0748470373
Your shopping cart is empty!
Mandatory information on the rights of
individuals to personal data protection
Information related to the company processing
your data:
Name: DANINI EOOD
UIC/BULSTAT:
117614324
Headquarters
and registered address: BULGARIA
Ruse Region,
Ruse Municipality
Ruse 7001
1 HRISTO
BOTEV Blvd.
Correspondence
address: BULGARIA
Ruse
Region, Ruse Municipality
Ruse 7001
1 HRISTO
BOTEV Blvd.
Phone: 0878531704
E-mail: office@danini.ro
Website: www.danini.ro
Information
relating to the competent data protection supervisor
Name: Personal
Data Protection Commission
Headquarters
and registered address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Correspondence
address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Phone: 02
915 3 518
Website: www.cpdp.bg
DANINI EOOD
(hereinafter referred to as the "Controller" or the
"Company") carries out its activities in accordance with the Personal
Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and
of the Council of 27 April 2016 on the Protection of natural persons with
regard to the processing of personal data and on the free movement of such
data. This information is intended to inform you of all aspects of the
processing of your personal data by the Company and the rights you have in
relation to such processing.
Legal basis for your personal data collection,
processing and storage.
Art. 1. The
Controller collects and processes your personal data in connection with the use
of www.danini.ro
online store and for the purposes of contracts execution with the company on
the basis of Article 6, para 1, Regulation (ЕU) 2016/679 (GDPR), and in
particular on the following grounds:
- Explicit
consent given by you as a customer;
- Implementation
of obligations on the part of the Controller under a contract with you;
- Compliance
with a legal obligation to which the Controller is subject;
- For the
purposes of Controller’s or of another third party’s legitimate interests;
Objectives and principles in personal data
collection and processing
Art. 2. (1)
We collect and process personal data that have been made available by you in
connection with the use of the online store and the conclusion of a contract
with the company, including for the following purposes:
- creating a profile and
providing full functionality when using the online store;
- concluding and implementing a
distant contract;
- individualisation of a party
to the contract;
- accounting purposes;
- statistical purposes;
- information security
protection;
- ensuring the performance of
the related service contract;
- sending a newsletter at your
request;
(2) In
processing your personal data we comply with the following principles:
- lawfulness, fairness and
transparency;
- processing necessity
limitation;
- relevance to the purpose of
processing and minimization of data collected;
- accuracy and current relevance
of the data;
- storage limitation in order to
achieve objectives;
- integrity and confidentiality
of the processing and ensuring appropriate security of personal data.
(3) When
processing and storing personal data, the Controller may process and store
personal data in order to protect its legitimate interests: implementing its
duties to the National Revenue Agency, the Ministry of Interior and other state
and municipal authorities
Kinds of personal data that our company collects,
processes and stores
Art. 3. (1)
The company performs the following operations with the personal data provided
by you for the following purposes:
Registration
of an online store user and execution of a distance-purchase contract - the
purpose of this operation is to create an online store user account for
purchasing goods and providing contact details for delivery of purchased goods.
Registration in the online store and account creation is not a mandatory step in
service providing and it is accessible to a significant extent without account
creation.
Conclusion
of the impact assessment: Based on the impact assessment carried out, the
operation "Registration of an online store user and the execution of a
distance-purchase contract" is permissible to be carried out and provides
sufficient guarantees to protect the rights and legitimate interests of data subjects
in accordance with GDPR requirements.
Conclusion
and execution of a commercial transaction with a client or a partner - the
purpose of this operation is to conclude and execute a contract with a trading
partner or client and to ensure its administration. Given the limited scope of
personal data collected and the fact that part of it is collected from publicly
available sources, it is not necessary to carry out an impact assessment on the
operation of an impact assessment. Given the limited scope of personal data
collected and the fact that part of it is collected from publicly available
sources, it is not necessary to carry out an impact assessment on the operation
of an impact assessment.
Newsletter
sending - the purpose of this operation is the administration of newsletters
sending to customers who have requested such service. In view of the limited
scope of personal data collected and the fact that part of it is collected from
publicly accessible sources, prior to the processing, carrying out an
assessment of the impact of the envisaged processing operations on the
protection of personal data is not required.
