PRIVACY POLICY


I. GENERAL PROVISIONS

Art. 1. (1) "Pro Design G" LTD (hereinafter referred to as the "Company") is registered in the Commercial Register at the Registration Agency with VAT BG202389709, with registered office and management address: R. of Bulgaria, city of Plovdiv, 12 Nikola Voivodov Str.

     (2) The company is a personal data administrator, processing personal data in connection with its activity and only determining the purposes and means of their processing.

     (3) Personal data protection officer is: Georgi Georgiev, email: admin@gzonebg.com.

We, the S & K team, know how important it is to you to protect your personal data and in this regard we most responsibly declare that the processing of personal data such as name, address, e-mail address or telephone number etc. will always be in accordance with the General Data Protection Regulation (GDPR) and the specific data protection regulations of the countries applicable to PRO DESIGN G LTD. With this data protection policy, we would like to inform you about the nature, scope and purpose for which we collect, use and process personal data. In addition, through this data protection policy, personal data subjects are informed about the rights they have.

Art. 2. This privacy and cookie policy (the "Policy") provides information on the personal data that the Company processes and on the terms and conditions by which individuals whose personal data is processed exercise their rights.

Art. 3. FOR THE PURPOSES OF THE PERSONAL DATA PROTECTION POLICY:

     (1) "PERSONAL DATA" means any information relating to an identified natural person or an identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, the physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person;

     (2). "PROCESSING" means any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or other way in which the data is made available, arranged or combined, restricted, deleted or destroyed;

     (3). "LIMITATION OF PROCESSING" means the marking of stored personal data in order to limit their processing in the future;

     (4). "PSEUDONYMIZATION" means the processing of personal data in such a way that the personal data can no longer be associated with a specific data subject without the use of additional information, provided that it is stored separately and is subject to technical and organizational measures with purpose of ensuring that the personal data is not linked to an identified natural person or an identifiable natural person;

     (5). "REGISTER OF PERSONAL DATA" means any structured set of personal data accessed according to certain criteria, regardless of whether it is centralized, decentralized or distributed according to a functional or geographical principle;

     (6). "ADMINISTRATOR" means a natural or legal person, public body, agency or other structure which alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of a State Member State, the controller or the special criteria for its designation may be established in Union law or in the law of a Member State;

     (7). "PROCESSOR OF PERSONAL DATA" means a natural or legal person, public body, agency or other structure that processes personal data on behalf of the controller;

     (8). "REcipient" means a natural or legal person, public body, agency or other structure to which the personal data is disclosed, regardless of whether it is a third party or not. At the same time, the public authorities that may receive personal data within the framework of a specific investigation in accordance with Union law or the law of a Member State shall not be considered as "recipients"; the processing of this data by the specified public authorities complies with the applicable data protection rules in accordance with the purposes of the processing;

     (9). "THIRD PARTY" means a natural or legal person, public body, agency or other body other than the data subject, the controller, the personal data processor and the persons who, under the direct supervision of the controller or the personal data processor, have the right to process the personal data;

     (10). "DATA SUBJECT CONSENT" means any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or clear affirmative action, which expresses his consent to the personal data relating to him being processed;

     (11). "PERSONAL DATA SECURITY BREACH" means a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data that is transmitted, stored or otherwise processed;

     (12). "SUPERVISORY AUTHORITY" means an independent public authority established by a Member State pursuant to Article 51 of the General Data Protection Regulation.

Art. 4. The principles related to the processing of personal data are:
     (1) Principle of legality, good faith and transparency of personal data processing - the collection of personal data must be within the scope of what is necessary. Information is collected in a legal and objective manner;

     (2) Principle of reducing data to a minimum, as well as limitation of purposes and storage - personal data must not be used for purposes other than those for which they were collected, except with the consent of the person or in cases, expressly provided for in the law. Personal data must be stored for a period no longer than is necessary for the purposes for which the personal data are processed;

     (3) Principle of accuracy - personal data must be precise, accurate, complete and up-to-date, insofar as this is necessary for the purposes for which they are processed;

     (4) Principle of integrity and confidentiality – personal data must be processed in a way that guarantees an appropriate level of personal data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organizational measures.

