Magic Outdoor Ltd (hereinafter referred to as Controller) processes the personal data of natural persons in compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation/GDPR or “the Regulation”) as well as the rest of the statutory deeds, instructions and guidelines, related to the processing and protection of personal data of natural persons. In the present policy “our”, “we” or “us” shall mean Magic Outdoor Ltd.
|Contact person||Violeta Emilova Macheva – Raykolesku|
It should be taken in consideration that the terms used in the present policy shall have the following meaning:
- “Data Controller” means a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
- “Domain“ is part of the hierarchical space of the global Internet network with its own unique name (domain name) which must meet specific requirements. In order for a certain web page to be loaded, the domain name is entered into the browser field and within the framework of the present general terms and conditions, the domain name is “https://www.magic-indoor.com”.
- “Deletion” is an irreversible erasure of the information from the relevant carrier;
- “Personal data“ means any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number (personal ID, foreigner’s personal number, etc.), location data (geolocation), an online identifier (e.g. IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Processing of special categories of personal data is prohibited, except in several express hypotheses described in Art. 9, § 2 of the Regulation. Such data are personal data disclosing a racial or ethnic origin, political views, religious or philosophic beliefs or membership in trade unions, as well as processing of genetic data, biometric data for the only purpose of identification of a natural person, data on the health condition or the sexual life or sexual orientation of the natural persons.
- “Supervisory authority” is an independent public authority in charge of the observation of the implementation of the Regulation in order to protect the main rights and freedoms of the natural persons in connection with the processing and to facilitate the free movement of personal data within the EU. On the territory of the Republic of Bulgaria the competent supervisory authority is the Data Protection Commission.
- “Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed;
- “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means (electronically or on a hard copy), such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
- “Processor“ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;
- “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing;
- “Risk” is the possibility of occurrence of property or non-property damage for the data subject under specific conditions, assessed from the point of view of its severity and probability;
- “Consent of the data subject“ means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
- “Destruction” is an irreversible physical destruction of the material information carrier.
The terms not defined herein above have the meanings assigned to them in Regulation (EU) 2016/679, the contents of which is available at https://eur–lex.europa.eu/legal–content/BG/TXT/?uri=CELEX%3A32016R0679_, as well as in the Personal Data Protection Act or the relevant statutory document regulating this matter.
- INFORMATION ABOUT THE DATA CONTROLLER
Magic Outdoor LTD is a data controller within the meaning of Art. 4, § 7 of the Regulation, as it sets out the objectives and means of processing the personal data of natural persons while carrying out electronic trade through the e-shop www.magic-indoor.com.
Magic Outdoor Ltd
|Contact person||Violeta Emilova Macheva – Raykolesku|
More information about the role of the company in personal data processing through the profiles in the social networks maintained by it can be found in Section VIII of the present policy.
Should you have any questions, need additional information or suggestions related to data processing and their protection, you can contact us using the above contact details.
- КАТЕГОРИИ СУБЕКТИ НА ДАННИ
Through the website www.magic-indoor.com we process personal data of the following categories of natural persons:
- individuals loading the domain “www.magic-indoor.com” in their browser;
- individuals placing an order without registration;
- individuals who have registered a personal account at “www.magic-indoor.com” and placing orders through the created account;
- individuals sending inquiries through our contact form or sending messages by e-mail/at our mailing address;
The controller does not process personal data of individuals below the age of 14, as long as the website is not intended for use by such individuals. If you come across such processing please inform us immediately in order to take the necessary measures.
• TYPES OF PERSONAL DATA, OBJECTIVES AND LEGAL GROUNDS OF PROCESSING. TERM OF STORAGE.
А.) Data obtained from the subject
When visiting the website www.magic-indoor.com, using any of its functionalities (ordering of goods, creating an account, sending inquiries, etc.), you provide voluntarily the following personal data:
|№||Data category and type||Objective/s||Legal grounds||Term of storage|
|1||Physical identity and contact data: name and surname, telephone number, e-mail, delivery address;
Failure to provide such data impedes the possibility of entry into an agreement.
||Art. 6, §1, letter “b” of the Regulation: contractual grounds||Under a specific contract – up to 5 years after termination of the contract;
With regard to the data in the account – until deactivation of the created account
|2||Economic identity: bank account number (for wire transfers)||
Art. 6, §1, letter “b” of the Regulation: contractual grounds and
Art. 6, letter “c” – legal grounds.
