Currency
EUR
  • EUR
  • BGN
Language
EN EN
Advanced Search
Menu
Profile
Language

Categories

Privacy Policy

Privacy Policy

Mandatory Information on the Rights of Data Subjects under Personal Data Protection

Information regarding the company processing your data:

  • Name: “Neo Genesis” Ltd.

  • UIC/BULSTAT: 206312610

  • Registered office and management address: Bulgaria, Burgas, “Meden Rudnik” residential area, Block 243, ground floor

  • Correspondence address: Bulgaria, Burgas, “Meden Rudnik” residential area, Block 243, ground floor

  • Telephone: 0700 32 072

  • Website: www.stuff.bg

  • Email: shop@stuff.bg

Information regarding the competent supervisory authority for personal data protection:

  • Name: Commission for Personal Data Protection

  • Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Telephone: +359 2 915 3 518

  • Website: www.cpdp.bg

“Neo Genesis” Ltd. (hereinafter referred to as the “Controller” or the “Company”) carries out its activities in compliance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The present information aims to inform you of all aspects of the processing of your personal data by the Company and of the rights you have in connection with such processing.


Legal basis for the collection, processing and storage of your personal data

Art. 1. The Controller collects and processes your personal data in connection with the use of the online store www.stuff.bg and the conclusion of contracts with the Company on the basis of Art. 6, para. 1 of Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:

  • Explicit consent obtained from you as a client;

  • Fulfillment of the Controller’s obligations under a contract with you;

  • Compliance with a legal obligation applicable to the Controller;

  • For the purposes of the legitimate interests of the Controller or a third party.

Purposes and principles in the collection, processing and storage of your personal data

Art. 2. (1) We collect and process the personal data that you provide to us in connection with the use of the online store and the conclusion of a contract with the Company, including for the following purposes:

  • Creating a profile and providing full functionality when using the online store;

  • Conclusion and performance of a distance contract;

  • Identification of a party to the contract;

  • Accounting purposes;

  • Statistical purposes;

  • Protection of information security;

  • Ensuring the performance of the contract for the provision of the relevant service;

  • Sending an informational newsletter upon your expressed request.

(2) We observe the following principles when processing your personal data:

  • Lawfulness, fairness and transparency;

  • Limitation of the purposes of processing;

  • Relevance to the purposes of processing and minimization of the data collected;

  • Accuracy and up-to-dateness of data;

  • Storage limitation with a view to achieving the purposes;

  • Integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.

(3) In processing and storing personal data, the Controller may also process and store personal data for the purpose of protecting its legitimate interests, including:

  • Fulfillment of its obligations to the National Revenue Agency, the Ministry of Interior, and other state and municipal authorities.


Types of personal data collected, processed and stored by our company

Art. 3. (1) The Company performs the following operations with the personal data provided by you for the following purposes:

  • Registration of a user in the online store and performance of a distance sales contract – the purpose of this operation is to create a profile for the use of the online store for purchasing goods and to provide contact details for the delivery of purchased goods. Registration and profile creation for using the online store is not a mandatory step for the provision of the service, and it is to a significant extent accessible without profile creation.

    Impact Assessment Conclusion: Based on the impact assessment carried out, the operation “Registration of a user in the online store and performance of a distance sales contract” is permissible and provides sufficient guarantees for the protection of the rights and legitimate interests of the data subjects in accordance with the requirements of the GDPR.

  • Conclusion and performance of a commercial transaction with a client or partner – the purpose of this operation is the conclusion and performance of a contract with a commercial partner or client and its administration. Given the limited scope of collected personal data and the fact that some of them are collected from publicly available sources, the carrying out of an impact assessment for this operation is not required.

  • Sending of an informational newsletter (newsletter) – the purpose of this operation is the administration of the process of sending newsletters to clients who have declared that they wish to receive them. Given the limited scope of collected personal data, an impact assessment for this operation is not required.

  • Exercising the right of withdrawal or making a claim – the purpose of this operation is to administer the process of exercising the right of withdrawal or making a claim by the client. Given the limited scope of collected personal data, an impact assessment for this operation is not required.

