PRIVACY POLICY

 

INTRODUCTION

Welcome to https://lamoredecoration.com/ (the “Website”), which is created for and commissioned by “L’AMORE” Ltd., UIC: 202297513, with registered office and management address: Sofia 1527, 84 “Stara Planina” St., fl. 8, apt. 23, contact phone: +359 897 983 432.

BY USING THIS WEBSITE, YOU AGREE TO THE TERMS REGARDING THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA IN ACCORDANCE WITH THIS PRIVACY POLICY.

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THIS WEBSITE. IF YOU HAVE QUESTIONS ABOUT THIS PRIVACY POLICY, PLEASE CONTACT US AT +359 897 983 432 OR INFO@LAMOREDECORATION.COM. IF YOU DO NOT AGREE WITH ANY OF THE TERMS IN THIS PRIVACY POLICY, YOU SHOULD NOT USE THIS WEBSITE.

PERSONAL DATA CONTROLLER

“L’AMORE” Ltd. (hereinafter referred to as the “Controller”) is a limited liability company, UIC: 202297513, with registered office and management address: Sofia 1527, 84 “Stara Planina” St., fl. 8, apt. 23, contact phone: +359 897 983 432 and website: https://lamoredecoration.com/.

SUPERVISORY AUTHORITY:

Commission for Personal Data Protection
Address: Sofia 1592, 2 “Prof. Tsvetan Lazarov” Blvd.
Contact information: 02/915 35 18; 02/915 35 15; 02/915 35 19; kzld@cpdp.bg, www.cpdp.bg

I. PURPOSES AND SCOPE OF THE PRIVACY POLICY

 

1.1 The Controller understands the concerns of website visitors regarding the protection of personal data and is committed to protecting their personal data by applying all standards in accordance with Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016. With this Privacy Policy, the Controller respects the privacy of individuals and takes all necessary efforts to protect personal data against unlawful processing by applying technical and organizational measures that comply with current technological advancements and ensure a level of protection appropriate to the risks involved and the nature of the data.

1.2 Through this Privacy Policy and in compliance with Regulation (EU) 2016/679, the Controller provides information about:

– the purposes and scope of the privacy policy;
– the personal data collected and processed by the Controller;
– the purposes of processing the personal data;
– the retention period of personal data;
– the mandatory or voluntary nature of providing personal data;
– processing of personal data;
– protection of personal data;
– recipients or categories of recipients to whom the data may be disclosed;
– the rights of individuals;
– procedures for exercising rights;
– right to object;
– buttons, tools, and content from other companies;
– changes to the privacy policy.

II. DEFINITIONS

 

2.1 For the purposes of Regulation (EU) 2016/679 and this policy, the terms listed have the following meanings:

Personal data means any information related to an identified or identifiable individual (“data subject”); an identifiable person is one who can be identified directly or indirectly, especially through identifiers like a name, ID number, location data, online identifier, or factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Processing of personal data means any operation or set of operations on personal data, whether automated or not—such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, restriction, erasure, or destruction.

Restriction of processing means the marking of stored personal data to limit its processing in the future.

Profiling means any automated processing of personal data to evaluate personal aspects relating to a person, in particular to analyze or predict aspects concerning work performance, economic situation, health, preferences, interests, reliability, behavior, location, or movements.

Controller means the person or entity which determines the purposes and means of processing personal data.

Processor means the person or entity which processes personal data on behalf of the Controller.

Recipient means the person or entity to whom personal data is disclosed, whether a third party or not.

Third party means anyone other than the data subject, controller, processor, or authorized persons acting under their authority.

Consent of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by statement or clear affirmative action.

Personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data.

III. PRINCIPLES FOR PERSONAL DATA PROCESSING

 

3.1 The Controller follows these principles in processing personal data:

– Lawfulness, fairness, and transparency;
– Collected for specified, explicit, and legitimate purposes;
– Data minimization;
– Accuracy and up-to-date;
– Storage limitation;
– Integrity and confidentiality.

PERSONAL DATA COLLECTED AND PROCESSED BY THE CONTROLLER

A. Processing of special categories of personal data (“sensitive data”)

4.1 The Controller does not collect or process special categories of personal data (e.g. racial or ethnic origin, political opinions, religious beliefs, etc.). Individuals should not provide such data. If such data is intentionally submitted, it will be deleted immediately.

