Zarimex ltd, UIC 121535135, having its domicile and registered office at: Bulgaria, Sofia, 1 “Osmi Dekemvri” blvd., VAT № BG121535135, tel .: +359 883 31 44 88, applies in its commercial relations with the Clients these General Terms and Conditions and is referred to in this text for short " Merchant "or" Administrator "or “Data collector”.
I. Legal basis
- personal data are processed lawfully, fairly and transparently. The user voluntarily gives his consent for the processing of personal data provided by him in the process of registering an account or placing an order on the website of Zarimex Ltd., www.zarimex.eu, by checking the appropriate box;
- personal data are collected for specific, explicit and legitimate purposes and are not submitted to additional processing in a manner incompatible with such purposes. The processing of personal data for advertising and marketing purposes is done only with the voluntary consent of the user and can be terminated at any time at his request from the profile editing menu;
- personal data are proportionate to, related to and not exceeding the scope of the purposes for which they are being processed; In order to create a user profile, the client fills in names, phone number, e-mail address. In order to fulfill the customer's orders, together with the data from his registration, other data are also collected: delivery address, names and telephone number of the recipient (if it is another person), IP-address from which the order was made, financial data;
- each user is obliged to monitor the accuracy of the personal data he provides and, if necessary, to keep them up to date. Zarimex's website allows each user to see his personal data and if necessary to submit a request for correction. The administrator undertakes to review and execute the request without undue delay and in any case within one month of receiving it. Exceptions are cases where an error has been made in the request, the filled in data is invalid or there is a suspicion of unscrupulous attempt to falsify data;
- personal data are maintained in a form that enables identification of respective individuals for a period not exceeding the time necessary for the purposes for which such data are being processed. All personal data provided by the user are kept for up to 24 months from his last identification on the website of Zarimex Ltd., if he does not wish to terminate his registration earlier. The term is determined in view of convenience for the user and providing an opportunity for full use of his/her profile on our website www.zarimex.eu;
- personal data are processed in a way that ensures an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures. All server-client connections are made only through an encrypted connection using the https protocol. You can get more information about the SSL certificate on www.zarimex.eu at any time by clicking in the URL field of your web browser;
- the right to delete ("right to be forgotten") personal data that are processed illegally or with a revoked legal basis. Each user has the right at any time to request the deletion of his user profile and all related personal data. The administrator is obliged to consider and execute the request without undue delay and in any case within one month of receiving the request. The user may be denied deletion of his user profile and related personal data for the establishment, exercise or protection of legal claims, in cases where he has unfulfilled commitments regarding orders placed by him, which within the meaning of the CPA are contracts from a distance. Such commitments may be unpaid payments (both for the value of the goods and for courier services), unreceived or wrongfully refused goods, made at the request of the customer.
- right of data portability - the data owner has the right to receive the personal data, which affect him and which he has provided to the Administrator, in a structured, widely used and machine-readable format.
II. Policy Objectives
This Policy aims for the Administrator to:
- comply with applicable personal data legislation and follow established good practices;
- establish the mechanisms for keeping, maintaining and protecting the accounting registers;
- establish the obligations of the officials processing personal data and / or the persons who have access to personal data and work under the direction of the processors of personal data, their responsibility in case of non-fulfillment of these obligations;
- protects the rights of staff, customers and partners;
- be sincere how stores and protects the personal data of individuals;
- establish the necessary technical and organizational measures to protect personal data from unlawful processing (accidental or unlawful destruction, accidental loss of illegal access, alteration or dissemination, as well as all other illegal forms of personal data processing);
- be protected at the risk of infringements.
III. Scope of policy
This Policy applies to the processing of personal data of employees, managers, customers, suppliers, contractors, business contacts and other individuals with whom the Administrator has a relationship, wants to establish business contact or are users of the online store “Gift me” .
IV. Collection of personal data
Personal data is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data. Personal data that has been de-identified, encrypted or pseudonymised but can be used to re-identify a person remains personal data and falls within the scope of the GDPR.