(2) The Controller processes the following categories of personal data and information for the following purposes and on the following grounds:

  • Your identifying data (email address, name, etc.)

    • Purpose for which the data are collected:

      1. Establishing contact with the user and sending information to them;

      2. For the purposes of user registration in the online store;

      3. For sending an informational newsletter.

    • Grounds for processing your personal data: By accepting the general terms and conditions and registering in the online store, or placing an order without registration, or by concluding a written contract, a contractual relationship is created between the Controller and you, on the basis of which we process your personal data – Art. 6, para. 1, letter (b) GDPR. Your data for sending an informational newsletter are processed on the basis of your explicit consent – Art. 6, para. 1, letter (a) GDPR.

  • Data for delivery (name, telephone, address, etc.)

    • Purpose for which the data are collected: Fulfillment of the obligations of the Controller under a sales contract and delivery of purchased goods.

    • Grounds for processing your personal data: By accepting the general terms and conditions and registering in the online store, or placing an order without registration, or by concluding a written contract, a contractual relationship is created between the Controller and you, on the basis of which we process your personal data – Art. 6, para. 1, letter (b) GDPR.

  • Additional data provided by you – If you wish to complete your profile, you may fill in data such as first name, last name, and telephone number.

    • Purpose for which the data are collected: To supplement the information about the user in their account.

    • Grounds for processing the data: You have given explicit consent for the processing of your personal data for one or more specific purposes – Art. 6, para. 1, letter (a) GDPR at the time of registration in the online store. The provision of these data is not mandatory for registration in the online store.

(3) The Controller does not collect and does not process personal data that:

  • Reveal racial or ethnic origin;

  • Reveal political, religious or philosophical beliefs, or membership in trade unions;

  • Genetic and biometric data, data concerning health, or data concerning sexual life or sexual orientation.

(4) The personal data are collected by the Controller from the persons to whom they relate.

(5) The Company does not perform automated decision-making with data.

Art. 4. (1) The Company performs the following operations with the personal data provided by you, as legal representatives or proxies of legal entities – commercial partners, for the following purposes:

  • Conclusion and performance of a commercial transaction: For the conclusion and performance of a commercial transaction with a trading company, we process only the three names of the legal representative or the person authorized by the company.
    Impact Assessment Conclusion: Given the small number of individuals whose data are processed and the limited amount of personal data collected, the carrying out of an impact assessment for this operation is not required.

(2) The personal data are collected by the Controller from the persons to whom they relate and from the Commercial Register at the Registry Agency.

(3) The Company does not perform automated decision-making with data.

Art. 5. The Controller may use so-called “cookies” for the purposes of providing full functionality of the website, improving user experience, statistical purposes, easy access, etc., which you agree to by using our website. You may at any time control and/or delete “cookies” through the settings of your browser. “Cookies” do not constitute personal data and are not used to identify visitors and users of the online store.


Retention period of your personal data

Art. 6. (1) The Controller stores your personal data for a period no longer than the existence of your profile in the online store. After deletion of your profile, the Controller takes the necessary care to erase and destroy all your data without undue delay or to anonymize them (i.e. to transform them into a form that does not reveal your identity).

(2) The Controller processes your personal data, which you have provided when placing an order without registration in the online store, until the completion of the order, unless you have given your explicit consent at the time of placing the order for your data to be processed for the purposes of improving the service, providing recommended content for you, individual conditions, promotions, as well as for statistical purposes.

(3) The Controller stores your personal data provided in connection with online orders for a period of 5 years for the purposes of protecting the legal interests of the Controller in the event of judicial or administrative disputes with users of the online store.

(4) The Controller shall notify you in the event that the retention period needs to be extended in view of compliance with a regulatory obligation or in view of the legitimate interests of the Controller or another party.

(5) The Controller stores the personal data that must be retained under applicable law for the relevant statutory period, which may exceed the existence of your profile in the online store or the completion of the order.

