Last update: May 25th, 2018
General Terms of the Website: Please, refer and review our General Terms available at www.dev.guglauniforms.com with respect to the use of our Website, including how you may order goods and enter into agreement with us.
Definitions: The terms “personal data”, “processing”, “controller”, “processor”, “third country”, “international organization”, “data subject”, “representative” and “member state” (as well as their derivatives) when used in this Policy shall have their meaning in accordance with the General Data Protection Regulation (EC) 2016/679 (“GDPR”).
- DATA CONTROLLER AND CONTACT DETAILS
- PERSONAL DATA WE COLLECT AND USE
2.1. Gugla may process the following types of personal data:
- data you provide us in the registration of your Website profile, such as name, surname, email, password, phone number, address;
- data you provide us in your orders and during the conclusion of a contract, such as name, surname, email, phone number, delivery address, invoice details. The history of your orders and contracts in the event of registered Website profiles;
- data you provide us in your contacts and communication with us through any means on specific issues, orders, complaints, returns, questions or activities in social networks (such as Facebook), including by phone, mail, Website forms, email, in the social networks or otherwise and such as name, surname, email, phone number, social network profile, photos, address, etc. When you contact us in social media, such as Facebook, our profiles may be public and your interaction or posting may appear to be public. Please note that we do not control and assume responsibility for the use of your social media profile and account.
- data relating to payments and refunds when applicable such as, for example, bank information, bank account, used debit / credit card, account holder, etc.;
- data you provide us when you purchase a gif card, such as user’s names;
- information about your device and online identifications including IP address, device used, operating system, browser type, location and cookies data (you may review our Cookies Policy for further details).
2.2. Usually we receive personal data directly by you. Anyway in certain cases we may receive data for you from third parties, such as for instance by a courier company for goods delivered and payments collected, from bank institution for executed payments, from your relatives in some cases of gif card orders.
2.3. In certain cases provision of your personal data shall be necessary for the contract and its performance (for instance we will need your delivery address to be able to send you ordered good, we will need your contact details to contact you, etc.). In such cases, if you do not provide the necessary data, you will not be able to receive respective services/result or the services may not be properly performed.
2.4. Your responsibilities:
- we encourage you to limit the personal data you submit us only to those specifically requested by us and necessary for the exercise of rights and the performance of your and our obligations;
- Password: do not share or reveal your password with anyone and keep your profile secured. You may at any time change your password by following the instructions on the Website or by contacting us;
- third party websites and links: the Website may contain ads or links to other sites or services managed by persons other than us, such as for instance Facebook. This Policy does not address and we are not responsible for the processing of your personal data by such third parties. We encourage you, if you choose to visit or use any of these third-party websites or services, to review their privacy policies that may be different from our Policy;
- when you provide us personal data or get in touch with us you represent and warrant that you are at least 18 years old. Our services and processes are not intended to persons below that age and we do not intentionally collect and process data of younger persons;
- when you submit to us any data or materials, including personal information, you represent and warrant that they are true and accurate, you have the authority to do so and permit us to process such data as set out in this Policy and this will not violate any rights of third parties, including the right to privacy, the right to freedom, copyrights, related rights, intellectual property rights, etc.
- PURPOSES OF PROCESSING (HOW WE USE YOUR DATA)
3.1. The main purpose of collecting and processing your personal data is to enter into and to perform a contract for the manufacture of goods between us (such as to identify you, including through online profile, invoicing, payment, delivery, communication, exercise of rights and obligations under the contract; etc.).
3.2. We may also process your personal data for the following specific purposes:
- to communicate with you and to provide you requested information with respect to our Website, how it can be used, our goods and services;
- to send administrative information to you, for example, information regarding our rules and changes to our Terms and Policies;
- to send you newsletters, marketing or promotional materials and other notices by mail, email, SMS, pop-up messages or phone. These are messages or materials for direct marketing purposes in order to advertise you our products or services, current or upcoming promotions and campaigns and we will always and at any time give you the opportunity to object receiving such messages in free and easy manner. We will also process your objections and withdrawals;
- to comply with or fulfil obligations arising from law, regulations, act of the authorities or of the court, such as for the purposes of accounting, control, reporting, auditing and tax purposes;
- to exercise our rights or protect yours, ours, third parties or public legitimate interests, such as investigation and prevention of theft, crime, fraud, misuse of services or of the Website and other offenses, to exercise rights under contracts in which we are a party, etc.;
- for statistics and analysis and for the purpose to improve our products, services, procedures and policies, our Website and its functionality (including information collected from your web browser or application, such as your IP address, operating system, browser type, visit details, location and more).
- LEGAL BASIS FOR PROCESSING YOUR DATA
4.1. For orders, manufacture and delivery of goods, the processing of your data is necessary for the conclusion and performance of a contract to which you are a party.
4.2. For other purposes and in given cases we may also process your personal data on other legal basis, such as:
- you have given your consent for the processing – when you have subscribed to our newsletter and to receive marketing materials by us;
- the processing may be necessary for compliance with our legal obligation – for instance for accounting and control, for tax purposes and others;
- the processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, such as: in certain cases of direct marketing to our clients; in case of gift cards orders for your relatives; for investigation and prevention of theft, crime, fraud, misuse of services or of the Website; to improve and modify our products, services, procedures and policies, our Website ant its functionality.
