This PRIVACY POLICY is an integral part of the GENERAL TERMS AND CONDITIONS OF USE of the website www.cocosolis.com/au (the Website), administered by PURMERUL OOD (the Company).
When carrying out our activities we act in the capacity of a personal data controller and we perform activities on the collecting, processing and keeping personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation or GDPR) and the applicable national and European legislation.
In this section, we explain the method in which we collect and process personal data of data subjects in their capacity as end-users. The ways to contact us, should you need this, are also described.
In order to use the services on this Website including to get access to the platform for online orders of goods and the related services, our information system needs certain information about you through which you can be identified directly or indirectly.
1.The information which the User provides voluntarily:
a) In the cases where this is needed for a certain service on the Website, we can request that you provide us with the following personal data:
1) full name
2) valid e-mail address
3) telephone number
4) physical address of delivery
4) possible preferences or comments
5) additional data (user content and/or query);
b) it is possible that the indicated categories of personal data be requested also for an eventual query to us in relation to exercising your rights as described below.
2.The information which the Website collects from the User
In order to perform certain functionalities of our Website and the Services which you have access to through it, our information system collects information from your electronic device when carrying out standard activities for the normal function of WEB operations. Thus the following additional categories of personal data can also be collected, namely:
1) IP address
2) used browser
3) language preference settings
4) type of device used to open the Website
5) information on the operating system of your device
6) data on user behaviour and user characteristics.
We collect information on the source from which you have accessed the Website. In any case, we do not collect your publicly accessible information, including if the redirection to our Website comes from a social network.
When you visit the Website, our social networks profiles and/or when you use the functionalities and services available on the Website, including to create a user profile and to shop, certain personal data of yours can be collected and processed by installing small text files on your device, the so-called Cookies.
Your data can be used by us for traffic analysis, advertisement purposes, market research and profiling of user groups, system reports on the Website functioning and for recovering consumption information, to improve the functionality of the Website and its analysis, including, but without limiting to:
1) actions intended at creating and administering user profiles
2) actions intended at identifying and establishing the age stipulated by law for online shopping
3) direct marketing of products and services
4) evaluation of the advertisement efficiency
5) managing and administering activities for online shopping
6) analysis of the purchases history, preferences and behaviour
7) preventing fraud in relation to payments
8) managing queries.
Cookies can be created, accessed, read and manipulated by third parties (our advertisement partners, social networks, analysis partners). For more information on the conditions according to which these third parties use cookies as well as on the data which they collect, for what period, with what purposes do they collect it and how can you prevent or confirm that you can visit their relevant cookies policies.
You can learn more on the Cookies we use and on the General Terms and Conditions of Use of the Website in our General Terms and Conditions of Use of the Website and Cookies Policy.
3.Personal data of children. How do we treat this data?
The Services on the Website are not intended for persons under the age of 18 years. The Company does not aim or wish to collect personal data of children in relation to the Services provided through the Website.
If, however, the Company receives information on a minor person in relation to the Website Services, we will not process it and will erase it, except if we are obliged to process this data in another method, specifically established by a legal norm.
When carrying our activity we apply the following main principles:
1) the data is processed in a legally compliant way, in good faith and in full transparency;
2) the data is collected only for express, specifically indicated and legitimate purposes;
3) the processed data is limited to the necessary minimum in relation to the set goals;
4) the data is maintained up to date and not for a longer period than needed;
5) the processing is carried out in a way which guarantees an appropriate level of security, protection against unauthorized or illegal processing, loss, destruction or damage;
6) the access of third persons to the data is provided only for the purposes which are essential for performing the requested service;
7) maximum cooperation is provided for exercising the data subject rights.
In relation to the purposes indicated below, the Website collects information from its visitors, including end-users in their capacity as data subjects.
