I. PERSONAL DATA CONTROLLER
The controller of personal data on this website is SAFF BEAUTY EOOD (“the Company”), headquartered in Bulgaria, Botevgrad municipality, Trudovetz village, 19 Hristo Botev Str., postal code 2160, Company Identification Number (UIC): 203981304. The Controller defines the goals and methods for the processing of the information, as well as for the security procedures, which are applied, in order to guarantee the confidentiality, integrity and security of the data.
II. CONFIDENTIALITY PRINCIPLES
- Data is only processed for the purposes and according to the methods, presented in the moment when it is collected.
- Тhe data is used for additional purposes only with the explicit consent of the user (for example, for sending of promotional content.
- Access is granted to third parties only for purposes, related to the performance of the required service (for example banks, courier companies). These organisations are separate personal data controllers than the Company itself.
- The Company fulfils requests for erasing, changing or adding to provided data.
- The Company ensures that data is managed lawfully and that suitable security measures are implemented to protect the data provided by users.
III. HOW AND WHY WE PROCESS PERSONAL DATA
Your personal data is processed mainly electronically through saff.beauty and by third parties, selected for their reliability and experience. They perform activities of key importance for the use of the website and its services – the sale of products.
Your personal data is processed by the Company, in order to make the following services, possible on the Website:
- fulfillment of orders and activities, connected to this – name and surname, telephone number, email, postal address, IP address;
- registration or subscription to the information bulletin – email;
- publishing a product review – name, email address;
- management of payments made– for this purpose we only transfer the collected information for the execution of the transaction, after the transfer the information is not stored by us;
- management of customer requests: technical enquiries, trade related enquiries, questions about the status of orders made, as well as requests for additional information.
When processing your data, the Company tries to follow the strict necessity principle.
This is why the website is configured in such a way, that the use of personal data is limited to the minimum, necessary for correct operation.
IV. HOW LONG DO WE STORE THE DATA
The storage of personal data continues, while the Company has reasons for the keeping the information. The following data storage time periods for different data types are applied by the Company:
- data, connected to made orders – 5-year period;
- data for marketing purposes – for a period of 2 years or until consent for its use is expressly withdrawn;
- data, connected to the measurement of user behavior on the Website – for a period of 1 year, depending to the technology used.
V. YOUR RIGHTS WITH REGARD TO THE PROCESSING OF YOUR PERSONAL DATA
You always have the right to receive the following information from the Company:
- how your personal data is being used and for what purpose, as well as the source, from which the Company obtained it;
- what the goals and methods of processing your personal data are;
- what the logic, applied for the processing of the data by electronic means is;
- which categories of companies your personal data may be provided to;
- you may actualise, correct or add to your personal data;
- you may cancel, transform the data to an anonymous record or block or delete your personal data.
You may exercise your rights freely and at any time by sending a written request to the Company at firstname.lastname@example.org.
In case there has been a change in your personal data and you would like the Company to make corrections to it, please notify us in written form at the same email address.
VI. CATEGORIES OF THIRD PARTIES, WHICH RECEIVE ACCESS TO YOUR PERSONAL DATA
- transport/courier companies and postal operators with regard to the fulfilling of contractual obligations and sending of correspondence and communication, connected to the fulfilment of the contractual service and the sending of bought goods;
- notaries, lawyers or other third parties, if the client has breached an obligation, stipulated in a contract with the data controller;
- banks, servicing payments, made by and to clients;
- persons, providing consulting services in different spheres – lawyers, accountants, marketing agencies, etc.;
- bodies, institutions and persons whom we are obliged according to the law to provide personal data to.
In order for us to make your visit to our website attractive and to enable the use of certain functions, our website uses so called “cookies”.
We use session cookies in order to allow you to surf our website easily and freely, without losing the products you have added to your shopping cart. Session cookies also help to improve the loading time of the Website. They are erased, once you close your browser.
Persistent Cookies (a.k.a First-Party Cookies)
They do not lose their validity when the browser is closed. Their term of validity may vary, but is usually not longer than 6 months. We use them in order to save login data, so that it is not necessary to enter it every time. We also use them for personalisation and to save your preferences.
Cookies of External Service Providers
The origin of the cookies usually coincides with the name (domain) of the Website, on which they are placed. This does not apply to cookies of external service providers, which are created by the providers themselves. These cookies collect data about your habits and interests on the internet and could track your activity through different websites. Through them it is possible to determine which websites you visit, in what sequence and how much time you spend there. They are most frequently used to analyse the visits and interests of users toward a certain topic.
We use the services of the following partners:
VIII. HOW WE PROTECT YOUR DATA
The Company applies organizational, physical, IT and other necessary measures, to guarantee the security and protection of your personal data and the monitoring of its processing. The Company limits the access of its employees to personal data, except in the cases, in which there are reasons for them to handle such data as part of their duties. The Company has put physical, electronic and procedural protection measures in place, which ensure that its legal responsibilities, regarding the protection of the data concerning you are met.
Despite all security measures, which the Company applies, it cannot guarantee that all risk of access to the data from your device without your consent will be eliminated. The Company reminds you that you must ensure that your devices are equipped with the latest software for protection against data transfer in data networks (such as, antivirus systems) and the internet provider you use has taken all necessary measures, regarding network data transfer security (such as firewalls and spam filters).
IX. LINKS TO EXTERNAL WEBSITES
Latest update: 11.02.2022