logo
Choose your shipping destination and language

Privacy policy

Privacy policy
We would like our customers to feel secure when they shop online at PEPINA.BG. Protecting Your private sphere is high priority for us, because we consider the protection of personal information as a fundamental principle in quality offering of products and services online.

The policy determining how Your personal data will be processed and protected:

Information about the company processing Your data:

Name: "PEPINA M" Ltd.

UIC / BULSTAT:BG131197187

Headquarters and management address: Sofia

Address for correspondence: Sofia

Phone: 088 966 0069

E-mail: info@pepina.bg

Website: https://pepinashop.com


Reason for collecting, processing and storing Your personal data

Art. 1. The administrator collects and processes Your personal data in touch with the use of online store https://pepinashop.com and the conclusion of contracts with the company on the grounds of Art. 6, para. 1, Regulation (EC) 2016/679 (GDPR), and in particular on the following grounds:

Execution of the obligations of the Administrator under contract with You;
Compliance with a statutory duty applicable to the Administrator;
For the purposes of the legitimate interests of the Administrator or a third party;


Aims and principles of collecting, processing and storing Your personal data

Art. 2. (1) We collect and process the personal data you provide to us in touch with the use of online store https://pepinshop.com and the conclusion of a contract with the company, including for the following purposes:

- creating an account and providing full functionality in using the online store;
- individualisation of a party to the contract;
- accounting purposes;
- statistical objectives;
- protection of information security;
- ensuring the implementation of the contract for the provision of the relevant service;
- sending a newsletter at Your request;

(2) We comply with the following principles when processing Your personal data:

- legality, conscientiousness and transparency;
- limitation of processing objectives;
- relevance to the processing objectives and minimization of the data collected;
- accuracy and timeliness of the data;
- restriction of storage in order to achieve the objectives;
- integrity and confidentiality of processing and guarantee of an adequate level of security of personal data.

(3) When processing and storing personal data, the Administrator may process and store personal data in order to protect its legitimate interests:

- fulfilling its obligations to the National Revenue Agency, the Ministry of Internal Affairs and other national and municipal authorities.


What kind of personal data collects, processes and stores our company

Art. 3. The Company performs the following operations with the personal data You provide for the following purposes:

Registration of an e-shop user and execution of a distance-purchase contract - the purpose of this operation is to create an account for using the e-shop to purchase goods and provide contact details for delivery of purchased goods. The registration and creation of an online store account is not a mandatory step in providing the service and is accessible to a significant extent without creating an account, but as a Guest.
Conclusion of the Impact Assessment: Based on the Impact Assessment carried out, the Data Protection Officer considers that the Operation "Registration of an e-shop user and the execution of a distance-purchase contract" is permissible for performance and provides sufficient safeguards to protect the rights and legitimate interests of data subjects in line with GDPR requirements.
Conclusion and execution of a commercial transaction with a client or a partner - the purpose of this operation is to conclude and execute a contract with a trading partner or client and its administration. Given the limited scope of personal data collected and the fact that part of it is collected from publicly available sources, the Data Protection Officer considers that an impact assessment is not required to conduct an impact assessment of the operation.
Sending a newsletter and advertising messages - the purpose of this operation is to administer the newsletter process to clients who have declared they wish to receive. Given the limited scope of personal data collected, the Data Protection Officer considers that an impact assessment is not required to carry out an impact assessment of the operation.
Аcquire right of withdrawal or claim - the purpose of this operation is to administer the process of practising the right of withdrawal or claim by the client. Given the limited scope of personal data collected, the Data Protection Officer considers that an impact assessment is not required to carry out an impact assessment of the operation.
Making an appraisal when buying a product - the purpose of this operation is to make a preliminary assessment if the customer wants to buy a good;
Buying a product - the purpose of this operation is to assist in the transfer of the goods through the conclusion of a purchase contract with a natural person.

