0
Your Cart
0
Your Cart

Privacy policy

Policy for the protection of personal data of natural persons

This document contains the Policy for the Protection of Personal Data of Individuals (“Policy”) and is related to the General Terms of Use of our site. It is an integral part of these general terms and conditions and aims to preserve the rights and obligations regarding the processing of personal data, as well as to provide clear information to our users about this process. Also, the Policy explains what personal data we collect, how we process it, for what purpose and how we ensure its security. When changes to the Policy occur, they will be posted on our site.

Date of entry into force: 07 June 2024.
Date of last update: June 10, 2024.

Maintaining your privacy is extremely important to us. This Privacy Policy explains what personal data we collect from you during our interactions and how we use it.

Responsibility for the processing of personal data

THE BEACH TOWELS EOOD , Unified Identification Code (UIC): 207807895, with headquarters and address of management: Bulgaria, City of Sofia, represented by Simona Dimitrova Ivanova (hereinafter referred to as “We”, “online store”, “Site”, “administrator”) is responsible for the processing of data, including personal data, related to the information we collect or receive during your visit to the site www.thebeachtowels.com or when making a purchase through it. Also, this policy applies to your visits to our Facebook page, viewing of video material on Youtube and/or other sharing sites. It also applies to cases where you voluntarily provide personal data on-site at our store or office.

THE BEACH TOWELS EOOD processes personal data from inquiries made by you for marketing and advertising purposes, for profiling, participation in games, promotions and raffles organized by us, as well as for other purposes not contrary to law. When processing personal data, we comply with all applicable personal data protection laws, including but not limited to Regulation (EU) 2016/679 (“Regulation”) and the Personal Data Protection Act.

Scope of the Policy

This Policy applies to all our customers – natural persons who use our services by ordering from the site or making inquiries (hereinafter referred to as “data subjects”, “users”).

All partners and third parties who work with or for THE BEACH TOWELS EOOD and who have or may have access to personal data should familiarize themselves with, understand and comply with this policy. No third party may have access to personal data held by us without first entering into a data confidentiality agreement, which imposes on the third party corresponding obligations no less onerous than those undertaken by us. In the event of a breach of the agreement, the matter will be referred to the relevant government authorities for consideration.

This policy applies to all our employees and stakeholders, as well as to external suppliers of products and services with whom THE BEACH TOWELS EOOD has concluded contracts. Any violation of the General Regulation will be considered as a violation of labor discipline, resp. such as non-fulfillment of contracts with partners, and in case there is an assumption of a crime committed, the matter will be submitted for examination in the shortest possible time to the relevant state authorities.

The “Cookie Policy” adopted and published on the Site applies to Site visitors who do not place orders or send inquiries, but only browse our website.

DEFINITIONS

“Regulation” – The General Data Protection Regulation 2016/679 of April 27, 2016, known as GDPR. The purpose of this European legislation is to protect the “rights and freedoms” of individuals and to ensure that personal data is not processed without their knowledge and consent, where applicable.

“Personal data” – any information relating to an identified natural person or an identifiable natural person (“data subject”). An identifiable natural person is an individual who can be identified directly or indirectly through an identifier such as a name, identification number, location data, online identifier or through other characteristics specific to the physical, physiological, genetic, mental, mental, economic, cultural or social identity of that natural person.

“Special categories of personal data” – personal data that reveal racial or ethnic origin, political views, religious or philosophical beliefs, trade union membership and processing of genetic data, biometric data for the unique identification of a natural person, health data or data about the sex life and sexual orientation of an individual.

“Processing” – any operation or set of operations performed on personal data by automatic or other means, such as collection, recording, organization, structuring, storage, adaptation, modification, retrieval, consultation, use, disclosure by transmission, distribution or other way in which the data is made available, arranged or combined, restricted, deleted or destroyed.

“Administrator” – any natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of personal data processing. Where the purposes and means of processing are determined by EU law or the law of a Member State, the controller or the special criteria for its determination may be established in Union law or in the law of a Member State.

“Data subject” – any living natural person who is the subject of personal data stored by the administrator.

“Consent of the data subject” – any free, specific, informed and unequivocally expressed desire of the data subject, expressed by a statement or a clear affirmative action, by which he gives his consent to the processing of his personal data related to him.

“Child” – The General Regulations define a child as anyone under the age of 16 years. The processing of a child’s personal data is only lawful if a parent or guardian has given consent. The administrator makes reasonable efforts to verify in such cases that the holder of parental responsibility for the child has given or is authorized to give consent.

