1. Introduction
This privacy and data protection policy regulates how Snowdrop Biolabs Ltd, collects, processes and stores personal data in accordance with the requirements of the “General Regulation on Data Protection” – Regulation (ЕС) 2016/679, the Law on the Protection of Personal Data, the personal data of the Republic of Bulgaria and other normative Bulgarian or international acts.
This policy provides information on how and what types of personal data we collect from and about you, why we need it, to whom it can be provided or disclosed, and how it is protected. Please read them carefully. Providing your personal data to “Snowdrop Biolabs” Ltd., whether electronically or on paper, You accept and agree to the practices described in this Privacy and Privacy Policy. If you have any questions regarding this policy, please contact the Security Officer, and if you do not agree with any of the terms contained in the privacy policy, we do not recommend the use of products. and services provided by “Snowdrop Biolabs” Ltd., for which it is mandatory to provide your personal data.
This policy is an integral part of the General Terms and Conditions of Use of the website www.snowbornskin.com (the “Website”).
It is important to know that:
By registering on the site www.snowbornskin.com you agree with the Policy and explicitly confirm that you accept it.
If you do not wish to process your Personal Data in the manner described in the Policy, please do not provide it to us. The provision of personal data is voluntary, with a view to using the services of the site www.snowbornskin.com and access to them. Your refusal to provide the necessary Personal Data for the use of the services on our site would mean a refusal to use the relevant services or to access www.snowbornskin.com
In certain cases, your explicit consent to the processing of Personal Data may not be necessary if there is another legal basis, for example: compliance with the legal obligations of the Administrator; need to perform a contract, etc.
The control body regarding the protection of personal data is: the Commission for Personal Data Protection.
2. Information about the Personal Data Administrator
Administrator of personal data is: “Snowdrop Biolabs” Ltd., a company registered under the laws of the Republic of Bulgaria with UIC: 204801983, with registered office and address of management: Sofia, Lozenets district, 47 Gorski Patnik Str. 5th floor, contact email: security@snowbornskin.com (“Administrator”).
In case you believe that we are violating your rights related to the processing of your personal data and in accordance with the requirements of the “General Data Protection Regulation” – Regulation (EU) 2016/679 you have the right to file a complaint to the Protection Officer of personal data – by e-mail to security@snowbornskin.com, to file a complaint to a supervisory authority and seek protection in court.
3. Legal basis. Principles of personal data processing.
This Privacy and Data Protection Policy (the “Policy”) is issued on the basis of the Personal Data Protection Act and its implementing regulations and the General Data Protection Regulation – Regulation (EU) 2016/679 (“GDPR ”).
Bulgarian legislation and the GDPR provide rules on how Snowdrop Biolabs Ltd. must collect, process and store personal data.
In order for the processing of personal data to be in accordance with the legal requirements, the personal data are collected and used lawfully, the necessary security of the processing operations is ensured and Snowdrop Biolabs Ltd. has taken the necessary measures to prevent the processed personal data from being illegally disclosed. According to the basic principles followed by Snowdrop Biolabs Ltd., your personal data is
collected for specific, explicit and legitimate purposes and not further processed in a way incompatible with those purposes (“limitation of purposes”);
appropriate, related to and limited to what is necessary in relation to the purposes for which they are processed (“data minimization”);
accurate and kept up to date; Snowdrop Biolabs Ltd. has taken all reasonable measures to ensure the timely deletion or correction of inaccurate personal data, taking into account the purposes for which they are processed (“accuracy”);
stored in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed; (“Storage restriction”);
processed in a way that ensures an adequate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organizational measures (“integrity and confidentiality”);
“Snowdrop Biolabs Ltd. is responsible and able to prove that it complies with the basic principles related to the processing of personal data (“reporting”).
4. Validity and action
We reserve the right to make changes to this Policy at any time. The new versions will be published on the Website. In case you have a registration, you will be notified of such changes at the email address you provided. If you are a user who has provided access to your personal data without registration (when sending an order or inquiry) you will be notified of changes to the email address specified in the process of using the services of the Website.
