Privacy policy

The ZIZITO team follows the strictest requirements regarding the collection and management of personal data for visitors to its site, as well as for its customers and partners.

In addition to the General Terms and Conditions and the Cookie Policy, this Privacy Policy aims to clearly define the purposes, methods, grounds, deadlines and conditions under which your personal data is collected and processed.

ZIZITO BG Ltd. (hereinafter referred to as the “Company”) processes the personal data of its clients and partners in full compliance with the requirements of the General Regulation on Personal Data Protection (Regulation (EU) 2016/679) and the Personal Data Protection Act.

In order to comply with regulatory requirements, with this Privacy Policy the Company provides comprehensive information about: Your rights, the type of personal data collected, the grounds for their further processing, the ways of their storage and use, and the cases in which access to them is provided by the Company to third parties.

According to Art. 4 of Regulation (EU) 2016/679, “personal data” means any information relating to an identified or identifiable natural person, directly or indirectly, in particular by identifiers such as name, identification number, data on the location, online identifier or one or more characteristics specific to the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual.

In accordance with our obligations under Regulation (EU) 2016/679 of the European Parliament and of the Council (“General Data Protection Regulation”), the Company ensures that the processing of personal data, such as name, address, telephone and email address, will always be in accordance with the Regulation and the applicable Bulgarian legislation in the field of personal data protection.

Collection and use of personal data

The purposes for collection of personal data by the Company are the following:

  • For preparation, conclusion and implementation of a contract;
  • For marketing purposes – in cases where personal data is provided with explicit, free and informed consent for their further use.

The personal data provided by you are processed only for the purposes of the website www.zizito.com. The goals of our activity are: presentation of distance selling of goods, management of user profiles on the website and statistical goals related to internal analysis and improvement of the Company’s activities.

The company does not collect personal data that are not necessary for the implementation of its activities or those that are not given by the user by expressing express, free and informed consent.

The personal data we process 

For the purposes of concluding a contract, delivery and information services

For the purposes of concluding a contract for the sale of goods, we collect the following types of personal data about customers:

  • Three names ;
  • E-mail address;
  • Phone number ;
  • Shipping address ;
  • Bank account number ;
  • Sound recording data from the maintained customer service center.

The personal data of the users are collected through the active fields for filling in personal data on our site by registered and unregistered visitors.

The processing of personal data by the Company is required for the purposes of the contract to which the data subject is a party. They may also be used to take certain steps at the request of the data subject before the conclusion of a contract (Article 6 (1) (b) of the Regulation).

For the purposes of the marketing activities of the Company

The following personal data are collected for receiving an electronic bulletin and other implementation of other marketing activities by the Company:

  • Two names ;
  • E-mail address ;
  • Other data voluntarily provided by the user in connection with specific marketing purposes for which the user has been informed in advance.

Personal data are collected on the basis of explicit consent (Article 6, paragraph 1 (a) of the Regulation). Consent is expressed by entering some or all of the above data and ticking the box “I agree to my personal data being used to receive a newsletter and I am familiar with the Privacy Policy”.

Technical information

Each time you visit the website of www.zizito.com and browse through its various pages, the Company receives technical information in the form of an information protocol. These types of protocols are anonymous and have the following content:

  • The IP address of the device from which you are visiting the site;
  • Information about the link or page from which you were redirected to our site;
  • Information about the time you spent on the site and the pages you visited on it;
  • Technical information about the type of operating system and browser from which you visit the site;
  • Other type of technical information according to the technical requirements of the information system;

Personal data are collected by the Company on the basis of explicit consent (Article 6, paragraph 1, letter “a” of the Regulation). The consent is expressed by marking the button “I agree” in the field “I am familiar with the privacy policy of” ZIZITO BG “EOOD and “I agree” to the use of cookies when browsing the website.

Other data

In accordance with all legal requirements and the specifics of the type of goods offered, it may be necessary to collect other types of personal data. In these cases, the Company has the obligation to inform you explicitly and unambiguously about the type of personal data required for collection, the grounds for their collection and the purposes of their further processing.

Personal data that are not processed

Under no circumstances does the Company collect or process user personal data that discloses

  • Racial or ethnic origin of consumers;
  • Data on the physical or mental health of consumers;
  • Political, philosophical or religious beliefs;
  • Data on trade union membership;
  • Biometric or genetic data;
  • Data on the sexual orientation of consumers.

Grounds and objectives for personal data processing by the Company

Personal data provided by users shall be processed in full compliance with the grounds and objectives set out in this Privacy Policy.

The company does not practice automated decision making, and the personal data provided will not be used for marketing and advertising purposes, and will not be provided for access and processing by third parties, except in certain cases, which include:

  • When this right is provided by law;
  • If required by law by a competent state or judicial authority;
  • When explicit user consent has been obtained
Grounds for processing personal data 

The grounds for processing personal data of users by the Company are the following:

  • Pre-contractual and contractual relations between the Company and its clients for the purposes of concluding a contract for the purchase of goods at a distance;
  • Explicit and freely stated consent for the processing of certain types of personal data by users;
  • Different types of legal requirements directly related to the activities of the Company.
Purposes of personal data processing

The personal data collected by the Company are processed on the grounds defined in this Privacy Policy, and their purposes are respectively:

  • All procedures and actions necessary for concluding a legitimate contract between the consumer and the company;
  • Execution of a completed order by the user;
  • Fulfillment of accounting regulations in the operation of the Company;
  • Managing user profiles and using the blog section of the website;
  • Informing customers about current promotions and new sales offers;
  • Exercise of the client’s right for claim and request for warranty service of the goods;
  • Answers to inquiries and questions from the user to the Company.