Art. 7. The Controller stores the personal data of the legal representatives of its commercial partners for the duration of the performance of the contract, for the purpose of compliance with the legitimate interests and legal obligations of the Controller, and such period may exceed the duration of the concluded contract.


Transfer of your personal data for processing

Art. 8. (1) The Controller may, at its own discretion, transfer part or all of your personal data to personal data processors for the purposes of processing with which you have agreed, while complying with the requirements of Regulation (EU) 2016/679 (GDPR).

(2) The Controller shall notify you in the event of an intention to transfer part or all of your personal data to third countries or international organizations.

Your rights regarding the collection, processing and storage of your personal data

Withdrawal of consent for processing your personal data

Art. 9. (1) If you do not wish the personal data you have provided to be processed for marketing purposes and receiving newsletters, you may at any time withdraw your consent for processing by completing the withdrawal of consent form in Appendix No. 1 or by submitting a free-text request and sending it to us by email.

(2) Once we receive your request, we will send you an email (to the email address you have indicated for receiving newsletters and promotional messages) with detailed instructions for your verification as a recipient of newsletters and as the data subject whose consent is being withdrawn.

(3) The withdrawal of consent does not affect the lawfulness of the processing of personal data carried out by the Controller up to that point.

Right of access

Art. 10. (1) You have the right to request and receive from the Controller confirmation as to whether personal data relating to you are being processed, by submitting a free-text request by email.

(2) You have the right to access the data relating to you, as well as the information regarding the collection, processing and storage of your personal data.

(3) Once we receive your request, we will send you an email (to the email address you used for registration or for placing orders in the online store) with detailed instructions for your verification as a data subject for whom access is being requested.

(4) After carrying out the verification under para. 3, the Controller shall provide you, upon request, with a copy of the personal data processed in relation to you, in electronic or another appropriate form.

(5) Providing access to the data is free of charge, but the Controller reserves the right to impose an administrative fee in the event of repetitiveness or excessiveness of the requests.

Right to rectification or completion

Art. 11. (1) You may at any time rectify or complete inaccurate or incomplete personal data relating to you through the “Edit Profile” option.

(2) You may rectify or complete inaccurate or incomplete personal data relating to you directly through your profile on the website or by submitting a request to the Controller by email, using the form in Appendix No. 4 or through a free-text request.

Right to erasure (“right to be forgotten”)

Art. 12. (1) You have the right to request from the Controller the erasure of part or all of your personal data, and the Controller has the obligation to erase them without undue delay when any of the following grounds apply:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

  • You withdraw your consent on which the processing is based, and there is no other legal ground for the processing;

  • You object to the processing of your personal data, including for the purposes of direct marketing, and there are no overriding legitimate grounds for the processing;

  • The personal data have been unlawfully processed;

  • The personal data must be erased in order to comply with a legal obligation under EU law or the law of a Member State applicable to the Controller;

  • The personal data have been collected in relation to the provision of information society services.

(2) The Controller is not obliged to erase personal data if it processes and stores them:

  • For exercising the right of freedom of expression and information;

  • For compliance with a legal obligation requiring processing provided for in EU law or in the law of a Member State applicable to the Controller, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;

  • For reasons of public interest in the area of public health;

  • For archiving purposes in the public interest, for scientific or historical research, or for statistical purposes;

  • For the establishment, exercise or defense of legal claims.

(3) To exercise your right to be forgotten, you need to send an email request for the erasure of your personal data processed by the Controller, by completing the form in Appendix No. 2 or by submitting a free-text request. The Controller will then send to the email address you used for registration or for placing orders in the online store detailed instructions for your verification as a user of the store and data subject requesting erasure.

(4) After verifying the identity of the requester and the person to whom the data relate, in accordance with the instructions sent to you, we will erase all data we process about you in accordance with para. 3.

(5) If you have placed an order that is still being processed, the earliest moment at which you may request to be “forgotten” is upon the successful completion of the order.

