PLEASE READ THIS PRIVACY POLICY CAREFULLY. IN CASE YOU DO NOT ACCEPT IT, PLEASE DO NOT CONTINUE TO BROWSE AND USE THE SITE. CONTINUED USE OF THE WEBSITE AND NAVIGATION IMPLIES YOUR ACCEPTANCE OF THE TERMS OF THIS PRIVACY POLICY.

APRIL 2023

Welcome to our company’s website. smartmanagement.es is the online store for sales and services (hereinafter the “online shop”) of the company with the name SMART MANAGEMENT MFA LLC (EOOD) and the distinctive title “Smart Management” with TIN (BG) 207310797, located 103 James Boucher Blvd., BG-1407, Lozenets, Sofia, Bulgaria, Registry Agency No. 207310797, contact address [email protected], telephone service line of the online store: (00359) 2439 07004 (hereinafter referred to as the “COMPANY”).

Privacy Policy

The protection of your personal data is important to us!
Please take some time to read this Privacy Policy and become familiar with the way in which COMPANY (hereinafter the “COMPANY” or “we” or “us”), acting as a Data Controller, collects, stores, uses and generally processes your personal data when you visit, register or use the Company’s websites (hereinafter the “Websites”) and any of its mobile applications (hereinafter the “Apps”) and when you interact with any of its physical stores. This Privacy Policy also describes how we use, share and protect your personal data, the choices you have regarding your personal data, and how you can contact us. If you have any questions regarding this Privacy Policy, but also for any issue related to the processing of your Data and the exercise of your rights, you may contact the Data Protection Officer of the Company in 103 James Boucher Blvd., BG-1407, Lozenets, Sofia, Bulgaria or at [email protected].

1. A few words about the Company’s Websites
www.smartmanagement.es is the Company’s website, where the Company’s online store for the exhibition and sale of its products and the smartmanagement.es platform are located, in which you can buy products. In addition, through the www.smartmanagement.es websites, you can access a range of services provided by the Company, such as information on technology issues and/or events and/or the sending of informative/advertising material (newsletter).

2. What is personal data?
The term “personal data” refers to information of natural persons, such as full name, postal address, e-mail address, contact telephone number, etc., which identifies or can identify you, hereinafter “Personal Data or Data”.

3. What is Processing of Personal Data?
Any operation or set of operations which is performed, whether or not by automated means, on personal data or on sets of personal data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, search, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4. Is the provision of your Data mandatory?
The provision of Data to the Company may be necessary to achieve the purposes specified in this Privacy Policy or may be optional. The mandatory or optional nature of the Data provision is indicated by an asterisk (*) next to the personal data of mandatory nature. If you do not consent to the provision of the data marked as mandatory on the company’s websites, it will be impossible to achieve the basic purpose of collecting the specific Data, and may, for example, make it impossible for the Company to fulfil the sales contract or provide the other services available on the Websites. The provision of additional Data to the Company, beyond those marked as mandatory, is optional and does not entail any consequences in relation to the main purposes of data collection. Data provision serves to optimise the quality of the services provided.

5. What Data do we collect?
We take care to collect only the necessary Data, which is appropriate and clear for the intended purpose. This Data includes the following:
Data for creating a user account on our Website or Apps
• Mandatory: e-mail address*, login password*
• Optional: full name, gender, date of birth, postal address, telephone number.

– Information collected from your transactions with us, either through any of our physical stores or through our online store.
For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you have made, products added to or removed from your shopping cart and your wish list, voucher redemptions, websites you visit and how and when you contact us.
– Shopping interests and preferences, which help us suggest specific products and services of interest to you.
For example, which products you show a preference for in order to receive a personalised offer from us. We will only request and use the Data collected to recommend products or services of interest to you and to further improve your shopping experience with us. Of course, it is always your choice whether to share such information with us.
– Traffic data of our website or other websites you have visited before. Information collected from the use of cookies in your browser.
Learn more about how we use cookies here.
– Copies of the documents you provide to prove your age or identity when required by law (such as a copy of your ID card or student ID card).
For example, these copies may include details of your full name, address, date of birth and image of your face (photograph). If you provide a passport, the data will also include your place of birth, gender and nationality.
– Payment information.
– Your comments and product reviews.
To provide the best possible website experience, we collect technical information about your internet connection and browser, as well as the country and phone code where your computer is located, the webpages that appear during your visit, the ads you click on and any search terms you enter. Learn more about this in our Cookies Policy.

