PRIVACY POLICY

"The Saint 54" Ltd.
(Notification regarding the processing of personal data)

Personal Data Administrator

1. Name: "The Saint 54" Ltd.

2. UIC: 207911965

3. Registered office and address of management: Plovdiv, Komatevsko Shosse Blvd. 61 "V"

4. Phone: 0882010206

5. Email address: info.thesaint54@gmail.com

6. Website: ………………………..
   "………………………………." Ltd. ("The Company" or "Administrator") carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016 on the protection of natural persons in relation to the processing of personal data ("General Data Protection Regulation" or "Regulation"). This Privacy Policy ("Privacy Policy" or "Policy") aims to inform each Client (as defined below) of the Company about the processing of data that identifies or can identify the specific Client.
   For the purposes of this Policy, a "Client" is any individual party to a contract with the Company for the purchase and sale of goods, as well as an individual expressing the intention to enter into pre-contractual relations with the Administrator and/or a user of the Online Store www.thesaint54.com, accessible via email: info.thesain54@gmail.com, as well as a director, manager, representative, attorney, employee, partner, shareholder, actual owner of a legal entity or other legal formation using the Online Store.

7. What personal data do we process?
   The Company processes, as a personal data administrator, the following groups of personal data of Clients:
   • Physical identity – names, UIC, address, phone, email address;
   • Economic identity - information about the bank account number.
   Personal data is collected by the Administrator from the individuals to whom it pertains.

8. How do we collect personal data?
   We collect personal data:
   • During the registration process on the website of the Online Store and when using the Online Store without registration;
   • When corresponding with the Client, which may include written, electronic, and oral communication;
   • Through "cookies" when using or viewing our website.
   In some cases, we may collect information from third parties or public sources.
   Our website collects data in log files. This information includes data about your IP address, internet provider, browser, operating system, when you visited our website, and the pages visited.
   Our website uses "cookies". "Cookies" are small pieces of information that the website sends to the visitor's browser. The browser stores this information in a text file on the user's device. They help us make our website work better for you. More information about the use of "cookies" can be found in our Cookie Policy, published on the website of the Online Store: www.thesaint54.com.

   
   

9. Do we process special categories of personal data?

10. The Company does not process special categories of personal data of Clients.

    
    

11. For what purposes do we process personal data?
    The Company processes the personal data of Clients for the following purposes:
    • Providing information and assistance requested by you;
    • Individualization and contact with clients and actual owners;
    • For all activities related to the existence, modification, and termination of the relationship between the Company and the Client;
    • Offering and promoting additional services;
    • Compliance with regulatory requirements;
    • Providing protection in case of a dispute and cooperation with regulatory authorities to the extent required by law.
    If we do not process this personal data, we may not be able to provide you with our services or the assistance requested.

    
    

12. What legal grounds do we process personal data on?
    The personal data of Clients is collected, processed, and used based on several grounds for processing:
    • For the performance of a contract or to enter into pre-contractual relations;
    • To comply with a legal obligation applicable to the Company;
    • For the legitimate interests of the Company or a third party when the rights and interests of the data subjects do not outweigh them – for dispute resolution; to prevent, establish, and investigate fraud, violations, or other unlawful behavior; to establish, exercise, or defend legal claims;
    • Based on voluntarily given consent when required by applicable legislation.

    
    

13. For how long do we store personal data?
    The Company stores personal data during the contractual relationship and until the claim under the contract is settled, as well as during a transition period (e.g., to comply with obligations related to archiving and storing accounting data). If a judicial or other action is initiated, personal data may be stored until the end of such action, including all possible appeal periods, after which they will be deleted or archived as permitted by applicable law. Specifically, different accounting and tax documents containing personal data are stored for a period of 10 years, starting from January 1 of the reporting period following the reporting period to which they relate.
    When your personal data is obtained and processed based on your consent, we will process your personal data only as long as we have your consent to do so.

    
    

14. Who do we share personal data with? Do we provide it to third countries?
    The Company may at its discretion transfer part or all of the personal data to data processors to fulfill the processing purposes, in compliance with the requirements of the Regulation.
    The Company shares personal data with:
    • Third parties – service providers engaged by us to perform functions or activities on our behalf;
    • Third parties: regulatory bodies, tax, financial bodies, judicial, administrative, and law enforcement authorities, all in accordance with applicable law.
    This list is not exhaustive, and there may be other legal purposes for storing, disclosing, or otherwise processing your personal data.
    The Company will notify the data subject if it intends to transfer part or all of their personal data to third countries or international organizations.