Right to restriction of processing

Art. 13. (1) You have the right to request from the Controller the restriction of processing of your personal data by sending us a free-text request by email, when:

  • You contest the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data;

  • The processing is unlawful, but you do not want the personal data to be erased, but only to have their use restricted;

  • The Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims;

  • You have objected to the processing, pending the verification whether the legitimate grounds of the Controller override your interests.

(2) Once we receive your request, we will send you an email (to the email address you used for registration or for placing orders in the online store) with detailed instructions for your verification as a user of the store and as a data subject whose processing restriction is requested.

(3) After completing the verification under para. 2, the Company will cease the processing of your data, but will not remove any publications you have made in the online store, if such exist.

Right to data portability

Art. 14. (1) If you have given consent for the processing of your personal data, or if the processing is necessary for the performance of a contract with the Controller, or if your data are processed by automated means, you may:

  • Request from the Controller to provide you with your personal data in a readable format and to transfer them to another Controller;

  • Request from the Controller to directly transfer your personal data to another Controller specified by you, where technically feasible.

(2) You may exercise your right to portability by sending us a completed form as per Appendix No. 3 or a free-text request by email, after which the Controller will send to the email address you used for registration or for placing orders in the online store detailed instructions for your verification as a user of the store and as a data subject whose portability is requested.

(3) After completing the verification under para. 2, the Company will send the data processed about you to the email address specified by you, in XML format.

Right to be informed

Art. 15. You may request from the Controller to inform you regarding all recipients to whom the personal data, for which rectification, erasure or restriction of processing has been requested, have been disclosed. The Controller may refuse to provide this information if it would be impossible or would require disproportionate effort.

Right to object

Art. 16. You may at any time object to the processing of personal data by the Controller relating to you, including if they are processed for profiling or direct marketing purposes.



Your rights in the event of a personal data breach

Art. 17. (1) If the Controller establishes a breach of the security of your personal data that may result in a high risk to your rights and freedoms, the Controller shall notify you without undue delay of the breach, as well as of the measures that have been taken or are to be taken.

(2) The Controller is not obliged to notify you if:

  • It has implemented appropriate technical and organizational protection measures with respect to the data affected by the personal data breach;

  • It has taken subsequent measures ensuring that the breach will not lead to a high risk to your rights;

  • Notification would involve disproportionate effort.

Recipients of your personal data

Art. 18. (1) For the purposes of processing your personal data and providing the service in its full functionality and in view of your interests, the Controller may provide the data to the following persons who are data processors:

Data ProcessorPurpose of personal data processing
Svetozar RoevManagement of the online store

(2) The data processors comply with all legality and security requirements in the processing and storage of your personal data.

Art. 19. The Controller does not transfer your data to third countries.

Complaints and exercising your rights

Art. 20. In the event of violation of your rights under the above or the applicable data protection legislation, you have the right to lodge a complaint with the Commission for Personal Data Protection, as follows:

  • Name: Commission for Personal Data Protection

  • Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Telephone: +359 2 915 3 518

  • Website: www.cpdp.bg

Art. 21. You may exercise all of your rights regarding the protection of your personal data through the forms attached to this information. Of course, the use of these forms is not mandatory, and you may submit your requests in any form that contains a statement to that effect and identifies you as the data subject.

Art. 22. If the consent concerns data transfer, the Controller shall describe the possible risks of data transfer to third countries in the absence of an adequacy decision and appropriate safeguards.

Appendices

Appendix No. 1

Form for withdrawal of consent for processing purposes

Your name*: ..............................
Your email used in the online store*: ..............................
Contact details (email)*: ..............................

To

  • Name: “Neo Genesis” Ltd.

  • UIC/BULSTAT: 206312610

  • Registered office and management address: Bulgaria, Burgas, “Meden Rudnik” residential area, Block 243, ground floor

  • Correspondence address: Bulgaria, Burgas, “Meden Rudnik” residential area, Block 243, ground floor

  • Telephone: 0700 32 072

  • Website: www.stuff.bg

  • Email: shop@stuff.bg

I hereby withdraw my consent for the processing of the personal data provided by me for the purposes of receiving newsletters, promotional messages, or other marketing materials, being informed of the conditions for withdrawal of consent in accordance with the Mandatory Information on the Rights of Data Subjects of the online store.

