PRIVACY POLICY
Mandatory information
on the rights of personal data protection persons
/ Effective from June 1, 2019 /
The website and online store www.handisimo.com process
personal data of visitors and registered users for the purposes of sale and
delivery of the products offered by www.handisimo.com, for the ancillary
activities related to them, as well as for the purposes of online advertising
related to the products offered.
This information is intended to inform you about all aspects
of the processing of your personal data by the Administrator and the rights you
have in connection with this processing.
INFORMATION
REGARDING THE “ADMINISTRATOR” OF PERSONAL DATA - THE COMPANY WHICH PROCESSES
YOUR DATA:
Name:
HАNDISIMO
EOOD
UIC
/ BULSTAT: 205521653
Headquarters
and address of management: Sofia, p.k.1729, Mladost district, zh.k. Mladost 1a, Anna
Akhmatova Str., Bl. 536 a, fl. 5, ap. 18
Address for correspondence: Sofia, pk1729,
Mladost district, zh.k. Mladost 1a, Anna Akhmatova Str., Bl. 536 a, fl. 5, ap.
18
Email: office@handisimo.com;
Website: http://handisimo.com/
INFORMATION
CONCERNING THE COMPETENT SUPERVISORY AUTHORITY FOR THE PROTECTION OF PERSONAL
DATA:
Title: "Commission for Personal Data
Protection"
Headquarters and address of management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2
Address for correspondence: Sofia 1592,
Blvd. "Prof. Tsvetan Lazarov ”№ 2
Phone: 02 915 3 518
Email: kzld@government.bg, kzld@cpdp.bg
Website: https://www.cpdp.bg/
THE
TYPES OF PERSONAL DATA WE PROCESS AND THE GROUNDS FOR THEIR PROCESSING
I. WE PROCESS THE FOLLOWING CATEGORIES OF DATA
ON A CONTRACTUAL BASIS:
1. Data about your
account in the online store "www.handisimo.com", which is created for you after entering into an informal contract with
the Administrator, accepting the General Terms of Use of the website and online
store http://handisimo.com/:
- Personal and family name
- Email
- Contact details: Telephone
- Company
- Address (location, address, district, postal code, country)
- Password
2. Data for an online order through the
online store "www.handisimo.com", made by you, concluding an informal
distance contract with the Administrator in application of the General Terms
and Conditions::
o Personal and surname of the delivery
person;
o Delivery address - country, city,
region, postal code, address;
o Delivery phone;
o Invoice data - names, telephone,
city, country, postal code, address;
o Method of delivery;
o Method of payment;
o Order number;
o Amount to be paid;
II.
WE PROCESS THE FOLLOWING DATA ON THE BASIS OF YOUR CONSENT, EXPRESSED BY
INTENTIONAL ACTION - INDEPENDENT INTRODUCTION OF OPTIONAL DATA AND / OR INIB OR
ION:
- Information
about your account in the online store "www.handisimo.com":
o Personal and family
name;
o E-mail;
o Contact phone
o Company
o Address (location,
address, district, postal code, country)
o Password;
2.
Contact details and sent message or comment provided when
filling in the contact form of the online store "www.handisimo.com",
when sending an email to us, conventional mail, fax, phone call, sending an
SMS, publishing comment on the site, use of online chat, as well as other forms
of communication and / or expression:
o Personal, surname or
pseudonym (fictitious name);
o Email address;
o Phone number;
o Address;
o Content of the comment / message;
Different forms of contact require
different data from the above.
- Data for online ordering through the
online store www.handisimo.com:
o Delivery address -
country, city, postal code, address;
o Delivery phone;
o Invoice data -
names, telephone, city, country, postal code, address;
o Method of delivery;
o Method of payment;
o Order number;
o Amount to be paid;
o Status and history
of payments;
o Status and history
of deliveries;
o Order history;
You may withdraw any of the consents
provided above through your account settings or in the form and manner
prescribed in this Policy. Upon withdrawal of the consent, the processing of
the respective type of personal data for the specified purposes shall be
suspended. Withdrawal of consent shall not affect the lawfulness of the
processing based on a consent prior to its withdrawal.
III.
WE PROCESS THE FOLLOWING OF THE FOLLOWING LEGAL BASIS, IN ACCORDANCE WITH LOCAL
AND UNION LEGISLATION:
- Details
of your account at www.handisimo.com:
o Personal and family name
o Email
o Contact phone
o Company
o Address (town, address, district,
postal code, country)
o Password
- Data for online order through the online
store "www.handisimo.com":
o Delivery address -
country, city, postal code, address;
o Delivery phone;
o Invoice data -
names, telephone, city, country, postal code, address;
o Method of delivery;
o Method of payment;
o Order number;
o Amount to be paid;
o Status and history of
payments;
o Status and history
of deliveries;
o Order history;
IV.
