Mandatory Information on the Rights of Data Subjects Regarding Personal Data Protection

Information about the company processing your data

Name: TomketModels Ltd.

UIC/BULSTAT: 206299426

Registered office and management address: Sofia, 22 Dospat Slav Street, office 1

Correspondence address: Sofia, 22 Dospat Slav Street, office 1

Telephone: +359 896 896 756

E-mail: of****@******tx.bg

Website: www.3dprintx.bg

Information about the competent supervisory authority for personal data protection

Name: Commission for Personal Data Protection

Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Telephone: +359 2 915 3 518

Website: www.cpdp.bg

TomketModels Ltd. (hereinafter referred to for brevity as the “Controller” or the “Company”) carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This information is intended to inform you about all aspects of the processing of your personal data by the Company and the rights you have in relation to such processing.

Grounds for Collecting, Processing and Storing Your Personal Data

Art. 1. The Controller collects and processes your personal data in connection with the use of the online store www.3dprintx.bg and the conclusion of contracts with the Company on the basis of Art. 6, para. 1 of Regulation (EU) 2016/679 (GDPR), and specifically on the following grounds:

explicit consent received from you as a customer;
performance of the Controller’s obligations under a contract with you;
compliance with a legal obligation applicable to the Controller;
for the purposes of the legitimate interests of the Controller or a third party.

Purposes and Principles in the Collection, Processing and Storage of Your Personal Data

Art. 2. (1) We collect and process the personal data that you provide to us in connection with the use of the online store and the conclusion of a contract with the Company, including for the following purposes:

creating an account and providing full functionality when using the online store;
concluding and performing a distance contract;
individualisation of a party to the contract;
accounting purposes;
statistical purposes;
protection of information security;
ensuring the performance of the contract for the provision of the relevant service;
sending a newsletter where you have expressed a wish to receive one.

(2) We observe the following principles when processing your personal data:

lawfulness, fairness and transparency;
limitation of the purposes of processing;
relevance to the purposes of processing and minimisation of the data collected;
accuracy and up-to-date nature of the data;
storage limitation with regard to achieving the purposes;
integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.

(3) When processing and storing personal data, the Controller may process and store personal data for the purpose of protecting the following legitimate interests:

fulfilling its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal authorities.

Types of Personal Data Collected, Processed and Stored by Our Company

Art. 3. (1) The Company carries out the following operations with the personal data provided by you for the following purposes:

Registration of a user in the online store and performance of a distance purchase and sale contract – the purpose of this operation is to create an account for using the online store for the purchase of goods and to provide contact details for the delivery of purchased goods. Registration and account creation for using the online store is not a mandatory step for the provision of the service, and the service is available to a significant extent without creating an account.

Conclusion from the impact assessment: On the basis of the impact assessment carried out, the operation “Registration of a user in the online store and performance of a distance purchase and sale contract” is permissible and provides sufficient guarantees for the protection of the rights and legitimate interests of data subjects in accordance with the requirements of the GDPR.

Conclusion and performance of a commercial transaction with a customer or partner – the purpose of this operation is the conclusion and performance of a contract with a commercial partner or customer and its administration. Given the limited scope of the personal data collected and the fact that part of it is collected from publicly available sources, carrying out an impact assessment for this operation is not necessary.

Sending a newsletter – the purpose of this operation is to administer the process of sending newsletters to customers who have stated that they wish to receive them. Given the limited scope of the personal data collected, carrying out an impact assessment for this operation is not necessary.

Exercising the right of withdrawal or making a complaint – the purpose of this operation is to administer the process of exercising the customer’s right of withdrawal or complaint. Given the limited scope of the personal data collected, carrying out an impact assessment for this operation is not necessary.

(2) The Controller processes the following categories of personal data and information for the following purposes and on the following grounds:

Your identifying data

E-mail address, name, etc.

Purpose for which the data is collected: 1) Establishing contact with the user and sending information to them; 2) registration of a user in the online store; and 3) sending a newsletter.

