Your privacy is important to us.
Last updated: 30.03.2020.
Welcome to motionbites.com (the "Website"), which is operated by AE Sweets Ltd. ("the Controller", "the Company”, "AeSweets", "we", "our", "us") and may be accessed worldwide.
Any capitalized terms used herein without definition shall have the meaning given to them in the Terms of Usе.
I. Mandatory information on the rights of the persons according to the data protection
As of 25 May 2018, a General Data Protection Regulation adopted by the European Union has entered into force. The regulation aims to guarantee the protection of the data of individuals from all EU Member States and to harmonize the rules for their processing.
AeSweets meets all the requirements of the new regulation, collecting only the data of the individuals insofar as they are necessary for the provision of the service, and keeps them responsibly and legally.
II. Information about the processor of personal data
Name: "AE Sweets" Ltd.
UIC / BULSTAT: 203007280
Registered office: 24 Vasil Levski Blvd., Sofia, Bulgaria
Correspondence address: 24 Vasil Levski Blvd., Sofia, Bulgaria
III. Information concerning the competent supervisory authority
Name: Personal Data Protection Commission
Registered office: 1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd.
Correspondence address: 1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd.
Phone: 02 915 3 518
Email: firstname.lastname@example.org, email@example.com
AeSweets carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free flow of such data This information is intended to inform you about all aspects of the processing of your personal data by the Company and the rights you have in connection with such processing.
IV. Grounds for collecting, processing and storing your personal data
The administrator collects and processes your personal information regarding the use of the online portal motionbites.com; aesweets.com; concluding contracts with the Company on the grounds of Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:
- Your explicit consent has been obtained from you as a client;
- Fulfillment of the obligations of the Controller under contract with you;
- Compliance with a legal obligation that applies to the Controller;
- For the purposes of the legitimate interests of the Controller or of a third party;
- To protect the vital interests of the data subject or other individual.
V. Objectives and principles for the collection, processing and storage of your personal data
We collect and process the personal information you provide to us in connection with the use of the motionbites.com online portal; aesweets.com and contract with the Company, including for the following purposes:
- Creating an account and providing full functionality when using the online portal;
- Ordering and purchasing goods;
- Individualization of the contracting party;
- Accounting goals;
- Statistical goals;
- Protection of information security;
- Ensuring the performance of the contract for the provision of the relevant service;
- Sending newsletter and advertising messages after obtaining consent from you;
- Communicate and respond to inquiries;
- Organizing games, tombolas, campaigns and other events.
We respect the following principles when processing your personal data:
- Legality, good faith and transparency;
- Limitation of processing purposes;
- Compliance with the purposes of processing and minimizing the data collected;
- Accuracy and timeliness of the data;
- Storage limitation to achieve goals;
- Integrity and confidentiality of processing and ensuring an adequate level of personal data security.
In the processing and storage of personal data, the Controller may process and store personal data for the purpose of fulfilling his or her legal obligations and protecting his or her legitimate interests:
- Fulfillment of its obligations to the National Revenue Agency, the Ministry of the Interior and other state and municipal bodies.
VI. What types of personal data is collected, processed and stored by the Company
The Company performs the following operations with the personal data you provide for the following purposes:
- Conclusion and execution of a commercial transaction or contract with a client - for the purpose of concluding and executing a contract with a commercial partner or client and its administration. In some cases, the purpose of the operation may also be to protect the legitimate interests of the Company in the execution of the transaction. Given the limited scope of personal data collected and the fact that some of it is collected from publicly available sources, an impact assessment is not necessary for this operation.
- Registration of a user in the electronic portal and execution of a sales contract - in order to create an account for using the electronic portal for purchasing goods, to maintain a public profile, to receive funds for the monetization of contributed content and to receive newsletters upon request, as well as to provide contact information for delivery of purchased goods. On the basis of the impact assessment carried out, this operation was found to be admissible and provide sufficient guarantees for the rights of the entities.
- Sending newsletter and promotional messages - the purpose of this operation is to administer the process of sending newsletters and promotional emails to clients who have stated that they wish to receive. Given the limited scope of personal data collected, an impact assessment is not necessary for this operation.
