Information about the company that processes your data:

Picture name: Sybon
UIC/BULSTAT: 205060665
Registered office and registered address. Headquarters and registered office. 1517, Poduyane district, g.k. “Sukhata reka” 91, entrance no. B, et. 3, app. 26
Address for correspondence. Address for correspondence. 1407, g.k. 1407, Krastova Vada str. Akad. Vera Mutafchieva 4, floor 2, app. 6
Phone:
E-mail: hello@foxyni.com
Website: www.foxyni.com

Information on the competent data protection supervisory authority:

Name: Commission for Personal Data Protection
Registered office and registered address. Registered office and registered office: 1592 Sofia Blvd. “1592, Proff. Tsvetan Lazarov” № 2
Address for correspondence. Address for correspondence. “1592, Proff. Tsvetan Lazarov” № 2
Phone: 02 915 3 518
Website: www.cpdp.bg

Sybon (hereinafter referred to as the “Administrator” or the “Company”) carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This information is intended to inform you about all aspects of the processing of your personal data by the Company and the rights you have in relation to this processing.

Basis for collecting, processing and storing your personal data

Art. 1. The controller collects and processes your personal data in connection with the use of the e-shop www.foxyni.com and the conclusion of contracts with the company on the basis of Art. 1, Regulation (EU) 2016/679 (GDPR), in particular on the following grounds:

  • Explicit consent obtained from you as a customer;
  • Performance of the Administrator’s obligations under a contract with you;
  • Compliance with a legal obligation applicable to the Administrator;
  • For the purposes of the legitimate interests of the Controller or a third party;

Purposes and principles of collecting, processing and storing your personal data

Art. 2. (1)We collect and process the personal data you provide to us in connection with your use of the e-shop and entering into a contract with the company, including for the following purposes:

  • creating an account and providing full functionality when using the online store;
  • conclusion and performance of a distance contract;
  • individualization of a party to the contract;
  • accounting purposes;
  • statistical purposes;
  • information security protection;
  • securing the performance of the contract for the provision of the relevant service.
  • sending a newsletter if you wish;

(2) We comply with the following principles when processing your personal data:

  • legality, fairness and transparency;
  • limitation of the purposes of processing;
  • relevance to the purposes of the processing and minimisation of the data collected;
  • data accuracy and timeliness;
  • limitation of storage to achieve the objectives;
  • integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.

(3) In processing and storing personal data, the Controller may process and store personal data in order to protect its following legitimate interests:

  • fulfilling its obligations to the National Revenue Agency, the Ministry of the Interior and other state and municipal authorities.

What types of personal data our company collects, processes and stores

Art. 3. (1) The Company performs the following operations with the personal data provided by you for the following purposes:

  • Registration of a user in the e-shop and execution of a purchase contract at a distance – thepurpose of this operation is to create a profile for using the e-shop to purchase goods and provide contact details for the delivery of purchased goods. Registering and creating an account to use the online shop is not a mandatory step in the provision of the service and it is largely available without creating an account.
    Conclusion of the impact assessmentA: Based on the impact assessment carried out, the operation “Registration of a user in the e-shop and execution of a distance purchase contract” is admissible and provides sufficient guarantees for the protection of the rights and legitimate interests of data subjects in accordance with the requirements of the GDPR.
  • Conclusion and execution of a commercial transaction with a customer or partner –the purpose of this operation is the conclusion and execution of a contract with a commercial partner or customer and its administration. Given the limited scope of the personal data collected and the fact that some of it is collected from publicly available sources, an impact assessment is not necessary.
  • Sending a newsletter– the purpose of this operation is to administer the process of sending newsletters to customers who have indicated that they wish to receive them. Given the limited scope of the personal data collected, it is not necessary to carry out an impact assessment of the operation.
  • Exercising the right of withdrawal or making a complaint –the purpose of this operation is to administer the process of exercising the right of withdrawal or complaint by the customer. Given the limited scope of the personal data collected, it is not necessary to carry out an impact assessment of the operation.

(2) The controller shall process the following categories of personal data and information for the following purposes and on the following grounds:

  • Your personal data(e-mail, name, etc.)
    • Purpose for which the data is collected:1) To contact the user and send information to the user, 2) for the purpose of registering a user in the online store, and 3) for sending a newsletter.
    • Grounds for processing your personal data –By accepting the terms and conditions and registering in the e-shop or placing an order without registration, or by concluding a written contract, a contractual relationship is established between the Administrator and you, on which basis we process your personal data – Art. 1, б. (b) GDPR. Your data for sending the newsletter is processed on the basis of your explicit consent – Art. 1, б. (a) GDPR.
  • Delivery details(names, phone, address, etc.)
    • Purpose for which the data is collected:Performance of the controller’s obligations under a contract for the purchase and delivery of the purchased goods.
    • Grounds for processing your personal data –By accepting the terms and conditions and registering in the e-shop or placing an order without registration, or by concluding a written contract, a contractual relationship is established between the Administrator and you, on which basis we process your personal data – Art. 1, б. (b) GDPR.
  • Additional data provided by you-If you wish to add to your profile, you can fill in your name, surname, phone number.
    • Purpose for which the data is collected:To complete information about the user in their user account.
    • Grounds for data processing:You have provided your explicit consent to the processing of your personal data for one or more specific purposes – 6, par. 1, б. (a) of the GDPR at the time of registration in the online store. The provision of these data is not mandatory for registration in the online store.

