MANDATORY INFORMATION ON RIGHT PERSONAL DATA
Information about the company that processes your data:
Name: Bio Aromica Ltd.
UIC / BULSTAT: 203694911
Headquarters and address of the management: Plovdiv, Wolgastraße 16
Telephone: +359 32 624 268
Details of the responsible data protection supervisory authority
Name: Commission for the Protection of Personal Data
Headquarters and address of the management: Sofia 1592, Prof. Tsvetan Lazarov ”№ 2
Postal address: Sofia 1592, Prof. Tsvetan Lazarov ”№ 2
Telephone: 02 915 3 518
Bio Aromica Ltd. (hereinafter referred to as "Administrator" or "Company") works in accordance with the law and regulation on the protection of personal data (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of individuals with regard to the processing of personal data and the free movement of data. This information is intended to inform you about all aspects of the processing of your personal data by the company and the rights you have in connection with this processing.
Reasons for collecting, processing and storing your personal data
art. 1. The administrator collects and processes your personal data in connection with the use of the e-shop https: //eterika.eu and entering into contracts with the company for the sake of art. 6, Paragraph 1, Regulation (EU) 2016/679 (GDPR), in particular for the following reasons:
- Obtained explicit consent from you as a customer;
- Fulfilling the administrator's obligations under a contract with you;
- Compliance with a legal obligation that applies to the administrator;
- For the purposes of the legitimate interests of the administrator or a third party;
Objectives and principles for the collection, processing and storage of your personal data
art. 2. (1) We collect and process the personal data that you provide to us in connection with the use of the e-shop and the conclusion of a contract with the company, also for the following purposes:
- Create a profile and provide full functionality when using the online shop;
- Conclusion and execution of a distance contract;
- Individualization of a contracting party;
- accounting purposes;
- statistical purposes;
- Protection of information security;
- Guarantee of the fulfillment of the contract for the provision of the respective service.
- Send an information bulletin if you so wish;
(2) When processing your personal data, we adhere to the following principles:
- Legality, good faith and transparency;
- Restriction of processing purposes;
- Relevance for the purposes of processing and minimizing the data collected;
- Accuracy and timeliness of the data;
- Limit storage to achieve goals;
- Integrity and confidentiality of processing and ensuring an adequate level of security for personal data.
(3) During the processing and storage of personal data, the administrator can process and store personal data in order to protect the following legitimate interests:
- Fulfilling its obligations to the National Revenue Agency, the Department of the Interior, and other state and local bodies.
What types of personal data does our company collect, process and store?
art. 3. (1) The company carries out the following operations with the personal data you have provided for the following purposes:
Registration of a user in the e-shop and fulfillment of a distance contract - This process is intended to create an account for the use of the e-shop for the purchase of goods and to provide contact information for the delivery of the purchased goods. Registering and creating an account for using the online shop is not a mandatory step in the provision of the service and is largely available without creating an account.
Conclusion of the Impact Assessment : On the basis of the Impact Assessment, the operation "Registering a user in the e-shop and executing a distance contract" is eligible and provides sufficient guarantees to protect the rights and legitimate interests of the data subjects Persons according to the requirements of the GDPR.
Entering and executing a business transaction with a customer or partner - The purpose of this operation is to enter into and execute a contract with a trading partner or customer and manage it. Given the limited amount of personal data collected and the fact that some of it comes from publicly available sources, an impact assessment is not required to conduct an impact assessment of the transaction.
Sending a newsletter - The purpose of this operation is to manage the process of sending newsletters to customers who have indicated that they want to receive them. Given the limited amount of personal data collected, no impact assessment is required to conduct an impact assessment of the transaction.
Exercise of the right to refuse or submit a complaint - The purpose of this operation is to manage the process of exercising the right of withdrawal or of a complaint by the customer. Given the limited amount of personal data collected, no impact assessment is required to conduct an impact assessment of the transaction.
(2) The controller processes the following categories of personal data and information for the following purposes and for the following reasons:
Your personal data (email, name, etc.)
Purpose for which the data is collected: 1) contacting the user and sending information to him, 2) for the purpose of user registration in the online shop and 3) sending a newsletter.
Reasons for processing your personal data - By accepting the general terms and conditions and registering in the e-shop or by ordering without registration or by entering into a written contract, a contractual relationship is created between the administrator and you, on the basis of which we Process your personal data. 6, para. 1, p. (b) GDPR. Your data for sending a newsletter will be processed with your express consent - Art. 6, Para. 1, p. (a) GDPR.