Grounds for processing your personal data: By accepting the Terms and Conditions and registering in the online store, placing an order without registration, or concluding a written contract, a contractual relationship is established between the Controller and you, on the basis of which we process your personal data – Art. 6, para. 1, letter (b) GDPR. Your data for sending a newsletter is processed on the basis of your explicit consent – Art. 6, para. 1, letter (a) GDPR.

Data required for delivery

Names, telephone number, address, etc.

Purpose for which the data is collected: Performance of the Controller’s obligations under a purchase and sale contract and delivery of the purchased goods.

Additional data provided by you

If you wish to complete your account, you may enter data such as your first name, surname and telephone number.

Purpose for which the data is collected: Completing the user’s information in their user account.

Grounds for processing the data: You have provided explicit consent for the processing of your personal data for one or more specific purposes – Art. 6, para. 1, letter (a) GDPR at the time of registration in the online store. Providing this data is not mandatory for registration in the online store.

(3) The Controller does not collect or process personal data relating to the following:

revealing racial or ethnic origin;
revealing political, religious or philosophical beliefs, or trade union membership;
genetic and biometric data, health data or data concerning sex life or sexual orientation.

(4) The personal data has been collected by the Controller from the persons to whom it relates.

(5) The Company does not carry out automated decision-making using data.

Art. 4. (1) The Company carries out the following operations with the personal data provided by you as legal representatives or authorised representatives of legal entities that are commercial partners, for the following purposes:

Conclusion and performance of a commercial transaction: For the conclusion and performance of a commercial transaction with a commercial company, we process only the full names of the legal representative or the person authorised by the company.

Conclusion from the impact assessment: Given the small number of natural persons whose data is processed and the limited scope of the personal data collected, carrying out an impact assessment is not necessary for this operation.

(2) The personal data has been collected by the Controller from the persons to whom it relates and from the Commercial Register at the Registry Agency.

(3) The Company does not carry out automated decision-making using data.

Art. 5. The Controller may use so-called “cookies” for the purpose of providing full website functionality, improving the user experience, statistical purposes, easier access, etc., to which you agree by using our website. You may control and/or delete cookies at any time through the settings of the browser you use. Cookies do not constitute personal data and are not used to identify visitors and users of the online store.

Period of Storage of Your Personal Data

Art. 6. (1) The Controller stores your personal data for a period no longer than the existence of your account in the online store. After deletion of your account, the Controller takes the necessary care to delete and destroy all your data without undue delay or to anonymise it, i.e. to render it in a form that does not reveal your identity.

(2) The Controller processes the personal data that you have provided when placing an order without registration in the online store until the order is completed, unless you have given your explicit consent at the time of placing the order for your data to be processed for the purposes of improving the service, providing recommended content for you, individual terms, promotions, as well as for statistical purposes.

(3) The Controller stores your personal data provided in connection with online orders made for a period of 5 years for the purpose of protecting the Controller’s legal interests in the event of judicial or administrative disputes with users of the online store.

(4) The Controller notifies you if the storage period for the data needs to be extended in order to fulfil a statutory obligation or due to the legitimate interests of the Controller or otherwise.

(5) The Controller stores the personal data that it is required to retain under applicable legislation for the respective statutory period, which may exceed the period of existence of your account in the online store or the completion of the order.

Art. 7. The Controller stores the personal data of the legal representatives of its commercial partners for the term of performance of the contract, for compliance with the legitimate interests and legal obligations of the Controller, and this period may exceed the term of the concluded contract.

Transfer of Your Personal Data for Processing

Art. 8. (1) The Controller may, at its own discretion, transfer part or all of your personal data to personal data processors for the fulfilment of the processing purposes to which you have agreed, in compliance with the requirements of Regulation (EU) 2016/679 (GDPR).

(2) The Controller notifies you in the event that it intends to transfer part or all of your personal data to third countries or international organisations.

