Security and proper use of personal data is of utmost importance to us. Our personal data policy does not regulate rights and obligations but serves to explain the users what data we use in order to provide our goods and services, why and how do we process it and when is it necessary to disclose it to third parties. The policy also serves to inform about the rights that users have concerning the processing of personal data done by Milano Group Ltd.
To make this document clear and user friendly, we use illustrative examples throughout. These examples are not a part of the Personal Data Policy and are not exhaustive.
Basic principles in personal data processing
We process personal data in a lawful, well-meaning and transparent manner. The personal data is processed for concrete, explicitly stated and legitimate purposes and is NOT processed for any other reasons. The processed data is appropriate, associated with and limited to what is necessary according to our purposes (“reducing data to the minimum”);
The processed data can be kept up to date by taking all necessary means to guarantee timely deletion or correction of inaccurate personal data considering our purposes (“accuracy”);
The processed data is kept in a state that allows identifying the subject for a period no longer than the necessary (“limited storage”);
The processed data is kept in a state that guarantees a necessary level of security, including protection from unauthorized or illegal processing and from accidental loss, destruction or damage by taking suitable technical and organizational measures (“integrity and confidentiality”).
Personal data administrator
The personal data Administrator is Milano Group Ltd., BULSTAT Unified Identification Code (UIC) BG130160944, with headquarters and registered office address Bulgaria, Sofia, district Triaditza, bul. Vitosha 24. If you have questions concerning privacy or security and want to contact our employees, you can do it via this e-mail address: email@example.com.
This personal data policy can be altered according to the national and the European legislation. All changes take effect the moment they’re published on this page. We advise you to check our website regularly so that you can see the latest changes. The changes can not be made if they imply weaker security of personal data without your agreement.
What types of data do we process
We collect personal data so that we can improve our goods and services. Here are the types of information that we need:
Information you provide: we receive and keep all information you provide that has to do with Milano Group’s services. For example: information concerning searches you conducted, your client profile, e-mail, phone number, address, inquiries, applications for access to personal information, etc.
We may also use device identifiers, cookies, and other technologies on devices, applications, and web pages to collect information about browsing, use, or other technical information for fraud prevention purposes.
Information from other sources: We may receive information about you from other sources, such as: delivery information of goods purchased through the site, information on the number of page views.
On what basis do we collect and process your personal data
Objectives for personal data processing
We process your personal data in order to provide and improve the goods and services on the site. These objectives include:
Purchase and delivery of products and services. We use your personal data to accept and handle orders, deliver products and services, make payments and communicate with you about orders, products, services and promotional offers.
Provide, troubleshoot and improve the services of Milano Group Ltd. We use your personal data to provide functionality, analyze performance, correct errors and improve website usability and efficiency.
Recommendations and personalization. We use your personal information to recommend features, products and services that may be of interest to you, identify your preferences and customize your experience on the site.
Fulfillment of statutory obligations. In some cases, we have a legal obligation to collect and process your personal information. For example, we process personal data in order to fulfill the obligations arising from accounting and tax law. Also, when a consumer purchases a product from Milano Group Ltd. under consumer protection law, Milano Group Ltd. is obliged to provide a guarantee for the product if, at the time of its delivery, it is defective, which manifests itself within two years after making it available to the user. In order to fulfill this obligation, Milano Group Ltd. should process the basic data of the consumer (by which the right to claim is established), as well as the data for the respective contract (by which it is established whether the commodity is under warranty).
Communicating with you. We use your personal information to communicate with you regarding the goods and services we provide through various channels (e.g., by phone, email, chat). Fraud and Credit Risk Prevention. We process personal information to prevent and detect fraud and abuse and to protect the security of our customers.
Objectives for which we seek your consent. We may also request your consent to process your personal data for the specific purpose that we communicate to you. When you agree to process your personal data for a specific purpose, you may withdraw your consent at any time and we will stop processing your data for that purpose. However, if the processing is necessary for other lawful purpose, we can continue to process the data.
Categories of individuals to whom we disclose the user's personal data
Examples of personal data processors are:
Milano Group Ltd may share personal information of its clients with banks and payment institutions. For the purpose of servicing the consumers' payments, whether by bank transfer or through a payment institution, it is necessary to exchange data between Milano Group Ltd. and the respective bank or payment institution. Third parties that have to do with the transformation (e.g. merger or acquisition) or the transfer of an enterprise. In the case of conversion of Milano Group Ltd., as well as in the case of transfer of assets in accordance with the applicable legislation, it is possible that the personal data of the users, administered by Milano Group Ltd., may be provided to a third party successor. Authorities. The legislation of the Republic of Bulgaria requires Milano Group Ltd. to store certain personal data for the users for a fixed period. In the presence of statutory prerequisites, such personal data processed by Milano Group Ltd. should be made available to the competent authorities.
