Privacy policy

(Privacy Notice)

1. Name: "Brillmonde Jewelry"

2. UIC: 0248106309

3. Headquarters and registered office: Sofia, Bulgaria

4. Phone: +359 888 103202

5. E-mail address: office@brillmonde.com

6. Website: https://brillmonde.com/

"Brillmonde Jewelry" Ltd (the "Company" or the "Controller") operates in accordance with the Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data ("General Data Protection Regulation" or the "Regulation"). This "Privacy Policy" ("Privacy Policy" or "Policy") is intended to inform each Customer (as defined below) of the Company regarding the processing of data by which a particular Customer is or may be identified.

For the purposes of the Policy, a "Customer" is any natural person party to a contract with the Company for the purchase and sale of goods, as well as any natural person who has expressed a willingness to enter into a pre-contractual relationship with the Administrator and/or user of the Online Shop "Brillmonde", accessible on the Internet at the following electronic address: https://brillmonde.com/ , and any director, manager, agent, attorney, employee, partner, shareholder, beneficial owner of a legal person or other legal entity using the Online Shop.

 

1. What personal data do we process?

The Company processes, as a data controller, the following groups of personal data of Customers:

- Physical identity - name, PIN, address, telephone number, e-mail address;

- Economic identity - bank account number information.

The personal data is collected by the Controller from the persons to whom it relates.

 

2. How we collect personal data

We collect personal data:

- In the process of registration on the E-shop website and when using the E-shop without registration;

- when carrying out correspondence with the Customer, which may include communication in written form, including electronic form and oral form;

- by cookies when using or browsing our website.

In some cases we may also collect information from third parties or public sources.

Our website collects data in log files. This information contains data about your IP address, Internet Service Provider, the browser you are using, your operating system, when you visited our website, the pages you visited.

Our website uses cookies. "Cookies are small files of information that a website sends to a visitor's browser. The browser stores this information in a text file on the user's end device. They help us make our website work better for you. For more information about our use of cookies, please see our Cookie Policy, published on the E-Shop website: https://brillmonde.com/

 

3. Do we process special categories of personal data?

The Company does not process special categories of personal data of Customers.

 

4. For what purposes do we process personal data?

The Company processes Customers' personal data for the following purposes:

- Providing you with information and assistance you have requested from us;

- individualising and contacting customers and beneficial owners;

- for all activities related to the existence, modification and termination of the relationship between the Company and the Customer;

- offering and promoting additional services;

- compliance with regulatory requirements;

- defending any dispute and co-operating with regulatory authorities to the extent required by law.

If we do not process this personal data, we may not be able to provide you with our services or the assistance you have requested.

 

5. On what legal basis do we process personal data?

Customers' personal data is collected, processed and used based on several processing grounds:

- For the performance of a contract or to enter into a pre-contractual relationship;

- To comply with a legal obligation applicable to the Company;

- For the purposes of the legitimate interests of the Company or of a third party where the rights and interests of data subjects do not override them - to resolve disputes; to prevent, detect, investigate fraud, infringement or other unlawful conduct; to establish, exercise or defend legal claims;

- Subject to voluntary consent where required under applicable law.

 

6. For how long do we keep personal data?

The Company retains the personal data during the contractual relationship and until the contractual claim is extinguished and during a transitional period (e.g. to comply with archiving and record-keeping obligations). If legal or other action is initiated, personal data may be retained until the end of such action, including any possible appeal periods, and will then be deleted or archived as permitted by applicable law. Specifically, the various media of accounting and tax information containing personal data shall be retained for a period of 10 years from January 1 of the accounting period following the accounting period to which they relate.

Where your personal data is obtained and processed on the basis of consent given by you, we will only process your personal data to the extent that we have your consent to process your personal data.

 

7. With whom do we share personal data? Do we provide it to third parties?

The Company may, at its discretion, transfer some or all personal data to processors for the purposes of processing, subject to the requirements of the Regulation.

The Company shares personal data with:

- Third party service providers engaged by us to perform functions or activities on our behalf;

- third parties: regulators, tax, financial, judicial, administrative and law enforcement authorities, all in accordance with applicable law.

This list is not exhaustive and there may be other lawful purposes for retaining, disclosing or otherwise processing your personal data.

The Company shall notify the data subject in the event of an intention to transfer some or all of his or her personal data to third countries or international organisations.

