Privacy policy in relation to the processing of personal data
Privacy Policy
in connection with the processing of personal data
We consider guaranteeing the right to the protection of personal data to be a fundamental commitment of the Site, therefore we will use and invest all necessary means and efforts to process your data in full compliance with Regulation (EU) 2016/679 (the "General EU Regulation on data protection' or 'GDPR') and any other applicable Romanian legislation. As one of the main principles of this legal framework is transparency, we have prepared this document to let you know how we collect, use, transfer and protect your personal data when you interact with us in relation to products and services, including through our website or through the mobile applications.
We reserve the right to periodically update and amend this Privacy Policy to reflect any changes to the way we process your personal data or changes to your legal requirements. In case of such changes, we publish the amended version of the Privacy Policy on our website and therefore, we kindly ask you to check its contents periodically.
Who are we and how to contact us?
This site belongs to "TAI SPA BG EOOD", with address: Sofia, Topli Dol St. 2A, entrance 1, apartment 16, entered in the Commercial Register with EIK 204625282, (hereinafter referred to as "the Site" or "we ” or “us”). For the purposes of data protection legislation, we are the controller in the processing of your personal data.
As your opinions are always important to us and we are always ready to provide you with additional information that you may need in relation to the processing of your data, we encourage you to contact the Site's data protection officer by e-mail with the address: gpdr@b-icon.net with addressee: to the attention of the official for the protection of personal data of the Site.
Which categories of personal data do we process?
In general, we collect your personal data directly from you, so you decide what kind of information you provide to us. For example, the information we receive from you is as follows:
• When you create a profile on the Site, you send us your e-mail address, first and last name;
• When you place an order, you provide us with the following information: the product you want, first and last name, delivery address, billing information, payment method, phone number
In addition, we offer you to register on the Site platform through your Facebook or Google account. If you choose one of these options, you will be directed to the Facebook Admin / Google LLC page, where you will be notified of the transmission of your data to the Site. You can view the privacy policies of Facebook and Google by following the following links:
https://www.facebook.com/about/privacy
https://policies.google.com/privacy
In addition, we may collect and subsequently process certain information about your behavior when browsing our website or using a mobile application in order to personalize your online experience and prepare offers that are tailored to your profile. We invite you to learn more in this regard by reading the section on processing below.
On our website and mobile application, we may store and collect information using cookies and similar technologies in accordance with the Cookie Policy.
We do not collect or otherwise process sensitive data included in special categories of personal data in the General Data Protection Regulation. Furthermore, we do not wish to collect or process data of minors under the age of 16.
What are the purposes and grounds of the processing?
We will use your personal data for the following purposes:
1. Provision of services on the Site for your benefit
This general purpose may include, as appropriate, the following:
• creation and management of a profile on the Site platform;
• order processing, including acceptance, validation, dispatch and invoicing of the same;
• resolving issues related to order cancellations or any other issues related to orders, goods or services purchased;
• returning the products in accordance with the legal regulations;
• reimbursement of the value of the products according to the legal regulations;
The processing of your data for these purposes is in most cases necessary for the conclusion and performance of a contract between the Site and you. In addition, the fulfillment of these purposes requires processing according to applicable law, including tax and accounting law.
2. Improving our services
We would like to always offer you the best online shopping experience. For this purpose, we may use certain information about your purchasing behavior, invite you to complete surveys about your satisfaction after completing an order, or conduct directly or with the help of partners, market surveys and research.
We base these activities on our legitimate interests in performing business activities, always ensuring that your fundamental rights and freedoms are unaffected.
3. Marketing
We would like you to always be aware of the best offers for the products/services you are interested in. In this regard, we may send you all kinds of messages, using electronic message channels (e-mail / SMS / mobile push / webpush, etc.), which contain general and thematic information, information about similar products or products complementary to those purchased from you products, information about offers and promotions, information about products added to Account/My Cart or Account/Favorites or if you have expressed interest in purchasing them, and other business communications such as market research and user opinion surveys , and we may present personalized recommendations on the website and mobile application. In order to provide you with information of interest to you, we may use certain data about your purchasing behavior (for example, products viewed / products added to wishlist / products purchased) to create a profile. We always ensure that this processing is carried out in compliance with your rights and freedoms and that the decisions taken in relation to them do not give rise to any legal consequences for you and do not similarly affect you to a significant extent.
