Satori’s Personal Data Protection Policy
Information about us
Skin Studio LTD (hereinafter referred to as “Studio” and/or “Controller”) is a company registered in the Commercial Register and the Register of Non-profit Legal Entities kept by the Registry Agency under EIK (entity ID) 205826224,
headquartered at: 131 Vitosha blvd. Sofia
Tel: +359 882900999 e-mail: firstname.lastname@example.org
Contact details of our data protection officer:
• Data Protection Officer: Stanislav Chernaev
• Phone: +359 882900999
• Email: email@example.com
The Studio, as a personal data controller, collects and processes certain information about individuals.
This information may relate to the Studio’s employees, managers, customers and guests, suppliers, contractors, business contacts and other individuals with whom the Controller has contact or wants to establish business contact.
This Personal Data Protection Policy governs how personal data is collected, processed and stored in order to meet the standards of the Controller’s organisation and comply with legal requirements.
This Personal Data Protection Policy is issued on the basis of the Personal Data Protection Act and its implementing regulations, as amended (Bulgarian law) and the General Data Protection Regulation (EU) 2016/679 (GDPR).
What is meant by “personal data” and “personal data processing”?:
“Personal data” means any information by which an individual can be identified, directly or indirectly, by one or more personal characteristics, such as: name, ID number (EGN), contact information – location/postal address, telephone number, email address, online ID/ IP address, video images, etc. Those characteristics may be part of the physical, physiological, genetic, mental, economic, cultural or social identity of the individual.
“Personal data processing” means any operation or set of operations which is performed upon personal data or sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, erasure or destruction;
Our attitude to your personal data
The Studio attaches great importance to the protection of personal data, and collects and processes personal data only in compliance with the requirements of local and European law. This Personal Data Protection Policy aims to inform you of how we process your data and what personal data we would collect about you, for what purpose, period and what your rights are.
The security of the data you have provided us with is very important to us. We therefore protect your data by using all appropriate technical and organisational measures that are adequate to the potential risks to individuals’ rights and freedoms to prevent unauthorised access, unauthorised or malicious use, loss or premature deletion of information.
What information do we collect and why?
We may collect personal information about you when you use our Website or select our services. In most cases, we require your personal data for the purpose of concluding a contract, complying with a legal obligation, or protecting our legitimate interest. In certain cases, we process data on the basis of your consent.
Depending on the services you use, we may collect and process the following information about you:
• Your name, ID number (EGN) (for the purposes of registering with the Studio and issuing invoices, on request), date of birth and sex;
• Contact details – contact address, telephone number and email address;
• Video camera recordings to ensure our security and yours;
Principles we follow:
We strictly adhere to the basic principles put in place as compulsory when processing personal data;
Personal data are processed lawfully, fairly and transparently;
Personal data are collected for specific, explicitly stated and legitimate purposes and are not further processed in a manner inconsistent with those purposes;
Personal data are appropriate, relevant and limited to what is necessary for the purposes for which they are processed;
Personal data are accurate and, where necessary, kept up to date;
Personal data are stored in a form which permits identification of the persons concerned for a period no longer than is necessary for the purposes for which the personal data are processed;
Personal data are processed in a manner that guarantees an adequate level of security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by taking appropriate technical and organisational measures;
The purpose of processing your data.
We process the personal data we collect mostly for the following purposes:
When concluding and performing a contract – to register a guest with the Studio, prepare accounting documents, such as bills or invoices, for the services provided; for the purpose of notices relating to our services;
In fulfilment of a legal obligation – for the purpose of obligations stipulated in the Accounting Act and the Tax and Social Insurance Procedure Code and other related regulations, in connection with proper and lawful bookkeeping; when obliged to provide information to any state committees and regulators, as well as courts; in fulfilment of obligations regarding online reservations (remote sales) and off-site sales;
If you consent to direct marketing of our products and services.
On the basis of our legitimate interest – to conduct CCTV in our outlets;
What your rights are:
Where your personal information is collected and processed, you have the right to:
Information about your personal data processed and access to the personal data collected about you;
Correction/completion if the data is inaccurate/incomplete – at your own initiative or at the initiative of the Studio;
Deletion of personal data when there are legal grounds for doing so;
Restriction of the processing of your personal data by the Studio provided there are legal grounds for doing so;
Portability of personal data between different controllers – this right allows you to receive your data from the Studio and transfer them to another controller in a convenient format;
Objection to the processing of your personal data if there are legal grounds for doing so;
The right to defence in court or administrative bodies in the event that your rights have been violated.
