Privacy Policy

Privacy and Personal data protection policy

1.Introduction.

This Privacy and Data protection Policy governs how “Snowdrop Biolabs”Ltd. collects, processes and stores personal data in accordance with the requirements of the General Data Protection Regulation – Regulation (EC) 2016/679), the Protection of Personal Data Protection Act the personal data of the Republic of Bulgaria and other normative Bulgarian or international acts.

This policy provides information on how and what types of personal data we collect from and for you, why we need it, whom we can provide or disclose it, and how they are protected. Please read them carefully. By providing your personal data to “Snowdrop Biolabs”Ltd., whether electronically or on paper, you accept and agree to the practices described in this Privacy and Data protection Policy. Please contact a Data Protection Officer if you have any questions about this policy and if you do not agree with any of the Privacy and Data protection Policy terms, we do not recommend using any products and services provided by “Snowdrop Biolabs”Ltd. for which you are required to provide your personal data.

This policy is an integral part of the General terms of www.snowbornskin.com website (the “Website”).

 

    It is important to know that:

  • By registering on www.snowbornskin.com you agree to the Policy and expressly acknowledge that you accept it.
  • If you do not wish to process your Personal Data as described in the Policy, please do not provide it to us. The provision of Personal Data is at your will, in order to use and access the services of www.snowbornskin.com. Your possible refusal to provide the necessary Personal Data to use the services of our site would mean a refusal to use the relevant services or access www.snowbornskin.com
  • In certain cases, your explicit consent to the processing of Personal Data may not be necessary if another legal basis is available, for example: compliance with the legal obligations of the Administrator; need for contract implementation, etc.
  • The controlling authority regarding Personal Data protection is: Personal Data Protection Commission.

2.Information about the personal data adnimistrator

Personal Data Administrator is: “Snowdrop Biolabbs” Ltd., a company registered under the legislation of the Republic of Bulgaria with UIC /Unified identification Code/: 204801983, with headquarters and  management address: Sofia, Lozenets district, 47 “Gorski Pathnik”, floor 5, email: office@snowbornskin.com (“Administrator”).

If you believe that we are violating your rights relating to the processing of your personal data and in accordance with the requirements of the General Data Protection Regulation – Regulation (EC) 2016/679, you have the right to submit a complaint to the Data Protection Officer – by email to privacy@snowbornskin.com  file a complaint to controlling authority and seek legal protection.

 

3.Legal ground. Principals of Personal data processing.

This Privacy and Personal Data protection Policy (“Policy”) is issued based on Personal Data Protection Act and the implementing regulations and the General Data Protection Regulation – Regulation (EC) 2016/679 (“GDPR “).

Bulgarian law and the GDPR provide rules on how “Snowdrop Biolabs”Ltd. should collect, process and store personal data.

In order for personal data to be processed in accordance with legal requirements, personal data are collected and used lawfully, the necessary security of the processing operations is ensured and “Snowdrop Biolabs”Ltd. has taken the necessary measures to prevent the unauthorized personal data disclosure. According to the basic principles observed by “Snowdrop Biolabs”Ltd., your personal data is:

  • processed in a lawful, conscientious and transparent manner with respect to the data subject (“lawfulness, conscientiousness and transparency”);
  • collected for specific, explicit, and legitimate purposes and not further processed in a way inconsistent with these goals (“goals limitation”).
  • relevant, related and limited to what is necessary for the purposes for which they are being processed (“reducing the data to a minimum”);
  • accurate and up-to-date;
  • Snowdrop Biolabs Ltd. has taken all reasonable steps to ensure the timely erasure or correction of inaccurate personal data, taking into account the purposes for which they are processed (“accuracy”);
  • stored in a form that allows the data subject to be identified for a period no longer than necessary for the purposes for which the personal data are processed; (“storage limitation”);
  • processed in a way that ensures an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures (“integrity and confidentiality”);
  • “Snowdrop Biolabs”Ltd. is responsible and able to prove that it complies with the basic principles related to the processing of personal data (“accountability”).
  •  

4.Validity and effect

We reserve the right to make changes to this Policy at any time. The new versions will be published on the Website. If you have a registration, you will be notified of such changes at the email address you provided. If you are a user who has granted access to your personal data without registration you will be notified of the changes to the email address specified in the process of using the services of the Website.

