Categories
Menu
0 My inquiry
0
  • Privacy Policies
  1. Home
  2. Privacy Policies

Privacy Policies

PRIVACY NOTICE
of “GD Styles” OOD (GDNovelty)
pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (GDPR)

1. Identity and Contact Details of the Controller

1.1. The controller of personal data within the meaning of Article 4(7) GDPR is:
GD Styles OOD, UIC: 200436302, Registered seat and address of management: 67 Cherkovna Str., ap. 4, 1505 Sofia, Bulgaria, E-mail: office@gdstyles.com

1.2. This Privacy Notice is addressed to natural persons whose personal data are processed by GD Styles OOD in the context of its B2B activities, including but not limited to employees, representatives and contact persons of corporate customers, suppliers and partners (collectively referred to as the “Data Subjects”).

2. Scope of this Privacy Notice

2.1. This Privacy Notice sets out information required under Articles 13 and 14 GDPR concerning the processing of personal data in connection with:
•    use of the website https://gdnovelty.bg/ (the “Website”);
•    creation and use of B2B user accounts on the Website;
•    submission and processing of requests, offers, projects, project protocols and final orders;
•    conclusion and performance of contracts with customers – legal entities;
•    business communication and customer service;
•    B2B marketing and advertising activities, including email marketing and use of online advertising and analytics tools.

3. Categories of Personal Data

3.1. In the course of its activities, the Controller may process the following categories of personal data relating to Data Subjects:

(a) Identification and contact data of business contacts
•    first name and last name;
•    position / job title (e.g. Marketing Manager, Purchaser, Managing Director);
•    business e-mail address;
•    business telephone or mobile number.

(b) Data relating to user accounts (B2B)
•    username (typically business e-mail);
•    password (stored solely in hashed/encrypted form);
•    associated company details (name of legal entity, UIC/BULSTAT, VAT number, registered seat, billing address, correspondence address).

(c) Data relating to requests, orders and contracts
•    history of requests, offers, final offers, projects, project protocols and final orders;
•    data relating to deliveries (delivery address, name of receiving person, contact phone);
•    communications in relation to offers, projects, project protocols, final orders, claims and complaints;
•    data relating to payments (payer name, bank account identifiers and similar data, without storing full payment card details when external payment providers are used).

(d) Communication and marketing data
•    content of e-mail correspondence and other written communication;
•    data relating to newsletter subscriptions and marketing preferences;
•    participation in campaigns, promotions and events;
•    high-level information on interests in particular product categories, to the extent such information is derived from prior interactions.

(e) Technical and log data
•    IP address;
•    browser and device information;
•    log data relating to access to and use of user accounts (date and time of registration, login, changes to profile data, etc.);
•    cookie identifiers and similar technologies as described in the Cookie Policy.

4. Sources of Personal Data

4.1. The Controller may obtain personal data:

(a) directly from the Data Subject (e.g. when creating an account, communicating by e-mail or telephone, submitting an enquiry via the Website); and/or

(b) from the legal entity that the Data Subject represents or by which the Data Subject is employed, when that entity designates the Data Subject as a contact person, representative, user of an account or receiving person.

4.2. Where a corporate customer provides personal data of its employees or other contact persons, such customer is responsible for ensuring that the Data Subjects are duly informed about such disclosure and about this Privacy Notice.

5. Purposes and Legal Bases for Processing

5.1. Personal data are processed only to the extent that at least one legal basis under Article 6(1) GDPR applies. The main purposes and corresponding legal bases are as follows:

5.1.1. Creation and administration of B2B user accounts
•    Purpose: creation, maintenance and administration of B2B user accounts on the Website, including management of authorised users and contact persons.
•    Legal bases:
o    Article 6(1)(b) GDPR – taking steps at the request of the Data Subject prior to entering into a contract (where the Data Subject acts as a representative/contact person and initiates the relationship);
o    Article 6(1)(f) GDPR – the Controller’s legitimate interest in operating a secure and functional B2B online platform.