If you do not agree with changes to this Policy, you should notify us in writing, after which your Account will be deleted.
The Policy published here is applicable and valid for registered and unregistered users of the Administrator’s services available through the Website. This Policy does not apply to other websites, social networks, platforms or companies that are not controlled by the Administrator, but to which they refer or are connected, directly or indirectly, the services and resources provided through the Website.You should be informed that all of these websites, social networks, platforms or companies have their own privacy policies and that we are not responsible for them. You should read the privacy policies of other websites, social networks, platforms or companies before providing personal data through them. This Policy defines how your personal data that you provide to us through the Website in the process of using its services are processed. and resources.
Accessing, viewing and using in any way the services and resources on the Website requires confirmation that you are familiar with, understand the meaning and significance and agree to be bound by this Policy. Before accessing the Services on the Website, you must express your explicit consent to the processing of your personal data in accordance with this Policy. You can give your consent to the above actions by clicking on the option “I agree to my personal data to be used in accordance with this Privacy Policy.” when registering on the Website, when sending an order without registration or when sending an inquiry through the contact form available through the Website.
The collection, processing and storage of personal data of users of the Website is carried out in accordance with the requirements of Regulation (ЕС) 2016/679 on personal data protection (GDPR) and the applicable current Bulgarian and European legislation.
We reserve the right to make changes to this Policy at any time. The new versions will be published on the Website. In case you have a registration, you will be notified of such changes at the email address you provided. If you are a user who has provided access to your personal data without registration (when sending an order or inquiry) you will be notified of changes to the email address specified in the process of using the services of the Website.
If you do not agree with changes to this Policy, you should notify us in writing, after which your account will be deleted.
5. Definitions
“Personal data” means any information relating to an identified natural person or an identifiable natural person (“data subject”); an identifiable natural person is an identifiable person, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more features specific to the natural, the physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual;
“Processing” means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as the collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure, disseminating or otherwise making the data available, arranging or combining, restricting, deleting or destroying.
6. Categories of processed personal data, purposes of processing, retention period
According to the way they use www.snowbornskin.com we collect the following data and information from you:
Visitors
A visitor is any person who loads the website in his web browser www.snowbornskin.com or visits various sections and pages of it (whether by directly entering the e-mail address in the browser, or by a link from another website or resource).
Categories of data that are processed: online identifiers stored in local cookies in the visitor’s device / browser; location data provided by the visitor; Country / city data based on the IP address of the user device, an integral part of the information received from each website; information about actions performed by the subject of the site; preferences of the subject regarding specific aspects and settings of the platform’s functionalities; information about the type of browser / device used.
Objectives of the processing: providing basic and auxiliary functions necessary for the correct and full functioning of the site; counting the site traffic;
The website uses cookies. Cookies are small text files that are stored on your computer or mobile device when you visit a website. They allow the website to store your actions and preferences (such as username, language, font size and other display settings) for a certain period of time so that you do not have to enter them every time you visit or navigate from the Website. one page to another.
With the help of cookies, the web server can save, for example, the preferences and settings of the user’s computer, mobile phone or other device, which data is automatically restored on the next visit. Cookies are used, among other ways, to improve the user experience, such as not repeating the login process on a subsequent visit.
We use the following types of cookies: Session cookies – allow the Website to link the actions of the User during the browser session. They can be used for various purposes, such as storing user preferences while browsing the Website. They could also be used for security when the User has access to Internet banking or to facilitate the use of web-based mail. Session cookies expire after the browser session and are not stored in the long run.
Persistent cookies – are stored on the User’s device between browser sessions, which allow the User’s preferences or actions throughout the Website (and in some cases on different sites) to be stored. Persistent cookies can be used for a variety of purposes, including user preferences and choices when using a website or to target advertising.
First & Third Party Cookies – First party cookies are those that are placed on the Website, which is selected for visiting by the User. Some of the content on the Website may be from a third party provider (eg a video or advertisement). These third parties may also set cookies through the Website. These are “third party cookies”. Third party providers are responsible for complying with applicable law and their own cookie policy.