Art. 4. (1) The administrator shall process the following categories of personal data and information for the following purposes and on the following grounds:
Data for registering and receiving a newsletter (names, e-mail).
Purpose for which data is collected: 1) Making a contact with the user and sending information to him, 2) For the purpose of registering a user in the online store, and 3) Sending a newsletter.
Reason for processing your personal data - By accepting the terms and conditions and registering in the e-shop or ordering without a registration or upon entering into a written agreement between the Administrator and you, a contractual relationship is created on which we process your personal data . 6, para. 1, b. (b) GDPR. Your data for sending a newsletter is processed on the basis of your explicit consent - Art. 6, para. 1, b. (s) GDPR.
Additional data provided by You - If You wish to add Your profile, You can fill in the name, address, telephone number and location.
Aims for which data is collected: Adding user information to his / her user account.
Grounds for processing the data: You have explicitly given consent to process its personal data for one or more specific purposes - 6, para. 1, b. (a) of GDPR at the time of registration in the online store.
Delivery Details (names, phone, e-mail, address)
Purpose for which data is collected: Execution of obligations of the controller under a distance-purchase contract and delivery of purchased goods, including the exercise of the right of return and the replacement or refusal of purchased goods.
Reason for processing your personal data - By accepting the terms and conditions and registering in the e-shop or ordering without a registration or upon entering into a written agreement between the Administrator and you, a contractual relationship is created on which we process your personal data . 6, para. 1, b. (b) GDPR.
(2) The administrator does not collect or process any personal data related to the following:

- reveal racial or ethnic origin;
- reveal political, religious or philosophical beliefs, or membership of trade unions;
- genetic and biometric data, health status, or data on sexual life or sexual orientation.


(3) The personal data are collected by the Administrator from the persons to whom they refer.

(4) The Company does not make automated decision making with data.

(5) The Company does not collect and process data for persons under 16 years, except with the explicit consent of their parents or legal representatives.

Transmitting your personal data for processing

Art. 7. (1) The administrator may, at its own discretion, transmit all or part of your personal data to processor personal data for the fulfillment of the processing purposes with which you have agreed, subject to the requirements of Regulation (EC) 2016/679 (GDPR) .

(2) The Administrator notifies You in case of intent to transfer some or all of your personal data to third countries or international organizations.


Your rights in collecting, processing and storing Your personal data

Withdrawal of consent to process Your personal data

Art. 8. (1) If You do not wish all or any of Your personal data to continue to be processed by the Company for any particular or for any processing purpose, you may at any time withdraw your consent to processing by request in free text.

(2) The Administrator may ask You to certify your identity and identity with the data subject by asking You to enter an email address and a password to access the site at the office of the Company before our employee.

(3) By withdrawing the consent to process personal data that is required to create and maintain an online store account, your account will become inactive. Of course, you will be able to browse the online store and the offered items and put orders as a guest or make a new registration.

(4) If there is an order You are currently processing, the earliest date at which You can withdraw Your consent to processing is the successful completion of the order.



Right of access

Art. 9. (1) You have the right to request and obtain from the Administrator a confirmation that personal data relating to You are being processed, as if You are a registered user, You may at any time see in Your profile the personal data You have provided and processed for You.

(2) You have the right to access the data relating to You as well as information relating to the collection, processing and storage of your personal data.

(3) The Administrator shall provide you, upon request, a copy of the processed personal data relating to You in electronic or other appropriate form.

(4) The provision of access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repeatability or excessive demand.

Right of correction or completion

Art. 10. You may correct or fill in inaccurate or incomplete personal data relating to You directly through Your website account or by requesting the Administrator.

Right to delete ("to be forgotten")

Art. 11. (1) You have the right to ask the Administrator to delete part or all of your personal data relating to You and the Administrator has the obligation to delete them without undue delay when any of the following reasons exists:

- personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- You withdraw your consent on which the processing of the data is based and no other legal basis for the processing;
- You object to the processing of personal data relating to You, including for direct marketing purposes, and there are no legitimate grounds for the processing that will take precedence;
- personal data has been tampered with;
- personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the Administrator;
- personal data have been gathered in touch with the provision of information society services.

