Privacy Policy

Customertimes Privacy Policy

The Company is a personal data controller within the meaningof Regulation (EU) 2016/679 of the European Parliament and of the Council onthe protection of individuals about the processing of personal data and on thefree movement of such data, and repealing Directive 95/46/EC (General DataProtection Regulation) (from now on referred to as "GDPR") and CCPA(The California Consumer Privacy Act of 2018)

This Privacy Policy explains how the Company collects,processes, and protects your data and outlines your rights regarding it. It isavailable to all users, and we encourage you to contact us at any time if youhave questions or concerns about the processing of your data.

Company reserves the right to update this Privacy Policy atany time. In the event of a change, we will notify you promptly by posting therevised version on our online store. We encourage you to check this pageregularly for any changes.

Section I - Information about the Company processing andstoring your data.

Art. 1. (1) The data you share in this online shopare processed and stored.

Name: CUSTOMERTIMES, CORP.

Company №: 436028;

Headquarters: 3 COLUMBUS CIRCLE, 1513, NEW YORK, NY,10019

Address for correspondence: 3 COLUMBUS CIRCLE, 1513,NEW YORK, NY, 10019

Phone: 212-520-0059

Email Address: compliancereporting@customertimes.com

Section II - Definition of terms

Art. 2. For the Privacy Policy, the following wordsshall be interpreted and understood following each definition.

  1. "Personal     data" means any information linking to an identified or     identifiable living natural person. Individual data, which, when     aggregated together, may lead to identifying a specific individual, also     constitutes personal data. Examples are first and last name, home address,     email address, identity card number, location data, and internet protocol     (IP) address. 
  2. "Website"     - a distinct global Internet network accessible through its     unified address (URL) via HTTP, HTTPS or other standardised protocol     containing system files, database, text content, and graphic elements to     promote the trader's activity.
  3. 'Processing'     means any operation or set of operations which is performed upon     personal data or a set of personal data, whether or not by automatic     means, such as collection, recording, organisation, structuring, storage,     adaptation or alteration, retrieval, consultation, use, disclosure by     transmission, dissemination or otherwise making available, alignment or     combination, restriction, erasure or destruction.
  4. "Administrator"     - a natural or legal person, public authority, agency or other body     which, alone or jointly with third parties, carries out the collection,     processing and storage of personal data.
  5. "Data     ProtectionNotices" - notices containing information provided to     data subjects when the Company collects information about them. These     notices can be either general (e.g. addressed to employees or notices on     the organisation's website) or related to processing for a specific     purpose.
  6. 'pseudonymisation'     - the substitution of information that directly or indirectly identifies     an individual by one or more identifiers ('pseudonyms') so that the     individual cannot be identified without access to the additional     information, which should be kept separate and confidential.
  7. "Consent"     - any freely given, specific, informed and unambiguous indication of the     data subject's wishes, using a statement or an explicit affirmative     action, which expresses consent to the processing of personal data     relating to them.
  8. "Anonymised     data" means personal data that have been processed so that the     data subject can no longer be identified.
  9. "Data     subject" - the natural person to whom the personal data relates.     In other words, it is the person whose information is collected, held,     used or processed by an organisation.

Section III - Basis for collecting, processing andstoring your data

Art. 3. The Company collects, processes and storesyour data in connection with the use of the online shop, the provision ofcertain functionalities, and the conclusion of distance purchase contracts forthe sale of goods based on Art. 6 para. 1, Regulation (EU) 2016/679 (GDPR), andin particular based on the following circumstances:

  1. Your     explicit consent has been obtained;
  2. Conclusion     and performance of our obligations under the distance purchase contract;
  3. Compliance     with legal reporting obligations to government and regulatory authorities     that apply to the Company;
  4. For     the legitimate interests of the Company or a third party to the contract     (freight forwarder);
  5. In     other cases expressly provided for by law,

Section IV- Purposes and Principles for the Collection,Processing and Storage of Your Data

Art. 4. The Company collects, processes and storespersonal data that you provide in connection with the use of the online store,the conclusion of a distance purchase contract, namely in the followinghypotheses: 

  1. Registration     to create an account in the online store;
  2. When     sending an email newsletter with information about new products, special     offers, promotional campaigns and discount codes, subject to your prior     consent and the indication of your email in the relevant subscription     field;
  3. Sending     a response to a request made to the Company via the online store interface     or by email;
  4. Conclusion     and execution of a distance purchase contract, including concerning     delivery, concluded with the Company through the online store     interface; 
  5. Statistical     and marketing needs to optimise the user experience, improve functionality     and design using cookies;

