Privacy Policy
Privacy Policy for Personal Data of Individuals
This document contains the Privacy Policy for personal data of individuals ("Policy") and is related to the General Terms, but is not an integral part of them, as it does not regulate rights and obligations, but aims to explain to users what personal data we process, how, for what purpose, and what security measures are applicable. It also provides information about the rights that you, our clients and users, have in connection with the processing of personal data by "Beonova Bulgaria" OOD, UIC 207360483 (www.ladyb.world). In case of changes to the Policy, the amendments will be published here.
Effective from: 27.04.2023.
Your privacy is extremely important to us. This security policy reveals what personal data we collect from you through our interactions and how we use this data.
DATA CONTROLLER
"Beonova Bulgaria" OOD, UIC 207360483, VAT No. BG 207360483, with headquarters and management address: Sofia, 1000 Postal Code, Sredets region, 54 Khan Asparuh Str., floor 1, office 1, e-mail: biljana.kovacevic@beonova.rs (hereinafter referred to as "ladyb.world", "We", "online store", "Website", "Administrator") is a data controller, including personal data, regarding the information collected or provided when browsing the website www.ladyb.world or making a purchase through it, as well as when browsing or purchasing goods or services through our Facebook page (hereinafter collectively referred to as "Website", "Web Page"). This Policy also applies in cases where individuals voluntarily provide us with personal data electronically (via email), by phone, or by other means, including providing personal data in our retail store or office. We process personal data from inquiries sent by you to us, as well as for marketing and advertising purposes, profiling, participation in games, promotions, and raffles organized by us, and for any other purposes not prohibited by law. When processing personal data, ladyb.world complies with all applicable data protection laws, including but not limited to Regulation (EU) 2016/679 ("Regulation") and the Personal Data Protection Act, as the security of personal data of our customers is of paramount importance to us. Therefore, this Policy also applies in this case.
APPLICABILITY OF THE POLICY
This Policy applies to all our customers - individuals who use our services by ordering from the Website or expressing interest in the same by sending inquiries (hereinafter referred to as "data subjects", "users").
Partners and third parties working with or for ladyb.world, and who have or may have access to personal data, are expected to acquaint themselves, understand, and comply with this policy. No third party shall have access to personal data stored by Ladyb.world without the company having first entered into a data confidentiality agreement with the third party, imposing obligations on the third party no less burdensome than those undertaken by ladyb.world and granting ladyb.world the right to verify compliance with the obligations imposed by the agreement.
This policy applies to all employees/workers (and stakeholders) of Ladyb.world, as well as to external suppliers of products and services with whom Ladyb.world has contracts. Any violation of the General Data Protection Regulation will be treated as a breach of labor discipline or non-compliance with contracts with partners. In case there is a suspicion of a committed crime, the matter will be promptly forwarded to the relevant state authorities for review.
For visitors to the Website who do not place orders or send inquiries but only browse our website, the Cookie Policy accepted and published on the Website applies.
DEFINITIONS
"Regulation" - General Data Protection Regulation 2016/679 of 27 April 2016, known as GDPR. The purpose of this European legislative act is to protect the "rights and freedoms" of individuals and ensure that personal data is not processed without their knowledge and consent whenever possible.
"Personal data" - any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
"Special categories of personal data" - personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation.
"Processing" - any operation or set of operations performed on personal data or sets of personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
"Controller" - any natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by EU law or the law of a Member State, the controller or the specific criteria for its designation may be provided for by EU law or by the law of a Member State.
"Data subject" - any living individual who is the subject of personal data stored by the Controller.
"Consent of the data subject" - any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
"Child" - The General Regulation defines a child as anyone under the age of 16. The processing of personal data of a child is lawful only if consent is given by a parent or guardian. The Controller makes reasonable efforts to verify in such cases that the holder of parental responsibility for the child has given or authorized the giving of such consent.
"Profiling" - any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
"Personal data breach" - a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.
"Recipient" - a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. Public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law are not considered "recipients"; the processing of such data by these public authorities complies with the applicable data protection rules according to the purposes of processing.
"Third party" - any natural or legal person, public authority, agency, or body other than the data subject, the Controller, the Processor of personal data, and the persons who, under the direct authority of the Controller or Processor, are authorized to process personal data.
PRINCIPLES
When collecting and processing personal data, we adhere to the following principles: legality, fairness, transparency; purpose limitation; data minimization; accuracy; storage limitation; integrity and confidentiality; accountability.
DATA SUBJECTS WHOSE DATA WEW PROCESS
In connection with its activities, ladyb.world enters into and executes distance sales contracts, reviews job applications and proposals, processes user buyer rights exercise forms, as well as requests from data subjects, responds to inquiries, issues and receives invoices, processes statistical data, manages a user panel on the website, conducts advertising activities through advertising campaigns (promotions, games, etc.). In the course of these activities, ladyb.world processes information regarding the following Data Subjects:
(a) Individuals, site users without registration, who do not provide any data (in this case, we process data, but not personal data) and individuals, site users without registration, who have voluntarily provided a limited amount of personal data (for example, a phone number and/or email address);
(b) Individuals, site users with registration as registered users - in these cases, we process user data entered during registration – email address, delivery address, names, billing information, order details, other data entered by the user.
(c) Individuals who have submitted inquiries (including by phone), requests, initiatives, signals, complaints, or other correspondence to us, including through the website, phone, email, or other means;
(d) Individuals whose information is contained in inquiries (including by phone), requests, initiatives, signals, complaints, or other correspondence sent to us;
(e) Individuals with whom we enter into contracts (civil, including commercial or labor contracts, primarily distance contracts) electronically (through the website or social networks, as well as through email), or in person at our office or commercial premises;
(f) Individuals whose data we have received through their provision by third parties (for example, in the case of a gift order).
