(Personal Data Collection and Processing Policy of website https://bimini-store.com/)
This privacy policy aims to give you information on how the company, which owns the website https://bimini-store.com/ (hereinafter referred to as The Website) – S&T EOOD, UIC 104591719 (hereinafter referred to as BIMINI) treats (collects, processes, stores, shares, etc.) your personal data and how you could control your preferences and settings in relation to this treatment. Furthermore, this Privacy Policy is fully in line with the provisions of the General Data Protection Regulation (GDPR) 2016/679, currently in force within the European Economic Area (EEA). You can find the full text of the regulation at: https://gdpr-info.eu/.
The Website has been built fully based on the functionalities, available via the e-commerce platform WooCommerce(https://woocommerce.com/), which allows traders to create their own unique online store using the available models, codes and designs and combining them as they find appropriate. The relationships between BIMINI and WooCommerceare commercial and have been settled through a business agreement (General Terms and Conditions). Therefore, BIMINI and the Website, as well as all applicable rules in relation to the processing of the Website users’personal data, are closely bound to WooCommercerules, which also determines the circumstance that this Policy contains references and links to the policies, adopted and implemented by our partner WooCommerce, which we have in turn adopted and implemented in our operations.
Generally and above all, we should note that BIMINI collects and processes your personal data for the following purposes: (1) to fulfil our obligations as a seller of women’s fashion clothing and accessories; (2) to deliver the Website’s functionalities in the fullest and most efficient way possible; (3) to deliver information, products and services explicitly requested by our customers (for example, sending out newsletters, etc.); (4) to perform market analysis and statistical research for the purpose of internal marketing and statistical activities relating to BIMINI.
I. Section One – Registered website users data we collect
For clarity purposes, below you will find lists of the respective types of personal data BIMINI collects from the Website users, arranged based on the specific purposes and processes whose implementation requires the collection of personal data, namely:
- Personal data needed for user registration – data provided by the users when they register on the Website as indicated in the Website’s General Terms and Conditions, in particular: (1) first name and (2) family name of the user; (3) valid email address; and (4) individual password for each individual user. In addition and solely by their own discretion, upon completing their registration, Website users can also add to the data listed in their Website profile (5) their address.
- Personal data needed for shipping purchased items – (1) first name and (2) family name of the user; (3) valid email address; (4) telephone number to contact the user and (5) delivery address.
- Personal data relating to payments made by the user – BIMINI uses two payment systems to support online payments. In particular, these systems are maintained by the third entities listed below and the respective data, collected when these systems are used, is as follows:
- Stripe (https://stripe.com/en-bg) – this entity is a provider of online verification (confirmation) services relating to online payments. When collaborating with this provider, BIMINI receives access to the following banking and financial information about its Website users – (1) first name and (2) family name of the user;
- (3) type of bank card; (4) the last four digits of the bank card number; and (5) bank card validity data.
- Data collected through Cookies – for more information, please see Section 3 below – “Rules relating to the cookies used and data collected through cookies”‘
- IP address;
- User browser identifier;
- User device identifier;
- Information about the number of user Website visits;
- Search history by item categories offered on the Website and purchase history;
- Section 2 – Data collected about all Website visitors
- IP address;
- User browser identifier;
- User device identifier;
- Information about the number of user Website visits;
- Search history by item categories offered on the Website and purchase history;
- Information about the landing page used by users to reach the Website,
- Data collected through cookies – – for more information, please see Section 3 below – “Rules on the cookies used and data collected through cookies”‘
III. Section 3 –Rules on the cookies used and data collected through cookies (Cookie Policy)
Any and all cookies used on the Website are session (temporary) cookies, which have different validity as set by our partner WooCommerce.
Cookies are essentially small text files sent by the web server to the used browser and stored on your device so the Website can recognize them. There are two types of cookies – permanent and session (temporary) cookies. Permanent cookies are stored as a file on your computer or mobile device for a longer period of time. Session cookies are stored temporarily on your device, when you visit the Website, and are erased relatively soon after you close the Website. Most cookies don’t contain any sensitive information about you or any personal data that can identify you directly.
We use cookies mainly to monitor your behavior in the following aspects:
- Identifying the identifier of your device and the browser you use (so we know when you visit the website, i.e. to “recognize you”);
- The time you spend on the Website;
- Information about the number of user Website visits;
- Search history in item categories offered on the Website and purchase history;
- Information about the landing page used by users to reach the Website, etc.
Third-party cookies
We use some third-party cookies as part of our services. These cookies are managed by the respective websites and are not in our control. We can also use some authorized third parties to put cookies during your visits of our websites for the purposes of the services they provide to us. Below, you can find a list of the third-party services we use, some of which can be switched off via the general settings of your browser. For other cookies, you may need to visit the respective websites and follow the instructions given there.