Your social media username, if you interact with us through these channels to help us respond to your comments, questions, or feedback. Educational data, such as studies, skills, knowledge of foreign languages, professional experience (only if you are applying for a job).

CHILDREN
We comply with the law and do not allow children under the age of 16 to register on our Websites and any of our Apps. We will ask for parental consent for children participating in Company’s experiences and events.

6. How we use your data
We want to offer you the best possible customer experience. To do this, it is necessary to get a full picture of you by combining the Data we have collected. We then use your Data to offer you deals on products and services that are likely to be of interest to you.

Personal data protection legislation allows us to do the above in the context of our legitimate interest and need to understand our customers in order to provide a high level of service.

Of course, if you want to change the way we use your Data at any time, you will find details in sections 14 & 15 “What are your rights?” and “How can you exercise your rights?” below.

Remember that if you choose not to share the Data with us or deny certain communication rights, we may not be able to provide some of the services you have requested. For example, if you have asked us to inform you when a product is available again, we cannot assist you if you have withdrawn your general consent to receive updates from us.

Finally, we inform you that the processing of your Data is carried out either by the Company’s specifically authorized personnel, or through computer systems and electronic devices by the Company and exceptionally by third parties, who, having been contractually committed to confidentiality and protection of your Data, carry out tasks necessary to achieve the purposes strictly related to the use of our Websites and their services, and the sale of products through our Websites. You will find information on this in section 9 “Who are the recipients of your Data? How is your Data shared?” below.

You will find details of how we use your Data and why below:

Provision of information about the Websites, Apps and services you request

Product orders: The Company processes your Data in order to fulfil its contractual relationship, to process the order of products and/or services, to provide customer service, to comply with legal obligations, to oppose, raise or exercise legal claims. If we do not collect your Data when completing the order from our online store, we will not be able to process your order and comply with our legal obligations. It may be necessary to transfer your Data to third parties for the supply or delivery of the product or service you have ordered. In addition, we may retain your Data for a reasonable period in order to fulfil our contractual obligations, such as product returns, as required by relevant legislation.

Creation of a User Account: The Company processes your Data in order to provide you with account functions and to facilitate the purchase of products and/or services.

Contact: The Company uses your Data to respond to your requests/questions, refund requests and/or complaints. The information you share with us enables us to manage your requests and respond to you in the best possible way. We may also keep a record of your queries/requests to us in order to better respond to any future communication. We do this based on our contractual obligations to you, our legal obligations, and our legitimate interests to provide you with the best possible service and to be able to improve our services based on your personal experience. Sometimes, we will need to share your Data with a third party that provides a service (e.g., courier delivery or specialist technician and service department). Without sharing your personal data, we would not be able to meet your requests. The following information reveal how we share personal data with third parties.

Cooperation or Job Search: The Company processes your Data for the purpose of assessing your qualifications and skills for the position for which you have applied or for another position within the Company and for the purpose of contacting you in relation to this purpose. Your data is also processed to communicate information about our products, services and events, and for other promotional purposes.

Sending newsletter/offers: With your consent, we will use your personal data, preferences, and transaction details to inform you via e-mail, internet, telephone and/or social media about relevant products and services, including personalized offers, discounts, etc. Of course, you can withdraw this consent at any time.

Web push notifications: Depending on your browsing, you can receive, with your prior consent, notifications about our offers, news, your wish list, and your shopping cart. Of course, you can withdraw this consent at any time.

Participation in Contests: The Company processes your Data in case you agree to participate in contests that it may conduct, in order to notify you if you are the winner of the contest and to deliver your prize.

For the operation, improvement and maintenance of our business activity, products, and services.

Development and improvement of the systems and services for the products we provide you. We do this based on our legitimate business interests.

We want to make you offers and suggestions that are more relevant to your interests. To help us build a better and more general understanding of you as a customer, we combine your personal data collected throughout our relationship, for example your shopping history, both in our physical stores and in our online store. For this purpose, we also combine the Data we collect directly from you with Data we receive from third parties to whom you have given your consent to transfer this Data to us. For example, by combining this data, it will help us tailor your experience and decide what inspiration or content to share with you. We also use anonymous data from customer purchase history to identify trends in different regions of the country. This can then guide which products we display in specific stores.

To show you the most interesting content on our Websites or Apps, we will use the Data we keep about your favourite products. This is based on your consent to receive App notifications or – for our Websites – your consent to the placement of cookies on your device. For example, we may display a list of products you have recently looked at or offer you recommendations based on your shopping history and any other Data you have shared with us.

