Information about the company which process your personal data:
1. Name: IMAGINE ART LTD.;
2. Headquarters and office address: Bulgaria, Sofia 1734, 23 Malinova Dolina str.
3. Contact details:
e-mail: [email protected]; tel.: 00359 878 104 713
4. Entry in the Commercial Register: UIC 204868117
The Administrator IMAGINE ART LTD processes your information in accordance with the Electronic Commerce Act, the Data Protection Act and the Directive (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
I. Grounds for collecting, processing and storing your personal data
Art. 1. The Administrator shall collect and process your personal data pursuant to art. 6, par. 1, Regulation (EU) 2016/679, in particular, on the following basis:
• Your explicit consent as a user of the service as a customer;
• Fulfilment of the obligations of the Administrator under the distance contract with you;
• Compliance with a legal obligation, to which the Administrator is subject;
• Protection of your vital interests or of another natural person;
• Performance of a task carried out in the public interest or in the exercise of official authority vested in the Administrator;
• For the purposes of the legitimate interests pursued by the Administrator or by a third party.
II. Objectives and principles for collecting, processing and storing your personal data
Art. 2. (1) The Administrator shall collect and process the personal data, which you provide to us, for the purposes of fulfilling the obligations under the contract, including the following purposes:
• Statistical purposes;
• Accounting purposes;
• Protection of Information Security;
• Ensuring the execution of the contract in order to provide the respective service;
• Conflict resolution between you and third parties.
(2) The Administrator shall observe the following principles upon processing your personal data:
• lawfulness, fairness and transparency;
• purpose limitation;
• relevance to the processing objectives and data minimisation;
• accuracy and timeliness of the data;
• storage limitation in order to achieve the purposes;
• integrity and confidentiality of the processing, and ensuring an appropriate level of security of the personal data.
(3) Upon processing and storing the personal data, the Administrator may process and store the personal data in order to protect their legitimate interests such as:
• Fulfilment of their obligations towards the National Revenue Agency, the Ministry of Interior and other state and municipal authorities.
III. What types of personal data does the Administrator collect, process and store?
Art. 3. (1) The Administrator shall perform the following personal data operations for the following purposes:
• Creating an account to use the service (placing an order on the website) - the purpose of this operation is to identify the person in order for the service to be provided to them;
• Processing of payment for the service and accounting - the purpose of this operation is to ensure the possibility for performing payment for the ordered products and bookkeeping;
• Processing ordering of goods - the purpose of this operation is to accept an order and deliver the goods from the electronic store to the end client;
• Collecting statistical data by third parties (Google Analytics) - the purpose of this operation is to improve and optimize the performance of the online store;
• Processing the data for delivery through third parties for the purpose of delivering the ordered products by the customer (courier companies - Econt Express and Speedy, Bulgarian Posts EAD);
• Storing data and providing quality access to the www.withscentofbooks.com website using third parties for hosting and domain (www.icn.bg) - the purpose of this operation is to have technical support at the online store so that in any given moment when a technical problem arises, we can receive a quick and adequate solution;
(2) The Administrator shall collect from the data subject solely such personal data, which are necessary for providing the service for the execution of the contract with the data subject. For delivery through a distance contract, the Administrator shall process the following categories of personal data and information for the following purposes:
• Your identifying data (first name and surname, address, electronic mail) - for the purposes of processing and accepting the order and the delivery of the ordered goods from the electronic store;
• Telephone number - for feedback and contact with the couriers upon delivering the ordered products;
• IP address - with the purpose of statistical data and the correct and optimal functioning of the electronic store; The data are anonymous and do not associate the person with the IP address, except in the cases where the person has given their explicit consent for registration;
(3) The Administrator shall not collect and process personal data, which relate to the following:
• reveal racial or ethnic origin;
• reveal political, religious or philosophical beliefs, or trade union membership;
• genetic and biometric data, health data or data concerning sex life or sexual orientation.
IV. Personal data retention period
Art. 4. (1) The Administrator shall store your personal data for a period of time no longer than 10 years (the term, set in accordance with the Accountancy Act). After the expiration of this period, the Administrator shall take all necessary care to erase and destroy all your data without undue delay.