Art. 5. Personal data of the customers-individuals of the Company's electronic store www.puloveri.com are processed in the "Customers" register.


II. CUSTOMER REGISTER


Art. 6. (1) The following categories of personal data are processed in the "Clients" register:

  • 1. name and surname;
  • 2. email;
  • 3. address;
  • 4. gender;
  • 5. telephone;
  • 6. IP address - location;
  • 7. IBAN of the user - for the return of relevant amounts in case of complaints and/or cancellation of the contract.

     (2) The data under para. 1, m.p. 1, 2, 3, 5 and 7 are processed for the purpose and on the basis of the fulfillment of the distance contract concluded between the Company and the user and on the basis of the Accounting Act, the Consumer Protection Act, as well as for the purposes of concluding the same.

     (3) The data under para. 1, m.p. 1, 2, 4, 5 and 6 are processed for the purpose of marketing activities, on the basis of the legitimate interest of the Company and only after providing express consent for processing for the purpose of marketing activities. Consent to the transitional sentence is provided in electronic form by marking it on the homepage of the Company's website or from the user's profile in the "Settings" menu. The consent granted in accordance with this provision can be withdrawn by the user at any time by marking on the homepage of the Company's website or from his profile in the "Settings" menu.

     (4) In case of consent given by a user for the processing of his personal data for the purpose of marketing activities, the user consents to the data specified in para. 3 to be processed for the purpose of offering goods and services to the user by e-mail, by telephone and/or by means of a newsletter sent by e-mail, survey for the purpose of research on the goods offered, as well as for the performance of business analyses, tracking of user behavior, preferences of the latter as well as advertising.

     (5) The company does not have access to card data, as well as authentication data when paying with a credit or debit card or through an account in ePay.bg, PayPal.com or another external payment platform, and does not register or store them in any way.

     (6) The data under para. 1, item 6 are processed for the purpose of marketing activities, on the basis of the legitimate interest of the Company and only after providing express consent for processing for the purpose of marketing activities through the use of cookies. Consent to the transition clause is provided in electronic form via a pop-up window at the bottom of the Company's website home page. You can disable the use of cookies through your browser settings. Your browser's help functions can show you how to turn off and/or delete cookies in it. Please note that disabling/deleting cookies may prevent the normal functioning of certain functions on our site.

    (7) In the case of consent given by a user for the processing of his personal data for the purpose of marketing activities through the use of cookies, the user agrees to the data specified in para. 6 to be processed in order to track his behavior, the latter's preferences, as well as advertising.

Art. 7. (1) Personal data in the "Clients" register are processed on an electronic medium.

     (2) The personal data under Art. 6, para. 2 of the Policy are collected by the users themselves in specially developed software for orders and are stored in an electronic version in a server rented by the Company, located in the Republic of Bulgaria, for a period of 10 years, starting from January 1 of the year following the year of occurrence of the relevant legal relationship, based on Art. 12, para. 1, item 2 of the Accounting Act. After the expiration of the storage period and in the event that there are no documents subject to transfer to the State Archives, all data carriers from the register are destroyed by an appropriate method, incl. and deletion of electronic backups.

     (3) The personal data under Art. 6, para. 3 (with the exception of an IP address) of the Policy are collected by the users themselves in the specially developed software for orders and are stored for the periods specified below in Art. 9, Art. 10 and Art. 11 of this Policy.


Art. 8. (1) The administrator assigns the processing of personal data under Art. 6, para. 1, item 1 to item 5 incl. and item 7 of this Policy in the "Clients" register of persons appointed under an employment relationship. The rights and obligations of the individual data processors are specified in the relevant job description.

     (2) The administrator assigns the processing of personal data under Art. 6, para. 1, items 1, 3 and 5 on the basis of performance of a contract of the following companies, for processing orders from users, pursuant to Contracts concluded between them and the Company:
• - PRO DESIGN G LTD with VAT BG202389709.

