Privacy Policy

Information about the data controller:

Essele Art Ltd. is a company registered in the Commercial Register of the Registry Agency with UIC 206924714, with registered office and business address: 49 St. St. Kozma and Damyan str., 2800 Sandanski, BG.

 

Contacts:

 

Telephone number: +359879906277; email: info@essele.art

Reasons and purposes for which we use your personal data 

We process your personal data on the following grounds: 

  • The contract we concluded with you in order to fulfill our obligations under it; 
  • Explicit consent from you - the purpose is specified for each case; 
  • In case of an obligation under law; 

In the following paragraphs you will find detailed information about the processing of your personal data depending on the basis on which we process them. 

1. FOR THE PERFORMANCE OF A CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL OBLIGATIONS

We process your personal data in order to fulfill the contractual and pre-contractual obligations and to enjoy the rights under the contracts concluded with you.

 

Purposes of processing:

  • establishing your identity; 
  • management and execution of your request and execution of a concluded contract; 
  • preparing a contract proposal; 
  • preparing and sending an invoice for the services you use with us; 
  • providing the comprehensive service you need, as well as collecting the amounts due for the services used; 
  • keeping correspondence in connection with orders, processing requests, reporting problems, etc.
  • notification of everything related to the services you use with us; 
  • analysis of customer history; 
  • to identify and/or prevent illegal actions or actions contrary to our terms of service;

Data we process on this basis:

Based on the contract we concluded with you, we process information on the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:

  • personal contact details - contact address, email, telephone number; 
  • identification data – full name, personal ID number or personal number of a foreigner, address; 
  • data on the orders placed; 
  • correspondence in connection with the overall service - e-mail, letters, information about your requests for troubleshooting, complaints, requests, claims, feedback that we receive from you; 
  • credit or debit card information, bank account number or other banking and payment information in connection with payments made;

o   other information such as:

  • Customer number, code or other identifier created for identification; 
  • IP address when visiting our website; 
  • Demographic data 
  • Information from your actions on the website

The processing of the specified personal data is mandatory for us so that we can conclude the contract with you and fulfill it. Without providing us with the above information, we would not be able to fulfill our obligations under the contract.

 

We provide personal data to third parties

We provide your personal data to third parties, and our main goal is to offer you quality, fast and comprehensive service. We do not provide your personal data to third parties until we are sure that all technical and organizational measures have been taken to protect this data, and we strive to exercise strict control to achieve this goal. In this case, we remain responsible for the confidentiality and security of your data.

We provide personal data to the following categories of recipients (data controllers):

  • postal operators and courier companies; 
  • persons assigned to maintain equipment, software and hardware used for the processing of personal data and necessary for the company's activities 
  • persons providing consulting services in various fields.

 

When do we delete data collected on this basis

We delete the data collected on this basis 5 years after the termination of the contractual relationship, regardless of whether due to the expiration of the contract, cancellation or other grounds.  

2. FOR FULFILLMENT OF REGULATORY OBLIGATIONS

It is possible that the law provides for an obligation for us to process your personal data. In these cases we are obliged to carry out the processing, such as:

  • Obligations under the Anti-Money Laundering Measures Act; 
  • Fulfillment of obligations in connection with distance selling, off-site sales, provided for in the Consumer Protection Act; 
  • Providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act; 
  • Providing information to the Commission for Personal Data Protection in connection with obligations provided for in the legislation for personal data protection; 
  • Obligations provided for in the Accounting Act and the Tax and Social Security Procedure Code and other related regulations in connection with keeping legal accounting; 
  • Providing information to the court and third parties in court proceedings, in accordance with the requirements of the applicable regulations; 
  • Age verification when shopping online.

 

When do we delete personal data collected on this basis

The data collected in accordance with the obligation provided for in the law are deleted after the obligation for collection and storage is fulfilled or ceased. For example:

  • under the Accounting Act for storage and processing of accounting data (11 years), 
  • obligations to provide information to the court, competent state bodies, and other grounds provided for in the current legislation (5 years).

Providing data to third parties

When there is an obligation for us by law, it is possible to provide your personal data to the competent state authority, natural or legal person.

3. WITH YOUR CONSENT

We process your personal data on this basis only after your explicit, unambiguous and voluntary consent. We will not foresee any adverse consequences for you if you decline the processing of personal data.