Purposes of data collection
The data controller collects personal data in connection with the fulfillment of the following purposes:
1. For implementation of activities related to the conclusion, existence, amendment and termination of contractual legal relations, incl.:
- preparation of any documents;
- to establish contact with the contact person by phone, e-mail or in any other lawful manner;
- for delivery and / or acceptance of goods / services, for communication in connection with the provision and / or receipt of goods / services and for the provision of related customer service;
- for keeping accounting in connection with the performance of contracts to which the Administrator is a party;
- for processing payments in connection with the contracts concluded by the Administrator;
- to send important information to the subjects in connection with changes in the rules, conditions and policies of the Administrator and / or other administrative information;
2. For marketing purposes - after obtaining the explicit consent of the personal data subjects;
3. For statistical purposes.
The personal data for each person are provided voluntarily by the persons themselves and are collected by the Administrator in fulfillment of a normative obligation, in connection with the conclusion of a contract and / or fulfillment of obligations under a contract in accordance with the Commercial Law, the Accounting Act, the Obligations Act. and contracts, the Value Added Tax Act, etc. and the conditions specified in a commercial contract with the respective client through:
- paper - written documents (including letters of attorney, contracts, arrest notices, bank information, etc.),
- by e-mail - provided in connection with the implementation of a commercial contract and / or by filling in a registration form.
V. Processing of personal data
The processing of personal data means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction; The administrator collects and uses personal information for better understanding the needs and interests of customers and to offer better service. In addition to the information that customers provide, Zarimex Ltd. may also collect information during a user session in the online store through automatic information collection tools, which include cookies, links, pages and other commonly used information collection tools. The data and personal information provided by users are used by Zarimex Ltd. for order management, delivery of products and services, payment processing, communication with users about orders, products, services and promotional offers, product and service recommendations. The information that Zarimex Ltd. collects in order to understand the needs and interests of its customers helps to make the visit of each user consistent and personalized.
For example: The administrator can use the user's personal data to:
- help with filling an order;
- informs about products or services;
- provide services and support;
- notifications of new services or other benefits;
- provide personalized promotional offers;
- select content to be shown to the user.
The data provided by users are: name, surname, delivery address, e-mail address and telephone number, name of the recipient of the order (delivery address, telephone number), and financial data. A series of data is collected in an automatic module from Zarimex Ltd. system, such as the Internet Protocol (IP) address; login; e-mail address; connection methods, such as browser type and operating system version; data that is sometimes combined with similar information collected from other customers in order to create features such as "Last viewed"; URL (Uniform Resource Locator) full time (including date and time), number of cookies; visualized or searched products; as well as any telephone number used to contact our operators.
We at Zarimex Ltd. highly value the privacy of our clients. All data required during the order process are confidential and are not provided to third parties. The only exception is the provision of delivery data to the courier company such as name, telephone, e-mail address, delivery address. The data may also be provided if required legally by the police, the prosecution or the investigation services. If you have questions about your personal data or want to change something in them, you can contact the team of Zarimex Ltd. through the online contact form or by phone +359 883 31 44 88.
When the person's requests are manifestly unfounded or excessive, in particular because of their recurrence, the Administrator may either: - charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the requested action, or - refuse to take actions on the request.
VI. Registration and security of the user profile
Registration. In the online store www.zarimex.eu the user can order as a guest or via registration. When registering, users use many advantages such as remembering the entered data for turnkey use, remembering the orders they have made, accumulating bonuses and receiving discounts, etc. Upon registration, the user undertakes to provide accurate, true and complete information about himself, as well as to update it in a timely manner so as to keep it accurate, true and complete. Through the registration form the Administrator collects the following type of information:
- personal: e-mail, name, surname, phone number.
- non-personal: the browser you use, IP address, operating system, device type, etc.
The information is used by Zarimex for communication by phone or e-mail.
Account security. Zarimex Ltd. recommends to its clients to use complex passwords and to keep the confidentiality of the username and password in order to avoid unauthorized access. Each time a user accesses an account, the user assumes responsibility for all actions that will be performed when using the site through this account. By using the site, users agree to take all necessary measures that the security of the password will not be disclosed by third parties. If the user has doubts about unauthorized use or misuse of the account, it is necessary to immediately inform the Administrator.
VII. Breach. Notification of personal data breach
Violation of data security occurs when the personal data for which Zarimex Ltd. is responsible is affected, as a result of which the confidentiality, availability or integrity of personal data is violated. In this sense, a data breach occurs when there is a security breach leading to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of data that is transmitted, stored or otherwise processed.
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. 2Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
The administrator shall document any of personal data security breach, including the facts related to the breach, its consequences and the actions taken to manage it.
VIII. Destruction policy
After the expiration of the storage period, the information carriers (paper or technical), which are not subject to transfer to the National Archive Fund, may be destroyed. After the end of the storage period, the data are destroyed as soon as possible by destroying the paper media by shredding, and the technical media - by deleting the relevant files from the computers of the Company.
IX. Additional provisions
For the purposes of these internal rules:
1. "Personal data administrator" is "Zarimex Ltd. - a limited liability company with UIC 121535135.
Date of last revision: 16.05.2018