Privacy Policy

Important Information on the Rights of Personal Data Protection


Information about the company processing your data:

 

Name: Libra Ocean Ltd

VAT ID: BG 205656156

Headquarters and address of management: Sofia, Krasno selo, Bl. 189, vh. D, o.10, p.47

Correspondence address: St. Vas, Street. Kokiche 3, vh.C., ap 2

Telephone: +359 882409438

E-mail: info@librapassion.com

Website: librapassion.com

 

Information on the competent supervisory authority and the protection of personal data

 

Name: Data Protection Board

Headquarters and address of management: Sofia 1592, blvd. "Prof. Colorful Lazarov No 2

Correspondence address:  Sofia 1592, blvd. "Prof. Colorful Lazarov No 2

Telephone: +359 2 915 3 518

Website: www.cpdp.bg

 

Libra Passion Beauty Box (hereinafter ‘Administrator’ or ‘Company’) operates under the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals regarding the processing of personal data and the free movement of such data. The purpose of this information is to inform you of all aspects concerning the processing of your personal data by the Company and of the rights you enjoy with regard to that processing.

 

Grounds for collecting, processing and storing your personal data

 

Art. 1. The Administrator shall collect and process your personal data relating to the use of Libra Passion Beauty Box and the execution of contracts with the company according to Article 6, para. 1 of Regulation (EU) 2016/679 (GDPR), in particular,  based on the following:

 

  • Explicitly obtained from you as a client;
  • Performance of the Administrator's obligations under a contract with you;
  • Compliance with a legal obligation which applies to the Administrator;
  • For the legitimate interests of the Administrator or a third party.

 

Objectives and principles for the collection, processing and storage of your personal data.

 

Art. 2. (1) We collect and process your personal data regarding the use of the online store and the implementation of a contract with the Company, including for the following purposes:

  • creating a profile and providing full functionality when using the online store;
  • the conclusion and implementation of a distance contract;
  • the identification of a party to the contract;
  • accounting purposes;
  • statistical purposes;
  • IT security protection;
  • securing the performance of the contract for the provision of the respective service;
  • sending out an information bulletin if requested by you.

(2) We comply with the following principles for the processing of your data:

  • legality, fairness and transparency;
  • restriction of the processing purposes;
  • relevance to the purposes of the processing and limitation of the data collected;
  • accuracy and timeliness of the data;
  • storage restriction to achieve the objectives;
  • the integrity and confidentiality of the processing and ensuring an appropriate level of security of personal data.

 

(3). In the processing and storage of personal data, the Administrator may process and store personal data to protect the following legitimate interests:

  • performing their duties with the National Revenue Agency, the Ministry of Home Affairs and other Governmental and Local Authorities.

 

What types of personal data our company collects, process and store.

 

Art. 3. (1) The Company performs the following operations with the personal data provided by you for the following purposes:

 

  • Registration of a user in the online store and execution of a contract for distance selling - the purpose of this operation is to create a profile for using the online store to purchase products and provide contact information for the delivery of purchased products. Registering and creating an account to use the online store is not a mandatory condition for using the service and the latter is available to a large extent without creating an account.
  • Assessment of the impact: Based on the impact assessment, the operation "User registration in the online store and execution of a distance sales contract" is acceptable and provides sufficient guarantees to protect the rights and legitimate interests of the subjects of data per the requirements of the GDPR.
  • Conclusion and execution of a commercial deal with a client or partner - the purpose of this operation is the conclusion and execution of a contract with a commercial partner or client and its administration. Given the limited scope of the personal data collected and the fact that some of them are collected from publicly available sources, it is not required to carry out an impact assessment of the operation.
  • Communicating a bulletin (newsletter) - the purpose of this operation is to administer the process of sending newsletters to customers who have stated that they wish to receive one. Given the limited scope of the personal data collected, it is not required to carry out an impact assessment of the operation.
  • Exercising the right to refuse or make a claim - the purpose of this operation is to administer the process of exercising the right to refuse or claim by the client. Given the limited scope of the personal data collected, it is not required to carry out an impact assessment of the operation.

 

(2) The Administrator shall process the following categories of personal data and information for the following purposes and on the following grounds:

 

  • Your personal data (e-mail, name, etc.)

 

- The purpose for which the data is collected: 1) Making contact with the user and sending information to them, 2) Registering a user in the online store, and 3) Communicating a newsletter.


- Grounds for processing your personal data - By accepting the general conditions and registration in an online store or placing an order without registration, or by concluding a written contract, a contractual relationship is created between the Administrator and you, on which basis we process your personal data - Art. 6, para. 1, 6 (b) GDPR. Your data for communicating a newsletter is processed with your explicit consent - Art. 6, para. 1, 6 (a) GDPR.

