Policy for protection of personal data of visitors to the website ASASA.EU
Thank you for your interest in us!
Browsing the Internet website ASASA.EU is possible without any provision of personal data such as name, identification number, email address and special categories of personal data.
Still, any processing of personal data of natural persons must correspond to the General Data Protection Regulation[1], which applies as of May 25th 2018, as well as to the specific regulations for data protection of the Bulgarian legislation, applicable to Trading and web systems Ltd.
The present document aims to introduce the visitors to our website to our policy for personal data protection. In addition, data subjects are informed via this statement of the rights they have. As a controller, Trading and web systems Ltd has implemented technical and organizational measures to ensure the most complete protection of personal data. However, Internet-based applications may, in principle, have security faults, so that absolute protection cannot be guaranteed.
The present Personal Data Protection Policy is based on the terminology used in the General Data Protection Regulation(GDPR). The Personal Data Protection Policy must be clear and comprehensible for the general public. In regard of the latter, before reviewing the Policy, you could get acquainted with the used terminology.
Name and contact details of the personal data controller
The controller under the meaning of GDPR is:
Trading and web systems Ltd, UIC 203364491, is a company which is registered under the Commercial Law of the Republic of Bulgaria, with a registered office and address of management: 2 Nikola Vaptsarov Square; Bansko; e-mail address: info@asasa.eu; phone: +359 888 113 113
Functionalities of the website ASASA.EU
List of the cookies used by the website
In order to use our website, cookies need to be installed. Cookies are small text files stored on the hard drive of your computer during a limited period of time which help us to personalize our services. Cookies are also used for website traffic analysis and anonymous demographic profiling and thus, better understand our customer’s needs and interests and help serve better or provide related information. We also use the information obtained through cookies to analyze websites browsed by the user, searches, improve our marketing and promotional proposals, display advertising or promotions, banners of interest to visitors, customize the content and presentation of our website.
If you wish, you can configure your browser to be warned when receiving cookies and refuse the use of cookies on your hard drive. Please consult the instructions and manuals on your browser for more information.
List of cookies:
Cart: Includes basic information about the purchase
PromoProduct: contains items related to the cart
Offer: indicates whether a product is purchased as flash product
VoucherCode: contains info about the voucher used
Address: contains the customer’s address
Name: contains the customer’s name
Email: contains the customer’s e-mail
Phone/Mobile: contains the customer’s phone/mobile number
Language: contains the customer’s language
Login: identifies the user as valid
3rd party cookies: Facebook, Google, Instagram, Paypal, Revolut
The user is informed that at the time of registration may consent to receiving a regular newsletter that will be sent to the e-mail provided.
We use your personal data to process your orders
Links to internet pages
Hyperlinks may be placed on thescents.ch via which visitors to thescents.ch may connect to other internet pages. Trading and web systems Ltd must remind you that by following such hyperlinks the visitor transfers directly tothird party pages which apply their own personal data protection policies. Trading and web systems Ltd shall not be liable for the personal data protection policy of such internet pages and the information (incl. personal data) collected by them. In view of the latter, Trading and web systems Ltd strongly recommends to the visitors of its website to get acquainted with the personal data protection policy of such internet pages.
Collection of general data and information
When you visit ASASA.EU the website collects information from your browser only, necessary so that we can technically display our website to you, namely:
- the browser types and versions used; • the operating system used by the accessing system; • the website from which an accessing system reaches our website (so-called referrers); • the sub-websites; • the date and time of access to the Internet site; • an Internet protocol address (IP address); • the Internet service provider of the accessing system, and • other similar data and information that may be used in the event of attacks on our information technology systems.
After your visit to our website such general data and information are stored in the registration log files of the server, separate from all personal data provided by you (via sending an email for example). Upon storing such general data and information the website thescents.ch derives no conclusions as to the identity of the data subject. This information is stored solely for the aim of increasing the defences of the website and data security, and assisting law enforcement in the event of a cyber-attack.
Categories of data, purpose of processing and legal basic for processing
The Responsible party deals with the following categories of User data:
Contact information: name, postal address, e-mail address, telephone number.
Preferences: information that the user provides about his preferences, for example, the type of products purchased by the User.
Use of the website and communications: how you use our website and the information collected by using cookies that you can consult in our Cookies Policy… Certain cookies may affect the privacy of the User by allowing the content to be linked to certain personal data, including personal interests and preferences.
The Responsible party deals exclusively with the personal data provided by the User and does not deal with special categories of personal data. The main purpose for which we process the User’s information is to provide the services expressly requested by the User (marketing and offers relating to perfumery, beauty and cosmetic products).
The Responsible party processes user data for the following purposes:
- Provision of services expressly requested by the User, as well as to manage payments and orders;
- Provide support and assistance services to Users, notify service or account issues (e.g., reset password, report misconduct and, if necessary, report the suspension or cancellation of User’s account);
- Commercial, operational and statistical activities. No automated decisions will be made based on this profile.
- Advising and sending newsletters and other commercial communications by e-mail on the person in charge and the provision of perfumery, cosmetic beauty and hairdressing services. The User may indicate his or her opposition to the reception of this newsletter at any time. The User expressly consents to receive these e-mail messages, although they may unsubscribe (i) from the link specified in any e-mail communication, (ii) by sending an e-mail to info@chescents,ch However, this will not result in the deletion of certain non-commercial communications, such as messages relating to your account.
The legal basis for the processing of Users’ data by the Responsible party is the consent of the User (art 6.1 a) RGPD). In the alternative, the Responsible party may process the User’s data under the legal basis of legitimate interest for direct marketing purposes.
