PRIVACY POLICY OF NCANDLES LTD

FOR THE PROTECTION OF PERSONAL DATA OF PERSONS
WHO HAVE CONCLUDED A CONTRACT FOR THE ORDER OF GOODS AND/OR SERVICES THROUGH THE WEBSITE www.ncandles.com

GENERAL INFORMATION

As of 25 May 2018, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – GDPR) has been in force.

The Regulation aims to ensure the protection of personal data of natural persons in all Member States of the European Union and to harmonize the rules governing their processing.

In its capacity as a controller of personal data collected in connection with the commercial activity carried out through this website, NCandles LTD applies all requirements of the Regulation, collecting only such personal data of natural persons as are necessary for the conclusion and performance of contracts for the purchase and sale of goods and/or services, delivery, payment, accounting, customer service and the exercise of statutory rights, and processes and stores such data in a responsible and lawful manner.

INFORMATION ABOUT THE DATA CONTROLLER

  1. Name: NCandles LTD
  2. Registered office and address of management: Sofia 1517, 50 Letostruy Str., Republic of Bulgaria
  3. E-mail: contact@ncandles.com
  4. Telephone: +359 888 006 533

INFORMATION ABOUT THE COMPETENT SUPERVISORY AUTHORITY

  1. Name: Personal Data Protection Commission
  2. Registered office and address: Sofia 1592, 2 Prof. Tzvetan Lazarov Blvd., Republic of Bulgaria
  3. Telephone: +359 2 915 35 18
  4. E-mail: dpo@cpdp.bg, kzld@cpdp.bg
  5. Website: www.cpdp.bg

NCandles LTD carries out its activities in accordance with the Bulgarian Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016.

LEGAL GROUNDS FOR THE COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA OF CLIENTS

Art. 1.
(1) NCandles LTD collects and processes personal data of Users of the website ncandles.com in connection with the commercial activity it provides and for the performance of the contract concluded with the Users of this website;
(2) In this regard, NCandles LTD acts as a personal data controller.

PURPOSES AND PRINCIPLES OF THE COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA

Art. 2.
(1) Personal data voluntarily provided by Users of the website ncandles.com are collected and processed for the purposes of identification and performance of the company’s commercial activity. Personal data are also collected for the maintenance of a user profile upon registration on the website.

(3) NCandles LTD observes the following principles when collecting and processing personal data:
– lawfulness, fairness and transparency;
– purpose limitation;
– data minimization and relevance;
– accuracy and up-to-dateness;
– storage limitation;
– integrity and confidentiality and ensuring an appropriate level of security.

CATEGORIES OF PERSONAL DATA COLLECTED, PROCESSED AND STORED

Art. 3.
(1) NCandles LTD processes only lawfully collected personal data necessary for specific, clearly defined purposes.

(2) NCandles LTD processes the following categories of personal data necessary for the identification of Users and the performance of the contract:
– names, address, billing address and basic company details, e-mail address, telephone number, bank account details and other payment-related data;
– NCandles LTD may collect additional data related to the production of a specific product, such as date of birth and gender;
– NCandles LTD may also collect, process and store additional data for the purpose of improving website services and organizing marketing offers. Users may receive commercial messages related to marketing offers, from which they may freely unsubscribe.

Only limited personal data are used for marketing purposes in order to ensure adequate protection of users’ rights and interests.

(3) With regard to Users of the website, NCandles LTD does not collect or process special categories of personal data, including data revealing racial or ethnic origin, political, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, or data concerning sexual life or sexual orientation.

NCandles LTD guarantees that personal data will not be used against the data subjects.

(4) Third parties may obtain personal data only in accordance with the procedure and conditions provided by law.

4.1. Disclosure of Personal Data to Third Parties

Personal data are disclosed to third parties only where necessary for the performance of the sales contract, on the basis of a legitimate interest, or where the data subject has given prior consent.

NCandles LTD may disclose personal data to:
– companies issuing credit cards, payment service providers and banks for payment processing and contract performance;
– courier and delivery service providers for delivery of ordered products;
– legal representatives and courts for debt collection or contractual matters;
– public authorities (e.g. police).

Where personal data are provided to third parties acting as independent data controllers (such as banks, payment institutions or public authorities), such parties process the data in accordance with their own legal grounds and data protection policies and bear independent responsibility for the lawfulness of such processing.

STORAGE AND SECURITY OF PERSONAL DATA

Personal data are transmitted in encrypted form using SSL (Secure Socket Layer) technology. NCandles LTD applies technical and organizational measures to protect personal data against loss, destruction, unauthorized access, alteration or disclosure.

Access to a user account is possible only through a personal password. Users are advised not to share access credentials with third parties and to close their browser window after completing activities, especially when using a shared computer. NCandles LTD shall not be liable for misuse of passwords.

RETENTION PERIOD OF PERSONAL DATA

Art. 4.
(1) Personal data are stored:
– for the period strictly necessary to ensure rights and obligations arising from the sales contract;
– for the period required by mandatory legal obligations. Accounting documents, such as invoices, are stored for five (5) years from issuance. After this period, NCandles LTD takes measures to delete or destroy such data.

TRANSFER OF PERSONAL DATA FOR PROCESSING

Personal data are transferred for processing only after informing the User or upon the User’s explicit consent, expressed through a button, declaration or similar action.

RIGHTS OF DATA SUBJECTS

Data subjects may request free information regarding the processing of their personal data.

They may request clarification, rectification, supplementation, erasure or restriction of processing where data are processed unlawfully. Consent may be withdrawn at any time, except where data are required for legal obligations or the protection of legitimate interests.

Art. 6. NCandles LTD processes personal data only in connection with the performance of the sales contract. Refusal to provide personal data constitutes grounds for refusal to execute an order. Data required by law or for the protection of legitimate interests cannot be withdrawn.

RIGHT OF ACCESS

Art. 7.
(1) Users have the right to confirmation as to whether their personal data are being processed.
(2) They have the right to access such data and information regarding their processing and storage.
(3) NCandles LTD provides a copy of the processed personal data upon request.

RIGHTS IN THE EVENT OF A PERSONAL DATA SECURITY BREACH

Art. 14.
(1) In the event of a personal data breach likely to result in high risk to rights and freedoms, NCandles LTD shall notify affected persons without undue delay.
(2) Notification is not required where appropriate technical and organizational measures have been implemented or subsequent measures eliminate the risk.

OTHER PROVISIONS

Art. 16. Data subjects have the right to lodge a complaint with the Personal Data Protection Commission at:
Sofia 1592, 2 Prof. Tzvetan Lazarov Blvd.
Telephone: +359 2 915 35 18
E-mail: dpo@cpdp.bg, kzld@cpdp.bg
Website: www.cpdp.bg