Privacy Policy

Privacy Policy

 

Information about the data processor:

"Ray Trading" EOOD, is a company registered in the Commercial Register of the Registry Agency with UIC 205462774, with headquarters and address of management: 36, “Bacho Kiro” Street, Tel: 359887745831, e-mail: info@ray.clothing

What do we use your information for?

Any information we collect from you may be used in one of the following ways.

● To perform a contract between you and us in order to fulfill our obligations under it;

● Your explicit agreement - the purpose is stated on a case-by-case basis;

● Subject to a statutory obligation;

In the following paragraphs, you will find detailed information about the data processing of your personal information, depending on the reason we process it.

(reason 1)TO PERFORM THE CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS

We process your personal data in order to perform the contractual and pre-contractual obligations and to use the rights under the contracts concluded with you.

 

Processing purposes:

● to identify you

● to manage and execute your request and execute a contract;

● to prepare an offer for conclusion of a contract;

● to prepare and send a receipt / invoice for the services you use with us;

● to provide you with the full service required and to collect the due amounts for the services used;

● to keep correspondence in relation to orders placed, query processing, problem reporting, and more;

● to send you information related to  the services you use with us;

●to  analyse   client history;

to Identify and / or prevent illegal actions or actions inconsistent with our terms of service;

Data we process for this reason (reason 1):

Based on the agreement between you and us, we process information about the type and content of the contractual relationship as well as any other information related to the contractual relationship, including:

● personal contact data- contact address, email, phone number;

● identification data – full name;

orders history data;

● identify and / or prevent illeagal actions or actions in contradictions with our terms of service;

● Correspondence related to the entire service - emails, letters, information about your requests for troubleshooting, requests, complaints, feedback we receive from you;

● Information by credit or debit card reference number, bank account number or other bank and payment information related to the payments you have made;

o other information such as:

● Client number, code, or other identifier created for identification.

● IP address when visiting our website;

● Demographics data

● Social Network Account Details

● Information from your actions on our website

The processing of the personal data we provide is obligatory for us to be able to conclude the contract with you and execute it. Without providing us with the above information, we will not be able to fulfill our contractual obligations.

 

We provide personal data to third parties;

We provide your personal information to third parties, and our main purpose is to offer you quality, fast and complex service. We do not provide your personal data to third parties before assure that all technical and organizational actions are taken to protect this data by striving strict controls to meet this goal. In this case, we remain responsible for the confidentiality and security of your data.

We provide personal data to the following categories of recipients (personal data controllers):

● postal offices and courier companies;

● persons who operates and support equipment, software and hardware used for the processing of personal data and necessary for the activity of our company

● Persons performing consultancy services in different spheres.

 

When do we delete the collected data?

We delete the data 5 years after termination of the contractual relationship, whether due to expiration of the contract, termination or other grounds. The deadline is set by the 5-year limitation period for any possible claims under the contract.

 

(reason 2)FOR THE IMPLEMENTATION OF REGULATORY OBLIGATIONS

We may share your personal information as follows for legal, protection, sequrity and safety purposes:

 To comply with obligations under the Law on Measures against Money Laundering;

  To comply with obligations in relation to distance selling, off-site sales provided by the Consumer Protection Act;

 To frovide information to the Commission for the protection of consumers or third parties provided in the Consumer Protection Act;

● Providing information to the Commission for the protection of personal data in relation to obligations provided by the Regulatory on the protection of personal data;

● Obligations provided in the Accountancy Act and the Tax and Social Insurance Procedure Code and other related normative acts in relation to the keeping of legal accounting;

● Providing information to the court and third parties, in court proceedings, in accordance with the requirements of the normative acts applicable to the normative acts;

● Age authentication when shopping online.

When do we delete personal data, collected for regulatory obligations:

We delete the data once the collection and storage obligation is finished or ceased. For example:

● under the Accounting Law or the storage and processing of accounting data (11 years),

● obligations to provide information to the court, competent state authorities, etc. grounds provided by current legislation (5 years).

 

We provide personal data to third parties;

When we are required to do so by law, we may provide your personal data to the competent governmental authority, a person or company.

 

(reason 3)AFTER YOU AGREE (Consent)

We process your personal data on this ground only after your explicit, unambiguous and voluntary consent on your part. We will not anticipate any unfavorable consequences for you if you refuse the process of your personal data.

Consent is a separate ground for the processing of your personal data and the purpose of the processing is specified herein and is not covered by the objectives listed in this policy. If you give us the appropriate consent and until we withdraw or terminate any contractual relationship with you, we prepare appropriate products / services for you by performing detailed analyzes of your basic personal data;

Detailed analytics is a method of performing an analysis that allows the processing of large data through statistical models and algorithms and others that include the use of personal data as well as the processes of pseudonymization and anonymisation them to retrieve information about trends and different statistical indicators.

