Privacy Policy
Information about the personal data administrator
V M SHOP EOOD is a company registered in the Trade registry of the Registration Agency with EIK 20547061 with headquarters and management address city of Sofia, quarter Lozenetz, 16-20 “Golo Bardo” str, ent. A, floor 2, ap. 6, phone: +359 877 039 390; e-mail: sales@topoutlet.bg
We are processing Your personal data on the following grounds:
- The agreement between You and us so that we can deliver on our commitments according to the same;
- Your consent - the purpose is mentioned in each relevant case
- Under legal commitments by the law
In the following lines You can find information about the processing of Your personal data according to the grounds, on which we are processing it.
FOR THE EXECUTION OF A CONTRACT OR IN THE CONTEXT OF PRELIMINARY RELATIONSHIPS.
We are processing Your personal data in order to comply with our contractual or preliminary commitments and to adhere to the rights according to the agreements concluded with You.
Grounds for the processing:
- Identifying Your identity;
- Management and execution of Your order and applying an existing agreement;
- Preparation and mailing of a bill/invoice for the services You have received by us;
- Conserving the correspondence in relation to orders made, management of requests, reporting of issues and so on.
- Preparation of a Customer profile;
On the grounds of the agreement between You and us, we are processing information about the type and the content of the contract, as well as all other type of information related to the agreement including:
- Personal contact data – contact address, email, telephone number
- Identification data – three names, PIN or identification number for foreigners, permanent address;
- Information about orders made via the Customer’s profile
- Emails, letters, information on Your requests for the resolution of issues, plaintiffs, claims and disputes;
- Information about the debit/credit card, bank account number or other payment or bank information related to the payments made.
Processing the abovementioned personal data for us is a prerequisite in order to be able to reach an agreement with You and to execute it.
We share Your personal data with thirds parties, aiming to offer You fast, quality and complex services.
We share personal data to the following categories of recipients (personal data administrators)
- Post operators and delivery companies;
- Consultants in various fields.
All data collected on these grounds is erased 5 years after the contract has expired, independent of the reason of the contract termination – expiration or other reasons. The 5-year-perdio is conditioned by the 5-year period for possible claims under the contract conditions.
COMPLIANCE WITH LEGAL REQUIREMENTS
It is possible that the law has imposed on us the requirement to process Your personal data. In these cases, we are obligated to proceed with the processing, as for example:
- Obligations according to the Anti money laundering law;
- Obligations related to trading from a distance outside the market location, according to the Law for the protection of the consumers;
- Providing information to the Commission for the protection of the consumers and third parties, according to the legal framework for the protection of personal data;
- Obligations related to the Accounting Law and the Code of taxation and social benefits, as well as other legal documents related to the correct and legal accounting;
- Providing information to the court and to third parties in relation of a legal case, according to the requirements of the applicable legal acts;
- Age identification during shopping on-line.
Data collected according to the legal prescription, is erased after the requirement for the collection and preservation is completed or expires. For example:
- According to the Code for accounting preservation and processing of accounting data ( 11 years)
- Obligations to provide information to the court, competent institutions and other legal grounds envisioned in the same legislation ( 5 years)
- In case we are obligated by the law, it is possible that we share your personal data with the competent state agency, physical or juridical person.
AFTER YOUR CONSENT
We are processing Your personal data on these grounds only after explicit, clear and voluntary consent provided by You. We are not applying any negative consequences on You, in case you refuse the processing of personal data.
Your consent is a separate ground on which Your data can be processed and the purpose of this processing is mentioned in it and is not covered by the purposes listed this policy. If You provide us with the relevant consent, until the time in which You withdraw it or until all contractual relations are terminated, we will prepare for You appropriate offers for products/services.
On these grounds we are processing only the data for which we have Your explicit consent. The exact data is determined in relation to the precise case. Usually your data includes:
- E-mail;
- Phone number;
- Address;
- names;
On these grounds we can share Your data with marketing agencies and third parties.
All provided consent can be withdrawn at any time. Withdrawing the consent does not affect in any way the execution of the contract commitments. If you withdraw Your consent for the processing of your personal data for some or for all of the above-mentioned means, we shall not use Your data and information for the purposes stated above.
Data collected on these grounds is erased due to Your request or after 1 year of the initial collection.
PROCESSING OF ANOUNIMOUS DATA
We are processing Your data for statistics purposes, which would mean analysis in which the results are only summarizing and thus the data is anonymous. Identifying a specific person from this information is impossible.
How do we protect your data
In order to provide an adequate protection of the company data and the customer’s data, we are applying all necessary organizational and technical measures, envisioned by the GDPR legislation.
In order to ensure max security during processing, transferring or conservation of Your data, it is possible that we use additional mechanisms for protections such as encoding, pseudonymization and so on.
Rights of the Customers
Each Customer of the site is entitled to all the rights for protection of personal data according to the Bulgarian legislation and the EC law.
Each Customer has the right to:
- Be informed (in relation to the processing of his personal data by the administrator)
- Access his own personal data;
- Corrections (in case data is incorrect)
- Limiting the processing by the administrator or by the processor of the personal data;
- Transferability of the personal data among administrators;
- Disapproval of the processing of his own personal data;
- The subject of the data has also the right not the be a subject of a decision based only on automatic processing, including profilin which causes legal consequences for the subject of the data and in a similar way concerns him to a great extent.
