Privacy Policy
Customertimes Privacy Policy
The Merchant is a personal data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of individuals about the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (from now on referred to as "GDPR") and CCPA (The California Consumer Privacy Act of 2018)
This Privacy Policy explains how the Merchant collects, processes, and protects your data and outlines your rights regarding it. It is available to all users, and we encourage you to contact us at any time if you have questions or concerns about the processing of your data.
Merchant reserves the right to update this Privacy Policy at any time. In the event of a change, we will notify you promptly by posting the revised version on our online store. We encourage you to check this page regularly for any changes.
Section I - Information about the Merchant processing and storing your data.
Art. 1. (1) The data you share in this online shop are processed and stored.
Name: CUSTOMERTIMES, CORP.
Company β: 436028;
Headquarters: 3 COLUMBUS CIRCLE, 1513, NEW YORK, NY, 10019
Address for correspondence: 3 COLUMBUS CIRCLE, 1513, NEW YORK, NY, 10019
Phone: 212-520-0059
Email Address: info@customertimes.comΒ
Section II - Definition of terms
Art. 2. For the Privacy Policy, the following words shall be interpreted and understood following each definition.
- "Personal data" means any information linking to an identified or identifiable living natural person. Individual data, which, when aggregated together, may lead to identifying a specific individual, also constitutes personal data. Examples are first and last name, home address, email address, identity card number, location data, and internet protocol (IP) address.Β
- "Website" - a distinct global Internet network accessible through its unified address (URL) via HTTP, HTTPS or other standardised protocol containing system files, database, text content, and graphic elements to promote the trader's activity.
- 'Processing' means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- "Administrator" - a natural or legal person, public authority, agency or other body which, alone or jointly with third parties, carries out the collection, processing and storage of personal data.
- "Data ProtectionNotices" - notices containing information provided to data subjects when the Company collects information about them. These notices can be either general (e.g. addressed to employees or notices on the organisation's website) or related to processing for a specific purpose.
- 'pseudonymisation' - the substitution of information that directly or indirectly identifies an individual by one or more identifiers ('pseudonyms') so that the individual cannot be identified without access to the additional information, which should be kept separate and confidential.
- "Consent" - any freely given, specific, informed and unambiguous indication of the data subject's wishes, using a statement or an explicit affirmative action, which expresses consent to the processing of personal data relating to them.
- "Anonymised data" means personal data that have been processed so that the data subject can no longer be identified.
- "Data subject" - the natural person to whom the personal data relates. In other words, it is the person whose information is collected, held, used or processed by an organisation.
Section III - Basis for collecting, processing and storing your data
Art. 3. The Merchant collects, processes and stores your data in connection with the use of the online shop, the provision of certain functionalities, and the conclusion of distance purchase contracts for the sale of goods based on Art. 6 para. 1, Regulation (EU) 2016/679 (GDPR), and in particular based on the following circumstances:
- Your explicit consent has been obtained;
- Conclusion and performance of our obligations under the distance purchase contract;
- Compliance with legal reporting obligations to government and regulatory authorities that apply to the Merchant;
- For the legitimate interests of the Merchant or a third party to the contract (freight forwarder);
- In other cases expressly provided for by law,
Section IV- Purposes and Principles for the Collection, Processing and Storage of Your Data
Art. 4. The Merchant collects, processes and stores personal data that you provide in connection with the use of the online store, the conclusion of a distance purchase contract, namely in the following hypotheses:Β
- Registration to create an account in the online store;
- When sending an email newsletter with information about new products, special offers, promotional campaigns and discount codes, subject to your prior consent and the indication of your email in the relevant subscription field;
- Sending a response to a request made to the Merchant via the online store interface or by email;
- Conclusion and execution of a distance purchase contract, including concerning delivery, concluded with the Merchant through the online store interface;Β
- Statistical and marketing needs to optimise the user experience, improve functionality and design using cookies;
Art. 5. The Merchant shall comply with the following principles when collecting, processing and storing your data:Β
- Lawfulness, fairness, and transparency are the cornerstones of our data processing. We handle your data in a transparent manner, following the GDPR and applicable Bulgarian law, to ensure you are fully informed about how your data is used.
- Data minimisation in line with purposes - We only process the minimum data set necessary to achieve the purposes for which it was collected. We do not collect or store unnecessary information that is not essential to the provision of our services.