Art. 5. The Company shall comply with the followingprinciples when collecting, processing and storing your data: 

  1. Lawfulness,     fairness, and transparency are the cornerstones of our data processing. We     handle your data in a transparent manner, following the GDPR and     applicable Bulgarian law, to ensure you are fully informed about how your     data is used.
  2. Data     minimisation in line with purposes - We only process the minimum data     set necessary to achieve the purposes for which it was collected. We do     not collect or store unnecessary information that is not essential to the     provision of our services.
  3. Limitation     of the retention period for the purposes - We only retain your data     for the period necessary to fulfil the purposes for which it was     collected. Once these purposes have been achieved, we will delete or     anonymise your data following our policies and legal requirements.
  4. Data     accuracy and timeliness—The information you provide is processed and     stored strictly to ensure accuracy. We regularly update our data to ensure     it aligns with the latest information. In the event of inaccuracies, we     will promptly correct or delete them.
  5. We     take the security and confidentiality of your data seriously. We apply     strict protection measures to safeguard your data, using only     state-of-the-art technology and information processing methods. This     ensures that only the data necessary for the specific purpose is     processed, giving you peace of mind about the safety of your information.
  6. Encryption     or data anonymisation - Encryption converts data into an unreadable     format that can only be decrypted with an authorised key. This ensures     that even in the event of unauthorised access to your data, it will be     secure and inaccessible to unauthorised persons. Anonymisation is the     process of removing personal data from a dataset so that it cannot be used     to identify a specific individual.
  7. Providing     access to the data only to a limited number of interested persons or     because of the legitimate interests of the Company - Access to your     data is limited only to employees employed by us who need access to the     data to perform their job duties. These employees are trained to handle     your data responsibly and are bound by a confidentiality agreement. We may     also provide access to your data to third parties, but only where     necessary, to perform a contract with you or comply with a legal     obligation. In such cases, we will agree with the third party to ensure     they process your data following the GDPR and our data protection policies. 

Section V - Types of personal data that the Companycollects, processes and stores

Art. 6. (1) The Company shall not collect or processpersonal data relating to the following: 

  1. Racial     or ethnic origin;
  2. Political,     religious or philosophical beliefs, or membership of trade unions,     political or non-governmental organisations;
  3. Genetic     and biometric data, health data or data on sex life or sexual orientation;
  4. Data     of minors;

(2) All personal data collected by the Company shallbe shared by the subjects to whom it relates. 

Art. 7. (1) The Company shall process the followingcategories of personal data and information about the purposes and grounds setout below:

  1. Your     data (name and surname, telephone, e-mail, address, etc.)

Purposes for which the data is collected: 

  1. Providing     feedback to the User about responding to their queries; 
  2. Processing     service contract requests

Basis for processing your data:

Accepting the terms and conditions, registering in thee-shop, or placing an order through the "Order as a guest" optionestablishes a contractual relationship between the Company and the User. Onthis basis, personal data is processed - Art. 1 (b) GDPR.

  1. User     experience data (number of orders, products ordered, favourite products,     frequency of visits, last visit, time spent on site, products viewed)

Purpose for which the data is collected: 

Optimise the content and design of individual pages topersonalise the conditions for selling goods at a distance, increase customersatisfaction with the Company, and improve the overall services provided. Weanonymise and encrypt the information. Therefore, we can only access specificusers or their individualising data if they are registered.

Reason for processing your data:

Upon acceptance of the General Terms and Conditions, thePrivacy Policy or consent to the use of cookies at the time of logging into thesite, respectively subsequent consent when performing a specific action,including by registering in the online store on which basis we process yourdata - Art. 1 (a) GDPR.

  1. Sending     newsletter (Email address)

Purpose for which the data is collected: 

We collect your email address for our newsletter, subjectto your explicit consent. The newsletter contains valuable informationabout our products, services, company updates, industry news, and specialoffers. By subscribing to our newsletter, you agree to receive thesecommunications regularly.

Basis for processing your data:

We process your data based on your explicit consent. You canwithdraw your consent anytime by clicking the unsubscribe link at the bottom ofany newsletter. We will remove your details from our newsletter distributionlist if you withdraw your consent.

  1. Recruitment     process

Purpose for which the data is collected: 

In recruitment processes, personal data is collected toassess a candidate's suitability for a specific role within an organisation.The primary purposes for collecting this data include:

Candidate Evaluation: Assessing the candidate'squalifications, skills, experience, and overall fit with the job requirements.

Communication: Facilitating communication with thecandidate throughout the recruitment process, including scheduling interviews,providing updates, and sharing relevant information.

