2. Concepts and definitions
Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;
DPO means the Data Protection Officer of the Company;
Company means “Bio Life Cosmetics” Ltd., UIC 119612101;
Personal data is any information that directly identifies or is able to identify an individual – three names, date of birth, e-mail, address, etc.;
Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;
Sites means in total the following two domains (Internet addresses) https://barba.bg and http://biolifecosmetics.com and their subdomains, which are owned and administered by the Company, and the Website – each of them separately;
An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier/name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.
Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
3.Grounds for processing personal data under the General Data Protection Regulation
Consent of the data subject – for each specific purpose, separate consent is given;
performance of a contract;
a legal obligation;
protection of the vital interests of the entity or of another person,
task in the public interest;
legitimate interests of the controller or a third party.
4.Categories of personal data to which this Policy applies and grounds for processing
This Policy applies to personal data processed by the Company – administrator on the basis of the consent of the data subject or in fulfillment of a contract or the specific requirements of law, including but not limited to personal data provided by natural persons-subjects of personal data through registration on the Sites, by phone, etc.
The following personal data are collected from data subjects: name and surname, email address, postal address, telephone, IP address.
5. Personal Data Administrator
The personal data administrator is Bio Life Cosmetics Ltd., UIC 119612101, with headquarters and address of management in Sofia. Sofia, bul. Cl. Ohridski 65, represented by the manager Emil Tanev
Data Protection Officer (“DPO”):
Phone: + 359 2 483 09 59
Address: gr. Sofia, bul. Cl. Ohridski 65
6. Technical and organizational measures
The Company – administrator of personal data, has provided the necessary technical and organizational measures related to the protection of personal data of the data subjects – users of Sites. The programs, applications, computer configurations and systems in which personal data is stored are protected by appropriate methods and means and the Company – administrator ensures that it stores the data of the subjects with due care. The technical and organizational measures are described in detail in the Instruction on the Protection of Personal Data and other domestic legal acts of the Company.
7. For what purposes is personal data collected?
Personal data is processed only for the purposes specified in this Policy.
(1) The personal data of the users of the Site are collected in connection with the following:
a) For the purpose of selling goods that the Site offers and in fulfillment of a delivery order. For this purpose, each user should register on the Site and provide the personal data required by the Company – administrator. For the purposes of delivery, personal data is provided to companies performing courier services (“Econt” Ltd., “Speedy” AD), which have duly informed us that they are the administrator of personal data in connection with the performance of the postal delivery service and that they have taken the necessary measures to protect the data provided to them;
b) For the purpose of sending a newsletter and / or marketing messages to which users have explicitly agreed. These may include information about products, services and promotions.
8. How long do we keep your personal data?
We store your personal data for as long as necessary in relation to the purpose for which it is processed. At the same time, we monitor the accurate and timely response to your requests in connection with the exercise of your rights as data subjects set out below, compliance with the legal requirements for the data retention period under applicable law or the need to manage the data in connection with possible legal claims.