Exercising
the right of rejection or addressing a claim - the purpose of this operation is
to administer the process of exercising the right of rejection or a claim submission
by the customer. In view of the limited scope of personal data collected and
the fact that part of it is collected from publicly accessible sources, prior
to the processing, carrying out an assessment of the impact of the envisaged
processing operations on the protection of personal data is not required.
(2) The Controller
processes the following categories of personal data and information for the
following purposes and on the following grounds:
Your
individualising data (e-mail, name, etc.)
Purpose for which data
is collected:
1) Contacting a customer and sending
information to them, 2) For online store registration purposes, and 3) Sending
a newsletter.
Grounds for
your personal data processing- General terms acceptance and registration in the
online store or placing an order without registration, or upon entering into a
written agreement between the company and you, a contractual relationship is
being established, on the basis of which we shall process your personal data
pursuant to Art. 6, para. 1, b. (b) GDPR. Your data processing for sending a
newsletter is subject to your explicit consent - Art. 6, para. 1, b. (a) GDPR.
Delivery
data (names, phone number, address, etc.)
Purpose for
which the data is collected: Fulfilment of Controller’s obligation under a purchase
agreement and delivery of the purchased goods.
Grounds for
your personal data processing- By accepting our general terms and conditions
and registering in the online store or by placing an order without
registration, or upon entering into a written agreement between the company and
you, a contractual relationship is being established on the basis of which we
process your personal data pursuant to Art. 6, para. 1, b. (b) GDPR.
Further
data provided by you – If you wish to complement your account, you may add
name, surname, phone number details.
Purpose for which the data is collected: Completing
user’s account information.
Grounds for
data processing: You have explicitly given consent to the processing of your
personal data for one or more specific purposes - 6, para. 1, b. (a) of GDPR at
the time of registration into the online store. The provision of this data is
not required for registration in the online store.
(3) The Controller
does not collect or process personal data revealing:
- racial or
ethnic origin;
-
political, religious or philosophical beliefs, membership in trade unions and
party organizations;
- genetic
and biometric data, health data, or data on sexual life or sexual orientation
of individuals.
(4) Personal
data is collected from the Controller by the data subjects.
(5) The
company does not perform an automated decision making with the data.
Art. 4. (1)
The company carries out the following operations with the personal data
provided by you as legal representatives or agents of legal entities-trading
partners for the following purposes:
Conclusion
and fulfilment of a commercial transaction: For the conclusion and fulfilment
of a commercial transaction with a trading company, we process only the full
names of the legal representative or the person authorized by the company.
Conclusion of the Impact Assessment: Given the small volume of data subjects
that are processed and in view of the limited amount of personal data
collected, an impact assessment is not necessary for the current operation.
(2) Personal
data have been collected from the Controller by data subjects and data
available with the Commercial Register to the Registry Agency.
(3) The
company does not perform an automated decision making with the data.
Art. 5. The
Controller may use the so-called "cookies" for the purpose of
providing full functionality to the website, improving user experience, for statistical
purposes, facilitated access, etc., which you agree to by using our website.
You can Control and / or delete cookies at any time using the settings of your
browser. "Cookies" are not personal data and are not used to identify
visitors and users of the online store.
Your personal data storage period
Art. 6. (1)
The Controller stores your personal data for no longer than the period of your
account existence into the online store. Upon your account deletion, the Controller
shall take the necessary care to erase and destroy all your data without undue
delay, or to anonymise them (i.e. bring them in a form that does not reveal
your personality).
(2) The Controller
processes personal data you have provided when placing an order without
registration in the online store until the order is completed, unless you have
given your explicit consent upon ordering to process your date for the purpose
of improving the service, special content provisioning, individual terms, promotions,
and for statistical purposes.
(3) The Controller
stores your personal data provided in connection with online orders for a
period of 5 years for the purposes of protecting the legitimate interests of
the Controller in court proceedings or in administrative procedures with online
store users.
(4) The Controller
shall notify you if the data retention period is to be extended with a view to
meeting a regulatory requirement or with a view to Controller’s legitimate
interests or otherwise.
