Login

Country

Language

Cart

Your cart is empty

Personal data protection

PRIVACY POLICY

The protection of personal data is of great importance to Vintage Summer Ltd. and we want the process of processing your personal data to be completely open and transparent to you. That is why we have a policy that sets out how your personal data will be processed and protected.

The legal framework regarding the protection of your data changed on May 25, 2018, when the General Data Protection Regulation (GDPR) came into effect in the European Union.

Who is responsible for your personal data?

Vintage Summer Ltd., UIC 203592872, with registered office and management address: Sofia 1330, Rumyana Str., bl. 22, ent. A, apt. 12, will administer the personal data you provide to us and is responsible for them, in accordance with the applicable personal data protection law.

VAT registration number: BG 203592872

Grounds for collecting, processing and storing your personal data

The administrator collects and processes your personal data in connection with the use of the online store vintagesummerfashion.com, concluding contracts with the company on the basis of Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following basis:

  • Explicit consent received from you as a customer;
  • Fulfillment of the Administrator's obligations under a contract with you;
  • Compliance with a legal obligation applicable to the Administrator;
  • For the purposes of the legitimate interests of the Administrator or a third party.

Purposes and principles for collecting, processing and storing your personal data

(1) We collect and process the personal data that you provide to us in connection with the use of the online store vintagesummerfashion.com and the conclusion of a contract with the company, including for the following purposes:

  • creating a profile and providing full functionality when using the online store;
  • placing orders and purchasing goods;
  • individualization of a party to the contract;
  • accounting purposes;
  • statistical purposes;
  • information security protection;
  • ensuring the implementation of the contract for the provision of the relevant service;
  • participation in events and bazaars organized by the company;
  • participation in games, raffles, advertising campaigns;
  • sending a newsletter if you express your wish.

(2) We adhere to the following principles when processing your personal data:

  • legality, good faith and transparency;
  • limitation of the purposes of processing;
  • relevance to the purposes of processing and minimization of the data collected;
  • accuracy and timeliness of data;
  • storage limitation in order to achieve the objectives;
  • integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.

(3) When processing and storing personal data, the Administrator may process and store personal data in order to protect the following legitimate interests:

  • fulfillment of its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal authorities.

 

What types of personal data do we collect, process and store:

Vintage Summer EOOD performs the following operations with the personal data you provide for the following purposes:

  • User registration in the e-shop and execution of a purchase and sale contract – the purpose of this operation is to create a profile for using the e-shop to purchase goods and receive newsletters if desired. Providing contact details for delivery of purchased goods. Given the limited scope of the personal data collected and the fact that some of them are collected from publicly available sources, conducting an impact assessment is not necessary for this operation
  • Conclusion and execution of a commercial transaction or contract with a customer – the purpose of this operation is the conclusion and execution of a contract with a commercial partner or customer and its administration. In individual cases, the purpose of the operation may also be to protect the legitimate interests of the company in the execution of the transaction. Given the limited scope of the personal data collected and the fact that some of them are collected from publicly available sources, an impact assessment is not necessary for this operation
  • Send a newsletter – the purpose of this operation is to administer the process of sending newsletters to customers who have indicated that they wish to receive them. Given the limited scope of the personal data collected and the fact that some of them are collected from publicly available sources, an impact assessment is not necessary for this operation.
  • Exercise of the right of withdrawal or making a complaint – the purpose of this operation is to administer the process of sending purchased goods to customers. Given the limited scope of the personal data collected and the fact that some of them are collected from publicly available sources, conducting an impact assessment is not necessary for this operation.
  • Registration of a participant in events and sending information or prizes – the purpose of this operation is to administer the process of registration of participants in events and games, and sending prizes from games held. Given the limited scope of the personal data collected and the fact that some of them are collected from publicly available sources, conducting an impact assessment is not necessary for this operation.
  • Request for delivery of a product that is not in stock – the purpose of this operation is to establish contact with the individual in order to request delivery of a product that is currently out of stock. Given the limited scope of the personal data collected and the fact that some of them are collected from publicly available sources, an impact assessment is not necessary for this operation.

(1) The Administrator processes the following categories of personal data and information for the following purposes and on the following grounds:

