TonerStream TonerStream

Privacy policy

This Privacy Policy is an integral part of the Terms and Conditions of Toner Stream Ltd. and covers issues related to personal data, including what information we collect as a Data Controller, how we use it, and what rights users have in this regard.

Toner Stream Ltd. acts as a data controller within the meaning of Regulation (EU) 2016/679 (hereinafter referred to as the "Regulation").

Administrator Identification: Toner Stream Ltd.

Registered office and management address: 14A Prof. Ivan Georgov Str., Sofia, Bulgaria Company Registration Number (EIK): 175329384, VAT Number: BG175329384

CEO: Vasil Nikolov

Toner Stream Ltd. treats as personal data any information that identifies a specific natural person or relates to a natural person through which the individual can be identified.

Processing of personal data involves any action or set of actions that can be performed on personal data by automatic or other means.

I. How do we collect information about you?

  1. We collect personal data with the explicit consent of the individuals concerned. When you register on our website or use any of the forms, you voluntarily provide us with certain information, which we process and store. This information may include: name, middle name, surname, email address, phone number, date of birth, PINs, comments, and any other information you provide to us. You may choose to share with us location data or photos. We may opt to reduce the volume of data we store and process, depending on the processing purposes.

When establishing contractual relationships for the purpose of performing the contract, we necessarily obtain the following personal data: name, middle name, surname, email, address, phone number.

  1. If you decide to purchase a product or order a specific service through the website https://www.tonerstream.com/, we collect payment information, contact information (address and phone number), and details about the product or service you have ordered.
  2. When connecting your profile to your profile on Facebook or Google or other third-party services, we receive information from these profiles. The information we receive from these services depends on the settings and privacy statements, so each individual should check what they are.
  3. We also receive technical information when you use our website. Every time you use the website, mobile application, or other internet service, the system automatically creates and records certain information. Here are some of the categories of information we collect:

a/ Data in registration files. When using the website, our servers record information ("log data") that your browser automatically sends when you visit a website, or your mobile application automatically sends when you use it. This log data includes the Internet Protocol address, the address and activity of the websites you visit, searches, browser type and settings, date and time of your request, how you use the website, cookie data, and device data. If you want to get more details about the information we collect, please contact us through the contact form.

b/ Cookie data. We also use cookies (small text files sent by your computer each time you visit our website) or similar technologies for data capture. When we use cookies or other similar technologies, we use session cookies (which continue until you close your browser) or persistent cookies (which continue until you or your browser delete them). For example, we use cookies to store your language preferences or other settings, so you don't have to set them every time you visit the site. Some of the cookies we use are associated with your profile (including information about you, such as the email address you have given us), while others are not. For more information about how we use cookies, please review our cookie policy.

c/ Device information. In addition to the data in the logs, we collect information about the device through which you use our website, including device type, operating system, settings, unique device identifiers, and crash data that help us understand when something breaks. Whether we collect some or all of this information often depends on the type of device you use and its settings. For example, there are different types of information depending on whether you use a Mac or PC or iPhone or Android phone. To learn more about what information your device makes available to us, please check the manufacturer's or software provider's settings.

Please note that the English version provided is a translation and for informational purposes only. In case of any discrepancies between the English version and the original Bulgarian version, the Bulgarian version shall prevail.

II. What We Do with the Information We Collect. Purposes and Processing Period:

Purposes

Toner Stream Ltd. processes and stores the personal data mentioned above solely for the purpose of fulfilling its contractual obligations, specifically processing user requests, performing delivery, as well as for the following purposes:

a/ Based on Article 6, (1)(b) of the Regulation - for the establishment of pre-contractual relations; b/ Based on Article 6, (1)(b) of the Regulation - for the performance of already established contractual obligations. c/ Based on Article 6, (1)(a) and Article 7 of the Regulation - for non-personalized advertising; d/ Based on Article 6, (1)(a) and Article 7 of the Regulation - for personalized advertising; e/ Based on Article 22, (2)(b), Article 6, (1)(a), and Article 7 of the Regulation - for performing personalized assessments of information; f/ Based on Article 6, (1)(e) - for marketing purposes. g/ Based on Article 6, (1)(e) of the Regulation - for retargeting related to marketing, remarketing, or optimization purposes.

 

Processing Period

The data is stored and processed if the user account is active and for 10 years after its deactivation or deletion, as well as, as long as it is needed to provide our services. In case the individual makes the respective request, the information is immediately destroyed.

For the purpose of performing delivery, when requested by the user, Toner Stream Ltd. has the right to provide the abovementioned personal data or part of it to courier companies or national postal operators, including Econt, Speedy, Evropat. In this regard, the user may receive SMS or calls from these entities.

III. Rights You Can Exercise Regarding Your Personal Data:

All rights are exercised, and the respective requests and notifications regarding data subjects' rights are deposited through the CONTACT FORM FOR QUESTIONS RELATED TO PERSONAL DATA at the email address privacy@tonerstream.com. Alternatively, they can be sent by mail to the management address provided above. Requests are made in a manner that allows the identity of the applicant to be identified. Regarding some rights, technical capabilities for their exercise may apply, such as an Unsubscribe Button. In all cases, the administrator must respond to the request or address the declared right at the provided contact address or email within one month of receipt.

According to the General Data Protection Regulation, the data subject has the right to:

Information (regarding the processing of their personal data by the administrator): When there is a risk of a breach of the security of your personal data, the administrator must inform you of the nature of the breach and the measures taken to remedy it, as well as whether the supervisory authority has been notified of the breach.

