0

Privacy Policy

"Privacy Policy (GDPR)"

PERSONAL DATA PROTECTION POLICY

I. Information about the Personal Data Administrator

Who processes your data?

Name: "Tattoo Shop" Ltd.

UIK/BULSTAT: 207551410

Address of management: Sofia, 6th Septemvri Str. 4 (Tattoo Studio)

Contact details: +359 882 030 436

II. Categories of Personal Data that You Collect

Data collected when ordering: Name and surname, delivery address, telephone number, email address.

Payment details: Information about paid transactions (card numbers are not stored - this is processed directly by myPOS/bank).

Contact/registration form data: Name, email

Technical data: IP address, browser information, data collected through cookies.

III. Purposes of Processing and Legal Basis

Here you must describe why you collect the data and what gives you the right to do so (legal basis under GDPR):

Purpose of Processing Legal Basis (Art. 6 GDPR)
Fulfillment of an order (delivery, communication) - Performance of a contract (Art. 6, para. 1, b. "b")
Accounting (issuance of invoices) - Compliance with a legal obligation (Art. 6, para. 1, b. "c")
Direct marketing (subscription to a newsletter) - Consent of the data subject (Art. 6, para. 1, b. "a")
Improvement of the site (via Google Analytics, etc.) - Legitimate interest (Art. 6, para. 1, b. "f")

IV. Personal Data Retention Period

The data is stored only for the period necessary to achieve the purposes for which it was collected.

Order data: According to Bulgarian legislation (e.g. the Accountancy Act), documents such as invoices and other financial information are stored for a period of 5 to 10 years.

Marketing data: Until the withdrawal of consent.

V. Rights of Data Subjects (Customers)

Right of access

Right to rectification

Right to erasure ("right to be forgotten"), unless there is a legal obligation to store them.

Right to restriction of processing.

Right to data portability.

Right to object to processing (including direct marketing).

Right to lodge a complaint with a supervisory authority (Personal Data Protection Commission - CPDP).

VI. Recipients of Personal Data (Third Parties)

Who else has access to the data?

Courier companies (Econt/Speedy) to fulfill the delivery.

Accounting firm.

Payment service providers (myPOS).

IT support of the site.