“Profiling” – any automated processing of personal data, through which such data is used to assess specific characteristics of a natural person related to the performance of his professional duties, and more specifically to analyze or predict his economic status, health, personal preferences, interests, reliability, behavior, location or movement;

“Breach of personal data security” – a situation where there is an accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed;

“Recipient” – natural or legal person, public body, agency or other structure to which personal data is disclosed, regardless of whether they are third parties or not. However, public authorities that receive personal data in the context of a specific investigation under Union law or the law of a Member State are not considered “recipients”; the processing of this data by these public authorities is carried out according to the applicable data protection rules in accordance with the purposes of the processing;

“Third party” – any natural or legal person, public body, agency or other body, with the exception of the data subject, the controller and processor of personal data and the persons who, under the direct supervision of the controller or processor of personal data, have the right to process personal data.

PRINCIPLES:

When collecting and processing personal data, we are guided by the following principles: compliance with the law, good faith, transparency; limitation of objectives; data minimization; accuracy; storage limitation; integrity and confidentiality; accountability.

ENTITIES WHOSE DATA WE PROCESS:

In connection with its activity THE BEACH TOWELS EOOD concludes and executes contracts for purchase and sale at a distance, considers job applications and proposals, accepts forms for exercising the rights of users-buyers, as well as processes requests of data subjects, responds of inquiries, issues and receives invoices, processes statistical data, manages a user panel on the site, carries out advertising activities through advertising campaigns (promotions, games and others). In the framework of these activities THE BEACH TOWELS EOOD processes information about the following Data Subjects:

a) Individuals who use the site without registration by not providing personal data (in this case we process data, but not personal) and individuals who use the site without registration by voluntarily providing a limited number of personal data (e.g. telephone number and /or email address).

b) Natural persons registered as users of the site – in these cases we process data about the user that he/she provided during registration – email address (e-mail), delivery address, names, billing data, details of orders and other data entered by the user.

c) Individuals who have sent inquiries (including by calling), requests, initiatives, signals, complaints or other correspondence to us, including through the site, telephone, e-mail or otherwise.

d) Natural persons whose data are contained in inquiries (including through calls), requests, initiatives, signals, complaints or other correspondence sent to us.

e) Natural persons with whom we conclude contracts (civil, including commercial or employment, especially distance contracts), electronically (via the site or social networks, as well as by means of electronic correspondence) or on-site at our office or business premises.

PERSONAL DATA WE PROCESS

Depending on the reason for the processing of personal data, the type of such data may differ. The functionalities provided on the Site are not intended for storage and processing of special categories of data within the meaning of Art. 9 and Art. 10 of the Regulation. (NB! Read Art. 9 and Art. 10 – of the Regulation here – https://eur-lex.europa.eu/legal-content/BG/TXT/HTML/?uri=CELEX:32016R0679&from=BG). We only require such personal data as are necessary for us to provide the activity/service/product requested from us. In the course of using the site by individuals, we may also process other data that do not contain personal data, but relate to the subject, such as his IP address, data on his activity on the site, etc. similar.

Data provided when placing an order:

In order to fulfill the distance contract (order) concluded between you and THE BEACH TOWELS EOOD, we need certain information from you. You independently decide whether and how to use the possibilities of concluding a distance sales contract provided through the Site or the Facebook page. In the forms where personal data is entered, we clearly indicate whether the provision of the data is mandatory or voluntary. Mandatory data are those without which it is impossible to conclude the relevant contract. This includes: names, email address, delivery address, contact telephone number, payment information (e.g. bank account), invoicing details, including TIN if you wish to invoice an individual.

Data provided when registering on the Site:

If you have decided to store information about you on the Site by registering a profile, we store the above data, as well as the history of orders made by each account registered on the Site. The requested data matches those required when ordering. In addition to these, we also process the IP address, activity data (time and date of registration, acceptance of the Privacy Policy and General Terms and Conditions, account login, etc.).

Data provided when concluding other contracts:

In cases where THE BEACH TOWELS EOOD concludes other contracts with individuals other than distance selling, we require you to provide three names, social security number, address and email address.

Data provided by, through and on other websites and applications, referred to as third parties:

In certain cases, you may share information with social networks or use their sites to create your profile or link your profile on our website with the relevant social network. In such connection, the social network may provide us with automatic access to certain personal information that they have collected about you (for example, the content you view, content preferences and information about the advertisements you have been shown or clicked on, etc.) . By linking your social network profile to your account on our website, you grant us permission to access your personal data processed by the relevant social network and to collect, use and retain this information in accordance with this Privacy Policy. This association of a social network profile with a registration on our website takes place if you click on a link provided to create a Registration on our website by engaging in social media, thereby you voluntarily establish a connection with the relevant social media site. In case you choose to register on our site through any social network, we may process your data such as names, phone number, email, gender, marital status, age, photo, education, place of birth, place of residence and other data that you have provided to these platforms and which are visible to us if you enter them on our site.

