1. General information:

“Emag International” Ltd. (“eMAG”), having its registered office in Sofia 1750, “Mladost I” district, 40 “Tsarigradsko shose” blvd., Europark building, floor 6, with EIK 203187055, having fiscal identification code no. BG 203187055, we have the capacity of personal data operator being responsible for the processing of your personal data described below.

For purposes of this Privacy Policy, the following terms shall have the meanings set forth below and related terms shall be interpreted accordingly:

“personal data”, “processing”, “controller”, “processor” and “data subject” have the same meaning as in the Data Protection Legislation;

“Data Protection Law” refers to the EU General Data Protection Regulation 2016/679 of the European Parliament and of the Council (“GDPR” and collectively “EU Data Protection Laws”) and any data protection laws that substantially amend, replace or replace  the GDPR Directive.

We take your privacy rights seriously. Your personal data will be treated in a secure and confidential manner and only as set out below.

  1. Purposes of processing your personal data:

eMAG will process your personal data collected through the eMAG Marketplace application (“eMAG Marketplace”) in order to take steps at the request of the data subject before concluding the contract between eMAG and the company whose employee / representative you are. (Art. 6 (1) (b) GDPR – processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract), for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject prevail,  which require    protection of personal data, (Art. 6 (1) (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental rights and freedoms of the data subject which require protection of personal data  are  overriding, in in particular where  the data subject is a child.), for the purpose of fulfilling a legal obligation to  which the controller is subject (Art. 6 (1) (c) processing is necessary for compliance with a legal obligation  to which  the controller is subject);

  1. The categories of personal data processed by eMAG:

 In order to fulfill the purpose mentioned in point 2 above, eMAG will process the following personal data: e-mail address, telephone number and personal data entered in the identity card, position within the company.

  1. Who has access to your personal data

Within eMAG, your personal data can be accessed by eMAG employees involved in the execution of the contract concluded between eMAG and the company whose employee / representative you are.

  1. Retention period of your personal data

eMAG will keep your personal data for as long as it is reasonably necessary for the purpose mentioned in this privacy policy.

  1. Your rights as data subject:

You have several rights in relation to your personal data. You can request access to your data, correct any mistakes in the eMAG Marketplace application and / or raise objections to the processing of your personal data. You can also exercise your right to complain to the competent supervisory authority or to go to court.

More information about each of these rights can be obtained by consulting the table below.

In order to exercise your rights, you can contact us at the contact address mentioned below in point 5. Please note the following if you wish to exercise these rights:

Identity. We take seriously the confidentiality of all records containing personal data and reserve the right to verify your identity if you make a request regarding such records.

Fees.We will not request a  fee to exercise any of your rights regarding your personal data, unless your request for access to information is unfounded, repetitive or excessive, in which case we will charge a reasonable amount in such circumstances. We will inform you of any fees applied before settling your claim.

Time frames. We aim to respond to any valid requests within one month, unless this is particularly complicated or if you have made several requests, in which case we will respond within three months. We will let you know if we need more than a month. We may ask you if you can tell us exactly what you want to receive or what worries you. This will help us act faster.

Third Party Rights. We do not have to comply with a request if it would adversely affect the rights and freedoms of other data subjects.

Rights concerned



You can ask us:

  • confirm whether we process your personal data;
  • provide you with a copy of this data;
  • to provide you with other information about your personal data. personal data, such as what data we have, what we use it for, to whom we disclose it, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can make a complaint, where we obtained your personal data, insofar as the information has not already been provided to you by this notice.


You can ask us to rectify inaccurate personal data.

We may try to verify the accuracy of the data before rectifying it.

Deletion of data

You can ask us to delete your personal data, but only if:

  • they are no longer necessary for the purposes for which they were collected; or
  • you have withdrawn your consent (if data processing was based on consent); or
  • you exercise a legal right to object (see ‘Objections’ below); or
  • they have been processed illegally; or
  • to comply with a legal obligation that eMAG must comply with.

We are not obliged to comply with your request to delete your personal data if the processing of your personal data is necessary:

  • to comply with a legal obligation; or
  • for the establishment, exercise or defence of a legal claim;

There are certain other circumstances in which we are not obliged to comply with your request to delete personal data, although these two are the most likely circumstances in which we could refuse this request.

Restriction of data processing

You can ask us to restrict the processing of your personal data, but only if:

  • their accuracy is disputed (see rectification section) to allow us to verify their accuracy; or
  • the processing is illegal, but you do not want the data to be deleted; or
  • they are no longer necessary for the purposes for which they were collected, but we still need them to establish, exercise or defend legal claims; or
  • you have exercised your right to object and the verification of imperative reasons is pending.

We may continue to use your personal data following a restriction request if:

  • we have your consent; or
  • to initiate, exercise or ensure the defense of legal rights; or
  • to protect the rights of another natural or legal person.

Portability of personal data

You can ask us to provide your personal data in a structured, commonly used, machine-readable format or you can request that it be “ported” directly to another data controller, but in each case only if:

  • the processing is based on your consent or on entering into a contract with you; And
  • processing is carried out by automatic means.


You can object to any processing of your personal data. personal information based on our “legitimate interests”, if you believe that your rights and freedoms are not safe. fundamentals override our legitimate interests.

Once you have lodged your objection, we have the opportunity to demonstrate that we have compelling legitimate interests that override your individual rights and freedoms.

Automated decision making

You may request not to be subject to a decision based solely on automated processing, but only when that decision:

  • produces legal effects concerning you. (such as rejecting a complaint); or
  • affects you in another significant way.

In such situations, you can obtain human intervention in decision-making  and we will ensure that there are measures in place to allow you to express your point of view and/or challenge the automated decision.

Your right to obtain human intervention or to challenge a decision shall not apply where the decision reached as a result of automated decision-making:

  • it is necessary for us to enter into, or perform a contract with, you;
  • is authorised by law and there are appropriate safeguards for your rights and freedoms; or
  • is based on your consent. explicit. 

Supervisory authority

You have the right to lodge a complaint with your local supervisory authority regarding the processing of your personal data. In Romania, the contact details of the data protection supervisory authority are as follows:

Contact details for the Data Protection Supervisory Authority in Bulgaria are: Commission for the Protection of Personal Data, Sofia 1592, “Prof. Tsvetan Lazarov” No. 2, phone: 02/91-53-519 or 02/91-53-555, E-mail:

Please try to resolve your issues with us first, although you have the right to contact the supervisory authority at any time. 


  1. Contact persons and complaints

For any information or requests to exercise your rights regarding the processing of your personal data, you can contact the eMAG Data Protection Officer using the following ways:

Email address:

By post or courier to: Sofia 1750, Tsarigradsko Shose Blvd. 40, Europark business building, floor 6 – to the attention of the eMAG Data Protection Officer

If you have a complaint or concern about how we use your personal data, please contact us in the first instance and we will try to clarify the situation as soon as possible. You also have the right to file a complaint with the National Supervisory Authority for Personal Data Protection at any time.

Your personal data is safe

Given the current state of the art and implementation costs, eMAG uses a variety of technical and organizational methods to ensure the processing of your personal data in accordance with the laws in force.

eMAG is committed to protecting the security of the personal data you share with us. In support of this commitment, we have implemented appropriate technical, physical and organizational measures to protect your personal data in relation to:

  • their unauthorized or accidental destruction, use, alteration and/or disclosure;
  • theft and accidental loss; and/or unauthorized access to data;
  • their improper use;
  • destruction of data; and/or
  • any other form of unauthorized processing thereof.