CONFIDENTIALITY POLICY IN RELATION TO THE PROCESSING OF PERSONAL DATA
What is covered by these Privacy Policies and on what legal basis? Since 25 May 2018 Bulgaria has been applying the General Data Protection Regulation (GDPR). It is received by the European Union and aims to align the EU Member States’ policies on the collection and use of personal data. Another goal is to guarantee our right to privacy, to protect our personal data in order to provide more security against misuse of the personal information of each of us. The new regulation comes with a number of requirements that Art Services Ltd applies and you can meet here. These include:
- Let you know what data we use.
- Let you know why we use them.
- Let us ask your consent to use them when we provide them with additional services such as targeted advertising, for example.
- Let’s give you the opportunity to change your consent for different purposes through this site to have more freedom.
- We guarantee you the right to ask for your data to be corrected, erased, and “forgotten”. In addition, we may provide you with the downloads or transfer them if you know and identify us in the appropriate ways.
- Specify all third parties / other companies with whom we share your data. Keep in mind that the internet is a global network, we often use standardized services to log in and track anonymized behavior, such as Google Analytics.
All data that can be identified by a user is considered to be personal data. These can be email, names, mobile phone, home address, IP address.
What data do we collect from our registered users?
Art Services Ltd collects from the users of the websites from their portfolio specific data from their registrations in order to analyze the behavior of their users as well as to provide them with more relevant content and advertisements, namely the following categories of personal data:
From www.artservicebg.com – email address for receipt of invoice and warranty card, IP address, as well as phone number, address for receipt of the shipment, as well as other personal data that are not mandatory for the user to provide upon registration, email address to receive email marketing;
Data collected for all visitors to our websites:
On all websites in our portfolio we collect data for all visitors – registered users and visitors without registration, namely the following categories of data:
– IP address
– User identifier with high degree of uniqueness;
-Device ID for mobile applications with a high degree of uniqueness;
-Browser ID with a high degree of uniqueness;
-History of pages visited, including duplication, to identify your preferences for certain content types;
-History of your searches on our pages
-Some types of behavior – e.g. a list of reviewed ads by their category and their interaction with them – ad availability on the visible part of your browser clicks and more.
-Tracking sections of the sites you visit
-How long you spend on a site;
-How long you watch a video
-The ads you’ve seen and / or interact with;
-When you visit our sites and sites of our partners serving our java scripts and more.
- woodmart_popup_*: visitor’s choice to close a promo popup window.
- woodmart_shown_pages: number of visited pages for the promo popup window if this option is turned on.
- woodmart_cookies_*: visitor’s choice to close a cookie notice.
- woodmart_tb_banner_*: visitor’s choice to close a top bar shop banner.
- woodmart_wishlist_hash: visitor’s wishlist content hash. It is required to update the number of wishlist items in the header.
- woodmart_items_in_wishlist: stores items in the wishlist
- shop_per_page: visitor’s choice for a number of products per page
- shop_per_row: visitor’s choice for a number of columns per row on the shop page
- shop_view: shop page view – grid or list
Who we share and disclose your personal information?
Sometimes we record some of our information on our servers or send it to third parties. This is necessary in order to be able to provide you with the best experience when using our services and sometimes – and at all times so that we can provide availability and accessibility of the service you use.
Art Services Ltd. does not give any right to use, sell, disclose or share information about you (personal data in the sense of GDPR) with others or with unrelated companies except where necessary to provide you with services you have requested and when you have granted your permission or in any of the following hypotheses:
The information is provided to trusted partners who work on the assignment of Art Services Ltd. on the basis of contractual relations and confidential agreements. However, these companies do not have the right to share this information on their own. These companies are, but not limited to:
- Google with their products: Google Analytics, Google Tag Manager, DoubleClick for Publishers, AdX, AdSense, Google Case, Google IMA, Google Plus: https://privacy.google.com/# ;
- Facebook with their products: Facebook Tracking Pixel, Facebook Tools – Plug-in “like” button, Sign in with Facebook profile и др.: https://www.facebook.com/privacy/explanation ;
- Mail Chimp: https://mailchimp.com/legal/privacy/ ;
- Twitter widgets: https://twitter.com/en/privacy ;
- Cloudflare CDN;
- Open Graph;
- Instagram: https://help.instagram.com/155833707900388;
- Pinterest: https://policy.pinterest.com/en/privacy-policy.
The information is in compliance with the lawful prescriptions of court orders on legitimate requests by authorized authorities (by virtue of the Electronic Communications Act, Criminal Procedure Code, Criminal Code, etc.).
If you do not wish to send the information to any of our partners, you may withdraw your consent here.
Protection of information
When we store the information with us, it is physically stored on our own servers, collocated in data storage centers on the territory of the Republic of Bulgaria. When selecting our partners for server colocation, we perform a detailed verification of their certification by requiring, for example, meeting the following industry standards:
ISO / IEC 27001: 2013 Information Security Certification PCI DSS 3.2 compliance (chapter 9 and 12) ISO 9001: 2008 ISO 27001: 2013 BS OHSAS 18001: 2007
Covering these standards ensures maximum data security for our users. We restrict access to information for you by employees acting under the direction of Art Services EE except in cases where there are reasonable grounds for dealing with that information in order to provide you with services or in connection with the work performed by these employees. We have physical, electronic and procedural safeguards that comply with our legal obligations to protect your information.
Some of our partners may transfer data outside the EEA when there is a solution to an adequate level of protection, for example in the case of the EU-US Privacy Shield. For more information, please refer to our partners’ privacy policies.
How long we store the information
Data storage continues as long as we have a basis for its storage. For example, our user has given our consent to collect and process information about it.
We apply the following deadlines for storing the different types of personal data according to their purpose, namely:
For the purpose of measuring the user behavior of the sites in our portfolio – according to the period of validity of the registration of the respective cookie;
For behavioral targeting purposes – no more than 1 (one) year.
With regard to traffic data, the Electronic Communications Act applies and the data is stored within 6 months. Such data shall be transmitted to the specialized bodies and institutions only in accordance with legal provisions and with due cause.
Data subjects’ rights according to GDPR
Right of access to your personal data: You have the right to receive confirmation from us whether personal data are processed for you and, if this is the case, you have the right to access personal data and information.
Right to Personal Data Correction: If you find that the personal data we process for you is inaccurate, you are entitled to cause us to correct this personal data.
Right to delete personal data (the right to be forgotten): in certain circumstances, such as if your personal data has been processed unlawfully or you have withdrawn your consent (if personal data processing is based on consent), you may request and receive delete your personal data from us.
Restriction of processing: In certain circumstances, such as if you have doubts about the accuracy of your personal data or have objected to our legitimate purpose for processing your personal data, you may request that we restrict the processing of your personal data until it is found solution.
Right of objection to processing: in certain circumstances, such as if you have a legitimate interest in processing your personal data, you have the right to object, for reasons related to your particular situation, to such processing.
Right of data portability: If your personal data is processed by automatic means with your consent or in order to perform our contractual relations, you may request that we provide you with your personal data in a machine readable format for transfer to another data controller.
Right to file a complaint with a control body: You have the right to file a complaint regarding the processing of your personal data by us at the relevant control body.
Administrator: Art Service EIC 130749946, 6 Trapezitsa Str., 1000 Sofia, Bulgaria, tel. +359 894 601 650 / Data Protection Officer: Ivan Ilchev; email: email@example.com