The Controller processes the following categories of personal data and information for the following purposes and for the following reasons:
- Registration and account creation information (names, e-mail, social network data, city and country, short bio, nickname, PayPal email)
- Purpose for which the data is collected: 1) Contacting and sending information to the user, 2) for the purpose of registering a user in the online portal, 3) maintaining a public profile in the online portal, 4) for payments to the user in the presence of collected funds, and 5) to send a newsletter if desired.
- Reason for processing your personal data - By accepting the general terms and registration in the electronic portal, a contractual relationship is created between the Controller and you, on the basis of which we process your personal data - Art. 6, para. 1, b. (b) GDPR.
- Receive details for newsletter and advertising - (е-mail)
- Purpose for which the data is collected: 1) To send newsletter and promotional messages.
- Grounds for processing your personal data - Your data for sending newsletter and advertising messages is processed on the basis of your explicit consent - Art. 6, para. 1, b. (a) GDPR.
The Controller does not collect or process personal data relating to the following:
- Reveal racial or ethnic origin;
- Reveal political, religious or philosophical beliefs, or trade union membership;
- Genetic and biometric data, health data, or sexual life or sexual orientation data.
Personal data is collected by the Collector from the persons to whom they relate.
The Company does not make automated decision-making with data.
The Company does not collect and process data for persons under the age of 14 except with the express consent of their parents or legal representatives.
VII. The storage period of your personal data
The Controller keeps your personal data for no longer than the existence of your account on the online portal or until the consent of the processing is withdrawn. After deleting your account or successfully completing it, the Controller takes the necessary care to delete and destroy all your data without unnecessary delay or anonymize (i. e. bring them into a form that does not reveal your personality).
The Controller shall keep your personal data provided in connection with online orders for a period of 5 years for the purpose of protecting the Controller's legal interests in legal or administrative disputes with users of the online portal, and the accounting documents shall be kept for the relevant statutory period.
The Controller notifies you in the event that the data retention period is required to be extended for compliance with a regulatory obligation or for the legitimate interests of the Controller or otherwise.
The Controller stores the personal data that it needs to keep under applicable law for the relevant estimated period, which may exceed the lifetime of your account in the electronic portal.
VIII. Transmission of your personal data for processing
The Controller may, at its sole discretion, transmit some or all of your personal data to other data processors for the fulfillment of processing objectives that you have agreed to, subject to the requirements of Regulation (EU) 2016/679 (GDPR).
The Controller notifies you in case of intend to share some or all of your personal information with third countries or international organizations.
IX. Your rights in the collection, processing and storage of your personal data
Withdrawal of consent to the processing of your personal data
If you do not wish all or part of your personal data to be further processed by the Company for specific or all processing purposes, you may at any time withdraw your consent to the processing by request in free text format and email it to us.
The Controller may ask you to verify your personality and identity with the person to whom the data refers.
With the withdrawal of consent to process personal data that are required to create and maintain an account on the online portal, your account will become inactive. Of course, you will be able to browse the portal and the products offered online or register again.
If you have an order that is in the process of being processed, the earliest time you can withdraw your processing consent is when the order is successfully completed.
You may at any time withdraw your consent to the processing of your personal data for direct marketing purposes.
Withdrawal of consent does not affect the lawfulness of the processing of personal data that the Controller has performed so far.
X. Right of access
You have the right to request and receive confirmation from The Controller that personal data relating to you is being processed, and if you are a registered user, you can at any time see in your profile the personal data you have provided and which is being processed about you.
You have the right to access data relating to you, as well as information relating to the collection, processing and storage of your personal data.
The Controller provides you, upon request, with a copy of the personal data processed relating to you, in electronic or other appropriate form.
Providing access to the data is free of charge, but The Controller reserves the right to impose an administrative fee in case of repetition or excessive request.
XI. Right of correction or completion
You may correct or fill in inaccurate or incomplete personal information relating to you directly through your website account or by submitting a request to the Controller.
