Privacy Policy

POLICY FOR SECURITY OF PERSONAL DATA OF NATURAL PERSONS

This document contains the Policy for the security of personal data of natural persons ("Policy") and is related to the General Terms and Conditions, but is not an integral part of them, as it does not regulate rights and obligations, but aims to explain to users what personal data we process, in what way, for what purpose and what are the applicable security measures. It also provides information about the rights that you, our customers and users, have in relation to the processing of personal data by us. If the Policy changes, the changes will be posted here.

Effective from: 01.02.2024

Your privacy is extremely important to us. This security policy discloses what personal data we collect from you through our joint relationships and how we use that data.

ADMINISTRATOR OF PERSONAL DATA

"Manora Cosmetics" Ltd, UIC 207577362, VAT No. BG 207577362, with headquarters and management address: city of Varna, g.k. "Chaika", bl. 203, entry A, fl. 6, apartment 14 , contact phone: +359 888 731 599, e-mail: office@manoracosmetics.com ( hereinafter referred to as " Manora Cosmetics", "We", "online store", "Site", "Website", "administrator" ) is a data administrator, including personal data, in relation to the information collected or provided when browsing the site www.manoracosmetics.com or when making a purchase through the same, as well as when viewing or purchasing a product or service through our Facebook page (collectively all referred to for brevity as "Site", "Internet Page"). The policy also applies in cases where, as natural persons (for short, "Subjects"), you voluntarily provide us with personal data electronically (via e-mail), by telephone or by other means, including on-site at our store or office. We also process personal data from inquiries sent by you to us, as well as for marketing and advertising purposes, profiling, participation in games, promotions and raffles organized by us and for any other purposes not prohibited by law. When processing personal data, Manora Cosmetics complies with all applicable data protection regulations, including but not limited to Regulation (EU) 2016/679 ("Regulation") and the Personal Data Protection Act, because for us security of our customers' personal data is of paramount importance. Therefore, this Policy applies in this case as well.

APPLICABILITY OF THE POLICY

This Policy applies to all our customers - natural persons using our services by ordering from the Site or showing interest in the same by sending inquiries (hereinafter referred to as "data subjects", "users").

Partners and third parties who work with or for Manora Cosmetics , and who have or may have access to personal data, will be expected to familiarize themselves with, understand and comply with this policy. No third party may have access to personal data held by Manora Cosmetics without the company having previously entered into a data confidentiality agreement that imposes on the third party obligations no less burdensome than those undertaken by Manora Cosmetics . and which entitles Manora Cosmetics to carry out inspections of compliance with the obligations imposed by the agreement.

This policy applies to all employees/employees (and stakeholders) of Manora Cosmetics , as well as to external suppliers of products and services with whom Manora Cosmetics there are contracts concluded. Any violation of the General Regulation will be considered as a violation of labor discipline, resp. such as non-fulfillment of contracts with partners, and in case there is an assumption of a crime committed, the matter will be submitted for examination in the shortest possible time to the relevant state authorities.

For Site visitors who do not place orders or send inquiries, but only browse our website, the Cookie Policy adopted and published on the Site applies.

DEFINITIONS

"Regulation" – General Data Protection Regulation 2016/679 of April 27, 2016, referred to as GDPR. The purpose of this European legislation is to protect the "rights and freedoms" of individuals and to ensure that personal data is not processed without their knowledge and, where possible, is processed with their consent.
"Personal data" – any information related to an identified natural person or an identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, physiological , the genetic, psychic, mental, economic, cultural or social identity of that natural person.
"Special categories of personal data" – personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, or membership in trade union organizations and the processing of genetic data, biometric data for the unique identification of a natural person, data relating to health or data regarding an individual's sex life or sexual orientation.
"Processing" – any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or other way in which the data is made available, arranged or combined, restricted, deleted or destroyed.
"Administrator" – any natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of processing personal data; when the purposes and means of such processing are determined by EU law or the law of a Member State, the controller or the special criteria for its designation may be laid down in Union law or in the law of a Member State.
"Data subject" – any living natural person who is the subject of the personal data stored by the Administrator.
"Consent of the data subject" – any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or a clear affirmative action, which expresses his consent to the personal data related to him being processed.
"Child" – The General Regulations define a child as anyone under the age of 16 years. The processing of a child's personal data is only lawful if a parent or guardian has given consent. The administrator makes reasonable efforts to verify in such cases that the holder of parental responsibility for the child has given or is authorized to give consent.
"Profiling" – any form of automated processing of personal data, consisting in the use of personal data to evaluate certain personal aspects related to a natural person, and more specifically to analyze or predict aspects related to the performance of professional duties that individual's economic status, health, personal preferences, interests, reliability, conduct, location or movement.
"Personal Data Security Breach" – a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed.
"Recipient" – a natural or legal person, public body, agency or other structure to which the personal data is disclosed, regardless of whether it is a third party or not. At the same time, the public bodies that may receive personal data within the framework of a specific investigation in accordance with the law of the Union or the law of a Member State, are not considered "recipients"; the processing of this data by the specified public authorities complies with the applicable data protection rules in accordance with the purposes of the processing.
"Third party" – any natural or legal person, public body, agency or other body other than the data subject, the controller, the personal data processor and the persons who, under the direct supervision of the controller or the personal data processor, have the right to process the personal data.

