Information About the Data Controller

Name: REKOM EOOD

Company Identification Number (EIK/BULSTAT): 121329733

Headquarters and Address: Sofia, 9 Krum Popov St.

Correspondence Address: Sofia, 9 Krum Popov St.

Phone: +359 884 606 553

E-mail: info@lineahomestudio.com

Website: thevintagecottage-shop.com

Information About the Competent Supervisory Authority for Data Protection

If you have any questions or complaints regarding the processing of your personal data, you can contact the competent supervisory authority for data protection:

Commission for Personal Data Protection (CPDP)
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
Phone: +359 2 915 35 18
E-mail: kzld@cpdp.bg
Website: www.cpdp.bg

Hereinafter referred to briefly as the "Controller" or the "Company") operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. This information is intended to inform you about all aspects of the processing of your personal data by the Company and the rights you have in connection with this processing.

Basis for Collecting, Processing, and Storing Your Personal Data

Art. 1. The Controller collects and processes your personal data in connection with the use of the online store thevintagecottage-shop.com and the conclusion of contracts with the Company based on Article 6(1) of Regulation (EU) 2016/679 (GDPR), specifically on the following basis:

 

Explicit consent from you as a customer;

Fulfillment of the Controller’s obligations under the contract with you;

Compliance with a legal obligation applicable to the Controller;

For the purposes of legitimate interests of the Controller or a third party;

Purposes and Principles for Collecting, Processing, and Storing Your Personal Data

Art. 2. (1) We collect and process the personal data that you provide to us in connection with the use of the online store and the conclusion of a contract with the Company, including for the following purposes:

• Creating a profile and providing full functionality when using the online store;

• Entering into and performing a distance contract;

• Identifying the parties to the contract;

• Accounting purposes;

• Statistical purposes;

• Protection of information security;

• Ensuring the performance of the contract for providing the relevant service;

• Sending a newsletter upon your request;   

• (2) We adhere to the following principles when processing your personal data:

• Lawfulness, fairness, and transparency;

• Purpose limitation;

• Data minimization and relevance to processing purposes;

• Accuracy and up-to-date data;

• Storage limitation in relation to achieving the purposes;

• Integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.

• (3) In processing and storing personal data, the Controller may process and store personal data for the purpose of protecting the following legitimate interests:

• Fulfilling obligations to the National Revenue Agency, the Ministry of Internal Affairs, and other state and municipal authorities.

Types of Personal Data Collected, Processed, and Stored by Our Company

Art. 3. (1) The Company performs the following operations with the personal data you provide for the following purposes:

• User Registration in the Online Store and Fulfillment of a Distance Sales Contract – The purpose of this operation is to create a profile for using the online store to purchase goods and to provide contact details for the delivery of purchased goods. Registration and profile creation for using the online store is not a mandatory step for providing the service and is largely accessible without creating a profile.

  Conclusion from the Impact Assessment: Based on the impact assessment carried out, the operation "User Registration in the Online Store and Fulfillment of a Distance Sales Contract" is permissible and provides sufficient safeguards to protect the rights and legitimate interests of data subjects in accordance with GDPR requirements.

• Entering into and Performing a Commercial Transaction with a Client or Partner – The purpose of this operation is to enter into and perform a contract with a commercial partner or client and to administer it. Given the limited scope of collected personal data and the fact that some of it is collected from publicly available sources, conducting an impact assessment is not necessary for this operation.

• Sending a Newsletter – The purpose of this operation is to administer the process of sending newsletters to clients who have expressed a desire to receive them. Given the limited scope of collected personal data, conducting an impact assessment is not necessary for this operation.

Exercising the Right of Withdrawal or Making a Complaint – The purpose of this operation is to manage the process of exercising the right of withdrawal or making a complaint by the customer. Given the limited scope of collected personal data, conducting an impact assessment is not necessary for this operation.

• • (2) The Controller processes the following categories of personal data and information for the following purposes and on the following grounds:

  • Your Identifying Data (e.g., email, name, etc.)

  • Purpose of Data Collection:

  • To establish contact with the user and send information to them.

  • For user registration in the online store.

  • To send a newsletter.

  • Basis for Processing Your Personal Data: By accepting the terms and conditions and registering in the online store or making a purchase without registration, or by entering into a written contract, a contractual relationship is established between the Controller and you, on which basis we process your personal data – Article 6(1)(b) GDPR. Data for sending newsletters is processed based on your explicit consent – Article 6(1)(a) GDPR.

(3) The Controller does not collect or process personal data related to:

• Revealing racial or ethnic origin;

• Revealing political, religious, or philosophical beliefs, or membership in trade unions;

• Genetic and biometric data, data concerning health, or data on sexual life or sexual orientation.

(4) The personal data is collected by the Controller from the individuals to whom it pertains.

(5) The Company does not perform automated decision-making based on data.

Article 4.

