- Discounts
- ACADEMY
-
Products
ProductsGel polishesGel polishes
- Go to Gel polishes
- Super Pigment Gel Polish
- Gel polish Crazy Summer Cat Eye
- Mermaid Glow Gel Polish
- Sparkly Gel Polish
- Platinum gel polish
- Gel Polish Night Diamond
- Galaxy Cat Eye Gel Polish
- Gel Polish Red Queen Cat Eye
- Sunshine Cat Eye gel polish
- Lux Cat Eye Gel Polish
- Tutti Frutti Cat Eye Gel Polish
- Gel Polish Pastel Cat Eye
Top / TopTop / TopAcrygel / AcrygelAcrygel / AcrygelDecorationsDecorations -
Accessories
- Contacts
Privacy Policy
Freya Nails Bulgaria EOOD
(Notice regarding the processing of personal data)
Controller of personal data:
- Name: "Freya Nails Bulgaria" EOOD
- UIC: 208093962
- Registered office and management address: 11 Tsvetna Gradina St., Kyustendil
- Phone: +359896705098
- Email address: info@freyanails.bg
- Website: freyanails.bg
"Freya Nails Bulgaria" EOOD ("the Company" or "the Controller") carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data ("General Data Protection Regulation" or "the Regulation"). This "Privacy Policy" ("Privacy Policy" or "the Policy") is intended to inform each Customer (as defined below) of the Company about the processing of data by which the specific Customer is identified or can be identified.
For the purposes of the Policy, a "Customer" is any natural person who is a party to a contract with the Company for the sale and purchase of goods, as well as any natural person who has expressed a desire to enter into pre-contractual relations with the Controller and/or a user of the e-commerce store freyanails.bg, accessible on the Internet at the electronic address freyanails.bg, as well as a director, manager, representative, attorney, employee, partner, shareholder, beneficial owner of a legal entity or other legal formation using the e-commerce store.
- What personal data do we process?
The company, as the controller of personal data, processes the following groups of customers' personal data:
- Physical identity - name, address, phone number, email address;
- Economic identity - information about a bank account number or PayPal
Personal data are collected by the Controller from the persons to whom they relate.
- How we collect personal data
We collect personal data:
- in the process of registering on the e-commerce website and when using the e-commerce store without registration;
- when corresponding with the Customer, which may include communication in written form, including electronic form, and verbal form;
- through cookies when using or browsing our website.
In some cases, we may also collect information from third parties or public sources.
Our website collects data in log files. This information includes data about your IP address, internet service provider, the browser you use, your operating system, when you visited our website, and the pages visited.
Our website uses "cookies". "Cookies" are small files containing information that the website sends to the visitor's browser. The browser stores this information in a text file on the user's device. They help us make our website work better for you. More information about the use of "cookies" can be found in our Cookie Policy published on the website of the Online Store: www.freyanails.bg.
- Do we process special categories of personal data?
The Company does not process special categories of Customers' personal data.
- For what purposes do we process personal data?
The Company processes Customers' personal data for the following purposes:
- providing information and assistance you have requested from us;
- identification and contact with customers and beneficial owners;
- for all activities related to the existence, amendment and termination of the relationship between the Company and the Customer;
- offering and promoting additional services;
- compliance with regulatory requirements;
- to provide defence in the event of a dispute and to cooperate with regulatory authorities to the extent required by law.
If we do not process this personal data, we may not be able to provide you with our services or the assistance you have requested from us.
- What is the legal basis for processing personal data?
The personal data of Customers are collected, processed and used on the basis of several grounds for processing:
- For the performance of a contract or for entering into pre-contractual relations;
- To comply with a legal obligation applicable to the Company;
- For the purposes of the legitimate interests of the Company or a third party, where the rights and interests of the data subjects do not override them – for dispute resolution; for the prevention, detection, investigation of fraud, violations or other unlawful conduct; for the establishment, exercise or defence of legal claims;
- Subject to freely given consent, where required under applicable law.
- For how long do we retain personal data?
The Company retains personal data during the contractual relationship and until the claim under the contract is settled, as well as during a transitional period (e.g. to comply with obligations related to the archiving and retention of accounting records). If legal proceedings or other action are initiated, personal data may be retained until the end of such proceedings or action, including any possible appeal periods, and will then be deleted or archived as permitted by applicable law. In particular, the various media containing accounting and tax information that include personal data are retained for a period of 10 years, starting from 1 January of the reporting period following the reporting period to which they relate.
In the case of an incomplete order, we retain the data entered for 30 days and reserve the right to inform you periodically about its status, as well as about your options arising from it. In the case of a completed order and a contract performed by us on the basis of Art. 6, para. 1, letters (a) and (b) of the GDPR, we retain all data related to the contractual relationship until the expiry of the 10-year period provided for in Art. 12 of the Accounting Act.
In cases where your personal data are obtained and processed on the basis of consent given by you, we will process your personal data only to the extent that we have your consent to process your personal data.
- With whom do we share personal data? Do we transfer it to third countries?
The Company may, at its own discretion, transfer some or all personal data to data processors for the purposes of processing, in compliance with the requirements of the Regulation.