(5) The Controller
stores personal data that it is required to store under the applicable
legislation for the relevant period which may exceed the life of your online
store account or until the order is completed.
Art. 7. With
a view of observing Controller’s legitimate interests and legal obligations,
the latter stores personal data of its trading partners’ legal representatives
for the duration of the contract, which may exceed the term of the contract.
Transmitting your personal data for processing
Art. 8. (1)
The Controller may, at its own discretion, transmit all or part of your
personal data to processors for the purposes of processing, subject to the
requirements of Regulation (ЕU) 2016/679 (GDPR).
(2) The Controller
notifies you in case of intent to transfer some or all of your personal data to
third countries or international organizations.
Your rights when your data is collected,
processed and stored
Withdrawal of consent to the processing of your
personal data
Art. 9. (1)
If you do not wish to have your personal data processed for marketing purposes
and newsletters receiving, you may at any time withdraw your consent to
processing by completing the withdrawal request form /Annex 1/ or by sending a request
in a free text format, and send it to us by e-mail.
(2) Once we
have received your request, we will send you a letter with detailed
instructions for your verification as a newsletters subscriber and a data
subject for whom withdrawal of consent was requested, to the e-mail you have
provided for newsletters and advertising messages.
(3)
Withdrawal of consent does not affect the lawfulness of personal data processing
which has been performed by the Controller so far.
Right of access
Art. 10.
(1) You have the right to request and obtain from the Controller a confirmation
as to whether or not your personal data is being processed by submitting a
request in a free text format by e-mail.
(2) You are
entitled to access your personal data, as well as the information, relating to
the collection, processing and storage of your personal data.
(3) Once we
have received your request, we will send you a letter with detailed
instructions for your verification as a data subject for who access has been requested
to the e-mail you used to register or place orders in the online store.
(4) Upon
verification under para. 3, the Controller provides you with a copy of your
personal data undergoing processing in an electronic or other appropriate form
upon request.
(5) Providing
access to the data is free of charge, but the Controller reserves its right to
impose an administrative fee in the event of recurrence or excessive requests.
Right to rectification or completion
Art. 11.
(1) You may rectify any incorrect data or complete any missing personal data at
any time by using the option „Editing profile details“.
(2) You may
rectify or complete any inaccurate or incomplete personal data relating to you
directly through your website account or by sending a request to the Controller
by e-mail using the form in Annex 4 or by submitting a request in a free text
format.
Right to erasure (‘right to be forgotten’)
Art. 12.
(1) You are entitled to request from the Collector to delete any or all
personal data related to you and the Controller shall have the obligation to
erase personal data without undue delay where one of the following grounds is
present:
- the
personal data are no longer necessary in relation to the purposes for which
they were collected or otherwise processed;
- you
withdraw your consent on which the processing of the data is based and no other
legal basis for the processing exists;
- you
object to the processing of the personal data relating to you, including for
direct marketing purposes, and there are no overriding legitimate grounds for
the processing;
- the
personal data have been unlawfully processed;
- the
personal data have to be erased for compliance with a legal obligation in Union
or Member State law to which the Controller is subject;
- the
personal data have been collected in relation to the offer of information
society services.
(2) The
Collector is not obliged to delete personal data if it stores and processes it:
- for
exercising the right of freedom of expression and information;
- for compliance
with a legal obligation which requires processing by Union or Member State law
to which the Controller is subject or for the performance of a task carried out
in the public interest or in the exercise of official authority vested in the
controller;
- for
reasons of public interest in the area of public health;
- for
archiving purposes in the public interest, scientific or historical research
purposes or statistical purposes;
- for the
establishment, exercise or protection of legal claims.
(3) In order
to exercise your right to be “forgotten”, you should send an e-mail requesting
your personal data that is being processed by the Administrator to be deleted
by completing the form in the Annex 2 or by submitting a request in a free text
format; then, the Controller will send you to the e-mail address you have used
as an online store user or a data subject for who erasure has been requested a letter
with detailed instructions.
(4) Once we
have verified the identity of the person making the request and the person to
whom the data relate in accordance with your instructions, we will delete all
data we process for you in accordance with para. 3.