XII. Right to be deleted ("to be forgotten")
You have the right to request from the Controller to delete some or all of your personal data, and the Controller has the obligation to delete them without undue delay when any of the following reasons exist:
- Personal data are no longer needed for purposes for which they were otherwise collected or processed;
- You withdraw your consent on which data processing is based and there is no other legal basis for processing;
- You object to the processing of personal data relating to you, including for direct marketing purposes, and there are no legitimate grounds for processing to take precedence;
- Personal data were processed illegally;
- Personal data must be deleted in order to comply with a legal obligation under EU or Member State law applicable to the Controller;
- Personal data were collected in connection with the provision of information society services.
The Controller is not required to delete personal data if it is stored and processed:
- to exercise the right to freedom of expression and the right to information;
- to comply with a legal obligation requiring processing as provided for in EU or Member State law applicable to the Controller or for the performance of a public interest task or in the exercise of official powers conferred on it;
- for reasons of public interest in the field of public health;
- for purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;
- for the establishment, exercise or defense of legal claims.
In the event that you exercise your right to be forgotten, the Company will erase all your data, except for the following information:
- Information necessary to verify that your right to be forgotten is fulfilled;
- Technical information on the functioning of the online portal, which information cannot in any way be related to your personality.
To exercise your right to be forgotten, you must submit an application by requesting in free text, and emailing us.
To exercise your right to be forgotten, you must submit an application by requesting in free text, and emailing us. The Controller may ask you to verify your identity and identity with the data subject. If you have an order in progress, the earliest moment you can ask to be "forgotten" is when the order is successfully completed. By deleting your personal data, your account will become inactive. Of course, you will be able to browse the portal and the products offered online or register again. The Controller does not delete any data that it has a legal obligation to keep, including for protection against legal claims against it or to prove its rights.
XIII. Right of restriction
You have the right to require the Controller to limit the processing of your data when:
- Challenge the accuracy of personal data for a period that allows the Controller to verify the accuracy of personal data;
- The processing is improper, but you do not want the personal data to be erased, only the use of their data restricted;
- The Controller no longer needs personal data for processing purposes, but you do require it to establish, exercise or defend your legal claims;
- You objected to the pending review of whether the Controller's legitimate grounds outweighed your interests.
The Controller may ask you to verify your identity and identity with the data subject.
XIV. Right to portability
If you have consented to the processing of your personal data or the processing is necessary to perform the contract with the Controller, or if your data is processed in an automated manner, you may:
- Request that the Controller provide you with your personal data in a readable format and transfer it to another the Controller;
- Request that the Controller directly transfer your personal data to an administrator you specify when technically feasible.
You may exercise the portability right by emailing us a free text request, after which the Controller will send an email response. The Controller may ask you to verify your identity and identity with the data subject.
XV. Right to receive information
You may ask the Controller to inform you of any recipients to whom personal data for which correction, deletion or restriction of processing has been requested have been disclosed.
The Controller may refuse to provide this information if this would be impossible or would require a disproportionate effort.
XVI. Right to object
You may object at any time to the processing of personal data by the Controller relating to it, including if it is processed for profiling or direct marketing purposes.
XVII. Your rights in breach of your personal data security
If the Controller detects a breach of your personal data security, which could pose a high risk to your rights and freedoms, it shall notify you without undue delay of the breach, as well as any measures taken or to be taken.
The Controller is not required to notify you if:
- has taken appropriate technical and organizational safeguards with respect to data affected by a security breach;
- subsequently took measures to ensure that the infringement would not pose a high risk to your rights;
- notification would require a disproportionate effort.
XVIII. Persons to whom your personal data are provided
For the purposes of processing your personal data and providing the service with its full functionality and for your interests, the Controller may provide the data to the following data processors – see the list of data processors. Said personal data processor complies with all requirements of legality and security for the processing and storage of your personal data.
In the event of a violation of your rights under the aforementioned or applicable personal data protection legislation, you have the right to file a complaint with the Personal Data Protection Commission as follows:
Name: Personal Data Protection Commission
Registered office and management address: 1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd.
Correspondence address: 1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd.
Phone: 02 915 3 518
You can exercise all your rights regarding the protection of your personal data in any form that contains a statement about this and identifies you as the data owner.
If consent refers to transfer, the Controller describes the potential risks of transferring data to third countries in the absence of adequate protection and adequate safeguards.