PRINCIPLES

When collecting and processing personal data, we are guided by the following principles: legality, good faith, transparency; limitation of objectives; data minimization; accuracy; storage limitation; integrity and confidentiality; accountability.

ENTITIES WHOSE DATA WE PROCESS

In connection with its Manora Cosmetics business conclude and execute distance sales contracts, review job applications and proposals, forms for the exercise of rights of consumer buyers, as well as requests of data subjects, respond to inquiries, issue and receive invoices, process statistical data, manage consumer panel on the site, carries out advertising activities through advertising campaigns (promotions, games, etc.). In the course of these activities Manora Cosmetics processes information about the following Data Subjects:

natural persons, users of the site without registration , without leaving any data (in this case we process data, but not personal) and natural persons, users of the site without registration, who have provided a limited number of personal data voluntarily ( example phone number and or email address);
natural persons, users of the site with registration as registered users - in these cases we process data about the user that he entered during registration - email address, delivery address, names, invoicing data, order details, other data, entered by the user.
natural persons who have sent inquiries (including by phone), requests, initiatives, signals, complaints or other correspondence to us, including through the website, telephone, e-mail or otherwise;
natural persons, information about which is contained in inquiries (including by call), requests, initiatives, signals, complaints or other correspondence addressed to us;
natural persons with whom we conclude contracts (civil, including commercial or employment, especially distance contracts) electronically (via the site or social networks, as well as by means of electronic correspondence) or on site at our office or commercial establishment;
natural persons whose data we have obtained through the provision of them by third parties (for example, in the case of an order intended for a gift).

PERSONAL DATA WE PROCESS

Depending on the reason for the processing of personal data, the type of such data may differ. The functionalities provided on the Site are not intended for storage and processing of special categories of data within the meaning of Art. 9 and Art. 10 of the Regulation. (NB! Read Art. 9 and Art. 10 - of the Regulation here ). We only require such personal data as are necessary for us to provide the activity/service/product requested from us. In the course of using the site by natural persons, we may also process other data that do not contain personal data, but relate to the subject, such as his IP address, data on his activity on the site, etc.

Data provided when placing an order

To perform an agreement between you and Manora Cosmetics distance contract (order), we require certain information from you. You decide for yourself whether and how to use the possibilities for concluding a distance sales contract provided through the Site or the Facebook page. In the forms through which personal data is entered, we clearly indicate the mandatory or voluntary nature of providing the data. The data, the filling of which is mandatory, are those without which it is impossible to conclude the relevant contract. These are: names, e-mail address, delivery address, contact phone number, your payment information (e.g. bank card), invoicing data, of which also the PIN (Personal Identification Number) if you want an invoice for an individual. If you provide data to third parties who will receive the order (for example, in the case of orders for the purpose of a gift or other type of donation), you are responsible for providing the data to these third parties.

Data provided when registering on the Site

In the event that you have chosen to store information about you on the Site by registering a profile in the same , we store the above data, as well as a history of orders made by each account registered on the Site. The required data matches those required when ordering. Along with them, we also process IP address, activity data (time and date of registration, acceptance of the Security Policy and General Terms and Conditions, account login, etc.);

Data provided when concluding other contracts

In cases where Manora Cosmetics enters into other contracts with individuals other than distance selling, we require three names, social security number, address, email address.

Data provided by, through and on other websites and applications, called third parties

In certain cases, you may share information with social networks or use their sites to create your profile or link your profile on our website with the relevant social network. In this case, the social network may provide us with automatic access to certain personal information they have collected about you (e.g. the content you view, the content you want and information about the ads you have been shown or clicked on, etc. .n.). By linking your social network profile to your account on our website, you allow us to access your personal data processed by the relevant social network, and to collect, use and store this information in accordance with this Security Policy. This association of a social network profile with a registration on our website takes place in the event that you click on a link provided to create a Registration on our website by engaging in social media, thereby voluntarily establishing a link with the respective social media site media. In case you have chosen to register on our site through any social network, we may process your data such as names, telephone, email, gender, marital status, age, photo, education, place of birth, place of residence and other data that you have provided to these platforms and which are visible to us in case you log in with them on our site.

In case you provide your personal data to Manora Cosmetics through Viber, Skype, Facebook or any other platform/social network, we inform you that these platforms/websites/social networks have their own privacy policies and that we do not accept any responsibility or liability for these rules, insofar as their processing cannot be controlled by Manora Cosmetics . Therefore, we recommend that you check these policies before submitting your personal data to us through these websites/applications.