You can protect your rights by emailing us on: firstname.lastname@example.org or sending a letter by post/courier to: 131 Vitosha blvd. , Sofia
Your personal information is stored with us in accordance with the purpose for which it was collected and within the statutory periods.
When we may disclose your personal information:
We use a set of measures to protect your personal information from loss, theft and misuse, as well as from unauthorised access, disclosure, alteration or destruction. The Studio uses third parties to support certain contractual activities or to fulfil a legal obligation. We do not disclose your personal information to third parties until we have verified that all technical and organisational measures have been taken to protect that data, and we seek to exercise strict control over the fulfilment of this purpose.
Some of the recipients of personal data may be: courier companies, external consultants and specialists, debt collectors and law firms, banks, security companies, sales agents and representatives, etc.
Your personal data may be disclosed in the circumstances provided for by law. For example, with your explicit consent or with the permission of the Data Protection Commission, your personal data may be shared with third parties.
Personal data must be provided in some cases to comply with our legal requirements, such as: Regulators, incl. state committees, institutions and agencies, National Revenue Agency, National Social Insurance Institute, courts, prosecutor’s office, etc., to which we are obliged to provide personal data under current law. Your personal data may be provided, where necessary or appropriate, for national security purposes or in the event of problems of public importance.
Cookies and tracking
We use Google Analytics, a web analytics service of Google LLC. The information generated by cookies about your use of this Website is typically sent to and stored on Google servers in the United States. Google will shorten your IP addresses in advance within the Member States of the European Union or in other States Parties to the European Economic Community Agreement. On behalf of the operator of this Website, Google uses this information to evaluate use of the Website, compile reports on the activities of the Website and provide other services related to the Website and Internet usage to the website operator. The IP address sent through your browser in the context of Google Analytics is not linked to other data available to Google. You can opt out of cookies by selecting the appropriate settings in your browser. You can also prevent Google from collecting data through cookies and associating them with use of the Website (including IP address) and their processing by Google by downloading and installing an extension (plug-in) for your browser from here: Https://tools.google.com/dlpage/gaoptout?hl=en.
Links to social media
Our website also contains links to Facebook and Instagram. In this case, data is only transferred to the aforementioned social media operators when the corresponding button of the icon illustrating the link is pressed. Clicking on such a button opens the page of the respective social network. There, you can post information about our services in compliance with the rules of the social media operator. You can use our official accounts on various social networks to contact us, as well as other official public accounts of the company. Such as our: Facebook page https://www.facebook.com/satorilaser.bg ; Instagram page https://www.instagram.com/satorilaser.bg/. Any personal data you submit through a personal message will only be processed for the purpose of answering your enquiry. We are not responsible for the information and personal data you voluntarily share on our official accounts without being explicitly asked to do so.
The Studio takes steps to protect your personal information from accidental loss and unauthorized access, use, alteration or disclosure. Policies and procedures are in place to protect information from loss, misuse, and unauthorised disclosure. We also take additional information security measures, including access control, rigorous physical security, and reliable practices for collecting, storing and processing information.
In addition, we implement technical measures such as encryption, pseudonymisation and anonymization of personal data collected.
When do we delete your personal information?
We store all the information we have collected about you and dispose of it within the statutory time limits, and if such time limits do no exist, within the time limits set by us (30 days for CCTV), and after the final settlement of all our financial relations. We do not keep your data indefinitely.
Transfer between countries
The transfer, storage and processing of personal data is secured by modern technical means. The Studio will not transfer your data outside the EEA without complying with legal requirements, and will take appropriate safeguards to keep your information confidential.
Accounting and commercial information, as well as all other information and documents relevant for taxation and compulsory social insurances contributions, is kept by the Studio for the following periods:
• payroll information: 50 years;
• accounting records and financial statements: 10 years;
• tax and social insurance documents for auditing purposes: 5 years after the expiration of the limitation period for paying the state liability to which they are related;
• all other data storage media: 5 years, unless the law provides for a shorter period;
• CCTV recordings: 30 days;
When the storage period expires, data storage media (paper or electronic) that do not have to be submitted to the National Archive may be destroyed.
Upon expiration of the storage period, the data will be destroyed as soon as possible, with paper media destroyed by shredding and electronic media destroyed by deleting and erasing the respective files from the Company computers and systems.
Changes to this Personal Data Protection Policy
This Personal Data Protection Policy may be amended from time to time. Such changes will take effect immediately upon their announcement. The regular browsing of this website guarantees that you will always be aware of what information we collect, how and for what purposes the Studio uses it and the circumstances (if any) in which we will share it with other parties.
This Personal Data Protection Policy was approved by the Director on 20/05/2020 and last updated on 20/05/2020.