In most cases, we require your prior consent to send you marketing communications. You can change your mind and withdraw your consent at any time by:
• use the "Unsubscribe" link in communications you receive from us; or like
• contact the Site using the contact details above.
In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any case where we use your information for our legitimate interests, we take care and take the necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you may at any time, using the means described above, terminate the processing of your personal data for marketing purposes and we will respond to your request.
4. Protection of our legitimate interests
There may be instances where we use or disclose information to protect our rights and our business. These may include:
• measures to protect the website and users of the Site platform against cyber attacks;
• measures to prevent and detect fraud attempts, including transmission of information to competent public authorities;
• measures to manage various other risks.
The main reason for these types of processing is our legitimate interests related to the protection of our commercial activity, with the proviso that we ensure that all measures taken by us ensure a balance between our interests and your fundamental rights and freedoms.
In addition, in some cases, our processing is based on legal provisions such as the obligation to protect goods and values provided by applicable legislation in this regard.
How long do we keep your personal data?
As a rule, we store your personal data for as long as you have an account on the Site. You may always request that we delete certain information or close your account, and we will respond to that request by retaining certain information, even after the account is closed, when applicable law or legitimate interests require us to do so.
To whom do we send your personal data?
Depending on the case, we may transfer or give access to some of your personal data to the following categories of recipients:
• companies from the group of companies to which the Site belongs;
• partners in the Site's market platform;
• courier service providers;
• providers of payment/banking services;
• providers of marketing/telemarketing services;
• providers of market research services;
• insurance companies;
• IT service providers;
• other companies with whom we may develop joint programs to market our goods and services.
If we are required by law, or if this is necessary to protect our legitimate interests, we may also disclose certain personal data to public authorities.
We guarantee that access to your data by third-party private legal entities takes place in accordance with the legal provisions in the field of data protection and information confidentiality, based on contracts concluded with them.
To which countries do we transfer your personal data?
We currently store and process your personal data in Bulgaria.
However, it is possible that some of your personal data may be transferred to entities located in the European Union or outside it, including countries for which the European Commission has not recognized an adequate level of personal data protection.
We will always take steps to ensure that any international transfer of personal data is carefully managed to protect your rights and interests. Data transfers to service providers and other third parties will always be protected by contractual obligations and, where appropriate, by other safeguards such as standard contractual clauses issued by the European Commission or certification schemes such as Privacy Shield of personal data transferred from the EU to the United States of America.
You can contact us at any time using the contact details provided above to find out which countries we transfer your data to and what safeguards we apply in relation to these data transfers.
How do we protect the security of your personal data?
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures in compliance with industry standards.
We store your data on secure servers using the latest encryption algorithms and guarantee the storage of backup copies.
What are your rights?
The General Data Protection Regulation recognizes a number of rights in relation to your personal data. You can request access to your data, the correction of errors in our files, and/or raise objections regarding the processing of your personal data. You can also exercise your right to file a complaint with the competent supervisory authority or the court. Depending on the case, you may also have the right to request the erasure of your personal data, the right to restrict the processing of your data and the right to data portability.
You can get more information about each of these rights by looking at the table below.
To exercise your rights, you can contact us using the contact details set out above. Please consider the following if you wish to exercise these rights:
Identity. We take the privacy of all records containing personal data seriously. For this reason, we ask that you send us your requests regarding these records using your e-mail address listed in your account on the Site. Otherwise, we reserve the right to verify your identity by requesting additional information to verify it.
Taxis. We will not charge a fee for exercising any rights in relation to your personal data, except where your request for access to information is unfounded, repeated or unnecessarily repetitive, in which case we will charge a reasonable amount. We will inform you of any applicable fees before we consider your request.
