The rules published herein disclose our policy (“Policy”) concerning the personal data, which we collect through the websites www.aroma.bg (“Website”) in connection with the use of the Website, its services, content and resources. The collection, processing and storing of personal data of the Users of the Services shall be carried out by “Aroma Cosmetics Bulgaria” AD in its capacity of a personal data controller (“Controller”, “We”, “Us”)
Entry into effect: May 1 2020
Please read this Policy carefully before accessing the Website or its services. If you disagree with any of the terms, you should not access the Website or use our services products in any way or form.
- Who are we?
Aroma Cosmetics Bulgaria AD is a company duly incorporated and operating according to the law of the Republic of Bulgaria with UIC 121518666 and seat and registered address at Sofia, 12 “Kiril Blagoev” Str.
- Validity and effect
This Policy determines what happens to your personal data that you provide through the Website during the process of using its services and resources.
“Data processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of your personal data.
The use of the Website and its services and resources requires the provision of your consent with the hereby Policy.
The collection, processing and storage of your personal data is done in compliance with the Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, as well as with the applicable Bulgarian and European legislation.
We reserve our right to make amendments to this Policy at any given time at our own discretion. The new versions will be published on the Website. In case you are a registered user, you will be notified for the changes on the email address provided by you during registration. If you are a user who provide access to their personal data without registration (when making a purchase or sending an inquiry) you will be notified for the changes on the email address provided by you during the process of using the Website’s services.
In case you disagree with the changes you should notify us in writing, after which your data stored will be deleted.
“Personal data” are all data which contains identifiable information (e.g. name, address, telephone number, email, etc.). Before we collect and process your personal data we must receive your explicit, freely given, specific, informed and unambiguous consent.
The Policy published herein is applicable and valid for registered and unregistered users of the services of the Administrator, available through the Website. This Policy does not apply to social networks, other websites, platforms or companies, which the Administrator does not control but which give a link to or are connected directly or indirectly with the provided Services. You should be informed that those websites, platforms and companies have their own policies for the protection of personal data, for which we are not liable. You should become acquainted with the privacy policies of those other websites, platforms and companies before providing your personal data to them.
- Data we collect about you
You have the right to access the Website without providing your personal data or registration. However, the access to the services of the Website requires the provision of personal data, e.g. during registration, when making a purchase without registration, when paying for the purchase using one of the available on the Website methods, when sending an inquiry using the contact form available on the following links www.aroma.bg – here.
Data provided by you
When making a registration or a purchase without registration or sending an inquiry using the contact form you will be asked to provide information which is necessary solely for the purpose of using the services and resources of the Website. The collection of this data is carried out in compliance with the applicable privacy measures.
The use of the Website requires for you to be above the age of 16. By creating a registration, making a purchase or sending an inquiry, you confirm that you are above the age of 16.
The successful registration, purchase or inquiry requires you to fill certain fields marked as mandatory.
When making a user registration on the Website you must create your unique password, as well as provide your:
- first and last name;
- email address;
- country and city/location.
Alternatively, you can register on the Website using your Facebook profile.
When making a registration of a company on the Website, you must create your unique password, as well as provide the following data:
- company name;
- contact person;
- country, city/location, ZIP code, address and phone number for delivery;
- VAT registration – in case there is such;
- invoice address.
When making a purchase without registration you will be asked to provide your:
- first and last name;
- email address;
- country, city/location, ZIP code and address;
- phone number.
When sending an inquiry using the contact form available on the Website, you will be asked to provide the following data:
- first and last name;
- email address;
- subject and description of your inquiry.
When paying for the purchase made by bank transfer, you provide your:
- full name;
- bank name.
As part of the security measures for protection of personal data, we use the pseudonimisation method. Some categories of data you provide us with during the process of using the Website services are not able to identify you directly on their own, but can be linked to a physical person by using additional information, provided by you, therefore these categories will be handled as data regarding a physical personal who can be identified.