The Company shares personal data with:
- third parties – the payment processor, the payment services provider, the courier company we use to deliver your purchases, and Shopify, which are our data processors under the GDPR;
- third parties: regulatory authorities, tax and financial authorities, judicial, administrative and law enforcement authorities, and the company’s accountant.
This list is not exhaustive and there may be other lawful purposes for storing, disclosing, or otherwise processing your personal data.
The Company shall inform the data subject in the event of an intention to transfer some or all of their personal data to third countries or international organizations.
- Are personal data protected?
The Company provides and maintains appropriate technical and organizational measures to protect personal data against unauthorized access or unlawful use of the personal data and/or against their accidental loss, alteration, disclosure, access and/or damage or copying. These measures are intended to ensure ongoing protection and confidentiality of personal data. The Company regularly reassesses the measures in order to achieve continuous security of personal data.
- Do we carry out automated decision-making?
The Company does not carry out automated decision-making based on data.
- What are the Customers’ rights regarding the protection of personal data?
Each Customer may exercise the rights listed below by sending a written notice to the Company.
- Withdrawal of consent for the processing of personal data
When the processing of a Customer’s personal data is based on the Customer’s consent for the processing of their personal data, the Customer has the right to withdraw their consent at any time. Withdrawing consent does not affect the lawfulness of processing based on consent given before its withdrawal.
If for any reason you wish to opt out of the services we provide through the above-mentioned “cookies,” you should visit the “Manage Preferences” section on our website and follow the steps indicated there.
- Right of access
Each Customer has the right to obtain confirmation from the Company as to whether their personal data are being processed by the Company. This includes the right of access to the personal data, the right to receive a free copy of the data (except in cases of excessive and repetitive requests), unless otherwise provided in the applicable personal data protection rules, as well as the Customer’s right to be provided with a description of the basic information related to the processing of their personal data.
The Company provides the Customer with a free copy of their personal data that is being processed, but reserves the right to charge an administrative fee in the event of repetitive or excessive requests.
- Right to rectification
Each Customer has the right to rectify or request that the Company rectify, without undue delay, inaccurate, incomplete, or outdated personal data concerning them.
- Right to erasure (the “right to be forgotten”)
Each Customer has the right to request that the Company erase the personal data concerning them without undue delay, where one of the grounds listed below applies:
(i) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
(ii) the Customer withdraws the consent on which the processing of their data is based and there is no other legal basis for the processing;
(iii) the Customer has objected to the processing, as set out below;
(iv) the Customer’s personal data have been processed unlawfully; or
(v) The Customer’s personal data must be erased in order to comply with a legal obligation under EU law, the law of a Member State, or the law of another country;
(vi) the personal data were collected in connection with the offering of information society services.
The Company may refuse to erase a Customer’s personal data to the extent that processing is necessary:
(i) for the exercise of the right to freedom of expression and the right to information;
(ii) for compliance with a legal obligation that requires processing under EU law or the law of a Member State applicable to the Controller, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in it;
(iii) for reasons of public interest in the area of public health
(iv) for archiving purposes in the public interest, for scientific or historical research purposes, or for statistical purposes;
(v) for the establishment, exercise or defence of legal claims.
- Right to restriction of processing
Each Customer has the right to request that the Company restrict the processing of their personal data in the following cases:
(i) Where they contest the accuracy of the personal data as provided by the Customer and processed by the Company (the restriction applies for a certain period allowing the Company to verify the accuracy of the personal data);
(ii) Where the processing is unlawful, but the Customer does not want the Personal Data to be erased and instead requests restriction of their use;
(iii) Where the Company no longer needs the personal data for the purposes of processing, but the Customer requires them for the establishment, exercise or defence of legal claims;
(iv) Where the Customer has objected to the processing and awaits the Company to verify whether the Company's legitimate grounds for processing the personal data override the Customer's interests.
- Right to object
Each Customer has the right at any time, on grounds relating to their particular situation, to object to the processing of personal data concerning them.
The Customer may exercise this right only in relation to the processing of their personal data carried out by the Company for the purposes of the Company's legitimate interests.
If the objection is well-founded, the Company will cease processing the personal data concerning the objecting Customer, unless the Company demonstrates that there are compelling legitimate grounds for the processing which override the Customer's interests.
- Right to data portability
This right includes the following options:
(i) to obtain the personal data in a structured, commonly used and machine-readable format, in order to transfer them to another controller; or
(ii) to obtain direct transfer of the personal data to another controller, where technically feasible.
- Right to complain
Each Customer has the right to lodge a complaint regarding the Company's processing of their personal data with the Commission for Personal Data Protection, which is the competent supervisory authority.
Commission for Personal Data Protection
Address: Sofia, postal code 1592, 2 Prof. Tsvetan Lazarov St.,
tel. (02) 91 53 519, fax: (02) 91 53 525
email: kzld@cpdp.bg
website: www.cpdp.bg
- What happens in the event of a change?
In the event of a material change in the way the Company processes Customers' personal data and/or in the types of personal data it processes, and/or in any other aspect of the subject matter of this notice, the Company will notify Customers of the relevant change immediately by issuing and providing Customers with an updated version of the notice.