Privacy Policy - Perpetto

Privacy Policy

Last update: June 3, 2018

We, Perpeto BG OOD, Ltd. (“Perpetto” , “we”, “us” or “our”) are committed to protecting your personal data and being transparent about what data we process about you and therefore have created this Privacy Policy Declaration  (“Privacy Policy“).
Perpetto is a technology company behind the website located at www.perpetto.com including its successor domain names or sites (the “Site“), the Perpetto platform, as well as a number of related services under the brand name Perpetto (“Perpetto”) for optimizing the shopping experience on third party ecommerce shops websites and apps (collectively called “Services“).

In this Privacy Policy you will find detailed information regarding our processing of personal data.

Controller:
Perpetto BG ltd.
UIC 202756500
Betahaus Sofia, 56-58 “Krum Popov” Str., 1421 Sofia City, Bulgaria
phone: +358898484147
e-mail: alex@perpetto.com

Data protection officer:
Name: Alexander Kitov
Address: ul. Kraiste bl. 37, vh. B, app. 44, 1402 Sofia, Bulgaria
E-Mail: alex@perpetto.com

Grounds and purpose of the processing of personal data

We process personal data only when one of the following applies:

  • There is а concluded contract between you and us with the purpose to execute our contractual obligations;
  • We received explicit consent from you – the purpose is being specified for each case;
  • There is legal obligation for us to process the personal data;

Processing Of Data For The Execution Of Contract Or During Pre-Contractual Relations

We process personal data to execute our contractual and pre-contractual obligations. The purpose of the processing is as follows:

  • To identify the data subject
  • To manage and execute your orders
  • To make a user profile, analyze user behavior and improve the user’s shopping experience
  • To send you invoices/ bills for the services you are using
  • To provide you full support
  • To receive payments from you
  • To maintain correspondence with you
  • To prevent unlawful behaviour or breach of our Terms of use and Privacy policy

How Perpetto operates?

Perpetto acts as an third-party vendor to the Client’s website or mobile application (Data Controller) to which the End User (You) has granted your consent (if applicable). Perpetto is then contractually obliged to gather and store End User Data and provide our Services to our Client.
Our mission is to allow online shops around the world to understand what their customers are interested in without compromising each person’s right to privacy.
Our Services enable our Clients to:

  • Suggest personally suitable products (“Recommendations“) to every End User on their website and mobile application; and
  • Analyze the End Users’ behavior to build a notion of the End User’s interests and send personalized emails accordingly (“User Preferences and Emails“).

Data we process

On this ground we process data regarding the End User according to the consent he has granted our Client, including:

  • Profile:
    1. Names
    2. Email
    3. Date of registration
    4. Category preferences
    5. Price range preferences
    6. Preferences about product sizes and other product properties
  • Session
    1. IP address and Geolocation (City, Country, Coordinates)
    2. Viewed products
    3. Session start and end date
    4. Browser (Firefox/Chrome/etc)
    5. Device (Android/PC/Mac/etc)
  • Basket / Order
    1. Order number
    2. Purchased products
    3. Total price
    4. Date

Transfer of data to third parties

We might transfer information collected via our Services to other companies or individuals as follows:

  • We may disclose information to our subsidiaries, joint ventures, or other companies under common control with us, in which case we will require them to honor this policy
  • In the event we go through a business transition such as a merger, acquisition by another company, or sale of all or a portion of our assets, we expect that any and all information that we have will be among the assets transferred
  • We disclose information to third-party service providers (e.g., data storage and processing facilities) if required by us so that those service providers can perform certain business functions for us or on our behalf
  • We do not sell your data to third-party service providers

Data deletion

We delete personal data processed on this ground after 1 year after the contract has expired regardless of the reason of the expiration. We chose this time period, because this is the expiration period for the claims from a contract.

Processing of Data for Compliance with Legal Obligations to Which We are Subject

Sometimes there is a legal obligation for us to process personal data. In these cases we are obliged to process personal data. Such cases are:

  • Obligations under Measures against money laundry act (MAMLA);
  • Obligations under Consumer protection act (CPA)
  • Obligations to provide personal data to Consumer protection commission and third parties under CPA;
  • Obligations to provide personal data information to Personal data protection commission
  • Obligations under Accounting act and Tax-Insurance Procedure Code (TIPC)
  • Obligations to provide information to the court or third parties under the applicable procedure laws;
  • Obligation to certify the age of the data subject

Transfer of data to third parties

In case of legal obligation for us we could transfer personal data to third parties such as public authorities.