    
    

15. Are personal data protected?
    The Company ensures and maintains appropriate technical and organizational measures to protect personal data against unauthorized access or unlawful use of personal data and/or against accidental loss, alteration, disclosure, access, and/or damage or copying. These measures aim to ensure continuous protection and confidentiality of personal data. The Company regularly reassesses the measures to achieve consistent security of personal data.

    
    

16. Do we perform automated decision-making?
    The Company does not perform automated decision-making based on data.

    
    

17. What are the Client's rights related to the protection of personal data?
    Each Client can exercise the following rights by sending a written request to the Company:
    • Withdrawal of consent for the processing of personal data
    When the processing of personal data is based on the Client's consent, the Client has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
    • Right of access
    Each Client has the right to receive confirmation from the Company as to whether their personal data is being processed by the Company. This includes the right of access to personal data, the right to receive a free copy of the data (except in cases of excessive or repeated requests), as well as the right to receive a description of the main information related to the processing of their personal data.
    The Company will provide the Client with a free copy of their personal data being processed but reserves the right to impose an administrative fee for repeated or excessive requests.
    • Right to rectification
    Each Client has the right to request that the Company rectify, without undue delay, inaccurate, incomplete, or outdated personal data that relates to them.
    • Right to erasure (right to be forgotten)
    Each Client has the right to request that the Company delete their personal data without undue delay when any of the following grounds apply:
    (i) The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
    (ii) The Client withdraws their consent on which the processing of their data is based and there is no other legal basis for processing;
    (iii) The Client objects to the processing, as outlined below;
    (iv) The personal data have been processed unlawfully; or
    (v) The personal data must be erased to comply with a legal obligation under EU law, Member State law, or the law of another country;
    (vi) The personal data were collected in connection with the offering of information society services.
    The Company may refuse to delete the personal data of the Client where processing is necessary:
    (i) for the exercise of the right to freedom of expression and information;
    (ii) to comply with a legal obligation requiring processing under EU law or the law of a Member State that applies to the Administrator or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Administrator;
    (iii) for public health reasons;
    (iv) for archival purposes in the public interest, scientific or historical research, or statistical purposes;
    (v) for the establishment, exercise, or defense of legal claims.
    • Right to restriction of processing
    Each Client has the right to request the Company to restrict the processing of their personal data in the following cases:
    (i) When disputing the accuracy of the personal data provided by the Client and processed by the Company (restriction applies for a specified period that allows the Company to verify the accuracy of the personal data);
    (ii) When the processing is unlawful, but the Client does not want their personal data to be erased and requests instead that their use be restricted;
    (iii) When the Company no longer needs the personal data for processing purposes but the Client requires them for the establishment, exercise, or defense of legal claims;
    (iv) When the Client has objected to processing and expects the Company to verify whether the legal grounds for processing the personal data override the interests of the Client.
    • Right to object
    Each Client has the right at any time, on grounds relating to their particular situation, to object to the processing of personal data relating to them.
    The Client may exercise the right only concerning the processing of their personal data that is carried out by the Company for the purposes of the legitimate interests of the Company.
    If the objection is justified, the Company will stop processing the personal data concerning the objecting Client unless the Company proves that there are compelling legal grounds for the processing, which take precedence over the Client's interests.
    • Right to data portability
    This right includes the following options:
    (i) to receive the personal data in a structured, commonly used, and machine-readable format, to transfer them to another administrator, or
    (ii) to request direct transfer of the personal data to another administrator, where technically feasible.
    • Right to file a complaint
    Each Client has the right to file a complaint regarding the processing of their personal data by the Company with the Commission for Protection of Personal Data, which is the competent supervisory authority.

    
    Commission for the Protection of Personal Data
    Address: Sofia, 1592, Prof. Tsvetan Lazarov Str. No. 2,
    Tel. (02) 91 53 519, Fax: (02) 91 53 525
    Email: kzld@cpdp.bg, Website: www.cpdp.bg