 

(3) The Administrator shall not collect or process personal data, which refer to the following:

 

  • reveal racial or ethnic origin;
  • disclose political, religious or philosophical beliefs, or trade union membership;
  • genetic and biometric data, health data or data on sexual life or sexual orientation.

 

(4) The personal data are collected by the Administrator from the persons to whom they refer.

(5) The Company shall not perform automated decision-making with data.

 

Art. 4. (1) The Company performs the following operations with the personal data provided by you, as legal representatives or proxies of legal entities-trade partners, for the following purposes:

 

Concluding and executing a commercial deal: For concluding and executing a commercial deal with a commercial company, we process only the three names of the legal representative or the person authorized by the Company.
Impact assessment: Given the small volume of individuals whose data are processed and given the limited amount of personal data that are collected, an impact assessment is not necessary for this operation.

 

(2) The personal data have been collected by the Administrator from the persons to whom they also refer from the Commercial Register to the Registry Agency.

 

(3) The company does not perform automated decision making with data.

 

Art. 5. The Administrator can use the so-called Cookies to provide the full functionality of the website, improve the user experience, statistical purposes, easy access, etc., with which you agree by using our website. You can control and/or delete cookies at any time through the settings of the browser you use. Cookies do not constitute personal data and are not used to identify visitors and users of the online store.

 

Term of storage of your personal data

 

Art. 6. (1) The Administrator stores your personal data for a period not longer than the existence of your account in an online store. After deleting your account, the Administrator takes the necessary steps to delete and destroy all your data without undue delay or to anonymize it (i.e. to make it in a form that does not reveal your identity).

(2) The Administrator processes your personal data, which you provided when placing an order without registration in the online store, until the completion of the order unless you have given your explicit consent when processing your order to process your data to improve the service, providing recommended content for you, individual conditions, promotions, as well as for statistical purposes.

(3) The Administrator stores your personal data provided in connection with online orders for 5 years to protect the legal interests of the Administrator in court or administrative disputes with users of the online store.

(4) The Administrator shall notify you in case the term for data storage needs to be extended because of the fulfilment of a normative obligation or given legitimate interests of the Administrator or otherwise.

(5) The administrator stores the personal data, which it is necessary to keep under the applicable legislation for the respective envisaged term, which may exceed the term of existence of your account in the online store or until the completion of the order.

 

Transfer of your personal data for processing

 

Art. 8. (1) The Controller may, at its discretion, transfer part or all of your personal data to personal data processors for the fulfilment of the processing purposes with which you have agreed, in compliance with the requirements of Regulation (EU) 2016/679 (GDPR).

(2) The Administrator notifies you in case of intention to transfer part or all of your personal data to third countries or international organizations.

 

Your rights in the collection, processing and storage of your personal data.

 

Withdrawal of consent for the processing of your personal data.

 

Art. 9. (1) If you do not wish your personal data to be processed for marketing purposes and to receive a newsletter, you may withdraw your consent for the processing at any time by filling in the withdrawal form in Annex № 1 or by request in free text, and send it to us by email.

(2) After receiving your request, we will send to the e-mail you specified for receiving newsletters and advertising messages, a letter with detailed instructions for your verification as a recipient of newsletters and a personal data who has requested to withdrawal your consent.

(3) The withdrawal of the consent shall not affect the legality of the processing of personal data, which the Administrator has performed so far.

 

Art. 10. (1) You have the right to request and receive from the Administrator confirmation whether personal data related to you is processed by sending a request in free text by e-mail.

(2) You have the right to access the data related to you, as well as the information related to the collection, processing and storage of your data.

(3) After we receive your request, we will send you an email with detailed instructions for your verification as a subject of personal data to which access has been requested.

(4) After performing the verification, according to par. 3, The Administrator provides you, upon request, a copy of the processed personal data related to you, in electronic or other appropriate forms.

(5) The provision of access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of recurrence or excessiveness of the requests.

 

Right of correction or completion

 

Art. 11. (1) You can correct or fill in the inaccurate or incomplete personal data related to you any time through the option "Edit account".

(2) You can correct or fill in the inaccurate or incomplete personal data related to you directly through your profile on the website or by requesting the Administrator by email, using the form in Appendix № 4 or by request in free text.