Delivery details (name, phone, address, etc.)
Purpose for which the data is collected: Fulfillment of the administrator's obligations under a sales contract and the delivery of the purchased goods.
Reasons for processing your personal data - By accepting the general terms and conditions and registering in the e-shop or by ordering without registration or by entering into a written contract, a contractual relationship is created between the administrator and you, on the basis of which we Process your personal data. 6, para. 1, p. (b) GDPR.
Additional data provided by you - If you want to complete your profile, you can enter data for your name, surname and telephone number.
Purpose for which the data is collected: Adding information about the user in his user account.
Reasons for data processing: You have given your express consent to the processing of your personal data for one or more specific purposes - 6, para. 1, p. (a) the GDPR at the time of registration in the online shop. It is not necessary to provide this information to register in the online shop.
(3) The administrator does not collect or process any personal data relating to the following:
- reveal racial or ethnic origin;
- Disclosure of political, religious or philosophical beliefs or membership in a trade union;
- genetic and biometric data, health data or data on sex life or sexual orientation.
(4) Personal data are collected by the administrator from the persons to whom they refer.
(5) The company does not make any automated data decisions.
art. 4. (1) The company carries out the following processes with the personal data provided by you as a legal representative or proxy of legal entities and business partners for the following purposes:
- Conclusion and execution of a commercial transaction: For the conclusion and execution of a commercial transaction with a trading company, we only process the three names of the legal representative or the person authorized by the company. Conclusion from the impact assessment: Given the small number of people whose data is processed and the limited amount of personal data that is collected, no impact assessment is required for this process.
(2) The personal data are collected by the administrator from the persons to whom they refer from the commercial register to the registration office.
(3) The company does not make any automated data decisions.
art. 5. The administrator can use the so-called. Cookies for the purpose of providing the full functionality of the website, improving the user experience, statistical purposes, easy access, etc., which you consent to by using our website. You can control and / or delete cookies at any time via the settings of the browser you are using. Cookies do not represent personal data and are not used to identify visitors and users of the e-shop.
Duration of storage of your personal data
art. 6. (1) The administrator stores your personal data for a period of time that is no longer than the existence of your account in the online shop. After deleting your account, the administrator will ensure that all your data is immediately deleted and destroyed or anonymized (ie created in a form that does not reveal your identity).
(2) The administrator processes your personal data, which you have given when ordering, without registering in the e-shop, until the order is completed, unless you have when processing Your order gives your express consent to the processing of your data for the purpose of improving the service content for you, individual conditions, promotions and for statistical purposes.
(3) The administrator stores your personal data provided in connection with online orders for a period of 5 years in order to protect the legal interests of the administrator in court or in administrative disputes with users of the online shop to protect.
(4) The administrator will notify you if the retention period for data needs to be extended in order to comply with a legal obligation, or in view of the legitimate interests of the administrator or otherwise. p>
(5) The administrator stores the personal data that must be kept under applicable law for the respective period that exceeds the period of the existence of your account in the e-shop or until the order is completed can.
art. 7. The administrator stores the personal data of the legal representatives of his business partners for the duration of the contract in order to safeguard the legitimate interests and legal obligations of the administrator. This term can exceed the term of the concluded contract.
Transmission of your personal data for processing
art. 8. (1) The data controller may, at its own discretion, transfer some or all of your personal data to processors of personal data to fulfill the processing purposes you have agreed, subject to the requirements of Regulation (EU) 2016/679 (GDPR ).
(2) The administrator will notify you if you intend to transfer some or all of your personal data to third countries or international organizations.
Your rights to the collection, processing and storage of your personal data
Revocation of consent to the processing of your personal data
art. 9. (1) If you do not want the personal data you provide to be processed for marketing purposes and to receive a newsletter, you can revoke your consent to processing at any time by filling out the consent form in Appendix 1 or in free text request Send it to us by email.
(2) Upon receipt of your request, we will send you a letter with detailed instructions to confirm that you are a recipient of newsletters and a data subject for whom a withdrawal of consent has been requested. < / p>
(3) The withdrawal of consent does not affect the legality of the processing of personal data that the administrator has previously carried out.
Right to information
art. 10. (1) You have the right to request and receive confirmation from the administrator as to whether personal data relating to you is being processed by sending a request in free text by email. P >
(2) You have the right to access your data as well as information on the collection, processing and storage of your personal data.
