Privacy policy and protection of personal data
This Privacy and Personal Data Protection Policy aims to clarify what data we collect about you and how we process it when you use our website, various functions of our online store and when you physically or telephone contact our store network.
When collecting this information, we act as a data controller and are required by law – General Data Protection Regulation (Regulation (EU) 2016/679) to provide you with information about us, how we use your data and your rights, that you have on them.
Who are we and how to contact us?
We are Aromatics Premium Ltd. Our address is the city of Sofia, Rodopski Izvor izvor bl. 234 entrance In app. 9. You can contact us at our postal address listed above, by e-mail at premiumaromatix@gmail.com or by telephone at +359 893 655 563.
We are not required to have a data protection officer, so all inquiries regarding the use of your personal data should be addressed to the above contact details.
How do we use your information?
When you use our website
When you visit our website to view our products and services and learn about the information we provide, we use a number of cookies to provide website functionality, to collect useful information about visitors and to improve the user experience. Some of the cookies we use are absolutely necessary for our website to function and we do not ask for your consent to send them to your computer. These are usually “cookies” related to identification of the language in which the site needs to be loaded, the resolution of the screen being used, for dynamic readjustment according to the operating system, browser and end device used, as well as for the security of visitors and protecting our systems that process requests in your and our interest. For these cookies, which are useful but not absolutely necessary, we will always ask for your consent before sending them. Our page may also transmit cookies from external service providers such as Facebook, Google, doubleclick and others in order to provide specialized content, link to your social media profile and measure your interest in our and third party products. We monitor and ensure that the exchange of data does not in any way affect the freedom and privacy rights of our users and we have reduced the processing of this data to a minimum. You can review the privacy policies of the third parties here: https://www.facebook.com/about/privacy; https://policies.google.com/privacy
We separately maintain a log of visitors’ IP addresses in view of our legitimate interest in providing accountability and protection to our valued users and protection from malicious actions by third parties. We keep this data within 2 months in electronic form as the data is used only by our company and may be disclosed to external IT consulting firms or upon legal request by public authorities. We do not share the collected information for direct marketing purposes or in non-EU countries.
When you register and make a purchase request in our online store
When you register as a customer in our online store, we provide you with the option to use your Facebook account to save you re-entering data. If you prefer to have a separate registration with us, we require that you provide us with your names, address for delivery of goods and services and issuance of official documents and e-mail and telephone, as well as choose a secret password to access your profile. We may send you an email to confirm your registration. We require this data in view of our contractual and renegotiated relationship with you in connection with order processing, including acceptance, validation, dispatch and invoicing of the same; resolving issues related to order cancellations or any other issues related to orders, goods or services purchased. Also, this data is needed by the legal requirement to provide you with the opportunity to return orders and in cases of refunds.
In the process of our commercial relationship, our system will build a profile for you based on the realized turnover and automatically or in certain cases manually register you to receive additional discounts and privileges. The reverse scenario is also possible where we experience difficulty in collecting our obligations and/or find our relationship with you to be incompatible, in which case your account access may be terminated automatically or you may receive further information by e-mail or telephone as per the individual case. This process is dictated by our legitimate interest in providing the best possible conditions for our customers and protecting our commercial interests. The data that is collected and processed in the course of this process is used only within our company and may be disclosed to external consultants involved in the maintenance of the service, upon legal request by public authorities, courier or postal service providers or banking and payment institutions. The data is never sent outside the Republic of Bulgaria and is not used for direct marketing purposes. Such disclosure of data is carried out only if there is a valid reason for this and based on a written agreement that the recipients provide an adequate level of protection of the disclosed data and conditions of confidentiality. We store the request data for the period of our relationship with you, after which it is securely archived for another year, after which we delete it in accordance with the statutory procedure. We provide the opportunity for each user to delete all personal data that he has generated in our online store by doing so in his user profile.
When you sign up to receive our newsletter or sales information
When you sign up to receive our newsletter, we ask for your first and last name and email address. We will separately ask for your consent to use your name and email address to send you an email with our newsletter that contains personalized and other general information that we think may be of interest to you or goods for which we have set new, more attractive prices . You can withdraw your consent at any time and very easily and we will stop sending you the newsletter. You can do this by completing the data subject rights form on our site and sending it to us at the above address.
We do not use the information you provide to make automatic decisions, but we compile a profile based on the information you provide and offer you a personalized newsletter to best meet your needs. The collected data is used only and only according to the terms of your consent and for the legitimate purposes of its collection within our company and may be disclosed to an external consulting firm engaged in the maintenance of the systems under conditions of strict confidentiality. The data is not provided for marketing or telemarketing purposes to third parties and is not involved in international transfers.
We store your personal data while we distribute our newsletter and until you withdraw your consent to receive it or wish to exercise some or all of the rights regarding your personal data granted to you by Regulation (EU) 2016/679) .
When you submit a review about us or our product
We only allow registered users to comment section under our products. We use this information to provide independent opinions about our products and services to potential customers. Your name and the content of the review (but not your email address or IP address) may be publicly displayed on our website. We will do this based on our legitimate interest in marketing our products and services. Your data is not shared with third parties and/or provided in any form.