Data provided when posting a comment, review, publication

If you leave a post or comment on this website, your IP address will be saved, along with your names if you have entered this information. This is for the safety of the website operator. If your text breaks the law, it would like to be able to trace your identity. Apart from that, Manora Cosmetics has an obligation to store this data (referred to as "traffic") for certain periods and for certain purposes specified below. Due to the fact that sending comments, inquiries and other messages to the site, Facebook page/group or their administrators constitutes sending an electronic statement, according to the Law on Electronic Document and Electronic Authentication Services ("ZEDEUU"), the administrator has an obligation to maintain logs of the fact of sending the statement for a period of 1 year. The log contains the date of the statement, name and email address of the sender.

Employee data and data collected when processing job applications

We process data when concluding employment contracts and when evaluating and processing a job application. When concluding employment contracts, we require three names, social security number, address, age, gender, education data, work experience, bank data, and subsequently we also process health data. When processing resumes, we process names, address, e-mail address, age, gender, education, work experience, photo, data voluntarily provided by the candidate during an interview or in the resume.

Data provided in connection with correspondence, complaints and reports

In order to resolve submitted complaints, reports, disputes, inquiries, requests or other issues addressed in communication to Manora Cosmetics , received through electronic forms on the Site, by calls to Manora Cosmetics , by regular mail or email, Manora Cosmetics stores and processes this information, as well as the result of this processing. These can be names, email address, phone, address.

In addition, due to the fact that sending comments, inquiries and other messages to the site, the Facebook page or their administrators, constitutes sending an electronic statement, according to the Law on electronic document and electronic authentication services ("ZEDEUU") we have the obligation to maintain a log of the fact of sending the statement (without its content) for a period of 1 /one/ year. The log contains the date of the statement, the sender's name and email address, and the sender's identification.

If you provide us with personal information about someone else, you must do so only with that person's authorization. You must inform them of how we collect, use, disclose and store personal information in accordance with this Individual Privacy Policy.

Technical data collected in the course of using the Site

In addition, we collect information from your computer, phone, tablet or other device you use. This information may include the following:

an identifier of the device you are using, the type of that device and a unique identifier for that device, "log data" or “log data”, including information that your browser automatically sends to us when you visit a website; this log data includes the internet protocol address, the address and activity of the websites you visit, searches, browser type and settings, date and time of your request, how you used the site, cookie data and device data; if you would like to receive more details about the information we collect - contact us using the contact form.
location information transmitted by the device if you have set it to display location data - note that mobile devices allow you to control or disable the use of location services by any application on your mobile device in the device's settings menu;
computer and connection information, such as page view statistics, IP address, site browsing history, language settings, date and time;
logs to facilitate your searches - quick links to repeat previous searches allow you to repeat your searches instead of entering them each time. The functionality can be used with or without registration. When using the Site, a cookie with a randomly generated number is stored in your browser, enabling the Site to show you quick links for repeating previous searches. The site stores and displays the last 10 searches associated with this browser, and when you log in to your account, you can save and use them in it. In case you use the Service with registration (currently an inactive feature), the last 10 searches are stored in your account;
logs related to security, technical support, development, etc.:
- to ensure the reliable functioning of the services and to identify technical problems;
- to ensure the security of the services and detect malicious actions;
- to develop and improve the services on the site;
- to measure site traffic and usability;
- logs where required by law (such as logs of electronic wills);
- log for entering a user profile (account) - this log makes it possible to establish and automatically block unregulated attempts to access accounts; it is maintained for a period of up to 1 /one/ year, containing the date and time of the account login, status, whether the login was through a mobile version, application or desktop browser, IP address;
- server logs, logs of security protection devices (Web Application Firewalls), etc. devices falling into this category. These logs are necessary to diagnose technical problems, detect malicious actions, etc. of the purposes stated above; they are stored for a period of up to 1 /one/ year. Logs may contain the following information: date and time, IP address, URL, browser and device information. In addition, some of the devices may use cookie-based security technology;
- cookies – the use of cookies is necessary for the functioning of the Site. In connection with this, a Policy on the use of cookies has also been adopted; read the Policy for more details about: the type of cookies we use, the term for their storage and use, etc.

We may prefer to reduce the amount of data we store and process according to the purposes of the processing.

We do not require and will not collect and process personal data that reveals: racial or ethnic origin; political, religious or philosophical beliefs; membership in trade union organizations; genetic and biometric data; data on the state of health, as well as data on sex life or sexual orientation. If a subject himself, on his own initiative and desire, provides such categories of data, Manora Cosmetics is not responsible for the provision, but only undertakes to provide the same protection measures to them as are provided for the requested personal data. We do not transfer data to third countries. Also, we do not make automated decisions in relation to personal data and we do not process data of persons under 16 years of age. If you are under the age of 16, you should not provide us with personal data about yourself.

FOR WHAT PURPOSES WE PROCESS YOUR DATA

The main purpose for which WE process your personal data is generally related to the provision of services through the Site and social networks, namely the conclusion of a distance sales contract and the delivery of the goods and services ordered by you, as well as accounting of revenue . We also use your personal information to provide and improve our Services, provide you with a personalized experience on our site, contact you about your profile and our Services, provide you with customer service, provide you with personalized advertising and marketing according to your interests, to carry out raffles and games organized by us, and in certain cases to detect and investigate fraudulent or illegal activities.