PERSONAL DATA WE PROCESS
Depending on the reason necessitating the processing of personal data, the type of data may vary. The functionalities provided on the Website are not intended for storing and processing special categories of data within the meaning of Articles 9 and 10 of the Regulation. (Note! Please read Articles 9 and 10 of the Regulation here). We only require personal data that are necessary for the provision of the activity/service/product requested by us. During the use of the website by individuals, we may also process other data that do not contain personal information but relate to the subject, such as their IP address, data on their activity on the site, and similar information.
Data Provided When Placing an Order
In order to fulfill the distance contract (order) between you and ladyb.world, we require specific information from your end. You decide for yourself whether and how to use the opportunities for entering into a distance sales contract provided through the Website or Facebook page. In the forms where personal data is entered, we clearly indicate whether providing the data is mandatory or voluntary. The data that are mandatory to fill in are those without which we cannot conclude the respective contract. These include: names, email address, delivery address, contact phone number, your payment information (e.g., bank card), billing information, including Personal Identification Number (EGN) if you require an invoice for an individual. If you provide data of third parties who will receive the order (e.g., in the case of gift orders or other forms of donation), you are responsible for providing the data to these third parties.
Data Provided During Website Registration
If you choose to store information about yourself on the Website by registering a profile, we store the aforementioned data as well as the order history for each registered account on the Website. The required data coincide with those required when placing an order. Along with them, we also process the IP address, activity data (registration time and date, acceptance of the Security Policy and Terms and Conditions, logging into the account, etc.).
Data Provided When Entering into Other Contracts
In cases where ladyb.world enters into contracts with individuals other than those related to distance sales, we require three names, Personal Identification Number (EGN), address, and email address.
Data Provided by, Through, and to Other Websites and Applications, Referred to as Third Parties
In certain cases, you have the option to share information with social networks or use their websites to create your profile or link your profile on our website with the respective social network. In this case, the social network may provide us with automatic access to certain personal information they have collected about you (e.g., content viewed by you, content you liked, information about ads you have been shown or clicked on, etc.). By linking your profile on a social network to your account on our website, you authorize us to access your personal data processed by the respective social network and to collect, use, and store this information in accordance with this Security Policy. This linking of a social network profile with registration on our website is done if you click on a link provided for registration on our website through integrating with social media, thus voluntarily establishing a connection with the respective social media site. If you choose to register on our website through a social network, we may process your data such as names, phone number, email, gender, marital status, age, photo, education, birthplace, place of residence, and other data you have provided on these platforms and are visible to us if you sign in with them on our site.
If you provide your personal data to ladyb.world through Viber, Skype, Facebook, or another platform/social network, please note that these platforms/websites/social networks have their own privacy policies, and we do not accept any responsibility for these policies, as the processing by them cannot be controlled by ladyb.world. In this regard, we recommend that you review these policies before sending us your personal data through these websites/applications.
Data Provided When Posting a Comment, Review, or Publication
If you leave a comment or publication on this website, your IP address will be saved along with your name if you have provided this information. This is for the security of the website operator. If your text violates the law, the operator would want to be able to trace your identity. Additionally, ladyb.world has an obligation to store these data (referred to as "traffic data") for certain periods and purposes specified below. Due to the fact that sending comments, inquiries, and other messages to the website, Facebook page/group, or their administrators constitutes sending an electronic statement, in accordance with the Electronic Document and Electronic Certification Services Act, the administrator is obliged to maintain logs of the sending of the statement for a period of 1 year. The log includes the date of the statement, name, and email address of the sender.
Employee Data and Data Collected in Processing Job Applications
We process data when entering into employment contracts and when evaluating and processing job applications. When entering into employment contracts, we require three names, personal identification number, address, age, gender, education information, work experience, bank details, and subsequently process health data. When processing resumes, we handle names, address, email address, age, gender, education, work experience, photo, and data voluntarily provided by the candidate during an interview or in the resume.
Data Provided in the Context of Correspondence, Complaints, and Reports
In order to resolve submitted complaints, reports, disputes, inquiries, requests, or other questions sent in communication to ladyb.world, received through electronic forms on the Website, through calls to ladyb.world, or via regular or electronic mail, ladyb.world stores and processes this information, as well as the result of this processing. This information may include names, email addresses, phone numbers, and addresses.
Additionally, due to the fact that sending comments, inquiries, and other messages to the website, Facebook page, or their administrators constitutes sending an electronic statement, in accordance with the Electronic Document and Electronic Certification Services Act, we have the obligation to maintain a log of the fact of sending the statement (without its content) for a period of 1 year. The log contains the date of the statement, name, and email address of the sender, and the identification of the sender.
If you provide us with personal information about someone else, you should do so only with that person's authorization. You should inform them how we collect, use, disclose, and store personal information in accordance with this Privacy Policy for the Personal Data Security of Individuals.
Technical Data Collected During Use of the Website
In addition, we collect information from your computer, phone, tablet, or other device that you use. This information may include the following:
- Device Identifier: The type of device you use, a unique identifier for the device, and "log data," including information that your browser automatically sends to us when you visit a website. This log data includes your IP address, the addresses and activities of the websites you visit, searches, browser type and settings, date and time of your request, how you used the site, cookie data, and device data. For more details about the information we collect, please contact us via the contact form.
- Location Information: Information about your location transmitted by your device if you have set it to show location data. Please note that mobile devices allow you to control or disable location services from any app in your device’s settings menu.
- Computer and Connection Information: Such as page view statistics, IP address, browsing history on the site, language settings, date, and time.
- Search Logs: Quick links to repeat previous searches allow you to repeat your searches without entering them each time. This functionality can be used with or without registration. When using the site in your browser, a cookie with a randomly generated number is stored, enabling the site to show quick links for repeating previous searches. The site stores and displays the last 10 searches associated with that browser, which can be saved and used in your account if you log in. If you use the service with registration (currently an inactive feature), the last 10 searches are stored in your account.