  • Registration and newsletter subscription details (names, email)
    • Purpose for which the data is collected:
      1. Establishing a connection with the user and sending information to him,
      2. for the purposes of user registration in the online store, as well as
      3. to send a newsletter.
    • Grounds for processing your personal data – By accepting the general terms and conditions and registering in the online store or placing an order without registration, or upon concluding a written contract, a contractual relationship is created between the Administrator and you, on the basis of which we process your personal data – Art. 6, para. 1, b. (b) GDPR. Your data for sending a newsletter is processed on the basis of your explicit consent – ​​Art. 6, para. 1, b. (a) GDPR.
  • Newsletter subscription details (names, email)
    • Purpose for which the data is collected:
      1. To send a newsletter.
    • Grounds for processing your personal data – Your data for sending a newsletter is processed on the basis of your explicit consent – ​​Art. 6, para. 1, b. (a) GDPR.
  • Delivery details (names, phone, e-mail, address)
    • Purpose for which the data is collected: Fulfillment of the administrator's obligations under a distance purchase and sale contract and delivery of the purchased goods, including when exercising the right to return and exchange or refuse purchased goods.
    • Grounds for processing your personal data – By accepting the general terms and conditions and registering in the e-shop or placing an order without registration, or upon concluding a written contract, a contractual relationship is created between the Administrator and you, on the basis of which we process your personal data – Art. 6, para. 1, b. (b) GDPR.
  • Data from your social media profiles (publicly available information from your Google+, Facebook, Instagram profiles)
    • Purpose for which the data is collected:
      1. Establishing a connection with the user and sending information to him,
      2. for the purposes of registering to participate in a game, raffle, campaign, etc.
    • Grounds for processing your personal data – Your data for registration in our events, games, campaigns, etc. are processed on the basis of your explicit consent – ​​Art. 6, para. 1, b. (a) GDPR
  • Financial data – bank account and payment card details;
  • Transaction Data – details of payments made by you and other details of the services you have purchased from us;
  • Marketing and communications data – Your preferences in receiving marketing messages from us, as well as your communication preferences
  • We do not collect sensitive personal data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data. We also do not collect information about criminal convictions or criminal offences.

(3) Personal data are collected by the Administrator from the persons to whom they relate.
(4) Vintage Summer EOOD does not perform automated decision-making with data.
(5) Vintage Summer EOOD does not collect and process data about persons under 16 years of age, except with the express consent of their parents or legal representatives.

  1. How do we collect your personal data?

We may collect personal information about you in the following ways:

Data that you share with us:

– Data you provide to us when you register to use our services;

– Data you share with us when you speak to us on the phone;

– Data you send to us in emails or letters to us;

– Data related to your participation in our promotions or events;

– Data you send to us in the form of feedback.

Period of storage of your personal data

(1) The Administrator stores your personal data for a period not longer than the existence of your account in the online store or until the withdrawal of consent for processing. After deleting your account or successful completion, the Administrator takes the necessary care to delete and destroy all your data without undue delay or to anonymize them (i.e. to bring them into a form that does not reveal your identity).
(2) The Administrator stores your personal data, provided in connection with online orders placed, for a period of 5 years for the purposes of protecting the Administrator's legal interests in legal or administrative disputes with users of the online store, and the accounting documents are stored for the relevant statutory period.
(3) The Administrator will notify you if the data storage period needs to be extended in order to fulfill a regulatory obligation or in order to pursue legitimate interests of the Administrator or otherwise.

The Administrator stores the personal data of the legal representatives of its business partners for the term of the contract, to comply with the legitimate interests and legal obligations of the Administrator, and this term may exceed the term of the concluded contract.

Who do we share your personal data with?

(1) The Administrator may, at its own discretion, transfer part or all of your personal data to personal data processors for the fulfillment of the processing purposes to which you have agreed, subject to the requirements of Regulation (EU) 2016/679 (GDPR).

Sometimes, in order to provide the services you have requested from us, we may share your personal information with external service providers.

We require all service providers with whom we share your data to maintain the security of your personal data and to treat it in accordance with the law. We do not permit any of our service providers to use your personal data for their own purposes and we permit them to process your personal data only for specified purposes and in accordance with our instructions.

List of personal data processors

 

Your rights in the collection, processing and storage of your personal data

Withdrawing consent to the processing of your personal data

(1) If you do not want all or part of your personal data to continue to be processed by the Company for specific or all processing purposes, you may withdraw your consent to processing at any time by filling out the form for withdrawal of consent for processing purposes or by making a free text request.
(2) The administrator may request that you verify your identity and identity with the person to whom the data relates by asking you to enter an email address and password to access the site.

(3) By withdrawing your consent to the processing of personal data that is mandatory for the creation and maintenance of an account in the online store, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or make a new registration.
(4) If there is an order placed by you that is in the process of being processed, the earliest point at which you can withdraw your consent to processing is upon successful completion of the order. Also, if you have an outstanding debt to Vintage Summer EOOD, regardless of the payment method, if you are suspected of abuse or have abused our services in the last four years, your debt has been sold to a third party in the last three years or one year for deceased customers, your credit application has been rejected in the last three months, if you have made a purchase, we will retain your personal data in connection with your transaction according to accounting rules.

