Privacy Policy

   Information about the controller of personal data:

"Lucano International" Ltd. is a company registered in the Commercial Register of the Registration Agency, with EIK 203417271, with headquarters and management address: Plovdiv, p.k. 4002, "Ivan St. Geshev" street No. 9, floor 3, apartment 6, Tel: 0887519304; e-mail: info@trendystock.agency.


Contacts of the personal data protection officer:

Three names of the official for personal data protection: Angel Todorov Bozhilov

Contact of the Data Protection Officer: info@trendystock.agency


Grounds and purposes for which we use your personal data

We process your personal data on the following grounds:

● A contract concluded between us and you in order to fulfill our obligations under it;

● Your express consent - the purpose is specified for each specific case;

● If required by law;


In the following paragraphs you will find detailed information about the processing of your personal data depending on the basis on which we process it.


FOR PERFORMANCE OF A CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS

We process your personal data in order to fulfill the contractual and pre-contractual obligations and to enjoy the rights under the contracts concluded with you.


Purposes of processing:

● establishing your identity;

● management and execution of your request and execution of a concluded contract;

● preparing a proposal for concluding a contract;

● preparing and sending a bill/invoice for the services you use with us;

● to provide you with the comprehensive service you need, as well as to collect the amounts due for the services used;

● saving correspondence in connection with placed orders, processing requests, reporting problems, etc.

● notification of everything related to the services you use with us;

● analysis of customer history;

● detect and/or prevent illegal actions or actions contrary to our terms of service;


Data we process on this basis:

On the basis of the contract concluded between us and you, we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:

● personal contact data - contact address, email, phone number;

● identification data - the three names, uniform civil number or personal number of a foreigner, gender, age group, permanent address;

● data on the orders placed;

● correspondence related to the overall service - e-mail, letters, information about your requests for troubleshooting, complaints, requests, complaints, feedback that we receive from you;

● credit or debit card information, bank account number or other banking and payment information in connection with the payments made;

● credit rating;

o other information such as:

● Customer number, code or other identifier created for identification;

● IP address when visiting our website;

● Demographic data;

● Profile data in social networks;

● Information from your actions on the site.

The processing of the specified personal data is mandatory for us in order to be able to conclude the contract with you and fulfill it. Without you providing us with the above data, we would not be able to fulfill our obligations under the contract.


We provide personal data to third parties

We provide your personal data to third parties, and our main goal is to offer you quality, fast and comprehensive service. We do not provide your personal data to third parties before making sure that all technical and organizational measures are taken to protect this data and we strive to implement strict controls to fulfill this purpose. In this case, we remain responsible for the confidentiality and security of your data.


We provide personal data to the following categories of recipients (data controllers):

● postal operators and courier companies;

● companies-credit agencies, for the purposes of initial and current credit assessment;

● persons who, by assignment, maintain equipment, software and hardware used for processing personal data and necessary for the company's activities

● persons performing consulting services in various fields.


When we delete data collected on this basis

We delete the data collected on this basis 5 years after termination of the contractual relationship, regardless of whether due to expiration of the contract, cancellation or other reason. The term is determined by the 5-year statute of limitations for possible claims from the contract.


TO FULFILL REGULATORY OBLIGATIONS

It is possible that the law stipulates an obligation for us to process your personal data. In these cases, we are required to carry out the processing, such as:

● Obligations under the Anti-Money Laundering Measures Act;

● Fulfillment of obligations in connection with distance sales, off-premises sales, provided for in the Consumer Protection Act;

● Provision of information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;

● Provision of information to the Commission for the Protection of Personal Data in connection with obligations provided for in the normative framework for the protection of personal data;

● Obligations stipulated in the Law on Accounting and the Tax-Insurance Procedure Code and other related legal acts, in connection with the keeping of legal accounting;

● Provision of information to the court and third parties, within the framework of proceedings before a court, in accordance with the requirements of the normative acts applicable to the proceedings;

● Age verification when shopping online.


When we delete personal data collected on this basis

We delete the data collected pursuant to an obligation provided for by law after the obligation to collect and store is fulfilled or ceases. For example:

● under the Accounting Act for the storage and processing of accounting data (11 years),

● obligations to provide information to the court, competent state authorities, etc. grounds provided for in the current legislation (5 years).

Provision of data to 3rd parties

When we are required by law, we may provide your personal data to the competent state authority, natural or legal person.


AFTER YOUR CONSENT

We process your personal data on this basis only after your express, unequivocal and voluntary consent. We will not foresee any adverse consequences for you if you refuse to process personal data.

