PRIVACY POLICY IN RELATION TO THE PROCESSING OF PERSONAL DATA
This Privacy Policy aims to inform you about how Art Service Ltd. treats your personal data as a controller, as well as how you could control your preferences and settings in relation to this treatment.
What do these Privacy Rules regulate and on what legal basis As of May 25, 2018 , the General Data Protection Regulation (GDPR) will apply in Bulgaria. It was adopted by the European Union and its purpose is to unify the policies of EU member states related to the collection and use of personal data. Another of its purposes is to guarantee our right to privacy, to protect our personal data in order to give more security against misuse of personal information to each of us. The new regulation comes with a number of requirements that Art Service Ltd. applies and which can be found here. Among them are:
- To inform you what data we use.
- To let you know why we use them.
- To ask for your consent in order to use them when we provide additional services such as targeted advertising, for example, on their basis.
- To give you the opportunity to change your consent for various purposes through this site so that you have more freedom.
- To guarantee you the right to request the rectification of your data, its deletion, as well as to “be forgotten”. In addition, we may provide you with the download data or transfer it if you notify us and identify yourself in the appropriate ways.
- To identify any third parties/other companies with whom we exchange your data. Keep in mind that the Internet is a global network, we often use standardized services to log logging in and track behavior in an anonymized variant, for example, Google Analytics.
All data thanks to which a user can be identified is considered personal data. Such can be email, names, mobile phone, residential address, IP address.
What data do we collect from our registered users?
Art Service Ltd. collects specific data from the users of the websites in its portfolio in order to analyze the behavior of its users, as well as to provide them with more relevant content and advertisements, namely the following categories of personal data: From www.artservicebg.com – email address for receiving an invoice and warranty card, IP address, as well as a phone number, address for receiving the shipment, as well as other personal data that is not mandatory for the user to provide during registration, email address for receiving email marketing;
Data collected for all visitors to our websites:
In all websites in our portfolio, we collect data about all visitors – registered users and visitors without registration, namely the following categories of data:
- IP address;
- A user identifier with a high degree of uniqueness;
- Device ID for mobile applications, with a high degree of uniqueness;
- Browser identifier with a high degree of uniqueness;
- History of visited pages, including secondary processing, in order to establish your preferences for certain types of content;
- History of your searches on our pages;
- Some types of behavior – e.g. A list of the ads viewed according to their category and your interaction with them – the availability of the ad in the visible part of your browser; clicks made and more.
- Data collected from reading cookies: When users use our services and portfolio of websites – read news, watch videos, use email and others, among the data that helps us understand how our services work best and to make them even better for you are cookies. They are small text files that are sent from the web server to the browser you are using and stored on your device so that the site can recognize it. There are two types of cookies – persistent and temporary or “session” cookies. Persistent cookies are stored as a file on your computer or mobile device for a longer period of time. Session cookies are temporarily stored on your computer when you visit a site in our portfolio, but are deleted the moment you close the page. Most cookies do not contain sensitive information about you or personal data with which we can directly identify you. You can learn more about cookies here. The purposes for which we use cookies are basically to monitor your behavior in the following areas:
- Track sections in the sites you visit;
- How much time you spend on a site;
- How long you watch a video;
- The ads you have seen and/or interacted with;
- When you visit our sites and the sites of our partners serving our java scripts, etc.
-
LiteCache :
-
Source: WooCommerce Multilingual
-
- WooCommerce Multilingual will use cookies to understand the basket info when using languages in domains and to transfer data between the domains.
- WooCommerce Multilingual will also use cookies to identify the language and currency of each customer’s order as well as the currency of the reports created by WooCommerce. WooCommerce Multilingual extends these reports by adding the currency’s information.
-
YITH WooCommerce Wishlist:
-
- While you visit our site, we’ll track:
- Products you’ve added to the wishlist: we’ll use this to show you and other users your favourite products, and to create targeted email campaigns.
- Wishlists you’ve created: we’ll keep track of the wishlists you create, and make them visible to the store’s staff
We’ll also use cookies to keep track of wishlist contents while you’re browsing our site.
Who on our team has access
- YITH WooCommerce Wishlist:
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Wishlist details, such as products added, date of addition, name and privacy settings of your wishlists
Our team members have access to this information to offer you better deals for the products you love.
-
COOKIES:
- woodmart_popup_*: visitor’s choice to close a promo popup window.
- woodmart_shown_pages: number of visited pages for the promo popup window if this option is turned on.
- woodmart_cookies_*: visitor’s choice to close a cookie notice.
- woodmart_tb_banner_*: visitor’s choice to close a top bar shop banner.
- woodmart_wishlist_hash: visitor’s wishlist content hash. It is required to update the number of wishlist items in the header.