Each User has the option to enable or disable the use of cookies by selecting one of the following buttons when making initial access to the Website: I accept cookies / Reject cookies.
You should be informed that there are certain categories of cookies that are necessary for the complete and quality provision of services on the Website. These are the so-called strictly necessary cookies, the use of which cannot be denied by clicking the “I refuse cookies” button when initially accessing the Website. They are necessary for the normal and complete functioning of the Website, and without them the provision of our services is impossible. If you disable their use through your browser settings, your access to the Website, its services and resources may be partially or completely restricted.
Users also always have the option to enable and disable cookies by changing their browser options. Learn more about cookie settings in a specific browser here:
Cookie settings in Google Chrome
Cookie settings in Firefox
Cookie settings in Internet Explorer
Cookie settings in Safari
The refusal of cookies by the User may result in limited functionality or inability to use the services of the Website
The website uses the marketing services of Google Analytics for Display, in particular the remarketing service. This service is the redirection of advertisements and ads to users who have already visited the Website. You may opt out of viewing Google Analytics for Display ads and advertisements and your exposure to Google Display Network ads and advertisements. To do this, visit the Ads Preferences Manager (https://www.google.com/settings/ads/onweb/) and install the Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage) / gaoptout /).
The Website uses remarketing for the purposes of online advertising, which means that users who have not been denied access to the Google Display Network in the above ways may be exposed to advertisements and advertisements from the Website on the Google content network. Third parties such as Google or Facebook may display advertisements and advertisements on the Website on sites in their content network, which contributes to the optimization of advertisements based on information obtained from previous visits of users to the Website.
E-mail subscribers
E-mail subscriber is any Visitor who has subscribed to an electronic e-mail newsletter on the site, to receive e-mail letters containing information from the site, commercial offers and others. The electronic e-mail newsletter is sent directly to the subscriber by the Administrator, without the use of external intermediary services.
Categories of data to be processed: e-mail address
Purposes of processing: Providing the possibility and servicing of electronic subscriptions (e-mail newsletters), for which visitors subscribe (subscribe) – to receive by e-mail information from the site, commercial offers and others.
Registered users
A registered user is any Visitor who has registered on the sitewww.snowbornskin.com by entering a name, surname, address, telephone number, e-mail address and password, with which action you create your profile / account.
Categories of data that are processed: Name and surname, address, telephone number, e-mail address, IP address;
Purposes of processing: Providing the possibility and support for the user to register his account, facilitating the use of services through the site, such as: concluding distance sales contracts and maintaining a user profile.
Consumers-buyers
User-buyer is any Visitor and / or Registered user who through the technical means of the site has concluded a Contract for distance sales with the administrator (trader).
Categories of data that are processed: name and surname, address, telephone number, e-mail address, IP addresses, information about purchases made, information about actions performed on the site by the subject.
Purposes of processing: concluding and executing a distance sales contract;
Your personal data that we collect is stored on servers located in the territory of the Republic of Bulgaria.
We store your personal data for the period in which you are a registered active user of the Website, and for a period not longer than necessary to achieve the above objectives, or until the termination of the Services and / or the Website.
In the event that you wish to delete your Account on the Website, the personal data stored about you will be deleted without undue delay.
Exceptionally, the law allows further retention of personal data only in cases where it is necessary to exercise the right to freedom of expression and the right to information, to comply with a legal obligation, to perform a task of public interest or in case of performing official functions assigned to us in our capacity as Administrator, for reasons of public interest in the field of public health, for the purposes of archiving in the public interest, for the purposes of scientific or historical research, or for statistical purposes, or for establishment, exercising or defending legal claims.
We do not collect personal data that:
The Administrator will delete any information submitted by or relating to users who are known to be under the age of 16 and have not obtained the consent of their parents or legal guardians to use the Website, the Services and the Content.