If you do not agree with the changes to this Policy, you should notify us in writing about this, after that your account will be deleted.

The Policy posted here is applicable and applies to registered and non-registered users of the Administrator’s services available through the Website. This Policy does not apply to other websites, social networks, platforms, or companies that the Administrator does not control but to which they directly or indirectly refer to the services and resources provided through the Website. You should be informed that all such websites, social networks, platforms or companies have their own personal data protection policies for which we are not liable. You should become acquainted with the privacy policies of those other websites, platforms and companies before providing your personal data to them.

 

The access, browsing and use in any way of the services and resources on the Website requires confirmation that you are familiar with, understand the meaning and meaning and agree to be bound by this Policy. Before accessing the Services on the Website, you should express your explicit consent to process your personal data under this Policy. You can give your consent to the above actions by clicking on “I agree my personal data to be processed under the Privacy and Personal data protection Policy.”

The collection, processing and storage of the personal data of the users of the Website shall be done in accordance with the requirements of the GDPR (General Personal Data Protection Regulation 2016/679) and the applicable Bulgarian and European legislation.

5.Definitions.

  • “personal data” means any information relating to an identifiable natural person or a natural person (“data subject”); an identifiable person is a person who can be identified, directly or indirectly by an identifier such as name, identification number, location data, online identifier or one or more signs specific to the physical, physiological, genetic, mental, mental, economic, cultural or social identity of that individual.
  • “processing” means any operation or set of operations performed with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission , dissemination, or other means by which data becomes available, arranged or combined, restricted, deleted or destroyed.
  •  

6. Categories of personal data processed, processing purposes, storage period

Според начина, по който използвате www.snowbornskin.com събираме от Вас следните данни и информация:

According to the way you use www.snowbornskin.com, we collect the following data and information from you:

  • Guests

A guest is any person who loaded his web browser website www.snowbornskin.com or visited its various sections and pages (whether by directly entering the email address in the browser or via a link from another web site or resource).

Categories of data to be processed: online identifiers stored in local cookies in the visitor’s device/browser;  location data specified by the visitor; Country/city data based on the IP address of the user’s device, an integral part of the information received from each web site; information about actions taken by the subject in the website; subject preferences on specific aspects and settings on the platform’s functionality; information about the type of the browser/device used.

Purpose of processing: providing basic and ancillary functions necessary for the correct and complete functioning of the site; counting site attendance.

The Website uses cookies. A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

This website uses the following types of cookies:

“session cookies” which are erased when the user closes the browser;

  • “persistent cookies” which remain on the user’s computer/device for a pre-defined period of time;
  • “first-party cookies” which are set by the web server of the visited page and share the same domain;
  • “third-party cookies” stored by a different domain to the visited page’s domain. This can happen when the webpage references a file, such as JavaScript, located outside its domain.

Every user has the option to accept or refuse the use of cookies by clicking on one of the available options when accessing the Website for the first time: “Accept”/”Refuse” the use of cookies.

You should be informed that there are certain types of cookies that are required for complete and quality services provided by the Website. They are necessary for the normal and complete functioning of the Website and without them the provision of our services becomes impossible. In case you forbid the use of such cookies through your browser’s settings, it is possible that your access to the Website, its resources and services will be partially or completely restricted.

Users always have the option to enable and disable cookies by changing the settings of their browser. To learn more on cookie settings for a specific browser, you can read here:

  • Cookie settings in Google Chrome

  • Cookie settings in Firefox

  • Cookie settings in Internet Explorer

  • Cookie settings in Safari

You should be informed that declining the use of cookies by the User may result in disruptions in the functionalities and the Services of the Website.

The Website uses the marketing services of Google Analytics for Display, more specifically the remarketing service. This service allows the targeting of advertisements to visitors of the Website. You have the right to block advertisements from Google Analytics for Display and your exposure to advertisements from the Google Display Network. To do so, visit the Ads Preferences Manager (https://www.google.com/settings/ads/onweb/) and install the Analytics Opt-out Browser Add-on (https://tools.google.com/dlpage/gaoptout/).