- Limitation of the retention period for the purposes - We only retain your data for the period necessary to fulfil the purposes for which it was collected. Once these purposes have been achieved, we will delete or anonymise your data following our policies and legal requirements.
- Data accuracy and timelinessβThe information you provide is processed and stored strictly to ensure accuracy. We regularly update our data to ensure it aligns with the latest information. In the event of inaccuracies, we will promptly correct or delete them.
- We take the security and confidentiality of your data seriously. We apply strict protection measures to safeguard your data, using only state-of-the-art technology and information processing methods. This ensures that only the data necessary for the specific purpose is processed, giving you peace of mind about the safety of your information.
- Encryption or data anonymisation - Encryption converts data into an unreadable format that can only be decrypted with an authorised key. This ensures that even in the event of unauthorised access to your data, it will be secure and inaccessible to unauthorised persons. Anonymisation is the process of removing personal data from a dataset so that it cannot be used to identify a specific individual.
- Providing access to the data only to a limited number of interested persons or because of the legitimate interests of the Merchant - Access to your data is limited only to employees employed by us who need access to the data to perform their job duties. These employees are trained to handle your data responsibly and are bound by a confidentiality agreement. We may also provide access to your data to third parties, but only where necessary, to perform a contract with you or comply with a legal obligation. In such cases, we will agree with the third party to ensure they process your data following the GDPR and our data protection policies.Β
Section V - Types of personal data that the Merchant collects, processes and stores
Art. 6. (1) The Merchant shall not collect or process personal data relating to the following:Β
- Racial or ethnic origin;
- Political, religious or philosophical beliefs, or membership of trade unions, political or non-governmental organisations;
- Genetic and biometric data, health data or data on sex life or sexual orientation;
- Data of minors;
(2) All personal data collected by the Merchant shall be shared by the subjects to whom it relates.Β
Art. 7. (1) The Merchant shall process the following categories of personal data and information about the purposes and grounds set out below:
- Your data (name and surname, telephone, e-mail, address, etc.)
Purposes for which the data is collected:Β
- Providing feedback to the User about responding to their queries;Β
- Processing service contract requests
Basis for processing your data:
Accepting the terms and conditions, registering in the e-shop, or placing an order through the "Order as a guest" option establishes a contractual relationship between the Merchant and the User. On this basis, personal data is processed - Art. 1 (b) GDPR.
- User experience data (number of orders, products ordered, favourite products, frequency of visits, last visit, time spent on site, products viewed)
Purpose for which the data is collected:Β
Optimise the content and design of individual pages to personalise the conditions for selling goods at a distance, increase customer satisfaction with the Merchant, and improve the overall services provided. We anonymise and encrypt the information. Therefore, we can only access specific users or their individualising data if they are registered.
Reason for processing your data:
Upon acceptance of the General Terms and Conditions, the Privacy Policy or consent to the use of cookies at the time of logging into the site, respectively subsequent consent when performing a specific action, including by registering in the online store on which basis we process your data - Art. 1 (a) GDPR.
- Sending newsletter (Email address)
Purpose for which the data is collected:Β
We collect your email address for our newsletter, subject to your explicit consent. The newsletter contains valuable information about our products, services, company updates, industry news, and special offers. By subscribing to our newsletter, you agree to receive these communications regularly.
Basis for processing your data:
We process your data based on your explicit consent. You can withdraw your consent anytime by clicking the unsubscribe link at the bottom of any newsletter. We will remove your details from our newsletter distribution list if you withdraw your consent.
- Recruitment process
Purpose for which the data is collected:Β
In recruitment processes, personal data is collected to assess a candidate's suitability for a specific role within an organisation. The primary purposes for collecting this data include:
Candidate Evaluation: Assessing the candidate's qualifications, skills, experience, and overall fit with the job requirements.
Communication: Facilitating communication with the candidate throughout the recruitment process, including scheduling interviews, providing updates, and sharing relevant information.
Decision-Making: Making informed decisions regarding the candidate's candidacy, including whether to proceed to the next stage of the recruitment process or extend an offer.
Basis for processing your data:
This basis can be used when the processing is necessary for the legitimate interests of the organisation or a third party, except where the fundamental rights and freedoms of the data subject override such interests. This ground applies where the processing is necessary to take steps to conclude an employment contract with the data subject.