This is to send you research and evaluation requests so that we can improve our services. These messages will not include advertising content and will not require prior consent when sent by email or text message (SMS). We have a legitimate interest in doing so, as this helps our products or services to be more relevant to you. You are free to refuse to receive these requests from us at any time by updating your preferences in your online account.

For the protection of our rights, property or safety and the protection of ourselves or third parties

Protect your account from fraud and other illegal activities: This includes using your Data to maintain, update and protect your account. We also monitor your browsing activity with us to identify and quickly resolve any problems and protect the integrity of our website. All the above is part of our legitimate interest. For example, we check your password when you log in and use automated IP address tracking to detect possible false logins from unexpected locations.

Operation of CCTV systems in any physical store: In order to protect our customers, premises, assets and partners from crime, we operate CCTV systems at our company’s registered office or at any physical stores we may establish, that capture images for security. We do this based on our legitimate business interests. If we detect any criminal activity or alleged criminal activity using CCTV, fraud monitoring and suspicious transaction monitoring, we will process this Data for the purposes of preventing or detecting illegal acts. Our goal is to protect our customers, employees, and partners from criminal activity.

Processing payments and preventing fraudulent transactions: We do this based on our legitimate business interests. This also helps to protect our customers from fraud. We process your payments to comply with our obligations under the law and to comply with our contractual or legal obligations to share data with law enforcement. For example, following a judicial decision to share data with judicial authorities. We send you communications required by law or necessary to inform you of changes to the services we provide you. For example, updates to these privacy notices, product recall notices and legally required information about your orders. These service messages will not include advertising content and will not require prior consent when sent by email or text message (SMS). If we do not use your personal data for these purposes, we cannot comply with our legal obligations.

7. For what purpose do we process your Data?
We collect your Data for the purposes of the products and/or services provided by our Company and in particular for:
a) the management of the sale of our products or services, e.g. communication and information about the availability of products and the progress of your order, the execution of your order, the shipment of products, the management of your debts to the COMPANY, the realization of returns and the provision of guarantees;
b) the compliance with the obligations imposed by the applicable legislation e.g. tax legislation, e-commerce directive;
c) monitoring, improving and adapting to your preferences and choices regarding our products and/or services;
d) sending, by electronic or traditional means, administrative, technological, organizational and/or commercial information about the Company’s products and/or services;
e) surveying our customers’ satisfaction, promoting our products and/or services, sending newsletters about our products and/or services;
f) the evaluation of applications for cooperation or any CVs for the purpose of recruitment in our Company;

8. What is the lawful basis for the processing of your Data by the Company?
Data protection legislation sets out various reasons why a company may collect and process your personal data, including:

  • The terms of our contractual relationship
  • Your consent, where required. For example, when you choose to receive newsletters. When collecting your personal data, we will always tell you what data is necessary in relation to a particular service
  • The Company’s obligations arising from the law (e.g. tax legislation, e-commerce legislation, etc.)
  • The legitimate interest of our Company. In certain cases, we collect your Data in a way that is reasonably expected as part of the operation of our business and that does not substantially affect your rights, freedom or interests. For example, we will use your purchase history to send you or provide you personalised offers
  • We also combine the purchase history of multiple customers to identify trends and ensure that we can keep up with market demand or develop new products/services

9. Who are the recipients of your Data – How is your Data shared?
Access to your Data is available to the Company’s personnel, who are bound by confidentiality obligations, and to our affiliated companies or third-party service providers, who process your Data as Processors on our behalf and in accordance with our instructions.

Sharing of Data by the Company
The Company shares or may share your Data with:

  • Stores and/or commercial enterprises that cooperate with the Company for the supply and sale of their products/services through smartmanagement.es
  • Third party service providers that process personal data on behalf of the Company, for example (but not limited to) credit card and payment processing, transfers and deliveries, hosting, management and maintenance of our data, email distribution, research and analysis, management of brand and product promotions, Google, Facebook, as well as management of certain services and data. When we use third party service providers, we enter into agreements that require them to implement appropriate technical and organisational measures to protect your personal data..
  • Other third parties, to the extent that is necessary for the following purposes:
    1. Compliance with a government request, judicial decision or applicable law,
    2. Prevention of unlawful uses of our Websites and Apps or violations of our Websites and Apps Terms of Use and our policies,
    3. Our protection from third party claims, and
    4. Contribution to the prevention or investigation of fraud (e.g., counterfeiting)
  • To other third parties when you yourself have given your consent

Sharing by you
When you use certain social media elements on our Websites or Apps, you may create a public profile that includes information such as your username, profile picture and city. You can also share content with your friends or the public, including information about your interaction with the Company. We encourage you to use the tools we provide to manage sharing on the Company’s social media to control the information you make available through the Company’s social media elements.