- RECIPIENTS OF PERSONAL DATA
5.1. Your personal data may be disclosed to the following categories of recipients:
- to our vendors and service providers such as: to the courier and warehouse companies for the purposes of performance of our contract with you and delivery of ordered products; to our accounting and legal services providers; to companies from which we have licensed special software products such as accounting, warehouse, communication or other software; to companies that provide us services and technical support in relation to the Website and to the communications, as well as to other similar service providers, as far as they have access to the data in the performance of their services;
- to payment service providers for the purpose of identifying and processing payments;
- to persons to whom we are required to disclose data in accordance with applicable laws, act of the authorities or of the court, or in court proceedings, or in connection with an investigation of illegal activity, or suspected illegal activity, or at the lawful request of state, governmental or regulatory authorities;
- to third parties, when we have a good-faith belief that this is necessary to prevent death or harm or financial loss, or in connection with an investigation of actual or suspected theft, crime, fraud, misuse of services or of the Website, or other illegal activity, including violation of our or third party rights, such as for instance copyrights, intellectual property rights or privacy rights;
- to our partner company in the event of a joint campaign, event or action and with a clear notice indicating such partner;
- to third parties in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or part of our business.
5.2. We will not sell or otherwise unlawfully disclose your personal data in violation of the law and with the rules under this Policy.
- TRANSFER OF DATA TO THIRD COUNTRIES
In certain events for the purposes of provision of our services as detailed in this Policy we may transfer personal data to third countries outside the European Union, that may have different data protection laws. In particular, this may be the case in which we use a US based e-mail service provider. In such cases we will transfer your personal data to third country only on the basis of: (a) an European Commission decision on an adequate level of protection for that third country (art. 46 of the GDPR), including based on the Privacy Shield framework or other similar approved mechanism; or (b) appropriate safeguards as provided under art. 46 of the GDPR, including by utilizing the Standard Contractual Clauses in accordance with the Annex to the Decision of the European Commission of 05 February 2010 (available at the date of update of this Policy here: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex%3A32010D0087) as amended or exchanged over time by the European Commission or other appropriate safeguards, including subject to specific permission of a competent supervisory authority; or (c) binding corporate rules approved by the supervisory authority (art. 47 of the GDPR).
- YOUR RIGHTS
7.1. Right to withdraw your consent. When we process personal data based on your consent (some cases of direct marketing), you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on your consent before its withdrawal. You may exercise that right without additional costs to you by one of the following:
- at any time by sending us email to [email protected] with clear statement that you withdraw you consent; or
- by phone call to phone number +359 (0) 888 218 761 in local working days (Monday – Friday, 10:30 – 18:30); or
- by post a mail to our registered office;
- by using the contact form on our Website.
In the event that you withdraw your consent for the processing of personal data we will, without undue delay and to the extent provided under applicable laws, erase the relevant data from our systems.
7.2. Right to access – at any time you may request information about the personal data we have for you and the purposes of processing. In some cases, this will only be the personal data you have recorded in your profile.
7.3. Right to rectification – you have the right to ask to rectify your data if they are inaccurate. If you have profile in our Website you may edit your personal data also from there.
7.4. Right to erasure – “the right to be forgotten”. You should keep in mind that this is not an absolute right and applies in accordance with applicable laws. For example, you have the right to request the deletion of your personal data if it is no longer necessary for the purposes for which it was collected or otherwise processed, but only if there is no legal obligation upon us that requires further processing (e.g. some of your data to be further processed for accounting, control or compliance purposes as provided under the respective legislation). In any case, we will respect any lawful and legitimate request for erasure of your data.
7.5. Right to restriction of processing – as provided under the applicable laws.
7.6. Right to data portability – in certain cases as provided under the laws you may request by to transfer to you or to a third party a copy of your data in a structured, commonly used and machine-readable forma (this right is only applicable to data provided directly by you and processed by automated means where our processing of your data is based on your consent or on a contract with you).
7.7. Right to object. In particular the right to object includes that you may object at any time to processing of your personal data which is based on:
- the performance of a task carried out in the public interest or in the exercise of official authority vested to us; or
- pursuing our or third party’s legitimate interests;
In these cases we will cease the processing unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims; or
- the purposes of direct marketing – you may object at any time by following the instructions in the relevant marketing material or by sending us a email to [email protected].
7.8. In the event that you are established in the European Union you also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of the EU of your habitual residence, place of work or place of the alleged infringement. For Bulgaria, the supervisory authority is the Commission for Personal Data Protection, having its website at www.cpdp.bg.
7.9. You may exercise your rights mentioned above in accordance with the applicable law and in particular as provided under the GDPR. In order to exercise your rights you may contact us at any time by sending us an email to [email protected] We may need to verify your identity or to contact you with respect to your request.
- STORAGE PERIOD
8.1. We will retain your personal information for as long as necessary for the respective purposes of the processing and to comply with our obligations under applicable laws.
8.2. In particular we may retain personal data:
- data for the purposes of concluding and executing a contract – generally for 5 years from the date of performance of the contract;
- data for accounting and control purposes – in accordance with the statutory accounting and auditing rules and principles. The data processed with respect to other legal obligations will be retained until the respective obligation cease to apply;
- data for marketing purposes – until you withdraw your consent (if applicable) or until you object to processing, or until you delete your profile, or if you do not have a profile for 1 year as from our latest contact with you that provides you the option to opt-out;
- we will delete inactive profiles on the Website 2 years after the last active action;
- you may stop communicating with us in social networks at any time and according to the tools of the relevant social network, for example, if you have liked our Facebook page, you may withdraw such like (unlike), and so on.
8.3. Personal data processed for other purposes will be processed and stored as required and in accordance with data protection laws and applicable standards.
8.4. For the avoidance of doubt we may generate and store aggregate statistical reports and materials that do not contain personal data and from which a particular person cannot be individualized. This Policy does not apply to them as they do not contain personal data.
- AUTOMATED PROCESSING
We will not take our decisions solely based on software for automated data processing and we will always use a human factor. You can oppose any decision that is of major concern to you and which is taken solely by a computer, software, or other automated process, if any.