     (3) The administrator assigns the processing of personal data under Art. 6, para. 1, items 1, 3 and 5 on the basis of performance of a contract of the following companies providing courier services for the delivery of items ordered by users, pursuant to Contracts concluded between them and the Company:
• - For shipments on the territory of the Republic of Bulgaria - "Speedy" AD with VAT BG131371780 and Econt Express LTD with VAT BG117047646.


     (4) Upon request for information related to the execution of a specific remote contract, access to the "Clients" register is granted to the manager of the Company.

     (5) Access to personal data of a person from the "Clients" register is given to a legal consultant or a lawyer, in connection with the protection of the Company's rights in the event of a dispute between the parties and/or need for consultation.


Art. 9. (1) If consent is provided by a user under Art. 6, para. 4 of this Policy, users receive messages about promotions, campaigns or sales of certain goods through a newsletter received by e-mail or receive such information by telephone, their behavior on the site and their preferences are studied.

     (2) The persons processing the data for the purpose of carrying out the actions under para. 1, except those specified in Art. 9, 10, 11 and 12 are also persons appointed under an employment relationship with the Company. The rights and obligations regarding data processing according to the previous sentence are regulated in the job descriptions of the persons.


Art. 10. (1) Marketing activities related to user behavior analysis and advertising with consent provided under Art. 6, para. 6 of this Policy are also carried out by processing data that do not allow the identification of a natural person (e.g. name, surname, telephone number, address, etc.), but by the activity of the user through the relevant browser through the so-called cookies or advertising banners, which contains the following data:

  • 1. events related to the activity of the Company's website (number of pages viewed on the website, products viewed on the website, searches on the Company's website);
  • 2. information related to the user's device (device type, operating system and version);
  • 3. approximate location derived from the IP address.
  •      (2) The activities under para. 1 are carried out through so-called "cookies", which are used by the Company or by third party partners of the Company. Cookies are small packets of information sent by website pages to a user's browser and stored on their device.

     (3) The company uses two types of cookies: necessary and functional.

     (4) For the processing of the data under para. 1 through cookies and advertising banners, the user must provide his express consent to the use of cookies in accordance with Art. 6, para. 6 of this Policy. The granting or withdrawal of consent does not apply to the use of necessary cookies, since the Company's website cannot operate without them.


Art. 11. Cookies ensure the functioning of the site by providing the possibility to access the profile of the respective user on the site and to process orders made, as follows:

Targeting cookies

Cookie keyDomainPathCookie typeExpirationDescription
_fbp
More info
.puloveri.com/First-party3 monthsUsed by Meta to deliver a series of advertisement products such as real time bidding from third party advertisers

Functional cookies

Cookie keyDomainPathCookie typeExpirationDescription
ssupp.vid
More info
                puloveri.com/First-party6 months
external_id
More info
                puloveri.com/t/css/cFirst-partyUntil the session expires
pageview_event_id
More info
                puloveri.com/t/css/cFirst-partyUntil the session expires
fb_pixel_newsletter_event_id
More info
                puloveri.com/t/css/cFirst-partyUntil the session expires
fb_pixel_time_event
More info
                puloveri.com/t/css/cFirst-partyUntil the session expires
PrestaShop-[abcdef0123456789]{32}
More info
                puloveri.com/First-party1 година
fbp
More info
                puloveri.com/bg/module/facebookconversiontrackingplusFirst-partyUntil the session expires
ssupp.visits
More info
                puloveri.com/First-party6 months
fb_event_start_payment
More info
                puloveri.com/bg/module/supercheckoutFirst-partyUntil the session expires
fb_pixel_viewcategory_event_id
More info
                puloveri.com/bgFirst-partyUntil the session expires

