I. GENERAL PROVISIONS
Art. 1. (1) Evis Place EOOD (hereinafter referred to as the Company) is registered in the Commercial Register at the Registry Agency with UIC 204060630, with registered office and address of management: Republic of Bulgaria, Sofia, Blvd. General Skobelev №6.
(2) The company is an administrator of personal data, processing personal data in connection with its activity and only determines the purposes and means for their processing.
(3) The personal data protection officer is: ….., e-mail: firstname.lastname@example.org.
Art. 3. For the purposes of this Policy:
1. “personal data” means any information relating to an identified or identifiable natural person (“data subject”); a person who can be identified is a person who can be identified, directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more features specific to the natural person, the physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual;
2. “processing” means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as the collection, recording, organization, structuring, storage, adaptation or modification, extraction, consultation, use, disclosure by transmitting, disseminating or otherwise making the data available, arranging or combining, restricting, deleting or destroying it;
3. “restriction of processing” means the marking of stored personal data with a view to limiting their processing in the future;
4. “pseudonymisation” means the processing of personal data in such a way that personal data can no longer be linked to a specific data subject without the use of additional information, provided that it is stored separately and is subject to technical and organizational measures to ensure that personal data are not linked to an identified natural person or an identifiable natural person;
5. “personal data register” means any structured set of personal data accessed according to certain criteria, whether centralized, decentralized or distributed according to a functional or geographical principle;
6. “controller” means a natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or legal law of a Member State, the administrator or the specific criteria for its determination may be laid down in Union law or in the law of a Member State;
7. “processor of personal data” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;
8. “recipient” means a natural or legal person, public authority, agency or any other body to whom personal data are disclosed, whether a third party or not. At the same time, public authorities which may receive personal data in the context of a specific investigation in in accordance with Union or Member State law, shall not be considered as “recipients”; the processing of such data by those public authorities complies with the applicable data protection rules in accordance with the purposes of the processing;
9. “third party” means a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and persons who, under the direct supervision of the controller or the processor, have the right to process personal data. data;
10. “consent of the data subject” means any freely expressed, specific, informed and unambiguous indication of the data subject’s will, by means of a statement or clearly confirmatory action expressing his or her consent to the processing of personal data relating to him or her;
11. “breach of the security of personal data” means a breach of security which results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data which are transmitted, stored or otherwise processed;
12. “supervisory authority” means an independent public authority established by a Member State in accordance with Article 51 of the General Data Protection Regulation.
Art. 4. The principles related to the processing of personal data are:
1. principle of legality, good faith and transparency of the processing of personal data – the collection of personal data must be within the limits necessary. The information is collected in a lawful and objective manner;
2. principle of minimization of data, as well as restriction of purposes and storage – personal data must not be used for purposes other than those for which they were collected, except with the consent of the person or in cases expressly provided in the law. Personal data must be stored for a period not longer than necessary for the purposes for which the personal data are processed;
3. principle of accuracy – personal data must be precise, accurate, complete and up-to-date, insofar as this is necessary for the purposes for which they are processed;
4. principle of integrity and confidentiality – personal data must be processed in a way that ensures an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organizational measures.
Art. 5. Personal data of the individual customers of the e-shop of the Company www.evis-uc.com are processed in the register “Counterparties” and in particular in the sub-register “Users under CPA”.
II. SUB-REGISTER “CPA USERS”
Art. 6. (1) The following categories of personal data shall be processed in the sub-register “Users under CPA”:
1. name and surname;
6. IP address – location;
7. IBAN of the user – for return of respective amounts in case of complaints and / or withdrawal from the contract.
(2) The data under par. 1, m.p. 1, 2, 3, 5 and 7 are processed for the purpose and on the basis of execution of the distance contract concluded between the Company and a consumer and on the basis of the Accounting Act, the Consumer Protection Act, as well as for the purposes of concluding the same.
(3) The data under par. 1, m.p. 1, 2, 4, 5 and 6 are processed for the purpose of marketing activities, on the basis of a legitimate interest of the Company and only after the explicit consent for processing for the purpose of marketing activities has been provided. The consent under the transitional sentence is provided in electronic form by marking on the home page of the Company’s website or by the user’s profile in the “Settings” menu. The consent provided in accordance with this provision may be withdrawn by a user at any time by marking on the home page of the Company’s website or from his account in the “Settings” menu.