Data deletion

Personal data processed on this ground is being deleted after the obligation has been fulfilled or has expired. For example under the Accounting act we must store the personal data 11 years.

After receipt of your consent

We process personal data on this ground only after your explicit content. The content is given in compliance with Art. 7 from Regulation 679/ 2016 (GDPR).
We do not foresee any negative consequences for you in case you decide not to share your personal data.
The consent is a separate ground for the processing of personal data and the purpose of the processing is specified for each case.

On this ground we process only data after we have received your explicit content. In most cases this data includes:

  • Profile:
    1. Names
    2. Email
    3. Date of registration
    4. Category preferences
    5. Price range preferences
    6. Preferences about product sizes and other product properties
  • Session
    1. IP address and Geolocation (City, Country, Coordinates)
    2. Viewed products
    3. Session start and end date
    4. Browser (Firefox/Chrome/etc)
    5. Device (Android/PC/Mac/etc)
  • Basket / Order
    1. Order number
    2. Purchased products
    3. Total price
    4. Date

Transfer to third parties

On this ground we could transfer personal data to third parties, specified with your consent, such as Facebook or Google.

Withdrawal of the consent

The consent could be withdrawn at any time. The withdrawal does not in any way affect any contracts or other relations between you and us. The withdrawal does not affect the processing before the withdrawal was given.
To withdraw your consent you just have to use our website or write us an email.

Data deletion

We delete the data processed on this ground after receiving demand from you or 12 months from the initial processing.
Automated Processing
For the processing of personal data we partially use automated algorithms with the purpose to improve our services and adapt them to your personal needs.

Data Protection

To ensure the protection of personal data of the company and the clients we apply all required organizational and technical measures under Data protection act and GDPR, as well as the best international practices.
We have adopted Rules for data processing in the company and have appointed Data protection officer.
To ensure maximum security we could apply additional protection measures such as pseudonymisation, encryption and others.

Data From Third Parties

We process data from third parties as a joint Controller or Data processor. The purpose, the legal ground and all other details regarding the processing of such personal data is specified in our Data processing agreement/ separate Data processing agreement between us and the Data controller.

Data Subject Rights

You have all data protection rights under Data protection act and GDPR.
You could use your right by contacting us through our website or just by writing us an email.

You have the right to:

  • Be informed regarding the processing of your personal data
  • Access your personal data
  • Demand correction your personal data
  • Demand deletion of your personal data
  • Demand limitation of the processing of personal data
  • Portability of personal data between the controllers
  • Object against the processing of personal data
  • Be excluded from fully automated decisions
  • Protect your right in court or through administrative procedure in case of violation of data protection rights

The data subject could demand deletion in the following cases:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed
  • The data subject withdraws consent on which the processing is based and there is no other legal ground for the processing
  • The data subject objects to the processing and there are no overriding legitimate grounds for the processing
  • The personal data has been unlawfully processed
  • The personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
  • The personal data has been collected in relation to the offer of information society to a person under 16 years

The data subject has the right to restriction of personal data when:

  • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data
  • The processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims
  • The data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject

Portability right

The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  • the processing is based on consent or on a contract pursuant to point (b) of Article 6(1); and
  • the processing is carried out by automated means

Right to make a claim

Data subject has the right to make a claim against the unlawful processing of personal data to the Data protection commission or the according court.

Personal data records

We maintain a record of our processing activities. This record contains the following information:

  • Name and coordinates of the controller
  • Purposes of the processing
  • Description of the categories of data subjects and processed data
  • The categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations
  • Where applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation and, in the case of
  • Transfers referred to in the second subparagraph of Article 49(1), the documentation of suitable safeguards
  • Where possible, the envisaged time limits for erasure of the different categories of data
  • Where possible, a general description of the technical and organizational security measures referred to in Article 32(1)

Why Perpetto?

One quick frontend integration for a perpetually improving shopping experience

  • Built especially for Fashion and Sports.
  • Success-based Fee and ROI guarantee
  • Measurable results and perpetual improvement
Why Perpetto