- Security Logs, Technical Support, Development, and More:
- To ensure the reliable functioning of services and identify technical issues.
- To ensure the security of services and detect malicious activities.
- To develop and improve services on the site.
- To measure site traffic and usability.
- Logs required by law (e.g., logs of electronic declarations).
- Login logs: This log helps identify and automatically block unauthorized attempts to access accounts. It is maintained for up to one year and includes the date and time of account access, status, whether the login was via mobile, application, or desktop browser, and IP address.
- Server logs, security device logs (Web Application Firewalls), and other similar devices. These logs are necessary to identify technical issues, detect malicious activities, and other stated purposes. They are stored for up to one year and may include information such as date and time, IP address, URL, browser and device information. Some devices may use security technology based on cookies.
- Cookies: Cookies are essential for the functioning of the site. A Cookie Policy has been adopted in this regard; please review the Policy for more details about the types of cookies we use, their retention periods, and other related information.
We may choose to reduce the volume of data we store and process according to the purposes of processing.
We do not require, and will not collect or process personal data revealing: racial or ethnic origin; political, religious, or philosophical beliefs; membership in trade unions; genetic and biometric data; health data; or data related to sexual life or sexual orientation. If a subject voluntarily provides such categories of data, ladyb.world is not responsible for providing them but is obligated to apply the same protection measures as are provided for requested personal data. We do not transfer data to third countries. We also do not make automated decisions regarding personal data and do not process data of individuals under 16 years old. If you are under 16 years old, you should not provide us with personal data about yourself.
FOR WHAT PURPOSES DO WE PROCESS YOUR DATA
The main purpose for which WE process your personal data is generally related to providing services through the Website and social networks, specifically entering into distance sales contracts and delivering the goods and services ordered by you, as well as accounting for revenues. We use your personal information to provide and improve our Services, to offer you a personalized experience on our website, to communicate with you regarding your profile and our Services, to provide customer service, to deliver personalized advertising and marketing based on your interests, to conduct contests and games organized by us, and in certain cases, for the disclosure and investigation of fraudulent or illegal activities.
ladyb.world collects, uses, and processes the information described above for the purposes outlined in this Policy, which may be connected with:
- Entering into purchase-sale contracts for goods/services at a distance between you and ladyb.world through the Website or social networks - we require your data for identification, contact, and payment to enter into a contract with you or to send you the order.
- Entering into consumer credit agreements when you have applied to purchase goods or services through the Website using credit.
- Processing payments and preventing fraudulent transactions (we may disclose your data to a third party to perform these functions).
- Entering into employment contracts and processing and evaluating submitted resumes.
- Protecting and enforcing the legitimate interests of other users of the Services, third parties, and the Website - legitimate interests pursue goals related to the lawful interests of ladyb.world and/or third parties. These purposes include:
- Identifying and resolving technical or functional issues, developing and improving the functionality of the Website.
- Communicating with you, including electronically, on important matters related to the services we provide and the execution of contracts entered into.
- Directing our marketing efforts, updating services, and offering promotional offers based on your preferences.
- Receiving and processing reports, complaints, requests, and other correspondences.
- Safeguarding the rights and legitimate interests of the Website, including judicially, and providing assistance in safeguarding the rights and legitimate interests of other users of the site and/or affected third parties.
- Administering the website and the application and maintaining their security and safety.
- Analyzing and improving the use of our website, application, and retail business (including using information on how you navigate our website, app, and/or stores).
- Measuring and analyzing our advertising and sending you recommendations and suggestions based on the information you share with us.
- Communicating with you regarding your profile, resolving profile issues. When we contact you by phone for efficiency, we may use automated or prerecorded calls and text messages.
- Informing you about products and services to which you wish to receive information via email, mail, mobile phone, and/or other digital means (depending on your stated preferences), including social media platforms - only when we have obtained explicit consent from you for that purpose.
- Registering on the website (in this case, we will use your personal information to maintain and update your profile (such as changing your address or updating your marketing preferences).
- Administering all contests/raffles/lottery games conducted by ladyb.world.
- Providing you with location-based services (such as advertising, search results, and other personalized content).
- Fulfilling legal obligations of ladyb.world, which include:
- Compliance with statutory obligations to retain or provide information for tax purposes (e.g., based on accounting laws and other tax laws - VAT, personal income tax, corporate income tax, etc.).
- Compliance with legal obligations under the Labor Code, Commercial Register Act, Non-profit Legal Entities Register, and other regulatory acts.
- Compliance with directives issued by competent government or judicial authorities (e.g., based on criminal procedure code, penal code, energy law).
- Fulfilling obligations outlined in the General Data Protection Regulation, concerning informing you about various circumstances related to your rights, the services provided, or data protection, and similar obligations.
- Fulfilling obligations defined in the Consumer Protection Act, such as ensuring the right to withdraw, the right to legal guarantee.
- Protecting ladyb.world through legal means.
Your data may be processed based on your explicit consent, with processing in this case being specific and within the scope outlined in the relevant consent. We typically request such consent from you when we intend to process your personal data without a legal obligation or legitimate interest for ladyb.world. Most often, this consent is required when we want to provide you with information about new promotions, products, and others.
DURATION OF STORAGE OF YOUR PERSONAL DATA
In storing data, we apply the general principle of storing data in a minimal amount and for a period not longer than necessary for providing the Services and fulfilling the contracts, ensuring their security and reliability, and complying with legal requirements. We will retain your personal information for a period necessary to achieve the purposes outlined in our current "Privacy Policy," unless required by law or on the basis of our legitimate interest to retain it for a longer period. Depending on the type of data and the purposes for which they are collected, a specific retention period is determined, after the expiration of which the information is permanently erased.
