CONFIDENTIALITY AND PERSONAL DATA PROTECTION POLICY
Information about the company processing your data:
Name: RRAYTRON GROUP LTD
UIC / BULSTAT: 131186415
Headquarters and address of management: Sofia, 22 Makedonia Blvd.
Address for correspondence: Sofia 1527, 3, Hristo Kovachev str
Phone: 0899188870, +359 2 9433647
Information about the competent supervisory authority on the protection of personal data
Name: Commission for Personal Data Protection
Headquarters and address of management: Sofia 1592, "Prof. 2 Tsvetan Lazarov
Address for correspondence: Sofia 1592, "Prof. 2 Tsvetan Lazarov
Phone: 02 915 3 518
RAYTRON GROUP Ltd. (hereinafter referred to as Administrator or the Company) operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data. This information is intended to inform you of all aspects of the processing of your personal data by the Company and the rights you have in relation to such processing.
Reason for collecting, processing and storing your personal data
Art. 1. The administrator collects and processes your personal data in connection with the use of the electronic shop 4Controlshop.eu and concluding contracts with the company on the grounds of Art. 6, para. 1, Regulation (EC) 2016/679 (GDPR), and in particular on the following grounds:
Explicitly received consent from you as a customer;
Execution of the obligations of the Administrator under contract with you;
Compliance with a statutory duty applicable to the Administrator;
For the purposes of the legitimate interests of the Administrator or a third party;
Goals and principles of collecting, processing and storing your personal data
Art. 2. (1) We collect and process the personal data you provide to us in connection with the use of the e-shop and the conclusion of a contract with the Company, including for the following purposes:
creating an account and providing full functionality in using the online store;
concluding and executing a distance contract;
individualisation of a party to the contract;
protection of information security;
ensuring the implementation of the service provision contract.
Sending a newsletter at your request;
(2) We comply with the following principles when processing your personal data:
lawfulness, good faith and transparency;
limitation of processing goals;
relevance to processing goals and minimization of data collection;
accuracy and timeliness of the data;
restriction of storage in order to achieve the objectives;
integrity and confidentiality of the processing, and ensuring an adequate level of security of personal data.
(3) When processing and storing personal data, the Administrator may process and store personal data to protect its legitimate interests:
fulfilling its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal authorities.
What kind of personal data collects, processes and stores our company
Art. 3. (1) The Company carries out the following operations with the personal data you provide for the following purposes:
Registration of an e-shop user and execution of a distance-purchase contract - the purpose of this operation is to create an account for the use of the e-shop for the purchase of goods and the provision of contact details for the delivery of purchased goods. Registering and creating an account for using the online store is not a mandatory step in providing the service and it is accessible to a significant extent without creating an account.
Conclusion of the impact assessment: Based on the impact assessment carried out, the operation "Registration of an e-shop user and the execution of a distance-purchase contract" is permissible for performance and provides sufficient guarantees to protect the rights and legitimate interests of the entities data in accordance with GDPR requirements.
Conclusion and execution of a trade deal with a client or a partner - the purpose of this operation is to conclude and execute a contract with a commercial partner or client and its administration. Given the limited scope of personal data collected and the fact that part of it is collected from publicly available sources, it is not necessary to carry out an impact assessment on the operation of an impact assessment.
Send newsletter (newsletter) - the purpose of this operation is to administer the sending process
Exercise of a right of withdrawal or claim - the purpose of this operation is to administer the process of exercising the right of withdrawal or claim by the client. Given the limited scope of personal data collected, an impact assessment is not required to carry out an impact assessment of the operation.
(2) The administrator shall process the following categories of personal data and information for the following purposes and on the following grounds:
Your individualizable data (email, name, etc.)
Purpose for which data is collected:
1) Making a contact with the user and sending information to him,
2) For the purpose of registering a user in the online shop, and
3) For sending a newsletter.
Reason for processing your personal data – By accepting the terms and conditions and registering in the online store or placing an order without registration or upon entering into a written agreement between the Administrator and you, a contractual relationship is created on which we process your personal data . 6, para. 1, b. (b) GDPR. Your data for submitting a newsletter is processed at your explicit consent - Art. 6, para. 1, b. (s) GDPR.
Delivery details (names, telephone, address, etc.)
Purpose for which data is collected: Execution of obligations of the administrator under a contract for purchase and sale of purchased goods.
Reason for processing your personal data - By accepting the terms and conditions and registering in the online store or placing an order without registration or upon entering into a written agreement between the Administrator and you, a contractual relationship is created on which we process your personal data . 6, para. 1, b. (b) GDPR.
Additional data provided by you - If you want to add your profile, you can fill in the name, surname, phone number.
Goal for which data is collected: Adding user information to his / her user account.