(2) The Administrator shall notify you, in case the data storage period needs to be extended in order to meet the objectives, execute the contract, with a view of the legitimate interests of the Administrator or otherwise.
V. Transmitting your personal data for processing
Art. 5. (1) The Administrator may, at their own discretion, transfer part or all of your personal data to processors for the purposes of processing, subject to the requirements of Regulation (EU) 2016/679.
(2) The Administrator shall notify you in case of an intention to transfer part or all of your personal data to third countries or international organisations.
VI. Your rights upon collecting, processing and storing your personal data
Right of access
Art. 6. (1) You shall have the right to request and obtain from the Administrator confirmation as to whether personal data concerning you are being processed.
(2) You shall have the right to access the data concerning them, as well as to the information relating to the collecting, processing and storing of your personal data.
(3) The Administrator shall provide upon request, a copy of the processed personal data concerning you in an electronic format - in the section "GDPR Tools" in your account.
(4) The provision of access to the data is free of charge but the Administrator shall reserve the right to impose an administrative fee in case of repeatability or excessive requests.
Right to rectification
Art. 7. (1) You are entitled to ask the Administrator to:
• rectify the inaccurate personal data concerning you;
• complete the incomplete personal data concerning you;
(2) The Administrator provides you with the opportunity to personally rectify your personal data through the technical solution provided in your account - "GDPR Tools" and in "My Account" accessible in your account.
Art. 8. (1) You are entitled to request from the Administrator to delete the personal data concerning you, and the Administrator has the obligation to delete them without undue delay, when any of the following reasons exist:
• the personal data are no longer necessary for the purposes, for which they were collected or otherwise processed;
• you withdraw your consent, on which the processing of the data is based and there is no other legal ground for the processing;
• you object to the processing of the personal data concerning you, including for the purposes of direct marketing, and there are no overriding legitimate grounds for the processing;
• the personal data have been processed unlawfully;
• the personal data must be deleted in order to comply with a legal obligation under EU law or the law of a member state, which applies to the Administrator;
• the personal data have been collected in connection with the provision of information society services.
(2) The Administrator is not obligated to delete the personal data, if they store and process them:
• to exercise the right of freedom of expression and information;
• to comply with a legal obligation, which requires processing under EU law or the law of the member state, which applies to the Administrator, or for the performance of a task carried out in the public interest or upon the exercise of official powers, which are conferred on them;
• for reasons of public interest in the area of public health;
• for archiving purposes in the public interest, scientific or historical research or for statistical purposes;
• for the establishment, exercise or defence of legal claims.
(3) The Administrator shall provide a technical solution in your account - "GDPR Tools", where you can delete and erase your data.
Right to restriction of processing
Art. 9. (1) You are entitled to require from the Administrator to restrict the processing of the data concerning you, when:
• you contest the accuracy of the personal data, for a period of time, which allows the Administrator to verify the accuracy of the personal data;
• the processing is unlawful but you do not wish the personal data to be erased and request restriction instead;
• the Administrator no longer needs the personal data for the purpose of processing but you require them in order to establish, exercise or defend your legal claims;
• you have objected to the processing in anticipation of a verification whether the legitimate grounds of the Administrator override your interests.
Right to data portability
Art. 10. (1) If you have given consent for processing your personal data or processing, necessary for the execution of the contract with the Administrator, or if your data are processed in an automated manner, you may, after you identify yourself before the Administrator:
• request from the Administrator to provide you with your personal data in a readable format and to transmit these data to another Administrator;
• request from the Administrator to transmit your personal data directly to an administrator, specified by you, where technically feasible.
Right to be informed
Art. 11. (1) You may request from the Administrator to inform you of all recipients, to whom the personal data, for which any rectification, erasure or restriction of the processing has been requested, have been disclosed. The Administrator may refuse to provide this information if it would prove impossible or involves disproportionate effort.
Right to object
Art. 12. (1) You may object at any time to the processing of personal data by the Administrator, which concern them, including if they are processed for the purposes of profiling or direct marketing.
Your rights upon personal data breach
Art. 13. (1) If the Administrator becomes aware of personal data breach, which may likely result in a high risk to your rights and freedoms, they shall notify you without undue delay of the breach, as well as of the measures, which have been taken or proposed to be taken.