Data Type: Registration Data (name, surname, email address, telephone, address) and Information regarding registration process and acceptance of Terms (date, time, IP address)
Storage Period: The data will be retained for the entire duration of maintaining the account on the website and up to 5 years after the registration is terminated.
Legal Basis:
Performance of Contractual Obligations, Compliance with Legal Obligations, Protection of Legitimate Interests
Explanation:
Your data identifies you as a registered user on the Website. In order to resolve any possible disputes arising or becoming known after the termination of the agreement for using the Website and in connection with the PDPA (see below), this data will be stored for a period of up to 5 (five) years after the account termination.
Important! According to the PDPA (see below), part of this data (activity, IP address) must be stored by the administrator for a period of up to 1 (one) year after the account termination. The extension of the storage period is due to the protection of the legitimate interests of the administrator.
Personal data from orders and from invoices issued or received by the administrator, payment documents (orders, withdrawals), reports, and other accounting, reporting, and payment documents.
Personal data from employee personnel files.
Retention Period:
For the period during which the rights and obligations of the parties to the relationship for which the accounting, reporting, or payment document was issued are in place, up to 5 years from the termination of the relationship;
Certain data are retained for a longer statutory period than indicated above since they represent accounting information – transaction data, invoicing data - between 5 and 50 years.
Legal Basis:
Compliance with legal obligations and protection of the legitimate interests of the administrator.
Explanation:
Your data identifies you as a party to the distance sales contract and is stored to ensure your rights or to fulfill our legal obligations as taxpayers. The retention is necessary to safeguard the rights of buyers (individuals), especially when a specific period is provided (e.g., a 2-year warranty). Legal obligations also require determining the storage period in the manner described.
According to Article 38 of the Tax and Social Security Procedural Code (TSSPC), accounting and commercial information, as well as all other information and documents of significance for taxation and mandatory social security contributions, are stored by the obligated person in accordance with the National Archives Act, within the following deadlines: payroll records - 50 years; accounting registers and financial statements - 10 years; tax and social security control documents - 5 years after the expiration of the statute of limitations for the settlement of the public obligation related to them; all other media - 5 years. According to Article 38, paragraph 2 of the TSSPC, after the expiration of their storage period, information carriers as per paragraph 1 (paper or technical media), which are not subject to transfer to the National Archives, may be destroyed.
Personal data from correspondence, complaints and signals, requests, initiatives
Retention Period
Data from correspondence, complaints, signals, requests, initiatives are stored for a period of up to 5 years based on the Obligations and Contracts Act (statute of limitations for filing claims);
Basis
Protection of the legitimate interests of the data controller.
Explanation:
In order to resolve submitted complaints, reports, disputes, inquiries, requests, or other questions sent in communication to Us, received through electronic forms on the Website, or by regular or electronic mail, We store and process this information along with the result of this processing. Considering the statutory limitation periods under Bulgarian legislation for the resolution of disputes, this information is retained for a period of up to 5 years.
Log confirming the sending of a comment, inquiry, order, or other expression of will (contains sender, recipient, date, and time of the statement)
Retention Period
For a period ranging from 1 (one) to 5 years.
Basis
Compliance with legal obligations and protection of the legitimate interests of the data controller.
Explanation:
As the sending of a comment, feedback, inquiry, or any other statement constitutes the transmission of an electronic declaration from your side to us in accordance with the Electronic Document and Electronic Certification Services Act, the company is obliged to maintain a log of the sending of the statement for a period of 1 (one) year.
The legitimate interest of the data controller allows, in certain cases, for extending the data retention period for these records up to 5 years from the date of the statement.
Quick Searches
Do not contain personal data.
Retention Period
Until their deletion by you; until the termination of your registration, or up to 6 (six) months if you use this functionality without registration.
Basis
Consent of the data subject and protection of the legitimate interests of the data controller.
Explanation:
This option allows you to repeat your searches instead of entering them every time. The functionality can be used with or without registration. Quick links to repeat the last 10 searches are stored. You can change this setting from the browser you are using.
Settings and System Logs
Do not contain personal data; they may contain information such as: date and time, IP address, URL, browser version, and device information.
Retention Period
Until deletion by you or until termination of your registration. In case they are stored in cookies - between 6 (six) and 12 (twelve) months from the last use.
Basis
Consent of the data subject. Compliance with legal obligations and protection of the legitimate interests of the data controller.
Explanation:
In this category fall settings such as language selection and similar preferences. You have control over these settings and can change them through your browser.
Server logs, logs from security devices (Web Application Firewalls), and others fall into this category. These logs are necessary for identifying technical issues and/or detecting malicious activities.
Information stored in a mobile application.
For the duration of its use (until it is uninstalled).
Information necessary for the technical provision of the Services (such as settings and others).
Cookies
Retention Period:
Between 6 and 12 months – depending on the type of cookie and your browser settings.
Legal Basis:
Consent from the data subject and protection of legitimate interests of the data controller.
For a description of the cookies used, please see the "Cookie Policy."
Exceptions to the rules for data retention periods
Please note that we will not delete or anonymize your personal data if it is necessary for pending judicial, administrative, arbitration, enforcement proceedings, or processing of your complaint before us. Deletion will be carried out once the need for the data has expired, which may occur after the deadlines stated above.
You may always request us to delete specific information or close your account, and we will respond to such requests by retaining certain information even after the account closure, where applicable legislation or legitimate interests require it. If we are legally obligated or reasonably necessary to comply with regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms, we may retain some of your personal information for a limited period, even after you have deleted your profile.
In order to ensure the reliability of the services and protect against data loss for technical reasons, the Site implements a data retention policy. The maximum period for updating (deleting data) from all backups is 30 days.
DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES
ladyb.world, respectively the Site, does not provide your personal data to third parties unless there is a legal basis for doing so – legal obligation or contract, legitimate or vital interest, your consent. We strive to minimize the personal data we disclose, which is always directly related and necessary for achieving a specific purpose. We do not sell, rent, or otherwise disclose your personal information to third parties for their marketing and advertising purposes without your consent. We ensure that access to your data by private entities - third parties is done in accordance with legal provisions in the field of data protection and information privacy, based on contracts concluded with them.