_ga

     google-analytics.combg/modules/smgoogleFirst-party2 years

_gat

     google-analytics.combg/modules/smgoogleFirst-partyUntil the session expires

_gid

     google-analytics.combg/modules/smgoogleFirst-partyUntil the session expires

Art. 12. The company uses the following websites and their cookies, and the type and name of the cookies and the place and term of storage of the third parties listed below is indicated in the above tables:

     1. Google Analytics - a web analysis service offered by Google LLC., 1600 Amphitheater Parkway Mountain View, CA 94043, USA, which uses cookies stored on the user's computer to enable the analysis of the use of the site by users. The information about the use of this site obtained through cookies is transmitted and stored by Google LLC., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (data processor) on servers located in the USA. The data that reaches Google Analytics is pseudonymized on the company's electronic platform. By virtue of its contractual relationship with Google LLC. The Company instructs him to use this information to evaluate the use of the site, to compile web-activities and to provide the site operator with other services related to the use of the site and the use of the Internet to the Company's site. Google LLC. will not associate the IP address sent from the user's browser via Google Analytics with other data stored by Google LLC. Google LLC processes the data in compliance with the requirements of the applicable EU legislation regarding the protection of personal data and the EU-US Privacy Shield Agreement.

     2. Google AdWords - a remarketing and behavioral targeting service provided by Google LLC., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. With this service, the advertising activity of www.puloveri.com is connected to the AdWords advertising network by means of cookies. The information about the use of this site obtained through cookies is transmitted and stored by Google LLC., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (data processor) on servers located in the USA. Google LLC processes the data in compliance with the requirements of the applicable EU legislation regarding the protection of personal data and the EU-US Privacy Shield Agreement.

Art. 12. The company uses the following websites and their cookies, and the type and name of the cookies and the place and term of storage of the third parties listed below is indicated in the above tables:

     1. Google Analytics - a web analysis service offered by Google LLC., 1600 Amphitheater Parkway Mountain View, CA 94043, USA, which uses cookies stored on the user's computer to enable the analysis of the use of the site by users. The information about the use of this site obtained through cookies is transmitted and stored by Google LLC., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (data processor) on servers located in the USA. The data that reaches Google Analytics is pseudonymized on the company's electronic platform. By virtue of its contractual relationship with Google LLC. The Company instructs him to use this information to evaluate the use of the site, to compile web-activities and to provide the site operator with other services related to the use of the site and the use of the Internet to the Company's site. Google LLC. will not associate the IP address sent from the user's browser via Google Analytics with other data stored by Google LLC. Google LLC processes the data in compliance with the requirements of the applicable EU legislation regarding the protection of personal data and the EU-US Privacy Shield Agreement.

     2. Google AdWords - a remarketing and behavioral targeting service provided by Google LLC., 1600 Amphitheater Parkway Mountain View, CA 94043, USA. With this service, the advertising activity of www.puloveri.com is connected to the AdWords advertising network by means of cookies. The information about the use of this site obtained through cookies is transmitted and stored by Google LLC., 1600 Amphitheater Parkway Mountain View, CA 94043, USA (data processor) on servers located in the USA. Google LLC processes the data in compliance with the requirements of the applicable EU legislation regarding the protection of personal data and the EU-US Privacy Shield Agreement.