WE PROCESS ON THE BASIS OF LEGITIMATE INTEREST, THE FOLLOWING DATA:
- Details
of your account at www.handisimo.com:
o Personal and family name
o Email
o Contact phone
o Company
o Address (town, address, district,
postal code, country)
o Password
2.
Data for online order through the online store
"www.handisimo.com":
o Delivery address -
country, city, postal code, address;
o Delivery phone;
o Invoice data -
names, telephone, city, country, postal code, address;
o Method of delivery;
o Method of payment;
o Order number;
o Amount to be paid;
o Status and history of
payments;
o Status and history
of deliveries;
o Order history;
V.
PURPOSES OF THE PROCESSING OF PERSONAL
DATA
1. Your account data in the e-shop "www.handisimo.com" is
processed for the purposes of:
o Fulfillment of the
obligation for reporting of the Administrator by recording legally significant
certifying data in electronic protocols - technical logs;
o creating a profile
and providing full functionality when using the online store;
o Delivery of ordered
products;
o Providing support
in case of technical malfunctions, informing customers in connection with their
orders or in connection with complaints, tracking deliveries, payments and
others;
o Verification by
sending an email to ensure the security of access to data about your account
and when changing the password;
o Authentication when
logging in to your account;
o Sending messages
via email and / or push notifications and / or online chat for the purposes of
direct marketing and advertising with your explicit consent;
o Compliance with the
provisions of the laws, court decisions, legal orders and decisions of the
authorities and supervisory authorities. This includes using your personal data
to collect and verify accounting data and comply with accounting policies;
2. The data for online ordering through
the e-shop "www.handisimo.com" are processed for the purposes of:
o Delivery of ordered
products;
o Concluding and
executing a distance contract;
o Individualization
of a party to the contract;
o Accounting
purposes;
o Statistical goals;
o Providing support
in case of technical malfunctions, informing customers about their orders or
complaints, tracking deliveries, payments and others;
o Prevention and
investigation of abuses in online orders and related deliveries, as well as in
losses and fraud;
o Compliance with the
provisions of the laws, court decisions, legal orders and decisions of the
authorities and supervisory authorities. This includes using your personal data
to collect and verify accounting data and comply with accounting policies;
o Analyzing
statistical data obtained after anonymization of your data;
- Contact
data and sent inquiry, message or published comment are processed for the
purposes of:
o Your
identification as the sender / author of a message or a published comment;
o Communicating with you;
VI.
THIRD PARTIES WITH ACCESS TO PERSONAL
DATA, IN CONNECTION WITH THEIR ACTIVITIES AND SERVICES PROVIDED TOGETHER WITH
www.handisimo.com.
1. We use the following hosting, cloud
service and server providers:
SuperHosting.BG Ltd., with UIC: 131449987 - provide hosting for
reserved connectivity. You can get acquainted with their privacy policy at the
following address: Sofia, Iztok district, 36 Dr. GM Dimitrov Blvd.
2.We use the services
of the following Providers and Courier companies:
o Speedy courier
company for delivery of products ordered by you to an office or address. You
can read Speedy's privacy policy at the following address:
https://www.speedy.bg/bg/gdpr.
3. State bodies and
institutions in connection with inspections carried out by them in accordance
with legal requirements and restrictions;
With regard to private entities, we
require and monitor these third parties to apply all technical and
organizational measures to protect this data.
VII. PRINCIPLES FOR THE COLLECTION, PROCESSING AND STORAGE OF
YOUR PERSONAL DATA
1. We follow the
following principles when processing your personal data:
• legality, good faith and
transparency;
• restriction of processing purposes;
• relevance to the purposes of
processing and minimizing the data collected;
• accuracy and timeliness of the data;
• limitation of storage in order to
achieve the objectives;
• integrity and confidentiality of the
processing and ensuring an appropriate level of security of personal data.
2. During the processing and storage of
personal data, the Administrator may process and store personal data in order
to protect the following legitimate interests:
• fulfillment of its obligations to the
National Revenue Agency, the Ministry of Interior and other state and municipal
bodies.
3. The administrator
does not collect or process personal data that relate to the following:
• reveal racial or ethnic origin;
• disclose political, religious or
philosophical beliefs, or trade union membership;
• genetic and biometric data, health
data or data on sexual life or sexual orientation.