5.1.2. Conclusion and performance of contracts with customers – legal entities
•    Purpose: processing of requests, preparation of offers and final offers, projects and project protocols, issuance and confirmation of final orders, organisation of deliveries, fulfilment of obligations under contracts, handling of complaints, claims and warranties.
•    Legal bases:
o    Article 6(1)(b) GDPR – performance of a contract to which the Data Subject’s organisation is a party, where the Data Subject acts as representative or contact person;
o    Article 6(1)(f) GDPR – the Controller’s legitimate interest in conducting its business and communicating effectively with customer representatives.

5.1.3. Compliance with legal obligations
•    Purpose: compliance with statutory obligations arising from accounting, tax, commercial and other applicable legislation (e.g. issuing and retaining invoices and accounting records, responding to lawful requests from authorities).
•    Legal basis:
o    Article 6(1)(c) GDPR – processing is necessary for compliance with a legal obligation to which the Controller is subject.

5.1.4. Communication and customer service
•    Purpose: handling of enquiries, provision of technical and commercial support, management of claims and complaints, general business correspondence.
•    Legal bases:
o    Article 6(1)(b) GDPR – where communication is linked to the performance of a contract or pre-contractual steps;
o    Article 6(1)(f) GDPR – the Controller’s legitimate interest in maintaining adequate business relationships and service levels.

5.1.5. B2B marketing and email marketing
•    Purpose: sending of information and commercial communications regarding products and services of the Controller or similar offerings, including newsletters, catalogues, special offers, promotions and invitations to events, to representatives and contact persons of existing or potential customers – legal entities.
•    Legal bases:
o    Article 6(1)(f) GDPR – the Controller’s legitimate interest in promoting its products and services to existing B2B customers and business contacts;
o    Article 6(1)(a) GDPR – consent, where required by applicable law (e.g. subscription to an electronic newsletter via the Website).
•    Data Subjects may object to the processing of their personal data for direct marketing at any time, in accordance with Article 21(2) GDPR. In such case, the Controller will cease processing for these purposes.

5.1.6. Online analytics, advertising and limited profiling
•    Purpose: measurement and analysis of traffic and usage of the Website, evaluation and optimisation of online campaigns, remarketing and delivery of more relevant advertising, using tools such as Google Analytics, Meta (Facebook/Instagram) Pixel, Google Ads and similar platforms.
•    Data processed: IP address, cookie and device identifiers, approximate location, information on pages visited and interactions with the Website and ads.
•    Legal bases:
o    Article 6(1)(a) GDPR – consent provided via the cookie banner or cookie settings for analytical and marketing cookies;
o    Article 6(1)(f) GDPR – the Controller’s legitimate interest in ensuring basic Website functionality and security via strictly necessary technical cookies.
•    The use of such tools may entail limited profiling of business users and contacts (for example, grouping by interest in certain product categories), without automated decision-making producing legal effects concerning the Data Subject or similarly significantly affecting them within the meaning of Article 22 GDPR.

Data Subjects may withdraw their consent at any time via the cookie settings or browser settings, without affecting the lawfulness of processing based on consent before its withdrawal, and may also object to processing based on legitimate interest pursuant to Article 21 GDPR.

5.1.7. Security, fraud prevention and protection of rights
•    Purpose: ensuring the security and integrity of the Website, IT systems and accounts; preventing misuse and unauthorised access; establishing, exercising or defending legal claims.
•    Legal basis:
o    Article 6(1)(f) GDPR – the Controller’s legitimate interest in protecting its assets, systems and legal rights.

6. Recipients of Personal Data

6.1. Personal data may be disclosed to the following categories of recipients, only where necessary and on the basis of appropriate safeguards:

(a) courier and logistics companies, for the purpose of delivering goods;
(b) external accounting, bookkeeping and audit firms;
(c) providers of IT, hosting and Website maintenance services, including providers of email marketing, CRM, analytics and online advertising platforms (e.g. Google, Meta and similar);
(d) banks and payment institutions;
(e) legal advisers and lawyers, for the establishment, exercise or defence of legal claims;
(f) competent public authorities and courts, where required by applicable law.

