WEBSITE PRIVACY POLICY

1. Data Administrator
We would like to provide you with information about how we collect and process your personal data on www.shtorimax.bg. The data administrator of the website (hereinafter also referred to as “We”, “Us”) is Shtori Dobrich Ltd, UIC: 204540348, which is responsible for the protection of your personal data.

Contact us:
Shtori Dobrich Ltd, 9300 Dobrich, 5 Boryana Str., Email: info@shtorimax.bg, Phone: +359 885 548 965
It is essential that the information we hold about you is accurate and up to date.

Please note – by providing your personal data, you confirm that you are 13 years of age or older. If this is not the case, you should contact us immediately so that we can take action to delete them.

2. What data we collect about you, for what purpose and on what basis we process it
Personal data is any information that can identify a person. Anonymous data is not included in this category. We process the following categories of personal data:

– Communication Data Includes any message you send to us, whether it is through the communication form on our website, via email, a message or post on social media or any other type of message sent. We process this data for the purpose of communicating with you, for record keeping and for the establishment, exercise or defence of legal claims. The legal justification for this processing is our legitimate interests, which in this case are responding to communications sent to us, keeping records and for pursuing or defending legal claims.

– Customer details. Include data related to the purchase of goods and/or services, such as your name, billing address, shipping address, email address, other contact details (phone number), statistics about your purchases, and more. We process this data to deliver the goods and/or services you have purchased and to keep records of such transactions. The legal justification for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.

– User data. They include data about how you use our website and other online services. We process this data to operate our website and ensure that we provide you with relevant content, to ensure its security, to maintain backup copies of our website and/or database and to enable us to manage and administer our website, other online services and business. The legal justification for this processing is our legitimate interests, which in this case allow us to properly administer our website and business.

– Technical data. This includes data relating to your use of our website and online services, such as your IP address, login details, browser details, length of time you visit pages on our website, page views and navigation paths, details of the number of visits to our website, time zone settings and other technologies on the devices you use to access our website. The source of this data is from our analytics tracking system. We process this data to analyse the use of our website and other online services, to administer and protect our business and website, to provide relevant content and advertisements, and to understand the effectiveness of our advertisements. The legal justification for this processing is our legitimate interests, which in this case will allow us to properly administer our website and business, grow our business and determine our marketing strategy.

– Marketing data. Include data relating to your preferences for receiving marketing information from us and third parties and your preferred method of communication. We process this data so that we can include you in our promotions, provide you with relevant content and advertisements, and understand the effectiveness of those advertisements accordingly. The legal justification for this processing is our legitimate interests, which in this case will help us to study how customers use our products/services, develop them, grow our business and determine our marketing strategy.

– We may use Customer Data, User Data, Technical Data and Marketing Data to provide you with relevant content and advertisements (including Facebook Ads or other advertisements) and to understand the effectiveness of the advertisements provided accordingly. The legal justification for this processing is our legitimate interests, which relate to the growth of our business. We may also use this data to send you other marketing messages. The legal justification for this processing is either consent or legitimate interests (namely growing our business).

– Confidential data
We do not collect any confidential information about you. Confidential data includes data relating to your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, genetic and biometric data. We do not collect information about criminal convictions and offences.

Please note – where we are required to collect personal data by law or under the terms of a contract between us and you do not provide this data to us on request, we may not be able to perform the contract (for example, to supply you with goods or services). If you do not provide us with the requested details, we may have to cancel the product you have ordered, but if we do, we will notify you in good time.

We will only use your personal data for the purpose for which it was collected or, if necessary, for a purpose similar in purpose to the main purpose. For more information, please email us at info@shtorimax.bg. If we need to use your data for an unrelated new purpose, we will notify you, setting out the legal reasons for our actions.

We may process your personal data without your knowledge or consent, but only to the extent permitted by law. We do not perform automated decision-making or automated profiling.

3. Ways of collecting your personal data:
– Provided to us personally by you (for example, by filling in forms on our website or by sending us emails);
– Automatic collection of certain data obtained from you when you use our website through the use of cookies and similar technologies. Please see our cookie policy for more details.