(2) The administrator is not obliged to delete the personal data if he / she keeps them and processes them:
- for acquiring rights to freedom of expression and the right to information;
- to comply with a legal obligation which requires treatment provided for in EU law or the law of the Member State to be applied to the Administrator or to the performance of a public interest task or the exercise of official authority conferred on it;
- for reasons of public interest in the field of public health;
- for purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;
- for the establishment, exercise or protection of legal claims.

(3) In case of exercising your right to be forgotten, the Company will delete all of your data except for the following information:

- the information that is required to verify that Your right to be forgotten is met - email, IP address;
- technical information about the operation of the online store, which information can not connect in any way with Your personality;
- the email You've signed up for in the online store.

(4) In order to exercise Your right to be forgotten, You must submit a request by sending an email request to the Administrator.

(5) The administrator may ask Yyou to certify your identity and identity with the data subject.

(6) If there is an order You are currently processing, the earliest point at which You can ask to be "forgotten" is when You successfully complete the order.

(3) By deleting Your personal information, Your account will become inactive. Of course, You will be able to browse the online store and the offered products and make orders as a guest or make a new registration.

(7) The administrator does not delete the data, which he has a legal obligation to store, including for protection against claims against him or proof of his rights.


Right of limitation

Art. 12. You have the right to require the Administrator to restrict the processing of your related data when:

- contest the accuracy of personal data for a period that allows the Administrator to verify the accuracy of the personal data;
- the processing is illegal, but You do not want personal data to be erased, but only to be limited;
- The administrator no longer requires personal data for the purposes of processing, but You require them to identify, exercise or protect Your legal claims;
- You have objected to the treatment pending verification that the legal grounds of the Administrator have an advantage over Your interests

Right of portability

Art. 13. (1) You may at any time download or receive in a machine-readable format the data that is stored and processed for You in touch with the use of the Services of the Administrator by email request.

(2) You may request the Administrator to directly transfer Your personal data to an administrator You provide when it is technically feasible.



Right to receive information

Art. 14. You may request the Administrator to inform You of all recipients to whom the personal data for which the correction, deletion or limitation of the processing has been requested has been disclosed. The administrator may refuse to provide this information if this would not be possible or would require disproportionate effort.

Right of objection

Art. 15. You may at any time object to the processing of personal data by the Administrator that relates to it, including whether it is being processed for profiling or direct marketing purposes.



Your rights under violation the security of Your personal information

Art. 16. (1) If the Administrator detects a breach of security of Your personal data that may pose a high risk to Your rights and freedoms, he shall notify You without undue delay of the violation as well as of the measures taken or to be taken .

(2) The administrator is not obliged to notify You if:

- has taken appropriate technical and organizational safeguards in respect of the data affected by the breach of security;
- has subsequently taken measures to ensure that the violation will not lead to a high risk for Your rights;
notification would require disproportionate efforts.


Individuals to whom Your personal information is provided

Art. 17. For the purpose of processing Your personal data and providing the service in its full functionality and in view of Your interests, the Administrator may provide the data to the following data processors - see the list of data processors. These processing personal data comply with all legal and security requirements for the processing and storage of your personal data.

Art. 18. The administrator does not transfer your data to third countries.

Art. 19. In case of violation of your rights under the above or applicable data protection laws, you have the right to file a complaint with the Personal Data Protection Commission as follows:

Name: Commission for Personal Data Protection

Headquarters and address of management: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Address for correspondence: Sofia 1592,  2 Prof. Tsvetan Lazarov Blvd.

Phone: 02 915 3 518
Website: www.cpdp.bg

Art. 20. You may exercise all of your rights to protect your personal data through the forms enclosed with this information. Of course, these forms are not mandatory and You can make Your claims in any form that contains a statement about it and identifies You as the data holder.