6.2. Where third parties process personal data on behalf of the Controller, they act as processors within the meaning of Article 4(8) GDPR and are bound by data processing agreements pursuant to Article 28 GDPR.

7. Transfers of Personal Data to Third Countries

7.1. Certain service providers engaged by the Controller (such as Google LLC, Meta Platforms, Inc. and similar global providers) may process personal data in countries outside the European Union and the European Economic Area (“Third Countries”).

7.2. In such cases, any transfer of personal data to a Third Country will take place only in compliance with Chapter V GDPR, in particular on the basis of:
•    an adequacy decision of the European Commission under Article 45 GDPR; and/or
•    Standard Contractual Clauses adopted by the European Commission under Article 46(2)(c) or (d) GDPR; and/or
•    other appropriate safeguards, together with additional technical and organisational measures where necessary.

7.3. Further information on the safeguards applicable to specific transfers can be provided upon request.

8. Retention Periods

8.1. Personal data are stored in a form permitting identification of Data Subjects for no longer than is necessary for the purposes for which the personal data are processed, in accordance with Article 5(1)(e) GDPR and applicable local legislation.

8.2. Without prejudice to statutory obligations, the Controller applies, inter alia, the following retention criteria:

(a) Account and business contact data: retained for the duration of the business relationship and for an additional period of up to five (5) years thereafter, in order to establish, exercise or defend potential legal claims.

(b) Contract and invoice data: retained for the period required by applicable accounting and tax legislation (typically ten (10) years following the end of the relevant financial year).

(c) Marketing and newsletter data: retained until the Data Subject withdraws consent or objects to processing for direct marketing, or until the Controller discontinues the relevant marketing activities, whichever occurs first.

(d) Technical logs and security-related data: typically retained for up to one (1) year, unless a longer period is required due to security incidents, investigations or ongoing disputes.

8.3. Upon expiry of the relevant retention period, personal data are securely deleted or anonymised.

9. Data Security

9.1. The Controller implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 GDPR, including but not limited to:
•    encryption and hashing of passwords;
•    access controls and role-based authorisation for staff;
•    contractual confidentiality obligations for employees and processors;
•    secured infrastructure and regular software updates.

9.2. While the Controller endeavours to protect personal data, it cannot guarantee absolute security of information transmitted over the internet. Data Subjects are advised to use strong passwords, keep them confidential and notify the Controller without undue delay if they suspect misuse.

10. Rights of Data Subjects

10.1. In accordance with Articles 15–22 GDPR, Data Subjects have the following rights, subject to the conditions and limitations set out in the GDPR and applicable law:

(a) Right of access (Article 15 GDPR) – to obtain confirmation whether personal data concerning them are being processed and, where that is the case, access to the data and information about the processing.

(b) Right to rectification (Article 16 GDPR) – to obtain without undue delay the rectification of inaccurate personal data concerning them and to have incomplete personal data completed.

(c) Right to erasure (“right to be forgotten”, Article 17 GDPR) – to obtain the erasure of personal data concerning them where one of the grounds listed in Article 17(1) GDPR applies and no exception under Article 17(3) GDPR is present.

(d) Right to restriction of processing (Article 18 GDPR) – to obtain restriction of processing in the cases specified in Article 18 GDPR.

(e) Right to data portability (Article 20 GDPR) – to receive personal data concerning them, which they have provided to the Controller, in a structured, commonly used and machine-readable format and to transmit those data to another controller, where processing is based on consent or contract and is carried out by automated means.

(f) Right to object (Article 21 GDPR) – to object, on grounds relating to their particular situation, at any time to processing based on the Controller’s legitimate interests; in particular, Data Subjects have the right to object at any time to processing of personal data for direct marketing purposes (including profiling related to such direct marketing).

(g) Rights related to automated individual decision-making (Article 22 GDPR) – the Controller does not carry out automated decision-making producing legal effects concerning the Data Subject or similarly significantly affecting them within the meaning of Article 22 GDPR.