Decision-Making: Making informed decisions regardingthe candidate's candidacy, including whether to proceed to the next stage ofthe recruitment process or extend an offer.

Basis for processing your data:

This basis can be used when the processing is necessary forthe legitimate interests of the organisation or a third party, except where thefundamental rights and freedoms of the data subject override such interests.This ground applies where the processing is necessary to take steps to concludean employment contract with the data subject.

Section VI - Retention period of collected personaldata 

Art.8. (1) The Administrator shall keep the personaldata collected only for the period necessary to achieve the purposes set out inthis Policy and where it has the right or obligation under law to keep themlonger. Various factors determine the length of retention, such as the durationof service provision, if necessary to establish, exercise or defend our legalclaims, or whether we have a legal obligation to retain the data. Theappropriate periods are based on various legal requirements such as:

(2) The duration of storage depends also on thefollowing factors

  1. Purpose     of processing: The longer the data is needed to achieve the original     purpose, the longer it can be retained.
  2. Nature     of the data: Sensitive personal data may require shorter retention     than less sensitive data.
  3. Legal     requirements: Specific legal obligations may dictate how long data     must be retained (e.g., tax records, employment records).
  4. Business     needs: The organisation may need to retain data for operational or     business reasons, such as auditing or dispute resolution.

(3) The time limits that the Administrator shallobserve in processing and storing the data are as follows:

  1. Recruitment     data may be retained six months to 1 year after the recruitment     process.
  2. Customer     data may be retained for the customer relationship for 3-5 years after     the end of the contract.
  3. Financial     data may be retained for extended periods due to legal requirements,     such as tax or accounting regulations, up to 5 years.
  4. Website     visitor data - may be retained for up to 2 years from the last visit     to the website.

Section VII - Rights of the data subject in collecting,processing and storing personal data. Withdrawal of consent to the processingof personal data

Art. 9. (1) The data subject shall have theright to withdraw their consent to processing by filling in the form in thesection "Annexes". This right may be exercised if the data subjectdoes not wish all or part of their data to continue to be processed by the Companyfor any or all specific processing purposes, 

(3) Consent may be withdrawn after the contract isexecuted if there is a valid agreement between the data subject and the Company. 

(4) The data subject may withdraw their consent toprocessing personal data for direct marketing by selecting the"Unsubscribe" option at the bottom of each e-mail message. If such anunsubscribe option is unavailable, you should contact the Company and informthem of your unwillingness to have your data processed for direct marketingpurposes. 

(5) The withdrawal of consent shall not affect thelawfulness of the processing of personal data that the Company has carried upto that point, as well as the data to be stored for a statutory period.

Art. 10. (1) The data subject shall have the right torequest and obtain confirmation from the Company whether personal data relatingto him or her are being processed, what personal data are being processed andother information relating to the processing of personal data.

(2) The Company shall provide, upon request, a copyof the processed personal data relating to the subject in electronic or otherappropriate form.

(3) Providing data access is free, but the Companyreserves the right to charge an administrative fee in case of repetition orexcessiveness of requests.

Art. 11. (1) The data subject shall have the right torequest the rectification of the personal data shared by him/her where they areinaccurate or need to be supplemented because of the purposes of theprocessing.
(2) The data subject can carry out the corresponding rectification onhis/her own via his/her account or by filling in the form in Annex 3 andsending it to the Company's contact email. 

Art. 12. (1) The data subject shall have theright to request the erasure of the personal data stored by the Company. Insuch cases, the Company shall erase, within 72 hours, all data about thesubject it stores. 

(2) To exercise the right to deletion, the User shalltake the following steps:

  1. Submit     the request by email by completing and submitting the form in Appendix 4;
  2. Identify     yourself as the account holder (if one exists);

(3) Once we verify the identity of the person whomade the request and the person to whom the data relates, we will delete thedata processed by the person concerned.

(4) If we have already placed and started processingyour order, you can exercise your rights only after we complete the requestprocessing.

(5) The exercise of the right to be forgotten willnot affect the lawfulness of the processing of personal data that the Companyhas carried up to that point, as well as the data to be stored for a statutoryperiod.

Art. 13. (1) The data subject shall have the right toretrieve or request and receive the data stored and processed for him inmachine-readable format in connection with using the website's functionalities.The right shall be exercised through a request by email after filling in theform No. 4 of the section "Applications"

(2) The personal data that the Company stores may beobtained by: 

  1. A     request to the Company to provide your data in a readable format;
  2. A     request to the Company to transfer your data that it processes to another Company/data     controller;

Art. 14. (1) In the event of a breach of security ofyour data detected by the Company, which endangers the rights and freedoms ofcitizens, the Company shall notify the User(s) concerned thereof, as well as ofthe measures taken or to be taken.

