/.unmatched operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data ("General Data Protection Regulation" or "the Regulation"). This "Privacy Policy" ("Privacy Policy" or "the Policy") aims to inform each Client (as defined below) of the Company regarding the processing of data through which a specific Client is identified or can be identified.

For the purposes of the Policy, a "Client" is any natural person who is a party to a contract with the Company for the sale of goods, as well as a natural person who has expressed a willingness to enter into pre-contractual relations with the Administrator and/or a user of a website accessible on the Internet at the electronic address: unmatched.digital as well as a director, manager, representative, proxy, employee, partner, shareholder, beneficial owner of a legal entity, or other legal entity using the Electronic Store.

1. What personal data do we process?

The Company processes, as a personal data administrator, the following groups of personal data of Clients:

• Physical identity – names, personal identification number, address, telephone number, email address;

• Economic identity - information regarding the bank account number.

Personal data is collected by the Administrator from the persons to whom it relates.

2. How do we collect personal data?

We collect personal data:

• in the process of registering on the website of the Electronic Store and when using the Electronic Store without registration;

• when engaging in correspondence with the Client, which may include communication in written form, including electronic form, and oral form;

• through "cookies" when using or browsing our website.

In some cases, we may collect information from third parties or from public sources.

Our website collects data in log files. This information contains data about your IP address, Internet provider, the browser you are using, your operating system, when you visited our website, and the pages visited.

Our website uses "cookies." Cookies are small files of information that the website sends to the visitor's browser. The browser stores this information in a text file on the user's device. They help us make our website work better for you. More information regarding the use of "cookies" can be read in our Cookie Policy, published on the website of the Electronic Store: www………………com.

3. Do we process special categories of personal data?

The Company does not process special categories of personal data of Clients.

4. For what purposes do we process personal data?

The Company processes personal data of Clients for the following purposes:

• providing information and assistance that you have requested from us;

• individualized communication with clients and actual owners;

• for all activities related to the existence, modification, and termination of the relationships between the Company and the Client;

• offering and promoting additional services;

• compliance with regulatory requirements;

• ensuring protection in the event of a dispute and cooperation with regulatory authorities to the extent required by law.

If we do not process this personal data, we may not be able to provide you with our services or the assistance you requested.

5. On what legal basis do we process personal data?

The personal data of Clients is collected, processed, and used on the basis of several processing grounds:

• For the performance of a contract or for entering into pre-contractual relations;

• For compliance with a legal obligation that applies to the Company;

• For the purposes of the legitimate interests of the Company or a third party when the rights and interests of the data subjects do not override them – to resolve disputes; to prevent, establish, investigate fraud, violations, or other unlawful behavior; to establish, exercise, or defend legal claims;

• On the condition of voluntarily given consent when this is required under applicable legislation.

6. For how long do we store personal data?

The Company retains personal data during the contractual relationship and until the debt under the contract is settled and during a transitional period (e.g., for compliance with obligations regarding archiving and retaining accounting data). If legal proceedings or other actions are initiated, personal data may be retained until the end of such action, including all possible periods for appeals, and thereafter will be deleted or archived as permitted by applicable law. Specifically, different media of accounting and tax information containing personal data are kept for a period of 10 years, starting from January 1 of the reporting period following the reporting period to which they relate.

In cases where your personal data has been obtained and processed on the basis of your consent, we will process your personal data only as long as we have your consent to process your personal data.

7. With whom do we share personal data? Do we provide it to third parties?

The Company may, at its discretion, transfer part or all of the personal data to data processors for the fulfillment of processing purposes, in compliance with the requirements of the Regulation.

The Company shares personal data with:

• third parties – service providers engaged by us to perform functions or activities on our behalf;

• third parties: regulatory bodies, tax, financial authorities, judicial, administrative, and law enforcement authorities, all in accordance with applicable law.

This list is not exhaustive and there may be other lawful purposes for retaining, disclosing, or otherwise processing your personal data.

The Company notifies the data subject in case of intent to transfer part or all of their personal data to third countries or international organizations.

8. Are personal data protected?

The Company ensures and maintains appropriate technical and organizational measures to protect personal data against unauthorized access or unlawful use of personal data and/or against their accidental loss, alteration, disclosure, access, and/or damage or copying. These measures aim to ensure continuous protection and confidentiality of personal data. The Company regularly reassesses the measures to achieve ongoing security of personal data.