The personal information which is processed through the Website can be collected in the following ways, jointly and separately:
We use the information described above for different purposes based on the relevant legal bases, namely:
Category | Purpose | Legal basis under GDPR | Way of collecting | Period of keeping |
1. IP address 2. Used browser 3. Language settings 4. Used device 5. Operating system 6. User information | for the purposes of providing the full functionality of the Website | art. 6, par. 1 b) - for the performance of a contract (service provision - using a website) | for the purposes of using the Company Website | up to 36 months* *after the end of a session in the Website |
1. Name and surname 2. E-mail address 3. Telephone number 4. Delivery address 5. Other information on the order | for the purposes of execution of contractual obligations - concluding contracts for sales and delivery of the purchased products | art. 6, par. 1 b) - the processing is necessary for the performance of a contract (sales of goods) | for the purposes of using the Website Service for online purchases; when processing orders and the activities related to them | up to 24 months, with the exception of the data, processed and kept for accounting and tax purposes with regards to which the established legal terms are being applied |
1. Name and surname 2. E-mail address 3. Telephone number (not mandatory) | for the purposes of establishing contact | art. 6, par. 1 a) - provided consent to the processing of the data | for the purposes of using the contact form on the Company Website | up to the moment the consent is removed or the processing is no longer necessary |
1. Name and surname 2. Email address 3. Phone number for sending messages by SMS, Viber or WhatsApp | for establishing contact to send notifications for the selected products in the basket to fulfill contractual commitments | Art. 6, para. 1 b) - the processing is necessary for the performance of a contract (purchase and sale of goods) | when using the service of the site for online purchases; when processing orders and related activities | until refusal to receive notifications. At any time, the customer may change his mind by sending opt out message and requesting stop of the messages. |
1. Name and surname 2. E-mail address 3. Telephone number (if needed) 4. Address (in case of any exchange, the return of amounts and goods) 5. Bank account (in case of return of amounts) | for the purposes of making contact in relation to queries, complaints, appeals, objections, exchange requests, requests for returning amounts and goods | art. 6, par. 1 c) - for compliance with a legal obligation according to the consumer legislation | for the purposes of communication and/or correspondence with a Company representative | up to 24 months, with the exception of the data, processed and kept for accounting and tax purposes with regards to which the established legal terms are being applied |
1. Name and surname 2. E-mail address 3. Telephone number 4. Address 5. Data on the type and value of made purchases 6. Other data relevant to the legal relations with the user in question | observing legitimate interests, including for legal disputes, exercising or protecting legal claims, collecting receivables | art. 6, par. 1 c) - for compliance with a legal obligation art. 6, par. 1 f) - for the purposes of legitimate interests | for the purposes of processing data in relation to legal disputes, including when collecting overdue receivables through collection agencies and other agents | up to 12 months from the finalization of the legal dispute and settling of the related financial relations between the parties, with the exception of the data processed and kept for accounting and tax purposes with regards of which the legally established terms are applied |
1. User name | for the purposes of creating a user profile on the Website | art. 6, par. 1 b) - for the performance of a contract (service provision - using a website) | for the purposes of creating a user profile | up to the deactivation of the user profile |
1. E-mail address | for the purposes of subscribing to newsletters and notifications for news and promotions | art. 6, par. 1 a) - provided prior consent to the processing of the data | for the purposes of requesting a subscription | up to the moment the consent is removed or the processing is no longer necessary |
1. Name and surname or a username 2. Pictures (optional) 3. Other content | for the purposes of publishing feedback on the satisfaction of the provided goods and services | art. 6, par. 1 a) - provided consent to the processing of the data | for the purposes of sending or publishing feedback | up to the moment the consent is removed or the processing is no longer necessary |
1. Name and surname or a username 2. E-mail address 3. Phone number for sending messages via SMS, Viber or WhatsApp 4. Other content 5. Other data collected through marketing cookies | for the purposes of sending commercial marketing messages, direct marketing of products and services as well as researches | art. 6, par. 1 a) – provided prior consent to the processing of the data | for the purposes of giving the data subject consent to be the recipient of commercial messages and other forms of direct marketing | until the withdrawal of consent or elimination of the need for processing. At any time, the customer may change his mind by sending opt out message and requesting stop of the messages. |
1. Personal data and data on the user behaviour collected through cookies | for the purposes of traffic analysis, advertisement, system reports on the functioning of the Website and for recovering consumption information, improving the functionality of the Website and its analysis, preventing fraud in relation to payments, evaluating the efficiency of the advertisement, establishing the age stipulated by law for online shopping | art. 6, par. 1 a) - provided consent to the processing of the data; art. 6, par. 1 b) - for the performance of a contract (service provision - using a website) | for the purposes of visiting the Website | up to the moment, the consent is removed or the processing is no longer necessary; according to the individual features and terms for keeping the used cookies |