Providing us with optional data during the process of using the Website services is entirely on the user’s discretion. All optional data which you provide us with when using the Website or in another form of communication with us, which we did not explicitly ask for but you provided us with, will be treated as personal data, provided after explicit consent for processing. Such personal data will be treated in a legal fashion by applying the principles of minimization and limitation.
The user is liable for the provided contact information and other data which are incorrect, false or are regarding third persons (in any case whenever those third persons did not give their consent), as well as for all kinds of illegal or malicious processing of personal data and information.
We do not collect personal data which:
- reveals racial or ethnic background;
- reveals political, religious or philosophic beliefs;
- reveals membership in political parties or organizations or other religious, philosophical, political or syndicate structures;
- is regarding the user’s health condition, sex life or the human genome unless in the cases when a signal for unwanted side effects as a result of the use of the cosmetics is received;
- is provided by users under the age of 16 without the consent of their parents or legal guardians. The Administrator will delete all information provided by or regarding users who are under the age of 16 and did not receive the consent of their parents or legal guardians for the use of the Website, its services and content.
Data we collect automatically
Each time you visit the Website, we will automatically collect the following data:
- We collect device-specific information (such as your hardware model, operating system version, unique device identifiers).
- When you use the Website, we may collect and process information about your actual location. We use various technologies to determine location, including IP address, GPS, Wi-Fi access points and cell towers
Information we collect during the use of the Website services
- Information regarding other websites, which link to the Website, as well as such which the Website links to, date and hour of visit, visit duration, loading speed of the Website and other data regarding your interaction with the Website.
- Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
- This website uses the following types of cookies:
- “session cookies” which are erased when the user closes the browser;
- “persistent cookies” which remain on the user’s computer/device for a pre-defined period of time;
- “first-party cookies” which are set by the web server of the visited page and share the same domain;
- This Website uses the marketing services of Google Analytics for Display, more specifically the remarketing service. This service allows the targeting of advertisements to visitors of the Website.
You have the right to block advertisements from Google Analytics for Display and your exposure to advertisements from the Google Display Network. To do so, visit the Ads Preferences Manager (https://www.google.com/settings/ads/onweb/) and install the Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout/).
The Website uses remarketing for the purposes of online advertising, which means that users who did not refuse Google Display Network’s access in one of the abovementioned methods, may be exposed to advertisements of the Website in Google’s content network. Third parties like Google or Facebook may display advertisements of the Website in the websites from their content network (like Google Analytics and DoubleClick cookies) which contributes to the optimization of advertising based information, received from previous visit by users on the Website.
- For what purposes do we process your personal data?
We need the collected personal data to provide you with quality services and to provide timely technical and other assistance upon request.
We use the provided data as follows:
- To provide the normal functioning of all services of the Website, including but not limited to: making a registration on the Website, making a purchase through the Website, paying for the purchases made, contacting the Administrator;
- To provide secure and reliable use of services and content by verifying your access rights to the requested services and resources;
- To improve permanently the quality of our products and services by receiving your proposals, advices and ideas for improvement of the existing and the launching of new products and services through our Website;
- To send to you news, e-bulletins, promotions, interesting and useful information and other notifications;
- To invite you to take part in questionnaires and surveys of the opinion of users about the quality and the satisfaction with the offered Services and our website;
- For other purposes not forbidden by law regarding the quality provision of all current and future services and resources on the Website.
In case of a change in the purposes we will inform you and require your explicit consent for the processing of your personal data in accordance with the new purposes.
- Who has access to your personal data?
Your personal data will not be transferred to third parties, unless
- we have your express authorization for this;
- the third parties in question provide support to us, under an agreement, for the supply of our products or the provision of our services to you;
- it is required by law or when requested by a public authority;
- when this is necessary to protect the rights, property and security of users of the Website or other public interest; or
- in connection with the sale of a business, our company or its assets, subject to confidentiality obligations.