(4) Upon consent given by a user for processing of his personal data for the purpose of marketing activities, the user shall agree to the data specified in para. 3 to be processed for the purpose of offering goods and services to the consumer by e-mail, by telephone and / or by newsletter sent by e-mail, consultation for the purpose of research on the offered goods, as well as for conducting business analyzes, tracking consumer behavior, preferences of the latter, as well as advertising.
(5) The company shall not have access to card data, as well as to the authentication data when paying by credit or debit card or through an account in another external payment platform, and shall not register or store them in any way.
Art. 7. (1) The personal data in the sub-register “Users under CPA” shall be processed on electronic carrier.
(2) The personal data under art. 6, para. 2 of the Policy are recruited by the users themselves in specially developed ordering software and stored in electronic form in a server leased by the Company located in the Republic of Bulgaria for a period of 10 years, starting from January 1 of the year following the year of occurrence. of the respective legal relationship, on the grounds of art. 12, para. 1, item 2 of the Accounting Act. After the expiration of the storage period and provided that there are no documents to be transferred to the State Archives, all data carriers from the register shall be destroyed by an appropriate method, incl. and delete electronic backups.
(3) The personal data under art. 6, para. 3 (except for IP address) of the Policy shall be dialed by the users themselves in the specially developed software for orders and shall be stored for terms, specified below in art. 9, Art. 10 and Art. 11 of this Policy.
Art. 8. (1) The administrator shall assign the processing of the personal data under art. 6, para. 1, item 1 to item 5 incl. and item 7 of this Policy in the sub-register “Users under CPA” of persons employed. The rights and obligations of the individuals processing the data are set out in the relevant job description.
(2) The administrator shall assign the processing of the personal data under art. 6, para. 1, items 1, 3 and 5 on the basis of performance of a contract of the following companies, for processing of orders by consumers, by virtue of Contracts, concluded between them and the Company:
• – Evis Place EOOD with UIC 204060630.
(3) The administrator shall assign the processing of the personal data under art. 6, para. 1, items 1, 3 and 5 on the basis of performance of a contract of the following companies, providing courier services for delivery of orders ordered by consumers, by virtue of Contracts concluded between them and the Company:
• – For shipments on the territory of the Republic of Bulgaria – ECONT EXPRESS OOD with UIC 117047646.
(4) Upon request of information related to the implementation of a specific distance contract, access to the sub-register “Users under CPA” shall be provided to the manager of the Company.
(5) Access to personal data of a person from the sub-register “Users under CPA” shall be granted to a legal adviser or a lawyer in connection with the protection of the rights of the Company in case of a dispute between the parties and / or the need for consultation.
Art. 9. (1) Upon provided consent by a consumer under art. 6, para. 4 of this Policy, users receive notifications about promotions, campaigns or sales of certain goods through a newsletter received by email or receive such information by phone, their behavior on the site and their preferences are examined.
(2) The persons, processing the data for the purpose of performing the actions under para. 1, except the ones indicated in art. 9, 10, 11 and 12 are also persons appointed under an employment relationship with the Company. The rights and obligations for data processing under the previous sentence shall be settled in the job descriptions of the persons.
Art. 10. (1) The marketing activities, related to the analysis of the behavior of the consumers and advertising with given consent under art. 6, para. 6 of this Policy are also performed by processing data that do not allow the identification of an individual (eg name, surname, telephone number, address, etc.), but through the activity of the user through the browser through the so-called. cookies or advertising banners that contain the following information:
1. events related to the activity of the Company’s website (number of pages viewed on the site, products viewed on the site, searches on the Company’s website);
2. information related to the user’s device (device type, operating system and version);
3. approximate location extracted from the IP address.
(2) The activities under par. 1 are carried out through the so-called “cookies”, which are used by the Company or by third parties-partners of the Company. Cookies are small packets of information sent from the pages of a website to a user’s browser and stored on his device.
(3) The company uses two types of cookies: necessary and functional.
Art. 11. The necessary cookies ensure the functioning of the site, providing the ability to access the profile of the user on the site and to process orders.
Art. 12. (1) The functional cookies allow to preserve the preferences of the users and show the behavior of the users of the site. These cookies save time and effort when shopping on the Company’s website and are temporarily stored on the user’s device. Functional cookies are also used by the Company to analyze the behavior of users of the site and how users use it. This allows the Company to customize the offered content and to quickly identify and eliminate various problems.
(2) The functional cookies used by the Company – its and third party partners.