10.2. Where processing is based on consent (Article 6(1)(a) GDPR), Data Subjects have the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

10.3. To exercise their rights, Data Subjects may contact the Controller at office@gdstyles.com or via the postal address indicated in Section 1. The Controller will respond to requests without undue delay and in any event within one month of receipt, subject to the extensions permitted by Article 12(3) GDPR.

11. Right to Lodge a Complaint with a Supervisory Authority

11.1. Without prejudice to any other administrative or judicial remedy, Data Subjects have the right to lodge a complaint with the competent supervisory authority if they consider that the processing of personal data relating to them infringes the GDPR.

11.2. The competent supervisory authority in Bulgaria is:

Commission for Personal Data Protection (CPDP)
2 Prof. Tsvetan Lazarov Blvd.
1592 Sofia, Bulgaria
Website: www.cpdp.bg

12. Children’s Data

12.1. The Controller’s services and the Website are not directed at children and minors. The Controller does not knowingly collect personal data relating to individuals under 18 years of age.

13. Amendments to this Privacy Notice

13.1. The Controller may amend this Privacy Notice from time to time. The current version will be made available on the Website and will indicate the date of its latest revision. Where appropriate, material changes may be communicated through additional channels (e.g. e-mail or notices in user accounts).

COOKIE POLICY

for https://gdnovelty.bg/ 

1. General
1.1. This Cookie Policy provides information regarding the use of cookies and similar technologies (collectively, the “Cookies”) on the Website operated by GD Styles OOD, UIC 200436302, with registered seat and address of management at 67 Cherkovna Str., ap. 4, Sofia, Bulgaria (the “Controller”).

1.2. This Cookie Policy supplements the Controller’s Privacy Notice and should be read in conjunction with it, in particular with regard to the processing of personal data in connection with Cookies.

2. What Are Cookies?
2.1. Cookies are small text files that are stored on the user’s device (computer, tablet, mobile phone) when visiting websites. On each subsequent visit, the browser sends the Cookie back to the website that set it or to another website which recognises the Cookie.
2.2. Cookies perform various functions, such as enabling the technical functioning of websites, remembering user preferences, facilitating navigation, compiling statistics and supporting the delivery of personalised advertising.

3. Controller and Contact Details
3.1. The Controller responsible for the use of Cookies on the Website is:
GD Styles OOD
UIC: 200436302
Address: 67 Cherkovna Str., ap. 4, Sofia, Bulgaria
E-mail: office@gdstyles.com

3.2. Users may contact the Controller at the above e-mail address in relation to this Cookie Policy and the use of Cookies.

4. Types of Cookies Used
4.1. The Website may use the following categories of Cookies:
(a) According to duration
•    Session Cookies – stored temporarily during the browser session and deleted when the browser is closed;
•    Persistent Cookies – remain on the device for a specified period or until deleted by the user.
(b) According to purpose
(i) Strictly necessary (essential) Cookies
4.2. These Cookies are necessary for the proper functioning of the Website and cannot be switched off in the Controller’s systems. They are usually set in response to actions taken by the user, such as setting privacy preferences, logging in, filling in forms or placing items in a cart as part of a request.
4.3. The legal basis for the use of strictly necessary Cookies is the Controller’s legitimate interest in ensuring the technical operation and security of the Website and the services offered (Article 6(1)(f) GDPR).

(ii) Functional Cookies
4.4. Functional Cookies enable enhanced functionality and personalisation of the Website, such as remembering language preferences, region or the user’s login status.
4.5. These Cookies may be set by the Controller or by third-party providers whose services are integrated into the Website. Depending on the specific implementation, the legal basis may be the Controller’s legitimate interest or the user’s consent.

(iii) Analytical / statistical Cookies
4.6. Analytical Cookies collect information about how users interact with the Website (e.g. which pages are visited most frequently, how users move around the Website, which campaigns generate traffic). The Controller uses such information in aggregated form to improve the Website and its services.
4.7. Analytical Cookies may be set by:
•    the Controller’s own analytics tools; and/or
•    third-party providers such as Google Analytics or similar services
4.8. The use of analytical Cookies which are not strictly necessary is based on the user’s consent within the meaning of Article 6(1)(a) GDPR, which is obtained via the cookie banner or cookie settings upon the user’s first visit to the Website.