- WooCommerce cookies (https://woocommerce.com/legal/cookies) – when a company uses the WooCommerceplatform to create their online store, which is the case with BIMINI and this Website, WooCommerce puts the following cookies on the Website:
- Cookies necessary for the functioning of the Website:
Cookie name | Cookie function |
_ab | Used in connection with access to admin. |
_orig_referrer | Used in connection with shopping cart. |
_secure_session_id | Used in connection with navigation through a storefront. |
Cart | Used in connection with shopping cart. |
cart_sig | Used in connection with checkout. |
cart_ts | Used in connection with checkout. |
checkout_token | Used in connection with checkout. |
Secret | Used in connection with checkout. |
Secure_customer_sig | Used in connection with customer login. |
storefront_digest | Used in connection with customer login. |
- Cookies used for reporting and analytics:
Cookie name | Cookie function |
_landing_page | Track landing pages. |
_orig_referrer | Track landing pages. |
_s | WooCommerceanalytics. |
_woocommerce_fs | WooCommerceanalytics. |
_woocommerce_s | WooCommerceanalytics. |
_woocommerce_sa_p | WooCommerceanalytics relating to marketing & referrals. |
_woocommerce_sa_t | WooCommerceanalytics relating to marketing & referrals. |
_woocommerce_uniq | WooCommerceanalytics. |
_woocommerce_visit | WooCommerceanalytics. |
_woocommerce_y | WooCommerceanalytics. |
_y | WooCommerceanalytics. |
tracked_start_checkout | WooCommerceanalytics relating to checkout. |
- Google Analytics cookies – Google Analytics is a leading tool used to collect information about user behavior, allowing website owners to establish the performances, visits and results of their websites. In general, Google Analytics cookies that the Website can serve are the following:
Cookie name | Cookie function |
_ga | Used to distinguish users. |
_gid | Used to distinguish users. |
_gat or _dc_gtm_<property-id> | Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named dc_gtm<property-id>. |
_dc_gtm_<property-id> | Used when data is deployed via Google Tag Manager, where <property-id> is a unique identifier of the Google Tag Manager profile, for example: _dc_gtm_UA-68436640-7 |
AMP_TOKEN | Used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service. |
_gac_<property-id> | Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out. |
Here are some sources where you can find detailed information about Google Analytics:
You can find detailed technical information here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage;
You can find the Privacy Policy and Terms and Conditions of Google, including Google Analytics, here: https://policies.google.com/technologies/partner-sites?hl=bg;
If you would like to ban Google Analytics from tracing your behavior, you can use the following tool provided by the provider: https://tools.google.com/dlpage/gaoptout.
- Facebook cookies – The social network provides a series of additional services related to the following purposes: measuring the activities of our Website visitors; choosing, delivery and measurement of network content serving; user personalization based on their behavior, including for advertising goals, etc. Facebook has not provided any detailed information about the cookies they use. You can find more information here: https://www.facebook.com/policies/cookies/. You can find Facebook’s Privacy Policy here: https://www.facebook.com/about/basics.
IV. Section 4 – Who do we share your personal data with
Sometimes we share your personal data with third parties. This is aimed at providing you with the best possible experience when using our Website, and sometimes – to secure and make available our service in general.
BIMINI does not grant usage rights, and does not sell, reveal or share your information (personal data under GDPR) with other entities or non-related companies, unless this is necessary to provide you with the services you requested and you have given your permission, or in any of the following hypotheses:
- Information is provided to our trusted partners working on assignments made by BIMINI based on contractual relationships and under confidentiality agreements. This third-party entities include, but are not limited to:
- WooCommerce(agreement) – we provide them with the following user data: first name, family name, email address, delivery address, and contact phone number. Thus, the provided information is used to administer the orders, prevent fraud (including personal data fraud), for authentication of registered users who have forgotten their individual passwords or user names, and to improve the services offered by the Website and the WooCommerceplatform. For more information about the privacy rules applied by WooCommercethat BIMINI conforms to, please visit: https://woocommerce.com/legal/privacy.
- Stripe (https://stripe.com/en-bg) – this third entity is a provider of online verification (confirmation) services relating to online payments. When collaborating with this provider, BIMINI receives access to the following banking and financial information about its Website users – (1) first name and (2) family name of the user; (3) type of bank card; (4) the last four digits of the bank card number; and (5) bank card validity data.
- Shipping companies (agreements) – for the purpose of shipping the items, ordered via the websites, and to return these items to BIMINI (in line with all the terms and conditions described in the Website’s Terms and Conditions):
- https://www.speedy.bg/en/
- Sofia London Moscow Ltd. (agreement) – a company providing the Website’s IT support and maintenance. The company has access to WooCommerceand respectively the client information stored there.