9. Do we carry out automated decision-making?

The Company does not engage in automated decision-making based on data.

10. What are the Clients' rights regarding the protection of personal data?

Each Client can proceed to exercise the rights listed below by sending a written notice to the Company.

• Withdrawal of consent for processing personal data

When the processing of personal data of a Client is based on the Client's consent for processing their personal data, the Client has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.

• Right of access

Each Client has the right to obtain confirmation from the Company whether their personal data is being processed by the Company. This includes the right of access to personal data, the right to receive a free copy of the data (except in cases of excessive and repetitive requests), unless otherwise provided in the applicable data protection rules, as well as the right of the Client to be provided with a description of the basic information related to the processing of their personal data.

The Company provides each Client with a free copy of their personal data that is being processed, but reserves the right to impose an administrative fee in case of repetitive or excessive requests.

• Right to rectification

Each Client has the right to rectify or request the Company to rectify without undue delay inaccurate, incomplete, or outdated personal data that relates to them.

• Right to erasure (right to be forgotten)

Each Client has the right to request the Company the erasure of their personal data without undue delay when any of the grounds listed below applies:

(i) The personal data is no longer necessary for the purposes for which it was collected or processed in another way;

(ii) The Client withdraws their consent on which the processing of their data is based and there is no other legal basis for processing them;

(iii) The Client objects to the processing as stated below;

(iv) The personal data of the Client has been processed unlawfully; or

(v) The personal data of the Client needs to be erased to comply with a legal obligation under EU law, the law of a member state, or the law of another state;

(vi) personal data has been collected in connection with the offering of information society services.

The Company may refuse to erase personal data of a Client to the extent that processing is necessary:

(i) for exercising the right to freedom of expression and the right to information;

(ii) for compliance with a legal obligation that requires processing under EU law or the law of the member state that applies to the Administrator or for the performance of a task carried out in the public interest or in the exercise of official authority vested in them;

(iii) for reasons of public interest in the field of public health;

(iv) for archival purposes in the public interest, for scientific or historical research, or for statistical purposes;

(v) for the establishment, exercise, or defense of legal claims.

• Right to restriction of processing

Each Client has the right to request the Company to restrict the processing of their personal data in the following cases:

(i) When they contest the accuracy of the personal data as provided by the Client and processed by the Company (the restriction is for a period allowing the Company to verify the accuracy of the personal data);

(ii) When the processing is unlawful, but the Client does not want the personal data to be erased and instead requests a restriction on their use;

(iii) When the Company no longer needs the personal data for processing purposes, but the Client requests them for the establishment, exercise, or defense of legal claims;

(iv) When the Client has objected to the processing and expects the Company to verify whether the legitimate grounds of the Company for processing personal data override the interests of the Client.

• Right to object

Each Client has the right to object at any time on grounds relating to their particular situation to the processing of personal data concerning them.

The Client can exercise the right only in relation to the processing of their personal data that is carried out by the Company for the purposes of the legitimate interests of the Company.

If the objection is well-founded, the Company will cease the processing of personal data concerning the objecting Client, unless the Company demonstrates that there are compelling legitimate grounds for processing that override the interests of the Client.

• Right to data portability

This right includes the following possibilities:

(i) to receive personal data in a structured, commonly used, and machine-readable format to transfer it to another administrator, or

(ii) to obtain a direct transfer of personal data to another administrator, if this is technically feasible.

• Right to lodge a complaint

Each Client has the right to lodge a complaint regarding the processing of their personal data by the Company with the Commission for Personal Data Protection, which is the competent supervisory authority.

Commission for Personal Data Protection

Address: Sofia, PO Box 1592, Prof. Tzvetan Lazarov St. No. 2,

tel. (02) 91 53 519, fax: (02) 91 53 525

email: kzld@cpdp.bg

website: www.cpdp.bg

11. What happens in case of change?

In the event of a significant change in the way the Company processes the personal data of Clients and/or in the types of personal data it processes, and/or in any other aspect of the subject of this notice, the Company will notify Clients of the relevant change immediately by issuing and providing Clients with an updated version of the notice.