PRIVACY POLICY

Mandatory information on the rights of personal data protection persons

/ Effective from June 1, 2019 /

The website and online store www.handisimo.com process personal data of visitors and registered users for the purposes of sale and delivery of the products offered by www.handisimo.com, for the ancillary activities related to them, as well as for the purposes of online advertising related to the products offered.

This information is intended to inform you about all aspects of the processing of your personal data by the Administrator and the rights you have in connection with this processing.

INFORMATION REGARDING THE “ADMINISTRATOR” OF PERSONAL DATA - THE COMPANY WHICH PROCESSES YOUR DATA:

Name: HАNDISIMO EOOD

UIC / BULSTAT: 205521653

Headquarters and address of management: Sofia, p.k.1729, Mladost district, zh.k. Mladost 1a, Anna Akhmatova Str., Bl. 536 a, fl. 5, ap. 18

Address for correspondence: Sofia, pk1729, Mladost district, zh.k. Mladost 1a, Anna Akhmatova Str., Bl. 536 a, fl. 5, ap. 18

Email: office@handisimo.com;

Website: http://handisimo.com/

INFORMATION CONCERNING THE COMPETENT SUPERVISORY AUTHORITY FOR THE PROTECTION OF PERSONAL DATA:

Title: "Commission for Personal Data Protection"

Headquarters and address of management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Address for correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Phone: 02 915 3 518

Email: kzld@government.bg, kzld@cpdp.bg

Website: https://www.cpdp.bg/ 

 

 

THE TYPES OF PERSONAL DATA WE PROCESS AND THE GROUNDS FOR THEIR PROCESSING

 I. WE PROCESS THE FOLLOWING CATEGORIES OF DATA ON A CONTRACTUAL BASIS:

1. Data about your account in the online store "www.handisimo.com", which is created for you after entering into an informal contract with the Administrator, accepting the General Terms of Use of the website and online store http://handisimo.com/:

- Personal and family name

- Email

- Contact details: Telephone

- Company

- Address (location, address, district, postal code, country)

- Password

 

 2. Data for an online order through the online store "www.handisimo.com", made by you, concluding an informal distance contract with the Administrator in application of the General Terms and Conditions::

o Personal and surname of the delivery person;

o Delivery address - country, city, region, postal code, address;

o Delivery phone;

o Invoice data - names, telephone, city, country, postal code, address;

o Method of delivery;

o Method of payment;

o Order number;

o Amount to be paid;

II. WE PROCESS THE FOLLOWING DATA ON THE BASIS OF YOUR CONSENT, EXPRESSED BY INTENTIONAL ACTION - INDEPENDENT INTRODUCTION OF OPTIONAL DATA AND / OR INIB OR ION:

  1. Information about your account in the online store "www.handisimo.com":

o Personal and family name;

o E-mail;

o Contact phone

o Company

o Address (location, address, district, postal code, country)

o Password;

2.    Contact details and sent message or comment provided when filling in the contact form of the online store "www.handisimo.com", when sending an email to us, conventional mail, fax, phone call, sending an SMS, publishing comment on the site, use of online chat, as well as other forms of communication and / or expression:

o Personal, surname or pseudonym (fictitious name);

o Email address;

o Phone number;

o Address;

o Content of the comment / message;

Different forms of contact require different data from the above.

 

  1.  Data for online ordering through the online store www.handisimo.com:

o Delivery address - country, city, postal code, address;

o Delivery phone;

o Invoice data - names, telephone, city, country, postal code, address;

o Method of delivery;

o Method of payment;

o Order number;

o Amount to be paid;

o Status and history of payments;

o Status and history of deliveries;

o Order history;

You may withdraw any of the consents provided above through your account settings or in the form and manner prescribed in this Policy. Upon withdrawal of the consent, the processing of the respective type of personal data for the specified purposes shall be suspended. Withdrawal of consent shall not affect the lawfulness of the processing based on a consent prior to its withdrawal.