7. Access to personal data
Your personal data will not be transferred to third parties unless:
Our employees and partners have access to your personal data for the purposes of maintaining the Website and the Services, but they are bound by an obligation to maintain confidentiality with respect to the data to which they have access in connection with the performance of this activity.
Our employees and partners are duly informed of the importance of their obligation of confidentiality and are responsible for fulfilling this obligation.
We may share non-personally identifiable information with our sales partners (media, marketing agencies and other business partners who have agreed to abide by this Policy) in order to provide with your consent information about products and services, as well as promotions. and offers.
For any other purposes not explicitly mentioned in this policy, we will ask for your explicit consent, identifying our partners as well as the purposes for data transfer and sharing.
By virtue of a court decision or an act of authority of a public body, we may be obliged to disclose the identity of a User, especially in the case of investigation of violations of the rights of third parties or illegal acquisition of personal data. In case of disclosure of personal data of a user to a public authority in connection with an investigation or proceedings against him, we are not obliged to notify the user in question.
8. Your rights in connection with the processing of your personal data
Right of access
You have the right to access the personal data we hold about you. You can exercise this right by sending us an explicit request to the following email address: privacy@snowbornskin.com
Right of correction
In the event that we process incomplete or erroneous / erroneous data, you have the right, at any time, to request that we correct or supplement them by sending an explicit request to the following email address: privacy@snowbornskin.com
Right to delete
You can request the deletion of personal data concerning you in the event that we process this data without a legal basis by sending an explicit request to the following email address: privacy@snowbornskin.com
Please note that there may be reasons why the deletion may not be performed immediately due to a regulatory requirement to retain the data.
Right to limit processing
You can request the deletion of personal data concerning you in the event that we process this data without a legal basis by sending an explicit request or to the following email address: privacy@snowbornskin.com
Please note that there may be reasons why the deletion may not be performed immediately due to a regulatory requirement to retain the data.
Right to data portability
You have the right to request the transfer of your personal data to another administrator by sending an explicit request to the following email address: privacy@snowbornskin.com
Right to object
You have the right at any time to object to the processing of your personal data by sending an explicit request or to the following email address: privacy@snowbornskin.com
Right to appeal
In case you believe that we are violating the applicable regulations, please contact us to clarify the issue. Of course, you have the right to lodge a complaint with the Data Protection Commission. You can also lodge a complaint with a regulatory body within the EU.
Right to object to processing for direct marketing purposes due to our legitimate interest
When we process personal data due to our legitimate interest for the purposes of direct marketing, you have the right at any time to object to the processing of personal data relating to you for this type of marketing, which includes profiling insofar as it relates to direct marketing.
You also have the right to be informed before your personal data is first provided to third parties for direct marketing purposes, or when used on behalf of third parties. You have the right to object to this transfer or use without owing anything.
For issues related to personal data protection, the supervisory authority is:
Commission for Personal Data Protection, address: Sofia, 1592, Tsvetan Lazarov Blvd. 2, Тел. +359 2 915 3580 Fax +359 2 915 3525, e-mail: kzld@cpdp.bg, Website: http://www.cpdp.bg/.
9. Technological and organizational measures for security of processing. Risks
Our goal is to guarantee the quality and integrity of the data provided to us by the users of the Website. To this end, adequate technological and organizational measures have been taken, which contribute to the protection, accuracy, timeliness and completeness of the data.
All information you provide to us is stored on SSL-encrypted servers. We apply the appropriate technological and organizational measures necessary to protect and integrate data and prevent the destruction, loss, unauthorized alteration or unauthorized disclosure of personal data.
In the event that we provide you with a password to access the Website, you accept and agree that you are responsible for the protection and confidentiality of this password. Under no circumstances will we ask you to provide this password to others.
Regardless of the measures taken to protect your data, you should be informed that the transmission of data over the Internet or other open network is never completely secure and there is a risk that third parties will gain unauthorized access to and use of your data.
This Policy is effective from 24.04.2019 and is in accordance with the requirements of Regulation (ЕС) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation).
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