In case you provide personal data to THE BEACH TOWELS EOOD via WhatsApp, Facebook Messenger, Telegram, Viber, Signal, WeChat, Skype, iMessage, Google Chat, Slack or any other platform / social network, we inform you that these platforms / websites / social networks have their own privacy policies and that we are not responsible for those policies to the extent that their processing cannot be controlled by THE BEACH TOWELS EOOD. In this context, we recommend that you check these policies before submitting your personal data to us through these websites/applications.

Data provided when publishing a comment, review, publication:

When leaving comments on our site, we collect the information you provided in the comment form, as well as the visitor’s IP address and browser user agent string to help detect spam.

An anonymized hash created from your email address may be provided to the Gravatar service to verify that you are using it. After your comment is approved, your profile picture is visible to the public in the context of your comment.

When uploading images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included to prevent website visitors from downloading and extracting location data.

If you leave a comment on our site, you can choose to save your name, email address and website in cookies for your convenience so that you don’t have to fill in your details again when you leave another comment. These cookies will be saved for one year.

When you visit our login page, we set a temporary cookie to determine if your browser accepts cookies, which is deleted when you close your browser.

When you sign in, we also set a few cookies to save your login information and screen display choices. Login cookies last for two days and screen options cookies for one year. If you select the “Remember me” option, your login will last for two weeks. When you log out of your account, login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie does not include personal data and simply shows the publication ID of the article you have edited. Expires in one day.

For more information about the cookies used on the site, please visit the “Cookie Policy” page.

If you leave a post or comment on this website, your IP address will be saved, along with your names if you have entered them. This is done for the safety of the website operator. In case of violation of the law with the text of the comment, the operator would like to be able to trace your identity. In addition, THE BEACH TOWELS EOOD has an obligation to store this data (referred to as “traffic”) for certain periods and for certain purposes specified below. Due to the fact that sending comments, inquiries and other messages to the site, the Facebook page/group or their administrators constitutes sending an electronic statement, according to the Law on Electronic Document and Electronic Authentication Services (ZEDEUU), the administrator has an obligation to maintain logs of the fact of sending the statement for a period of 1 year. The log contains the date of the statement, name and email address of the sender.

If you leave a comment, the comment and its metadata will be retained indefinitely so that we can automatically recognize and approve any subsequent comments, rather than holding them for moderation. Visitor comments can also be checked by an automated spam detection service.

For users who register on our website, we store the personal information they provide in their user profile. All users have the right to view, edit or delete their personal information at any time (except username). Website administrators also have the right to view and edit this information.

When we process data when concluding employment contracts and when evaluating and processing job applications, we require three names, social security number, address, age, gender, education data, work experience, bank data, and subsequently we also process health data. When processing resumes, we process names, address, e-mail address, age, gender, education, work experience, photo, data voluntarily provided by the candidate during an interview or in the resume.

When receiving correspondence, complaints and reports addressed to THE BEACH TOWELS EOOD, we store and process information such as names, email address, telephone number and address in order to resolve the submitted complaints, reports, disputes, inquiries, requests or other matters.

Due to the sending of comments, inquiries and other messages to our website, Facebook page or their administrators, this is considered to be sending an electronic statement, according to the Law on Electronic Document and Electronic Authentication Services (“EID”). For this reason, we have the obligation to maintain a log of the fact of sending the statement (without its content) for a period of 1 year. The log contains the date of the statement, the sender’s name and email address, and the sender’s identification.

If you provide personal information about someone else, you must do so only with that person’s authorization. You must inform him of how we collect, use, disclose and store personal information in accordance with this Individuals’ Personal Data Privacy Policy.

The technical data we collect during the use of the Site includes the following information:

• Device ID: This is a unique character that identifies the device you are using, such as a computer, phone, tablet, and more.

• Log data: This includes information that your browser automatically sends when you visit the website. This information includes the IP address of the device, the address of websites visited, searches, browser type and settings, date and time of the request, and cookie and device data.

• Location Information: If you have set your device to display location data, we may collect information about your location. However, please note that mobile devices give you the ability to control or disable the use of location services from any application on the device.

• Computer and connection information: This includes statistics about page views, IP address, site browsing history, language settings, date and time.

• Logs to facilitate searches: If you use the quick links feature, you can repeat previous searches without retyping them. This functionality is based on a cookie stored on your device that contains a randomly generated number. The site stores and displays the last 10 searches related to this browser, and when you log in to your account, you can save and use them.

Note that this information is used to improve the functionality and user experience of the Site and may be associated with your user profiles, if you have one. If you would like to receive more details about the information we collect, you can contact us using the contact form.