III. WE PROCESS THE FOLLOWING OF THE FOLLOWING LEGAL BASIS, IN ACCORDANCE WITH LOCAL AND UNION LEGISLATION:

  1. Details of your account at www.handisimo.com:

o Personal and family name

o Email

o Contact phone

o Company

o Address (town, address, district, postal code, country)

o Password

  1.  Data for online order through the online store "www.handisimo.com":

o Delivery address - country, city, postal code, address;

o Delivery phone;

o Invoice data - names, telephone, city, country, postal code, address;

o Method of delivery;

o Method of payment;

o Order number;

o Amount to be paid;

o Status and history of payments;

o Status and history of deliveries;

o Order history;

IV. WE PROCESS ON THE BASIS OF LEGITIMATE INTEREST, THE FOLLOWING DATA:

  1. Details of your account at www.handisimo.com:

o Personal and family name

o Email

o Contact phone

o Company

o Address (town, address, district, postal code, country)

o Password

2.      Data for online order through the online store "www.handisimo.com":

o Delivery address - country, city, postal code, address;

o Delivery phone;

o Invoice data - names, telephone, city, country, postal code, address;

o Method of delivery;

o Method of payment;

o Order number;

o Amount to be paid;

o Status and history of payments;

o Status and history of deliveries;

o Order history;

V. PURPOSES OF THE PROCESSING OF PERSONAL DATA

1. Your account data in the e-shop "www.handisimo.com" is processed for the purposes of:

o Fulfillment of the obligation for reporting of the Administrator by recording legally significant certifying data in electronic protocols - technical logs;

o creating a profile and providing full functionality when using the online store;

o Delivery of ordered products;

o Providing support in case of technical malfunctions, informing customers in connection with their orders or in connection with complaints, tracking deliveries, payments and others;

o Verification by sending an email to ensure the security of access to data about your account and when changing the password;

o Authentication when logging in to your account;

o Sending messages via email and / or push notifications and / or online chat for the purposes of direct marketing and advertising with your explicit consent;

o Compliance with the provisions of the laws, court decisions, legal orders and decisions of the authorities and supervisory authorities. This includes using your personal data to collect and verify accounting data and comply with accounting policies;

2. The data for online ordering through the e-shop "www.handisimo.com" are processed for the purposes of:

o Delivery of ordered products;

o Concluding and executing a distance contract;

o Individualization of a party to the contract;

o Accounting purposes;

o Statistical goals;

o Providing support in case of technical malfunctions, informing customers about their orders or complaints, tracking deliveries, payments and others;

o Prevention and investigation of abuses in online orders and related deliveries, as well as in losses and fraud;

o Compliance with the provisions of the laws, court decisions, legal orders and decisions of the authorities and supervisory authorities. This includes using your personal data to collect and verify accounting data and comply with accounting policies;

o Analyzing statistical data obtained after anonymization of your data;

  1. Contact data and sent inquiry, message or published comment are processed for the purposes of:

 o Your identification as the sender / author of a message or a published comment;

o Communicating with you;

VI. THIRD PARTIES WITH ACCESS TO PERSONAL DATA, IN CONNECTION WITH THEIR ACTIVITIES AND SERVICES PROVIDED TOGETHER WITH www.handisimo.com.

1. We use the following hosting, cloud service and server providers:

SuperHosting.BG Ltd., with UIC: 131449987 - provide hosting for reserved connectivity. You can get acquainted with their privacy policy at the following address: Sofia, Iztok district, 36 Dr. GM Dimitrov Blvd.

2.We use the services of the following Providers and Courier companies:

o Speedy courier company for delivery of products ordered by you to an office or address. You can read Speedy's privacy policy at the following address: https://www.speedy.bg/bg/gdpr.

3. State bodies and institutions in connection with inspections carried out by them in accordance with legal requirements and restrictions;

With regard to private entities, we require and monitor these third parties to apply all technical and organizational measures to protect this data.

VII. PRINCIPLES FOR THE COLLECTION, PROCESSING AND STORAGE OF YOUR PERSONAL DATA

1. We follow the following principles when processing your personal data:

• legality, good faith and transparency;

• restriction of processing purposes;

• relevance to the purposes of processing and minimizing the data collected;

• accuracy and timeliness of the data;

• limitation of storage in order to achieve the objectives;

• integrity and confidentiality of the processing and ensuring an appropriate level of security of personal data.

2. During the processing and storage of personal data, the Administrator may process and store personal data in order to protect the following legitimate interests:

• fulfillment of its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal bodies.