Physical identity: full name, Personal ID, address, telephone, e-mail;
Exercising of any of the rights envisaged in the Regulation in favour of the subjects; Processing of the application; satisfaction of the request; maintaining a register of applications;
|Art. 6, §1, letter “c” of the Regulation: statutory obligation||Up to 5 years as of the last action undertaken under the request|
|Physical identity: full name, Personal ID, address, telephone, e-mail;||Maintaining a register of breaches; Undertaking actions in case of breach; Notification of Personal Data Protection Commission and the affected individuals (if applicable);||
Art. 6, §1, letter “c” of the Regulation: statutory obligation
|Up to 5 years of establishing the breach|
|5||Physical identity: e-mail;||Sending out information newsletters with offers;||Art. 6, §1, letter “а” of the Regulation: consent||Until subject’s withdrawal of consent;|
Physical identity: name and surname, telephone, e-mail, other information voluntarily provided by the subject
|Processing of the inquiry and provision of information to the subject;||Art. 6, §1, letter “f” of the Regulation: legitimate interest or Art.6, §1, letter “b”: pre-contractual relations||Up to 3 months as of the end of the correspondence (except in cases of entry into a contract as a result of the correspondence)|
|7||Physical identity: Full name of the representative of the legal entity;
Full name, Personal ID and address – if the invoice is issued to a natural person;
|Issuing and delivery of an invoice in accordance with the accounting laws;||Art. 6, §1, letter “c” of the Regulation: statutory obligation||According to the terms envisaged in the accounting laws;|
|8||Other data voluntarily submitted by you in our inquiry/ message, including in the social networks||Processing of the inquiry and provision of information to the subject.||Art. 6, §1, letted “f” of the Regulation: legitimate interest or Art. 6, §1, letter “b”: pre-contractual relations||Up to 3 months after the end of the correspondence (except in cases of entry into a contract as a result of the correspondence)|
|9||Photographs||Execution of a purchase and sale and delivery of printed materials or home or office decoration||Art. 6, §1, letter “b” of the Regulation: contractual grounds||Up to 2 years as of entry into the contract in connection with possible claims|
|10||Log files/system records|
Through www.magic-indoor.com we do not process special categories of personal data. We do not process personal data through profiling or other methods of automated decision-making.
After the expiration of the terms for personal data processing, the latter are anonymized or deleted/destroyed unless they are necessary for any pending judicial, arbitral, administrative or enforcement proceedings.
B.) Personal data automatically obtained from cookies
The website uses only the functional cookies described in the table below. The functional cookies enable the web page to save your preferences as a user (e.g. username, language, location) in order to facilitate your browsing or show you our nearest office.
|c_user||Functional cookie||Cookie from Facebook.com (functionalities of the social network/third party)|
|Dpr||Functional cookie||Cookie from Facebook.com (functionalities of the social network/third party)|
Cookie from Facebook.com (functionalities of the social network/third party)
|Sb||Functional cookie||Cookie from Facebook.com (functionalities of the social network/third party)|
|Spin||Functional cookie||Cookie from Facebook.com (functionalities of the social network/third party)|
|Xs||Functional cookie||Cookie from Facebook.com (functionalities of the social network/third party)|
|_fbp||Functional cookie||Cookie from Facebook.com (functionalities of the social network/third party)|
|cookie_notice_accepted||Functional cookie||Cookie of magic-indoor.com, responsible for the acceptance of cookies.|
|woocommerce_cart_hash||Functional cookie||Cookie of magic-indoor.com, responsible for the contents of the basket in the online shop.|
|woocommerce_items_in_cart||Functional cookie||Cookie of magic-indoor.com, responsible for the contents of the basket in the online shop.|
|wordpress_logged_in_||Functional cookie||A cookie of magic-indoor.com, responsible for information related to the logging in of registered users|
|wordpress_sec_||Functional cookie||A cookie of magic-indoor.com, responsible for information related to the working capacity of the WordPress platform.|
|wp-settings-time-1||Functional cookie||A cookie of magic-indoor.com, responsible for information related to the working capacity of the WordPress platform.|
|wp_woocommerce_session_||Functional cookie||A cookie of magic-indoor.com, responsible for information related to the working capacity of the WordPress platform.|
You can control and managed the “cookies” in another manner using your web browser. Please note that if you delete all cookies, your saved preferences will also be deleted. For more information on how to change your browser settings in order to block or filter cookies, please visit: https://www.pcmag.com/how-to/how-to-control-and-delete-cookies-on-your-browser. More information about cookies and their management can also be found at https://www.aboutcookies.org.
