HELIANTEAE Ltd. (hereinafter referred to as “Administrator” or “the Company”) operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This information is intended to inform you about all aspects of the processing of your personal data by the Company and the rights you have in connection with this processing.
Grounds for collecting, processing and storing your personal data
Art. 1. The administrator collects and processes your personal data in connection with the use of the website www.heliantheae.bg and concluding contracts with the company on the grounds of art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:
- Explicit consent received from you as a customer;
- Fulfillment of the obligations of the Administrator under a contract with you;
- Compliance with a legal obligation that applies to the Administrator;
- For the purposes of the legitimate interests of the Administrator or a third party;
- Explicit consent received from you as a customer;
Goals and principles in the collection, processing and storage of your personal data
Art. 2. (1) We collect and process the personal data that you provide to us in connection with the use of the website www.heliantheae.bg and the conclusion of a contract with the company, including for the following purposes:
- creating a profile and providing full functionality when using the online store;
- individualization of a party to the contract;
- accounting purposes;
- statistical purposes;
- information security protection;
- ensuring the implementation of the contract for the provision of the respective service;
- sending an information bulletin and emails with special offers if you wish;
(2) We observe the following principles in the processing of your personal data:
- legality, good faith and transparency;
- restriction of processing purposes;
- relevance to the purposes of processing and minimizing the data collected;
- accuracy and timeliness of data;
- limitation of storage in order to achieve the objectives;
- integrity and confidentiality of the processing and ensuring an appropriate level of security of personal data.
(3) When processing and storing personal data, the Administrator may process and store personal data in order to protect the following legitimate interests:
– fulfillment of its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal bodies.
What types of personal data our company collects, processes and stores
Art. 3. (1) The company performs the following operations with the personal data provided by you as clients, for the following purposes:
– Registration of a customer in the e-shop and execution of a contract for distance selling – the purpose of this operation is to create a profile for using the e-shop to purchase goods and provide contact information in order to deliver purchased goods . Registration and creating an account for using the online store are not mandatory steps in providing our service, and the latter is available without creating a personal account. The “User Registration” operation is considered eligible and provides sufficient guarantees to protect the rights and legitimate interests of data subjects in accordance with the requirements of the GDPR;
– Sending a newsletter– The purpose of this operation is to administer the process of sending newsletters, emails with special offers, promotions, promo codes, news and new features to customers who have stated that they wish to receive them.
– Exercise of the right of withdrawal or claim – the purpose of this operation is to administer the process of exercising the right of withdrawal or claim by the customer for the goods in respect of which these rights may be exercised.
(2) The administrator shall not collect or process personal data, which refer to the following:
- reveal racial or ethnic origin;
- disclose political, religious or philosophical beliefs, or trade union membership;
- genetic and biometric data, health data or data on sexual life or sexual orientation.
(3) The personal data are collected by the Administrator from the persons to whom they refer.
(4) The administrator does not have an automated process for data collection.
(5) The company does not collect data for persons under 16 years of age, except with the explicit consent of their parent or legal representative.
Art. 4. (1) The administrator shall process the following categories of personal data and information for the following purposes and on the following grounds:
– Your distinctive data (e-mail, name, etc.)
– Purpose for which the data is collected: 1) Making contact with the user regarding the sending of the ordered product or service, 2) for the purposes of registration of a user in the online store, and 3) for sending a newsletter, emails with special offers, promotions, promo codes, news and new features.
– Grounds for processing your personal data – By accepting the general conditions and registration in the e-shop or placing an order without registration, or by concluding a written contract, a contractual relationship is created between the Administrator and you, which is grounds to process your personal data. – art. 6, para. 1, p. (b) GDPR. Your data for sending a newsletter and emails are processed with your explicit consent – Art. 6, para. 1, p. (a) GDPR.
– Data for delivery (names, telephone, address, etc.)
– Purpose for which the data is collected: Fulfillment of obligations of the administrator under a contract of sale and delivery of purchased goods.
– Grounds for processing your personal data – By accepting the general conditions and registration in the e-shop or placing an order without registration, or by concluding a written contract, a contractual relationship is created between the Administrator and you, on which basis we process your personal data – Art. 6, para. 1, p. (b) GDPR.
– Purpose for which the data is collected: 1) Making contact with the user and sending information to him and 2) for the purposes of user registration in the online store.