Access to their own personal data and the right to withdraw consent for processing: As a data subject, you have the right to request confirmation of whether your personal data is being processed and if so - to access your data and the following information: the purpose of data processing, the types of personal data, recipients of the data, the processing period. Access requests must be made in written/electronic form and addressed to the administrator. Also, you have the right to withdraw your consent for the processing of your personal data at any time.

Rectification (if the data is inaccurate): As a data subject, you have the right to request the correction of your personal data if it is inaccurate/outdated. To do this, a separate request must be submitted. Your request will be answered by the administrator as follows – in writing, at the provided email address.

Erasure of personal data (right to be forgotten): As a data subject, you have the right to be forgotten, i.e., to request the deletion of your personal data without undue delay, i.e., the administrator to erase your personal data from all systems and records where they are stored, including to notify all third parties/data processors to whom the data has been provided. A deletion request can be made on the grounds provided in the Regulation, including if any of the following grounds are present: personal data are no longer necessary for the purposes for which they were collected; you have withdrawn your consent; you have objected to the processing, and the processing is unlawful; personal data must be erased to comply with a legal obligation under Union or Member State law applicable to the administrator; personal data have been collected in connection with the offering of information society services. The administrator may refuse to erase personal data on the grounds set out in the Regulation - when the processing of the specific data is for the purpose of: exercising the right to freedom of expression and information; compliance with a legal obligation or the performance of a task carried out in the public interest or in the exercise of official authority; for the purposes of public health; archiving for purposes in the public interest, scientific, historical research, or statistical purposes; or for the establishment, exercise, or defence of legal claims.

Limitation of Processing by the Administrator or Processor of Personal Data: As a data subject, you have the right to request that the administrator of your personal data limits its processing. Limitation is allowed in the following cases:

  • When you believe that your personal data is inaccurate, in which case the limitation is for the period necessary for the administrator to verify the accuracy.
  • When the processing of your personal data is unlawful, but you do not want it to be deleted, only restricted in its use.
  • When the administrator no longer needs your personal data for processing purposes, but you, as the data subject, require them to establish, exercise, or defend legal claims.
  • When you have objected to the processing pending verification whether the legitimate grounds of the administrator override your interests. To do so, in the presence of any of the above conditions, you should submit a request.

Portability of Personal Data, including between different administrators: The data subject has the right to portability - to receive the personal data concerning them, which they have provided to the administrator, in a structured, commonly used, and machine-readable format and has the right to transmit this data to another administrator without hindrance from the administrator to whom the personal data have been provided, when processing is based on consent or on a contractual obligation and the processing is carried out by automated means. When exercising their right to data portability, the data subject has the right to have the personal data transmitted directly from one administrator to another, where technically feasible.

Objection to the Processing of Personal Data: As a data subject, you have the right to object to the processing of your personal data at any time, including when it is for direct marketing purposes. The administrator should justify whether they accept the objection or explain why they continue to process the personal data if they reject the objection.

Right not to be subject to a decision based solely on automated processing: The data subject has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. The data subject has the right to contest the automated decision at any time.

Right to judicial or administrative remedy in case of infringement of data subject's rights: As a data subject, you have the right to lodge a complaint against the processing of your personal data or the violation of your rights concerning data protection with the competent supervisory authority - the Commission for Personal Data Protection, address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2 (www.cpdp.bg). Additionally, any person who has suffered material or non-material damage as a result of a breach of this regulation has the right to receive compensation from the administrator or processor of personal data for the damages incurred.

Security:

We have implemented numerous technical, legal, and organizational measures to protect the personal data of each individual. To prevent unauthorized access, we employ encryption procedures in certain areas. Additionally, we utilize SSL protocols to prevent the misuse of data by third parties. We do not share data with third parties unless necessary for delivering ordered goods.

We may use the services of third parties who act as processors of personal data for the aforementioned processing purposes. These parties process personal data on our behalf and are required to comply with applicable data protection regulations. These parties are carefully selected by us and only have access to data necessary for providing the services they are engaged with and within the scope of the consent provided to us. In case these parties are outside the EU and do not meet the GDPR requirements, based on its status as a regulatory act, we will ensure the protection of personal data through contractual or other legal instruments. Additionally, personal data may be provided to state or municipal authorities exercising various forms of control within the law.

Advertisement:

By confirming the registration request for an account, confirming an order for a service or product, the user expressly consents to the processing and transfer of their personal data for one or more of the following purposes:

a/ Inclusion of the user's assessment and opinion in marketing surveys through electronic methods - via email or messenger.

b/ Receipt of electronic messages for products, services, and other advertising messages on all owned devices.

c/ Receipt of personalized advertising tailored to the user's preferences. Personalization is based on an assessment of the user's behavior data;

d/ Receipt of commercial offers relevant to the user's behavior and preferences via email, mail, or messenger. For this purpose, data on user consumption based on their purchasing behavior, participation in advertising campaigns, as well as website usage, may be subject to analysis and forecasting of user interests.

e/ Receipt of non-personalized advertising. Users will receive information about current products, services, initiatives, and other advertising messages.

 

Declaration:

In the process of processing personal data, TONER STREAM LTD adheres to the principles of European and national legislation related to the protection of personal data. By applying a package of organizational, technical, and legal measures, we strive to ensure a high level of security of personal data, protection against unauthorized processing, destruction, or damage.

tonerstream
tonerstream