(3)The controller shall not collect or process personal data relating to the following:

  • reveal racial or ethnic origin;
  • reveal political, religious or philosophical beliefs, or trade union membership;
  • genetic and biometric data, health data or data on sex life or sexual orientation.

(4) Personal data are collected by the Controller from the persons to whom they relate.

(5) The Company shall not carry out automated decision-making with data.

Art. 4. (1) The Company performs the following operations with the personal data provided by you, as legal representatives or proxies of legal entities – business partners, for the following purposes:

  • Conclusion and execution of a commercial transaction: for the conclusion and execution of a commercial transaction with a commercial company, we process only the full name of the legal representative or the person authorized by the company. Conclusion of the impact assessment:Given the small volume of individuals whose data is processed and the limited amount of personal data collected, an impact assessment is not necessary for this operation.

(2) The personal data are collected by the Administrator from the persons to whom they relate and from the Commercial Register at the Registry Agency.

(3) The Company shall not carry out automated decision-making with data.

Art. 5. The Administrator may use so-called “cookies” for the purposes of providing the full functionality of the website, improving the user experience, statistical purposes, facilitating access, etc., to which you agree by using our website. You can control and/or delete cookies at any time through the settings of the browser you are using. “Cookies do not constitute personal data and are not used to identify visitors and users of the e-shop.

Storage period of your personal data

Art. 6. (1) The controller stores your personal data for a period no longer than the existence of your online shop account. After deleting your account, the Administrator shall take the necessary care to delete and destroy all your data without undue delay or to anonymize them (i.e. to put them in a form that does not reveal your identity).

(2) The controller processes your personal data that you have provided when placing an order without registration in the e-shop until the order is completed, unless you have given your explicit consent when placing the order for your data to be processed for the purposes of improving the service, providing recommended content for you, individual conditions, promotions, as well as for statistical purposes.

(3) The Administrator shall store your personal data provided in connection with online orders for a period of 5 years for the purpose of protecting the legal interests of the Administrator in the event of legal or administrative disputes with users of the online store.

(4) The Controller shall notify you in the event that the data retention period needs to be extended in order to comply with a legal obligation or in view of the legitimate interests of the Controller or otherwise.

(5) The controller shall store the personal data that it is required to keep under applicable law for the relevant period provided for, which may exceed the duration of your account in the e-shop or until the order is completed.

Art. 7. The Controller shall store the personal data of the legal representatives of its business partners for the duration of the performance of the contract, in order to comply with the legitimate interests and legal obligations of the Controller, which may exceed the duration of the concluded contract.

Transfer of your personal data for processing

Art. 8. (1) The controller may, at its discretion, transfer some or all of your personal data to processors for the purposes of processing to which you have consented, subject to the requirements of Regulation (EU) 2016/679 (GDPR).

(2) The controller shall notify you in the event of an intention to transfer some or all of your personal data to third countries or international organisations.

Your rights in the collection, processing and storage of your personal data

Withdrawal of consent to the processing of your personal data

Art. 9. (1) If you do not want your personal data to be processed for marketing and newsletter purposes, you can withdraw your consent to processing at any time by completing the consent withdrawal form in Appendix 1 or by sending us a free text request by email.

(2) Upon receipt of your request, we will send you a letter with detailed instructions for verification as a newsletter recipient and subject of the personal data for which withdrawal of consent has been requested to the email address you have provided for receipt of newsletters and promotional communications.

(3) The withdrawal of consent shall not affect the lawfulness of the processing of personal data that the Controller has carried out up to that point.

Right of access

Art. 10. (1) You have the right to request and obtain confirmation from the Controller as to whether personal data relating to you is being processed by sending a free text request by email.

(2) You have the right to access the data relating to you and the information concerning the collection, processing and storage of your personal data.

(3) Once we receive your request, we will send you a letter with detailed instructions for your verification as the subject of the personal data to which access has been requested, to the email address you used to register or place orders in the e-shop.

(4) After the verification pursuant to par. 3, the Controller shall provide you, upon request, with a copy of the personal data processed relating to you in electronic or other appropriate form.

(5) The provision of access to the data is free of charge, but the Controller reserves the right to impose an administrative fee in case of repetition or excessiveness of requests.

Right of correction or completion

Art. 11. (1) You may correct or complete inaccurate or incomplete personal data relating to you at any time through the “Edit Profile” option.

(2) You may correct or complete inaccurate or incomplete personal data relating to you directly through your profile on the website or by making a request to the Controller by email using the form in Appendix 4 or by making a free text request.

Right to erasure (“being forgotten”)

Art. 12. (1) You have the right to ask the Controller to erase some or all of the personal data relating to you and the Controller has the obligation to erase them without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • You withdraw your consent on which the processing is based and there is no other legal basis for the processing;
  • You object to the processing of personal data relating to you, including for direct marketing purposes, and there are no legitimate grounds for the processing that override;
  • personal data have been unlawfully processed;
  • the personal data must be erased in order to comply with a legal obligation under EU or Member State law to which the Controller is subject;
  • personal data have been collected in connection with the provision of information society services.

