Privacy Policy

I. Information about the Administrator

"PLOPSY" EOOD is a company registered in the Commercial Register at the Registration Agency with EIC 207097185, with headquarters and management address: Sofia, 7, Liditse, email address: office@portokalena.com. 

"PLOPSY" EOOD (hereinafter referred to as "Administrator") carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in relation to the processing of personal data and on the free movement of such data.

The administrator sells goods through a website located at the domain www.mekitsa.shop

II. Definitions

1) Personal data - any information related to an identified natural person or an identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics;

 2) Administrator - "PLOPSY" EOOD, which alone or jointly with other persons determines the purposes and means for the processing of personal data;

3) Personal data processor – a natural or legal person who processes personal data on behalf of the Administrator;

4) Recipient – natural or legal person, public body, agency or other structure to which the personal data is disclosed, regardless of whether it is a third party or not;

5) Third party – natural or legal person, public body, agency or other body other than the data subject, the Administrator, the personal data processor and the persons who, under the direct supervision of the administrator or the personal data processor, have the right to process the personal data;

6) Consent of the data subject – any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or a clear affirmative action, which expresses his consent for the personal data related to him to be processed;

7) User – any natural person who visits the website www.mekitsa.shop in order to purchase goods by concluding a distance sales contract with the Administrator.

 III. Legal basis for collecting, processing and storing personal data

1. The administrator collects and processes personal data in connection with the use of the electronic store www.mekitsa.shop and the conclusion of contracts with the company on the basis of Art. 6, para. 1 of Regulation (EU) 2016/679 (GDPR), and more specifically based on:

Express consent received from Users;
Fulfillment of the Administrator's obligations under the contract with the Users;
Compliance with a legal obligation that applies to the Administrator;
For the purposes of the legitimate interests of the Administrator or a third party.

IV. Purpose and principles for collecting, processing and storing personal data

The administrator collects and processes the personal data that the Users provide in connection with the use of the electronic store and the conclusion of a contract with the company, including for the following purposes: placing an order for goods through the online store, concluding and executing a distance purchase contract; accounting purposes; statistical purposes; protection of information security; ensuring the performance of the contract for the provision of the relevant goods/services, satisfying claims and complaints of the Users.

The administrator observes the following principles when processing personal data: legality, good faith and transparency; limitation of processing purposes; relevance to the purposes of the processing and minimization of the data collected; accuracy and timeliness of data; limitation of storage in order to achieve the objectives; integrity and confidentiality of processing and ensuring an appropriate level of personal data security.

When processing and storing personal data, the Administrator may process and store personal data in order to protect the following legitimate interests: fulfillment of obligations to the National Revenue Agency, Ministry of the Interior and other state and municipal bodies, fulfillment of any other legal obligations.

V. Types of personal data collected, processed and stored by the Administrator
1. The Administrator collects the following personal data from the Users: name and surname, email address, postal address, telephone, etc.
2. The following operations are carried out with the personal data provided by the Users for the following purposes:

Placing an order for products from the online store - the purpose is to send a delivery order to the Administrator.

Conclusion and performance of a purchase contract - distance sale - the purpose is the conclusion and performance of the contract, incl. delivery of the ordered products. The data required for delivery are provided by the Administrator to third parties (courier companies) for the purpose of delivery.

The administrator does not provide these payment service providers with personal data of the Users. The relevant payment service providers are personal data controllers on their own legal basis and process the personal data of Users according to the personal data processing rules applied by them. However, the Administrator may receive from the relevant payment service provider information about the payment made through him, which in certain cases in the General Terms and Conditions is the basis for the delivery of the goods.

Exercising the right to withdraw from the contract - the purpose is to administer the process of exercising the right to withdraw from the contract by the User.
Acceptance and satisfaction of complaints - the goal is to lawfully accept and satisfy the complaints of the Users.
Administration of complaints and inquiries made by Users - the purpose is to accept and prepare a response to the complaint.

3.The administrator does not collect or process personal data that reveal racial or ethnic origin; reveal political, religious or philosophical beliefs or trade union membership; genetic and biometric data, health data or data about sex life or sexual orientation.

4.The personal data are collected by the Administrator from the persons to whom they relate.
5.The Company does not perform automated decision-making with data or profiling of Users.

6. www.mekitsa.shop can be accessed through Google and other search engines, as well as through social networks. The Website may integrate social media-related services (eg social media messaging) through which Users may communicate with the Website. The Website maintains social media accounts and may offer applications on various social media sites. Whenever a User accesses the website www.mekitsa.shop through a social media, the provider of the relevant social media may allow the User to share information with us. If the User chooses to share, they will be notified by the social media provider which information will be shared with us.

7.When using the website www.mekitsa.shop by the Users, the Administrator receives information from log files (set of system information about the user): IP address; ISP (Internet Service Provider); the browser that the user uses when visiting the website (eg Google Chrome, Internet Explorer and Mozilla Firefox); the time the user spent on the website and which pages on the website were visited.

8.The website uses Google Analytics - a web service provided by Google to compile detailed statistics on website visitors. The statistics are collected on the Google server and used by the Administrator for the purposes of traffic analysis and improving the effectiveness of the website. The website may use information from social media, in particular facebook about a user, for the purposes set by this website, as well as for the advertising and promotion of the website. Users give their consent to the provision of this information to the respective social media.