– Grounds for processing your personal data – By accepting the general conditions and registration in the e-shop through a social network profile, a contractual relationship is created between the Administrator and you, on which basis we process your personal data – Art. 6, para. 1, p. (b) GDPR.
– Data from your social media accounts (publicly available information from your Twitter, Facebook accounts)
Term of storage of your personal data
Art. 5. (1) The administrator stores your personal data for a period not longer than the existence of your account in the online store or the execution of the order “as a guest”. After deleting your account or completing the order, the Administrator takes the necessary care to delete and destroy all your data without undue delay or to anonymize it (ie to make it in a form that does not reveal your identity).
(2) The Administrator shall store your personal data provided in connection with online orders for a period of 5 years for the purposes of protecting the legal interests of the Administrator in court or administrative disputes with users of the online store, and the accounting documents shall be stored for the respective statutory term.
(3) The Administrator shall notify you in case the term for data storage needs to be extended in view of fulfillment of a normative obligation or in view of legitimate interests of the Administrator or otherwise.
(4) The administrator stores the personal data, which it is necessary to keep by virtue of the applicable legislation for the respective envisaged term, which may exceed the term of existence of your account in the e-shop or until the completion of the order.
Art. 6. (1) The Administrator shall store the personal data of the legal representatives of his trade partners for the term of performance of the contract, for observance of the legitimate interests and legal obligations of the Administrator, as this term may exceed the term of the concluded contract.
Transfer of your personal data for processing
Art. 7. (1) The controller may, at its own discretion, transfer part or all of your personal data to personal data processors for the fulfillment of the processing purposes with which you have agreed, in compliance with the requirements of Regulation (EU) 2016/679 (GDPR) .
(2) The administrator notifies you in case of intention to transfer part or all of your personal data to third countries or international organizations.
Your rights in the collection, processing and storage of your personal data
Withdrawal of consent for the processing of your personal data
Art. 8. (1) If you do not wish all or part of your personal data to continue to be processed by the Company for specific or all purposes of processing, you may at any time withdraw your consent to processing by filling in the “Withdrawal Form consent for the purposes of processing ”or by request in free text.
(2) The administrator may request that you certify your identity and identity with the person to whom the data relate.
(3) By withdrawing the consent for processing personal data, which are mandatory for creating and maintaining an account in the online store, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or make a new registration.
(4) If there is an order made by you, which is in the process of processing, the earliest moment in which you can withdraw your consent for processing is within two working days after the successful completion of the order.
(5) You may at any time withdraw your consent to the processing of your personal data for the purposes of direct marketing.
(6) The withdrawal of the consent shall not affect the legality of the processing of personal data, which the Administrator has performed so far.
Right of access
Art. 9. (1) You have the right to request and receive from the Administrator confirmation whether personal data related to you are processed, and you can at any time see in your profile, if you are a registered user, the data we process for you.
(2) You have the right to access the data related to you, as well as the information related to the collection, processing and storage of your personal data.
(3) The administrator shall provide you, upon request, with a copy of the processed personal data related to you, in electronic or other appropriate form.
(4) The provision of access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of recurrence or excessiveness of the requests.
Right of correction or completion
Art. 10. You may correct or complete inaccurate or incomplete personal data relating to you directly through your account on the Website or by making a request to the Administrator.
Right to delete
Art. 11. (1) You have the right to request from the Administrator deletion of part or all personal data related to you, and the Administrator has the obligation to delete them without undue delay, when there is any of the following reasons:
- personal data are no longer needed for the purposes for which they were collected or otherwise processed;
- You withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
- You object to the processing of personal data related to you, including for the purposes of direct marketing, and there are no legal grounds for processing to take precedence;
- personal data have been processed illegally;
- personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the Controller;
- personal data have been collected in connection with the provision of information society services.
(2) The administrator shall not be obliged to delete the personal data if he stores and processes them:
- to exercise the right to freedom of expression and the right to information;
- to comply with a legal obligation requiring processing provided for in EU law or the law of a Member State applicable to the Administrator or for the performance of a task in the public interest or in the exercise of official powers conferred on him;
- for reasons of public interest in the field of public health;
- for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
- for the establishment, exercise or defense of legal claims.
(3) In case of exercising your right to be forgotten, the Company will delete all your data, except for the following information:
- information needed to certify that your right to be forgotten has been exercised – email, IP address;
- technical information about the functioning of the online store, which information cannot be connected in any way with your personality;
(4) In order to exercise your right to be forgotten, it is necessary to take the following steps:
- Apply by sending a completed “Request to be forgotten”;
- To identify yourself as an account holder;
(5) After certifying the identity of the person who submitted the request and the person to whom the data relate in accordance with the above steps, we will delete all data that we process for you, in accordance with para. 3.
