Privacy and Personal Data Protection Policy
“Natstim” EOOD is a trading company with UIC 131082822, with its registered office and registered address: Sofia 1407, Lozenets region, 47 Cherni vrah Blvd., fl. 4; e-mail: firstname.lastname@example.org. “Natstim” EOOD. is the owner of the Natstim brand and the website of the online store: www.natstim.eu.
With this Privacy and Personal Data Protection Policy, “Natstim” EOOD (hereinafter referred to as Administrator) takes into account the privacy and makes efforts for protection against unauthorized processing of personal data of individuals.
I. Terms used
“Personal data” means any information by which an individual can be identified, such as name, identification number, location data, online identifier, or by one or more attributes specific to the physical, physiological, genetic, psychological, mental, economic, cultural or social identity of that individual.
“Processing” means any operation or set of operations performed with personal data or a set of personal data, by automatic or other means, such as collection, recording, organizing, structuring, storing, adapting or modifying, extracting, consulting, using, disclosing through transmission, dissemination or otherwise making the data accessible, arranging or combining, limiting, deleting or destroying them.
“Administrator” means a natural or legal entity, public authority, agency or other structure that alone or jointly with other structures determines the purposes and means of the processing of personal data. In this case, the personal data administartor is “Natstim” EOOD.
II. Categories of personal data processed by the Administrator
- Personal data provided by users of the Site using the contact form (https://natstim.eu/en/contact-us/), the subscription form for our newsletter, and when making a purchase (https://natstim.eu/en/order/) – name, surname, e-mail address, telephone number, postal address;
- When you place an order on the administrator’s online store site, the administrator’s web server automatically recognizes and collects your IP address. This address is attributed by your internet service provider and does not personally identify you;
- Information about a representative (legal representative or proxy) of a current or potential client – legal entity;
- Financial information (bank account);
- The administrator may process data prepared and generated by him in the process of providing and performing the services:
5.1. Information about visits and use of the Site;
5.2. Data on the used terminal electronic device, type of device, operating system used, regional location;
5.3. Data used for statistical purposes;
5.4. Data from established communication with current or potential customers, satisfaction with the provided products and services (requests, complaints, recommendations, etc.);
5.5. Data obtained during performance of obligations arising from regulatory acts (data resulting from inquiries, regulations, investigative bodies, tax offices, courts, etc.).
In order to ensure the good performance of the services and the provision of products of the highest quality, the administrator has the right to process any information that is available in public registers (including public database and data published on the Internet), as well as information obtained from third parties for the purpose of implementing legal provisions regarding customers.
The Administrator has the right and obligation to verify the accuracy of personal data provided, and for this purpose he requires his clients to verify them and, if necessary, to correct them. This can be done via email or phone call.
III. Purposes of processing your personal data
The personal information you provide is processed and used for:
- fulfillment of the order you have made, including for establishing direct contact with you in case of questions about the order or delivery;
- marketing purposes related to the products of the administrator (dissemination of information about promotions, etc.), with your explicit consent;
- improvement of the services provided by the administrator;
- administration of and response to your complaints/inquiries/claims;
- repayment of amounts and goods; replacement of products;
- issuing, sending and receiving electronic invoices and other electronic documents;
- debt payment, management of debt collection;
- sharing of important information regarding changes in company policy and other administrative information;
- management and administration of payments.
The processing of your personal data (name, address, phone) is a prerequisite for placing an order on the Administrator’s website. This processing is regulated in Chapter II, Article 6, item b) of Regulation (EU) 2016/679 of the European Parliament and of the Council dated 27 April 2016 (GDPR). When placing an order on the Administrator’s site, you automatically agree to submit your personal data for processing by the Administrator.
IV. Third-party categories that access your personal information
The persons who access your personal data are:
- transport/courier companies, postal operators for the reason of fulfilling our contractual obligations;
- banks servicing payments made to and from clients (please consider whether this remains!);
- persons who, by assignment by the Administrator, maintain the functioning of the Site, as well as the equipment and software used by the Administrator, including for processing of your personal data;
- persons performing consulting services for the benefit of the Administrator, in different fields – lawyers, accountants;
- bodies, institutions and persons to whom we are obliged to provide personal data under the current legislation.
If we transfer data to third parties, we guarantee, through contractual agreements, that these service providers process personal data in accordance with the European data protection legislation to ensure a high level of protection.