3. The administrator does not collect or process personal data that relate to the following:

• reveal racial or ethnic origin;

• disclose political, religious or philosophical beliefs, or trade union membership;

• genetic and biometric data, health data or data on sexual life or sexual orientation.

4. The personal data are collected by the Administrator from the persons to whom they refer.

5. The company does not perform automated decision making with data.

6. The administrator can use the so-called. Cookies for the purposes of providing full functionality of the website, improving the user experience, statistical purposes, easy access, etc., which you agree to by using our website. You can control and / or delete cookies at any time through the settings of the browser you use. Cookies do not constitute personal data and are not used to identify visitors and users of the e-shop.

 

VIII. TERM FOR STORAGE OF YOUR PERSONAL DATA

1. The administrator stores your personal data for a period not longer than the existence of your account in the online store. After deleting the account, the Administrator takes the necessary care to delete and destroy all your data without undue delay or to anonymize them (ie to bring them in a form that does not reveal your identity).

2. The administrator processes your personal data that you provided when placing an order without registration in the e-shop, until the completion of the order, unless you have given your explicit consent when placing your order to process your data for the purpose of improving the service, providing of recommended content for you, individual conditions, promotions, as well as for statistical purposes.

3. The Administrator stores your personal data provided in connection with online orders for a period of 5 years for the purpose of protecting the legal interests of the Administrator in court or administrative disputes with users of the online store.

4. The Administrator notifies you in case the data retention period needs to be extended in order to fulfill a regulatory obligation or in view of the legitimate interests of the Administrator or otherwise.

5. The administrator stores the personal data that it is necessary to keep under applicable law for the relevant period, which may exceed the period of existence of your account in the e-shop or until the completion of the order.

9. The Administrator keeps the personal data of the legal representatives of his business partners for the term of the contract, for observance of the legitimate interests and legal obligations of the Administrator, as this term may exceed the term of the concluded contract.

IX. TRANSMISSION OF YOUR PERSONAL DATA FOR PROCESSING

1. The controller may, at its discretion, transfer some or all of your personal data to personal data processors for the fulfillment of the processing purposes with which you have agreed, subject to the requirements of Regulation (EU) 2016/679 (GDPR).

2. The administrator notifies you in case of intention to transfer part or all of your personal data to third countries or international organizations.

X. YOUR RIGHTS IN THE COLLECTION, PROCESSING AND STORAGE OF YOUR PERSONAL DATA

Withdrawal of consent for the processing of your personal data

1. If you do not wish the personal data provided by you to be processed for marketing purposes and to receive a newsletter, you may at any time withdraw your consent to the processing by request in free text, which you send by e-mail.

2. Upon receipt of your request, we will send you a letter with detailed instructions for verifying you as a recipient of newsletters and a data subject for whom consent has been requested.

3. The withdrawal of the consent does not affect the legality of the processing of personal data, which the Administrator has performed so far.

Right of access

1. You have the right to request and receive confirmation from the Administrator whether personal data related to you are processed by sending a request in free text by e-mail.

2. You have the right to access data related to you, as well as information related to the collection, processing and storage of your personal data.

3. Upon receipt of your request, we will send you an email with detailed instructions for your verification as a data subject to which access has been requested, to the email you used to register or place orders in the e-shop.

4. After performing the verification, according to item 3, the Administrator provides you, upon request, a copy of the processed personal data related to you, in electronic or other appropriate form.

5. The provision of access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of recurrence or excessive requests.

Right of correction or completion

1. You can at any time correct or fill in the inaccurate or incomplete personal data related to you through the "Edit account" option.

2. You may correct or complete inaccurate or incomplete personal information relating to you directly through your account on the Website or by making a request to the Administrator by email through a free text request.

Right to delete ("to be forgotten")

1. You have the right to request from the Administrator the deletion of part or all of the personal data related to you, and the Administrator has the obligation to delete them without undue delay when there is any of the following reasons:

• personal data are no longer needed for the purposes for which they were collected or otherwise processed;

• You withdraw your consent on which the data processing is based and there is no other legal basis for the processing;

• You object to the processing of personal data relating to you, including for direct marketing purposes, and there are no legal grounds for processing to take precedence;

• personal data have been processed illegally;

• personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the Controller;

• personal data have been collected in connection with the provision of information society services.

