My cart

Your shopping cart is empty

Privacy Policy

2023-07-14T15:15:10+03:00

Privacy Policy

‘’SCRAPBOOKY’’ Ltd

(Notice Regarding the Processing of Personal Data)

 

Personal Data Administrator:

1. Name: ‘’SCRAPBOOKY’’ Ltd

2. UIC / BULSTAT: 207414002

3. Headquarters and management address: Bulgaria, Sofia 1839, kv. Vrazhdebna, ul.2,  No. 17A

4. E-mail: scrapbookyshop@gmail.com

5. Web-site: www.scrapbooky.net

 

Scrapbooky LTD (hereinafter referred to as ‘’the Company’’ or ‘’the Administrator) performs its activity in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016, on the protection of physical persons in relation to the processing of personal data (‘’General Data Protection Regulation’’ or ‘’the Regulation’’). This Privacy Policy (‘’Privacy Policy’’ or ‘’the Policy’’) aims to inform each Client (as defined below) of the Company regarding the processing of data that identifies or may identify the specific Client.

For the purposes of this Policy, ‘’Client’’ refers to any individual who is a party to a contract with the Company for the purchase and sale of goods, as well as any individual who has expressed a willingness to enter into pre-contractual relations with the Administrator and/or is a user of the online store www.scrapbooky.net, accessible on the Internet at the electronic address: www.scrapbooky.net, as well as a director, manager, representative, agent, employee, partner, shareholder, actual owner, or a legal entity, or other legal entity utilizing the online store.

1. What personal data do we process?


As a personal data administrator, the Company processes the following categories of personal data of the Clients:
      

  ·        Physical identitynames, personal identification number (UCN), address, phone number, e-mail address;

·       Economic identity – information about bank account number.

The personal data is collected by the Administrator from the individuals to whom it relates.

 

 2. How do we collect personal data?

We collect personal data in the following ways:

·        During the registration process on the website of the online store and when using the online store without registration.

·        During correspondence with the Client, which may include communication in written form, including electronic and oral communication.

·        Through ‘’cookies’’ when using or browsing our website.

In some cases, we may also collect information from third parties or from public sources. Our website collects data in log files. This information includes data about your IP address, internet service provider, browser used, your operating system, when you visited our website, and the visited pages.

Our website uses ‘’cookies’’. Cookies are small files containing information that the website sends to the visitor’s browser. The browser stores this information in a text file on the user’s device. They help us improve the functionality of our website for you. More information about the use of cookies can be found in our Cookie Policy, published on the website of the online store: www.scrapbooky.com

 

3. Do we process special categories of personal data?

The Company does not process special categories of personal data of the Clients.

 

4. For what purposes we process personal data?

The Company processes personal data of Clients for the following purposes:

·        Providing information and assistance requested by you

·        Individualization and contacting clients and actual owners

·        Carrying out all activities related to the existence, modification, and termination of the relationship between the Company and the Client

·        Offering and promoting additional services

·        Compliance with regulatory requirements

·        Providing protection in the event of a dispute and cooperation with regulatory authorities to the extent required by law.

If we do not process these personal data, we may not be able to provide you with our services or the requested assistance.

5. On what legal basis we process personal data?

The personal data of Clients is collected, processed, and used based on several legal grounds for processing:

·        For contract performance or for entering into pre-contractual relations

·        For compliance with a legal obligation applicable to the Company

·        For the purposes of the legitimate interests pursued by the Company or a third party, when the rights and interests of the data subjects do not override those interests – for resolving disputes; for the prevention, detection, investigation of fraud, violations, or other unlawful behaviour; for the establishment, exercise, or defense of legal claims;

·        Under the conditions of voluntarily given consent when required by applicable legislation

 

6. For how long do we store personal data?

The Company stores personal data during the contractual relationship and until the settlement of the contractual obligations, as well as during a transitional period (e.g., for compliance with obligations related to archiving and retention of accounting data). If legal or other proceedings are initiated, personal data may be stored until the conclusion of such proceedings, including any potential appeal periods, and then will be erased or archived as permitted by applicable legislation. Specifically, various media containing accounting and tax information that includes personal data are retained for a period of 10 years, from January 1st of the reporting period following the reporting period to which they relate.

In cases where your personal data is obtained and processed based on your consent, we will only process your personal data to the extent that we have your consent to process it.

 

7. Who do we share personal data with? Do we disclose personal data to third parties?

The Company may, at its own discretion, disclose part or all of the personal data to data processors for the purposes of processing, in compliance with the requirements of the Regulation.

The Company shares personal data with:

·        Third parties - service providers engaged by us to perform functions or activities on our behalf;

·        Third parties - regulatory authorities, tax authorities, financial authorities, judicial, administrative, and law enforcement authorities, all in accordance with applicable law.