(2) The above shall not apply if the Company hastaken appropriate technical and organisational measures to protect thedata; 

Section VIII - Persons who have access to your data

Art. 15. (1) In connection with the execution of thecontract by the Company and the provision of the full functionality of thewebsite, it is necessary to provide your data to the following entities, whichprocess or store them

  1. Employees     responsible for processing requests from the website
  2. Staff     in the accounting department and legal department;
  3. Employees     in the technical department who perform services related to the     maintenance and development of the website
  4. Hosting     service provider; 
  5. State     and regulatory authorities, upon express request based on an act of a     governmental authority, a court order, or other document issued by a     government official.

(2) The persons who process personal data shallcomply with all legality and security requirements in processing and storingthem. 

(3) The third parties who have access to the datahave a confidentiality agreement with the Company to ensure the security of thepersonal data they process.

Section IX - Storage and processing of personal data

Art. 16. (1) The Company stores and processes yourdata within and outside the European Union (EU) and the European Economic Area(EEA). We may transfer your data to and store it in the United States ofAmerica (USA).

(2)When transferring your data outside the EU/EEA,the Company will ensure that appropriate safeguards protect your data. Thisincludes:

  1. Trusted     Service Providers: The Company only uses trusted service providers who     are committed to high standards of data protection, even if they are     located outside the EU/EEA.
  2. Contractual     Clauses: The Company includes strict contractual clauses with its     service providers that oblige them to protect your data when transferred     outside the EU/EEA. These clauses ensure that your data is processed     following EU data protection laws.
  3. Technical     and Organizational Measures: The Company implements robust technical     and organisational measures to protect your data, such as encryption and     access control, regardless of where the data is stored or processed.

(3) If the Company determines that the standardsafeguards described above are insufficient to provide an adequate level ofprotection for your data when transferred to the USA, it will, on acase-by-case basis, adopt additional technical or organisational securitymeasures following the recommendations of the European Commission.

(4) You can contact us at any time using the contactdetails listed above to learn more about the countries to which we transferyour data and the specific safeguards we have in place regarding thesetransfers.

Section X - Privacy Notice for Data Subjects who areResidents of the State of California

Art. 17. (1) According to California law, someCalifornia residents have specific rights regarding their personal informationas described below. These rights are subject to certain exceptions.

(2) When legally required, we will respond to mostrequests within 30 days unless we reasonably need to extend our response time.

Art. 18. (1) As a California resident, you can optout of selling your personal information to third parties. If you submit avalid and authenticated request and we confirm your identity or authority tomake the request, we will cease selling your personal information.

(2) You may exercise your rights under the CCPA/CPRAwithout discrimination. For example, unless the CCPA/CPRA provides anexception, we will not:

  1. Deny     you goods or services;
  2. Charge     you different prices or rates for services, including through granting     discounts or other benefits or imposing penalties;
  3. Provide     you with a different level or quality of services;
  4. Suggest     that you may receive a different price or rate for services or a different     level or quality of services;
  5. Retaliate     against an employee, application for employment, or independent     contractor; or
  6. Degrade     your experience on our website.

Art. 19. As a California resident, you have the rightto request a list of the categories of personal information we have shared withthird parties for their direct marketing purposes during the preceding calendaryear. We will provide you with a notice that includes the names and addressesof all third parties with whom we have shared your personal information. Toobtain this notice, please contact us.

Section XI Final Provisions

Art. 20. If you violate your rights under thepreceding or applicable data protection law, you have the right to file acomplaint with the Personal Data Protection Commission.

Art. 21. (1) The Company may amend this Privacypolicy to notify all online store users appropriately.

(2) The parties agree that any amendment ormodification of this document will be effective against the data subject in oneof the following events, whichever occurs first in time:

  1. after     being expressly notified by the Company and if the data subject does not     declare within the 14 days granted to him that he rejects them or
  2. after     their publication on the Company's website and if the User does not state     within 14 days of their publication that he rejects them or
  3. By     the data subject's explicit acceptance of it through the Company's website     or any other action that may constitute explicit consent.

Art. 22. This Privacy Policy will enter into forcefrom 01.09.2024. 

Section XI - Annexes

Art. 23. You can exercise all your rights regardingdata protection through the forms attached below or the functionalities in yourprofile. 

  1. Withdrawal     of consent form for processing purposes - Annex 1 
  2. Request     "to be forgotten" - for deletion of personal data related to me     - Annex 2 
  3. Request     for portability of personal data - Annex 3
  4. Request     for rectification of data - Annex 4