The communication of personal data by the User is voluntary, although it is a contractual condition for the User to be able to purchase the products marketed by the Responsible party. Thus, the refusal of the User will make it impossible for the Responsible party to provide certain services to the User.
The User may withdraw consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
The Responsible party will always request consent and inform the User before using his/her data for any purpose other than those described in this Privacy Policy.
Addresses of personal data
The Responsible party will communicate the User’s personal data to the following recipients, which the User expressly accepts:
- Anonymously, to advertising and programming providers to share statistics;
- To data processors who provide certain services for the data controller (advertising, administrative-accounting, etc.).
Data retention period
The personal data provided will be kept for an indefinite period of time, as long as the deletion of the same is not requested by the User.
Term for storing personal data
The controller shall store the personal data of the data subject only for the period, necessary for fulfilling the purpose of the processing, but no less than the required by the applicable Bulgarian and/or European legislation storage period.
The criteria used for defining the personal data storage period is the respective legally set storage period, including for the purpose of securing the ability of regulatory bodies to exercise their authority, and the statutory limitation period related to the purpose of the processing. The company’s general policy is to store personal data for a period of not more than 10 years as of the year following the year of conclusion of the relationship in respect of which the personal data has been collected and provided there is no other reason for processing the data.After the expiry of said period, the respective data is routinely blocked or erased, provided it is no longer necessary.
Automated decision-making
As a responsible company, we do not utilize automated decision-making or profiling.
Rights of the data subjects
Right of access to information:You have the right to obtain confirmation from us on whether, how and for what purposes we process personal data of yours and what data, as well as to receive a copy thereof.
Right to rectification:In case we are processing incomplete/inaccurate personal data of yours, you have the right to obtain from us without undue delay their rectification or completion, if the latter corresponds to the above described purposes of the processing.
Right to erasure:You have the right to obtain from us the erasure of personal data concerning you, if:
– it is no longer necessary in relation to the purposes for which they were processed; or
– you withdraw your consent on which the processing is based and there is no other legal ground for the processing; or
– you object to the processing and there are no overriding legitimate grounds for the processing, or you object to the processing for the purposes of the direct marketing; or
– the personal data have been unlawfully processed; or
– the personal data have to be erased for compliance with a legal obligation to which the controller is subject; or
– the personal data have been collected in relation to the offer of information society services to children.
Please, bear in mind that there may be reasons for the erasure not to be executed immediately, in regard of a legal requirement for keeping such data.
Right to restriction of the processing: You have the right to obtain from the controller restriction of processing where one of the following applies:
– the accuracy of the personal data is contested by you – for the period enabling us to verify the accuracy thereof;
– the processing is unlawful but you do not want the erasure of the personal data but rather request the restriction of their use instead;
– we no longer needs the personal data (for the particular purposes), but they are required by you for the establishment, exercise or defence of legal claims;
– you have objected to processing of such data (as stipulated below) pending the verification whether the legitimate grounds of the controller override those of your own.
Right to data portability: You have the right to receive the personal data concerning you and which you have provided to ASASA.EU, in a structured, commonly used and machine-readable format and have the right to transmit such data to another controller without hindrance from the controller to which the personal data have been provided, where:
– the processing is based on consent or on a contract; and
– the processing is carried out by automated means.
Right to object: In case we are processing personal data concerning you, where we have stipulated as a basis for it our legitimate interests and/or the performance of a task carried out in the public interest, including profiling on those grounds, you can object to such processing.
Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless:
– is necessary for entering into, or performance of, a contract between you and us; or
– is authorised by European Union or Member State law to which we are subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
– is based on the data subject’s explicit consent.
Right to withdraw consent, when the processing is based on consent, at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint with a supervisory authority and to an effective judicial remedy against a controller or processor: In case you believe that we are in breach of the Bulgarian or European legislation, we kindly ask you to contact us to clarify the situation and allow us to take immediate measures. In all cases and without being obliged to notify us under the previous sentence, you have the right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement. In Bulgaria this supervisory authority is the Commission for Personal Data Protection, address: Sofia 1592, 2 Prof. Tsvetan Lazarov (www.cpdp.bg).
You have the right to an effective judicial remedy when you consider that your rights to protection of your personal data have been infringed as a result of the unlawful processing of your personal data by us.
You are entitled to the stipulated rights without prejudice to any other administrative or judicial remedy you might have under the applicable legislation.
The controller shall review each request, addressed to it, for exercise of the above cited rights, shall assess its legal merit and legitimacy, in regard of which the controller shall conceit to it or not, replying to the data subject within 1 month of receipt of the request, unless there is reason to extend said period but by no more than 2 more months of which the data subject shall be notified.
Amendments of the Personal Data Protection Policy
Trading and web systems Ltd shall endeavor to improve and update its Personal Data Protection Policy in correspondence with the legal requirements and the good practices. In regards of this, we may amend this Policy where necessary. All amendments shall be published on this internet page and shall enter into force as of their publication. In regard of the latter, we recommend regular review of the published Policy by the visitors to our Internet page.
Definitions
We use the following terminology in the present policy:
Personal data
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject
Data subject is any identified or identifiable natural person, whose personal data is processed by the controller, responsible for the processing.
Processing
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
Restriction of processing
Restriction of processing means the marking of stored personal data with the aim of limiting their processing in the future.
Profiling
Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
Controller
Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor of personal data
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient
Recipient means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party
Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
Consent of the data subject
Consent of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
[1] Regulation (EU) 2016/679 of the European parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).