(2) The Administrator is not obligated to notify you if:
• they have taken appropriate technical and organisational protection measures in regards to the data, affected by the personal data breach;
• they have taken subsequent measures, which ensure that the breach will not result in a high risk to your rights;
• the notification would involve disproportionate effort.
VII. Persons, to whom your personal data are provided
Art. 14. (1) For the purposes of processing your personal data and providing the service - ordering and delivering of goods through an online order - the Administrator may provide the data to the following processors:
• PayPal - with the purpose of providing payments via PayPal account;
• BrainTree - with the purpose of providing payments by debit/credit card;
• Courier company Econt Express - with the purpose of providing courier service and delivery of the ordered goods by the customer;
• Courier company Speedy - with the purpose of providing courier service and delivery of the ordered goods by the customer;
• Bulgarian Posts EAD - with the purpose of providing postal service and delivery of the ordered goods by the customer;
• Accountancy - with the purpose of processing orders, payments and the statutory documents, reports and records;
• State institutions such as the National Revenue Agency, the Ministry of Interior, the CPDP and other state and municipal authorities for the purpose of fulfilling their legal obligations towards them.
VIII. Technical and organisational protection measures for your personal data
Art. 15. (1) The Administrator has taken all necessary measures to ensure the protection of your personal data by implementing the following actions:
• Restricted the access to your personal data solely to the Administrator, responsible for the protection of the personal data, and the technically responsible persons;
• All personal data are stored solely on the online platform of the Administrator, to which access is restricted;
• All data and pages in the electronic store of the Administrator are encrypted with SSL certificate, which makes online shopping secure and safer;
• The Administrator has taken care to automate your rights to access to your personal data and the right to erasure by means of a technical solution in your account.
IX. Cookies Usage Policy
Art. 16. The website www.withscentofbooks.com is using "cookies" in order to improve its performance.
What are cookies and why are they being used?
(1) Cookies are small text files that store information about the user’s actions and preferences while visiting a website. The cookie files are being stored on the user’s computer or mobile device for a specific period of time depending on their type.
(3) The cookies enable the website to function seamlessly, monitor for issues and identify opportunities to optimize the ways it provides information and interacts with the users.
Art. 17. Types of cookies
(1) The websites of With Scent of Books is using one or more of the following types of cookies, defined by their level of necessity:
• Strictly necessary cookies
The absence of these cookies makes the functioning of the website impossible or puts it at high levels of risk.
This category includes cookies that enable users navigate across the website, save the information they have entered when processing online forms, and log in or register in www.withscentofbooks.com.
Other strictly necessary cookies are the ones that provide control over the connection security and protection against external threats.
• Functionality cookies
This cookie category improves the usability of the website and enables it to comply with the preferences of the individual users.
The functionality cookies category includes cookies for device recognition, as well language and font size preference setting.
• Performance, analysis and advertising cookies
The analysis cookies collect statistical information, which can be used for overall conclusions on the website’s performance and recommendations towards its optimization in regard with the users’ objectives and/or the website owner’s marketing and advertising goals. Such statistics include number of page visitors, mostly visited pages, visit sources, time spent on the page, errors while visiting, etc. These cookies collect anonymous information about the way the users navigate through the website and the problems they can experience.
(2) For maximum precision the website of With Scent of Books uses the analytical instruments of Google Analytics, Facebook, Instagram, Google+.
(3) We use the "cookies" on the basis of art. 4а of the Electronic Commerce Act (ECA) and art. 6, par. 1, letter (f) of the Regulation (EU) 2016/679.
Art. 18. How to disable cookies
As a user you can control cookie usage, delete the cookies that have been stored on your device, and disable cookies. You can choose which cookies to keep and which to block from the "Cookie bar" at the bottom of the page .
Please be aware that disabling cookies will affect the website’s performance and might hinder its functionality. The strictly necessary cookies, which are essential for the functioning of the website, can’t be disabled.
If you consider that out processing of your data is in violation of the data protection regulations or if you believe that your rights according to these regulations have been violated in some way, you may contact the competent administrative authority. In Bulgaria this is the Commission for Personal Data Protection.
Contact us in one of the following ways:
Via the contact form, available HERE.
Via email to [email protected]
By phone: 00359878104713 from Monday to Friday, between 10:00 and 17:00.