We may disclose your personal data when we are subject to a legal obligation. In certain cases, ladyb.world is obligated to disclose your data to public authorities such as police, prosecutor's office, court, in connection with the prevention or disclosure of crimes. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction. You should be aware that if requested by the police or other regulatory or governmental body investigating alleged illegal activities, the provision of your personal information or other information we have about you, may be done by us after verifying the legitimacy of the request from the government authorities. When we receive revenues from sales, we may be obliged by the revenue authorities to provide sales data, including data from your orders, including personal data. In this regard, we provide your data to the accounting companies we work with. It is a legal obligation of the Site and ladyb.world to protect the security of the networks and data processed by the company. In this regard, we implement a series of measures, the implementation of which may require the processing of your data by IT companies responsible for the security in our company.
Contractual obligation to provide your data may exist when we have concluded a distance selling agreement with you, under which we are obliged to provide the product or service requested by you via courier. The same applies if you choose to purchase and pay for a product or service from our Site through payment, credit, or banking services, where you personally share your data with their providers or entrust this to us. If you choose to insure a product/service during the purchase through the Site, your data is shared with the insurance companies through the order. If we install a purchased product through a subcontractor, we may provide your data to them to perform the service/warranty service.
Our legitimate interest justifies, in certain cases, the disclosure of personal data to third parties. This would be the case in proceedings before the Commission for Personal Data Protection, the Consumer Protection Commission, and other state authorities. Legitimate interest also exists for ladyb.world when we engage other companies and individuals to perform certain tasks on our behalf that complement our services, within the framework of data processing agreements. We always aim to keep you informed about the best offers for products/services you are interested in. In this regard, we may provide certain of your data – only with your explicit consent, to providers of marketing/telemarketing services and other companies with which we may develop joint programs for selling our products and services on the market.
Our website may contain links to and from third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for these policies. Please check these policies before submitting information to these websites.
TO WHICH COUNTRIES WE TRANSFER YOUR PERSONAL DATA
We hereby store and process your personal data in Bulgaria.
Nevertheless, it is possible and some of your personal data may be transferred to entities located within the European Union or outside it, including to countries that the European Commission has not recognized as having an adequate level of data protection.
We always take steps to ensure that every international transfer of personal data is carefully handled to protect your rights and interests. Transfers of your data to service providers and other third parties will always be protected by contractual obligations and, where applicable, additional safeguards, such as the European Commission's standard contractual clauses, and certifications, such as the Privacy Shield for transfers from the EU to the United States."
We will take all necessary steps to ensure that your data is treated securely and in accordance with this Privacy Policy.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
According to the General Data Protection Regulation, you have the following rights:
Right to information
This Policy aims to provide you with detailed information about the processing of your personal data. When there is a risk of a breach of the security of your personal data, the administrator is required to inform you of the nature of the breach and the measures taken to address it, as well as whether the supervisory authority has been notified of the breach. Additionally, the data subject may request information about all recipients to whom the personal data, for which correction, deletion, or restriction of processing has been requested, have been disclosed.
Right of Access
You have the right to obtain confirmation of whether your personal data is being processed, access to it, and information about how it is processed and your rights in relation to this. As a data subject, you have the right to request confirmation of whether your personal data is being processed and, if so, to access your data and receive the following information: the purpose of processing, the types of personal data, the recipients of the data, and the duration of processing. Requests for access must be made in writing or electronically and addressed to the administrator. In this case, we provide a copy of the processed personal data in electronic or other suitable form.
Right to Rectification
You have the right to rectify and supplement your personal data if it is incomplete or inaccurate. For registered users, this option is also available in the user panel on the website. Unregistered users can obtain this information by making a request to the administrator. As a data subject, you have the right to request the rectification or supplementation of your personal data if it is inaccurate, outdated, or incomplete. To do this, you must submit a separate request. The administrator will respond to your request in writing to the electronic address you provided.
Right to Erasure (Right to be Forgotten) and Account Closure
As a data subject, you have the right to be "forgotten," meaning you can request that your personal data be erased without undue delay. This means that the administrator must delete your personal data from all systems and records where it is stored, including notifying all third parties/processors to whom the data has been provided.
If you wish, you have the option to close your account on the site at any time. This option is also available in the user panel on the site. After the account is closed, all data or part of it will be deleted. In relation to our obligations, responsibilities, and legal requirements (e.g., GDPR or other applicable regulations), we may retain certain data for a specified period (see the section above).
To ensure the reliability of services and prevent data loss due to technical reasons, the site implements a data backup policy. The maximum period for updating (deleting data) from all backups is 30 days.
Requests for deletion can be made on the grounds provided in the Regulation, including in the presence of any of the following grounds:
- The personal data is no longer necessary for the purposes for which it was collected;
- When you have withdrawn your consent;
- When you have objected to the processing of personal data and there are no overriding legal grounds for processing;
- When the processing is unlawful;
- When the personal data needs to be erased to comply with a legal obligation under Union law or the law of a member state applicable to the administrator;
- When the personal data was collected in relation to the offering of information society services.
Please note that we may refuse to delete part or all of your personal data in cases where there is a significant basis and/or legal obligation for its processing. You will be promptly informed about this. The administrator may refuse to erase personal data on the grounds specified in the Regulation when the processing of the specific data is necessary for:
- Exercising the right to freedom of expression and information;
- Compliance with a legal obligation requiring processing under EU law or the law of the member state applicable to the administrator, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the administrator;
- Reasons of public interest in the area of public health;
- Archiving purposes in the public interest, for scientific or historical research, or for statistical purposes;
- Establishing, exercising, or defending legal claims.