9. The administrator also uses the so-called cookies. Cookies are a small amount of information that a web server sends to a web browser, allowing the server to collect feedback from the browser. More information about the types of cookies that the Administrator uses and the purposes for which he uses cookies can be found in the Cookies Policy.VI. Period of storage of personal data.

10. The administrator stores the personal data of each User for a period not longer than the date of execution of the order. The Administrator takes the necessary care to delete and destroy all the User's personal data without undue delay or to anonymize them (make them in a form that does not reveal the User's identity).

11. Regardless of what is stated in item 1, the Administrator stores the personal data that it is necessary to keep under the applicable legislation for the relevant period provided by law (e.g. for accounting and tax purposes). The Administrator notifies the relevant persons in the event that the data storage period needs to be extended in order to fulfill a legal obligation or in view of the legitimate interests of the Administrator.

VII. Transfer of personal data for processing

1. The Administrator may, at its own discretion, transfer part or all of the Users' personal data to personal data processors for the fulfillment of the processing purposes agreed to by the Users, subject to compliance with the requirements of Regulation (EU) 2016/679 (GDPR). The Administrator notifies Users in case of intention to transfer part or all of their personal data to third countries or international organizations.

VIII. Users' rights when collecting, processing and storing personal data

Withdrawal of consent to the processing of personal data

1. If the User does not want the personal data provided by him to be processed, he can withdraw his consent to processing at any time by sending a request in free text to the Administrator by e-mail. After receiving the request, the Administrator sends to the User's e-mail a letter with detailed instructions for verification of the relevant User as a subject of personal data.

2. After the verification, the Administrator deletes the User's personal data and sends him confirmation of the deletion by electronic means. The deletion of personal data may result in the inability of the Administrator to fulfill his obligations under the contract concluded with the User for the supply of goods.

3.The withdrawal of consent does not affect the lawfulness of the processing of personal data that the Administrator has carried out up to that point.

Right of access

1. The User has the right to request and receive from the Administrator confirmation as to whether personal data related to him is being processed by sending a request in free text by e-mail. The user has the right to access the data related to him, as well as the information related to the collection, processing and storage of his personal data.
2,After receiving the request, the Administrator sends to the User's e-mail a letter with detailed instructions for verification of the relevant User as the subject of the personal data to which access is requested. After carrying out the verification, the Administrator provides the User with a copy of the processed personal data related to him, in electronic or other appropriate form.
3.Providing access to the data is free of charge, but the Administrator reserves the right to demand the payment of a fee in case of repetitive or excessive requests.

Right to rectification or completion

1.The User may at any time correct or complete inaccurate or incomplete personal data relating to him by sending a request to the Administrator by email. The administrator notifies the User by e-mail about the correction of the data.

Right to erasure ("to be forgotten")

1.The User has the right to ask the Administrator to delete part or all of the personal data related to him, and the Administrator has the obligation to delete them without undue delay when any of the following grounds are present:

The personal data are no longer necessary for the purposes for which they were collected or processed;
The user has withdrawn his consent to the processing of the data and there is no other legal basis for the processing;
The user has objected to the processing of the personal data related to him and there are no overriding legal grounds for the processing;
The personal data were processed unlawfully;
The personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the Administrator;
Personal data were collected in connection with the provision of information society services.

Exercising the right to withdraw from the contract - the purpose is to administer the process of exercising the right to withdraw from the contract by the User.
Acceptance and satisfaction of complaints - the goal is to lawfully accept and satisfy the complaints of the Users.
Administration of complaints and inquiries made by Users - the purpose is to accept and prepare a response to the complaint.

2,The administrator is not obliged to delete the personal data if it stores and processes them:
to exercise the right to freedom of expression and the right to information;
to comply with a legal obligation that requires processing provided for in EU or Member State law applicable to the Administrator or for the performance of a task in the public interest or in the exercise of official powers conferred on him;
for reasons of public interest in the field of public health;
for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;
for the establishment, exercise or defense of legal claims.

3.In order to exercise the right to be forgotten, it is necessary for the User to send a request by email in free text to delete the personal data. The Administrator will send to the User's e-mail a letter with detailed instructions for the verification of the person as the subject of the personal data for which a request for deletion has been made.
4.After the Administrator has verified the identity of the person who made the request and the person to whom the data relates in accordance with the instructions sent, the Administrator will delete all data of the relevant User that it processes.

5.Ako ima napravena porŭchka, koyato e v protses na obrabotvane, naĭ-ranniyat moment, v koĭto Potrebitelyat mozhe da poiska da bŭde „zabraven“, e uspeshnoto zavŭrshvane na porŭchkata.
 If an order has been placed and is being processed, the earliest the User can request to be "forgotten" is the successful completion of the order.

Right to limitation

1. The User has the right to request the Administrator to limit the processing of personal data related to him by sending the Administrator a request in free text by e-mail when:

The User disputed the accuracy of the personal data, for a period that allows the Administrator to verify the accuracy of the personal data;

the processing is illegal, but the User does not want the personal data to be deleted, but only to have its use restricted;

The Administrator no longer needs the personal data for the purposes of processing, but the User requires them to establish, exercise or defend their legal claims;

The User has objected to the processing pending verification of whether the legal grounds of the Administrator prevail over his interests.