Manora Cosmetics collects, uses and processes the information described above for the purposes provided for in this Policy, which may be related to:

the conclusion of a contract for the purchase and sale of goods/services at a distance between you and Manora Cosmetics through the Site or social networks - we require your identification, contact and payment data in order to conclude a contract with you, respectively, to send you the order;
conclusion of a consumer credit agreement when you have requested the purchase of a product or service from the Site through credit;
processing payments and preventing fraudulent transactions (we may pass your data to a third party to perform these functions);
conclusion of employment contracts and processing and evaluation of submitted resumes;
protection and enforcement of the legitimate interests of other users of the Services, third parties and the Site - the legitimate interest pursues goals related to the legitimate interests of Manora Cosmetics and/or third parties. These goals include:
detection and resolution of technical or functionality problems, development and improvement of the purpose of the Site;
communicating with you, including electronically, on important issues related to the services we provide and the performance of concluded contracts;
targeting our marketing, updating services and offering you promotional offers based on your preferences.
receiving and processing received signals, complaints, requests and other correspondence;
implementation and protection of the rights and legal interests of the Site, including by court order, and providing assistance in the implementation and protection of the rights and legal interests of other users of the site and/or affected third parties;
administering the Website and Application and keeping them secure and safe;
analyze and improve the use of our website, app and retail, (including using information about how you navigate our website, App and/or stores;
measure and analyze our advertising and send you offers and recommendations based on the information you share with us;
communicating with you about your account, troubleshooting problems with your account. When we contact you by phone, to ensure efficiency, we may use automated or pre-recorded calls and text messages ;
informing you about products and services about which you wish us to send you information by e-mail, post, mobile phone and / or through other digital means (depending on your stated preferences), including social media platforms - only when we have received express consent from You for this;
your registration on the Website (in which case We will also use your personal information to maintain and update your profile (for example, such as a change of address or a change in your marketing preferences);
administration of all contests/raffles/lottery-based games conducted by Manora Cosmetics ;
provide you with location-based services (such as advertising, search results and other personalized content);
the fulfillment of legal obligations of Manora Cosmetics , which includes:
- fulfillment of obligations stipulated by law to preserve or provide information in view of our fiscal obligations to the state (for example, on the basis of the Accounting Act and other tax laws - VAT, ZDDFL, ZKPO, DOPK, etc.) ;
- fulfillment of legal obligations based on the Labor Code, the Law on the Commercial Register and the Register of Non-Profit Legal Entities, etc. normative acts;
- execution of an order received by us from competent state or judicial authorities (e.g. on the basis of the Ministry of Interior, Civil Procedure Code, ZES);
- fulfillment of obligations stipulated in the Regulation on the protection of personal data, related to notifying you of various circumstances related to your rights, the Services provided or the protection of your data, etc. similar;
- fulfillment of obligations provided for in the Consumer Protection Act, such as ensuring the right of refusal, the right to legal guarantee;
- the protection of Manora Cosmetics judicially;

Your data may be processed on the basis of your express consent , and the processing in this case is specific and to the extent and scope provided for in the relevant consent. We usually require such consent from you when we wish to process your personal data without a legal obligation or legitimate interest for Manora Cosmetics . Most often, we require such consent when we want to offer you information about new promotions, products, etc.

STORAGE PERIOD OF YOUR PERSONAL DATA

When storing data, WE apply the general principle of storing data in a minimum volume and for a period no longer than is necessary to provide the Services and fulfill the contracts, ensuring their security and reliability and the requirements of the law. We will retain your personal information for the period necessary to fulfill the purposes set out in this "Privacy Policy", unless otherwise required by law or based on our legitimate interest. and we borrow it for a longer period. According to the type of data and the purposes for which it is deleted, there is a specific erasure policy, with the expiration of which the information is deleted permanently.

Registration data (name, surname, email address, telephone, address) and information about registration and agreement with the Terms (date, time, IP address)
- Storage period: For the entire period of maintaining the account on the Site and up to 5 /five/ years from termination of registration
- Reason: Execution of contractual relationships; fulfillment of legal obligations; protection of legitimate interest;
- Clarifications: The data identifies you as a registered user on the Site. In order to resolve possible disputes that arose or became known after the termination of the agreement for the use of the Site and in connection with ZEDEUU (see below), this data is stored for a period of up to 5 /five/ years after the termination of the account.
  