(5) If
there is an order placed by you which is currently processed, the earliest
point at which you may want to be "forgotten" is when your order is
successfully completed.
Right to restriction of processing
Art. 13. You
are entitled to request from the Controller restriction of your data processing
by e-mailing a request in a free text format, where one of the following
applies:
- you
contest the accuracy of personal data for a period or a period enabling the
Controller to verify the accuracy of the personal data;
- the
processing is unlawful and you oppose the erasure of the personal data and
request the restriction of their use instead;
- the
Controller no longer needs the personal data for the purposes of the
processing, but you require it in order to establish, exercise or protect your
legal claims;
- you have
objected to processing pending the verification whether the legitimate grounds
of the controller override those of your interests.
(2) Once we
receive your request, you will be e-mailed to the address you have used to
register or place orders in online store a letter with detailed instructions
for your verification as user and a data subject for whom restriction of
processing is requested.
(3) After
the verification under para. 2, the Company will stop processing your data, but
will not remove posts made by you in the online store, if any.
Right to data portability
Art. 14.
(1) If you have consented to the processing of your personal data or the
processing is necessary for the execution of the agreement with the Controller,
or if your data is processed in an automated manner, you may:
- ask the Controller
to provide you with your personal data in a machine-readable format and transmit
those data to another Controller;
- ask the
Controller to directly transmit your personal data from one controller to
another, where it is technically feasible.
(2) You may
exercise the right of portability by sending us by e-mail a completed form
according to Annex 3 or a request in a free text format, after which the
Controller will send you by using the e-mail address you have used to register
or place orders in the online store detailed instructions for your verification
as a shop user and a data subject for which a request for portability is
requested.
(3) Following
verification under para. 2, the company sends the data it processes for you in
XML format to the e-mail you specify.
Right to receive information
Art. 15. You
may request the Controller to inform you of all recipients whose personal data
for which rectification, deletion or processing limitation was requested has
been disclosed. The administrator may refuse to provide this information if
this would not be possible or would require disproportionate effort.
Right to object
Art. 16. You
have the right to object at any time to processing of personal data by the
Controller that relates to it, including if it is being processed for profiling
or direct marketing purposes.
Your rights upon your personal data breach
Art. 17.
(1) If the Controller detects a breach of security of your personal data that
may pose a high risk to your rights and freedoms, he shall inform you without
undue delay of the violation and of the measures taken or that are to be taken.
(2) The
Controller is not obliged to notify you if:
- has taken
appropriate technical and organizational protection measures with respect to
the data affected by the security breach;
- has
subsequently taken measures to ensure that the violation will not lead to a
high risk for your rights;
- notification
would require disproportionate efforts.
Individuals to whom your personal
information is disclosed
Art. 18.
(1) For the purpose of processing your personal data and providing the service
in its full functionality and in view of your interests, the Controller may disclose
the data to the following persons, being processors:
Data
processor : Purpose of data
processing:
Order acceptance, processing and delivery
(2) Data
processors shall comply with all legal and security requirements for the
processing and storage of your personal data.
Art. 19. The
Controller does not transfer your data to third countries.
Art. 20. In
case of violation of your rights under the above or applicable data protection
laws, you are entitled to file a complaint with the Personal Data Protection
Commission as follows:
Name: Personal
Data Protection Commission.
Headquarters
and registered address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Correspondence
address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Phone: 02
915 3 518
Website:
www.cpdp.bg
Art. 21. You
may exercise all of your rights to protect your personal data by using the forms enclosed to this information. Of
course, these forms are not mandatory and you can make your claims in any form
that contains a statement about it and identifies you as a data holder.
Art. 22. If
the consent relates to a transfer, the Collector shall describe the possible
risks related to the transfer of data to third countries in the absence of a
decision on adequate protection and appropriate remedies.
Annex № 1
withdrawal request
form
Your name*:
.........................
E-mail you
have used in the online store *: .........................
Feedback
data (e-mail)*: .........................
TO
Name: DANINI ЕООD
UIC/BULSTAT:
117614324
Headquarters
and registered address: BULGARIA
Ruse region,
Municipality of Ruse
Ruse 7001
1 HRISTO
BOTEV Blvd.