Deadline for response. We plan to respond to all valid requests within one month, unless the request is particularly complex, or if you have made multiple requests, in which case we will respond within a maximum of two months. We will let you know if we need more than a month. We may ask you to tell us exactly what you wish to receive or what you are worried about. This way you will help us act faster and shorten the time to respond to your request.
Third party rights. We will not need to respond to a request if it adversely affects the rights and freedoms of other data subjects.
Relevant rights Description
Access You can ask us:
• to confirm that we are processing your personal data;
• to provide a copy of this data;
• provide you with information about your personal data, such as what data we hold, how we use it, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it, what rights you have, how you can submit complaint, where we acquired your data, to the extent that the information has not already been provided to you through this notice.
Rectification You may ask us to correct or supplement your inaccurate or incomplete personal data.
We may attempt to verify data inaccuracies before correcting them.
Deletion of data You can ask us to delete your personal data, but only if:
• they are no longer necessary for the purposes for which they were collected; or
• You have withdrawn your consent (if data processing is based on consent); or
• you exercise a legal right to object; or
• they have been illegally processed; or
• there is a legal obligation in this regard.
We are under no obligation to honor your request to delete your personal data if its processing requires:
• to comply with a legal obligation; or
• to establish, exercise or defend a legal claim;
There are certain other circumstances in which we are not obliged to comply with your request to delete data, although they are also the most likely circumstances in which we may refuse your request.
Please note that before exercising this right, you must withdraw from your account on the Site and save all documents related to orders placed on the Site, regardless of whether the invoicing was done to you or to another natural or legal person ( such as invoices, warranty certificates). If you do not do this before exercising your right to erasure, you will lose all such documents and the Site will not be able to provide them to you, as the case may be, because the data erasure process and the deletion of the Site account with all data and documents , associated with it is an irreversible process.
Restriction of data processing You can ask us to restrict the processing of your personal data, but only if:
• their accuracy is disputed (see the data rectification section) so that we can verify their accuracy; or
• the processing is illegal, but you do not want the data to be deleted; or
• they are no longer necessary for the purposes for which they were collected, but we still need them to establish, exercise or defend a legal claim; or
• You have already exercised the right to object and check whether the dominance of our rights still exists.
We may continue to use your personal data as a result of a restriction request:
• if we have your consent; or
• to establish, exercise or defend a legal claim; or
• to protect the rights of the Site or of another natural or legal person.
Data portability You can ask us to provide your personal data in a structured, widely used and machine-readable format, or you can request that it be directly "ported" to another data controller, but only if:
• the processing is based on your consent or the conclusion of a contract with you; and
• the processing is carried out with an automatic means.
Right to object You may object at any time for reasons related to your particular situation to the processing of your personal data based on our legitimate interests, if you consider that your fundamental rights and freedoms dominate these interests.
In addition, you can object at any time to the processing of your data for direct marketing purposes (including the creation of profiles) without giving any reason, in which case the processing will be terminated as soon as possible.
Automatic Decision Making You may ask us not to be subject to a decision based solely on automated processing, but only where that decision:
• gives rise to legal consequences for you; or
• Affects you similarly and significantly.
This right is inapplicable if the decision made after the automatic decision:
• we need it in order to enter into or perform a contract with you;
• is permitted by law and there are adequate guarantees for your rights and freedoms; or
• is based on your express consent.
Complaints You have the right to lodge a complaint with your local supervisory authority regarding the processing of your personal data. In Bulgaria, the contact details for the data protection supervisory authority are as follows:
Commission for Protection of Personal Data
Address: Sofia 1592, Prof. Blvd. Tsvetan Lazarov" No. 2, Sofia, Bulgaria
Phone: 02/91-53-518;
E-mail: kzld@cpdp.bg
Without prejudice to your right to contact the supervisor at any time, please contact us in advance and we promise you that we will do our best to resolve your issues amicably.
• We remind you that you can contact the Site's privacy officer at any time by sending your request to him in one of the following ways:
• by e-mail to the address: gpdr@b-icon.net or
• by regular mail or courier to the address: 1680 Sofia, Bulgaria Blvd. 58, entrance In, app. 27 - by writing the text to the attention of the personal data protection officer of "TAI SPA BG OOD"