- Google Analytics – to see the reasons for using Google Analytics, please see Section 3: Cookie Policy (https://privacy.google.com/#, https://policies.google.com/technologies/partner-sites?hl=bg)
- Facebook Tracking Pixel (https://www.facebook.com/privacy/explanation)
- Information needed to fulfil our legal obligations based on legitimate requests coming from authorized government authorities, including but not limited to judicial authorities; investigative authorities; tax authorities, etc. (under the Law on Electronic Communications, The Criminal Code, the Law on the Ministry of Interior, the Law on the Judiciary, etc.)
If you do not wish us to send the information to some of our partners, you can withdraw your consent by contacting us in any of the ways indicated at the bottom of this Policy.
V. Section 5 – Personal Data Protection
BIMINI shall maintain appropriate technical and organizational measures to guarantee the security of all Website user data in line with all mandatory requirements of the applicable EU and Bulgarian law.
All your personal data we receive is processed in Ireland by the e-commerce platform WooCommerce and is stored on WooCommerce servers physically based in the US/Canada.
We limit any access to your information by employees or third-party vendors, working on assignments and under the control of BIMINI, where the main support of the Website is provided by our partner Sofia Moscow London Ltd.
This Website uses HTTPS-encrypted connection and WooCommerce certificates.
VI. Section 6 – Data transfer outside EEA
BIMINI does not perform direct user personal data transfer to countries outside the EU and the EEA.
Some of our partners may transfer data outside the EEA, when a decision has been made in terms of the adequate level of protection, for example – in the case of the EU-US Privacy Shield. For more information, please see our partners’ privacy policies.
VII. Section 7 – How long we store your personal data
Data storage continues for as long as we have a reason to store the data. For example – a user has agreed for us to collect and process their information or has a profile on the Website.
Generally, the period after which we will delete the data used to purchase an item via the Website, including to return this item, is six months after the last activity in relation to the particular case.
For the purposes of measuring user behaviour on the Website, we store personal data based on the period of validity of the respective cookie recording.
VIII. Section 8 – Data subject rights under GDPR
- Right of access to your personal data – you have the right to receive confirmation from us as to whether we process your personal data and, if this is the case, you have the right to access your personal data and information.
- Right of rectification of personal data: if you discover that the personal data we process on you is incorrect, you have the right to make us correct this personal data.
- Right of erasure of personal data (the right to be forgotten): under certain circumstances, if your personal data is processed illegally or you have withdrawn your consent (if the personal data processing is based on consent), you have the right to request and receive erasure of your personal data by us.
- Right to restrict processing: under certain circumstances, for example if you doubt the accuracy of your personal data or have objected our legitimate goal for processing your personal data, you have the right to request us to restrict the processing of your personal data until a solution is found.
- The right to object: under certain circumstances, for example if you doubt our legitimate interest in processing your personal data, you have the right to object such processing based on reasons related to your particular situation.
- Right to data portability: if your personal data is processed automatically based on your consent or for the purpose of performing our contractual obligations, you have the right to request us to provide you with your personal data in a machine-readable format to transfer them to another data controller.
- Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint in terms of the processing of your personal data by us with the respective competent supervisory authority under the legislation of the Republic of Bulgaria and under Chapter VI of the GDPR or any other applicable EU regulation or international agreement. The competent supervisory authority in the Republic of Bulgaria is the Personal Data Protection Commission.
IX. Section 9 – Miscellaneous
This Privacy Policy is an integral part of the General Terms and Conditions in force for the services, available on the Website. It should be interpreted in relation to them in terms of purchasing products from the Website.
In the event of any disputes between a user and BIMINI, these disputes shall be settled in the spirit of mutual understanding and compromise. If impossible, the competent authority to resolve any possible disputes shall be the Bulgarian court, applying Bulgarian and EU legislation applicable as of the moment of resolving the problem.
BIMINI reserves the right to make changes to this Privacy Policy at any given moment by publishing the changed terms and conditions on the Website. In this case, you will be asked to accept the changed Privacy Policy once again.
Contacts:
Personal Data Controller: S&T EOOD, UIC104591719, having its registered office and principal place of business in: having its registered office and principal place of business in: Republic of Bulgaria, city of Veliko Tarnovo 5000, Kartala region, 87 Alexander Burmov St., contact address: Republic of Bulgaria, city of Veliko Tarnovo 5000, 100 Nikola Gabrovski St., building S&T, email address: hello@bimini.com, contact phone number: +359889008291, contact person: Mrs. Pamela Tananeeva
Data Protection Officer: Pamela Tananeeva; email address: hello@bimini-store.com
(Please not that any data subject access requests under Regulation (EU) 2016/679 sent by mail or courier require additional identification by presenting an ID document by the data subject or by sending the request by email, where this request shall be e-signed by the subject data. Data access requests can also be sent by a legalized proxy of the subject data, where in this case, the proxy should provide a duly notarized power of attorney).