1. DATA RECIPIENTS
Your personal data can be provided to:
- competent public bodies in pursuance of statutory provisions or other statutory obligations;
- our partners with which we have contracts for provision of various services, such as couriers
All our partners comply with the requirements of Regulation (EU) 2016/679 and have assumed such commitments through the personal data protection agreements concluded with us (in compliance with Art. 28, §3 of the Regulation).
Magic Outdoor Ltd does not provide personal data to other entities within the EU or to third parties or international organizations.
1. YOUR RIGHTS
In your capacity of data subject, you have the following rights which you can exercise at any time free of charge:
1. Right to access
You are entitled to receive confirmation as to whether we process personal data related to you. In case we process such data, we shall provide a copy of the documents containing personal data (on the relevant carrier) as well as the following information:
- purposes of processing;
- the relevant categories of personal data;
- recipients or categories of recipients to whom the personal data shall be disclosed;
- if possible, the envisaged time period for which the personal data shall be stored; if not possible – the criteria for its determination;
- the existence of a right to request from the controller correction or deletion of personal data or restriction of processing of data related to the data subject or to file an objection against such processing;
- the right of complaint to a supervisory body;
- where personal data are not collected from the data subject, any available information about their source;
- the existence of automated decision-making, including profiling (with the relevant information regarding the logics used and the meaning and the envisaged consequences of such processing);
In case that the documents containing personal data for the subject contain personal data of other individuals, they shall be deleted in an appropriate manner.
2. Right to correction
You have the right to request correction of your data processed by us, if they are incorrect. In case you would like us to complement your personal data, we will need you to submit a statement containing the relevant information.
After we receive your request we shall correct/supplement your data as soon as possible. Please note that you have the option to edit and complement your data through the account created by you.
3. Right to deletion (so called “right to be forgotten”)
You have the right to request deletion of personal data related to you. In order to delete your personal data, any of the following grounds should be available:
- your personal data are no longer necessary for the purposes for which they have been collected or otherwise processed;
- you withdraw your consent on which the data processing is based and we do not have any other legal grounds for their processing;
- you object the processing and there are no legal grounds for the processing which prevail. Where you have objected the processing for marketing purposes, the reasons thereof are not analyzed;
- your personal data have been processed illegally;
- your personal data should be deleted for the purpose of keeping a legal obligation under the EU or Bulgarian law;
- your personal data have been collected in connection with the offering of services to the information society; An information society service is any service normally provided against remuneration, remotely, through electronic means and at the individual request of the recipients of the services.
Even if any of the above hypotheses is available, we shall not delete your personal data if processing is necessary for the following:
- exercising of the right of freedom of expression and right of information;
- for compliance with a legal obligation requiring processing, envisaged in the EU or the Bulgarian law, or for the performance of a task of public interest, or upon exercising official powers as a controller;
- for the establishment, exercising or defense of legal claims;
- two more specific hypotheses laid down in Art. 17, § 3, letters “c” and “d” of the Regulation.
4. Right to restrict processing
You have the right to request from us to restrict processing if any of the following conditions is applied:
- You dispute the correctness of the personal data. In this case the restriction is valid for the time period the controller needs to verify the data;
- The processing is unlawful but you wish to restrict the use of the personal data instead of their deletion;
- The controller does not need your personal data any more for the purposes of processing, but you request them for the establishment, exercising or defense of legal claims;
- You have objected the processing and expect an inspection as to whether the controller’s statutory interest prevail over your own interests.
The controller shall inform any person to whom corrected, deleted or restricted data have been disclosed, except in cases where this is impossible or requires too much efforts. If you wish we shall notify you about such persons.
5. Right to transmission
You are entitled to receive the personal data provided to us in a structured, widely used and machine-readable format as well as to request from us to transfer them to another controller of your choice. In order to undertake such activities, the following two preconditions should be met:
- the processing should be based on consent or contractual obligation and
- the data should be processed in an automated manner.