Section VI - Retention period of collected personal dataΒ
Art.8. (1) The Administrator shall keep the personal data collected only for the period necessary to achieve the purposes set out in this Policy and where it has the right or obligation under law to keep them longer. Various factors determine the length of retention, such as the duration of service provision, if necessary to establish, exercise or defend our legal claims, or whether we have a legal obligation to retain the data. The appropriate periods are based on various legal requirements such as:
(2) The duration of storage depends also on the following factors
- Purpose of processing: The longer the data is needed to achieve the original purpose, the longer it can be retained.
- Nature of the data: Sensitive personal data may require shorter retention than less sensitive data.
- Legal requirements: Specific legal obligations may dictate how long data must be retained (e.g., tax records, employment records).
- Business needs: The organisation may need to retain data for operational or business reasons, such as auditing or dispute resolution.
(3) The time limits that the Administrator shall observe in processing and storing the data are as follows:
- Recruitment data may be retained six months to 1 year after the recruitment process.
- Customer data may be retained for the customer relationship for 3-5 years after the end of the contract.
- Financial data may be retained for extended periods due to legal requirements, such as tax or accounting regulations, up to 5 years.
- Website visitor data - may be retained for up to 2 years from the last visit to the website.
Section VII - Rights of the data subject in collecting, processing and storing personal data. Withdrawal of consent to the processing of personal data
Art. 9. (1) The data subject shall have the right to withdraw their consent to processing by filling in the form in the section "Annexes". This right may be exercised if the data subject does not wish all or part of their data to continue to be processed by the Merchant for any or all specific processing purposes,Β
(3) Consent may be withdrawn after the contract is executed if there is a valid agreement between the data subject and the merchant.Β
(4) The data subject may withdraw their consent to processing personal data for direct marketing by selecting the "Unsubscribe" option at the bottom of each e-mail message. If such an unsubscribe option is unavailable, you should contact the Merchant and inform them of your unwillingness to have your data processed for direct marketing purposes.Β
(5) The withdrawal of consent shall not affect the lawfulness of the processing of personal data that the Merchant has carried up to that point, as well as the data to be stored for a statutory period.
Art. 10. (1) The data subject shall have the right to request and obtain confirmation from the Merchant whether personal data relating to him or her are being processed, what personal data are being processed and other information relating to the processing of personal data.
(2) The Merchant shall provide, upon request, a copy of the processed personal data relating to the subject in electronic or other appropriate form.
(3) Providing data access is free, but the Merchant reserves the right to charge an administrative fee in case of repetition or excessiveness of requests.
Art. 11. (1) The data subject shall have the right to request the rectification of the personal data shared by him/her where they are inaccurate or need to be supplemented because of the purposes of the processing.
(2) The data subject can carry out the corresponding rectification on his/her own via his/her account or by filling in the form in Annex 3 and sending it to the merchant's contact email.Β
Art. 12. (1) The data subject shall have the right to request the erasure of the personal data stored by the Merchant. In such cases, the Merchant shall erase, within 72 hours, all data about the subject it stores.Β
(2) To exercise the right to deletion, the User shall take the following steps:
- Submit the request by email by completing and submitting the form in Appendix 4;
- Identify yourself as the account holder (if one exists);
(3) Once we verify the identity of the person who made the request and the person to whom the data relates, we will delete the data processed by the person concerned.
(4) If we have already placed and started processing your order, you can exercise your rights only after we complete the request processing.
(5) The exercise of the right to be forgotten will not affect the lawfulness of the processing of personal data that the Merchant has carried up to that point, as well as the data to be stored for a statutory period.
Art. 13. (1) The data subject shall have the right to retrieve or request and receive the data stored and processed for him in machine-readable format in connection with using the website's functionalities. The right shall be exercised through a request by email after filling in the form No. 4 of the section "Applications"
(2) The personal data that the Merchant stores may be obtained by:Β
- A request to the Merchant to provide your data in a readable format;
- A request to the Merchant to transfer your data that it processes to another Merchant/data controller;
Art. 14. (1) In the event of a breach of security of your data detected by the Merchant, which endangers the rights and freedoms of citizens, the Merchant shall notify the User(s) concerned thereof, as well as of the measures taken or to be taken.