(2) The controller is not obliged to erase the personal data if it stores and processes them:

  • to exercise the right to freedom of expression and the right to information;
  • to comply with a legal obligation requiring processing under EU or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • for public health reasons;
  • for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
  • for the establishment, exercise or defence of legal claims.

(3) In order to exercise your right to be forgotten, you need to send by email a request for deletion of your personal data that the Administrator processes by filling in the form in Appendix 2 or by a request in free text, after which the Administrator will send to the email address you used to register or place orders in the e-shop, a letter with detailed instructions for your verification as a user of the shop and subject of the personal data for which the request for deletion is made.

(4) Once we have verified the identity of the person who made the request and the person to whom the data relates in accordance with the instructions sent to you, we will delete any data we process about you in accordance with par. 3.

(5) If there is an order placed by you that is in the process of being processed, the earliest point at which you can request to be “forgotten” is upon successful completion of the order.

Right to restriction

Art. 13. You have the right to request the Controller to restrict the processing of data relating to you by sending us a request in free text by email when:

  • contest the accuracy of the personal data, for a period that allows the Controller to verify the accuracy of the personal data;
  • the processing is unlawful, but you do not wish the personal data to be erased, but only for its use to be restricted;
  • The controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise or defence of legal claims;
  • You have objected to processing pending verification that the legitimate grounds of the Controller override your interests.

(2) Once we receive your request, we will send you a letter with detailed instructions for your verification as a user of the store and subject of the personal data for which a request for restriction of processing has been made, to the email address you used to register or place orders in the e-shop.

(3) After the verification pursuant to paragraph 2, the Company will cease processing your data, but will not remove the posts you have made in the online store, if any.

Right to portability

Art. 14. (1) If you have consented to the processing of your personal data or the processing is necessary for the performance of the contract with the Controller, or if your data is processed in an automated manner, you may:

  • request the Controller to provide you with your personal data in a readable format and transfer it to another Controller;
  • to request the Controller to transfer your personal data directly to a controller designated by you, where this is technically feasible.

(2) You can exercise the right to portability by sending us by email the completed form in accordance with Annex 3 or a request in free text, after which the Administrator will send to the email address you used to register or place orders in the e-shop, a letter with detailed instructions for your verification as a user of the store and subject of the personal data for which the request for portability is made.

(3) After the verification pursuant to paragraph (2), the Company shall send the data it processes for you in XML format to the email address provided by you.

Right to receive information

Art. 15. You may request the Controller to inform you of any recipients to whom the personal data for which rectification, erasure or restriction of processing has been requested have been disclosed. The controller may refuse to provide this information if it would be impossible or would require a disproportionate effort.

Right to object

Art. 16. You may object at any time to the processing of personal data concerning you by the Controller, including if processed for profiling or direct marketing purposes.

Your rights in the event of a data breach

Art. 17. (1) If the Controller identifies a breach of the security of your personal data that may pose a high risk to your rights and freedoms, it shall notify you without undue delay of the breach and of the measures that have been taken or are to be taken.

(2) The controller is not obliged to notify you if:

  • has taken appropriate technical and organisational measures to protect the data affected by the security breach;
  • has subsequently taken measures to ensure that the infringement will not result in a high risk to your rights;
  • notification would require a disproportionate effort.

Persons to whom your personal data is provided

Art. 18. (1) For the purposes of processing your personal data and providing the service in its full functionality and in view of your interests, the Controller may provide the data to the following data processors:

Processor of personal data Purpose of processing personal data

Gergana Nedelcheva Dimitrova PROCESSING OF ORDER AND DELIVERY OF GOODS TO CUSTOMER; ISSUANCE OF INVOICES AND CREATION OF CUSTOMERS TO COURIER DELIVERING ORDER TO CUSTOMER

Bozhidar Nikolaev Dimitrov Issuance of invoices and creation of bills of lading to the courier delivering the order to the client

(2) The processors shall comply with all legality and security requirements in the processing and storage of your personal data.

Art. 19. The controller does not transfer your data to third countries.

Art. 20. In the event of a violation of your rights under the foregoing or applicable data protection law, you have the right to file a complaint with the Personal Data Protection Commission as follows:

Name: Commission for Personal Data Protection.
Registered office and registered address. Registered office and registered office: 1592 Sofia Blvd. “1592, Proff. Tsvetan Lazarov” № 2
Address for correspondence. Address for correspondence. “1592, Proff. Tsvetan Lazarov” № 2
Phone: 02 915 3 518
Website: www.cpdp.bg

Art. 21. You can exercise all your rights regarding the protection of your personal data by using the forms attached to this information. Of course, these forms are optional and you can make your requests in any form that contains a statement to that effect and identifies you as the data holder.

Art. 22. If the consent relates to a transfer, the Controller shall describe the possible risks of the transfer of the data to third countries in the absence of an adequate protection solution and appropriate means of protection.