Term of storage of the provided data

The company always stores your data in full compliance with the legal deadlines provided for this purpose. The main role in determining the duration of storage of the collected data is played by the objectives for the processing of the information contained in them.

  • In cases where no contract is concluded between the user and the Company, the personal data of the user will be deleted in a timely manner.
  • Personal data provided by the user for the purpose of performing a contract will be stored for the duration of its execution.
  • In cases where we process personal data on the basis of prior user consent, the data will be stored until you withdraw your consent and exercise your right to be forgotten – then the Company deletes all types of personal data you have provided.

Technical security regarding the protection of personal data

The company has taken care of the introduction of all necessary technical and organizational measures related to the processing and protection of personal data in accordance with Regulation (EU) 2016/679 and applicable Bulgarian legislation.

The measures taken by the Company correspond to the specific risks in the processing and storage of personal data. Organizationally and technically, the protection of user data from potential loss, modification, theft or unauthorized access by third parties is ensured.

Cookies

In order to improve the way we use our website, we use cookies. These are small informational data files that your browser saves on your device’s hard drive. They are important for maintaining the speed, functionality and good customer experience of our website.

Cookies help us better understand and analyze how users use our website and constantly work to improve its navigation. They give us information about whether you are a new visitor or have visited the site in the past. Cookies are anonymous; they do not store personal information about the user and do not collect any information that could reveal your identity.

If you do not want to receive cookies, you can configure your browser and set it to delete all cookies from your device’s hard drive, block cookies or inform you each time before storing cookies. .

To learn more about the use of cookies, you can read our full Cookie Policy.

Sharing and disclosing personal data of users with third parties

In certain cases, the Company may disclose certain types of personal data to its partners or subcontractors. These third parties provide the Company with products and services related to the activities of the Company or ensure the process of marketing activities of the Company.

The Company may grant access to user personal data to third parties, including third parties located outside the European Union, subject to the requirements of the Regulation. Such are, for example, the situations related to:

  • Organizing promotional campaigns, games or competitions in accordance with the rules of specific marketing initiatives;
  • Delivery of products through couriers and / or other third parties who organize the forwarding;
  • Execution by third parties with whom the Company has a contractual relationship in relation to the delivery and measurement of content or advertising, including servers for delivery of advertising content, exchanges for inventory trading (Ad Exchanges), publishing tools (SSP), advertising tools (DSP);
  • Use of virtual servers (VPS) provided by third parties with whom the Company has a contractual relationship;
  • Improving the advertising targeting of the products and services of the Company by third parties;
  • Providing data to well-known service providers that have publicly declared compliance with GDPR and e-privacy policies, such as Google and Facebook. Consent also includes the placement and use of unique depersonalized identifiers, for example through the use of cookies, localStorage or other generally accepted web technology;
  • Receiving server and cloud services related to the orders and servicing of the customer service center by third parties;
  • Providing access to data to third parties providing services to the Company, including accountants, lawyers, auditors, notaries, advertising and PR agencies or companies engaged in systematic data administration.

The company assumes the responsibility to share user personal data with third parties only after the explicit provision of technical and legal mechanisms under which the processing of shared personal data will take place in accordance with the requirements of Regulation (EU) 679/2016 and Bulgarian law.

The Company undertakes to take all necessary actions to ensure the legitimate and secure processing of personal data of users in accordance with the confidentiality requirements set forth in this Policy.

Your rights as a data subject

According to the Regulation, the following rights are guaranteed to every data subject:

Right of access to stored personal data 

Every user has the right to receive information about what personal data we process and whether we process such data.

Right to correct personal data 

In case of discrepancy between your current data and those processed by the Company, you have the right to request the necessary corrections to all inaccurate data without undue delay.

Right to limit the processing of personal data 

In certain circumstances, you have the right to request that the processing of certain types of personal data be restricted or blocked. Such cases are, for example, the need to confirm the accuracy of personal data, the grounds for their processing or the illegality of their processing.

Right to delete personal data 

In the event that the basis for the processing of your personal data is no longer valid, you have the right to request the deletion of all personal data processed by us.

Right to data portability

You have the right to request the transfer of your electronically provided personal data to another provider in a machine-readable format in order to use the same service. This right applies only to data provided with the explicit consent of the user.

Right to object 

In case of disagreement with the way we process your personal data, you have the right to object. This right shall apply only to data the processing of which is necessary for the performance of a task in the public interest or in the exercise of official authority conferred on the controller, and to data the processing of which is necessary for the legitimate interests of the controller. Or a third party, except where the interests of the data subject take precedence over such interests.

Right of withdrawal of consent

When processing personal data after obtaining explicit consent, you have the right to request the withdrawal of consent to the processing of the specific type of personal data at any time.

Right of appeal 

If you are dissatisfied with the way your application has been administered in connection with any of the above rights or you believe that we are not processing your personal data lawfully, you have the right to lodge a complaint with the Data Protection Commission – the supervisory authority. responsible for the implementation of Regulation (EU) 2016/679 and the Personal Data Protection Act.

If you wish to exercise any of the above rights, you can send the relevant application with your exact request to the following e-mail address: info@zizito.com