(2) The above shall not apply if the Merchant has taken appropriate technical and organisational measures to protect the data;Β
Section VIII - Persons who have access to your data
Art. 15. (1) In connection with the execution of the contract by the Merchant and the provision of the full functionality of the website, it is necessary to provide your data to the following entities, which process or store them
- Employees responsible for processing requests from the website
- Staff in the accounting department and legal department;
- Employees in the technical department who perform services related to the maintenance and development of the website
- Hosting service provider;Β
- State and regulatory authorities, upon express request based on an act of a governmental authority, a court order, or other document issued by a government official.
(2) The persons who process personal data shall comply with all legality and security requirements in processing and storing them.Β
(3) The third parties who have access to the data have a confidentiality agreement with the Merchant to ensure the security of the personal data they process.
Section IX - Storage and processing of personal data
Art. 16. (1) The Merchant stores and processes your data within and outside the European Union (EU) and the European Economic Area (EEA). We may transfer your data to and store it in the United States of America (USA).
(2)When transferring your data outside the EU/EEA, the Merchant will ensure that appropriate safeguards protect your data. This includes:
- Trusted Service Providers: The Merchant only uses trusted service providers who are committed to high standards of data protection, even if they are located outside the EU/EEA.
- Contractual Clauses: The Merchant includes strict contractual clauses with its service providers that oblige them to protect your data when transferred outside the EU/EEA. These clauses ensure that your data is processed following EU data protection laws.
- Technical and Organizational Measures: The Merchant implements robust technical and organisational measures to protect your data, such as encryption and access control, regardless of where the data is stored or processed.
(3) If the Merchant determines that the standard safeguards described above are insufficient to provide an adequate level of protection for your data when transferred to the USA, it will, on a case-by-case basis, adopt additional technical or organisational security measures following the recommendations of the European Commission.
(4) You can contact us at any time using the contact details listed above to learn more about the countries to which we transfer your data and the specific safeguards we have in place regarding these transfers.
Section X - Privacy Notice for Data Subjects who are Residents of the State of California
Art. 17. (1) According to California law, some California residents have specific rights regarding their personal information as described below. These rights are subject to certain exceptions.
(2) When legally required, we will respond to most requests within 30 days unless we reasonably need to extend our response time.
Art. 18. (1) As a California resident, you can opt out of selling your personal information to third parties. If you submit a valid and authenticated request and we confirm your identity or authority to make the request, we will cease selling your personal information.
(2) You may exercise your rights under the CCPA/CPRA without discrimination. For example, unless the CCPA/CPRA provides an exception, we will not:
- Deny you goods or services;
- Charge you different prices or rates for services, including through granting discounts or other benefits or imposing penalties;
- Provide you with a different level or quality of services;
- Suggest that you may receive a different price or rate for services or a different level or quality of services;
- Retaliate against an employee, application for employment, or independent contractor; or
- Degrade your experience on our website.
Art. 19. As a California resident, you have the right to request a list of the categories of personal information we have shared with third parties for their direct marketing purposes during the preceding calendar year. We will provide you with a notice that includes the names and addresses of all third parties with whom we have shared your personal information. To obtain this notice, please contact us.
Section XI Final Provisions
Art. 20. If you violate your rights under the preceding or applicable data protection law, you have the right to file a complaint with the Personal Data Protection Commission.
Art. 21. (1) The Merchant may amend this Privacy policy to notify all online store users appropriately.
(2) The parties agree that any amendment or modification of this document will be effective against the data subject in one of the following events, whichever occurs first in time:
- after being expressly notified by the Merchant and if the data subject does not declare within the 14 days granted to him that he rejects them or
- after their publication on the Merchant's website and if the User does not state within 14 days of their publication that he rejects them or
- By the data subject's explicit acceptance of it through the Merchant's website or any other action that may constitute explicit consent.
Art. 22. This Privacy Policy will enter into force from 01.09.2024.Β
Section XI - Annexes
Art. 23. You can exercise all your rights regarding data protection through the forms attached below or the functionalities in your profile.Β
- Withdrawal of consent form for processing purposes - Annex 1Β
- Request "to be forgotten" - for deletion of personal data related to me - Annex 2Β
- Request for portability of personal data - Annex 3
- Request for rectification of data - Annex 4Β