(6) If there is an order made by you, which is in the process of processing, the earliest moment in which you can request to be “forgotten” is within two working days after the successful completion of the order.
(7) By deleting your personal data, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or make a new registration.
(8) The administrator shall not delete the data, which he has a legal obligation to store, including for protection on the occasion of court claims against him or proof of his rights.
Right of restriction
Art. 12. You have the right to ask the Administrator to restrict the processing of data related to you when:
- challenge the accuracy of personal data for a period that allows the Administrator to verify the accuracy of personal data;
- the processing is illegal, but you do not want the personal data to be deleted, only their use to be restricted;
- The controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or protection of your legal claims;
- You have objected to the processing pending verification that the legal grounds of the Administrator take precedence over your interests.
(2) In case of exercising your right of restriction, the Company will suspend the processing of your data, but will not remove the entered data that you have entered in the online store.
Right of portability
Art. 13. (1) If you have given consent for the processing of your personal data or the processing is necessary for the performance of the contract with the Administrator, or if your data are processed in an automated manner, you may, after identifying yourself with the Administrator:
- to ask the Administrator to provide you with your personal data in a readable format and to transfer them to another Administrator;
- to ask the Administrator to directly transfer your personal data to an administrator specified by you, when this is technically feasible.
(2) You can at any time download or receive in machine-readable format the data that are stored and processed for you in connection with the use of the services of the Administrator with a request by email.
Right to receive information
Art. 14. You can ask the Administrator to inform you about all recipients to whom the personal data for which correction, deletion or restriction of processing has been requested have been disclosed. The administrator may refuse to provide this information if this would be impossible or would require a disproportionate effort.
Right to object
Art. 15. You may object at any time to the processing of personal data by the Administrator relating to him, including if they are processed for the purposes of profiling or direct marketing.
Your rights in the event of a breach of the security of your personal data
Art. 16. (1) If the Administrator finds a violation of the security of your personal data, which may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the violation, as well as of the measures that have been taken or are to be taken. .
(2) The administrator is not obliged to notify you if:
- has taken appropriate technical and organizational protection measures with regard to the data affected by the security breach;
- has subsequently taken steps to ensure that the breach does not pose a high risk to your rights;
- notification would require a disproportionate effort.
Persons to whom your personal data is provided
Art. 17. For the purposes of processing your personal data and providing the service in its full functionality and in view of your interests, the Administrator may provide your data to the following personal data processors:
|Processing personal data||Purpose of personal data processing|
|Supplier / Courier company||Delivery to address|
The specified processors of personal data comply with all requirements for legality and security in the processing and storage of your personal data.
Art. 18. The administrator does not transfer your data to third countries.
Art. 19. In case of violation of your rights under the above or applicable legislation on personal data protection, you have the right to file a complaint to the Commission for Personal Data Protection as follows:
|Name||Commission for Personal Data Protection|
|Headquarters and address of management||Sofia 1592, Prof. Tsvetan Lazarov ”№ 2|
|Mailing address||Sofia 1592, Prof. Tsvetan Lazarov ”№ 2|
|Phone||02 915 3 518|
Art. 20. You can exercise all your rights regarding the protection of your personal data through the forms attached to this information or through the functionalities in your account. Of course, these forms are optional and you can submit your requests in any form that contains a statement to that effect and identifies you as the data owner.
Art. 21. If the consent relates to a transfer, the controller shall describe the possible risks for the transfer of the data to third countries in the absence of a decision on adequate protection and appropriate means of protection.
Art. 23. The administrator does not have its own servers to store your data. The agreed relationship with the Administrator on this issue requires the submission of a “Privacy Statement” and the company that serves the Administrator and physically owns the servers on which your personal data is located.
- Declaration of confidentiality of “SuperHosting.BG” Ltd.
- Electronic signature accompanying the above declaration
Forms for exercising your rights in relation to your personal data:
- Withdrawal form for the purposes of processing – Annex № 1
- Request to be forgotten – to delete personal data relating to me – Annex № 2
- Request for portability of personal data – Annex № 3
- Request for correction of data – Annex № 4
HELIANTEAE Ltd. uses the web hosting services of “SuperHosting.BG” Ltd.
Here you can read their protection of personal data of all customers of the company.