1. E-mail address | for the purposes of sharing information on changes in policies, rules and general terms and conditions and sending system notifications and messages related to the use of the Website | art. 6, par. 1 b) - for the performance of a contract (service provision - using a website) | for the purposes of using the Company Website | up to the deactivation of the user profile |
1. Name and surname/username 2. E-mail address 3. User content | For the purposes of organizing surveys, giveaways, events and promotional campaigns | art. 6, par. 1 a) - provided consent to the processing of the data | for the purposes of announcing participation in an organized event, survey, giveaway, campaign | up to 24 months |
1. Personal and system data necessary to make the transaction | payment management, including anti-fraud control in case of payment with credit/debit cards | art. 6, par. 1 b) - for the performance of a contract | for the purposes of purchasing a product and making the due payment | the data is only transferred to the financial institutions for making the transactions and is not kept with the controller |
1. Name and surname 2. Telephone number and/or e-mail address 3. The physical address for correspondence | official, legal and/or system warnings, legal purposes. | art. 6, par. 1 c) - for compliance with a legal obligation applicable to the personal data controller | for the purposes of exercising guaranteed rights of the data subjects | up to 60 months |
Data on user behaviour and user characteristics | Conducting market surveys to determine commercial policies, market strategies and setting prices by user groups profiling | art. 6, par. 1 f) - for the purposes of the legitimate interests | for the purposes of using the Company Website | until the market surveys are complete |
In our activities, we comply with the principle of limiting purposes when collecting and processing personal data. When the achievement of the set goals does not necessarily include processing of certain of your personal data, we will not do it. In certain cases, however, collecting your personal data is absolutely necessary for providing the service you requested (i.e. for purchase and delivery of a product, return and exchange, recovering paid amounts, issuing tax invoices etc.) or for performing our legal obligations. Any refusal to provide such data can make the provision of the requested service impossible.
In accordance with the European legislation, we maintain adequate, necessary and proportional technical and organizational measures to protect the data of the users, including to prevent unauthorized access and/or incorrect use.
The protection of your personal data and information security are among our main priorities. We introduce and apply adequate technical and organizational measures to guarantee the security of your personal data. Each work process is carried out while guaranteeing the security, reliability, privacy and availability of information. Our employees are familiar with the valid legislation and the external policies related to the protection and processing of personal data and observe the highest standards of ethics and privacy.
The Company uses business systems, procedures and information technologies which help protect adequately your personal data and provide its safety.
Only authorized personnel (including but without limiting to media, business development, web marketing, purchases, customer service departments) has access to the personal data in our information systems in accordance with the professional functions and tasks assigned.
When we keep the information, it is physically stored on servers, situated in data storage centers on the territory of Europe, with limited technical and physical access only by qualified and trained staff and while complying with the best practices on data protection.
In certain situations if the relevant legal bases are present, we can share your personal information with third persons in the following cases:
Share subject | Description | Basis according to GDPR |
Contractors - financial institutions, couriers, insurers, accountants, lawyers, information security consultants, marketing agencies and others | 1. If necessary for the performance of legal or contractual obligations 2. Cooperation for the purposes of managing work processes 3. Observing legitimate interests | Art. 6, par. 1, i. “b”, “c” and “f” |
Public authorities - tax administration, supervisory and controlling authorities, local authorities and others | For the purposes of performing legal obligations | Art. 6, par. 1, i. “c” |
Google Analytics, Google Tag Manager, AdSense, Facebook, Klaviyo, Yotpo, Instagram, SalesRay ERP, Twilio and other partners that provide the relevant technical communication platform | Optimization and management of commercial and marketing processes | Art. 6, par. 1, i. “a” and “f” |
Judicial authorities, courts of arbitration, lawyers, notaries, state and private bailiffs, mediators, collection agencies and other intermediaries dealing with collecting receivables | For the purposes of pursuing legitimate interests including when exercising or protecting legal claims, collecting receivables, submission/response to complaints, signals, claims and other to the competent state and judicial authorities | Art. 6, par. 1, i. “c” and “f” |
Specific authority - administrative, judicial and/or executive | 1. In case it is necessary and mandatory to disclose a trade secret; 2. In relation to the settlement of legal disputes in front of a competent court and/or arbitration; 3. Sharing information with law enforcing authorities and financial institutions when this is imposed by law or is absolutely necessary in order to prevent, detect or persecute criminal activities or fraud. | Art. 6, par. 1, i. “c” |
Accounting and control | For the purposes of performing obligations under an accounting act or established international accounting standards. | Art. 6, par. 1, i. “c” |
Below we present the rights of each end-user in their capacity as a data subject as guaranteed by the European legislation on personal data protection:
Type of right | Description |