Consent is a separate basis for the processing of your personal data and the purpose of the processing is stated in it, and does not cover the purposes listed in this policy. If you give us the relevant consent and until its withdrawal or termination of any contractual relationship with you, we prepare proposals for products/services suitable for you, performing detailed analyses of your basic personal data;

Detailed analysis is a method of analysis that allows processing large volumes of data using statistical models and algorithms and others that include the use of personal data, as well as processes of pseudonymization and anonymization of the same, in order to extract information about trends and various statistical indicators.

 

Data we process on this basis:

On this basis, we only process data for which you have given us your express consent. The specific data are determined for each individual case. Usually these data are names. 

Providing data to third parties 

On this basis, we may provide your data to marketing agencies, Facebook, Google, etc. 

 

Withdrawal of consent

The consents granted may be withdrawn at any time. Withdrawal of consent does not affect the performance of contractual obligations. If you withdraw your consent to the processing of personal data in any or all of the ways described above, we will not use your personal data and information for the purposes set out above. Withdrawal of consent shall not affect the lawfulness of the processing based on a consent prior to its withdrawal.

In order to withdraw your consent, you only need to use our website or just our contact details.

 

When do we delete data collected on this basis

We delete the data collected on this basis at your request or 12 months after their initial collection.

How do we protect your personal information

To ensure adequate data protection of the company and its customers, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act. 

The company has established rules to prevent security abuses and breaches, which supports the processes of protecting and ensuring the security of your data. 

For maximum security in the processing, transmission and storage of your data, we may use additional security mechanisms such as encryption, pseudonymization, etc.

 

Personal data received from third parties

We receive personal data from the following third parties: Shopify, Stripe, Paypal

User rights

Each User of the website enjoys all rights to personal data protection under Bulgarian law and European Union law.  

 

The user can exercise its rights through the contact form or by sending a message to our email.

 

Each User has the right to:

  • Awareness (in connection with the processing of its personal data by the data controller); 
  • Access to its own personal data; 
  • Correction (if the data is inaccurate); 
  • Right to erasure (right to be forgotten); 
  • Restriction of processing by the controller or processor of personal data; 
  • Portability of personal data between individual controllers; 
  • Objection to the processing of its personal data; 
  • The data subject has the right not to be the subject of a decision based solely on automated processing, including profiling, which has legal consequences for the data subject or similarly affects him/her significantly; 
  • Right to judicial or administrative protection in case the data subject's rights have been violated.

 

The user may request erasure if one of the following conditions is present:

  • Personal data are no longer needed for the purposes for which they were collected or otherwise processed; 
  • The user withdraws its consent on which the data processing is based and there is no other legal basis for the processing; 
  • The data user objects to the processing and there are no legal grounds for processing to take precedence; 
  • Personal data has been processed illegally; 
  • Personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller; 
  • Personal data have been collected in connection with the provision of information society services to children and the consent has been given by the parent responsible for the child.

 

The User has the right to restrict the processing of its personal data by the controller when:

  • It challenges the accuracy of personal data. In this case, the restriction of processing is for a period that allows the controller to verify the accuracy of personal data; 
  • The processing is illegal, but the User does not want the personal data to be deleted, but instead requires restricting their use; 
  • The controller no longer needs personal data for the purposes of processing, but the User requires them for the establishment, exercise or protection of legal claims; 
  • It objects to the processing pending verification of whether the legal grounds of the administrator take precedence over the interests of the User.

 

Right to data portability.

The data subject has the right to receive the personal data concerning him/her and which it has provided to the controller in a structured, widely used and machine-readable format and has the right to transfer this data to another controller without hindrance from the controller to whom the personal data are provided, when the processing is based on consent or a contractual obligation and the processing is carried out in an automated manner. When exercising its right to data portability, the data subject is also entitled to receive the direct transfer of personal data from one controller to another where this is technically feasible.

 

Right to object.

Users have the right to object to the controller against the processing of their personal data. The controller of personal data shall be obliged to terminate the processing, unless it proves that there are convincing legal grounds for the processing, which take precedence over the interests, rights and freedoms of the data subject, or for establishing, exercising or defending legal claims. In the event of an objection to the processing of personal data for the purposes of direct marketing, the processing should be stopped immediately.

 

Complaint to the supervisory authority

Each User has the right to file a complaint against illegal processing of its personal data to the Commission for Personal Data Protection or to the competent court.