(last revision: September 28, 2018)
Owner and Data Controller
Personal data of visitors and users of the online store “The Agile Box” (www.theagilebox.com) is being processed for the purposes of advertisement, sale and supply of tools and materials for facilitation and as well as for affiliated purposes.
Controller (“the Controller”) of your personal data processed by TheAgileBox.com is Leanify Ltd, company VAT number: BG201074945, with registered address: 7 Balkandzhi Jovo Str., 1612 Sofia, Bulgaria
The Data Protection Officer of the Controller will answer all your questions regarding the processing and protection of your personal data.
Contact information: dpo@theagilebox.com
Leanify Ltd
7 Balkandzhi Jovo Str., fl. 4, ap. 7
1612 Sofia
Bulgaria
Types of processed data
We process the following categories of data:
Data contained in your account/profile at the TheAgileBox.com online store that is created for you after entering into an informal contractual obligation with the Controller by accepting the Terms and Conditions on the website www.TheAgileBox.com (the “Terms and Conditions”):
- First and last name;
- E-mail address;
- Password;
Data stemming from Online orders placed on TheAgileBox.com, initiated by you via informal contractual obligation from a distance with the Controller upon applying the Terms and Conditions:
- First and last name of the customer and the recipient;
- Email of the customer and the recipient;
- Delivery address – country, city, postcode, address;
- Company name of the customer and the recipient;
- Phone number for the purpose of delivery;
- Invoice data – names, phone, city, country, postcode, address;
- Type of delivery;
- Method of payment;
- Order number;
- Payment amount;
- Payment status
We process the following data based on your consent expressed through a deliberate action – entering of an optional set of data and / or free choice of specific options:
Data contained in your account/profile at the TheAgileBox.com online store:
- Name of a legal entity and/or name of another incorporated or unincorporated entity / organization;
Contact Data and data contained in a sent message or a published comment, provided by completing the contact form of the online store TheAgileBox.com or by sending us an email, conventional mail, telephone call, sending SMS, and other forms of communication and/or expression:
- First and last name;
- E-mail address;
- Phone number;
- Fax number;
- Address;
- Website;
- Content of the comment and/or message;
Data stemming from Online orders placed on TheAgileBox.com:
- Order History
You may withdraw any of the aforementioned consents through your account settings or the form and manner prescribed in this Policy. Upon withdrawal of consent, the processing of the relevant personal data for the stated purposes is discontinued. Withdrawal of consent does not affect the lawfulness of consent-based processing prior to its withdrawal.
We process the following data for compliance with legal obligations in accordance with the local and EU legislature:
Data contained in your account/profile at the TheAgileBox.com online store and stemming from Online orders placed on TheAgileBox.com:
- First and last name;
- E-mail address;
- Name of a legal entity and/or name of another incorporated or unincorporated entity / organization;
- Delivery address – country, city, postcode, address;
- Telephone for delivery;
- Invoice data – names, phone, city, country, postcode, address;
- Type of delivery;
- Method of payment;
- Order number;
- Payment amount;
- Status and payment history
- Status and delivery history;
- Order History
We process the following data on the basis of legitimate interest :
Data contained in your account/profile at the TheAgileBox.com online store and stemming from Online orders placed on TheAgileBox.com:
- First and last name;
- E-mail address;
- Name of a legal entity and/or name of another incorporated or unincorporated entity / organization;
- Delivery address – country, city, postcode, address;
- Telephone for delivery;
- Invoice data – names, phone, city, country, postcode, address;
- Type of delivery;
- Method of payment;
- Order number;
- Payment amount;
- Status and payment history
- Status and delivery history;
- Order History
Purposes of personal data processing
The data contained in your account/profile at the TheAgileBox.com online store is being processed for the purposes of:
- Accountability of the Controller by recording legally significant data in electronic protocols – technical logs;
- Delivery of ordered products;
- Provision of support for technical malfunctions, providing customers with information via our call center, responding to complaints, tracking supplies, payments and more;
- Verifying your account data by sending an email to ensure the security of access or for resetting your password;
- Authentication when signing in to your account;
- Sending messages via email and/or push notifications for purposes of direct marketing only with your explicit consent;
- Complying with legal rulings, judgments, orders and decisions of state authorities and administrative supervisors. This includes using your personal data to collect and verify accounting data and comply with the accounting rules;
The data stemming from Online orders placed on TheAgileBox.com is being processed for the purposes of:
- Delivery of ordered products;