Below is the policy we apply to those with whom we share your Data in accordance with the above:

  • We only provide the information they need to perform their specific services.
  • They can only use your Data for the precise purposes we specify in our contract with them.
  • We work closely with them to ensure that your privacy is respected and protected at all times.
  • If we stop using their services, any of the data they hold will be erased or made anonymous.
  • To improve your customer experience on our Websites and Apps, we use the following companies who will process your Personal Data as part of their contracts with us:
    • DHL

For more information on the disclosure of your Data to third parties, please contact our Data Protection Officer at [email protected].

10. How do we ensure that the Processors respect your Data?
The Processors processing on our behalf have agreed and contractually committed with the Company:

  • Τo maintain confidentiality,
  • Νot to send your Data to third parties without the Company’s permission,
  • Τo take appropriate security measures,
  • Τo comply with the legal framework for the protection of personal data and in particular with Regulation 979/2016/EU (otherwise GDPR).

11. International Data Transfer
The personal data we collect (or process) in the context of our Websites and Apps will be stored in Germany and Bulgaria datacenters. However, some of the recipients of the Data with whom the Company shares your Personal Data may be located in countries other than the one where the original collection of your Personal Data took place. The laws in those countries may not provide the same level of data protection as the country that originally provided your Personal Data. Therefore, when we transfer your Personal Data to recipients in other countries, including the United States, we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law.

We ensure measures to comply with applicable legal requirements for the transfer of personal data to recipients in countries outside the European Economic Area or Switzerland that do not ensure an adequate level of protection. We use various measures to ensure that your Personal Data transferred to these countries is adequately protected in accordance with data protection rules. These include signing the Contractual Clauses, certifying that the recipient has adopted European binding rules or complies with the EU-US and Swiss-US Privacy Shield.

12. How long do we retain your Data?
We retain your Personal Data for as long as necessary to fulfil the purposes set out in this Privacy Policy (unless a longer retention period is required by applicable law). Generally, this means that we will keep your personal data for as long as you have an account to our Company. With respect to your Personal Data related to product purchases, we retain this data for a longer period in order to comply with our legal obligations (such as tax and trade legislation and for guarantee-related purposes). At the end of this retention period, your data will be completely or anonymously deleted, for example by aggregation with other data, so that it can be used in an unidentifiable way for statistical analysis and business planning.

Some examples of customer data retention periods are the following:

  • Orders
  • When you place an order, we will retain the personal data you provide for five years so that we can comply with our legal and contractual obligations.
  • Guarantees
  • If your order included a guarantee, the relevant personal data will be kept until the end of the guarantee period.
  • Newsletter

Your declaration of consent for sending a newsletter is kept for as long as you receive a newsletter from the Company and not more than six months after its discontinuation of its dispatch.

13. Is your Data safe?
We are committed to safeguarding your Personal Data.
Recognizing the importance of the security of your Personal Data, we have taken all appropriate organizational and technical measures to ensure the security and protection of your Data from any form of accidental or unlawful processing. We use the most modern and advanced methods to ensure maximum safety.

The www.smartmanagement.es website uses the SSL Encryption SHA-256 protocol with RSA Encryption with 2,048 bits from Cloudflare, for secure online commercial transactions. This encrypts all the Data you provide, including your credit card number, name and address, so that it cannot be decrypted or altered during transmission over the Internet.

In addition, the details used to identify you as an account user are two: the Username and the Password. Each time you enter your details, you are given access to your personal account. This process is achieved safely through encryption during their transfer to the internet and the Company’s servers. In the same way, you are given the opportunity to change your password as often as you wish. After entering the desired code, the new code is encoded and stored in the Company’s systems. For this reason, the only person who knows your password is you and you are solely responsible for maintaining the secrecy of the password from third parties. The COMPANY bears no responsibility for any loss of your password or for choosing a weak password. For your protection the COMPANY encourages you to use the Multi Factor Authentication (MFA) feature.

These measures shall be reviewed and amended when necessary.

