We, TOMIS Ltd., are committed to protecting your personal data in full compliance with Regulation (EU) 2016/679 “General Data Protection Regulation” and Bulgarian legislation. We recommend that you read this privacy policy, which provides information about how and what personal data we process in our online store, www.tomis.bg, as part of our operations when you contact us regarding the products and services we offer, including through our website.
We reserve the right to periodically update and amend this Privacy Policy to reflect any changes in how we process your personal data. In such cases, we will publish the updated version of the Privacy Policy on our website, so we kindly ask you to periodically check its contents.
TOMIS Ltd. will apply this policy when processing and protecting the personal data of individuals – current and potential users of TOMIS Ltd. services, including sole traders and/or their authorized representatives; individuals – legal representatives of legal entities – current and potential users of TOMIS Ltd. services; visitors to the tomis.bg website.
Through this policy, TOMIS Ltd. establishes, under conditions of transparency and prior notification, the principles, objectives, rules, and rights of the data subjects, in compliance with which the company processes “personal data” of the aforementioned individuals (“data subjects”), in accordance with the cited legal framework.
Third parties – data processors, other administrators, or third parties who may have lawful access to personal data through TOMIS Ltd. must familiarize themselves with and comply with this policy, as well as the relevant provisions of the Regulation and the national legislation of the Republic of Bulgaria, including the subordinate legal framework for its implementation.
Who we are and how to contact us
www.tomis.bg is the online store website of TOMIS Ltd. with UIC: 115555539; address: Plovdiv, Kuklensko Shosse Blvd. No.12, phone: +359 32 678299, email: info@tomis.bg.
For the purposes of data protection legislation, we are the data controller when processing your personal data.
Your opinions are important to us, and we are always ready to provide you with additional information that you may need regarding the processing of your data. Therefore, we offer you the option to contact our data protection officer by email at: info@tomis.bg.
Which categories of personal data do we process?
We collect your personal data, which is provided directly by you, so you decide what kind of information to share with us.
What personal information do we collect?
For creating a profile in the online store, managing access, and identifying your profile:
- For individuals: first and last name, contact phone number, delivery address, email address, preference for receiving a free newsletter.
- For legal entities: name of the legal entity, CEO, UIC, VAT number, registration address, contact phone number, delivery address, contact person, industry the legal entity belongs to, preference for receiving a free newsletter.
For orders and/or delivery agreements, issuing invoices, and processing them: the product you selected, payment method used, payment amount, products, purchase date, delivery method. Other data may be required, which is mandatory according to applicable legislation.
We do not collect or otherwise process sensitive data included in special categories of personal data in the General Data Protection Regulation. Additionally, we do not wish to collect or process data from minors under the age of 16.
What are the purposes and legal grounds for processing?
We will use your personal data for the following purposes:
1. Providing goods and services for your benefit
This general purpose may include, where necessary:
- processing orders, including accepting, dispatching, and invoicing them;
- resolving issues related to order cancellations or any other issues with orders, purchased goods or services;
- returning products in accordance with legal provisions;
- refunding the value of products according to legal provisions;
- assisting, including answering your questions related to your orders.
Processing your data for these purposes is generally necessary for the conclusion and performance of a contract between TOMIS Ltd and you. Additionally, processing for these purposes is required according to applicable legislation, including tax and accounting laws.
2. Improving our services
Our goal is always to provide you with the best experience during your recovery and online shopping. To this end, we may invite you to fill out satisfaction surveys after completing an order or conduct market research and surveys, directly or with the help of partners.
We base these activities on our legitimate interests in conducting business while always ensuring that your fundamental rights and freedoms are not affected.
3. Marketing
To make your visits to our site as functional as possible, we use so-called “cookies.” Cookies are small files containing information that are stored in your web browser (data about the language used, connection time, pages visited) or on the hard disk when visiting the site.
Our website uses the following types of cookies to facilitate your navigation:
- Cookies necessary for the functioning of your search, allowing you to use basic functionalities such as managing your “account/shopping cart” and supporting your identification throughout your browsing session;
- Personalizing cookies that allow you to visit web pages in a personalized way based on your previous visits, purchases, etc. They help you find the offers that best suit you faster;
You can configure your web browser to not save cookies or to delete saved cookies. If you want to use these features, please refer to your browser’s developer for assistance.
4. Protection of our legitimate interests
There may be situations in which we use or share information to protect our rights and business activities. These may include:
- Measures to protect the website against cyberattacks;
- Measures to prevent and detect attempts of fraud, including sharing information with competent public authorities;
- Measures for managing various other risks.
The primary reason for these types of processing is our legitimate interests related to protecting our business activities, with the understanding that we ensure all actions we take guarantee a balance between our interests and your fundamental rights and freedoms.
Additionally, in some cases, the processing by us is based on legal provisions, such as the obligation to protect goods and values as provided by applicable legislation.
How long do we keep your personal data?
As a rule, we store your personal data as long as your profile is active or until the warranty period for the purchased goods expires, in case your profile is deleted. You can always request us to delete specific personal information, and we will respond to such requests while retaining certain information when applicable laws or legitimate interests require it.
To whom do we send your personal data?
Depending on the case, we may share or grant access to some of your personal data to the following categories of recipients:
- Courier service providers;
- Payment/ banking service providers.
If we are required by law or if it is necessary to protect our legitimate interests, we may disclose certain personal data to public authorities.
We ensure that access to your data by private entities – third parties is carried out in accordance with the legal provisions in the field of data protection and information confidentiality, based on contracts concluded with them.
To which countries do we transfer your personal data?
Currently, we store and process your personal data in Bulgaria.
How do we protect the security of your personal data?
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures.
We store your data on secure servers using the latest encryption algorithms and ensure the storage of backup copies.
Despite the measures we take to protect your personal data, we are aware that transmitting information over the internet or other public networks is not completely secure, and there is a risk that data may be viewed and used by unauthorized third parties. We cannot take responsibility for vulnerabilities in systems not under our control.
What are your rights?
The General Data Protection Regulation recognizes several rights related to your personal data. In this regard, you have the following rights concerning your personal data processed by us:
- Right to information;
- Right to access your personal data;
- Right to correction;
- Right to deletion;
- Right to restrict processing;
- Right to data portability;
- Right to object to the processing of your personal data.
The right to information is provided through the brief, understandable, and easily accessible information presented in this document concerning the processing. Additional information related to the processing of your personal data, as required by applicable legislation, can be obtained as a data subject by submitting an electronic request to the email address of TOMIS Ltd.
The rights of data subjects are interpreted as defined in Chapter Three of Regulation (EU) 2016/679. In case of complaints regarding the exercise of the rights listed above, the data subject has the right to request a review of their case, and if the review is denied, to file a complaint with the supervisory authority – the Personal Data Protection Commission.
You can request access to your data, correction of errors in our files, and/or raise objections regarding the processing of your personal data. You also have the right to file a complaint with the competent supervisory authority or in court. Depending on the case, you may also have the right to request the deletion of your personal data, restriction of data processing, and data portability.
How do we protect your rights?
We process your personal data solely in accordance with the aforementioned purposes and periods. Our website has a high level of security as all data is encrypted through SSL. You can withdraw your consent for personal data processing at any time by contacting us at info@tomis.bg.
What measures do we take to protect your data?
We ensure maximum protection for all individuals when providing their data. We do not disclose your personal data without your explicit consent. Once the processing period for your personal data expires, it will be permanently deleted and will not be used in the future, unless you provide explicit consent.
Contact
If you have any questions regarding the Privacy Policy, you can contact us via email at info@tomis.bg or by phone at 032/678299.