III. RIGHTS OF DATA SUBJECTS AND PROCEDURE FOR THEIR EXERCISE
Art. 14. Data subjects have the following rights regarding their personal data:
1. right of access;
2. right of correction;
3. right to data portability;
4. right to erase (right to be forgotten);
5. the right to request restriction of processing;
6. right of objection against the processing of personal data;
7. the right of the subject not to be the subject of a decision based solely on automated processing, including profiling.
Art. 15. (1) Every natural person, subject of personal data, shall have the right to receive information about the controller of personal data, as well as about the processing of his personal data. This information includes:
1. data identifying the controller, as well as his contact details, including the contact details with the data protection officer;
2. the purposes and the legal basis for the processing;
3. the recipients or the categories of recipients of the personal data, if any;
4. the intention of the controller to transfer the personal data to a third party (where applicable);
5. the term of storage of the personal data;
6. the existence of automated decision-making, including profiling (if any);
7. information about all rights that the subject has;
8. the right to appeal to the supervisory body.
(2) The information under par. 1 shall not be provided if the data subject already has it.
(3) Upon submitting a request for information by a data subject by the order of para. 1, the Company together with the data protection official under Art. 23 of the Policy performs the necessary verification and provides a response with the required information within 14 (fourteen) days, but not later than 30 (thirty) days from the date of receipt of the request. If necessary, this period may be extended by a further two months, taking into account the complexity and number of requests from a particular person. The company shall inform the person of any such extension within one month of receiving the request, indicating the reasons for the delay. The request contains identification of the person (three names and PIN for Bulgarian citizens, and for all other persons – citizens of other EU Member States – names and date of birth), description of the request, preferred form of granting access to personal data, signature , date, email, address for correspondence and power of attorney when the application is submitted by an authorized person. The company is not obliged to respond to a request if it is unable to identify the data subject. The request is entered in the general incoming register of the Company and can be submitted in one of the following ways: a) electronically to the following email: email@example.com, b) on the spot in the office of the Company, located in Sofia,… ..or c) by mail to the address of management of the Company: София
(4) The information under par. 1 shall be provided in one copy to the data subject free of charge. For additional copies requested by the data subject or in case of excessive requests of the subject, especially due to its repeatability, the Company may charge a reasonable fee in the amount of the administrative costs incurred.
(5) When providing a copy of personal data, the Company may not disclose the following categories of data:
1. personal data of third parties, unless the same have not expressed their explicit consent for this;
2. data which represent trade secret, intellectual property or confidential information;
3. other information, which is protected, according to the applicable legislation.
(6) The validity and excessiveness of a request shall be assessed separately for each case by the Company.
(7) In case of refusal to provide access to personal data, the Company shall substantiate its refusal and inform the data subject of its right to file a complaint to the supervisory body.
Art. 16. (1) The data subjects may request their personal data, processed by the Company, to be corrected in case the latter are inaccurate or incomplete.
(2) Upon satisfied request for correction of personal data, the Company shall notify the recipients of data to which such data have been disclosed.
(3) The right under para. 1 shall be exercised by making a request by the order of art. 15, para. 3 of the Policy.
Art. 20. (1) The data subject has the right to object to the processing of his personal data by the Company if the data are processed on one of the following grounds:
1. the processing is necessary for the performance of a task of public interest or in the exercise of official powers, which have been granted to the administrator;
2. the processing is necessary for purposes related to the legitimate interests of the Company or a third party;
3. data processing includes profiling.
(2) The controller shall terminate the processing of personal data, unless he proves that there are convincing legal grounds for its continuation, which have priority over the interests, rights and freedoms of the data subject, or for the establishment, exercise or protection of legal claims.
Art. 21. (1) Every natural person, subject of personal data, has the right to be notified, and the Company is obliged to notify the subject in case of violation of the security of his personal data and when there is a probability that this violation will cause high risk for the rights and the freedoms of the data subject.
(2) The notification under para. 1 shall be carried out without undue delay after its discovery and shall contain a description of the nature of the personal data breach, indicating the nature of the breach, name and contact details of the data protection officer, the consequences of the breach and the actions taken. measures by the Company to deal with the violation and to reduce any adverse effects.