This list is not exhaustive, and there may be other lawful purposes for storing, disclosing, or otherwise processing your personal data.

The Company notifies the data subject in the event of an intention to transfer part or all of their personal data to third countries or international organizations.

8. Is personal data protected?

The Company ensures and maintains appropriate technical and organizational measures to protect personal data against unauthorized access or unlawful use of personal data and/or against their accidental loss, alteration, disclosure, access and/or damage or copying. These measures are designed to provide ongoing protection and integrity of personal data. The Company regularly reassesses the measures to achieve a constant level of data security.

 

9. Do we perform automated decision-making?

The Company does not engage in automated decision-making with data.

 

10. What are the rights of the Customers regarding personal data protection?

Each Customer has the right to exercise the following rights by submitting a written request to the Company.

·       Withdrawal of consent for personal data processing

When the processing of a Customer’s personal data is based on the Customer’s consent, the Customer has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on the consent before its withdrawal.

·       Right of access

Each Customer has the right to obtain confirmation from the Company whether their personal data is being processed by the Company. This includes the right to access personal data and the right to receive a free copy of the data (except in cases of excessive or repetitive requests), unless otherwise provided in applicable data protection regulations. Additionally, the Customer has the right to be provided with a description of the essential information related to the processing of their personal data.

The Company provides the Customer with a free copy of their personal data that is being processed, but reserves the right to impose an administrative fee in cases of repetitiveness or excessive requests.

·       Right of rectification

Each Customer has the right to correct or request the Company to promptly correct any inaccurate, incomplete, or outdated personal data relating to them.

·       Right to erasure (Right to be forgotten)

Each Customer has the right to request the Company to erase their personal data without undue delay when one of the following grounds applies:

(i) the personal data is no longer necessary for the purposes for which it was collected or otherwise processed.

(ii) the Customer withdraws their consent on which the processing of their data is based, and there is no other legal ground for the processing.

(iii) the Customer objects to the processing, as described below.

(iv) the Customer’s personal data has been unlawfully processed, or

(v) the Erasure of the Customer’s personal data is required to comply with a legal obligation under EU law, the law of a Member State, or the law of another country.

(vi) the personal data has been collected in relation to the offer of information society services.

 

The Company may refuse to erase the Customer’s personal data to the extent that their processing is necessary:

(i) for exercising the right to freedom of expression and information;

(ii) for compliance with a legal obligation that requires processing under EU law or the law of a Member State applicable to the Administrator or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Administrator

(iii) for reasons of public interest in the area of public health;

(iv) for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes;

(v) for the establishment, exercise, or defense of legal claims

 

·       Right of restriction of processing

Each Customer has the right to request the Company to restrict the processing of their personal data in the following cases:

(i) when they contest the accuracy of the personal data as provided by the Customer and processed by the Company (the restriction is for a specific period that allows the Company to verify the accuracy of the personal data).

(ii) when the processing is unlawful, but the Customer does not want their personal data to be erased and instead requests the restriction of their use

(iii) when the Company no longer needs the personal data for the purposes of processing, but the Customer requires them for the establishment, exercise, or defense of legal claims

(iv) when the Customer has objected to the processing, and is awaiting the Company’s verification of whether the Company’s legitimate grounds for processing the personal data override the interests of the Customer

 

·       Right to object

Each Customer has the right, at any time and based on grounds relating to their particular situation, to object to the processing of personal data concerning them. The Customer may exercise this right solely with regard to the processing of their personal data carried out by the Company for the purposes of the Company’s legitimate interests. If the objection is valid, the Company will cease processing the personal data of the objecting Customer, unless the Company demonstrates compelling legitimate grounds for the processing that override the interests of the Customer.

 

·       Right to data portability

This right includes the following possibilities:

(i) to receive personal data in a structured, commonly used, and machine-readable format for transferring it to another administrator, or

(ii) to have personal data transferred directly to another administrator, if technically feasible

 

·       Right to lodge a complaint

Each Customer has the right to lodge a complaint regarding the processing of their personal data by the Company to the Commission for Personal Data Protection, which is the competent supervisory authority.

 

Commission for Personal Data Protection

Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria

Phone: +359 2 91 53 519

Fax: +359 2 91 53 525

Email: kzld@cpdp.bg

Website: www.cpdp.bg

 

11. What happens in case of changes?

In the event of a substantial change in the way the Company processes personal data of Customers and/or in the types of personal data processed, and/or in any other aspect covered by this notice, the Company will promptly notify Customers of the respective change by issuing and providing an updated version of the notice.

We use cookies to ensure that our website works well for you, respecting all rules and good practices for the privacy of your personal data. Agreement page