     3. Facebook and Instagram - this application uses Social Plugins ("Plugins") of the social network facebook.com and instragam.com, which is maintained by Facebook Inc., Menlo Park, California, USA. ("Facebook"). Plugins are recognized by the Facebook logos (white "f" on a blue background or "thumbs up") or are marked with "Facebook Social Plugin".
When a user enters a web page, their browser will immediately make a direct connection to Facebook's servers. The content of this Plugin will be transmitted directly by Facebook to the user's browser, which will connect it to the website.
By connecting to these Plugins, Facebook receives information that the relevant Company page or platform has been visited. If a user is logged in to their Facebook profile, Facebook can attribute this visit to their profile. If a user interacts with these Plugins (e.g. press the "Like" button or write a comment), the relevant information will be immediately transferred from their browser to Facebook and stored there. If the user is not registered with Facebook, it is still possible for Facebook to find out their IP address and save it.
These Facebook Plugins can be attached by site operators on their own websites or platforms. With one click on these Plugins, registered Facebook users can automatically leave a message on their Facebook profile that they like the information from the site operator's links. The Facebook-related Plugin "communicates" with Facebook on an ongoing basis and sends the data to Facebook when the website is visited - even if the user has not clicked on the Plugins.
Through the so-called iFrame connection, the browser loads, in addition to the launched page, an additional smaller "page within the page" that contains the respective Plugin. In the case of a Plugin belonging to Facebook, this iFrame link or source text originates entirely from Facebook and cannot be controlled or processed by the Company.
If the user is not logged in to Facebook or is not registered there at all, a "cookie" is still placed on him, which cannot be recognized and is valid for two years.
If the browser later reconnects to the server of the social network, the "cookie" is transferred and can help create a profile. For users who subsequently register, a connection to the information contained in the "cookie" is also possible.
If the user is logged into the current Facebook session, information about both the page and the "cookie" is transmitted - and this session identification information can be attributed to the corresponding account.
For information on rights and options for personal data protection settings, the user should contact Facebook Inc. or to follow Facebook's privacy instructions at the following address: https://www.facebook.com/policy.php#http://www.facebook.com/policy.php.
With Add-ons, the user can block Facebook-Social-Plugins for your browser using, for example, "Facebook Blocker". Facebook Inc. processes the data in compliance with the requirements of the applicable EU legislation regarding the protection of personal data and the agreement "Personal Data Shield in EU-US relations"

III. RIGHTS OF DATA SUBJECTS AND PROCEDURES FOR THEIR EXERCISE


Art. 13. Personal data subjects have the following rights regarding their personal data:

  • 1. right of access;
  • 2. right to correction;
  • 3. right to data portability;
  • 4. right to erasure (right to be forgotten);
  • 5. right to request restriction of processing;
  • 6. right to object to the processing of personal data;
  • 7. right of the subject not to be subject to a decision based solely on automated processing, including profiling.

Art. 14. (1) Every individual, a subject of personal data, has the right to receive information about the administrator of personal data, as well as about the processing of his personal data. This information includes:

  • 1. data identifying the administrator, as well as his contact details, including the contact details of the data protection officer;
  • 2. the purposes and legal basis for the processing;
  • 3. the recipients or categories of recipients of the personal data, if any;
  • 4. the controller's intention to transfer the personal data to a third party (when applicable);
  • 5. the period of storage of personal data;
  • 6. the existence of automated decision-making, including profiling (if any);
  • 7. information about all the rights that the subject has;
  • 8. the right to appeal to the supervisory authority.

     (2) The information under para. 1 is not provided if the data subject already has it.

     (3) When making a request for information from a data subject in accordance with para. 1, the Company together with the data protection officer under Art. 23 of the Policy performs the necessary verification and provides a response with the required information within 14 (fourteen) days, but no later than 30 (thirty) days from the date of receipt of the request. If necessary, this term can be extended by another two months, taking into account the complexity and number of requests from a certain person. The company informs the person of any such extension within one month of receiving the request, indicating the reasons for the delay. The request contains identification of the person (three names and social security number for Bulgarian citizens, and for all other citizens of other EU member states – names and date of birth), description of the request, preferred form for providing access to personal data, signature , date, email, correspondence address and power of attorney when the application is submitted by an authorized person. The Company is not obliged to respond to a request if it is unable to identify the data subject. The request is filed in the general incoming register of the Company and can be submitted in one of the following ways: a) electronically to the following email: admin@gzonebg.com, b) in person at the Company's office located in the city of Plovdiv, 12, Arch Street Kamen Petkovstr (TPK Maritsa) or c) by mail to the Company's management address: 4000 Plovdiv, 12, Arch. Kamen Petkov str.- Pro Design G LTD.

     (4) The information under para. 1 is provided in one copy to the data subject free of charge. For additional copies requested by the data subject or in the case of excessive requests by the subject, especially due to their repetition, the Company may charge a reasonable fee equal to the administrative costs incurred.