(1) The Company performs the following operations with personal data provided by you, as legal representatives or authorized representatives of legal entities – commercial partners, for the following purposes:

• Entering into and executing a commercial transaction: For the conclusion and execution of a commercial transaction with a company, we process only the full name of the legal representative or the person authorized by the company. Impact Assessment Conclusion: Considering the small number of individuals whose data is processed and the limited scope of personal data collected, conducting an impact assessment is not necessary for this operation.

(2) The personal data is collected by the Controller from the individuals to whom it pertains and from the Commercial Register at the Registry Agency.

(3) The Company does not perform automated decision-making based on data.

Article 5.

The Controller may use so-called "cookies" to provide full functionality of the website, improve user experience, for statistical purposes, facilitate access, and more, with which you consent by using our website. You can control and/or delete cookies at any time through the settings of your browser. Cookies do not constitute personal data and are not used to identify visitors and users of the online store.

Storage Period of Your Personal Data

Article 6.

(1) The Controller retains your personal data for no longer than the existence of your profile in the online store. After deleting your profile, the Controller takes necessary measures to delete and destroy all your data without unnecessary delay or to anonymize it (i.e., to make it unidentifiable).

(2) The Controller processes your personal data provided during a purchase without registration in the online store until the completion of the order, unless you have given explicit consent during the order for your data to be processed for the purposes of improving the service, providing tailored content, individual conditions, promotions, and statistical purposes.

(3) The Controller retains your personal data provided in connection with online orders for a period of 5 years for the purpose of protecting the legal interests of the Controller in judicial or administrative disputes with users of the online store.

(4) The Controller will notify you if the data retention period needs to be extended for compliance with legal obligations or for legitimate interests of the Controller or otherwise.

(5) The Controller retains personal data required by applicable legislation for the relevant statutory period, which may exceed the duration of your profile in the online store or until the completion of the order.

Article 7.

The Controller retains the personal data of the legal representatives of its commercial partners for the duration of the contract, to comply with legitimate interests and legal obligations of the Controller, and this period may exceed the term of the concluded contract.

Transfer of Your Personal Data for Processing

Article 8.

(1) The Controller may, at its discretion, transfer part or all of your personal data to data processors for the fulfillment of processing purposes to which you have consented, in compliance with the requirements of Regulation (EU) 2016/679 (GDPR).

(2) The Controller will notify you in the event of an intention to transfer part or all of your personal data to third countries or international organizations.

Your Rights Regarding the Collection, Processing, and Storage of Your Personal Data

Withdrawal of Consent for Processing Your Personal Data

Article 9.

(1) If you do not wish for your personal data to be processed for marketing purposes and for receiving newsletters, you can withdraw your consent at any time by completing the consent withdrawal form in Appendix No. 1 or by making a request in free text and sending it to us by email.

(2) After receiving your request, we will send you an email to the address you provided for receiving newsletters and promotional messages, with detailed instructions for verifying you as a recipient of newsletters and as a data subject for whom consent withdrawal has been requested.

(3) The withdrawal of consent does not affect the lawfulness of the processing of personal data which the Controller has performed up to that point.

Right of Access

Article 10. (1) You have the right to request and obtain confirmation from the Administrator as to whether personal data related to you is being processed by sending a request in free text via email.

(2) You have the right to access the data related to you, as well as to information regarding the collection, processing, and storage of your personal data.

(3) Upon receiving your request, we will send you an email to the address you used for registration or for placing orders in the online store, with detailed instructions for verifying your identity as the data subject to whom access is requested.

(4) After verification in accordance with paragraph 3, the Administrator will provide you, upon request, with a copy of the processed personal data related to you, in electronic or other appropriate form.

(5) Access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in cases of repetitiveness or excessive requests.

Right to Correction or Completion

Article 11. (1) You can at any time correct or complete inaccurate or incomplete personal data related to you through the “Edit Profile” option.

(2) You can correct or complete inaccurate or incomplete personal data related to you either directly through your profile on the website or by sending a request to the Administrator via email, using the form in Appendix № 4 or in free text.

Right to Erasure (“Right to be Forgotten”)

Article 12. (1) You have the right to request from the Administrator the erasure of part or all of the personal data related to you, and the Administrator is obliged to erase them without undue delay when any of the following grounds are present:

• The personal data are no longer necessary for the purposes for which they were collected or processed in another manner;

• You withdraw your consent on which the processing is based and there is no other legal ground for the processing;

• You object to the processing of the personal data related to you, including for direct marketing purposes, and there are no legal grounds for the processing which override your interests;

• The personal data have been processed unlawfully;

• The personal data must be erased for compliance with a legal obligation under EU law or the law of a Member State applicable to the Administrator;

• The personal data have been collected in connection with the offering of information society services.

(2) The Administrator is not obliged to erase personal data if they are retained and processed:

• For the exercise of the right of freedom of expression and information;

• For compliance with a legal obligation that requires processing under EU law or the law of a Member State applicable to the Administrator, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Administrator;

• For reasons of public interest in the area of public health;

• For archiving purposes in the public interest, for scientific or historical research, or for statistical purposes;

• For the establishment, exercise, or defense of legal claims.