Our employees and consultants will have access to your personal data for the purposes of managing the Website and services, but are bound by a confidentiality obligation regarding the data to which they have access as part of the relevant operations.
Our employees and consultants are duly informed of the importance of the compliance with such confidentiality legal duty and are liable for the compliance with that obligation.
We may share data which does not identify you personally with our market partners (medias, marketing agencies and other business partners who have accepted to be bound by this Policy) with the purpose of providing you, after receiving your consent, with information regarding products and services, as well as promotions and offers.
We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. In case of disclosing personal data to a public authority in relation to an investigation or proceedings against a user, we are not obliged to notify said user for this disclosure.
- Your rights
Under the legislation in force, you are entitled to object, at any time and free of charge, to the processing of your personal data, by sending us a written request or by notifying us on the following email address: firstname.lastname@example.org
You are entitled to be informed every time before your personal data is transferred for the first time to third parties for the purposes of direct marketing, or when they are used on behalf of third parties. You are also entitled to object to this transfer or use, at any time and free of charge.
You are entitled to receive access upon notification to the personal data we store about you in a structured, commonly used and machine-readable format, by sending us a written request or by notifying us on the following email address: email@example.com
You are entitled to request the portability of your personal data to another data controller by sending us a written request or by notifying us on the following email address: firstname.lastname@example.org
If any of the data we have about you is incorrect or inaccurate, you may correct it by changing the information on your profile, by sending us a written request or by notifying us on the following email address: email@example.com
You are also entitled to request the complete erasure of your personal data by sending us a written request or by notifying us on the following email address: firstname.lastname@example.org
You may also request a restriction on the processing of your personal data with regard to specific actions on collection, processing or transferring by sending us a written request or by notifying us on the following email address: email@example.com
You are also entitled to request that third parties are notified about the rectification, erasure or restriction on the processing of your data so that these third parties comply with the respective request made by you.
In addition, you are entitled to file a complaint with the controlling authority which in Bulgaria, is the Commission for personal data protection (CPDP) with address: 1592 Sofia, 2 “Tsvetan Lazarov” Blvd..
- Personal data storage and retention period
The data we collect about you will be stored on servers located within the Republic of Bulgaria.
We shall store the personal data provided by you for a period not longer than necessary for the accomplishment of the abovementioned purposes or until the termination of the Services and/or the Website.
In case you want to delete your account on the Website, all of the data we store about you, will be deleted without delay.
By exception, we are entitled to further retention of the personal data where it is necessary, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in us in our capacity of Controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.
- Technical and organizational security measures. Risks
Being a personal data controller, we shall take all required technical and organizational measures in order to protect the data from accidental or illegal destruction or from accidental loss, from unauthorized access, amendment or distribution, as well as other illegal forms of processing.
Measures are consistent with the modern technological achievements and ensure level of protection, which corresponds to the risks associated with the processing and the type of the data, which must be protected.
All the information we receive from you will be stored on secure servers and we will implement technical and organizational measures that are suitable and necessary for your personal data to be protected with an appropriate level of security that will guarantee, in particular, the confidentiality and integrity of the data and prevent the destruction, the accidental or unlawful loss or changes, or the unauthorized disclosure or access of data.
In cases where we have supplied an access code to the Website, you acknowledge and accept that it is your responsibility to keep this code secret and confidential. We will never ask you to share this code with other people.
Notwithstanding the measures implemented to protect your data, you should be aware that the transfer of data through the Internet or other open networks is never completely secure and there is the risk that your data will be seen and used by unauthorised third parties.
For additional information, complaints or requests for exercising of your legal rights, you can contact us at:
- address: Sofia, 12 “Kiril Blagoev” Str.;
- telephone: 02/9350 335;
- email: firstname.lastname@example.org;
- Contact form;
For direct contact with our Data Protection Officer:
This policy enters into effect on May 25 2018 and is in compliance with the requirements of Regulation (EU) 2016/679 of the European parliament and the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).