Your Rights in the Collection, Processing and Storage of Your Personal Data

Withdrawal of Consent for the Processing of Your Personal Data

Art. 9. (1) If you do not wish the personal data provided by you to be processed for marketing purposes and for receiving a newsletter, you may withdraw your consent to processing at any time by completing the consent withdrawal form in Appendix No. 1 or by submitting a free-text request and sending it to us by e-mail.

(2) After we receive your request, we will send a message to the e-mail address you have provided for receiving newsletters and advertising messages, with detailed instructions for verifying you as a recipient of newsletters and as a data subject in relation to whom withdrawal of consent has been requested.

(3) Withdrawal of consent does not affect the lawfulness of the processing of personal data carried out by the Controller up to that point.

Right of Access

Art. 10. (1) You have the right to request and obtain from the Controller confirmation as to whether personal data relating to you is being processed by sending a free-text request by e-mail.

(2) You have the right to access the data relating to you, as well as the information concerning the collection, processing and storage of your personal data.

(3) After we receive your request, we will send a message to the e-mail address you used for registration or for placing orders in the online store, with detailed instructions for verifying you as a data subject in relation to whom access has been requested.

(4) After verification in accordance with para. 3, the Controller provides you, upon request, with a copy of the personal data being processed that relates to you, in electronic or another appropriate form.

(5) Access to the data is provided free of charge, but the Controller reserves the right to impose an administrative fee in the event of repetitive or excessive requests.

Right to Rectification or Completion

Art. 11. (1) You may at any time correct or complete inaccurate or incomplete personal data relating to you through the “Edit Profile” option.

(2) You may correct or complete inaccurate or incomplete personal data relating to you directly through your account on the website or by submitting a request to the Controller by e-mail using the form in Appendix No. 4 or by submitting a free-text request.

Right to Erasure (“Right to Be Forgotten”)

Art. 12. (1) You have the right to request from the Controller the deletion of part or all of the personal data relating to you, and the Controller is obliged to delete it without undue delay where one of the following grounds applies:

the personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
you withdraw your consent on which the processing is based and there is no other legal ground for the processing;
you object to the processing of the personal data relating to you, including for direct marketing purposes, and there are no overriding legitimate grounds for the processing;
the personal data has been unlawfully processed;
the personal data must be erased for compliance with a legal obligation under EU law or the law of a Member State applicable to the Controller;
the personal data has been collected in relation to the offer of information society services.

(2) The Controller is not obliged to erase the personal data if it stores and processes it:

for exercising the right of freedom of expression and information;
for compliance with a legal obligation requiring processing under EU law or the law of a Member State applicable to the Controller, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
for reasons of public interest in the area of public health;
for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes;
for the establishment, exercise or defence of legal claims.

(3) To exercise your right to be forgotten, you must send by e-mail a request for deletion of your personal data processed by the Controller, by completing the form in Appendix No. 2 or by submitting a free-text request. The Controller will then send a message to the e-mail address you used for registration or for placing orders in the online store, with detailed instructions for verifying you as a user of the store and as a data subject in relation to whom a request for deletion has been submitted.

(4) Once we verify the identity of the person submitting the request and the person to whom the data relates in accordance with the instructions sent to you, we will delete all data that we process about you in accordance with para. 3.

(5) If you have placed an order that is currently being processed, the earliest moment at which you may request to be “forgotten” is upon the successful completion of the order.

Right to Restriction of Processing

Art. 13. You have the right to request that the Controller restrict the processing of data relating to you by sending us a free-text request by e-mail where:

you contest the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data;
the processing is unlawful, but you do not wish the personal data to be erased and instead request the restriction of its use;
the Controller no longer needs the personal data for the purposes of processing, but you require it for the establishment, exercise or defence of legal claims;
you have objected to processing pending verification whether the Controller’s legitimate grounds override your interests.

