PRIVACY POLICY AND PERSONAL DATA PROTECTION

This Privacy Policy governs the manner in which Whisper of Art Ltd. collects, processes and stores the personal data of users of the online store in accordance with the requirements of Regulation (EU) 2016/679 (GDPR).

1. PERSONAL DATA ADMINISTRATOR

The personal data administrator is:

  • Name: Whisper of Art Ltd.
  • UIC:  206390694
  • Address: Sofia, g.k. Druzhba 2, bl. 304
  • Email: shop@unspokn.art

2. WHAT PERSONAL DATA DO WE COLLECT?

We only collect data that is necessary to provide our services:

  • When ordering: Name and surname, delivery address, phone number, email address.
  • When registering an account: Name, email, order history.
  • When paying: Information about the payment method (we do not store bank card data; it is processed by the respective payment operator).
  • Automatically collected data: IP address, browser type, device and cookies for security purposes and improving the user experience.

3. BASIS FOR PROCESSING

We process your data on the following legal grounds:

  • Contract performance: To process and deliver your order.
  • Legal obligation: For accounting, tax control and invoicing purposes.
  • Legitimate interest: To ensure the security of our site.
  • Consent: To send marketing messages (newsletter) if you have explicitly subscribed.

4. PURPOSES OF PROCESSING

Your data is used for:

  1. Processing, preparation and delivery of ordered clothing and accessories.
  2. Communication with you regarding order status.
  3. Financial and accounting reporting (issuance of invoices).
  4. Marketing activities (only with your consent).

5. PROVISION OF DATA TO THIRD PARTIES

We provide your data only to verified partners, without whom we cannot perform the service:

  • Courier companies: [Speedy / Econt / DHL Express] – for delivery.
  • Hosting providers and IT support.
  • Accounting firms: for processing documentation.
  • State authorities: only when legally required (NRA, Ministry of Interior, etc.).

6. SHELF LIFE

  • Order and invoice data: 10 years (according to the Accounting Act).
  • User profile data: until account closure or withdrawal of consent.
  • Marketing data: until you unsubscribe from the newsletter.

7. YOUR RIGHTS (PURSUANT TO GDPR)

As a data subject, you have the right to:

  • Access: To request information about what data we store about you.
  • Correction: To request correction of inaccurate data.
  • Erasure (Right to be forgotten): To request erasure of data (unless we have a legal right/obligation to retain it).
  • Restriction of processing.
  • Data portability.
  • Objection to processing for direct marketing purposes.

8. SAFETY MEASURES

We implement technical and organizational measures to protect data, including SSL certificates for connection encryption and limited access to servers.

9. RIGHT TO COMPLAINT

If you believe that your rights have been violated, you can contact the supervisory authority: Commission for Personal Data Protection (CPDP) Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd. Website: www.cpdp.bg

Last update: 31.01.2026