Consent is a separate basis for processing your personal data and the purpose of the processing is stated therein, and is not covered by the purposes listed in this policy. If you give us the relevant consent and until its withdrawal or termination of any contractual relationship with you, we prepare suitable offers for you for products/services, performing detailed analyzes of your basic personal data;

Detailed analysis is a method of performing analysis that allows the processing of large volumes of data by means of statistical models and algorithms and others that include the use of personal data, as well as processes of pseudonymization and anonymization of the same, in order to extract information about trends and various statistical indicators.


Data we process on this basis:

On this basis, we only process the data for which you have given us your express consent. Specific data is determined on a case-by-case basis. Typically, this data is names, email address, other address, phone number, gender, age group, interests.


Provision of data to third parties

On this basis, we may provide your data to marketing agencies, Facebook, Google, YouTube or other similar platforms.


Withdrawal of consent

Consents may be withdrawn at any time. Withdrawal of consent does not affect the fulfillment of contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we will not use your personal data and information for the purposes specified above. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal.

To withdraw the given consent, you only need to use our site or simply our contact details.


When we delete data collected on this basis

We delete the data collected on this basis upon your request or 12 months after its initial collection.


PROCESSING OF ANONYMIZED DATA

We process your data for static purposes, that is, for analyzes in which the results are only generalizable and therefore the data is anonymous. Identification of a specific person from this information is impossible.

Your data can also be anonymized. Anonymization is an alternative to data deletion. Upon anonymization, all personally identifiable elements/elements enabling your identification are irreversibly deleted. There is no legal obligation to delete anonymized data, as it does not constitute personal data.

How we protect your personal data

To ensure adequate data protection of the company and its customers, we implement all necessary organizational and technical measures provided for in the Personal Data Protection Act.

The company has established rules to prevent abuse and security breaches and has designated a Data Protection Officer who supports the processes of protecting and ensuring the security of your data.

For the purpose of maximum security in the processing, transfer and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.


Personal data we have received from 3rd parties

We receive personal data from the following 3rd parties: names, email address, other address, phone number, gender, age group, interests.


Rights of Users

Each User of the site enjoys all the rights to protect personal data according to Bulgarian legislation and the law of the European Union.


The user can exercise his rights through the contact form or by sending a message to our email.


Each User has the right to:

● Being informed (in connection with the processing of his personal data by the administrator);

● Access to your own personal data;

● Correction (if the data is inaccurate);

● Erasure of personal data (right "to be forgotten");

● Restriction of processing by the administrator or personal data processor;

● Portability of personal data between individual administrators;

● Objection to the processing of his personal data;

● The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for the data subject or similarly affects him to a significant extent;

● Right to judicial or administrative protection in the event that the data subject's rights have been violated.


The user can request deletion if one of the following conditions is present:

● The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

● The user withdraws his consent on which the data processing is based and there is no other legal basis for the processing;

● The data user objects to the processing and there are no overriding legal grounds for the processing;

● Personal data has been processed unlawfully;

● Personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State that applies to the controller;

● The personal data were collected in connection with the provision of information society services to children and the consent was given by the holder of parental responsibility for the child.


The user has the right to limit the processing of his personal data by the administrator when:

● Dispute the accuracy of personal data. In this case, the restriction of processing is for a period that allows the administrator to verify the accuracy of the personal data;

● The processing is unlawful, but the User does not want the personal data to be deleted, but instead requires the restriction of its use;

● The Administrator no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise or defense of legal claims;

● Object to the processing pending verification of whether the legal grounds of the administrator take precedence over the interests of the User.


Right of portability.

The data subject has the right to receive the personal data concerning him and which he has provided to an administrator in a structured, widely used and machine-readable format and has the right to transfer such data to another administrator without hindrance from the administrator to whom the personal data data is provided when the processing is based on consent or a contractual obligation and the processing is carried out in an automated manner. When exercising the right to data portability, the data subject has the right to obtain a direct transfer of the personal data from one administrator to another, when this is technically feasible.


Right to object.

Users have the right to object to the administrator against the processing of their personal data. The administrator of personal data is obliged to terminate the processing, unless it proves that there are compelling legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims. In case of objection to the processing of personal data for the purposes of direct marketing, the processing should be stopped immediately.


Complaint to the supervisory authority

Every User has the right to file a complaint against illegal processing of his personal data to the Commission for the Protection of Personal Data or to the competent court.


Maintaining a register

We maintain a register of the processing activities for which we are responsible. This register contains all the information below:

● The name and contact details of the administrator

● The purposes of processing;

● Description of categories of data subjects and categories of personal data;

● The categories of recipients to whom the personal data are or will be disclosed,

● Including recipients in third countries or international organizations;

● When possible, the deadlines for erasure of the different categories of data;

● Where possible, a general description of the technical and organizational security measures.