  Important! On the basis of ZEDEUU (see below) part of this data must be stored by the administrator for a period of up to 1 /one/ year from account termination. The extension of the storage period is due to the protection of the legitimate interests of the administrator.
Personal data from orders and from invoices issued or received by the administrator, payment documents (orders, statement), reports and other accounting, reporting and payment documents.
- Storage period: For the period in which the rights and obligations of the parties to the legal relationship under which the accounting, reporting or payment document was issued are available, up to 5 years from the termination of the legal relationship. Certain data are also stored for a longer legally defined period than the above, as they represent accounting information - transaction data, invoicing data - between 5 and 50 years
- Reason: Fulfilling legal obligations and protecting the legitimate interests of the controller.
- Clarifications: The data identifies you as a party to the distance sales contract and is stored in order to ensure your rights, resp. fulfilling our legal obligations as taxpayers. The storage is also necessary in order to ensure the rights of buyers (natural persons) when a period is provided for them (for example, a 2-year warranty). Legal obligations also require the storage period to be determined in the manner described. According to Art. 38 of the Tax and Social Security Procedure Code (SPC), accounting and commercial information, as well as all other information and documents relevant to taxation and mandatory social security contributions, are stored by the obligated person in accordance with the procedure established in the Law on the National Archive Fund, in the following terms : payroll - 50 years; accounting registers and financial statements - 10 years; documents for tax and insurance control - 5 years after the expiration of the limitation period for repayment of the public obligation to which they are related; all other carriers - 5 years. According to Art. 38, para. 2 of the Code of Civil Procedure after the expiration of the term for their storage, the carriers of information under para. 1 (paper or technical), which are not subject to transfer to the National Archive Fund, may be destroyed.
Personal data from employee employment records.
- Storage period: For the period in which the rights and obligations of the parties to the legal relationship under which the accounting, reporting or payment document was issued are available, up to 5 years from the termination of the legal relationship. Certain data are also stored for a longer legally defined period than the above, as they represent accounting information - transaction data, invoicing data - between 5 and 50 years
- Reason: Fulfilling legal obligations and protecting the legitimate interests of the controller.
- Clarifications: The data identifies you as a party to the distance sales contract and is stored in order to ensure your rights, resp. fulfilling our legal obligations as taxpayers. The storage is also necessary in order to ensure the rights of buyers (natural persons) when a period is provided for them (for example, a 2-year warranty). Legal obligations also require the storage period to be determined in the manner described. According to Art. 38 of the Tax and Social Security Procedure Code (SPC), accounting and commercial information, as well as all other information and documents relevant to taxation and mandatory social security contributions, are stored by the obligated person in accordance with the procedure established in the Law on the National Archive Fund, in the following terms : payroll - 50 years; accounting registers and financial statements - 10 years; documents for tax and insurance control - 5 years after the expiration of the limitation period for repayment of the public obligation to which they are related; all other carriers - 5 years. According to Art. 38, para. 2 of the Code of Civil Procedure after the expiration of the term for their storage, the carriers of information under para. 1 (paper or technical), which are not subject to transfer to the National Archive Fund, may be destroyed.
Personal data from correspondence, complaints and signals, requests, initiatives
- Storage period: Data from correspondence, complaints, signals, requests, initiatives are stored for a period of up to 5 /five/ years on the basis of the Law on Obligations and Contracts (limitation periods for making claims);
- Reason: Protection of legitimate interests of the controller
- Clarifications: In order to resolve submitted complaints, signals, disputes, inquiries, requests or other questions addressed to Us in communication received through electronic forms on the Site, by sending by regular or e-mail, We store and process this information, as well as the result of this processing. Given the statute of limitations according to Bulgarian legislation for the purpose of resolving disputes, this information is stored for a period of up to 5 /five/ years.
Log certifying the sending of a comment, inquiry, order or other statement of intent (contains sender, recipient, date and time of the statement)
- Storage period: For a period of 1 /one/ to 5 years.
- Reason: Fulfilling legal obligations and protecting the legitimate interests of the administrator
- Clarifications: Due to the fact that the sending of a comment, feedback, inquiry, other statement represents the sending of an electronic statement by you to us according to the ZEDEUU, the company is obliged to maintain a log of the fact of sending the statement for a period of 1 /one/ year. Legitimate interest allows us, in certain cases, to extend the storage period of this data up to 5 years from the date of the statement.
Quick searches (do not contain personal data)
- Storage period: Until they are deleted by you; until your registration is terminated or up to 6 /six/ months if you use this functionality without registration
- Reason: Consent of the subject and protection of legitimate interests of the administrator
- Clarifications: This option allows you to repeat your searches instead of entering them each time. The functionality can be used with or without registration. Quick links are stored to repeat the last 10 searches . You can change the setting from the browser you are using.
Settings and System Logs (do not contain personal data, may contain information such as: date and time, IP address, URL, browser version and device information)
- Storage period: Until they are deleted by you or until your registration is terminated. In case they are stored in a biscuit - between 6 /six/ and 12 /twelve/ months from the last use
- Reason: Subject Consent. Fulfilling legal obligations and protecting the legitimate interests of the administrator
- Clarifications: This category includes settings such as language selection, etc. similar. You are in control of the settings and can change them through your browser. Server logs, logs of security protection devices (Web Application Firewalls), etc. devices falling into this category. These logs are necessary to identify technical issues and/or detect malicious activity.
Information stored in a mobile application
- Storage period: For the period of its use (until it is uninstalled)
- Clarifications: Information necessary for the technical provision of the Services (such as settings, etc.)
Cookies
- Storage period: Between 6 and 12 months - depending on the type of cookie and your browser settings
- Reason: Consent of the subject and protection of the legitimate interests of the OSA
- Clarifications: For a description of the cookies used, see "Cookie Policy"

Exceptions to the retention period rules

Please note that we will not delete or anonymize your personal data if it is necessary for pending judicial, administrative, arbitration, enforcement or complaint proceedings before us. Deletion will be carried out after the need for the data ceases, and it is not excluded that this will be after the expiration of the periods indicated above.

