Privacy Notice from Smart Organic GmbH
1. In which cases may Smart Organic GmbH collect/process your personal data?
- When we have to issue an invoice or other document to you as our customer, or send you your ordered goods or other items.
- When you contact us/our employees using public information about us and/or using our contact details published on our website, an e-shop or on Internet.
- When you register on our website, for instance to place orders or receive news or other services.
- When you state your interest to take part in a recruitment procedure following an advertisement by Smart Organic GmbH and/or when you submit/provide your CV, motivation letter, etc., or when you become or were our employee.
- When you come within the reach of a CCTV in the building where our offices and manufacturing site are located in Sofia (7 Amsterdam St.), or within its vicinity.
- When you provide your personal data to us or give your consent to our processing such data.
2. Why may Smart Organic GmbH process your personal data?
Smart Organic GmbH may process your personal data for various reasons, depending on our relationship and on the basis of the relevant applicable legal grounds under the privacy laws, such as legitimate business purposes of Smart Organic GmbH, execution and/or performance of an existing contract with you, compliance of Smart Organic GmbH with its legal obligations, and based on your freely given, specific, informed and unambiguous consent to processing your data.
Activities, actions, interests
· Legitimate business purposes of Smart Organic GmbH
· Economic activity of Smart Organic GmbH;
· Execution and/or performance of a contract
· Lawful creation, implementation and termination of commercial, employment and civil relationships;
· Ensure compliance with the health and safety procedures;
· Compliance with legal obligations
· Compliance of Smart Organic GmbH with its obligations under the existing labour, civil, tax, social security and other laws;
· Ensure safety and security conditions for its employees and assets;
· Prevention and/or investigation of incidents, violations and criminal offences;
· Your consent
· To register on our website;
· To address your request to exercise a right, etc.
3. What types of personal data does Smart Organic GmbH process?
Depending on the specific purpose, Smart Organic GmbH may process various sets of data:
- Your names, address, personal identification number (e.g. to issue an invoice, for courier delivery);
- Your contact details (address, telephone, e-mail), for the purposes of correspondence, a contract, delivery;
- Video images, when coming within the reach of a CCTV.
About our employees engaged under labour/civil law contracts:
- Physical identity: name, passport data, personal identification number, place of birth, address, telephone;
- Economic identity: remuneration, bank data, borrowing / repayment of loans, allowance, distraint, other debts;
- Social identity: education, qualifications, employment history, professional experience, marital status, children;
- Health identity: current health status, common diseases, chronic diseases, follow-up care, sheltered employment, disability, pregnancy and child-birth;
- Criminal record.
4. How long are your personal data kept/processed?
We keep your personal information for periods corresponding to the specific business purpose or purposes for which the information is collected, and/or for the period provided by law. The criteria for setting time limits that are not legally prescribed depend on:
- The purpose of data collecting and the achievement of such purpose.
- The grounds for data collecting (e.g. in the case of consent, you may at any time withdraw your consent).
There are cases in which, by virtue of legal provisions applicable to our activities or pursuant to internal rules, time lines may be shorter or longer. For instance:
- Personal data in accounting records: 10 years;
- Video images in the VIDEO SURVEILLANCE Register are kept for 13 to 16 days, depending on the number of days in the relevant month; thereafter, they are deleted from DVR/NVR and from back-up records;
- Personal data in the STAFF Register are kept for the legally required time periods: from 3 to 50 years, depending on the types of documents.
5. How can you obtain access to your personal data we process, object to the processing, request limitation of processing, or request supplement, rectification or erasure of your data?
In order to express your wish to have access to your personal data we process, or to object to the processing, request limitation of processing, or request supplement, rectification or erasure of your data, please contact us using the contact form on our website www.roobar.com , or write to e-mail: email@example.com or our address: Sofia, 7, Amsterdam St.
6. Who may access your personal data?
Access to processed personal data is strictly governed by the internal rules of Smart Organic GmbH depending on the purposes of processing. Such access may have:
- personal data subjects, to their own data;
- authorised employees of Smart Organic GmbH, on a ‘need to know’ basis, according to their designated roles and duties;
- persons to whom data disclosure is prescribed by a statutory instrument (such as authorities of the Ministry of Interior, courts, prosecution offices, the National Social Security Institute, the National Revenue Agency, etc.).
We do not sell or provide in any way personal data to anyone, except as specified above.
7. What is Shopify's platform and why we use it?
Our store is hosted on Shopify Inc. They provide us with the online e-commerce platform that allows us to sell our products and services to you.
Your data is stored through Shopify’s data storage, databases and the general Shopify application. They store your data on a secure server behind a firewall. For more information, you may also want to read Shopify’s Terms of Service (https://www.shopify.com/legal/terms) or Privacy Statement (https://www.shopify.com/legal/privacy).
Payments: If you choose a direct payment gateway to complete your purchase, then Shopify stores your credit card data. It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers.
8. How can you exercise the right to portability of your personal data we process?
You have the legal right to obtain the personal data concerning you which we process in a structured, commonly used and machine-readable format, and you have the right to transmit such data to another controller, under certain legal conditions. You may also request this from us and we will make it if technically feasible.
9. What security measures do we apply to ensure personal protection?
In full compliance with the legal requirements for personal data protection, we apply strict organisational and technical security measures, including:
- personal data encryption;
- measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems;
- measures to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- regular testing and evaluating the effectiveness of measures for ensuring the security of the processing.
10. How can you lodge a complaint?
For Bulgaria, the competent authority is the Commission for Personal Data Protection: 2 Tsvetan Lazarov Blvd., 1592 Sofia, Tel.: +359 2 915 3580; Fax: +359 2 915 3525; E-mail: firstname.lastname@example.org Website: http://www.cpdp.bg/.
Or choose the competent National Data Protection Authority according your location in the EU
11. How can you contact us regarding data privacy issues?
E-mail: email@example.com or at our address: Sofia, 7 Amsterdam St.
12. Who are we and how to contact us?
Smart Organic GmbH
Seat and registered office: Bad Antogast 1, 77728 Oppenau, Germany