The Website uses remarketing for the purposes of online advertising, which means that users who did not refuse Google Display Network’s access in one of the abovementioned methods, may be exposed to advertisements of the Website in Google’s content network. Third parties like Google or Facebook may display advertisements of the Website in the websites from their content network which contributes to the optimization of advertising based information, received from previous visit by users on the Website.

  • E-mail subscribers

An e-mail subscriber is any User who has subscribed to an e-mail newsletter on the site for receiving emails containing information from the site, commercial offers, and more. The e-mail newsletter is sent directly to the subscriber by the Administrator, without the use of external services.

Categories of data to be processed: e-mail address

Purpose of processing: Ensure the ability and service of electronic subscriptions (e-mail newsletters) for which visitors are subscribed – to receive e-mail information from the site, offers and more.

 

  • Registered users

A registered user is any user who has made a registration on www.snowbornskin.com by entering a name, surname, address, phone number, e-mail address, and password to create an profile/account.

Categories of data to be processed: Name and surname, address, phone number, e-mail address, IP address;

Purpose of processing: Enabling a possibility the user to register an account, facilitating the use of services through the site, such as: signing distance sales contracts and maintaining a profile.

 

  • User-buyers

User-buyer is any User and/or Registered user who, through the technical means of the site, has entered into a distance sales contract with the administrator (trader).

Categories of data to be processed: name and surname, address, phone number, e-mail address, IP addresses, purchase information, site activity information.

Purpose of processing: conclusion and implementation of a distance sales contract;

You should be informed that declining the use of cookies by the User may result in disruptions in the functionalities and the Services of the Website.

 

  • E-mail subscribers

An e-mail subscriber is any User who has subscribed to an e-mail newsletter on the site for receiving emails containing information from the site, commercial offers, and more. The e-mail newsletter is sent directly to the subscriber by the Administrator, without the use of external services.

Categories of data to be processed: e-mail address

Purpose of processing: Ensure the ability and service of electronic subscriptions (e-mail newsletters) for which visitors are subscribed – to receive e-mail information from the site, offers and more.

The personal data we collect about you will be stored on servers located within the Republic of Bulgaria.

We shall store the personal data provided by you for a period not longer than necessary for the accomplishment of the above mentioned purposes or until the termination of the Services and/or the Website.

In case you want to delete your account on the Website, all of the data we store about you, will be deleted without delay.

By exception, we are entitled to further retention of the personal data where it is necessary, for exercising the right of freedom of expression and information, for compliance with a legal obligation, for the performance of a task carried out in the public interest or in the exercise of official authority vested in us in our capacity of Controller, on the grounds of public interest in the area of public health, for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes, or for the establishment, exercise or defence of legal claims.

We do not collect personal data which:

  • reveals racial or ethnic background;
  • reveals political, religious or philosophic beliefs;
  • reveals membership in political parties or organizations or other religious, philosophical, political or syndicate structures;
  • is regarding the user’s health condition, sex life or the human genome unless in the cases when a signal for unwanted side effects as a result of the use of the cosmetics is received;
  • is provided by users under the age of 16 without the consent of their parents or legal guardians. The Administrator will delete all information provided by or regarding users who are under the age of 16 and did not receive the consent of their parents or legal guardians for the use of the Website, its services and content.

 

7. Access to personal data

Your personal data will not be transferred to third parties, unless:

  • we have your express authorization for this;
  • the third parties in question provide support to us, under an agreement, for the supply of our products or the provision of our services to you;
  • it is required by law or when requested by a public authority;
  • when this is necessary to protect the rights, property and security of users of the Website or other public interest; or
  • in connection with the sale of a business, our company or its assets, subject to confidentiality obligations.

Our employees and consultants will have access to your personal data for the purposes of managing the Website and services, but they are bound by a confidentiality obligation regarding the data to which they have access as part of the relevant operations.

Our employees and consultants are duly informed of the importance of the compliance with such confidentiality legal duty and are liable for the compliance with that obligation.

We may share data which does not identify you personally with our market partners (medias, marketing agencies and other business partners who have accepted to be bound by this Policy) with the purpose of providing you, after receiving your consent, with information regarding products and services, as well as promotions and offers.

For any other purpose not expressly mentioned in this Policy, we will request your explicit consent by identifying our partners as well as the purposes for data transfer and sharing.