Grounds for processing the data: You have given explicit consent to the processing of his / her personal data for one or more specific purposes - 6, para. 1, b. (a) of GDPR at the time of registration in the online store. The provision of this data is not required for registration in the online store.
(3) The administrator does not collect or process any personal data related to the following:
reveal racial or ethnic origin;
reveal political, religious or philosophical beliefs, or membership of trade unions;
genetic and biometric data, health data, or data on sexual life or sexual orientation.
(4) The personal data are collected by the Administrator from the persons to whom they refer.
(5) The Company does not make automated decision making with data.
Art. 4. (1) The Company carries out the following operations with the personal data provided by you as legal representatives or proxies of legal persons-trading partners, for the following purposes:
Conclusion and execution of a commercial transaction: For the conclusion and execution of a commercial transaction with a trading company, we process only the full names of the legal representative or the person authorized by the company. Conclusion of the Impact Assessment: Given the small volume of data processed and the limited amount of personal data collected, an impact assessment is not necessary for the current operation.
(2) The personal data are collected by the Administrator from the persons to whom they refer also from the Commercial Register to the Registry Agency.
(3) The Company does not make automated decision making with data.
Art. 5. The administrator can use the so-called Cookies for the purpose of providing full functionality to the website, improving user experience, statistical purposes, facilitated access, etc. that you agree to using our website. You can control and/or delete cookies at any time through the settings of your browser. Cookies are not personal data and are not used to identify visitors and users of the e-shop.
Term of storage of your personal data
Art. 6. (1) The administrator keeps your personal data for no longer than the existence of your online store account. After deleting your account, the Administrator takes the necessary care to erase and destroy all your data without unnecessary delay or to anonymize them (ie to bring them in a form that does not reveal your personality).
(2) The Administrator processes your personal data that you provided when ordering without registration in the online store until the order is completed unless you have given your explicit consent to the processing of your data to be processed for the purpose of improving the service, providing recommended content for you, individual terms, promotions, and for statistical purposes.
(3) The Administrator shall store your personal data provided in connection with online orders for a period of 5 years for the purpose of protecting the legal interests of the Administrator in legal or administrative disputes with online shoppers.
(4) The Administrator shall notify you, in case the data retention period is required to be extended in order to comply with a statutory obligation or in view of the legitimate interests of the Administrator or otherwise.
(5) The administrator keeps the personal data that he / she needs to keep under the applicable law for the relevant term, which may exceed the lifetime of your e-shop account or the completion of the order.
Art. 7. The administrator keeps the personal data of the legal representatives of its trading partners for the duration of the contract, for observing the legitimate interests and legal obligations of the Administrator, which may exceed the term of the concluded contract.
Transmission of your personal data for processing
Art. 8. (1) The administrator may, at its own discretion, transmit all or part of your personal data to processor personal data for the fulfillment of the processing purposes you have agreed to, subject to the requirements of Regulation (EC) 2016/679 (GDPR) .
(2) The Administrator notifies you, in the event of intention, to transfer part or all of your personal data to third countries or international organizations.
Your rights in collecting, processing and storing your personal data
Withdrawal of consent to process your personal data
Art. 9. (1) If you do not want your personal data to be processed for marketing purposes and receive a newsletter, you may at any time withdraw your consent for processing by completing the withdrawal form in Appendix 1 or by request in free text, and send it to us by email.
(2) Once we have received your request, we will send you the email you have provided to receive newsletters and advertising messages, a letter with detailed instructions for your verification as a recipient of newsletters and a person subject to the withdrawal of consent .
(3) Withdrawal of consent does not affect the lawfulness of the processing of personal data that the Administrator has performed so far.
Right of access
Art. 10. (1) You have the right to request and obtain from the Administrator a confirmation that personal data relating to you is being processed by submitting a request in free text by email.
(2) You have the right to access data relating to you as well as information relating to the collection, processing and storage of your personal data.
(3) Once we receive your request, we will send you a letter with detailed instructions for your verification as the subject of the personal data that you have been requested to send to the email you used to register or place orders in the e-shop.
(4) After the verification, according to para. 3, the Administrator provides you with a copy of the processed personal data relating to you on request in electronic or other appropriate form.
(5) The provision of access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repeatability or excessive demand.
Right of adjustment or replenishment
Art. 11. (1) You may at any time correct or fill in inaccurate or incomplete personal data relating to you through the "Edit Account" option.
(2) You may correct or fill in the inaccurate or incomplete personal data relating to you directly through your website profile or by sending a request to the Administrator by email using the form in Appendix 4 or a free text request.