Data we process on this ground (ground 3):

We process only the data for which you have given us your explicit consent. Specific data is determined for each individual case. Usually, this data is email, phone, address, and name.

We provide personal data to third parties:

We may provide your data to marketing agencies, Facebook, Google, Mailchimp, or similar.

Withdrawal of consent

Submitted consents may be withdrawal at any time. Withdrawal of consent will not affect the performance of contractual obligations. If you withdraw your consent for processing of personal data for any or all of the ways described above, we will not use your personal data and information for the purposes above. The withdrawal of consent does not affect the lawfulness of the processing your data, based on consent prior to its withdrawal. To withdraw your consent, you only need to use our website or simply contact us.

When do we delete personal data, collected from your consent:

We delete it at your request or 12 months after their initial collection.

 

PROCESSING OF ANONYMOUS DATA

We process your data for statistical purposes, this means for analyzes where the results are only generalized and therefore the data is anonymous.Identifying a specific person from this information is impossible.

Your data can also be anonymized. Anonymisation is an alternative way for deleting the data. In anonymization, any personal identifiable elements / elements that allow you to identify yourself, are deleted irreversible. Anonymized data is not legally obligatory for deleting because it does not constitute personal data.

Why and how we use automated algorithms

For the processing of your personal data, we use partially automated algorithms and methods, for constantly improving our products and services to adapt our products and services to your needs in the best possible way. This process is called profiling.

How we protect your personal data

To ensure adequate data protection for the company and its customers, we apply all necessary organizational and technical measures provided in the Personal Data Protection Act.

The company has established rules to prevent abuse and security breaches.

For the sake of maximum security when processing, transferring and storing your data, we may use additional security mechanisms such as encryption, pseudonymisation, and more.

Personal data we have received from third parties

Marketing Agencies, Facebook, Google, Mailchimp or others.

 

Consumer Rights

Every User of our website use all protection rights of personal data provided in accordance with Bulgarian and European Union law.

The user can apply their rights through the contact form or by sending a message to our email.

Customer’s rights:

● Awareness (related with the processing of your personal data by the administrator);

● Access to your own personal data;

● Rectification (if data is incorrect);

● Erase personal data (right to “be forgotten”);

● Restriction of processing by the administrator or the processor of personal data;

● Portability of personal data between separate administrators;

● Objection to the processing of his or her personal data;

● The data subject (customer) has also the right not be the subject of a decision based only on automated processing, which includes profiling that produces legal consequences for the data subject or similarly significant affects;

● Right to protect by court of law or administrative act, if the rights of the data subject have been violated.

The user may request Deleting if one of the following conditions is at presence:

● Personal data is no longer needed for the purposes for which it was collected or otherwise processed;

● The data subject withdraws his or her consent on which the data processing is based and there is no other legal basis for the processing;

● The data subject objects to the processing and there are no legal processing grounds that have an advantage;

● Personal data has been unlawfully processed;

● The personal data must be deleted in order to comply with a legal obligation under the European Union law or the law of a Member State, that applies to the administrator;

● Personal data has been collected in relation to the provisioned services of the information society of children and the agreement is given by the person having parental responsibility for the child.

The user is entitled to restrict the processing of his personal data by the administrator when:

● Opposes the accuracy of personal data. In this case, the restriction of the processing is for a period that allows the controller to verify the accuracy of the personal data;

● Processing is illegal, but the User does not wish to erase the personal data, instead requires a restriction of their use;

● The administrator no longer requires personal data for the purposes of processing, but the User requires them to proof, exercise or protect legal claims;

●The data subject has objected to the processing pending verification whether the administrator's legal grounds have an advantage over theinterests of the data subject.

 

 

Right to data portability

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where where the processing is based on consent or a contractual obligation and the processing is done in an automated manner. When exercising its right to data portability, the data subject is also entitled to receive a direct transfer of personal data from one administrator to another when technically feasible.

 

Right of objection.

Users have the right to object to the controller against the processing of their personal data. The Personal Data Administrator is required to discontinue the processing unless he can prove that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject or for the establishment, exercise or protection of legal claims. In case of objection to the processing of personal data for the purposes of direct marketing, the processing should be terminated immediately.

 

Appeal to the supervisory authority

Each User has the right to file a complaint against the unlawful processing of his personal data with the Personal Data Protection Commission or the competent court.

 

Keep a registry

We keep a record of the processing activities for which we respond. This registry contains all of the following information:

● Name and contact details of the administrator

● Targets of processing;

● Description of categories of data subjects and categories of personal data;

● The categories of recipients to whom personal information is or will be disclosed,

● Including recipients in third countries or international organizations;

● Whenever possible, the deadlines for deleting the different categories of data;

● Where possible, a general description of the technical and organizational security measures