     (5) When providing a copy of personal data, the Company cannot disclose the following categories of data:

  • 1. personal data of third parties, unless they have expressed their express consent to this;
  • 2. data that constitutes a trade secret, intellectual property or confidential information;
  • 3. other information that is protected under applicable law.

     (6) The reasonableness and excessiveness of a given request is assessed separately for each case by the Company.

     (7) In case of refusal to grant access to personal data, the Company shall justify its refusal and inform the data subject of his right to file a complaint with the supervisory authority.


Art. 15. (1) Data subjects may request that their personal data processed by the Company be corrected in the event that the latter are inaccurate or incomplete.

     (2) In the event of a satisfied request for correction of personal data, the Company shall notify the recipients of data to whom such data were disclosed.

     (3) The right under para. 1 is exercised by submitting a request pursuant to Art. 14, para. 3 of the Policy.


Art. 16. (1) Every individual, subject of personal data, has the right to request data deletion, the so-called "right to be forgotten" if one of the following conditions is met:

  • 1. the person's personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • 2. the data subject withdraws his consent on which the data processing is based and there is no other legal basis for the processing;
  • 3. the data subject objects to the processing and there are no overriding legal grounds for the processing;
  • 4. the personal data were processed illegally;
  • 5. the personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the controller;
  • 6. the personal data were collected in connection with the provision of information society services to children and the consent was given by the bearer of parental responsibility for the children.

     (2) The right under Paragraph 1 is exercised by making a request in accordance with Art. 15, para. 3.

Art. 17. (1) Every individual, a subject of personal data, has the right to limit the processing of his personal data by the administrator, but for this purpose specific conditions are necessary, including:

  • 1. the accuracy of the personal data is contested by the data subject;
  • 2. the processing is unlawful, but the data subject does not want the personal data to be deleted, but instead requires the restriction of its use;
  • 3. the administrator no longer needs the personal data for the purposes of processing, but the data subject requires them for the establishment, exercise or defense of legal claims;
  • 4. the data subject has objected to the processing pending verification of whether the legitimate grounds of the controller prevail over the interests of the data subject.

     (2) In the cases under para. 1, item 1, the restriction of processing is for a period that allows the administrator to check the accuracy of the personal data.

     (3) The right under paragraph 1 is exercised by making a request in accordance with Art. 14, para. 3.


Art. 18. (1) Any natural person who is a subject of personal data has the right to receive the personal data concerning him and which he has provided to an administrator in a structured, widely used and machine-readable format and has the right to transfer such data to another administrator without hindrance from the administrator to whom the personal data has been provided, when the processing is based on consent or a contractual obligation and the processing is carried out in an automated manner.

     (2) When exercising his right to data portability, the data subject has the right to obtain a direct transfer of personal data from one controller to another, when this is technically feasible.

     (3) The right under paragraph 1 is exercised by making a request in accordance with Art. 14, para. 3.

Art. 19. (1) The data subject has the right to object to the processing of his personal data by the Company if the data is processed on one of the following grounds:

  • 1. processing is necessary for the performance of a task of public interest or in the exercise of official powers granted to the administrator;
  • 2. processing is necessary for purposes related to the legitimate interests of the Company or a third party;
  • 3. data processing includes profiling.

     (2) The administrator shall terminate the processing of personal data, unless he proves that there are convincing legal grounds for its continuation, which take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.


Art. 20. (1) Every natural person, a subject of personal data, has the right to be notified, and the Company is obliged to notify the subject in the event of a breach of the security of his personal data and when there is a possibility that this breach will create a high risk for the rights and the freedoms of the data subject.

     (2) The notification under para. 1 should be carried out without undue delay after its discovery and contain a description of the nature of the personal data security breach, indicating the nature of the breach, the name and contact details of the data protection officer, the consequences of the breach and the measures taken measures by the Company to deal with the violation and to reduce the possible adverse consequences.

The S&K team wishes you a pleasant shopping experience!