2. The administrator is not obliged to delete personal data if it stores and processes:

 

• to exercise the right to freedom of expression and the right to information;

• to comply with a legal obligation requiring processing provided for in EU law or the law of the Member State applicable to the Administrator or for the performance of a task in the public interest or in the exercise of official powers conferred on him;

• for reasons of public interest in the field of public health;

• for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;

• to establish, exercise or defend legal claims.

3. In order to exercise your right to be forgotten, it is necessary to send by e-mail a request for deletion of your personal data, which the Administrator processes, after which the Administrator will send to the e-mail you used to register or place orders in the e-shop detailed instructions for verifying you as a store user and personal data subject for whom deletion has been requested.

4. Once we have verified the identity of the person making the request and the data subject in accordance with the instructions sent to you, we will delete all data we process for you in accordance with point 3.

5. If there is an order made by you that is being processed, the earliest moment when you can ask to be "forgotten" is when the order is successfully completed.

Right of restriction

1. You have the right to ask the Administrator to restrict the processing of data related to you by sending us a request in free text by email when:

 

• challenge the accuracy of personal data for a period that allows the Administrator to verify the accuracy of personal data;

• the processing is illegal, but you do not want the personal data to be deleted, but only their use to be restricted;

• The administrator no longer needs the personal data for the purposes of processing, but you require them to establish, exercise or defend your legal claims;

• You have objected to the processing pending verification of whether the legal grounds of the Administrator take precedence over your interests.

2. Once we receive your request, we will send you an email that you used to register or place orders in the e-shop, a letter with detailed instructions for verifying you as a user of the store and the subject of personal data for which a request for restriction of processing.

3. After performing the verification according to item 2, the Company will stop processing your data, but will not remove the publications you have made in the online store, if any.

Right of portability

1. If you have consented to the processing of your personal data or the processing is necessary for the performance of the contract with the Administrator, or if your data is processed in an automated manner, you may:

• request the Administrator to provide you with your personal data in a readable format and transfer them to another Administrator;

• ask the Administrator to directly transfer your personal data to an administrator designated by you, when this is technically feasible.

2. You can exercise the right of portability by sending us by e-mail a completed request form in free text, after which the Administrator will send to the e-mail you used to register or place orders in the e-shop, a letter with detailed instructions for verification as a user of the store and the subject of the personal data for whom the portability is requested.

3. After performing the verification according to item 2, the Company sends to the e-mail specified by you the data that it processes for you.

Right to receive information

You can ask the Administrator to inform you about all recipients to whom the personal data for which correction, deletion or restriction of processing has been requested have been disclosed. The administrator may refuse to provide this information if this would be impossible or would require a disproportionate effort.

Right to object

You may object at any time to the processing of personal data by the Administrator relating to him, including if they are processed for the purposes of profiling or direct marketing.

Your rights in the event of a breach of the security of your personal data

1. If the Administrator finds a breach of the security of your personal data, which may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the breach, as well as of the measures that have been taken or are to be taken.

2. The administrator is not obliged to notify you if:

• has taken appropriate technical and organizational protection measures with regard to data affected by the security breach;

• has subsequently taken steps to ensure that the breach does not pose a high risk to your rights;

• notification would require a disproportionate effort.

Persons to whom your personal data is provided

1. For the purposes of processing your personal data and providing the service in its full functionality and in view of your interests, the Administrator may provide the data to third parties only in view of

the purposes for concluding and executing contracts for distance sales, for delivery of the goods to the address indicated by the user, to an accounting company and a licensed postal operator (courier company),

following all confidentiality procedures.

2. The processors of personal data comply with all requirements for legality and security in the processing and storage of your personal data.

3. The administrator does not transfer your data to third countries.

4. In the event of a breach of your rights under the above or applicable data protection legislation, you have the right to lodge a complaint with the Data Protection Commission as follows:

Title: Commission for Personal Data Protection.

Headquarters and address of management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Address for correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Phone: 02 915 3 518

Website: www.cpdp.bg.

The Administrator may amend the Privacy Policy by posting a notice to that effect on its website.