Right to Restriction of Processing
The General Data Protection Regulation (GDPR) provides for the possibility to restrict the processing of your personal data if there are grounds for doing so as specified in the Regulation. Restriction is permitted in the following cases:
- When you believe that your personal data is inaccurate, in which case the restriction is for a period necessary for the administrator to verify the accuracy;
- When the processing of your personal data is unlawful, but you do not wish for it to be erased and only wish to restrict its use;
- When the administrator no longer needs your personal data for processing purposes, but you, as the data subject, require it for the establishment, exercise, or defense of legal claims;
- When you have objected to processing, pending verification of whether the legitimate grounds of the administrator override your interests.
Right to Notification to Third Parties
Where applicable, you have the right to request that the administrator of your personal data notify third parties to whom your data has been provided, regarding any correction, deletion, or restriction of the processing of your personal data.
Right to Data Portability
You have the right to receive the personal data concerning you that you have provided, in a structured, commonly used, and machine-readable format, and the right to transfer this data to another administrator without hindrance from our side, provided that the processing is based on consent or contractual obligation or is carried out by automated means.
**Important:** Responsibility for the storage of data exported from the site, as well as for any consequences of providing it to other administrators, rests entirely with you.
Right Not to Be Subject to Decisions Based Solely on Automated Processing
You have the right not to be subject to automated processing, including profiling, that produces legal effects concerning you or significantly affects you in a similar manner, unless such processing is based on grounds provided for in applicable data protection legislation and appropriate safeguards for protecting your rights, freedoms, and legitimate interests are in place.
Right to Withdraw Consent
You have the right to withdraw your consent at any time, which you provided in connection with the processing of personal data based on your prior consent. Such withdrawal does not affect the lawfulness of processing based on the consent before its withdrawal. For services like email subscription alerts, where the subscription is based on your consent, there is an option to unsubscribe at any time (withdrawal of consent). In the event of a withdrawal of consent, we have the right to request that the identity of the requester be verified to establish the identity of the person to whom the data pertains.
Right to Object
You have the right to object to data processed based on legitimate interests. In the event of such an objection, we will review your request and, if it is justified, we will act on it. If we believe there are compelling legal grounds for the processing or that it is necessary for the establishment, exercise, or defense of legal claims, we will inform you of this.
Right to Lodge a Complaint with a Supervisory Authority
You have the right to file a complaint against our company (data controller) with the supervisory authority if you believe that the processing of personal data concerning you violates applicable data protection legislation. The supervisory authority in the Republic of Bulgaria is the Commission for Personal Data Protection, located at: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., email: kzld@cpdp.bg, website: www.cpdp.bg, phone: 02 915 3 518.
HOW YOU CAN EXERCISE YOUR RIGHTS. RESPONSE TIMES
You may exercise the rights free of charge at any time, via email or by submitting a request to the addresses specified in the contact form on the website or at the end of this Privacy Policy. You can address your requests to both the administrator and directly to the Data Protection Officer. Requests must be made in a way that allows the identity of the requester to be verified. For some rights, technical means for exercising them may be available, such as an unsubscribe button. In all cases, the administrator is required to respond to the request or address the exercised right to the address provided in the request, including electronically, within one month of receipt.
If you exercise these rights in a manifestly unfounded or excessive manner, particularly due to their repetitive nature, we reserve the right to impose a reasonable fee, considering administrative costs for providing the information or communication or taking the requested actions, or to refuse to act on the request. We will inform you of our fees, if applicable, before proceeding with your request.
ACCURACY OF INFORMATION
We are not responsible for the accuracy of the data you provide, do not conduct checks in this regard, and do not guarantee the actual identity of the individuals who have provided the data. In cases of doubt, suspected fraud, and/or abuse, please notify us immediately. You are required to ensure that when providing any information on the site, you do not infringe on the rights of others regarding the protection of their personal data or any other rights.
GENERAL INFORMATION ABOUT THE POLICY
This Privacy Policy may be changed or supplemented due to changes in applicable Bulgarian or European legislation, at the initiative of ladyb.world or a competent authority.
ladyb.world will inform users of changes or additions to this Privacy Policy by publishing the updated Privacy Policy on our website.
It is advisable for users to periodically check the most current version of this Privacy Policy on the ladyb.world website.
HOW WE PROTECT YOUR RIGHTS
SECURITY MEASURES
To ensure the best possible protection of the company’s data and our clients/users/contractors/visitors on the website, WE implement all necessary organizational and technical measures as provided by the General Data Protection Regulation and the Data Protection Act, as well as best practices from international standards. We apply appropriate and necessary levels of protection and have developed effective physical, electronic, and administrative procedures to safeguard the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to transmitted, stored, or otherwise processed personal data.
We store your data on secure servers using the latest encryption algorithms and ensure backup storage.
The company has adopted necessary rules and procedures related to the lawful processing of your personal data, including a Data Breach Response Plan, established structures to prevent abuse and security breaches, and designated a Data Protection Officer to support lawful processing, protection, and security of your data.
Access to your personal data is only granted to those employees, service providers, or affiliated individuals on a need-to-know basis for work purposes or who require it to fulfill their job duties. All employees/workers are required to be trained and to agree to relevant contractual clauses/declarations/rules for compliance with organizational and technical access measures before being granted access to any information.
A principle in our structure is that all employees/workers are responsible for ensuring the security of the data they handle and that we process, and that data is securely stored and not disclosed under any circumstances to third parties unless such rights have been granted to the third party through a contract/confidentiality clause. In this regard, all personal data is accessible only to those who need it, and access can only be granted in accordance with established access control rules. All personal data is treated with the utmost security and is stored:
- In a secure room with controlled access; and/or
- In a locked cabinet accessible only to authorized persons; and/or
- In a computerized system protected by a password according to internal requirements specified in organizational and technical access control measures; and/or
- On computer media protected in accordance with organizational and technical access control measures.