We collect various logs related to security, technical support, development and other aspects of the services provided by the site. These logs are required for the following purposes:

• Ensuring reliable operation of services and detection of technical problems.
• Ensuring the security of services and detecting malicious actions.
• Development and improvement of services on the site.
• Measurement of site attendance and usability.
• Compliance with legal obligations, for example keeping logs of electronic wills.
• User profile (account) login logs, which allow identifying and blocking unauthorized attempts to access user accounts. These logs are stored for up to 1 year and include information about date and time of account login, status, login method (via mobile version, app or desktop browser) and IP address.
• Server logs and logs of security protection devices (Web Application Firewalls), which help to identify technical problems and detect malicious actions. These logs are stored for up to 1 year and may contain information such as date and time, IP address, URL, browser and device information. Some of the devices may use cookie-based security technology.
• Cookies – we use cookies for the functioning of the Site. Details about the type of cookies, the term of their storage and use can be found in the Policy on the use of cookies.

We may reduce the amount of data we store and process according to the purposes of the processing to store less personal information where possible and adequate.

We do not require and will not collect personal data that discloses the following categories of information: racial or ethnic origin; political, religious or philosophical beliefs; membership in trade union organizations; genetic and biometric data; data on the state of health, as well as data on sex life or sexual orientation. If a subject himself, on his own initiative and desire, provides such categories of data, THE BEACH TOWELS EOOD will provide the same protection measures as provided for the requested personal data, but is not responsible for the provision of such data.

We do not transfer data to third countries and do not make automated decisions related to personal data. Also, we do not process data of persons under the age of 16, and if you are under the age of 16, you should not provide personal data to the site.

The main purpose for the processing of your personal data is related to the provision of services through the Site and social networks, including concluding a contract for distance sales and delivery of ordered goods and services, as well as revenue accounting. In addition, we use your personal information to provide and improve our services, to provide you with a personalized experience on the site, to contact you about your profile and our services, to provide you with customer service, to provide you with personalized advertising and marketing according to your interests, to carry out raffles and games organized by us, and in certain cases – to detect and investigate fraudulent or illegal activities.

THE BEACH TOWELS EOOD collects, uses and processes the information described above for the following purposes:

• Conclusion of contracts for the purchase and sale of goods/services at a distance between you and THE BEACH TOWELS EOOD through the Site or social networks. This includes collecting identification, contact and payment details so that we can enter into a contract with you and send you your order.

• Processing payments and preventing fraudulent transactions. In certain cases, we may transfer your data to third parties to perform these functions.

• Conclusion of employment contracts and processing and evaluation of submitted CVs for the purposes of staffing.

• Protection and enforcement of the legitimate interests of other users of the Services, third parties and the Site, which includes:
– Detection and resolution of technical or functionality problems, development and improvement of the purpose of the Site.
– Communication with you on important issues related to the services we provide and the performance of the concluded contracts.
– Providing personalized advertising and marketing tailored to your interests.
– Receiving and processing received signals, complaints, requests and other correspondence.
– Protection of the rights and legitimate interests of the Site and other site users and/or affected third parties.
– Administer the website and application and keep them secure and safe.
– Analyzing and improving the use of our website, app and retail.
– Measuring and analyzing our advertising and providing suggestions and recommendations based on the information you share with us.
– Communicating with you about your account and troubleshooting problems with your account. If necessary, we may use automated or pre-recorded calls and text messages to communicate more effectively with you.

In addition to the purposes described in the preceding texts, THE BEACH TOWELS EOOD also processes your personal information for the following purposes:

• Informing you about products and services about which you wish to receive information by e-mail, post, mobile phone and / or through other digital means, including social media platforms – only when we have received your express consent to do so.

• Registering your profile on the Website and maintaining and updating your profile (for example, changing your address or marketing preferences).

• Administration of all competitions, raffles and lottery-based games conducted by THE BEACH TOWELS EOOD.

• Provide location-based services such as advertising, search results and other personalized content.

• Fulfillment of legal obligations of THE BEACH TOWELS EOOD, which include:
– Fulfillment of obligations to preserve or provide information in view of the company’s tax-legal obligations towards the state, including on the basis of the Accounting Act and other tax laws.
– Fulfillment of obligations stipulated in the labor legislation, the registration of legal entities and other normative acts.
– Execution of orders from competent state or judicial authorities, as well as protection of the rights and legal interests of the company, including by court order.
– Fulfillment of obligations related to the Personal Data Protection Regulation, including notifying you of various circumstances related to your rights, the services provided or the protection of your data.
– Fulfillment of obligations provided for in the Consumer Protection Act, such as ensuring the right of refusal and the right of legal guarantee.