You may always request that we delete certain information or close your account, and we will respond to that request by retaining certain information, even after the account is closed, when applicable law or legitimate interests require us to do so. If we are legally required to, or if reasonably necessary to comply with regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms, we may also retain some of your personal information for a limited period of time, even after you have deleted Your profile.

In order to ensure the reliability of the services and to protect against data loss for technical reasons, the Site applies a data redundancy policy. The maximum period for updating (deleting data) from all backups is 30 days.

Manora Cosmetics, respectively the Site, does not provide your personal data to third parties, unless there is a legal basis for this - obligation under law or contract, legitimate or vital interest, your consent. We try to minimize the personal data we disclose, as this is always directly related and necessary to achieve the specified purpose. We do not sell, rent or otherwise disclose your personal information to third parties for their marketing and advertising purposes without your consent. We guarantee that access to your data by third-party private legal entities takes place in accordance with the legal provisions in the field of data protection and information confidentiality, based on contracts concluded with them.

We may disclose your personal data where we are subject to a legal obligation. In certain cases, Manora Cosmetics is obliged to disclose your data to public authorities such as the police, prosecutor's office, court, in connection with the prevention or detection of crimes. This also includes sharing information with other companies and organizations for the purpose of fraud protection and credit risk reduction. You should be aware that if we are asked by the police or any other regulatory or government authority investigating suspected illegal activities to provide your personal information or other information we obtain about you, we are entitled to do so after we are satisfied that the validity of the state authorities' request. When we receive sales revenue , we may be required by revenue authorities to provide sales data containing data from your orders, including personal data. In this regard, we provide your data to the accounting companies we work with. Legal obligation of the Site and of Manora Cosmetics is to protect the security of networks and data processed by the company. In this regard, we implement a number of measures, the implementation of which may require the processing of your data by IT companies that take care of security in our company.

We could have a contractual obligation to provide your data in the case of a distance sales contract concluded with you, under which we are obliged to provide the goods or services requested by you via courier. The same applies in case you have chosen to purchase, pay for a product or service from our Site through payment, credit or banking services and to whose suppliers you personally share your data or entrust this to us. If you chose to insure a product/service during the purchase through the Site , your data is shared with the insurance companies through the order. If we install a purchased product through a subcontractor, we may provide your details to the subcontractor to perform the service/warranty service.

Our legitimate interest justifies in certain cases the provision of personal data to third parties. Such would be the situation in the case of proceedings initiated before the Commission for the Protection of Personal Data, the Commission for the Protection of Consumers and other bodies of state power. Legitimate interest exists for Manora Cosmetics and when we engage other companies and individuals to perform certain tasks on our behalf in addition to our services under data processing contracts. We would like you to always be aware of the best offers for the products/services you are interested in. In this regard, we may provide certain of your data - only with your express consent - to providers of marketing/telemarketing services and other companies with whom we may develop joint programs to market our goods and services.

Our website may also contain links to and from third party websites . If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for those policies. Please check these policies before submitting information to these websites. Our site uses YouTube LLC, represented by Google Inc. to integrate videos. Typically, when you visit an embedded video page, your IP address will be sent to YouTube and cookies will be installed on your device. However, our YouTube videos are integrated in extended privacy mode (in this case, YouTube is still in contact with the DoubleClick service from Google, but personal data in accordance with Google's privacy policy is not used). As a result, YouTube does not store any information about visitors unless you watch the video itself. If you click on the video, your IP address will be sent to YouTube and YouTube will know that you have watched the video. If you are logged in to YouTube through your user profile, this information will also be associated with your user profile (you can prevent this by logging out of YouTube before clicking on the video to watch it). We have no information about the possible collection and use of your data by YouTube. For more information, see YouTube's Privacy Policy at www.google.com/intl/bg/policies/privacy/ .

TO WHICH COUNTRIES WE TRANSFER YOUR PERSONAL DATA

We currently store and process your personal data in Bulgaria.

However, it is possible that some of your personal data may be transferred to entities located in the European Union or outside it, including countries for which the European Commission has not recognized an adequate level of personal data protection.

We will always take steps to ensure that any international transfer of personal data is carefully managed to protect your rights and interests. Data transfers to service providers and other third parties will always be protected by contractual obligations and, where appropriate, by other safeguards such as standard contractual clauses issued by the European Commission or certification schemes such as Privacy Shield of personal data transferred from the EU to the United States of America.

You can contact us at any time using the contact details provided at the end of the Policy to find out which countries we transfer your data to and what safeguards we apply in relation to these data transfers.