 

8. Is the personal data protected?

The Company shall provide and maintain appropriate technical and organisational measures to protect personal data against unauthorised access to or unlawful use of personal data and/or against its accidental loss, alteration, disclosure, access and/or corruption or copying. These measures are intended to ensure the continued protection and privacy of personal data. The Company reassesses the measures on a regular basis in order to achieve permanent security of personal data.

 

9. Do we perform automated decision making?

The Company does not perform automated decision making with data.

 

10. What are the Customers' rights in relation to the protection of personal data?

Any Customer may proceed to exercise the rights set out below by written notice to the Company.

- Withdrawal of consent to the processing of personal data

Where the processing of a Customer's personal data is based on the Customer's consent to the processing of the Customer's personal data, the Customer shall have the right to withdraw their consent at any time. Withdrawal of consent shall not affect the lawfulness of processing based on consent given prior to its withdrawal.

- Right of access

Each Customer shall have the right to obtain confirmation from the Company as to whether his or her personal data is being processed by the Company. This includes the right of access to the personal data, the right to obtain a copy of the data free of charge (except in cases of excessive and repetitive requests), unless otherwise provided for in the applicable data protection rules, and the Customer's right to be provided with a description of the basic information relating to the processing of his personal data.

The Company shall provide the Customer, free of charge, with a copy of the Personal Data being processed, but reserves the right to charge an administrative fee in the event of repetitive or excessive enquiries.

- Right to rectification

Each Customer shall have the right to rectify or request the Company to rectify, without undue delay, inaccurate, incomplete or out of date personal data relating to him.

- Right to erasure (right to be forgotten)

Each Customer shall have the right to request the Company to erase the personal data relating to him/her without undue delay where any of the following grounds apply:

(i) the Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed;

(ii) the Customer withdraws his or her consent on which the processing of his or her data is based and there is no other legal basis for the processing;

(iii) Customer objects to the processing as set out below;

(iv) the Customer's personal data has been unlawfully processed; or

(v) the Customer's Personal Data must be erased in order to comply with a legal obligation under EU law, the law of a Member State or the law of another country;

(vi) the Personal Data has been collected in connection with the provision of information society services.

The Company may refuse to erase a Customer's personal data to the extent that processing is necessary:

(i) to exercise the right to freedom of expression and the right to information;

(ii) to comply with a legal obligation requiring processing under EU or Member State law applicable to the Controller or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

(iii) for reasons of public interest in the field of public health

(iv) for archiving purposes in the public interest, scientific or historical research or statistical purposes;

(v) for the establishment, exercise or defence of legal claims.

- Right to restriction of processing

Each Customer has the right to request the Company to restrict the processing of his or her personal data in the following cases:

(i) Where it disputes the accuracy of the personal data as provided by the Customer and processed by the Company (the restriction shall be for a specified period to allow the Company to verify the accuracy of the personal data);

(ii) Where the processing is unlawful but the Customer does not wish the Personal Data to be erased, but instead requests a restriction on its use;

(iii) Where the Company no longer requires the Personal Data for the purposes of the processing but the Customer requires it to establish, exercise or defend legal claims;

(iv) Where a Customer has objected to processing and expects the Company to verify whether the Company's legitimate grounds for processing the personal data override the Customer's interests.

- Right to object

Each Customer shall have the right at any time on grounds relating to his or her particular situation to object to the processing of personal data concerning him or her.

A Customer may only exercise the right in respect of processing of his or her personal data that is carried out by the Company for the purposes of the legitimate interests of the Company.

If the objection is justified, the Company will cease processing the personal data concerning the objecting Customer unless the Company demonstrates that there are compelling legitimate grounds for the processing which override the Customer's interests.

- Right to data portability

This right includes the following options:

(i) to obtain the personal data in a structured, commonly used and machine-readable format for transfer to another controller, or

(ii) to obtain a direct transfer of the personal data to another controller, if technically feasible.

- Right to lodge a complaint

Each Customer has the right to lodge a complaint about the processing of his personal data by the Company with the Data Protection Commission, which is the competent supervisory authority.

Data Protection Commission

Address. 1592, ul. "1592 Prof. 2,

tel. (02) 91 53 519, fax: (02) 91 53 525

E-mail: kzld@cpdp.bg

website: www.cpdp.bg

 

11. What happens in case of change?

In the event of a material change in the way in which the Company processes Customers' personal data and/or in the types of personal data it processes and/or in any other aspect of the subject matter of this notice, the Company will notify Customers of the relevant change immediately by issuing and giving Customers an updated version of the notice.