V. Your rights and capabilities regarding the processing of your personal data
You have certain rights according to the applicable legislation regarding the personal data that we store about you. You can exercise them at any time by contacting “Natstim” EOOD.
- You are entitled to request access to and obtain information regarding personal data stored about you, as well as information regarding the purposes of the processing, categories of personal data, recipients to whom your personal data may be disclosed, etc.;
- At any time, you have the right to request the correction of inaccurate data referring to you, as well as the completion of incomplete data, if appropriate and/or necessary for the purpose for which the data are processed;
- At any time, you may withdraw your consent to the use of your personal data that you have previously provided. In this case, the withdrawal of your consent to the use or processing of your personal data may result to your inability to use the services we provide;
- If you feel like you do not want „Natstim” EOOD to process your personal data, you have the right to be “forgotten”, i.e. you may at any time ask for your personal data to be deleted;
- In a number of cases, you have the right to request restriction in your personal data processing instead of their deleting;
- You have the right to object to the processing of your personal data for direct marketing and advertising purposes in the future by withdrawing your consent at any time. To do this, you may send an email requesting termination of the use of your data for direct marketing purposes;
- The right to object to „Natstim” EOOD against the processing of your personal data in the presence of a legal reason for that;
- You have the right to file a claim directly with the supervisory authority, the competent authority for which is the Commission for Personal Data Protection, address: 1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd. (www.cpdp.bg).
In case you wish to file a complaint about your personal data processing with the Administrator, you may do it by using the contact details above.
You may exercise all of these listed rights by submitting a free-of-charge written application to the following email address: email@example.com, sent from your registration email address. Responsibility for all actions performed on behalf of a registered user by using his/her username and password is borne by the person whose details are specified in the client account. „Natstim” EOOD is not responsible for unauthorized use of your client account by third parties.
The application is absolutely free. The deadline for examining the application is one month from the date of receipt of the application.
In case a subject wish to be “forgotten” and his/her personal data to be deleted, this is an irreversible process and cannot be recovered afterwards!
In the cases of exercising the rights under Art. 17 of GDPR above, „Natstim” EOOD deletes only the personal data of the subject, but not publicly available publications that the data subject has made in forums, comments on posts and articles on sites, posts and blogs related to the products of „Natstim” EOOD.
VI. Deadline for storing personal data
The period for storing your personal data depends on the processing purposes for which they were collected:
- Personal data processed for the purpose of concluding/amending and executing contracts between the Administrator and clients or a company represented by the client – for the duration of the contract and until the final settlement of all financial relations between the parties. “Natstim” EOOD may store some personal data for a longer period of time until the expiration of the relevant statute of limitations for the purpose of protection in case of any claims by clients in connection with the execution/termination of contracts with the Administrator, as well as for a longer period in a case of a legal dispute that has already been arisen until its final settlement by a court/arbitration award.
- Personal data processed for the purpose of issuing accounting/financial documents for exercising tax and social security control, as well as but not only – invoices, debit notes, credit notices, delivery protocols, service contracts and sale of goods shall be kept for at least 10 years after the statute of limitations has expired, unless the applicable law provides for a longer period.
- Personal data processed for direct marketing purposes – until the explicit withdrawal of the given consent or receipt of objection for the processing of personal data for direct marketing.
VII. How we protect your data
We make a serious effort to ensure the security of our website. The information you provide to us is protected by SSL (Secure Sockets Layer) technology. SSL is a standard method of encrypting personal data so that they can be transferred securely to the Internet.
Maintaining the confidentiality and security of your personal information is of paramount importance to us. We only give access to it to those employees who need it to fulfill their job and to enable our services to be provided to you. We have established confidentiality obligations for our employees. We will keep your information confidential, except where disclosure is required by law or for technical purposes.
We store your personal information for as long as it is necessary to ensure the efficient performance of our services. Generally, we store your personal data for as long as your account exists or until you explicitly wish the data to be deleted. Information provided and collected about you will not be sold or made available for use by third parties without your personal consent.
We make every possible effort to protect your personal information. However, there may be security breaches in the transmission of data over the Internet and therefore full security cannot be guaranteed.
VIII. Useful information
More information on personal data protection is available on the website of the Commission for Personal Data Protection: https://www.cpdp.bg/?p=element&aid=1115
Last updated: 01.09.2019