What methods do we use to protect your personal data?
We work diligently to protect the security of your information when transferring it, using a Secure Sockets Layer (SSL) certificate that encrypts the information you enter. In addition, we maintain physical, electronic, and procedural safeguards regarding the collection, storage and disclosure of your personal information. Our security procedures mean that we may sometimes ask for proof of identity before disclosing your personal information. Devices that store your personal data offer security features to help protect them against unauthorized access and data loss. It's important to protect yourself against unauthorized access to your password and to your computers and devices. Be sure to sign out when you're done using a shared computer.
How long do we store your personal data
General information on the rights of individuals
Milano Group Ltd takes action at the request of an individual to exercise a right under this section only if able to identify the person concerned. Only individuals who can be identified by Milano Group Ltd have the opportunity to exercise their rights under this section. If the purposes for which Milano Group Ltd. processes personal data do not require or no longer require the identification of an individual, Milano Group Ltd. has no obligation to maintain, obtain or process additional information in order to identify the person for the sole purpose of taking action at the request of that person. Milano Group Ltd. notifies individuals of the actions taken within one month of receiving a request under this section, in some cases this period may be extended by another two months. Milano Group Ltd. shall provide individuals with information on actions taken in connection with their claims for the exercise of rights under this section without undue delay and in any event within one month of receipt of the request. If necessary, this period may be extended by another two months, taking into account the complexity and number of requests. Milano Group Ltd. shall inform the person concerned of any such extension within one month of receipt of the request, indicating the reasons for the delay. In case of refusal to fulfill the request, Milano Group Ltd. informs the respective individuals about their rights. If Milano Group Ltd. does not take action at the request of an individual, Milano Group Ltd. shall notify them (without delay and within one month after receiving the request) for the reasons for not taking action, as well as for the possibility of filing Appeal to the Commission for Personal Data Protection and Legal Prosecution. In certain cases Milano Group Ltd. may request additional information to verify the identity of individuals. In the event that Milano Group Ltd. has reasonable concerns about the identity of the individual who requests this section, Milano Group Ltd. may request the provision of additional information necessary to confirm the identity of the individual.The actions taken by Milano Group Ltd. for and in connection with claims for the exercise of rights under this section are completely free of charge to the persons, unless their claims are manifestly unfounded or excessive. When the case is such (for example, because of its repetitive nature), Milano Group Ltd. has the right, at its sole discretion: (a) to refuse to comply with the request; or (b) request payment of a reasonable fee, determined on the basis of the administrative costs necessary to provide the requested information or to take the requested action.
Users have the right to access personal data concerning them
Consumers have the right to receive information from Milano Group Ltd. whether personal data related to them is being processed. If so, users have the right to access the relevant data.Correcting inaccurate or out of date personal dataIf the personal data processed by Milano Group Ltd. is inaccurate or out of date, users have the right to request that Milano Group Ltd. corrects them.
Deletiton of personal information ("Right to be forgotten")
Users have the right to request from Milano Group Ltd. to delete their personal data in the following cases:
Restrict the processing of my personal data
As of May 25, 2018, users have the right to request from Milano Group Ltd. to restrict the processing of related personal data in the following cases:
Portability of my personal data
As of May 25, 2018, users have the right to receive from Milano Group Ltd. the personal data provided by them in a structured, widely used and machine-readable format, as well as to transfer this data to another administrator without hindrance from Milano Group Ltd. insofar as:
Users have the right to request Milano Group Ltd to transfer their personal data directly to another administrator, when technically feasible.
Objection to the processing of personal data
Consumers have the right, at any time and on grounds relating to their particular situation, to object to the processing of personal data concerning them when Milano Group Ltd. processes their data to protect their legitimate interests. In certain cases, this right is unconditional and Milano Group Ltd. will always suspend the processing of data in case of objection from the users. These are the cases in which Milano Group Ltd processes personal data for direct marketing purposes.
In all other cases, depending on the nature of the objection and the circumstances put forward by the relevant consumer, Milano Group Ltd. will carry out an internal review of the objection and rule on it in accordance with this section, by: (a) informing the consumer that it will suspend the processing of his / her personal data; or (b) reasonably refuses to suspend the processing of his / her personal data, if there are legal grounds for doing so.
You can exercise your right of access to your personal data, correct, delete, restrict their processing and portability here.
Right to complain to a supervisory authority
Consumers have the right to file complaints or alerts to the Commission for Personal Data Protection (CPDP) in the event that they believe Milano Group Ltd violates personal data protection legislation. Complaint instructions are published on the CPDP website https://www.cpdp.bg
After 25.05.2018, consumers may also file complaints with other supervisory authorities within the territory of the European Union as provided for in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (on the protection of individuals with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation), or hereinafter referred to as "GDPR".