Art. 21. If the consent relates to a transfer, the Administrator shall describe the possible risks for the transfer of data to third countries in the absence of a decision on adequate protection and appropriate remedies.

Art. 22. COLLECTION AND USE OF PERSONAL DATA

Personal data is any information that can be used to identify a person. Personal information may be requested every time you contact us or our partners to provide our products and services. Only subject to this Privacy Policy and any applicable legal provisions The Administrator and his / her partners may share this information with each other and use it. Your personal data is processed only on the territory of the Republic of Bulgaria only for the period and for the purposes for which it was provided.

22.1. What personal data we collect

When you sign up for an account, buy a product, participate in a lottery, etc., we can collect various types of information, including but not limited to name, postal address, telephone number, email, preferred way of communication, etc.
In cases where certain documents, such as an invoice, need to be issued, additional data may be required in accordance with regulatory requirements.
We store a history of orders made from any account registered on the site.

22.2. How we use personal information

We process Your personal information to fulfill our obligations as a party to a contract for the sale of goods or services. We may periodically use them to send important messages such as order notifications, changes to the Terms of Service, or other policies.
In case You have agreed, we process your data to inform you of current promotions and promotions. Once requested, consent may be withdrawn at any time.
In case You have agreed to participate in certain events (contest, lottery, game, etc.), we process the data You provide to us to administer these activities.
The data provided in the application form will only be used for the purposes of selecting and assessing the suitability of the candidate for the position.

22.3. Disclosure to third parties

In some cases, in order to fulfill our obligations under contracts or legal agreements entered into with You, we will or will be required to disclose personal information You provide to our partners (eg transport, courier, service, information and other companies ) or to competent authorities.

22.4. protection of personal data

The administrator takes precautions including administrative, technical, and physical measures to protect your personal data from loss, theft and misuse, and from unauthorized access, disclosure, alteration or destruction.

When posting in forums, chat rooms or social networking services, the personal information you share is visible to other users and can be read, collected, or used by them. In such cases, You are responsible for the personal information you choose to provide.


22.5. Integrity and retention of personal data

We will hold your personal data for a period necessary to meet the specific purpose for which they are processed and will then be deleted unless a statutory instrument requires them to be retained for a longer period.


22.6. Rights of the subject of personal data

You can check the accuracy, completeness and timeliness of Your personal information, and correct them by signing in to your account.

If you wish to withdraw Your consent to the processing of personal data, request a correction, object to processing or ask for Your data to be erased ("the right to be forgotten"), you should send a request to that effect via email info@pepina.bg. In order to avoid abuse, requests with the above content will be considered only if they are sent from the email used for the account registration, and we reserve the right to request additional data in order to establish the identity of the requestor and the subject of the data to which it relates .

Requests for personal data submitted will be answered within one month, and if You need to extend the deadline, You will be informed of the extension and of the reasons for the delay. We may refuse to process requests that are unreasonably duplicated or threaten the privacy of other users.

Art. 23. COOKIES

A cookie is a small text file that is saved to your computer or mobile device and is downloaded from it on subsequent visits. pepinashop.com uses cookies to improve and facilitate your visit. We do not use cookies to store personal information or to disclose information to third parties.

The used cookies are both permanent and temporary (session cookies). Permanent cookies are stored as a file on Your computer or mobile device for a period of not more than 24 months. We use session cookies when using the product filter feature to check if You are logged in or have placed an item in your cart.

You can easily delete cookies from Your computer or mobile device using your browser. The instructions for working and deleting cookies are listed in the Help menu in your browser. You can choose to disable cookies or receive a notification whenever a new cookie is sent to Your computer or mobile device. Please note that if You choose to disable cookies, You will not be able to take advantage of all the features on our site.

Third Party Cookies

We use third-party cookies to collect statistics in concise form through analytics tools such as Google Analytics, Google Adwords, Facebook.