- Provision of support for technical malfunctions, providing customers with information via our call center, responding to complaints, tracking supplies, payments and more;
- Preventing and investigating abuse of online orders and related supplies, as well as losses and fraud;
- Complying with legal rulings, judgments, orders and decisions of state authorities and administrative supervisors. This includes using your personal data to collect and verify accounting data and comply with the accounting rules;
- Statistical Analysis of the information obtained after anonymization of your data;
The contact data and the data contained in a sent message or a published comment is being processed for the purposes of:
- Identify you as sender / author of a message or a posted comment;
- Establishing communication with you;
Third parties with access to your personal information for the fulfillment of their duties
We use the following service providers for cloud services, hosting, reverse proxy, CDN, servers / clusters and collocation:
- “SuperHosting.BG” Ltd. , with UIC: 131449987 – provides hosting for the online store TheAgileBox.com. You can learn about their privacy policy at the following address: https://www.superhosting.com/web-hosting-page-privacy-policy.php
- Consultants and suppliers in different spheres for the purposes of protecting our legitimate interests in maintaining and improving the quality of the services we provide to you, to meet legal requirements, to protect legal rights and interests in judicial, pre-trial and administrative proceedings. We use the following entities on regular basis: Delivery companies we use for supplying products (Econt, Speedy, Rapido, BGPost, DHL and TNT);
- State authorities and institutions in connection with inquiries carried out by them in accordance with legal requirements and restrictions;
With regards to the usage of private entities, we require and enforce these third parties to apply all adequate technical and organizational measures in order to protect your data.
Retention periods
Data provided on a contractual basis:
- Account/profile data – up to 5 years from the date of the last online order; in the absence of an order – until the account/profile is deleted through the online store’s functionality or 5 years from the date of your last login, whichever happens first; Account/profile data is related to and defined for the online order data, which determines the application of the term set in relation to the online order data. In the absence of an order you still have the legal expectation to be permitted to use those services for the full remainder of the 5 year term based on the informal contract you have as a user and therefore we provide you, as a remedy for this situation, with the option at any time to delete your account before the end of the five-year term.
- Online order data – up to 5 years from the date of any given order. The term is determined on the basis of the limitation period for repayment of the receivables.
Data on the collection and verification of accounting data and accounting compliance – accounting records and financial statements, including tax audit, audit and subsequent financial inspection documents, shall be kept for 10 years from 1st of January of the reporting period following the reporting period to which they refer; all other holders of accounting information – three years from 1st of January of the reporting period following the reporting period to which they refer;
Data provided on the basis of consent – until the withdrawal, as provided, including through the functionality of the online store or the blog or by deletion, and with respect to the online store – until the expiration of 5 years from the date of your last login, whichever is happens first.
Rights related to personal data
You may exercise certain rights regarding your Data processed by the Owner.
In particular, you have the right to do the following:
- Withdraw your consent at any time. You have the right to withdraw consent where you have previously given your consent to the processing of your Personal Data.
- Object to processing of Data. You have the right to object to the processing of your Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Access Data. You have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. You have the right to verify the accuracy of your Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. You have the right, under certain circumstances, to restrict the processing of your Data. In this case, the Owner will not process your Data for any purpose other than storing it.
- Have your Personal Data deleted or otherwise removed. You have the right, under certain circumstances, to obtain the erasure of your Data from the Owner.
- Receive your Data and have it transferred to another controller. You have the right to receive your Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
- Lodge a complaint. You have the right to bring a claim before your competent data protection authority.
Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, You may object to such processing by providing a ground related to your particular situation to justify the objection.
You must know that, however, should your Personal Data be processed for direct marketing purposes, you can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, you may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
“Cookie” usage
Regarding the data contained in the cookies used by the online store TheAgileBox.com, see our Cookie Policy.