We do not use the information you provide to make automatic decisions except in cases of use of rude and/or offensive expressions. We do not compile a profile and do not interfere with the originality of submitted opinions. Your personal data is stored while we sell the product or services to which the review relates, after which it is automatically deleted. You can ask us to remove your review at any time by using the contacts above or by completing the online data subject rights exercise form available on our website.
When you visit or call our location from the warehouse or store network
When you make an inquiry about goods or services at our store or warehouse in our store network, which is published on the front page of our site, we will ask for your names, telephone or e-mail address, as well as a physical address, in case you wish to deliver goods or issue you a customer card with preferential conditions. If you wish to enter into a contract for the supply of goods and services with us, we will inform you of the details of our terms and policies and may ask you for additional information. These data are necessary to satisfy the legal requirements (GDPR) and contractual and pre-agreed relations with you. When visiting our facility, you may be filmed by technical means of video surveillance. We do this for your and our security and for security purposes. We will inform you appropriately, through information boards, of the areas with active video surveillance and provide you with the opportunity to make contact with us without being the subject of video recording.
In cases where deferred payments or special financial relationships are negotiated for the purposes of concluding a contract, your data may become subject to non-automatic decision-making and/or profiling. We will necessarily explain the details of this procedure to you and give you the opportunity to raise an objection before we have processed data regarding your person in conditions of absence of violation of your rights and freedoms. These actions are required in connection with our legitimate interest in ensuring payment for goods and services provided. The collected data is used only and exclusively for the legal purposes of their collection, and may be disclosed to consulting firms, banking institutions, insurance agencies, appraisers, postal or courier companies. Such disclosure of data is carried out only in the presence of a valid reason for this and on the basis of a written agreement that the recipients provide an adequate level of protection of the disclosed data. International transfers of this data are impossible.
We store the data for the duration of the established contract or another legally required period (whichever period is longer). Video surveillance recordings are kept for 30 days and you can get a copy of the recording if it is technically possible without infringing the rights and freedoms of other natural persons. After these periods expire, we delete the data with a procedure according to the legal requirements. Any data that we identify as unsolicited or beyond the specified purposes and legal requirements will be returned to the sender or deleted without delay, and in any such act we have the obligation to notify you.
How do we ensure the security of your personal data?
The data is processed and stored in our own server systems located in the data centers of our suppliers, with whom we have maintenance contracts, in which we have set special requirements regarding data security. “Next-generation firewalls” with anti-leakage protection features ensure resilience against third-party abuse. We guarantee the security of personal data by applying appropriate technical and organizational measures in compliance with available standards and using up-to-date versions of point-to-point encryption protocols, secure backup copies in at least two physical locations and regulated access to the premises where personal data is stored data in electronic and paper form. We conduct a resiliency test of the entire ecosystem every three months with the help of experts who monitor for newly generated risk and issue control prescriptions.
About children and special categories of data
We do not collect data on children (the age limit is defined in the Act) and we do not process special categories of data or profiles for them. If you are under the age limit, please do not use our services and do not provide us with any personal data. If you are the parent of a child under the age limit and you are aware that your child has provided personal data, please contact us at the addresses provided. If we find that we have collected the personal data of children, we will take reasonable steps to delete the personal data.
Your rights as a data subject
By law, you can ask us what information we have about you and you can ask us to correct it if it is inaccurate.
We can provide you with a copy of all information within the scope of your personal data in a machine-readable form so that you can transfer it without difficulty to another company.
If we process your personal data collected and processed with your express and registered consent or according to a legitimate interest, you can request that your data be deleted, withdraw your consent or object to our legitimate interest in processing.
You have the right to ask us to stop using your data for a period of time if you believe we are not doing so lawfully.
To make a request regarding your personal data by email, post or telephone, please use the contact information provided above in the “Who are we” section of this policy or complete the online data subject exercise form at data which is available on our website. We will assist you at every stage of the exercise of your rights as data subjects in the shortest possible time and never longer than thirty calendar days.
We can usually generate a response within 20 days of a registered request. If a longer period is objectively necessary – in order to collect all the requested data and this seriously complicates our activity, this period can be extended up to thirty days. With our decision, we grant or deny access to the information requested by the requester, but we always give reasons for our response. In the event that you are not satisfied with our answer and all other means of finding a solution have been exhausted, you have the right to submit a complaint to the competent national supervisory authority for data protection CPLD, at the address “Prof. Tsvetan Lazarov” No. 2, Sofia or by phone 02/91-53-518 and e-mail kzld@cpdp.bg or to a regulatory authority within the EU.
Updates to this privacy policy
We regularly review and, if necessary, update this privacy and data protection policy. If we want to use your personal data in a way that we have not previously identified, we will contact you to provide information about this and, if necessary, ask for your consent.
We will update the version number and date of this document whenever it is changed. This Privacy Policy was last updated on 31.08.2023.
Your personal data will be provided to “Econt Express” EOOD and “Speedy” AD for delivery purposes.