Your data may be processed on the basis of your express consent, and the processing in this case is specific and to the extent and scope provided for in the relevant consent. We normally require such consent from you when we wish to process your personal data without a legal obligation or legitimate interest for THE BEACH TOWELS EOOD. This is usually required when we want to offer you information about new promotions, products and other services.

Regarding the period of storage of your personal data, we adhere to the principle of storing data in a minimum volume and for no longer than is necessary for the provision of the Services, the execution of contracts, ensuring their security and reliability, as well as for fulfillment of legal requirements. Your personal information will be stored for a period necessary to achieve the purposes set forth in this “Personal Data Protection Policy”, unless there is a legal basis or legitimate interest to store it for a longer period.

Depending on the type of data and the purposes for which it is collected, there is a certain retention period, after which the information is permanently deleted.

Exceptions to the retention period rules:

Please note that we will not delete or anonymize your personal data if it is necessary for ongoing or pending judicial, administrative, arbitration, enforcement or complaint proceedings before us. The deletion of data will be carried out after the need for them ceases to exist, and it is possible that this will happen after the expiration of the periods indicated above.

You always have the right to request that we delete certain information or close your account, and we will respond to that request by retaining certain information, even after account termination, when such retention is required by applicable law or is based on legitimate interests. If we are legally required to, or if reasonably necessary to comply with regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms, we may also retain some of your personal information for a limited period of time, even after you have deleted Your profile.

In order to ensure the reliability of the services and prevent data loss for technical reasons, the Site applies a data redundancy policy. The maximum period for updating (deleting data) from all backups is 30 days.

Sharing of your personal data with third parties:

THE BEACH TOWELS EOOD, respectively the Site, does not provide your personal data to third parties, unless there is a legal basis for this – an obligation under law or contract, a legitimate or vital interest, or your consent. We aim to limit the personal data we disclose to a minimum, and this is always directly related and necessary to achieve the specified purpose. We do not sell, rent or otherwise disclose your personal information to third parties for their marketing and advertising purposes without your consent.

We guarantee that access to your data by third-party private legal entities takes place in accordance with the legal provisions in the field of data protection and information confidentiality, based on contracts concluded with them.

We may disclose your personal data where we are subject to a legal obligation. In certain cases, THE BEACH TOWELS EOOD is obliged to disclose your data to public authorities such as the police, prosecutor’s office, court, in connection with the prevention or detection of crimes or with your consent.

You should be aware that if we are asked by the police or any other regulatory or government authority investigating suspected illegal activities to provide your personal information or other information we obtain about you, we are entitled to do so after we are satisfied that the validity of the state authorities’ request.

When we receive sales revenue, we may be required by revenue authorities to provide sales data containing data from your orders, including personal data. In this regard, we provide your data to the accounting companies we work with.

It is the legal obligation of the Site and of THE BEACH TOWELS EOOD to protect the security of the networks and of the data processed by the company. In this regard, we implement a number of measures, the implementation of which may require the processing of your data by IT companies and persons who take care of security in our company.

We may have a contractual obligation to provide your data in the case of a distance sales contract concluded with you, by virtue of which we are obliged to provide the goods or services requested by you via courier. The same applies in case you have chosen to purchase, pay for a product or service from our Site through payment, credit or banking services to whose providers you personally share your data or entrust this to us. If you chose to insure a product/service during the purchase through the Site, your data is shared with the insurance companies through the order. If we install a purchased product through a subcontractor, we may provide your details to the subcontractor to perform the service/warranty service.

Our legitimate interest justifies the provision of personal data to third parties in certain cases. Such would be the situation when proceedings are initiated before the Commission for the Protection of Personal Data, the Commission for the Protection of Consumers and other bodies of state power. A legitimate interest exists for THE BEACH TOWELS EOOD also when we engage other companies and individuals to carry out certain tasks on our behalf, supplementing our services, within the framework of data processing contracts.

We may provide certain of your data – only with your express consent – to marketing/telemarketing service providers and other companies with whom we may develop joint programs to market our goods and services. The aim is to inform you about the best offers for the products/services you are interested in.

Please note that our website may contain links to third party websites. When you follow a link to any of these websites, please note that these websites have their own privacy policies and that we are not responsible for those policies. Before providing information to these websites, please check their privacy policies.

Embedded content from other websites:
Articles and products on our website may include embedded content from other websites, such as videos, images and articles. When you visit such embedded content, your conduct is governed by the privacy policy of the respective website.

Please note that other websites may collect data about you, use cookies and track your interaction with embedded content, even if you are logged into that website with a user profile. Although we optimize our site to protect personal data, we have no control over the activities of other websites and are not responsible for their privacy policies.