(iv) Marketing / advertising Cookies
4.9. Marketing Cookies are used to display advertising that is more relevant to the user’s interests and to measure and optimise the effectiveness of advertising campaigns (e.g. remarketing, conversion tracking).
4.10. Such Cookies may be set via the Website by third-party advertising and marketing partners, for example:
•    Meta (Facebook/Instagram) Pixel;
•    Google Ads / Google Marketing Platform;
•    other online advertising networks and platforms.
4.11. Marketing Cookies are used exclusively on the basis of the user’s explicit consent in accordance with Article 6(1)(a) GDPR, given via the cookie banner or cookie settings.

5. Legal Basis for the Use of Cookies
5.1. The legal basis for the storage of or access to information on the user’s device via strictly necessary Cookies is Article 6(1)(f) GDPR (legitimate interest), insofar as such Cookies are indispensable for the provision of the services requested by the user and for ensuring the security and proper functioning of the Website.
5.2. The legal basis for the use of functional (where not strictly necessary), analytical and marketing Cookies is, as a rule, the user’s consent (Article 6(1)(a) GDPR), obtained and managed through the cookie banner and/or dedicated cookie settings.
5.3. The user has the right to withdraw their consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

6. Cookie Management
6.1. Through the Website’s cookie banner / settings
6.1.1. Upon the user’s first visit to the Website, a cookie banner is displayed, enabling the user to:
•    accept all Cookies;
•    reject all non-essential Cookies; and/or
•    make a granular choice by category (e.g. accepting analytical Cookies but rejecting marketing Cookies).
6.1.2. The user may change their preferences at any time by accessing the cookie settings (via a link or button available on the Website, where implemented) or by clearing Cookies through the browser and reloading the Website so that the banner is displayed again.

6.2. Through browser settings
6.2.1. Users can also control and/or delete Cookies through the settings of their browsers. Most browsers allow users to:
•    block all Cookies;
•    block Cookies from specific websites;
•    delete existing Cookies.
6.2.2. If the user chooses to block or delete certain Cookies, some features of the Website may not function properly, including login and request/order processes.

7. Third-Party Cookies and Transfers to Third Countries

7.1. Third-party Cookies (e.g. those of Google Analytics, Meta Pixel, Google Ads and other similar services) may be used on the Website. These third parties act either as independent controllers or as processors, depending on the circumstances.
7.2. Third parties may combine data obtained via Cookies with other information that the user has provided to them or that they have collected in the context of the user’s use of their services. Users are encouraged to read the privacy and cookie policies of such third parties on their respective websites.
7.3. Some providers of analytical and marketing Cookies (such as Google LLC, Meta Platforms, Inc.) are located in or may store data in Third Countries outside the EU/EEA. In such cases, data transfers are carried out in compliance with Chapter V GDPR, including through adequacy decisions, Standard Contractual Clauses and/or other appropriate safeguards, as further described in the Controller’s Privacy Notice.

8. Cookies and Personal Data
8.1. Certain Cookies (in particular analytical and marketing Cookies) may result in the processing of personal data, such as IP addresses, online identifiers or information on user behaviour. In such cases, the processing is subject to the Controller’s Privacy Notice.
8.2. Where processing is based on consent, users may withdraw their consent at any time via the cookie settings or their browser settings.

9. Updates to this Cookie Policy
9.1. The Controller reserves the right to amend this Cookie Policy from time to time, for example in case of changes to the Cookies used or to applicable legal requirements.
9.2. The current version of this Cookie Policy is made available on the Website and indicates the date of its latest revision.

 

user-login-icon My inquiry 0
„Бисквитките“ ни помагат да подобрим нашите услуги. Разглеждайки съдържанието на сайта, Вие се съгласявате и с използването на „бисквитки“. разбрах научете още