B. Personal data collected directly from individuals

5.1 By phone: name, phone number, and possibly email address.

5.2 Via the contact form: name, email, phone number, and message content (e.g. address).

5.3 Via email: email address and any other information (e.g. name, phone, address).

5.4 Via Facebook: name and message content. Data stored on Facebook servers (USA) with GDPR safeguards.

5.5 Via Instagram: name and message content. Data stored on Instagram servers (USA) with GDPR safeguards.

5.6 When registering a user profile: email, full name, phone number, address, and recipient data if different.

5.7 When purchasing products: email, full name, phone number, address, and delivery recipient data.

5.8 When subscribing to a newsletter: email address. MailChimp (USA) is used, under GDPR safeguards.

C. Data about individuals provided by third parties

6.1 Usually not collected, but may be obtained from public registries in specific legal cases (e.g. IP rights violations).

D. Automatically collected data

7.1 IP address, device type, OS, browser, visited pages, visit frequency and duration, date and time of visits. This is used to improve the website and user experience.

COOKIES

8.1 For details about cookie use, please refer to the Cookie Policy on the Controller’s website.

IV. PURPOSES FOR WHICH PERSONAL DATA IS PROCESSED

 

9.1 Personal data is processed for:

– Providing the offered services;
– Communication via email;
– Contractual performance;
– Legal obligations;
– Product delivery;
– Newsletter distribution (with consent);
– Handling complaints;
– Accounting purposes;
– Statistical analysis.

9.2 Automatically collected data is used for:

– Improving website performance;
– Creating anonymous statistics;
– Enhancing service;
– Administering the website;
– Personalizing the website.

9.3 Data will not be used for purposes other than those specified here.

V. DATA RETENTION PERIOD

 

10.1 Inquiries and emails, Facebook, Instagram: data is stored for up to one year after the Controller replies.

10.2 Buyers: data is retained for the duration of the contract and 10 years afterward (legal requirement).

10.3 Newsletter subscribers: data is retained until the user unsubscribes or the service is discontinued.

B. Retention criteria

10.3 Data retention is determined by legal obligations, contract status, communication needs, and other relevant reasons.

MANDATORY OR VOLUNTARY NATURE OF PROVIDING PERSONAL DATA

11.1 Data provision is voluntary but necessary. Without it:

– The Controller cannot deliver ordered products;
– Cannot receive contact form messages;
– User profiles cannot be created;
– Newsletters cannot be received.

DATA PROCESSING

12.1 Processing may be automated or manual.

12.2 Data may be processed by third-party service providers (accounting, hosting, marketing, analytics).

DATA SECURITY

13.1 Measures include:

– Secure storage;
– Identity verification before access;
– SSL encryption (“https” protocol);
– Encrypted communication and login;
– No requests for username/password via email.

13.2 For more information, contact the Controller.

VI. RECIPIENTS TO WHOM PERSONAL DATA MAY BE DISCLOSED

 

14.1 Personal data may be shared with:

– The data subject;
– Legal authorities;
– Service providers (accounting, hosting, delivery, payment);
– Courier services;
– Payment processors.

14.2 Personal data is not sold to third parties.

VII. RIGHTS OF DATA SUBJECTS

 

15.1 Right of access
15.2 Right to rectification
15.3 Right to erasure (“right to be forgotten”)
15.4 Right to restrict processing
15.5 Right to data portability
15.6 Right to object
15.7 Right to withdraw consent
15.8 Rights regarding profiling
15.9 Right to be informed of a data breach
15.10 Right to lodge a complaint with a supervisory authority
15.11 Right to judicial remedy against a supervisory authority
15.12 Right to judicial remedy against a controller or processor
15.13 Right to compensation

VIII. PROCEDURE FOR EXERCISING RIGHTS

 

16.1 Submit a written request (by mail or email) including:

– Name, address, identification details;
– Description of the request;
– Signature, date, email address.

16.2 Requests must be submitted personally.
16.3 Identity will be verified.
16.4 Response within 2 months (extendable by 1 month).
16.5 Delays will be justified within 1 month.
16.6 If no action is taken, explanation and legal options will be provided.
16.7 All recipients will be informed of any correction, deletion, or restriction (unless disproportionate).

RIGHT TO OBJECT

17.1 You may object to processing at any time based on your specific situation.

17.2 If processing is based on public interest or legitimate interest, it will cease unless overriding legal grounds exist.

17.3 For direct marketing purposes, processing will immediately cease upon objection.

IX. LINKS, TOOLS, AND CONTENT FROM OTHER COMPANIES

 

18.1 The site contains buttons/tools (e.g. Facebook, Instagram) linking to third parties. The Controller is not responsible for damages from such use. Users are encouraged to review those companies’ privacy policies.

X. CHANGES TO THE PRIVACY POLICY

 

19.1 This policy may be updated at any time. The updated version will be posted with a new “Last Updated” date and will be effective immediately. Users should periodically review the policy.

XI. CONTACTS

 

20.1 For questions regarding this Privacy Policy, please contact us at +359 897 983 432 or lamoredecoration@gmail.com.