 

Right to delete ("to be forgotten")

 

Art. 12. (1) You have the right to request from the Administrator deletion of part or all personal data related to you, and the Administrator should delete them without undue delay when there are any of the following reasons:

  • Personal data is no longer needed for the purposes for which it was collected or otherwise processed;
  • You withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
  • You have an objection to the processing of personal data related to you, including for direct marketing, and there are no priority legal grounds for the processing;
  • Personal data has been processed illegally;
  • Personal data must be deleted to comply with a legal obligation under EU law or the law of a Member State that applies to the Controller;
  • Personal data has been collected for the provision of services to the information society.

 

(2) The Administrator shall not be obliged to delete the personal data if he stores and processes it for the below purposes:

  • to exercise the right to freedom of expression and the right to information;
  • to comply with a legal obligation requiring processing provided for in EU law or the law of a Member State applicable to the Administrator or for the performance of a task in the public interest or the exercise of official powers conferred on him;
  • for reasons of public interest in the field of public health;
  • for recording purposes in the public interest, for scientific or historical research or statistical purposes;
  • for the submitting, processing or defence of legal claims.

 

(3) To exercise your right to be forgotten, it is necessary to send by e-mail a request for deletion of your personal data, which the Administrator processes, by filling in the form in Appendix № 2 or by request in free text, after which the Administrator will send to the e-mail you used to register or place orders in the e-shop, a letter with detailed instructions for your verification as a user of the shop and a subject of personal data for which a deletion request has been requested.

 (4) After certifying the identity of the person who sent the request and the person to whom the data relate per the instructions sent to you, we will delete all data that we process for you, under para. 3.

(5) If there is an order made by you, which is in the process of processing, the earliest moment in which you can request to be "forgotten" is when the order is completed.

 

Right of restriction

 

Art. 13 You have the right to ask the Administrator to restrict the data processing related to you by sending us a free text email when:

 

  • You challenge the data accuracy for a period that allows the Administrator to verify it;
  • The processing is illegal, but you do not want the data to be deleted, only the use to be restricted;
  • The controller no longer needs the personal data for processing, but you require them for the initiation, exercise or protection of your legal claims;
  • Your objection to the processing is pending while you are awaiting verification whether the legal grounds of the Administrator take priority over your interests.

 

(2) Upon receiving your request, we will send to the email you registered, or place orders in the online store, a letter with detailed instructions about your verification as a user of the store and the subject of personal data for which the request to limit processing was made.

(3) After completing the verification according to par. 2, the Company will suspend the processing of your data, but will not remove the publications you have made in the online store if any.

 

Right of portability

 

Art. 14. (1) If you have given consent for the processing of your data or the processing is necessary for the performance of the contract with the Administrator, or if your data is processed in an automated manner, you may:

  • to ask the Administrator to provide you with your data in a readable format and to transfer it to another Administrator;
  • to ask the Administrator to transfer directly your data to an administrator specified by you, when this is technically feasible.


(2) You can exercise the right of data portability by sending by e-mail the completed form Annex № 3 or a free text request, after which the Administrator will send to the e-mail you used to register or place orders in the online store a letter with detailed instructions for verifying you as a store user and data subject who has requested portability.

(3) After completing the verification according to par. 2, the Company will send to your e-mail the data processed for you in XML format.

 

Right to receive information

 

Art. 15. You can ask the Administrator to inform you about all recipients to whom the requested data for correction, deletion or restriction of processing have been disclosed. The Administrator may refuse to provide this information if this would be impossible or would require a disproportional effort.

 

Right to objection

 

Art. 16. You may object at any time against the processing of personal data by the Administrator, including if it is processed for profiling or direct marketing.

 

Your rights in the event of a breach of the security of your data

 

Art. 17. (1) If the Administrator finds a violation of the security of your data, which may pose a high risk to your rights and freedoms, they shall notify you without undue delay of the violation, as well as of the measures that have been taken or are to be taken.

 

(2) The Administrator is not obliged to notify you if:

 

  • appropriate technical and organizational protection measures concerning the data affected by the security breach were taken;
  • steps were taken to ensure that the breach does not pose a high risk to your rights;
  • a notification would require a disproportionate effort.

 

Persons to whom your data is provided

 

Art. 18. (1) To process your data and provide the service in its full functionality and because of your interests, the Administrator may provide the data to persons who are data processors.

(2) The processors of personal data shall comply with all requirements for legality and security in the processing and storage of your data.

Art. 19. The Administrator does not transfer your data to third parties.

Art. 20. In case of violation of your rights under the above or applicable legislation on personal data protection, you have the right to file a complaint to the Commission for Personal Data Protection as follows:

Title: Commission for Personal Data Protection.

Headquarters and Address of Management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Address for Correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Phone: +359 2 915 3 518

Website: www.cpdp.bg.