In the event of violation of your rights under the above or the applicable data protection legislation, you have the right to lodge a complaint with the Commission for Personal Data Protection, as follows:

  • Name: Commission for Personal Data Protection

  • Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Telephone: +359 2 915 3 518

  • Website: www.cpdp.bg


Appendix No. 2

Request “to be forgotten” – for the erasure of personal data related to me

Your name*: ..............................
Your email used for registration or for placing orders in the online store*: ..............................
Contact details (email)*: ..............................

To

  • Name: “Neo Genesis” Ltd.

  • UIC/BULSTAT: 206312610

  • Registered office and management address: Bulgaria, Burgas, “Meden Rudnik” residential area, Block 243, ground floor

  • Correspondence address: Bulgaria, Burgas, “Meden Rudnik” residential area, Block 243, ground floor

  • Telephone: 0700 32 072

  • Website: www.stuff.bg

  • Email: shop@stuff.bg

I request that all personal data collected, processed, and stored by you, provided by me or by third parties related to me, according to the identification specified above, be deleted from your databases.

I declare that I am aware that part or all of my personal data may continue to be processed and stored by the Controller for the purposes of fulfilling its legal obligations.

In the event of violation of your rights under the above or the applicable data protection legislation, you have the right to lodge a complaint with the Commission for Personal Data Protection, as follows:

  • Name: Commission for Personal Data Protection

  • Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Telephone: +359 2 915 3 518

  • Website: www.cpdp.bg

Appendix No. 3

Request for data portability

Your name*: ..............................
Your email used for registration or for placing orders in the online store*: ..............................
Contact details (email)*: ..............................

To

  • Name: “Neo Genesis” Ltd.

  • UIC/BULSTAT: 206312610

  • Registered office and management address: Bulgaria, Burgas, “Meden Rudnik” residential area, Block 243, ground floor

  • Correspondence address: Bulgaria, Burgas, “Meden Rudnik” residential area, Block 243, ground floor

  • Telephone: 0700 32 072

  • Website: www.stuff.bg

  • Email: shop@stuff.bg

I request that all personal data related to me, which are collected, processed, and stored in your databases, be sent in XML format to:

  • Email: ..............................

  • Receiving Controller: ..............................

Receiving Controller details:

  • Name: “Neo Genesis” Ltd.

  • Identification number (UIC, BULSTAT, reg. number at CPDP): 333494

  • Email: shop@stuff.bg

In the event of violation of your rights under the above or the applicable data protection legislation, you have the right to lodge a complaint with the Commission for Personal Data Protection, as follows:

  • Name: Commission for Personal Data Protection

  • Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Telephone: +359 2 915 3 518

  • Website: www.cpdp.bg

Appendix No. 4

Request for rectification of data

Your name*: ..............................
Your email used for registration or for placing orders in the online store*: ..............................
Contact details (email)*: ..............................

To

  • Name: “Neo Genesis” Ltd.

  • UIC/BULSTAT: 206312610

  • Registered office and management address: Bulgaria, Burgas, “Meden Rudnik” residential area, Block 243, ground floor

  • Correspondence address: Bulgaria, Burgas, “Meden Rudnik” residential area, Block 243, ground floor

  • Telephone: 0700 32 072

  • Website: www.stuff.bg

  • Email: shop@stuff.bg

I request that the following personal data, collected, processed, and stored by you, provided by me or by third parties related to me, be rectified as follows:

  • Data to be rectified: ..................................................

  • Please rectify as follows: ..................................................

In the event of violation of your rights under the above or the applicable data protection legislation, you have the right to lodge a complaint with the Commission for Personal Data Protection, as follows:

  • Name: Commission for Personal Data Protection

  • Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

  • Telephone: +359 2 915 3 518

  • Website: www.cpdp.bg


New Products

  • Price: €49.10 96.03лв.

  • Price: €72.16 141.13лв.

  • Price: €664.18 1299.02лв.
Subscribe

News

Scroll To Top