YOUR RIGHTS REGARDING YOUR PERSONAL DATA

According to the General Data Protection Regulation, you have the following rights:

Right to information

This Policy aims to inform you in detail about the processing of your personal data in connection with the processing of your personal data. When there is a risk of a breach of the security of your personal data, the administrator is obliged to notify you of the nature of the breach and what measures have been taken to remedy it, as well as whether the supervisory authority has been notified of the breach. Also, the data subject may request information regarding all recipients to whom the personal data for which correction, erasure or restriction of processing is requested has been disclosed.

Right of access

You have the right to receive confirmation as to whether your personal data is being processed, access to it and information about how it is being processed and your rights in this regard. As a subject of personal data, you have the right to request confirmation of whether your personal data is being processed and, if so, to access your data and the following information: for what purpose data is processed, what personal data, data recipients, processing period . Access requests must be made in writing/electronically and addressed to the administrator. In this case, we provide a copy of the processed personal data in electronic or other appropriate form.

Right to rectification

You have the right to correct and supplement your personal data if they are incomplete or inaccurate. For registered users, this option is also valid in the user panel on the Site. Unregistered users can obtain this information by making a request to the administrator. As a personal data subject, you have the right to request the correction or completion of your personal data that is inaccurate/out-of-date or incomplete. For this purpose, you must submit a separate request. Your request will be answered by the administrator in writing to the email address you provided.

Right to erasure (right to be forgotten) and account closure

As a subject of personal data, you have the right to "be forgotten", i.e. to request that your personal data be deleted without undue delay i.e. the controller to delete your personal data from all systems and records where it is stored, including notifying any third parties/processors of personal data to whom it has provided the data.

If you wish, you can close your account on the site at any time. This option is also valid in the user panel on the Site. After closing the account, all or part of the data is deleted. In connection with our obligations, responsibilities and requirements of the law (for example, ZEUS or ZEDEUU), it is possible for us to store certain data for a certain period (see the section above).

A deletion request can be submitted on the grounds provided for in the Regulation, incl. in the presence of any of the following grounds:

the personal data are no longer necessary for the purposes for which they were collected;
when you have withdrawn your consent;
when you have objected to the processing of personal data and there are no overriding legal grounds for the processing;
when the processing is illegal;
when the personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State that applies to the controller;
when personal data were collected in connection with the provision of information society services.

Please note that we may refuse to delete part or all of the personal data in cases where there is a substantial basis and/or legal obligation for their processing. You will be informed about this in due course. The administrator may refuse to delete the personal data on the grounds specified in the Regulation - when the processing of the specific data is for the purpose of:

to exercise the right to freedom of expression and the right to information;
to comply with a legal obligation that requires processing provided for in EU law or Member State law that applies to the Administrator or for the performance of a task in the public interest or in the exercise of official powers granted to him;
for reasons of public interest in the field of public health;
for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;
for the establishment, exercise or defense of legal claims;

Right to restriction in relation to data processing

The General Data Protection Regulation provides for the possibility to restrict the processing of your personal data if there are grounds for this provided for in it. The limitation is allowed in the following cases:

when you consider that your personal data is not accurate, in which case the limitation is for a period necessary for the administrator to verify the accuracy;
when the processing of your personal data is illegal, but you do not want them to be deleted, but you only want to limit their use;
when the administrator no longer needs your personal data for the purposes of processing, but you, as the data subject, require them for the establishment, exercise or defense of legal claims;
when you have objected to the processing pending verification of whether the controller's legitimate grounds prevail over your interests.

Right to notify third parties

If applicable, you have the right to request the Administrator of your personal data to notify the third parties, when he has provided your data, regarding the correction, deletion or restriction of the processing of your personal data.

Right to data portability

You have the right to receive the personal data concerning you that you have provided in a structured, widely used and machine-readable format and have the right to transfer this data to another controller without hindrance from us, in case the processing is based on consent or contractual obligation or the processing is carried out in an automated manner.

Important: The responsibility for the storage of data exported from the Site, as well as for all the consequences of providing them to other administrators, is entirely yours.

Right not to be subject to a decision based solely on automated processing

You have the right not to be subject to such automated processing, including profiling, which gives rise to legal consequences for you or similarly affects you to a significant extent, unless there are grounds for this provided for in the applicable personal data protection legislation and provided for adequate guarantees to protect your rights, freedoms and legitimate interests.

You have the right, at any time, to withdraw the consent you have given in connection with the processing of personal data based on your prior consent. Such withdrawal does not affect the lawfulness of the processing based on the consent given until the time of its withdrawal. In the case of services such as the subscription to e-mail announcements, for which the subscription is made on the basis of your wish (consent), the possibility of unsubscribing at any time (withdrawal of consent) is provided. In the event of withdrawal of consent, we have the right to request that the identity of the applicant be verified in order to establish the identity with the person to whom the data relates.

Right to object

You have the right to object to data processed on the basis of legitimate interest. In the event of such an objection, We will consider Your request and, if justified, We will comply with it. If we believe that there are compelling legal grounds for the processing or that it is necessary for the establishment, exercise or defense of legal claims, we will inform you of this.