We may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. In case of disclosing personal data to a public authority in relation to an investigation or proceedings against a user, we are not obliged to notify said user for this disclosure.

 

8. Your rights in relation to processing your personal data

You are entitled to be informed every time before your personal data is transferred for the first time to third parties for the purposes of direct marketing, or when they are used on behalf of third parties. You are also entitled to object to this transfer or use, at any time and free of charge.

You are also entitled to request that third parties are notified about the rectification, erasure or restriction on the processing of your data so that these third parties comply with the respective request made by you.

In addition, you are entitled to file a complaint with the controlling authority which in Bulgaria, is the Commission for personal data protection (CPDP) with address: 1592 Sofia, 2 “Tsvetan Lazarov” Blvd.

 

  • Right of access

You are entitled to receive access to your personal data stored by us. You may exercise this right by sending us a written request or by notifying us on the following email: privacy@snowbornskin.com

  • Right to rectification

If any of the data we have about you is incorrect or inaccurate, you have the right, at any time, to request to correct them by sending them explicitly may correct it by changing the information on your profile, by sending us a written request or by notifying us on the following email address: privacy@snowbornskin.com

  • Right to erasure

You are entitled to request the complete erasure of your personal data if we process them without legal ground by sending us a written request or by notifying us on the following email address: privacy@snowbornskin.com

Please note that there may be reasons why erasure should not be done immediately due to a regulatory requirement for data retention.

  • Right to restrict processing

You may request a restriction on the processing of your personal data with regard to specific actions on collection, processing or transferring by sending us a written request or by notifying us on the following email address: privacy@snowbornskin.com

You may request third parties who have access to your data to be notified about the rectification, erasure or restriction on the processing of your data so that these third parties to remove all the links, copies or replicas of your personal data.

  • Right to data portability

You are entitled to request the portability of your personal data to another data controller by sending us a written request or by notifying us on the following email address:privacy@snowbornskin.com

  • Right to object

You are entitled to object, at any time, to the processing of your personal data, by sending us a written request or by notifying us on the following email address: privacy@snowbornskin.com

  • Right to appeal

If you believe that we are violating the applicable regulations, you can contact us to clarify the matter. Of course, you have the right to file a complaint with the Personal Data Protection Commission. You can also appeal to a regulatory body within the EU.

  • Right of objection to processing for direct marketing purposes due to our legitimate interest

You are entitled to be informed every time before your personal data is transferred for the first time to third parties for the purposes of direct marketing, or when they are used on behalf of third parties. You are also entitled to object to this transfer or use, at any time and free of charge.

For matters relating to the protection of personal data, the supervisory authority shall be:

Commission for Personal Data Protection, address: Sofia, 1592, 2 Tsvetan Lazarov Blvd., Tel. +359 2 915 3580 Fax +359 2 915 3525, e-mail: kzld@cpdp.bg, Website: http://www.cpdp.bg/.

9. Technical and organizational security measures for processing.  Risks.

Our purpose is to guarantee the quality and integrity of the data provided to us by the users of the Website. For this purpose adequate technical and organizational measures have been taken for the protection, accuracy, up-to-date and completeness of the data.

All the information we receive from you will be stored on SSL secure servers. We will implement technical and organizational measures that are suitable and necessary for your personal data to be protected with an appropriate level of security that will guarantee, in particular, the confidentiality and integrity of the data and prevent the destruction, the accidental or unlawful loss or changes, or the unauthorized disclosure or access of data.

If we have provided you with a password to access the Website, you acknowledge and accept that it is your responsibility to keep this password secret and confidential. We will never ask you to share this password with other people.

Notwithstanding the measures implemented to protect your data, you should be aware that the transfer of data through the Internet or other open networks is never completely secure and there is the risk that your data will be seen and used by unauthorised third parties.

This Policy is effective as of 24.04.2019, and is in compliance with Regulations (ЕС) 2016/679  of the European Parliament and of the Council of 27 April 2016 (General Regulation on data protection).

We are using cookies to give you the best experience. You can find out more about which cookies we are using or switch them off in privacy settings.
AcceptPrivacy Settings

GDPR

 

We are using cookies to give you the best experience. You can find out more about which cookies we are using or switch them off in privacy settings