Form for withdrawing consent for processing purposes

Right of access

Art. 9. (1) You have the right to request and receive from the Administrator confirmation as to whether personal data relating to you are being processed, and if you are a registered user, you can at any time view in your profile the personal data that you have provided and are being processed for you.
(2) You have the right to access the data relating to you, as well as the information relating to the collection, processing and storage of your personal data.
(3) The administrator provides you, upon request, with a copy of the processed personal data relating to you, in electronic or other appropriate form.
(4) Providing access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repetitive or excessive requests.

Right to correction or completion

Art. 10. You may correct or complete inaccurate or incomplete personal data relating to you directly through your profile on the website or by sending a request to the Administrator.

Request for correction of data

Right to erasure ("to be forgotten")

Art. 11. (1) You have the right to request from the Administrator the deletion of part or all of your personal data, and the Administrator has the obligation to delete them without undue delay where any of the following grounds apply:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • You withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
  • You object to the processing of personal data relating to you, including for direct marketing purposes, and there are no overriding legal grounds for the processing;
  • the personal data has been processed unlawfully;
  • the personal data must be erased for compliance with a legal obligation under EU law or the law of a Member State to which the Controller is subject;
  • the personal data were collected in connection with the provision of information society services.

(2) The administrator is not obliged to delete personal data if it stores and processes them:

  • for exercising the right to freedom of expression and the right to information;
  • for compliance with a legal obligation which requires processing provided for in EU law or Member State law to which the Administrator is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in him/her;
  • for reasons of public interest in the field of public health;
  • for archiving purposes in the public interest, for scientific or historical research purposes or for statistical purposes;
  • for the establishment, exercise or defense of legal claims.

(3) In case of exercising your right to be forgotten, the Company will delete all your data, except for the following information:

  • information that is necessary to verify that your right to be forgotten has been fulfilled;
  • technical information about the functioning of the online store, which information cannot be linked in any way to your identity;
  • e-mail address with which you registered in the online store.

(4) To exercise your right to be forgotten, you must submit a request by sending an email to the Administrator.
(5) The administrator may request that you verify your identity and identity with the person to whom the data relates.
(6) If there is an order placed by you that is in the process of being processed, the earliest time you can request to be "forgotten" is upon successful completion of the order.
(7) By deleting your personal data, your account will become inactive. Of course, you will be able to browse the online store and the products offered and place orders as a guest or make a new registration.
(8) The administrator shall not delete the data that he has a legal obligation to store, including for protection in connection with legal claims made against him or proving his rights.

Request to be forgotten – to delete personal data related to me

Right to restriction

Art. 12. You have the right to request the Administrator to restrict the processing of data relating to you when:

  • you contest the accuracy of the personal data, for a period that allows the Administrator to verify the accuracy of the personal data;
  • the processing is unlawful, but you do not want the personal data to be deleted, but only to have their use restricted;
  • The administrator no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of your legal claims;
  • You have objected to the processing pending verification of whether the Administrator's legitimate grounds override your interests.

Right to portability

Art. 13. (1) You may at any time download or receive in machine-readable format the data that is stored and processed for you in connection with the use of the Administrator's services, by requesting it by email.
(2) You may request the Administrator to directly transfer your personal data to a controller designated by you, where this is technically feasible.

Right to receive information

Art. 14. You may request the Administrator to inform you of all recipients to whom the personal data for which rectification, erasure or restriction of processing has been requested have been disclosed. The Administrator may refuse to provide this information if this would be impossible or would involve disproportionate effort.

Request for personal data portability

Right to object

Art. 15. You may object at any time to the processing of personal data by the Administrator that relates to you, including if they are processed for the purposes of profiling or direct marketing.

You can opt out of direct marketing in the following ways:
* by following the instructions in any message sent for marketing purposes
* by sending an email to office@vintagesummerfashion.com with a request to opt out of direct marketing

How can you exercise your rights?
We take the protection of personal data very seriously, which is why we have a customer service team that handles your requests in relation to the above rights. You can always contact them at office@vintagesummerfashion.com

Your rights in the event of a breach of your personal data security

Art. 16. (1) If the Administrator establishes a breach of the security of your personal data, which may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the breach, as well as of the measures that have been taken or are to be taken.
(2) The Administrator is not obliged to notify you if:

  • has taken appropriate technical and organizational measures to protect the data affected by the security breach;
  • has subsequently taken measures to ensure that the breach will not result in a high risk to your rights;
  • notification would require disproportionate effort.

Right to lodge a complaint with a supervisory authority:
In the event of a violation of your rights under the above or applicable personal data protection legislation, you have the right to file a complaint with the Personal Data Protection Commission, Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., Phone: +359 2 91 53 518; Fax: +359 2 91 53 525; e-mail address: kzld@cpdp.bg, website: https://www.cpdp.bg/.

Updating our Privacy Policy:
We may update our Privacy Policy. The most recent version is always available on our website. We will notify you of any material changes to the Privacy Policy, such as the purpose of using your personal data, the identity of the controller, or your rights.