In particular, our site uses services provided by YouTube LLC, represented by Google Inc., to integrate videos. When you visit an embedded video, a “cookie” may be installed on your device and your IP address will be sent to YouTube. YouTube uses cookies to monitor your interaction with the videos, but if you are signed in to your YouTube profile, this information will be associated with your user profile. However, our YouTube videos are integrated in extended privacy mode (in this case, YouTube is still in contact with the DoubleClick service from Google, but personal data in accordance with Google’s privacy policy is not used). As a result, YouTube does not store any information about visitors unless you watch the video itself. If you click on the video, your IP address will be sent to YouTube and YouTube will know that you have watched the video. If you are logged in to YouTube through your user profile, this information will also be associated with your user profile (you can prevent this by logging out of YouTube before clicking on the video to watch it). We have no information about the possible collection and use of your data by YouTube. For more information, see YouTube’s Privacy Policy at: www.google.com/intl/bg/policies/privacy/
We have no access or control over this information.

Also, our site uses share/like/refer buttons associated with Facebook, Messenger, Whatsapp and Instagram (including apps like Boomerang) provided by Meta Platforms Inc. and Meta Platforms Ireland Limited – the full list can be seen here: www.facebook.com/help/111814505650678
For more information, see the Statement on the use of personal data of the given sites at: www.facebook.com/privacy/policy
When you use these buttons, information about you may be collected and processed by the respective websites, and your behavior is governed by their privacy policies.

Please, before using embedded content from other websites, review their privacy policies to understand what information is collected and processed by them. We are not responsible for the actions of other websites.

Payment details.
We may collect data necessary to process your payment if you make purchases, such as your payment instrument number (such as a credit card number) and the security code associated with your payment instrument.
All payment data is stored by Stripe.
All transactions are integrated using Stripe and subject to Stripe’s Terms of Use and Privacy Policy.
You can find the link(s) to their privacy statement here:

www.stripe.com/gb/privacy
www.stripe.com/payment-terms/legal

Please see their relevant Privacy Policies, Terms of Service additionally to this policy.

Our site may use share/refer buttons associated with Viber, represented by Rakuten Group, Inc. and Viber Media S.à rl
For more information, see the application’s Privacy Policy at: www.viber.com/en/terms/viber-privacy-policy/

TO WHICH COUNTRIES WE TRANSFER YOUR PERSONAL DATA

We currently store and process your personal data in Bulgaria.

However, it is possible that some of your personal data may be transferred to entities located in the European Union or outside it, including countries for which the European Commission has not recognized an adequate level of personal data protection.

We will always take steps to ensure that any international transfer of personal data is carefully managed to protect your rights and interests. Data transfers to service providers and other third parties will always be protected by contractual obligations and, where appropriate, by other safeguards such as standard contractual clauses issued by the European Commission or certification schemes such as Privacy Shield of personal data transferred from the EU to the United States of America.

You can contact us at any time using the contact details provided at the end of the Policy to find out which countries we transfer your data to and what safeguards we apply in relation to these data transfers.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

According to the General Data Protection Regulation, you have the following rights:

Right to information

This Policy aims to inform you in detail about the processing of your personal data in connection with the processing of your personal data. When there is a risk of a breach of the security of your personal data, the administrator is obliged to notify you of the nature of the breach and what measures have been taken to remedy it, as well as whether the supervisory authority has been notified of the breach. Also, the data subject may request information regarding all recipients to whom the personal data for which correction, erasure or restriction of processing is requested has been disclosed.

Right of access

You have the right to receive confirmation as to whether your personal data is being processed, access to it and information about how it is being processed and your rights in this regard. As a subject of personal data, you have the right to request confirmation of whether your personal data is being processed and, if so, to access your data and the following information: for what purpose data is processed, what personal data, data recipients, processing period . Access requests must be made in writing/electronically and addressed to the administrator. In this case, we provide a copy of the processed personal data in electronic or other appropriate form.

Right to rectification

You have the right to correct and supplement your personal data if they are incomplete or inaccurate. For registered users, this option is also valid in the user panel on the Site. Unregistered users can obtain this information by making a request to the administrator. As a personal data subject, you have the right to request the correction or completion of your personal data that is inaccurate/out-of-date or incomplete. For this purpose, you must submit a separate request. Your request will be answered by the administrator in writing to the email address you provided.

Right to erasure (right to be forgotten) and account closure

As a subject of personal data, you have the right to “be forgotten”, i.e. to request that your personal data be deleted without undue delay i.e. the controller to delete your personal data from all systems and records where it is stored, including notifying any third parties/processors of personal data to whom it has provided the data.