4. The personal data are collected by
the Administrator from the persons to whom they refer.
5. The company does not perform
automated decision making with data.
6. The administrator can use the
so-called. Cookies for the purposes of providing full functionality of the
website, improving the user experience, statistical purposes, easy access, etc.,
which you agree to by using our website. You can control and / or delete
cookies at any time through the settings of the browser you use. Cookies do not
constitute personal data and are not used to identify visitors and users of the
e-shop.
VIII. TERM FOR STORAGE OF YOUR PERSONAL DATA
1. The administrator stores your personal
data for a period not longer than the existence of your account in the online
store. After deleting the account, the Administrator takes the necessary care
to delete and destroy all your data without undue delay or to anonymize them
(ie to bring them in a form that does not reveal your identity).
2. The administrator processes your
personal data that you provided when placing an order without registration in
the e-shop, until the completion of the order, unless you have given your
explicit consent when placing your order to process your data for the purpose
of improving the service, providing of recommended content for you, individual
conditions, promotions, as well as for statistical purposes.
3. The Administrator stores your personal
data provided in connection with online orders for a period of 5 years for the
purpose of protecting the legal interests of the Administrator in court or
administrative disputes with users of the online store.
4. The Administrator notifies you in case
the data retention period needs to be extended in order to fulfill a regulatory
obligation or in view of the legitimate interests of the Administrator or
otherwise.
5. The administrator stores the personal data that it is
necessary to keep under applicable law for the relevant period, which may
exceed the period of existence of your account in the e-shop or until the
completion of the order.
9. The Administrator keeps the personal
data of the legal representatives of his business partners for the term of the
contract, for observance of the legitimate interests and legal obligations of
the Administrator, as this term may exceed the term of the concluded contract.
IX. TRANSMISSION OF YOUR PERSONAL DATA FOR PROCESSING
1. The controller may, at its discretion, transfer some or all
of your personal data to personal data processors for the fulfillment of the
processing purposes with which you have agreed, subject to the requirements of
Regulation (EU) 2016/679 (GDPR).
2. The administrator notifies you in
case of intention to transfer part or all of your personal data to third
countries or international organizations.
X. YOUR RIGHTS IN THE COLLECTION, PROCESSING AND STORAGE OF YOUR
PERSONAL DATA
Withdrawal of consent for the processing of your personal data
1. If you do not wish the personal data provided by you to be
processed for marketing purposes and to receive a newsletter, you may at any
time withdraw your consent to the processing by request in free text, which you
send by e-mail.
2. Upon receipt of your request, we will
send you a letter with detailed instructions for verifying you as a recipient
of newsletters and a data subject for whom consent has been requested.
3. The withdrawal of the consent does
not affect the legality of the processing of personal data, which the
Administrator has performed so far.
Right of access
1. You have the right to request and receive confirmation from
the Administrator whether personal data related to you are processed by sending
a request in free text by e-mail.
2. You have the right to access data
related to you, as well as information related to the collection, processing
and storage of your personal data.
3. Upon receipt of your request, we will
send you an email with detailed instructions for your verification as a data
subject to which access has been requested, to the email you used to register
or place orders in the e-shop.
4. After performing the verification, according to item 3, the
Administrator provides you, upon request, a copy of the processed personal data
related to you, in electronic or other appropriate form.
5. The provision of access to the data
is free of charge, but the Administrator reserves the right to impose an
administrative fee in case of recurrence or excessive requests.
Right of correction or completion
1. You can at any time correct or fill in the inaccurate or
incomplete personal data related to you through the "Edit account"
option.
2. You may correct or complete
inaccurate or incomplete personal information relating to you directly through
your account on the Website or by making a request to the Administrator by
email through a free text request.
Right to delete ("to be forgotten")
1. You have the right to request from the Administrator the
deletion of part or all of the personal data related to you, and the
Administrator has the obligation to delete them without undue delay when there
is any of the following reasons:
• personal data are no longer needed for the purposes for which
they were collected or otherwise processed;
• You withdraw your consent on which the data processing is based
and there is no other legal basis for the processing;
• You object to the processing of personal data relating to you,
including for direct marketing purposes, and there are no legal grounds for
processing to take precedence;
• personal data have been processed illegally;
• personal data must be deleted in order
to comply with a legal obligation under EU law or the law of a Member State
that applies to the Controller;
• personal data have been collected in
connection with the provision of information society services.