 

Art. 21. You can exercise all your rights regarding the protection of your data through the forms attached to this information. Please note, that these forms are optional and you can submit your requests in any form that contains a statement that affects and identifies you as the data holder.

Art. 22. If the consent relates to a transfer, the Controller shall describe the possible risks for the transfer of the data to third countries in the absence of a decision on adequate protection and appropriate means of protection.

 

APPENDIX № 1

Withdrawal form of consent for processing purposes

 

Your Name*: .........................

The email that you used in the e-shop *: .........................

Feedback data (e-mail) *: .........................

 

To

Name: Libra Ocean Ltd

VAT ID: BG 205656156

Headquarters and Address of Management: Sofia, Krasno selo, bl. 189, ent. G, fl.10, ap.47

Address for correspondence: Sveti Vlas, 3 Kokiche Str., Entrance B, apartment 2

Phone: 0882409438

Email: info@librapassion.com

 

I hereby withdraw my consent for the processing of my data for the purpose to receive a newsletter, advertising messages or other marketing materials, as I am aware of the conditions for withdrawal of consent following the Mandatory Information on the Rights of Persons of the personal data of the e-shop.

 

In the event of a breach of your rights under the above or applicable data protection legislation, you have the right to complain with the Data Protection Commission as follows:

 

Title: Commission for Personal Data Protection

Headquarters and Address of Management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Address for Correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Phone: + 359 2 915 3 518

Website: www.cpdp.bg

 

APPENDIX № 2

Request to be "forgotten" - to delete personal data related to me

 

Your Name*: .........................

Your e-mail with which you registered or used for orders in the e-shop *: .........................

Feedback data (e-mail) *: .........................

 

To

Name: Libra Ocean Ltd

VAT ID: BG 205656156

Headquarters and Address of Management: Sofia, Krasno selo, bl. 189, ent. G, fl.10, ap.47

Address for correspondence: Sveti Vlas, 3 Kokiche Str., Entrance B, apartment 2

Phone: 0882409438

Email: info@librapassion.com

 

I request that all personal data, that you collect, process and store, provided by me or by third parties who are related to me, according to the specified identification, be deleted from your databases.

I declare that I am aware that some or all of my data may continue to be processed and stored by the Controller to fulfil his legal obligations.

 

In the event of a breach of your rights under the above or applicable data protection legislation, you have the right to complain with the Data Protection Commission as follows:

 

Title: Commission for Personal Data Protection

Headquarters and Address of Management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Address for Correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Phone: + 359 2 915 3 518

Website: www.cpdp.bg

 

 

APPENDIX № 3

Request for the portability of personal data

 

Your Name*: .........................

Your e-mail with which you registered or used for orders in the e-shop *: .........................

Feedback data (e-mail) *: .........................

 

To

Name: Libra Ocean Ltd

VAT ID: BG 205656156

Headquarters and Address of Management: Sofia, Krasno selo, bl. 189, ent. G, fl.10, ap.47

Address for correspondence: Sveti Vlas, 3 Kokiche Str., Entrance B, apartment 2

Phone: 0882409438

Email: info@librapassion.com

 

I ask that all personal data related to me that is collected, processed and stored in your databases be sent in XML format to:

 

E-mail: .........................

Administrator - receiving the data: .........................

 

Name: .........................

Identification number (BULSTAT, VAT ID registration number in the CPDP): .........................

Email: .........................

 

In the event of a breach of your rights under the above or applicable data protection legislation, you have the right to complain with the Data Protection Commission as follows:

 

Title: Commission for Personal Data Protection

Headquarters and Address of Management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Address for Correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Phone: + 359 2 915 3 518

Website: www.cpdp.bg

 

APPENDIX № 4

Request for data correction 

 

Your Name*: .........................

Your e-mail with which you registered or used for orders in the e-shop *: .........................

Feedback data (e-mail) *: .........................

 

To

Name: Libra Ocean Ltd

VAT ID: BG 205656156

Headquarters and Address of Management: Sofia, Krasno selo, bl. 189, ent. G, fl.10, ap.47

Address for correspondence: Sveti Vlas, 3 Kokiche Str., Entrance B, apartment 2

Phone: 0882409438

Email: info@librapassion.com

 

Please correct the following personal data that you collect, process and store provided by me or by third parties related to me as follows:

Data to be corrected:

..................................................

Please correct as follows:

..................................................

 

In the event of a breach of your rights under the above or applicable data protection legislation, you have the right to complain with the Data Protection Commission as follows:

 

Title: Commission for Personal Data Protection

Headquarters and Address of Management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Address for Correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Phone: + 359 2 915 3 518

Website: www.cpdp.bg