- woodmart_items_in_wishlist: stores items in the wishlist
PHP SESSIONS:
- shop_per_page: visitor’s choice for a number of products per page
- shop_per_row: visitor’s choice for a number of columns per row on the shop page
- shop_view: shop page view – grid or list
To whom we share and disclose your personal data
Sometimes we record some of the information on our servers or send it to third parties. This is necessary so that we can provide you with the best experience when using our services, and sometimes even so that we can ensure the availability and accessibility of the service you use.
Art Service Ltd. does not grant the right to use, sell, disclose or share information about you (personal data within the meaning of the GDPR) with other persons or with unrelated companies, except when it is necessary for us to provide you with services requested by you and when you have provided your permission, or in any of the following cases:
The information is provided to trusted partners who work on assignment by Art Service Ltd. on the basis of contractual relations and under confidential agreements. However, these companies do not have the right to share this information on their own. These companies are, but not limited to:
- Google with its respective products: Google Analytics, Google Tag Manager, DoubleClick for Publishers, AdX, AdSense, Google Case, Google IMA, Google Plus: https://privacy.google.com/# ;
- Facebook with the relevant products: Facebook Tracking Pixel, Facebook Tools – Plug-in “like” button, Sign in with Facebook profile, etc.: https://www.facebook.com/privacy/explanation;
- Mail Chimp: https://mailchimp.com/legal/privacy/ ;
- Twitter widgets: https://twitter.com/en/privacy ;
- Cloudflare CDN;
- Open Graph;
- Instagram: https://help.instagram.com/155833707900388;
- Pinterest: https://policy.pinterest.com/en/privacy-policy.
The information is in compliance with the lawful prescriptions of court orders on legitimate requests from authorized bodies (under the Electronic Communications Act, the Criminal Procedure Code, the Criminal Code, etc.). If you do not want us to send the information to some of our partners, you can withdraw your consent here.
Information protection
When we store the information with us, it is physically stored on our own servers, colocated in data storage centers on the territory of the Republic of Bulgaria. When selecting our partners for server colocation, we make a detailed check of their certification, requiring, for example, meeting the following industry standards:
ISO/IEC 27001:2013 Information security certificate PCI DSS 3.2 compliance (chapter 9 and 12) ISO 9001:2008 ISO 27001:2013 BS OHSAS 18001:2007
Meeting these standards guarantees maximum security of our users’ data. We restrict access to information about you by employees acting under the authority of Art Service Ltd., except in cases where there are reasonable grounds to handle this information in order to provide services to you or in connection with the performance of work duties by these employees. We have physical, electronic, and procedural safeguards in place that comply with our legal obligations regarding the protection of information about you.
Data transfer
Some of our partners may transfer data outside the EEA where an adequacy determination is in place, for example in the case of the EU-U.S. Privacy Shield. For more information, you can check out the privacy policies of our partners.
How long we keep the information
The storage of data continues for as long as we have grounds for storing it. For example, one of our users has given their consent to us collecting and processing information about them. We apply the following storage periods for the different types of personal data according to their purpose, namely: For the purpose of measuring the user behavior of the sites in our portfolio – according to the validity period of the respective cookie; For the purposes of behavioral targeting – no more than 1 (one) year. With regard to traffic data, the Electronic Communications Act applies and the data is stored for 6 months. These data are transferred to the specialised bodies and institutions only in compliance with legal provisions and with due grounds.
Rights of data subjects under GDPR
Right of access to your personal data: you have the right to obtain confirmation from us whether personal data is being processed about you and, if so, you have the right to access personal data and information. Right to rectification of personal data: if you find that the personal data we process about you is inaccurate, you have the right to have us correct this personal data. Right to erasure of personal data (right to be forgotten): in certain circumstances, such as if your personal data has been processed unlawfully or you have withdrawn your consent (if the processing of personal data is based on consent), you have the right to request and obtain erasure of your personal data by us. Right to restriction of processing: in certain circumstances, such as if you have doubts about the accuracy of your personal data or have objected to our legitimate purpose of processing your personal data, you have the right to request that we restrict the processing of your personal data until a solution is found. Right to object to processing: in certain circumstances, such as if you have doubts about our legitimate interest in processing your personal data, you have the right to object, for reasons related to your particular situation, to such processing. Right to data portability: if your personal data is processed by automatic means with your consent or for the purpose of fulfilling our contractual relationship, you have the right to request that we provide you with your personal data in a machine-readable format for transfer to another data controller. Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint regarding the processing of your personal data by us with the relevant supervisory authority.
Contacts:
Administrator: Art Service EOOD UIC 130749946, ul. 6 Trapezitsa Street, Sofia 1000, Bulgaria, tel. +359 894 601 650 /Data Protection Officer/ Data Protection Officer: Ivan Ilchev; email: gdpr@artservicebg.com