6. Right to object
You have the right to object the processing of your personal data if it is based on the following:
- performance of a task of public interest while exercising official powers provided to the controller; or
- legal interest.
We shall terminate processing of your data immediately if we are not able to prove that there are convincing legal grounds for the processing which prevail to your interests, rights and freedoms, or for establishing, exercising or defense of legal claims.
Where the processing is performed for marketing purposes we shall terminate the processing of your data as soon as we process your request.
7. Right to withdraw your consent
Where the processing of your data is based on consent, you have the right to withdraw the provided consent at any time by notifying us using the contact details.
How to exercise any of the above described rights?
- If you wish to exercise any of your rights, please download the application from HERE (hyperlink) and fill out the necessary information. The application has been created for your facilitation but is not mandatory for you.
If you wish, you can send us also a free-form request containing the following mandatory information:
- your full name;
- Personal ID or another analogous identifier;
- description of the request;
- preferred form for answer and information;
- date of submission.
Please send us your application in one of the following manners:
- by e-mail to firstname.lastname@example.org in compliance with the provisions of the Electronic Documents and Electronic Certification Services Act (EDECS), the Electronic Management Act or the Electronic Identification Act (i.e. electronic signature, electronic identifier, etc.).
- by mail or in person at the following address: 5A, Industrialna St., Sofia 1202, Serdika Region. Where the application is submitted by an authorized person, a power of attorney should be enclosed thereto.
- After reviewing your application, we shall analyze its contents and if necessary, shall request additional information. You will receive information about its processing within one month as of the date of sending in the manner indicated by you as preferred method of communication.
- If you need cooperation in the filling out of the form offered by us, you can contact us using the contact data indicated in the present policy.
It should be kept in mind that the Controller may refuse full or partial satisfaction of any of the above rights if such satisfaction would create a risk for the public order and security, the prevention, investigation or criminal prosecution of crimes or the execution of the imposed penalties, including protection against and prevention of threats for the public order and security, other important objectives of considerable public interest and more specifically an important economic or financial interest including monetary, budget and tax issues, public health and social security, protection of the data subject or of the rights and freedoms of other persons or enforcement of civil legal claims.
Apart from the above described rights you are also entitled to undertake the following activities:
8. To submit a complaint to the Personal Data Protection Commission
If you have any doubts or concerns that we process your personal data unlawfully, you can contact us using the above information. Any data subject may submit a complaint to the Personal Data Protection Commission (PDPC) if they believe that the processing of personal data related thereto violates the provisions of the Regulation or the Personal Data Protection Act (PDPA). The subject should approach PDPC within 6 months as of becoming knowledgeable of the violation but not later than 2 years as of its perpetration, by submitting a complaint in a letter, by fax or electronically pursuant to EDECS.
After the date of effectiveness of the Regulation, the data subjects may also submit complaints before other supervisory authorities on the territory of the European Union, if so envisaged in the Regulation.
9. To file a complaint to the competent administrative court
Without prejudice to your right to complain to PDPC described in clause 8, you also have the opportunity to submit a complaint to the competent administrative court if you believe that your rights under the Regulation/Personal Data Protection Act have been violated as a result of the processing of your personal data.
10. Right to compensation and liability for damages suffered
If you have suffered material or immaterial damages as a result of violation of the Regulation, you are entitled to receive compensation from the contractor for the damages suffered.
1. INFORMATION ABOUT THE SUPERVISORY AUTHORITY
The supervisory authority competent on the territory of the Republic of Bulgaria, is the Personal Data Protection Commission (PDPC).
Contact data of the Personal Data Protection Commission
Address: 2, Prof. Tsvetan Lazarov Blvd., Sofia 1592
Information and contact centre – Tel.: 02/91-53-518
- DATA PROTECTION MEASURES
For the purpose of guaranteeing the security of your personal data, multiple protective measures have been adopted, some of which are:
- an integrated TLS certificate;
- databases containing sensitive information are stored in conformity to all current server protection technologies;
- all controller accounts are password protected with high level of protection;
- maintenance of updated anti-virus software
- restricted access to the data of persons whose office duties require such an access;
- documented procedures for data processing of natural persons, etc.
1. FINAL PROVISIONS
In consideration for the contemporary tendencies, the present privacy statement may be modified.
- The present Privacy Statement is effective as of November 2020.