Right of information | When providing their personal data or before it is collected by the controller for processing, the User shall have the right to be informed on the following main circumstances: 1. The identity of the controller; 2. The purposes of the processing; 3. The legal basis and/or legitimate interests; 4. The recipient of the personal data; 5. The period for which the personal data will be stored; 6. The rights of the users; 7. The existence of automated decision-making, including profiling. |
Right of access | The User shall have the right of access to their personal data processed by the controller. This includes the data from “Right of Information” as well as the personal data source and the categories of data which are processed. When the personal data is not collected directly from the User, the latter should also receive information about the way of collecting, the type of processing and the applicable legal basis. |
Right to rectification | The User shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning the user who is data subject. |
Right to erasure | The User shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay. |
‘Right to be forgotten’ | Where the controller has made the personal data public and is obliged to erase the personal data, the controller shall take reasonable steps to inform controllers which are processing the personal data that the data subject has requested the erasure by such controllers of any links to, or copy or replication of, those personal data. |
Right to restriction of personal data processing | The User shall have the right to request from the controller restriction of processing where one of the following hypotheses applies: 1. the accuracy of the personal data is contested by the user; 2. the processing is unlawful and the User opposes the erasure of the personal data; 3. the controller no longer needs the personal data for the purposes of the processing, but they are required by the user for the exercise or defence of legal claims; 4. the User has objected to processing pending the verification of the controller. Within the period of restriction of processing, the data can still be kept by the controller. |
Right to data portability | The user shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, where: 1. the processing is carried out by automated means, and 2. the processing is based on consent or on a contractual obligation. This right shall also include the obligation of the controller to transmit the personal data indicated by the User to another controller. |
Right to object the personal data processing | The User shall have the right to object to the processing of their personal information which is provided to the controller in relation to the performance of tasks of public interest when it is needed for the purposes of the controller`s legitimate interests when a profiling or direct marketing are being carried out. When exercising that right the personal data of the user can be erased from the devices of the controller. |
Right not to be subject of processing including profiling | The User shall have the right not to be subject of a decision based only on processing by automated means, including profiling. |
Right to lodge a complaint | The User shall have the right to lodge a complaint to the supervisory authority on personal data protection if he or she considers that the processing of personal data which concern him or her, violates the dispositions of the General Data Protection Regulation or the relevant applicable legal act. The data subject can exercise this right in his or her usual country of residence, workplace or place of the alleged infringement. |
If you want to learn more on the rights provided to you, on the way to exercise them and the relevant procedures, you can visit the information website of European Data Protection Supervisor or of the supervisory authority.
The User can always and at any time exercise his or her rights. In order for us to be of maximum assistance in this process, it is necessary that you send us a query by standard mail or by e-mail to [email protected]. With a view to avoiding any abuse, we shall preserve the right to request additional data to establish the identity of the person submitted the request and the data subject whom it concerns. We shall answer to submitted requests concerning personal data within a 2-months period and in case it is necessary to extend the indicated term, you shall be notified on the extension as well as on the reasons for the delay.
We can refuse processing requests which are repeated without justification or threaten the privacy of other personal data subjects. We shall provide you with a free copy of the personal data which is being processed while preserving the right to impose a proportional fee in case of repeated or excessive requests.
In relation to the personal data processing through the Website, the Company shall act in its capacity as a personal data controller and Website administrator.
Contact details of the data controller | |
Name | PURMERUL OOD |
Headquarters | Bulgaria, city of Plovdiv |
Managing address | Plovdiv 4002, Central region, 22 Lyuleburgaz str., fl. 4, ap. 9 |
Unified identification code | 201172065 |
Manager | Plamen Sergeev Stefanov |
E-mail address | [email protected] |
Contact telephone number | +359 2 862 11 64 |
Contact data of the supervisory authority in relation to personal data protection | |
Name | Commission for Personal Data Protection |
address | Bulgaria, Sofia 1592, 2 Professor Tsvetan Lazarov blvd. |
E-mail address | [email protected] |
Should you have any questions or comments concerning this personal data policy, you can send a query to us by mail or e-mail to the following e-mail address: [email protected] .
This PERSONAL DATA POLICY has been adopted and ratified by PURMERUL OOD.
The policy complies with the legislation applicable at the moment of ratification as well as with the common European and the national legal framework in the field of personal data protection. In the event of any changes in the legislation or in our purposes and practices for personal data processing, this policy shall be adapted respectively. Information on the changes made will be available on our website.
Last update 22/11/2021