– We may receive data from third parties such as: analytics providers (e.g. Google) based outside the EU; advertising networks (e.g. Facebook) based outside the EU; search information providers (e.g. Google) based outside the EU; technical, payment and delivery service providers, information brokers or aggregators.

4. Marketing Communications
The legal justification for processing your personal data for marketing communications purposes is: your consent or our legitimate interests (for example – to expand our business).

In accordance with data protection and electronic communications laws, we may send you marketing communications if:
(A) make a purchase, register on our site or make an enquiry to us about our goods or services; or
(B) you have consented to receive marketing communications, in either case you have not expressly opted out of receiving such communications. Under the law, if you are a legal entity, we may send you marketing emails without your consent. In this case, you may also opt-out of receiving marketing emails from us at any time.

Before we share your personal data with third parties for their marketing purposes, we will ask for your explicit consent.
You may request that we stop sending marketing communications to you at any time.

Please note – if you opt-out of receiving marketing communications, this opt-out does not apply to personal data provided as a result of other transactions such as purchases, etc.

5. Sharing your personal data
We may share your personal data with the following parties:

– Service providers that provide IT services and system administration;
– Professional advisers including lawyers, bankers, auditors and insurers;
– Government bodies that require us to report on processing;
– Courier companies;
– Third countries

We require all third parties to whom we transfer your data to respect the security of your personal data and treat it in accordance with the law. Third parties may only process your personal data for specified purposes and in accordance with our instructions.

6. Data security
We have security measures in place to prevent the accidental loss, use, alteration, disclosure or unauthorised access to your personal data. We only provide access to your personal data to those employees and partners who have a business need to use such data. They are instructed to process your personal data according to our instructions and to respect the rules of confidentiality.

We have a procedure for dealing with suspected leaks of your personal data and will notify you, and the relevant regulators, of such breaches if and when necessary.

7. Data retention
We will retain your personal data for as long as is necessary to fulfil the purposes for which we collected it or to satisfy any legal, accounting or reporting requirements.
When deciding how long to keep this data, we consider its quantity, nature and sensitivity, the potential risk of unauthorised use or disclosure and the purposes of the processing, and whether these can be achieved by other means and legal requirements.

Please note – tax laws require us to keep basic information about our customers (such as contact, identity, financial and transaction details) for up to ten years after you cease to be our customer.

In certain circumstances, we may make your personal data anonymous for research or statistical purposes, in which case we may use this information without restriction and without notifying you.

8. Your rights
Under data protection laws, you have rights in relation to your personal data which include the right to request access, rectification, erasure, restriction, transfer, objection to processing, data portability and (where the legal basis for processing is consent) to withdraw your consent.
See more about these rights at: https://www.cpdp.bg/?p=rubric&aid=2
If you wish to exercise any of your rights above, please contact us at: info@shtorimax.bg

There is no fee to access your personal data (or to exercise any of your other rights). However, the law allows us to impose a reasonable fee if your request is clearly unreasonable, repetitive or excessive, or not compatible with your request in the above circumstances.

We may need to ask you for specific information to confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This security measure ensures that your personal data is not disclosed to persons who are not entitled to receive it. We may also contact you to request additional information regarding your application in order to expedite our response.
The deadline for responding to all legitimate requests is one month. If your request is particularly complex or you have made several requests and we cannot respond within a month, we will let you know.

If you are dissatisfied with the way your data is collected and used, you have the right to lodge a complaint with the Data Protection Commission (https://www.cpdp.bg). We would be grateful if, in the event of an objection or complaint, you would contact us first to find a way to resolve the problem.

10. Third Party Links
This website may include links to other third party websites, plugins and applications. Clicking on or activating these links may allow third parties to collect or share data about you. We do not control these websites and are therefore not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of each website you visit.

11. Cookies
You can set your browser to refuse all or some cookies or to warn you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become unavailable or may not function properly.