Personal data is deleted or destroyed only in accordance with internal procedures for data retention and destruction.
For maximum security in processing, transmission, and storage of your data, we may use additional protective mechanisms such as encryption, pseudonymization, and backup technology.
We use a payment service provider for processing payments. All payment information is encrypted using SSL technology.
When you post on forums, chat rooms, or social network services, the personal information you share is visible to other users and may be read, collected, or used by them. In such cases, you are responsible for the personal information you choose to provide.
Despite the measures we implement to protect your personal data, we acknowledge that the transmission of information over the internet or other public networks is not entirely secure, and there is a risk that data may be viewed and used by unauthorized third parties. We cannot assume responsibility for such vulnerabilities in systems not under our control. In the event of a data breach involving personal data, we guarantee that we will comply with all applicable notification requirements in such cases.
COOKIE POLICY
As an integral part of this Privacy Policy for individuals, ladyb.world has also adopted a Cookie Policy, which is published and accessible both on the website and on our Facebook page.
CONTACT US
DATA PROTECTION OFFICER
Questions and requests related to exercising your rights regarding the protection of your personal data can be directed to ladyb.world through the contact form available on the website or using one of the following contact methods:
"Beonova Bulgaria" Ltd., UIC 207360483, VAT No. BG 207360483, with its registered office and address of management at: Sofia, 1000, Sredets District, 54 Khan Asparuh Street, Floor 1, Office 1, e-mail: info@ladyb.world
COOKIE POLICY
Effective from: 08.08.2024
SUBJECT
This policy relates to cookies or similar tools on the website www.ladyb.world (hereinafter referred to as "the Site," "Website," or "Webpage"), operated by "Beonova Bulgaria" Ltd., UIC 207360483, VAT № BG 207360483, with its registered office and management address at Sofia, 1000, district "Sredets," 54 Khan Asparukh Street, floor 1, office 1, e-mail: info@ladyb.world (hereinafter referred to as "We").
When you first visit www.ladyb.world, we will ask you to accept the use of "cookies" in accordance with these rules. By using our website and accepting these rules, you agree to our use of cookies.
NATURE OF COOKIES
A cookie is a small file composed of letters and numbers that is stored on your computer, mobile device, or other equipment when you access the internet. The cookie is installed through a request sent from the server of a webpage to the browser (e.g., Internet Explorer, Chrome) and is entirely "passive" (it does not contain software programs, viruses, or spyware and does not access the user's hardware information).
PURPOSE OF USING COOKIES
We use cookies or similar tools on our site to improve its performance and your experience in accordance with all applicable standards and legislation. In general, the purpose of cookies is to ensure the effectiveness and usefulness of our Site, to ensure its proper functioning, and to remember important actions (e.g., what you have chosen in the "cart," which pages of the Site you visit most frequently, whether you have saved certain settings, and if you receive error messages from certain pages). With the help of cookies, the Site accurately displays the availability of products that you can add to your shopping cart.
Cookies enable us to recognize the user’s device and present content in a way adapted to the user's preferences. Cookies provide users with a pleasant browsing experience and help the Site offer suitable goods and services, such as privacy preferences online, items in the cart, or targeted advertising. They are also used to prepare anonymous statistics that help us understand how a user prefers to use our websites, allowing us to improve their structure and content without identifying the user personally. Thanks to cookies, the Site accurately displays the availability of products that you can add to your shopping list in the cart.
WHAT COOKIES WE USE
Our site uses several types of cookies – essential cookies, session cookies, and third-party cookies.
Essential Cookies
These are strictly necessary for the site to function and are stored as a file on your computer or mobile device for a long period, usually for the duration specified by the cookies or until manually deleted by the user. We use these cookies to verify the authenticity of our users when they use the site so that we can provide our services or to enforce our Terms of Service and maintain the security of our services.
Session Cookies
Session cookies are temporary files that remain on your device during your visit to our website and are active until the end of your user session or until the application (web browser) is closed, after which they are deleted. We may use session cookies, for example:
- To allow you to navigate between different pages of our site without having to log in again;
- To recognize you when you return to our site to use our services.
Third-Party Cookies and Technologies, Including Pixels
We also use some third-party cookies as part of our services. These cookies are managed by the respective sites and are not controlled by us. Below are the third-party cookies we use, some of which can be disabled through your browser's general settings. For others, you need to visit the relevant technology provider's or browser's site and follow the provided instructions. These service providers may collect your IP address and information that does not allow personal identification of your visits to our site. Some of these advertising cookies enable the display of our ads while you visit other websites. This non-personal identification information is anonymous according to these third parties' privacy policies and does not include your name, address, email address, or other personal information, though your IP address may be collected. Anonymous information is collected using pixel tags (also known as "cookies" and action tags), which is standard technology used by most large websites. These cookies and technologies are often called targeting cookies and are used to deliver ads that are more relevant to you and your interests; limit the number of times you see an ad; measure the effectiveness of an advertising campaign; and track user behavior after seeing an ad. They are usually installed on behalf of advertising networks with the site's operator's permission. They remember that you have visited a site and are often linked to functionality provided by another organization.
-We use Doubleclick.net for remarketing and Google display ads.
-We use Facebook to track user actions after they have seen or opened an ad on Facebook. This allows us to monitor the effectiveness of Facebook ads and gather data for statistical purposes. The data collected this way is anonymous to us, and we do not receive information about users' identities. However, Facebook stores and processes the data, so there is a possibility of linking it to the relevant user profile, and Facebook may use the information for its own advertising purposes, in accordance with Facebook's data use policy.
- We use Google Analytics to generate statistics about site traffic and traffic sources.
- We use MailerLite or similar companies to allow unregistered users to subscribe to our free newsletter.
- We use Yandex.ru to generate information about orders, site visits, and ad displays.