- The right of legal or administrative protection in case the rights of the subject have been violated.
The Customer can request erasing if some of the following conditions are present:
- The personal data is no longer necessary for the purposes, for which the same have been collected or have been processed in another way
- The Customer withdraws his consent on the grounds of which is based the processing and no other grounds is applicable for the processing.
- The Customer opposes the processing of the data and no other legal grounds are present which have priority;
- The personal data has been used illegally.
- The personal data has to be deleted in order to apply the legal requirement according to the EC legislation and the rights of country members, which is applied on the administrator,
- The persona data was collected in relation to services of the informed society of children and the consent was given by the parent with custody rights over the child.
The Customer has the right to limit the processing of his personal data by the administrator when:
- Disputes the exactness of the personal data. In this case limiting the processing is for a period which allows the administrator to check the correctness of the personal data;
- The processing is illegal, but the Customer does not want the data to be erased, but instead requests limitation of its usage;
- The administrator no longer needs the personal data for the purposes of the processing, but the Customer requests them in order to be able to establish, exercise or ensure legal claims;
- Disputes their processing while waiting for a control whether the legal grounds of the administrator prevail the interests of the Customer.
Transferrability right
The subject of the data has the right to receive the personal data which concerns him and which has been provided to the administrator by him, in a structured, widely used and machine-readable format and has the right to transfer this data to another administrator without any obstructions on behalf of the administrator to whom the data has been provided, when the processing is done in an automatic way. When exercising the transferability right, the subject of the data has the right to receive also a direct transfer of the data from one administrator to another, when this is technically feasible.
Objection right
The Customers have the right to object in front of the administrator against the processing of their personal data. The administrator of the personal data is obligated to interrupt the processing unless he is able to prove that there are convincing legal grounds for the processing, which prevail over the interests, the rights and the freedoms of the subject of the data, or for the establishment, exercise or the protection of legal claims. In case of an objection against processing of personal data for the purposes of direct marketing, the processing had to be terminated immediately.
Claim to the controlling body
Each Customer has the right to send a claim for illegal processing of his personal data to the Commission for the protection of personal data and the competent court.
Registration and identification
The trader identifies the Customers of the site by conserving log-files on the server of the Site.
The trader has the right to collect and use information about the Customers on the grounds and for the purposes of the execution of the Agreement met by the parties under the general conditions. The information through which the person can be identified, could include personal data shared in the general conditions, as well as all other information provided voluntarily by the person during the registration. The information includes all other information, which the Customer inserts, uses or provides when using the services.
Registration on the site can be done only by persons over 16 years old. During the registration, the person checks a box by which he declares to have computed 16 years of age.
The trader makes sure and is responsible for the protection of the information of the Customer, provided to him in relation to the registration, except in cases of insuperable force, incident or damaging actions by third parties.
In the registration form filled out by the Customer at the moment of the registration, the trader indicates the obligatory or the voluntary nature of the data provided as well as information about the consequences in case of refusal to provide them.
The trader can reveal personal data to third parties only in the cases allowed by the law and under the conditions indicated by the law or after an explicit consent by the Customers.
The Customer can register by filling out the electronic registration form, available online on the Internet site of the trader, and to give his consent with the General conditions.
By clicking the virtual buttons “Registration” or with a similar text, which has the power of a written confirmation of the General conditions, the Customer makes an electronic statement according to the Law of the electronic document and the electronic signature, by which he declares that he has read the General conditions, accepts them and is obligated to follow them. The trader can keep in his log-files on his server, the IP address of the Customer, as well as all other information necessary for his identification and for recovering his electronic statement for accepting the General conditions in case of a legal dispute. The text of the General conditions is accessible on the Internet site of the Trader in a way which allows for its preservation and recovery.
When filling out the declaration of the registration, the Customer is obligated to provide full and correct data in relation to his identity (for physical persons), legal status ( for juridical persons) and the other required by the trader data in the form, as well as to update them within 7 (seven) days after changes occur. The Customer declares to agree to provide all personal data, guaranteeing that all information provided during the registration process are correct, complete, and exact and in case of any changes, the trader is to be timely informed. In case of incorrect data, the trader has the right to terminate or to immediately stop, without any notice, the services provided as well as the maintenance of the Customer’s registration.
During the registration the Customer receives a unique User name, which can be the email of the Customer indicated by him or data about the Customer from the social networks or identification services by third parties, and a password for the services provided through the website.
The Customer can manage his User profile through the site, through his profile.
The User name, with which the Customer gets registered, does not grant him any other rights besides the ones the specifically indicated in the present conditions.
The registering person as a representative of the juridic person, is obligated to insert his entire name and address, respectively the name of the juridic person which he is representing.
The Customer is obligated to make sure and take all possible precautions in order to protect his password, as well as not to share his password with third parties and to inform immediately the Trader in case of an unauthorized access, as well as in case of doubt or possibility this event has occurred. He is responsible and takes the risk to preserve the password as well as for all activities, undertaken by him or by third parties using his password.