9. Do we share your personal data?
Your personal data is treated as strictly confidential and is not shared with third parties, except in cases where this is required by law or when it is necessary for the purposes of delivery (when it is provided to companies providing courier services), as well as in the case of data processing by the Site www.biolifecosmetics.com
10. You have the following rights with respect to your personal data:
Right to information – this right means to be clearly informed who the data controller is; why we will use your personal data (for what purposes); the categories of personal data being processed; the legal basis for the processing of your data; how long your data will be kept, etc.;
the right to access your personal data, including the right to receive a copy of the personal data stored with us;
Right to request correction of inaccurate or outdated personal data;
Right to request erasure of your personal data (right to be forgotten) – when the personal data is no longer necessary for the purposes for which it was collected; when you have withdrawn your consent; when you have objected to the processing when the processing is unlawful; The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. where the personal data have been collected in relation to the offer of information society services. Please note that we may refuse to delete your personal data for any of the following reasons: (i) for exercising the right to freedom of expression and information; (ii) for compliance with a legal obligation by the controller or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (iii) for reasons of public interest in the field of public health; (iv) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defence of legal claims;
Right to request restriction of processing of your personal data; (i) where you believe that the personal data are not accurate, in which case the restriction shall be for a period within which the controller can verify the accuracy of the personal data; (ii) when the processing of your personal data is unlawful, but you do not want them to be erased, but only want their use to be restricted; The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims. (iv) where you have objected to processing pending the verification whether the legitimate grounds of the controller override those of the controller;
Right to object to the processing of your personal data – you should indicate the grounds on which you object to the data processing;
g) Right to withdraw your consent at any time – for this purpose, you should send a message in free text to the administrator / DPO at the above addresses, and upon request you will be provided with a form of the administrator of the respective request / request;
Right to object to data processing through video surveillance;
i) Right to object to direct marketing – for this purpose, you should send a message in free text to the administrator / DPO at the above addresses, and upon request you will be provided with a form of the administrator of the respective request / request;
j) Right to object to automated decision-making, including profiling – for this purpose, you should contact the DPO and send an objection in free text;
k) Right to data portability – this means that you can receive the personal data concerning you and which you have provided to us in a structured, commonly used and machine-readable format and transmit these data to another data controller without hindrance. This right to portability includes: 1) personal data that concerns the data subject and 2) personal data that the data subject has provided to us (for example, account data – correspondence address, username, age, which are provided via an online form). This latter category of data does not include the data created by the data controller (using the monitored data or the input data directly provided), such as a user profile created by analysing the primary data collected by an intelligent metering device;
l) Right to lodge a complaint with the supervisory authority when you believe that your rights as data subjects have been violated – Commission for Personal Data Protection, address: Sofia 1592, bul. “Prof. Tsvetan Lazarov” No 2 http://www.cpdp.bg
To exercise the above rights, please send a message/request/request in free text to the DPO to the following contacts: Email: firstname.lastname@example.org , Phone:+ 359 2 483 09 59, Address: Sofia, bul. Cl. Ohridski 65
You can request and be provided with a sample of application / request from the Company – administrator, who will send you this form, which is tailored to the specifics of your case.
Your message must include all details about the data subject, the type of personal data, the purpose for which they are provided and any other information that will help the controller locate and identify your personal data. The DPO may request additional information, including information relating to the identification of the subject, the type of personal data or the processing activities to which the request relates. You have the right to receive a response within 1 (one) month from the submission of the request (except in the case of a request for deletion of the data, when the administrator is obliged to respond to you without undue delay), which may be extended to 2 (two) months at the discretion of the DPO.
11. Principles of data processing
The processing of personal data shall be carried out in compliance with the principles of lawfulness, fairness and transparency of processing, and in particular:
– processing in accordance with the principles of personal data protection laid down in the General Data Protection Regulation;
– ensuring data protection by design and by default;
– collection of personal data for specific, explicit and legitimate purposes and limitation of the purposes for their processing;
– data accuracy and data minimisation;
the personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
– notifying the Commission for Personal Data Protection and the data subject in case of personal data breach;
– carrying out a data protection impact assessment and interaction, including prior consultations with the Commission for Personal Data Protection;
– processing of data in a manner that ensures an appropriate level of security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organisational measures and implementing appropriate technical and organisational measures to ensure data security.
“Bio Life Cosmetics” Ltd. is a company registered as a Personal Data Administrator within the meaning of Art. 3, para. 1 of the Personal Data Protection Act under identification number 48995.
“Bio Life Cosmetics” Ltd. guarantees its customers the confidentiality of the provided information and personal data.
“Bio Life Cosmetics” Ltd. undertakes not to edit or disclose personal information without the express prior permission of users, except in cases where it has to comply with legal procedure.
For any questions related to the processing of your personal data, you can contact the Data Protection Officer at the following contacts: Email: email@example.com , Telephone: + 359 2 483 09 59 , Address: Sofia, Bulgaria Sofia, bul. Cl. Ohridski 65