- We use Intercom to enable the chat feature available on the Site.
- We use pixel tags (web beacons), which do not place information on your device but may work in conjunction with cookies to monitor website activity.
LINKS TO OTHER SITES
The Site contains links (so-called "links") that, if followed, may lead you to the websites of other companies and organizations. For example, if you click on a Facebook “Like” button or log in through this social network on our Site, you will share data with these third parties. We are not responsible for their content and data protection strategies. These other websites, services, and applications may set their own cookies on users' computers, collect data, or require personal information.
DO COOKIES CONTAIN PERSONAL DATA
Cookies themselves do not require personal information to be used and generally do not identify internet users personally. Personal data collected through the use of cookies can only be collected to facilitate user use. This data is encrypted in a way that prevents unauthorized access.
CAN COOKIES BE BLOCKED AND HOW
Generally, a web browser allows the default setting to accept cookies. These settings can be changed to block automatic handling of cookies by the web browser or to notify the user every time cookies are sent to their device. Detailed information on options and methods for managing cookies can be found in the browser's settings. Limiting the use of cookies may affect some functionalities of the website.
Most browsers allow you to refuse cookies; for example:
- In Internet Explorer (version 10), you can block cookies by using "Settings," "Internet Options," "Privacy," and then "Advanced."
- In Firefox (version 24), you can block all cookies by clicking "Tools," "Options," "Privacy," selecting "Use custom settings for history" from the drop-down menu, and unchecking "Accept cookies."
- In Chrome (version 29), you can block all cookies by opening the "Customize and control" menu, clicking "Settings," "Show advanced settings," and "Content settings."
Blocking all cookies will have a negative impact on the usability of many websites. If you block cookies, you will not be able to use all features of our website.
DELETING COOKIES
You can delete cookies that are already stored on your computer; for example:
- In Internet Explorer (version 10), you need to manually delete cookie files (you can find instructions [here](https://support.microsoft.com/en-us/help/278835/how-to-delete-cookie-files-in-internet-explorer)).
- In Firefox (version 24), you can delete cookies by clicking "Tools," "Options," and "Privacy," then selecting "Use custom settings for history," clicking "Show Cookies," and removing them.
- In Chrome (version 29), you can delete all cookies by opening the "Customize and control" menu, clicking "Settings," "Show advanced settings," and "Clear browsing data" and other site and plugin data before clicking "Clear browsing data."
Deleting cookies will have a negative impact on the usability of many websites.
WHY COOKIES ARE IMPORTANT ON THE INTERNET
Cookies are central to the effective functioning of the internet, helping to create a model of each user's preferences and interests. Refusing or disabling cookies may make some websites unusable.
Refusing or disabling cookies does not mean that you will stop receiving online ads, but it does mean that these ads will no longer appear based on your preferences and interests collected through your browsing behavior.
Examples of important roles of cookies (which do not require account authentication):
- **Content and services adapted to user preferences** – categories of products and services.
- **Offers adapted to user preferences** – remembering passwords.
- **Remembering child protection filters for internet content** (e.g., family mode, safe search).
- **Limiting ad frequency** – restricting how often a particular ad is shown to a user on the site.
- **Providing ads that might interest the user**.
- **Measuring, optimizing, and analytics features** – confirming website traffic levels, the types of content displayed, and how users reach a website (e.g., search engines, direct access, other websites). Websites develop these analyses and their use to improve the site for users.
SECURITY AND PRIVACY
Cookies ARE NOT viruses! They are simple text files. They do not consist of code segments, so they cannot be executed or run on their own. Therefore, they cannot be duplicated or copied onto other networks to launch or replicate themselves. Since they cannot perform these functions, they cannot be considered viruses.
However, cookies can still be used for malicious purposes. Since they store information about user preferences and browsing history both on a specific site and across many others, cookies can be used as a form of spyware. Many anti-spyware programs are not aware of this and continuously flag cookies for removal during removal/scanning/anti-virus/anti-spyware procedures.
Browsers generally have built-in privacy settings that offer various levels of cookie acceptance, expiration periods, and automatic deletion after the user visits a site.
Other security aspects related to cookies:
Since data protection is crucial and represents every internet user's right, it is recommended to be aware of potential issues that cookies might create. Cookies continuously send bidirectional information between the browser and the website, and if a hacker or other unauthorized person intervenes during data transmission, cookie-containing information might be intercepted.
In rare cases, this can occur if the browser connects to the server using an unencrypted network (e.g., unsecured wireless network).
Another type of cookie-based attack involves incorrect cookie settings on the server. If a website does not require the browser to use only encrypted channels, hackers may exploit this vulnerability to trick browsers into transmitting information through unprotected channels. Hackers then use this information for unauthorized access to websites. It is very important to be cautious in choosing the most appropriate data protection measures.
TIPS FOR SECURE AND RESPONSIBLE BROWSING BASED ON COOKIES
Due to their flexibility and the fact that most popular and major websites use cookies, they are almost unavoidable.
Disabling cookies will prevent users from accessing widely used sites, such as YouTube, Gmail, Yahoo, and others.
All modern browsers offer the option to change cookie settings. These settings are typically found in the "options" or "preferences" menu of your browser, allowing you to customize cookie usage in your browser.
RETENTION PERIODS FOR COOKIE DATA
Please review our Privacy Policy, which provides detailed information on the retention periods for cookie data and similar technologies.
CONTACT US
For questions and requests related to exercising your data protection rights, you can contact us through the contact form available on the Site or via the following contact details:
Beonova Bulgaria Ltd.
VAT Number: BG 207360483
Address: Sofia, 1000, "Sredets" District, 54 Han Asparuh Street, Floor 1, Office 1
Email: info@ladyb.world
DATA PROTECTION OFFICER
Correspondence Address: Sofia, 54 Han Asparuh Street, Floor 1, Office 1
Email: info@ladyb.world