discrepancies between the information published and the actual state of a property.
All content on this website, including texts, images, graphics, and design elements, is protected by intellectual property laws.
You may not copy, distribute, modify, or use any content without our prior written consent.
Our website may contain links to third-party websites.
We are not responsible for the content, security, or practices of such third-party websites.
Our Privacy Policy, which explains how we collect, use, and protect your personal data, forms an integral part of these Terms and Conditions.
By using the website, you also agree to our Privacy Policy.
We reserve the right to modify these Terms and Conditions at any time.
Changes become effective upon being published on this page.
You are advised to review this page regularly.
These Terms and Conditions shall be governed by and construed in accordance with the laws of Bulgaria.
Any disputes arising from or related to the use of the website shall fall under the jurisdiction of the competent courts of Bulgaria.