Information about the data controller:
“Luciano International Ltd. is a company registered in the Commercial Register of the Registry Agency, with UIC 203417271, registered office and registered address. The registered office and registered address of the registered office of the registered office at 4002, ul. “Ivan St. Geshev” No. 9, et. Tel: 0887519304; e-mail: info@trendystock.agency.
Contact details of the Data Protection Officer:
Three names of the Data Protection Officer: Angel Todorov Bozhilov
Contact of the Data Protection Officer: info@trendystock.agency
Grounds and purposes for which we use your personal data
We process your personal data on the following grounds:
● The contract concluded between us and you in order to perform our obligations under it;
● Explicit consent from you – the purpose is stated on a case-by-case basis;
● In case of a legal obligation;
In the following paragraphs you will find detailed information about the processing of your personal data depending on the basis on which we process it.
FOR THE PERFORMANCE OF A CONTRACT OR IN THE CONTEXT OF A PRE-CONTRACTUAL RELATIONSHIP
We process your personal data in order to fulfil contractual and pre-contractual obligations and to exercise the rights under contracts concluded with you.
Processing objectives:
● establish your identity;
● management and execution of your request and performance of a concluded contract;
● preparation of a contract proposal;
● preparing and sending a bill/invoice for the services you use with us;
● to provide you with the comprehensive service you require and to collect amounts due for the services you use;
● retaining correspondence in relation to orders placed, processing requests, reporting problems etc.
● notification of anything relating to the services you use with us;
● customer history analysis;
● detect and/or prevent unlawful acts or acts contrary to our terms and conditions for the relevant services;
Data we process on this basis:
On the basis of the contract concluded between us and you, we process information about the type and content of the contractual relationship as well as any other information related to the contractual relationship, including:
● personal contact data – contact address, email, telephone number;
● Identification data – full name, unique national or foreign identity number, gender, age group, permanent address;
● details of orders placed;
● correspondence relating to the overall service – emails, letters, information about your troubleshooting requests, complaints, requests, complaints, feedback we receive from you;
● credit or debit card information, bank account number or other banking and payment information in relation to payments made;
● credit rating;
o other information such as:
● Customer number, code or other identifier created for identification;
● IP address when visiting our website;
● Demographic information;
● Social networking account details;
● Information from your actions on the website.
The processing of the above personal data is mandatory for us to be able to conclude the contract with you and perform it. Without you providing us with the aforementioned data, we would not be able to fulfil our contractual obligations.
We provide personal data to third parties
We provide your personal data to third parties as our main aim is to offer you a quality, fast and comprehensive service. We do not provide your personal data to third parties until we are satisfied that all technical and organisational measures have been taken to protect that data and we aim to implement strict controls to fulfil this purpose. In this case, we remain responsible for the confidentiality and security of your data.
We provide personal data to the following categories of recipients (data controllers):
● postal operators and courier companies;
● credit agency companies, for the purposes of initial and ongoing credit assessment;
● persons who, on commission, maintain equipment, software and hardware used for processing personal data and necessary for the company’s activities
● persons providing consultancy services in various fields.
When we delete data collected on this basis
We delete the data collected on this basis 5 years after termination of the contractual relationship, whether due to expiry of the contract, termination or any other reason. The time limit is determined by the 5-year limitation period for possible contractual claims.
FOR THE IMPLEMENTATION OF REGULATORY OBLIGATIONS
There may be a legal obligation for us to process your personal data. In these cases we are obliged to carry out the processing, such as:
● Obligations under the Anti-Money Laundering Act;
● Performance of obligations in relation to distance selling, off-premises selling provided for in the Consumer Protection Act;
● Provision of information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;
● Provision of information to the Commission for the Protection of Personal Data in relation to obligations provided for in data protection legislation;
● Obligations provided for in the Accounting Act and the Tax and Social Security Procedure Code and other related regulations in connection with the keeping of lawful accounting records;
● Provision of information to the court and third parties in the context of court proceedings, in accordance with the requirements of the regulations applicable to the proceedings;
● Verification of age when shopping online.
When we delete personal data collected on this basis
We delete data collected pursuant to an obligation imposed by law once the obligation to collect and store has been fulfilled or has ceased. For example:
● under the Accounting Act for the storage and processing of accounting data (11 years),
● obligations to provide information to the court, competent state authorities and other grounds provided for in current legislation (5 years).
Provision of data to 3rd parties
Where we are legally obliged to do so, it is possible for us to provide your personal data to the competent state authority, individual or legal entity.
WITH YOUR CONSENT
We process your personal data on this basis only after your explicit, unambiguous and voluntary consent. We do not foresee any adverse consequences for you if you refuse the processing of personal data.