If you wish, you can close your account on the site at any time. This option is also valid in the user panel on the Site. After closing the account, all or part of the data is deleted. In connection with our obligations, responsibilities and requirements of the law (for example, ZEU or ZEDEUU), it is possible for us to store certain data for a certain period (see the section above).

In order to ensure the reliability of the services and to protect against data loss for technical reasons, the Site applies a data redundancy policy. The maximum period for updating (deleting data) from all backups is 30 days.

A request for deletion can be submitted on the grounds provided for in the Regulation, incl. in the presence of any of the following grounds:

– the personal data are no longer necessary for the purposes for which they were collected;

– when you have withdrawn your consent;

– when you have objected to the processing of personal data and there are no overriding legal grounds for the processing;

– when the processing is illegal;

– when the personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State that applies to the controller;

– when the personal data were collected in connection with the provision of information society services.

Please note that we may refuse to delete part or all of the personal data in cases where there is a substantial basis and/or legal obligation for their processing. You will be informed about this in due course. The administrator may refuse to delete the personal data on the grounds specified in the Regulation – when the processing of the specific data is for the purpose of:

– to exercise the right to freedom of expression and the right to information;

– to comply with a legal obligation that requires processing provided for in EU law or Member State law that applies to the Administrator or for the performance of a task in the public interest or in the exercise of official powers granted to him;

– for reasons of public interest in the field of public health;

– for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;

– for the establishment, exercise or defense of legal claims;

Right to restriction in relation to data processing

The General Data Protection Regulation provides for the possibility to restrict the processing of your personal data if there are grounds for this provided for in it. The limitation is allowed in the following cases:

– when you consider that your personal data is not accurate, in which case the limitation is for a period necessary for the administrator to verify the accuracy;

– when the processing of your personal data is illegal, but you do not want them to be deleted, but you only want to limit their use;

– when the administrator no longer needs your personal data for the purposes of processing, but you, as the data subject, require them for the establishment, exercise or defense of legal claims;

– when you have objected to the processing pending verification of whether the controller’s legitimate grounds prevail over your interests.

Right to notify third parties

If applicable, you have the right to request the Administrator of your personal data to notify the third parties, when he has provided your data, regarding the correction, deletion or restriction of the processing of your personal data.

Right to data portability

You have the right to receive the personal data concerning you that you have provided in a structured, widely used and machine-readable format and have the right to transfer this data to another controller without hindrance from us, in case the processing is based on consent or contractual obligation or the processing is carried out in an automated manner.

Important: The responsibility for the storage of data exported from the Site, as well as for all the consequences of providing them to other administrators, is entirely yours.

Right not to be subject to a decision based solely on automated processing

You have the right not to be subject to such automated processing, including profiling, which gives rise to legal consequences for you or similarly affects you to a significant extent, unless there are grounds for this provided for in the applicable personal data protection legislation and provided for adequate guarantees to protect your rights, freedoms and legitimate interests.

Right to withdraw consent

You have the right, at any time, to withdraw the consent you have given in connection with the processing of personal data based on your prior consent. Such withdrawal does not affect the lawfulness of the processing based on the consent given until the time of its withdrawal. In the case of services such as the subscription to e-mail announcements, for which the subscription is made on the basis of your wish (consent), the possibility of unsubscribing at any time (withdrawal of consent) is provided. In the event of withdrawal of consent, we have the right to request that the identity of the applicant be verified in order to establish the identity with the person to whom the data relates.

Right to object

You have the right to object to data processed on the basis of legitimate interest. In the event of such an objection, We will consider Your request and, if justified, We will comply with it. If we believe that there are compelling legal grounds for the processing or that it is necessary for the establishment, exercise or defense of legal claims, we will inform you of this.

Right of appeal to a supervisory authority

You have the right to lodge a complaint against our company (data controller) with the supervisory authority if you consider that the processing of personal data concerning you violates the applicable legislation on the protection of personal data. The supervisory authority in the Republic of Bulgaria is the Commission for the Protection of Personal Data with address: Bulgaria, Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., e-mail [email protected], Website: www.cpdp.bg, Contact phone: +359 2 91-53-519.

HOW YOU CAN EXERCISE YOUR RIGHTS. PRONUNCIATION DEADLINES

You have the right to exercise your rights related to personal data free of charge at any time. You can do so by e-mail or by request sent to the addresses indicated in the contact form on our website or at the end of this Privacy Policy. Requests must allow the requester to be identified.

It is possible to exercise some of your rights through technical capabilities, for example through an “Unsubscribe Button” to refuse to receive advertising messages.

The personal data administrator must respond to your request or express his opinion on the exercised right within one month of receiving it.