Correspondence
address: BULGARIA
Ruse
Region, Ruse Municipality
Ruse 7001
1 HRISTO
BOTEV Blvd.
Phone:
0878531704
E-mail:
office@danini.ro
Website: www.danini.ro
I hereby
withdraw my consent to process the personal data I have provided for the
purpose of receiving a newsletter, advertisement or other marketing material by
being familiar with the conditions for withdrawal of consent in accordance with
the Mandatory Information on the Rights of the Privacy of the personal data of
the online store.
In case of
your rights violation under the above or applicable data protection laws, you
have the right to file a complaint with the Personal Data Protection Commission
as follows:
Name: Personal
Data Protection Commission.
Headquarters
and registered address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Correspondence
address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Phone: 02
915 3 518
Website: www.cpdp.bg
Annex № 2
Request „to be
forgotten“ – PERSONAL DATA RELATED TO ME to be deleted
Your name*:
.........................
E-mail you
have used in the online store *: .........................
Feedback
data (e-mail)*: .........................
TO
Name: DANINI ЕООD
UIC/BULSTAT:
117614324
Headquarters
and registered address: BULGARIA
Ruse
region, Municipality of Ruse
Ruse 7001
1 HRISTO
BOTEV Blvd.
Correspondence
address: BULGARIA
Ruse
region, Municipality of Ruse
Ruse 7001
1 HRISTO
BOTEV Blvd.
Phone:
0878531704
E-mail:
office@danini.ro
Website: www.danini.ro
I hereby
request any and all personal data you collect, process and store /hold upon me/
provided by me or by third parties according to the mentioned identification to
be deleted from your databases.
I declare
that I am aware that some or all of my personal data may continue to be
processed and stored by the Controller for the purposes of performing its legal
obligations.
In case of
violation of your rights under the above or applicable data protection laws,
you have the right to file a complaint with the Personal Data Protection
Commission as follows:
Name:
Personal Data Protection Commission.
Headquarters
and registered address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Correspondence
address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Phone: 02
915 3 518
Website: www.cpdp.bg
Annex № 3
request for personal
data portability
Your name*:
.........................
E-mail you
have used in the online store *: .........................
Feedback
data (e-mail)*: .........................
TO
Name: DANINI ЕООD
UIC/BULSTAT:
117614324
Headquarters
and registered address: BULGARIA
Ruse
region, Municipality of Ruse
Ruse 7001
1 HRISTO
BOTEV Blvd.
Correspondence
address: BULGARIA
Ruse
Region, Ruse Municipality
Ruse 7001
1 HRISTO
BOTEV Blvd.
Phone:
0878531704
E-mail:
office@danini.ro
Website: www.danini.ro
I hereby
request all personal data relating to me that is collected, processed and
stored in your databases be sent in XML format to:
E-mail:
.........................
Controller
receiving data: .........................
Name:
.........................
Identification
number (UIC, BULSTAT, registration number in PDPC): .........................
E-mail:
.........................
In case of
violation of your rights under the above or applicable data protection laws,
you have the right to file a complaint with the Personal Data Protection
Commission as follows:
Name:
Personal Data Protection Commission.
Headquarters
and registered address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Correspondence
address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Phone: 02
915 3 518
Website: www.cpdp.bg
Annex № 4
PERSONAL
DATA RECTIFICATION REQUEST
REQUEST FOR
PERSONAL DATA PORTABILITY
Your name*:
.........................
E-mail you
have used in the online store *: .........................
Feedback
data (e-mail)*: .........................
TO
Name: DANINI ЕООD
UIC/BULSTAT:
117614324
Headquarters
and registered address: BULGARIA
Ruse
Region, Ruse Municipality
Ruse 7001
1 HRISTO
BOTEV Blvd.
Correspondence
address: BULGARIA
Ruse Region,
Ruse Municipality
Ruse 7001
1 HRISTO
BOTEV Blvd.
Phone:
0878531704
E-mail:
office@danini.ro
Website: www.danini.ro
I hereby
request the following personal data you collect, process and store /hold upon
me/ provided by me or by third parties, be rectified as follows:
&l
Information
Customer Service
My Account
Find us
Danini © 2023