Consent is a separate basis for processing your personal data and the purpose of the processing is set out therein, and is not covered by the purposes listed in this policy. If you give us the relevant consent and until you withdraw it or terminate any contractual relationship with you, we make product/service suggestions that are appropriate for you by carrying out detailed analyses of your basic personal data;
Detailed analytics is a method of performing analysis that enables the processing of large volumes of data through statistical models and algorithms and others that involve the use of personal data, as well as processes of pseudonymizing and anonymizing the same, in order to extract information about trends and various statistical indicators.
Data we process on this basis:
We only process data on this basis for which you have given us your explicit consent. The specific data is determined on a case-by-case basis. Typically this data is name, email address, other address, telephone number, gender, age group, interests.
Provision of data to third parties
On this basis we may provide your data to marketing agencies, Facebook, Google, YouTube or other similar platforms.
Withdrawal of consent
Consents provided may be withdrawn at any time. Withdrawal of consent has no impact on the performance of contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we will not use your personal data and information for the purposes set out above. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to withdrawal.
To withdraw consent you need only use our website or simply our contact details.
When we delete data collected on this basis
We delete data collected on this basis at your request or 12 months after it was originally collected.
PROCESSING OF ANONYMISED DATA
We process your data for static purposes, that is, for analyses in which the results are only aggregated and the data are therefore anonymised. It is impossible to identify a specific person from this information.
Your data can also be anonymised. Anonymisation is an alternative to data deletion. In the case of anonymisation, all personally identifiable elements/elements that allow you to be identified are irreversibly deleted. There is no legal obligation to erase anonymised data as it does not constitute personal data.
How we protect your personal data
To ensure adequate protection of the company’s and its customers’ data, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.
The company has established rules to prevent misuse and security breaches and has appointed a Data Protection Officer to assist in the processes of protecting and securing your data.
In order to maximize the security of the processing, transmission and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.
Personal data we have received from 3rd parties
We receive personal data from the following 3rd parties: names, email address, other address, telephone number, gender, age group, interests.
Rights of Users
Each User of the website enjoys all the rights for the protection of personal data under Bulgarian and European Union law.
The user can exercise their rights by using the contact form or by sending a message to our email.
Each User is entitled to:
● Information (in relation to the processing of their personal data by the controller);
● Access to their own personal data;
● Rectification (if the data is inaccurate);
● Erasure of personal data (right to be forgotten);
● Restriction of processing by the controller or processor;
● Portability of personal data between controllers;
● Objection to the processing of personal data;
● The data subject shall also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her;
● The right to a judicial or administrative remedy where the data subject’s rights have been violated.
The user may request deletion if one of the following conditions applies:
● The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
● The user withdraws his/her consent on which the processing is based and there is no other legal basis for the processing;
● The data user objects to the processing and there are no legitimate grounds for the processing which override;
● The personal data has been unlawfully processed;
● The personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
● The personal data have been collected in connection with the provision of information society services to children and consent has been given by the person having parental responsibility for the child.
The user has the right to restrict the processing of his/her personal data by the controller when:
● Contests the accuracy of the personal data. In this case, the restriction of the processing shall be for a period that allows the controller to verify the accuracy of the personal data;
● The processing is unlawful, but the User does not wish the personal data to be erased, but requests instead the restriction of its use;
● The controller no longer needs the personal data for the purposes of the processing, but the User requires it for the establishment, exercise or defence of legal claims;
● Objects to the processing pending verification whether the controller’s legitimate grounds override the interests of the User.
Right to portability.
The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format and shall have the right to transfer those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent or a contractual obligation and the processing is carried out by automated means. When exercising his or her right to data portability, the data subject shall also have the right to obtain a direct transfer of the personal data from one controller to another where this is technically feasible.
Right to object.
Users have the right to object to the controller to the processing of their personal data. The controller shall be obliged to terminate the processing unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. If you object to the processing of personal data for direct marketing purposes, the processing shall cease immediately.
Complaint to the supervisory authority
Every User has the right to lodge a complaint against unlawful processing of his/her personal data with the Data Protection Commission or the competent court.
Maintenance of a register
We maintain a register of the processing activities for which we are responsible. This register contains all the information listed below:
● The name and contact details of the controller
● The purposes of the processing;
● A description of the categories of data subjects and the categories of personal data;
● The categories of recipients to whom the personal data have been or will be disclosed,
● Including recipients in third countries or international organisations;
● Where possible, the envisaged erasure periods for the different categories of data;
● Where possible, a general description of technical and organisational security measures.