Right of appeal to a supervisory authority

You have the right to lodge a complaint against our company (data controller) with the supervisory authority if you consider that the processing of personal data concerning you violates the applicable legislation on the protection of personal data. The supervisory authority in the Republic of Bulgaria is the Commission for the Protection of Personal Data with address: Sofia 1592, "Prof. Tsvetan Lazarov" No. 2, e-mail kzld@cpdp.bg , website: www.cpdp.bg , phone: 02 915 3 518.

HOW YOU CAN EXERCISE YOUR RIGHTS. PRONUNCIATION DEADLINES

You can exercise these rights free of charge at any time, by email or by request sent to the addresses indicated in the contact form on the Site or at the end of this Security Policy, and you can address your requests both to the administrator and directly to the Data Protection Officer. Requests are made in a manner that allows the identity of the requester to be identified. With respect to some rights, technical means of exercising them may be applicable, for example an unsubscribe button. In all cases, the administrator should respond to the request or rule on the exercised right to the address provided in the request, including an electronic one, within one month of its receipt.

In the event that you exercise these rights manifestly unreasonably or excessively, in particular due to their repetition, we reserve the right to impose a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the requested action, or to refuse to take action on the request. We will inform you of our fees, if applicable, before ruling on your claim.

ACCURACY OF INFORMATION

We are not responsible for the accuracy of the data you provide, we do not carry out checks in this sense and we do not guarantee the actual identity of the natural persons who provided the data. In all cases of doubt on your part, of established fraud and/or abuse, please notify us immediately. You undertake, when providing any information on the Site, not to violate the rights of other persons in connection with the protection of their personal data or their other rights.

GENERAL INFORMATION ABOUT THE POLICY

This Personal Data Policy may be changed or supplemented due to changes in the applicable Bulgarian or European legislation, at the initiative of Manora Cosmetics or a competent authority.

Manora Cosmetics will inform users of amendments or additions to this Privacy Policy by publishing the updated Privacy Policy on our website.

It is recommended that users periodically check the most current version of this Privacy Policy on the Manora Cosmetics website.

HOW WE PROTECT YOUR RIGHTS / SECURITY MEASURES

In order to ensure the best possible data protection of the company and our customers/users/co-contractors/visitors on the Site, WE apply all the necessary organizational and technical measures provided for in the General Data Protection Regulation and the Personal Data Protection Act, as well as best practices from international standards. We apply the appropriate and necessary level of protection and to this end we have developed effective physical, electronic and administrative procedures to protect the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to transmitted, stored or otherwise processed way personal data.

We store your data on secure servers using the latest encryption algorithms and guarantee the storage of backup copies.

The company has adopted the necessary rules and procedures related to the lawful processing of your personal data, incl. An action plan in the event of a data security breach, has established structures to prevent abuses and security breaches, and has designated a Data Protection Officer who supports the processes of lawful processing, protection and security of your data.

Access to your personal data is permitted only to those employees, service providers or persons related to it on the basis of the need for information for official purposes or who need it for the performance of their official duties. All employees/employees are required to be trained and accept the relevant contractual clauses/declarations/rules to comply with organizational and technical access measures before being granted access to information of any kind.

It is a principle in our structure that all employees/employees are responsible for ensuring the security of the storage of the data for which they are responsible and which we process, and that the data is stored securely and is not disclosed under any circumstances to third parties, unless we have granted such rights to that third party by entering into a confidentiality agreement/clause. In this regard, all personal data is available only to those who need it, and access can only be granted in accordance with established access control rules. All personal data is treated with the utmost security and stored:

in a private room with controlled access; and/or
in a locked cabinet to which authorized persons have access; and/or
a computerized system protected by a password in accordance with the internal requirements specified in the organizational and technical measures for controlling access to; and/or
computer media that are protected in accordance with the organizational and technical measures for controlling access to information ;

Personal data is deleted or destroyed only in accordance with internal data storage and destruction procedures.

For maximum security during processing, transfer and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, back up technology for backup copies.

We use a payment service to process payments. All payment information is encrypted using SSL technology.

When you post to forums, chat rooms or social networking services, the personal information you share is visible to other users and may be read, collected or used by them. In these cases, you are responsible for the personal information you choose to provide.

Despite the measures we implement to protect your personal data, we are aware that in general the transmission of information over the Internet or other public networks is not completely secure, and there is a risk that the data can be viewed and used by unauthorized third parties. We cannot accept responsibility for these vulnerabilities of systems that are not under our control. In the event of a data leak containing personal data, we ensure that we will comply with all applicable notification norms in such cases.

As an integral part of this Privacy Policy of individuals, Manora Cosmetics has also adopted a Cookie Policy, published and available both on the Site and on our Facebook page.

CONTACT WITH US

Questions and requests related to the exercise of the rights to protect your personal data can be sent to Manora Cosmetics through the contact form available on the Site or through one of the indicated contact forms:

DATA PROTECTION OFFICER

The responsible person for data protection is Mari Borisova.

address for correspondence: city of Varna, g.k. "Chaika", bl. 203, entry A, fl. 6, apartment 14,
contact phone: +359 888 731 599
e-mail address: office@manoracosmetics.com

Language