14. What are your rights?
You have the right to access your personal data. This means that you have the right to be informed by us if we process your Data. If we process your Data, you can request to be informed about the purpose of the processing, the type of your Data we hold, to whom we give them, how long we store them, whether automated decision making takes place, but also about your other rights, such as rectification, erasure of data, restriction of processing and submission of a complaint to the Personal Data Protection Authority.
You have the right to correct factually inaccurate personal data. If you find that there is an error in your Data, you can submit a request to us to correct it (e.g., correction of your name or change of address).
You have the right to erasure/right to be forgotten. You can ask us to erase your data if it is no longer necessary for the above-mentioned processing purposes or you wish to withdraw your consent where this is the only legitimate basis.
You have the right to portability of your Data. You may request to receive the Data you have provided in a readable form or request us to transfer it to another data controller.
You have the right to restrict processing. You can ask us to restrict the processing of your Data for as long as your objections to the processing are pending.
You have the right to object and withdraw consent to the processing of your Data. You may object to the processing of your Data, and we will stop processing your Data unless there are other compelling and legitimate reasons that prevail over your right. If you have given your consent to the collection, processing and use of your personal data, you can withdraw your consent at any time with future effect.
Choosing not to receive Marketing Communications. You can opt out of receiving marketing communications from the Company by modifying your options in your user account (my profile) on our Websites. You can also opt out of receiving marketing communications by changing your email and text-messaging subscriptions by clicking the unsubscribe link or following the instructions included in the message. Alternatively, you can contact us using the contact details in the “Questions and Comments” section below.

In case we rely on our legitimate interest.
In cases where we process your personal data based on our legitimate interest, you can ask us to stop for reasons related to your personal situation. We should then do so if we do not believe that we have a legitimate compelling reason to continue to process your Personal Data.

15. How can you exercise your rights?
To exercise your rights, you can submit a request to the Data Protection Officer at the Company’s postal address at 103 James Boucher Blvd., BG-1407, Lozenets, Sofia, Bulgaria or at the Company’s e-mail address [email protected] with the title “Exercise of Rights” and we will make sure to examine it and reply to you as soon as possible.
By way of exception:

  • If you wish to correct your Data in your user account, you can log in and make any correction/change without having to submit a request.
  • If you wish to withdraw your consent for sending a newsletter you can do so by selecting the link “To unsubscribe from the “newsletter mailing list” click here” located at the bottom of each newsletter.
  • If you do not wish to receive web push notifications from the Company you can disable the option from your browser settings.

Identity verification
To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy. If you have authorised a third party to make a request on your behalf, we will ask them to prove that they have your permission to act for this purpose.

16. When do we respond to your Requests?
We will respond to your Requests free of charge without delay, and in any case within one (1) month from the time we receive your request. However, if your Request is complex or there are a large number of Requests, we will inform you within the month if we need to obtain an extension of another (2) two months within which we will respond to you.
If your Requests are manifestly unfounded or excessive, in particular due to their repetitive nature, the Company may impose the payment of a reasonable fee, taking into account the administrative costs of providing the information or performing the requested action, or refuse to comply with the Request.

17. What is the applicable law during the processing of your Data by us?
The applicable law is Bulgarian law, as formulated in accordance with the General Data Protection Regulation 2016/679/EU, and in general the applicable national and European legislative and regulatory framework for the protection of personal data.
The competent courts for any disputes arising in relation to your Data are the District Courts of Sofia, Bulgaria.

18. Where can you complain if we violate the applicable law for the protection of your Personal Data?
You have the right to file a complaint to the Commission for Personal Data Protection (postal address 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, tel. +359 2-91-53-519, e-mail address [email protected])., if you believe that the processing of your Personal Data violates the applicable national and regulatory framework for the protection of personal data.

19. How will you be notified of any changes to this Policy?
We update this Privacy Policy whenever necessary. If there are significant changes to our Privacy Policy or the way we use your Personal Data, we will post an update to this Privacy Policy on our website before the changes take effect and will notify you by any appropriate means.
We encourage you to read this Policy from time to time in order to know how your Data is protected. This privacy policy was last modified in April 2023.

20. Questions and Comments
We hope that this Privacy Policy has helped you understand how we handle your Personal Data and your rights.
If you have any questions or comments and concerns about our Privacy Policy please contact our Data Protection Officer who will be glad to assist you at [email protected] or write to the Data Protection Officer at the address 103 James Boucher Blvd., BG-1407, Lozenets, Sofia, Bulgaria.