(2) After we receive your request, we will send a message to the e-mail address you used for registration or for placing orders in the online store, with detailed instructions for verifying you as a user of the store and as a data subject in relation to whom restriction of processing has been requested.

(3) After verification in accordance with para. 2, the Company will suspend the processing of your data, but will not remove any posts you have made in the online store, if any.

Right to Data Portability

Art. 14. (1) If you have given consent to the processing of your personal data, or the processing is necessary for the performance of the contract with the Controller, or if your data is processed by automated means, you may:

request that the Controller provide you with your personal data in a readable format and transfer it to another controller;
request that the Controller directly transfer your personal data to a controller specified by you, where technically feasible.

(2) You may exercise the right to data portability by sending us by e-mail the completed form set out in Appendix No. 3 or a free-text request. The Controller will then send a message to the e-mail address you used for registration or for placing orders in the online store, with detailed instructions for verifying you as a user of the store and as a data subject in relation to whom a portability request has been submitted.

(3) After verification in accordance with para. 2, the Company will send to the e-mail address specified by you the data it processes about you in XML format.

Right to Receive Information

Art. 15. You may request that the Controller inform you about all recipients to whom the personal data for which rectification, erasure or restriction of processing has been requested has been disclosed. The Controller may refuse to provide this information if this would be impossible or would require disproportionate effort.

Right to Object

Art. 16. You may object at any time to the processing by the Controller of personal data relating to you, including where it is processed for profiling or direct marketing purposes.

Your Rights in the Event of a Personal Data Security Breach

Art. 17. (1) If the Controller establishes a personal data security breach that is likely to result in a high risk to your rights and freedoms, it will notify you of the breach without undue delay, as well as of the measures that have been taken or are to be taken.

(2) The Controller is not obliged to notify you if:

it has implemented appropriate technical and organisational protection measures with regard to the data affected by the security breach;
it has subsequently taken measures ensuring that the breach is no longer likely to result in a high risk to your rights;
notification would require disproportionate effort.

Persons to Whom Your Personal Data Is Provided

Art. 18. (1) For the purposes of processing your personal data and providing the service in its full functionality and in view of your interests, the Controller may provide the data to the following persons, who are data processors:

Personal data processor	Purpose of personal data processing
…………………………………………	…………………………………………
…………………………………………	…………………………………………
…………………………………………	…………………………………………

(2) The personal data processors comply with all requirements for lawfulness and security in the processing and storage of your personal data.

Art. 19. The Controller does not transfer your data to third countries.

Art. 20. In the event of a violation of your rights under the above or under applicable personal data protection legislation, you have the right to lodge a complaint with the Commission for Personal Data Protection, as follows:

Name: Commission for Personal Data Protection

Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Telephone: +359 2 915 3 518

Website: www.cpdp.bg

Art. 21. You may exercise all your rights regarding the protection of your personal data through the forms attached to this information. These forms are, of course, not mandatory and you may submit your requests in any form that contains a statement to that effect and identifies you as the data subject.

Art. 22. If the consent relates to a transfer, the Controller describes the possible risks of transferring the data to third countries in the absence of an adequacy decision and appropriate safeguards.

Appendix No. 1

Consent Withdrawal Form for Processing Purposes

Your name*: …………………………………………

Your e-mail address used in the online store*: …………………………………………

Contact details (e-mail)*: …………………………………………

Name: …………………………………………

UIC/BULSTAT: …………………………………………

Registered office and management address: …………………………………………

Correspondence address: …………………………………………

Telephone: …………………………………………

E-mail: …………………………………………

Website: …………………………………………

I hereby withdraw my consent for the processing of the personal data provided by me for the purposes of receiving a newsletter, advertising messages or other marketing materials, and I confirm that I am familiar with the conditions for withdrawal of consent in accordance with the Mandatory Information on the Rights of Data Subjects Regarding Personal Data Protection of the online store.