(3) To exercise the right to be forgotten, you need to send an email request for the erasure of your personal data processed by the Administrator, by filling out the form in Appendix № 2 or via free text, after which the Administrator will send you an email to the address you used for registration or placing orders in the online store, with detailed instructions for verifying your identity as the store user and data subject for whom the erasure request is made.

(4) After verifying the identity of the person making the request and the person to whom the data pertains in accordance with the instructions sent to you, we will erase all data we process about you, in accordance with paragraph 3.

(5) If you have placed an order that is being processed, the earliest moment you can request to be “forgotten” is after the successful completion of the order.

Right to Restriction

Article 13. You have the right to request the Administrator to restrict the processing of personal data related to you by sending a request in free text via email, when:

• You contest the accuracy of the personal data, for a period enabling the Administrator to verify the accuracy of the personal data;

• The processing is unlawful, but you do not wish the personal data to be erased, only its use to be restricted;

• The Administrator no longer needs the personal data for processing purposes, but you require it for the establishment, exercise, or defense of legal claims;

• You have objected to processing pending verification whether the legitimate grounds of the Administrator override your interests.

(2) After receiving your request, we will send you an email to the address you used for registration or placing orders in the online store, with detailed instructions for verifying your identity as the store user and data subject for whom the processing restriction request is made.

(3) After verifying in accordance with paragraph 2, the company will cease the processing of your data but will not remove any posts you have made in the online store, if any.

Right to Data Portability

Article 14. (1) If you have given consent for the processing of your personal data or the processing is necessary for the performance of a contract with the Administrator, or if your data is processed by automated means, you may:

• Request the Administrator to provide your personal data in a readable format and transfer it to another Administrator;

• Request the Administrator to directly transfer your personal data to another Administrator of your choice, where technically feasible.

(2) You may exercise the right to data portability by sending an email with the completed form according to Appendix № 3 or a free text request, after which the Administrator will send you an email to the address you used for registration or placing orders in the online store, with detailed instructions for verifying your identity as the store user and data subject for whom the portability request is made.

(3) After verification in accordance with paragraph 2, the company will send the data it processes about you in XML format to the email address you provided.

Right to Information

Article 15. You may request the Administrator to inform you about all recipients to whom the personal data, for which correction, erasure, or restriction of processing has been requested, have been disclosed. The Administrator may refuse to provide this information if it would be impossible or require disproportionate effort.

Right to Object

Article 16. You may object at any time to the processing of personal data by the Administrator related to you, including if it is processed for profiling or direct marketing purposes.

Your Rights in Case of Personal Data Breach

Article 17. (1) If the Administrator identifies a breach of the security of your personal data that may result in a high risk to your rights and freedoms, it shall notify you without undue delay of the breach, as well as the measures that have been or will be taken.

(2) The Administrator is not obliged to notify you if:

• Appropriate technical and organizational measures have been taken to protect the data affected by the security breach;

• Measures have been taken subsequently to ensure that the breach will not result in a high risk to your rights;

• Notification would require disproportionate effort.

Entities to Whom Your Data Are Provided

Article 18. (1) For the purpose of processing your personal data and providing the service in its full functionality and in your interest, the Administrator may provide the data to the following entities who are data processors:

Data Processor Purpose of Data Processing

REKOM Ltd. Processing and sending orders

SAMEDAY Delivery of orders

SPEEDY AD Delivery of orders

The data processors comply with all legal and security requirements for the processing and storage of your personal data.

Article 19. The Administrator does not transfer your data to third countries.

Article 20. In the event of a violation of your rights under the above or applicable data protection legislation, you have the right to file a complaint with the Commission for Personal Data Protection as follows:

Name: Commission for Personal Data Protection

Headquarters and Address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. № 2

Correspondence Address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. № 2

Phone: 02 915 3 518

Website: www.cpdp.bg

Article 21. You can exercise all your rights regarding the protection of your personal data using the forms attached to this information. Of course, these forms are not mandatory, and you may submit your requests in any form that contains a statement of this and identifies you as the data subject.

Article 22. If consent pertains to a transfer, the Administrator describes the possible risks of transferring data to third countries in the absence of an adequacy decision and appropriate safeguards.

Appendix № 1

Form for Withdrawing Consent for Processing Purposes

Your Name*: …………………….

Your Email Used in the Online Store*: …………………….

Contact Email*: …………………….

To

Name: REKOM Ltd.

UIC/BULSTAT: 121329733

Headquarters and Address: Sofia, Krum Popov St. 9

Correspondence Address: Sofia, Krum Popov St. 9

Phone: +359 884 606 553

E-mail: info@lineahomestudio.com

Website: thevintagecottage-shop.com

I hereby withdraw my consent for the processing of the personal data provided by me for the purposes of receiving newsletters, promotional messages, or other marketing materials, and I am aware of the conditions for withdrawing consent in accordance with the Mandatory Information on Data Protection Rights of the online store.

In case of a violation of your rights according to the above or applicable data protection legislation, you have the right to file a complaint with the Commission for Personal Data Protection as follows:

Name

4o mini

​