2. The administrator is not obliged to delete personal data if
it stores and processes:
• to exercise the right to freedom of
expression and the right to information;
• to comply with a legal obligation
requiring processing provided for in EU law or the law of the Member State
applicable to the Administrator or for the performance of a task in the public
interest or in the exercise of official powers conferred on him;
• for reasons of public interest in the
field of public health;
• for archiving purposes in the public
interest, for scientific or historical research or for statistical purposes;
• to establish, exercise or defend
legal claims.
3. In order to exercise your right to be
forgotten, it is necessary to send by e-mail a request for deletion of your
personal data, which the Administrator processes, after which the Administrator
will send to the e-mail you used to register or place orders in the e-shop
detailed instructions for verifying you as a store user and personal data
subject for whom deletion has been requested.
4. Once we have verified the identity of the person making the
request and the data subject in accordance with the instructions sent to you,
we will delete all data we process for you in accordance with point 3.
5. If there is an order made by you that
is being processed, the earliest moment when you can ask to be
"forgotten" is when the order is successfully completed.
Right of restriction
1. You have the right to ask the Administrator to restrict the
processing of data related to you by sending us a request in free text by email
when:
• challenge the accuracy of personal data for a period that allows
the Administrator to verify the accuracy of personal data;
• the processing is illegal, but you do not want the personal data
to be deleted, but only their use to be restricted;
• The administrator no longer needs the personal data for the
purposes of processing, but you require them to establish, exercise or defend
your legal claims;
• You have objected to the processing pending verification of
whether the legal grounds of the Administrator take precedence over your
interests.
2. Once we receive your request, we will send you an email that
you used to register or place orders in the e-shop, a letter with detailed
instructions for verifying you as a user of the store and the subject of
personal data for which a request for restriction of processing.
3. After performing the verification
according to item 2, the Company will stop processing your data, but will not
remove the publications you have made in the online store, if any.
Right of portability
1. If you have consented to the processing of your personal
data or the processing is necessary for the performance of the contract with
the Administrator, or if your data is processed in an automated manner, you
may:
• request the
Administrator to provide you with your personal data in a readable format and
transfer them to another Administrator;
• ask the Administrator
to directly transfer your personal data to an administrator designated by you,
when this is technically feasible.
2. You can exercise the right of portability by sending us by
e-mail a completed request form in free text, after which the Administrator
will send to the e-mail you used to register or place orders in the e-shop, a
letter with detailed instructions for verification as a user of the store and
the subject of the personal data for whom the portability is requested.
3. After performing the verification
according to item 2, the Company sends to the e-mail specified by you the data
that it processes for you.
Right to receive information
You can ask the Administrator to inform you about all recipients
to whom the personal data for which correction, deletion or restriction of
processing has been requested have been disclosed. The administrator may refuse
to provide this information if this would be impossible or would require a disproportionate
effort.
Right to object
You may object at any time to the processing of personal data by
the Administrator relating to him, including if they are processed for the
purposes of profiling or direct marketing.
Your rights in the event of a breach of the security of your
personal data
1. If the Administrator finds a breach of the security of your
personal data, which may pose a high risk to your rights and freedoms, he shall
notify you without undue delay of the breach, as well as of the measures that
have been taken or are to be taken.
2. The administrator is not obliged to
notify you if:
• has taken appropriate technical and
organizational protection measures with regard to data affected by the security
breach;
• has subsequently taken steps to
ensure that the breach does not pose a high risk to your rights;
• notification would require a
disproportionate effort.
Persons to whom your personal data is provided
1. For the purposes of processing your personal data and
providing the service in its full functionality and in view of your interests,
the Administrator may provide the data to third parties only in view of
the purposes for concluding and executing contracts for distance
sales, for delivery of the goods to the address indicated by the user, to an
accounting company and a licensed postal operator (courier company),
following all confidentiality procedures.
2. The processors of personal data
comply with all requirements for legality and security in the processing and
storage of your personal data.
3. The administrator does not transfer your data to third
countries.
4. In the event of a breach of your
rights under the above or applicable data protection legislation, you have the
right to lodge a complaint with the Data Protection Commission as follows:
Title: Commission for Personal Data
Protection.
Headquarters and address of management: Sofia 1592,
Blvd. "Prof. Tsvetan Lazarov ”№ 2
Address for correspondence: Sofia 1592, Blvd.
"Prof. Tsvetan Lazarov ”№ 2
Phone: 02 915 3 518
Website: www.cpdp.bg.
The Administrator may amend the Privacy Policy by posting a
notice to that effect on its website.