In the event of a violation of your rights under the above or under applicable personal data protection legislation, you have the right to lodge a complaint with the Commission for Personal Data Protection, as follows:

Name: Commission for Personal Data Protection

Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Telephone: +359 2 915 3 518

Website: www.cpdp.bg

Appendix No. 2

“Right to Be Forgotten” Request – Deletion of Personal Data Relating to Me

Your name*: …………………………………………

Your e-mail address used for registration or for orders in the online store*: …………………………………………

Contact details (e-mail)*: …………………………………………

Name: …………………………………………

UIC/BULSTAT: …………………………………………

Registered office and management address: …………………………………………

Correspondence address: …………………………………………

Telephone: …………………………………………

E-mail: …………………………………………

Website: …………………………………………

Please delete from your databases all personal data that you collect, process and store, provided by me or by third parties, which is related to me according to the identification provided.

I declare that I am aware that some or all of my personal data may continue to be processed and stored by the Controller for the purpose of fulfilling its legal obligations.

Name: Commission for Personal Data Protection

Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Telephone: +359 2 915 3 518

Website: www.cpdp.bg

Appendix No. 3

Request for Portability of Personal Data

Your name*: …………………………………………

Your e-mail address used for registration or for orders in the online store*: …………………………………………

Contact details (e-mail)*: …………………………………………

Name: …………………………………………

UIC/BULSTAT: …………………………………………

Registered office and management address: …………………………………………

Correspondence address: …………………………………………

Telephone: …………………………………………

E-mail: …………………………………………

Website: …………………………………………

Please send all personal data relating to me that is collected, processed and stored in your databases in XML format to:

E-mail: …………………………………………

Controller receiving the data: …………………………………………

Name: …………………………………………

Identification number (UIC, BULSTAT, registration number with the CPDP): …………………………………………

E-mail: …………………………………………

Name: Commission for Personal Data Protection

Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Telephone: +359 2 915 3 518

Website: www.cpdp.bg

Appendix No. 4

Data Rectification Request

Your name*: …………………………………………

Your e-mail address used for registration or for orders in the online store*: …………………………………………

Contact details (e-mail)*: …………………………………………

Name: …………………………………………

UIC/BULSTAT: …………………………………………

Registered office and management address: …………………………………………

Correspondence address: …………………………………………

Telephone: …………………………………………

E-mail: …………………………………………

Website: …………………………………………

Please correct the following personal data that you collect, process and store, provided by me or by third parties, which is related to me, as follows:

Data to be corrected:

…………………………………………

Please correct it as follows:

…………………………………………

Name: Commission for Personal Data Protection

Registered office and management address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Correspondence address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Telephone: +359 2 915 3 518

Website: www.cpdp.bg

Privacy Policy

Mandatory Information on the Rights of Data Subjects Regarding Personal Data Protection

Information about the company processing your data

Information about the competent supervisory authority for personal data protection

Grounds for Collecting, Processing and Storing Your Personal Data

Purposes and Principles in the Collection, Processing and Storage of Your Personal Data

Types of Personal Data Collected, Processed and Stored by Our Company

Your identifying data

Data required for delivery

Additional data provided by you

Period of Storage of Your Personal Data

Transfer of Your Personal Data for Processing

Your Rights in the Collection, Processing and Storage of Your Personal Data

Withdrawal of Consent for the Processing of Your Personal Data

Right of Access

Right to Rectification or Completion

Right to Erasure (“Right to Be Forgotten”)

Right to Restriction of Processing

Right to Data Portability

Right to Receive Information

Right to Object

Your Rights in the Event of a Personal Data Security Breach

Persons to Whom Your Personal Data Is Provided

Appendix No. 1

Consent Withdrawal Form for Processing Purposes

Appendix No. 2

“Right to Be Forgotten” Request – Deletion of Personal Data Relating to Me

Appendix No. 3

Request for Portability of Personal Data

Appendix No. 4

Data Rectification Request

+359896/ 896 759

office@3dprintx.shop

My Profile

Useful Links

Payment methods