However, if you exercise your rights manifestly unreasonably or excessively, for example by repeating requests, the controller has the right to charge a reasonable fee. This fee will be determined taking into account the administrative costs associated with providing the information or communication or taking the requested action. It is also possible that the administrator refuses to act on your request. Before making a decision to impose a fee, the administrator will inform you of the existence and amount of one, if applicable.

PROTECTION OF YOUR RIGHTS AND HOW YOU CAN EXERCISE THEM

You have the right to exercise these rights free of charge at any time. To do so, you can send an email or request to the addresses we have provided in the contact form on our website or at the end of this Privacy Policy. When exercising these rights, please ensure that your identification is clear and matches your identity.

The deadline for a response to your request or exercised right is one month from its receipt.

However, if you exercise these rights manifestly unreasonably or excessively, a reasonable fee may be charged to cover the administrative costs of providing the information or communication or taking the requested action. In such a case, before we rule on your claim, we will notify you of our fees, if applicable.

ACCURACY OF INFORMATION

We take no responsibility for the accuracy of the data you provide, as we do not carry out checks in this sense. Also, we cannot guarantee the actual identity of the individuals who provided the data. If you suspect fraud or abuse, please notify us immediately. When providing information on the Site, please respect the rights of others in relation to the protection of their personal data and other rights.

GENERAL INFORMATION ABOUT THE POLICY

This Personal Data Policy may be changed or supplemented due to a change in the applicable Bulgarian or European legislation or at the initiative of THE BEACH TOWELS EOOD or a competent authority. If we make such changes or additions, we will inform users by posting the updated Privacy Policy on our website.

SECURITY MEASURES

To protect the data of the company and our customers/users/co-contractors/visitors on the Site, we use all the necessary organizational and technical measures provided for in the General Data Protection Regulation and the Personal Data Protection Act, as well as the best international standards. We implement physical, electronic and administrative procedures to prevent accidental or unauthorized access, destruction, loss, alteration or disclosure of data.

We store your data on secure servers using the latest encryption algorithms and guarantee the storage of backup copies.

The company has adopted the necessary rules and procedures related to the lawful processing of your personal data, incl. An action plan in the event of a data security breach, has established structures to prevent abuses and security breaches, and has designated a Data Protection Officer who supports the processes of lawful processing, protection and ensuring the security of your data.

Access to your personal data is permitted only to those employees, service providers or persons related to it on the basis of the need for information for official purposes or who need it for the performance of their official duties. All employees/employees are required to be trained and accept the relevant contractual clauses/declarations/rules to comply with organizational and technical access measures before being granted access to information of any kind.

It is a principle in our structure that all employees/employees are responsible for ensuring the security of the storage of the data for which they are responsible and which we process, and that the data is stored securely and is not disclosed under any circumstances to third parties, unless we have granted such rights to that third party by entering into a confidentiality agreement/clause. In this regard, all personal data is available only to those who need it, and access can only be granted in accordance with established access control rules. All personal data is treated with the utmost security and stored:

• in a private room with controlled access; and/or

• in a locked cabinet to which authorized persons have access; and/or

• a computerized system protected by a password in accordance with the internal requirements specified in the organizational and technical measures for controlling access to; and/or

• computer media that are protected in accordance with organizational and technical measures to control access to information.

Personal data is deleted or destroyed only in accordance with internal data storage and destruction procedures.

For maximum security when processing, transferring and storing your data, we may use additional protection mechanisms such as encryption, pseudonymization, back up technology.

Where we use a payment service to process payments, all payment information is encrypted using SSL technology.

When you post to forums, chat rooms or social networking services, the personal information you share is visible to other users and can be read, collected or used by them. In these cases, you are responsible for the personal information you choose to provide.

Despite the measures we implement to protect your personal data, we are aware that in general the transmission of information over the Internet or other public networks is not completely secure, and there is a risk that the data can be viewed and used by unauthorized third parties. We cannot accept responsibility for these vulnerabilities of systems that are not under our control. In the event of a data leak containing personal data, we ensure that we will comply with all applicable notification norms in such cases.

COOKIE POLICY

As an integral part of this Privacy Policy for the personal data of individuals, THE BEACH TOWELS EOOD has also adopted a Cookie Policy – “Cookie Policy”, published and available both on the Site and on our Facebook page.

CONTACT WITH US

DATA PROTECTION OFFICER (DPO)

Questions and requests related to the exercise of the rights to protect your personal data can be directed to THE BEACH TOWELS EOOD, through the contact form available on the Site or subsequently one of the specified contact forms:

PRIVACY DATA REQUEST FORMS

Select your request:


Data Protection Officer (DPO): Simona Dimitrova Ivanova

Correspondence address: Online contact form – https://thebeachtowels.com/contact-us/