(3) After we have received your request, we will send you an e-mail with the e-mail address with which you registered or placed orders in the e-shop, with detailed instructions. to verify you as the subject of the personal data to which access has been requested.
(4) After carrying out the check in accordance with Paragraph 3, the administrator will provide you with a copy of the processed personal data in electronic or other suitable form on request.
(5) Providing access to the data is free of charge. However, the administrator reserves the right to charge an administration fee in case of recurrence or excessive requests.
Right to rectification or completion
art. 11. (1) You can correct or enter the inaccurate or incomplete personal data associated with you at any time using the "Edit account" option.
(2) You can correct or complete inaccurate or incomplete personal data concerning you directly through your account on the website or by sending a request to the administrator by email using the form in Appendix № 4 or in free text on request.
Right to delete ("be forgotten")
art. 12. (1) You have the right to request the administrator to delete part or all of the personal data relating to you, and the administrator is obliged to delete this immediately if one of the following reasons applies: p>
- Personal data are no longer required for the purposes for which they were collected or otherwise processed;
- You are withdrawing your consent on which the data processing is based and there is no other legal basis for the processing.
- You object to the processing of personal data, including for direct marketing purposes, and there are no legal reasons for the processing to take precedence.
- Personal data was processed illegally;
- Personal data must be deleted in order to comply with a legal obligation under EU law or the law of a member state that applies to the controller;
- Personal data was collected in connection with the provision of information society services.
(2) The administrator is not obliged to delete personal data if he stores and processes the following:
- Exercise the right to freedom of expression and information;
- to comply with a legal obligation that requires processing provided for in EU law or in the law of a Member State applicable to the administrator, or for the performance of a task in the public interest or in the exercise of the official powers delegated to him; li>
- for reasons of public interest in the area of public health;
- for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
- for the establishment, exercise or defense of legal claims.
(3) To exercise your right to be forgotten, you must send an email request for deletion of your personal data, which the administrator will process using the form in Appendix № 2 fill in or request in free text, after which the administrator will send the email you have registered in the e-shop or placed orders, a letter with detailed instructions for your verification as a user of the store and an item of personal data for which request deletion was.
(4) After verifying the identity of the person who made the request and the person to whom the data relates, in accordance with the instructions sent to you, we will delete all data that we process for you, according to Paragraph 3.
(5) If an order you have placed is being processed, you can ask to "forget" it at the earliest when the order has been successfully completed.
Right to restriction
art. 13. You have the right to ask the administrator to restrict the processing of the data associated with you by sending us a free text request by email if:
- question the accuracy of personal data for a period of time that allows the administrator to verify the accuracy of personal data;
- The processing is illegal, but you do not want the personal data to be deleted, only that its use is restricted.
- The person responsible for processing no longer needs the personal data for the purpose of processing, but you need them to justify, exercise or protect your legal claims.
- You have objected to the processing until it has been verified that the legal reasons of the administrator take precedence over your interests.
(2) As soon as we have received your request, we will send you an email with the email address with which you registered or placed orders in the e-shop Detailed instructions on how to verify that you are a branch user and a data subject who requires a restriction will be processed.
(3) After carrying out the check in accordance with paragraph 2, the company will stop processing your data, but will not remove any publications that you may have made in the online shop. p >
Right to portability
art. 14. (1) If you have given your consent to the processing of your personal data or the processing is necessary for the performance of the contract with the administrator or if your data is processed automatically, you can:
- To ask the administrator to provide you with your personal data in a readable format and to transfer it to another administrator;
- To ask the administrator to transfer your personal data directly to an administrator specified by you, if this is technically feasible.
(2) You can exercise the right to portability by emailing us a completed form in accordance with Appendix № 3 or a request in free text. Then the administrator sends to the email with which you registered or placed orders in the e-shop a letter with detailed instructions for your confirmation as a user of the shop and as the subject of personal data for which portability has been requested. p>
(3) After carrying out the check in accordance with paragraph 2, the company has sent the data to the e-mail you provided, which it processes for you in XML format. p >
Right to information
art. 15. You can ask the administrator to inform you of all recipients to whom the personal data have been communicated, for which correction, deletion or restriction of processing has been requested. The administrator can refuse to provide this information if this would be impossible or would require a disproportionate effort.
Right of objection
art. 16. You can object to the processing of personal data by the administrator concerned at any time, even if it is processed for profiling or direct marketing purposes.