Right to delete ("to be forgotten")
Art. 12. (1) You have the right to ask the Administrator to delete any or all personal data related to you and the Administrator has the obligation to delete them without undue delay when any of the following reasons exists:
personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
You withdraw your consent on which the processing of the data is based and there is no other legal basis for the processing;
You object to the processing of personal data related to you, including for the purposes of direct marketing, and there are no legitimate grounds for processing that have an advantage;
personal data has been tampered with;
personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the Administrator;
personal data were gathered in connection with the provision of information society services.
(2) The administrator is not obliged to delete the personal data if he / she keeps them and processes them:
for the exercise of the right to freedom of expression and the right to information;
to comply with a legal obligation that requires treatment provided for under EU law or the law of the Member State that applies to the Administrator or for the performance of a public interest task or the exercise of official authority;
for reasons of public interest in the field of public health;
for purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;
for the establishment, exercise or protection of legal claims.
(3) In order to exercise your right to be forgotten, you must email your request to delete your personal data that the Administrator processes by completing the form in Attachment 2 or by free text request, then the Administrator will send to the email you used to register or place orders in the e-shop, a letter with detailed instructions for your verification as a shop user, and the subject of the requested personal data.
(4) Once we have verified the identity of the person making the request and the person to whom the data relate in accordance with your instructions, we will delete all data we process for you in accordance with par. 3.
(5) If there is an order you are currently processing, the earliest point at which you can ask to be "forgotten" is when you successfully complete your order.
Right of limitation
Art. 13. You have the right to require the Administrator to limit the processing of your related data by sending us a request in free text by email when:
question the accuracy of personal data for a period that allows the Administrator to verify the accuracy of the personal data;
processing is illegal, but you do not want to delete your personal data, just use it;
The administrator no longer requires personal data for the purpose of processing, but you require them to identify, exercise or protect your legal claims;
You have reproached the proceedings pending verification that the legal grounds of the Administrator have an advantage over your interests.
(2) Once we receive your request, we will send you the email that you used to register or place orders in the e-shop, a letter with detailed instructions for your verification as a shop user and subject of the requested personal data to limit processing.
(3) After the verification under para. 2, the Company will stop processing your data, but will not remove the posts you made in the online store, if any.
Right of portability
Art. 14. (1) If you have consented to the processing of your personal data or processing is necessary for the performance of the agreement with the Administrator, or if your data is processed in an automated manner, you may:
ask the Administrator to provide you with your personal data in a readable format and transfer it to another Administrator;
ask the Administrator to directly transfer your personal data to an administrator you provide when it is technically feasible.
(2) You may exercise the right of portability by sending us by e-mail a completed form according to Appendix 3 or a request in free text, after which the Administrator will send a letter to the email you used to register or place orders in the e-shop detailed instructions for your verification as a shop user and a subject of the personal data for which a request for portability is requested.
(3) After the verification under para. 2, the Company sends the data it processes for you in XML format to the email you specify.
Right to receive information
Art. 15. You may request the Administrator to inform you of all recipients to whom the personal data for which the correction, deletion or limitation of the processing was requested has been disclosed. The administrator may refuse to provide this information if this would not be possible or would require disproportionate effort.
Right of objection
Art. 16. You may at any time object to the processing of personal data by the Administrator that relates to it, including whether it is being processed for profiling or direct marketing purposes.
Your rights in violation of the security of your personal data
Art. 17. (1) If the Administrator detects a breach of the security of your personal data that may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the breach and of the measures taken or to be taken .
(2) The administrator is not obliged to notify you if:
has taken appropriate technical and organizational safeguards in respect of the data affected by the security breach;
has subsequently taken measures to ensure that the violation will not lead to a high risk for your rights;
notification would require disproportionate efforts.
Individuals to whom your personal information is provided
Art. 18. (1) For the purpose of processing your personal data and providing the service in its full functionality and in view of your interests, the Administrator may provide the data to the following processors:
Processing personal data
Purpose of the processing of personal data
Nikolay Stoyanov - Execution of orders and for marketing purposes
(2) The personal data processors shall comply with all legal and security requirements for the processing and storage of your personal data.
Art. 19. The administrator does not transfer your data to third countries.
Art. 20. In case of violation of your rights under the above or applicable data protection laws, you have the right to file a complaint with the Personal Data Protection Commission as follows:
Name: Commission for Personal Data Protection.
Headquarters and address of management: Sofia 1592, "Prof. 2 Tsvetan Lazarov
Address for correspondence: Sofia 1592, "Prof. 2 Tsvetan Lazarov
Phone: 02 915 3 518
Art. 21. You may exercise all of your rights to protect your personal data through the forms enclosed with this information. Of course, these forms are not mandatory and you can make your claim in any form that contains a statement about it and identifies you as the data holder.
Art. 22. If the consent relates to a transfer, the Administrator shall describe the possible risks for the transfer of data to third countries in the absence of a decision on adequate protection and appropriate remedies.