1.1. concluding and executing contracts for purchase and sale of goods with customers of the online store let-out.se, sending orders to customers, receiving payments, exercising the right to refuse purchased goods, return of goods for exchange, satisfaction of claims , as well as any other goals related to the implementation of the concluded contracts for purchase and sale of goods with the customers of the online store let-out.se;
1.2. creating and maintaining a customer profile when registering in the online store let-out.se;
1.3. sending an information bulletin (newsletter) and marketing proposals to the client through any type of electronic communication, including e-mail and telephone;
1.4. financial and accounting activities, implementation of the provisions of the Accounting Act, the Value Added Tax Act, CITA and other applicable regulations;
1.5. to improve services, including the creation of new functionalities of the e-shop, to make informative business decisions through the use of summary analysis and business research;
2. CATEGORIES OF PERSONAL DATA BEING PROCESSED
2.1. For fulfillment of the objectives under item 1, sub-item 1.1. of this Policy (conclusion and execution of contracts for purchase and sale of goods with customers of the online store let-out.se) let-out.se processes the following personal data – name, surname, delivery address, email address, telephone number, Bank account;
2.2. For fulfillment of the objectives under item 1, sub-item 1.2. of this Policy (creation and maintenance of a client’s profile when registering in the online store let-out.se) let-out.se processes the following personal data – email address and login details; when registering with a Google Account: name, surname and email; when registering with a Facebook profile: name and surname, as they are visible in the Facebook profile, photo on the Facebook profile and email address;
2.3. For fulfillment of the objectives under item 1, sub-item 1.3. of this Policy (sending newsletters and marketing proposals) let-out.se processes the following personal data – email address and telephone number of the client;
2.4. For fulfillment of the objectives under item 1, sub-item 1.4. from this Policy (financial and accounting activity) let-out.se processes the following personal data – name, surname, PIN and billing address (in case of issuing an invoice to an individual); payment and transaction data;
2.5. For fulfillment of the objectives under item 1, sub-item 1.5. of this Policy let-out.se processes the following personal data – cookies (in case the client has cookies enabled in his web browser, the Company processes records of behavior from cookies located on the website), IP address, data provided by the browser to customer, click data, products visited.
2.6. let-out.se does not store credit / debit card data
3. DEADLINES FOR STORAGE OF DIFFERENT CATEGORIES OF DATA
3.1. Personal data provided in connection with online orders are stored for a period of 5 (five) years in order to protect the legal interests of the Company in litigation or administrative disputes with customers of the e-shop, and accounting documents are stored for the statutory period;
3.2. Personal data provided when registering an account on the let-out.se website are stored for a period not longer than the existence of the customer’s account on the website. After the expiration of this period, the Company takes the necessary care to delete and destroy this data without undue delay.
3.3. Personal data provided for the receipt of newsletters and marketing proposals are stored until the withdrawal of consent for their processing;
3.4. Personal data provided for financial and accounting activities shall be stored for the respective statutory period;
3.5. Personal data processed for the purposes of item 1, sub-item 1.5. of this Policy – until the fulfillment of the purposes for which they are collected.
4. CATEGORIES OF RECIPIENTS TO WHOM PERSONAL DATA CAN BE DISCLOSED
4.1. to the natural persons to whom the data relate;
4.2. to persons, if provided for in a normative act;
4.3. to persons processing personal data;
4.4. of the owners of Dilis AMS EOOD.
Personal data is not disclosed to recipients in third countries and international organizations.
“Let-out.se” processes the personal data of the users on the basis of the contract concluded between the User and “let-out.se”.
The user agrees to the processing of his personal data to receive a newsletter and marketing proposals by marking a checkbox.
The user can withdraw from the given consent at any time by marking a checkbox, which is located in the customer center of each registered user.
5. CONSUMER RIGHTS
Each User of the site enjoys all rights to personal data protection under Bulgarian law and European Union law.
Each User has the right to:
● Awareness (in connection with the processing of personal data by the administrator);
● Access to your own personal data;
● Adjustment (if data is inaccurate);
● Deletion of personal data (right to be forgotten);
● Restriction of processing by the controller or processor of personal data;
● Portability of personal data between individual administrators;
● Objection to the processing of his personal data;
● The data subject is also entitled not to be the subject of a decision based solely on automated processing, including profiling, which has legal consequences for the data subject or similarly affects him to a significant extent;
● Right to judicial or administrative protection in case the data subject’s rights have been violated.
● The user may request deletion if one of the following conditions is true:
● Personal data are no longer needed for the purposes for which they were collected or otherwise processed;
● The user withdraws his consent on which the data processing is based and there is no other legal basis for the processing;
● The user objects to the processing and there are no legal grounds for processing to take precedence;
● Personal data has been processed illegally;
● Personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller;
● Personal data was collected in connection with the provision of information society services to children and the consent was given by the parent responsible for the child.
The user has the right to restrict the processing of his personal data by the administrator when:
● Challenge the accuracy of personal data. In this case, the restriction of processing is for a period that allows the controller to verify the accuracy of personal data;
● The processing is illegal, but the User does not want the personal data to be deleted, but instead requires restricting their use;
● The Administrator no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise or protection of legal claims;
● Objects to the processing pending verification of whether the legal grounds of the administrator take precedence over the interests of the User.
● Right of portability – The data subject has the right to receive personal data concerning him which he has provided to the controller in a structured, widely used and machine-readable format and has the right to transfer this data to another controller without hindrance from the controller. to whom the personal data have been provided, where the processing is based on consent or a contractual obligation and the processing is carried out in an automated manner. When exercising its right to data portability, the data subject is also entitled to receive the direct transfer of personal data from one controller to another where this is technically feasible.
● Right to object – Users have the right to object to the controller against the processing of their personal data. The controller of personal data shall be obliged to terminate the processing, unless he proves that there are convincing legal grounds for the processing, which take precedence over the interests, rights and freedoms of the data subject, or for establishing, exercising or defending legal claims. In the event of an objection to the processing of personal data for the purposes of direct marketing, the processing should be stopped immediately.
● Complaint to the supervisory authority – Each User has the right to file a complaint against illegal processing of personal data to the Commission for Personal Data Protection or the competent court.