"Personal Data Administrator Information:
G D Styles Ltd. is a commercial company based at: Sofia, Cherkovna St. 67, Apt. 4, registered in the Commercial Register at the Registry Agency with UIC 200436302.

We process your personal data on the following grounds:

Explicit consent from you – the purpose is specified for each specific case;
Legal obligation stipulated by law.
In the following paragraphs, you will find information regarding the processing of your personal data depending on the basis on which we process it.
FOR THE PERFORMANCE OF A CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS

We process your personal data to fulfill contractual and pre-contractual obligations and to exercise the rights under contracts concluded with you.

Purposes of processing:

Compliance with the General Terms of Use of the Website;
Legal obligation stipulated by law;
We do not provide your personal data to third parties, as our main goal is to offer you quality, fast, and comprehensive service.

We use an SSL certificate to ensure safe shopping for our customers. The certificate provides an encrypted connection between you and the website when you enter your personal data.

FOR COMPLIANCE WITH LEGAL OBLIGATIONS

It may be stipulated by law that we are obligated to process your personal data. In these cases, we are required to perform the processing, such as:
● Obligations under the Anti-Money Laundering Act;
● fulfillment of obligations related to distance selling and off-premises sales, as provided in the Consumer Protection Act;
● provision of information to the Consumer Protection Commission or third parties, as provided in the Consumer Protection Act;
● provision of information to the Commission for Personal Data Protection in connection with obligations provided in the regulations for personal data protection;
● obligations provided in the Accounting Act and the Tax and Social Insurance Procedure Code and other related regulatory acts, in connection with maintaining lawful accounting;
● provision of information to the court and third parties, within the framework of court proceedings, according to the requirements of the applicable regulatory acts;
● age verification when shopping online.

Data collected under a legal obligation are deleted after the obligation for collection and storage has been fulfilled or is no longer applicable. For example:
● under the Accounting Act for the storage and processing of accounting data (11 years),
● obligations to provide information to the court, competent state authorities, and other grounds provided in current legislation (5 years).

When it is stipulated by law that we have an obligation, it is possible that we provide your personal data to the competent state authority, natural or legal person.

WITH YOUR CONSENT

Consent is a separate basis for processing your personal data, and the purpose of the processing is stated in it, and does not overlap with the purposes listed in this policy. If you give us the respective consent and until its withdrawal or termination of any contractual relations with you, we prepare suitable offers for products/services for you.
Data collected on this basis are deleted at your request or 1 year after their initial collection.

G D Styles Ltd. has the right to collect and use information about USERS after they have placed an order for goods or services. The information, through which the person can be identified, may include: name and surname, address, phone, email, and any other information voluntarily provided by the person when placing the order.
The information also includes any other data that the USER enters, uses, or provides when using the services provided by G D Styles Ltd.
G D Styles Ltd. does not retain information relating to the identification of a payment instrument by USERS, namely the name, number, SUV of a bank card used by the USER to complete an order.

PROCESSING OF ANONYMIZED DATA

We process your data for statistical purposes, meaning for analyses in which the results are only aggregative and therefore the data are anonymous. Identifying a specific person from this information is impossible.

How we protect your personal data

To ensure adequate protection of the company's data and its customers, we implement all necessary organizational and technical measures provided in the Personal Data Protection Act.
For maximum security during processing, transmission, and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.

Rights of the Users
Every user of the site has all the rights for the protection of personal data according to Bulgarian legislation and the law of the European Union.

Every User has the right to:
● Information (in connection with the processing of his personal data by the administrator);
● Access to their personal data;
● Correction (if the data is inaccurate);
● Deletion of personal data (right to be forgotten);
● Restriction of processing by the administrator or data processor;
● Portability of personal data between different administrators;
● Objection to the processing of their personal data;
● The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on the data subject or similarly significantly affects him;
● Right to judicial or administrative recourse in case the rights of the data subject have been violated.

The User may request deletion if one of the following conditions is met:
● Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
● The User withdraws his consent on which the processing is based and there is no other legal ground for the processing;
● The User objects to the processing and there are no overriding legitimate grounds for the processing;
● The personal data have been unlawfully processed;
● The personal data must be deleted to comply with a legal obligation under Union law or the law of a Member State that applies to the administrator;
● The personal data were collected in connection with the offer of information society services to children and consent was given by the person holding parental responsibility for the child.

The User has the right to restrict the processing of his personal data by the administrator when:
● The accuracy of the personal data is contested. In this case, the restriction of processing is for a period that allows the administrator to verify the accuracy of the personal data;
● The processing is unlawful, but the User does not want the personal data to be deleted, instead requiring a restriction on their use;
● The administrator no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise, or defense of legal claims;
● objects to the processing pending the verification whether the legitimate grounds of the administrator override those of the User.

Right to data portability.
The data subject has the right to receive the personal data concerning him, which he has provided to an administrator, in a structured, widely used, and machine-readable format and has the right to transmit those data to another administrator without hindrance from the administrator to whom the personal data have been provided, when the processing is based on consent or on a contractual obligation and the processing is carried out by automated means. When exercising his right to data portability, the data subject has the right to have the personal data transferred directly from one administrator to another, where technically feasible.

Right to object.
Users have the right to object to the administrator against the processing of their personal data. The personal data administrator is required to cease processing unless he proves that there are compelling legal grounds for the processing that override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims. When objecting to the processing of personal data for the purposes of direct marketing, processing should be stopped immediately.

Complaint to the supervisory authority
Every User has the right to file a complaint against unlawful processing of his personal data to the Commission for Personal Data Protection or to the competent Bulgarian court.

Commission for Personal Data Protection
Headquarters and management address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2
Correspondence address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2
Phone: +3592/91-53-518
Website: www.cpdp.bg"