PRICES AND TAXES
All prices listed on the site include VAT. In the event that due to any error, the price of a product is declared as zero or the amount in the return email is calculated incorrectly, www.evis-uc.com is not obliged to deliver this product to the customer at this price. The prices listed on the site do not include transportation costs. The transport within the Republic of Bulgaria is performed by the courier company Econt. The price that the user / customer owes for transport is according to the courier’s tariff to the respective address indicated by the customer. When ordering for other countries, please contact us at e-mail: firstname.lastname@example.org, for information about the prices of courier services to your country.
1. “Evis Place” Ltd. is responsible for the goods until delivery to the customer. Evis Place EOOD is not responsible for delays in case the delay is due to a courier or other supplier.
2. Immediately after delivery, the goods should be carefully inspected by the consumer / customer or a person authorized by him. Any damages, shocks and other damages should be reported immediately to Evis Place EOOD. In case the presence of damages that have occurred during the transportation of the goods is established, “Evis Place EOOD is not responsible for the damage of this goods. In cases when Evis Place EOOD confirms the order and indicates a specific date and time for delivery, the statement is binding. In case of incorrect or wrong address, contact person and / or telephone number when submitting the application, Evis Place EOOD is not bound by any obligation to fulfill the order.
3. Upon delivery of the goods, the consumer / customer or a third party shall sign the accompanying documents. Anyone who is not the holder of the application, but accepts the goods for delivery and is at the address specified by the customer is considered a third party. In case of refusal to receive the goods, except for the cases described below, the refusal is considered unfounded and the Customer must pay the costs of delivery and return of the goods. In case the Customer is not found within the deadline for delivery to the specified address or access and conditions for delivery of the goods are not provided within this period, Evis Place EOOD is released from its obligation to deliver the goods ordered for purchase.
4. Courier company Econt does not undertake the service of opening the shipment before payment.
5. When the delivered goods clearly do not correspond to the goods ordered for purchase by the customer and this can be established by its ordinary inspection, the customer may request that the delivered goods be replaced with those corresponding to his purchase order within 72 hours. from its receipt.
6. Orders are processed during the following business hours: Monday to Friday from 08:00 to 17:00. Orders placed after 17:00 from Monday to Thursday are processed the next morning after 08:00. Orders, made after 17:00 on Friday are processed on Monday after 08:00.
In the event that www.evis-uc.com is unable to deliver the ordered goods to its customer (s) for objective reasons beyond its control, the customer (s) will be paid the price of the goods in full, if it has been paid in advance by the customer.
Our standard delivery time is up to 5 working days. The goods will be delivered with an invoice, which serves as a tax document, as well as a guarantee document, if applicable. The customer is invited to provide his delivery address when confirming the order. If the desired goods are not available or during this time there are unforeseen circumstances related to the delivery, representatives of www.evis-uc.com will inform the customer in a timely manner about the unjustified delay, using the provided contact details. If the shipment has not been received within the specified delivery period by the customer, and he has not been notified by www.evis-uc.com, the customer must call the customer service telephone number: +359 879 609 441 or contact www.evis-uc.com via email@example.com.
DELIVERY, PACKAGING AND PAYMENT TERMS
Customers’ purchases are sent appropriately packaged with the courier company Econt, and payment is made in accordance with the method chosen by the customer. For each order, delivery costs are listed separately. Please note that delivery costs are paid by the customer. www.evis-uc.com retains ownership of the goods until the full price for the purchase of the goods is paid. All additional costs associated with transportation made during and after the delivery process must be paid by the customer. Delivery methods: The available delivery methods are presented to the customer on the website www.evis-uc.com in the ordering process. Customers are not allowed to receive goods from our premises.
1. In case of established discrepancy of the delivered goods with the made order, the customer has the right to file a complaint within 14 working days from its delivery.
2. The complaint is presented to the company. In order to be respected, the customer should enclose the goods, if possible, in undamaged packaging, as well as the documents that accompany it upon delivery – receipt, invoice, etc. documents establishing the non-conformity of the goods.
3. In case the claim is well-founded, the customer can choose the way of satisfying the claim – by replacing the goods with a new one, corresponding to the concluded contract of sale or repair, if the replacement is impossible.
4. The Client has no right to claim a refund of the amount paid by him or a reduction of the price, if Evis Place EOOD agrees to satisfy the claim in any of the above two ways.
5. Reimbursement of amounts paid shall be made only in case the satisfaction of the claim is impossible in any of the ways specified in item 6.3. from the contract.
6. The refund of amounts paid electronically shall be made only on the card with which the goods have been paid.
7. Refunds are made within 10 working days of returning the product(s).