THE BEST FASHION GUARANTEE 
Even prettier in person … or your money back THE BEST FASHION GUARANTEE Even prettier in person … or your money back We consider the guarantee of the right to personal data protection to be Alessa's main commitment, therefore we will use and invest all necessary means and efforts to process your data in full compliance with Regulation (EU) 2016/679 (“The EU General Data Protection Regulation” or “GDPR”) and any other applicable Bulgarian law. As one of the main principles of this legal framework is transparency, we have prepared this document, through which we want to inform you about the way we collect, use, transfer and protect your personal data when you interact with us in connection with products and services, including through our website or through mobile applications.
We reserve the right to periodically update and amend this Privacy Policy to reflect any changes to the way we process your personal data or changes to your legal requirements. In the event of such amendments, we shall publish the amended version of the Privacy Policy on our website and therefore kindly ask you to periodically review the content.
Alessa is the trade name of Miare EOOD, a Bulgarian legal entity with registered office: 107 Vasil Levski Str., Plovdiv; Bulstat 202985100; VAT registration number BG202985100 (hereinafter “Alessa” or “we”). For the purposes of data protection legislation, we are the controller in the processing of your personal data.
As your feedback is always important to us and we are always ready to provide you with any additional information you may need in connection with the processing of your data, we encourage you to contact the Alessa’s Data Protection Officer to the following e-mail address: data.privacy@alessa.bg or by regular mail or courier to the following address: apt. 7, fl. 4, 47 General Radko Dimitriev Str., 4000 Plovdiv, Bulgaria - by writing down the following text: to the attention of the Alessa’s Data Protection Officer.
kind of information to provide us. For example, the information we receive from you is as follows:
When you create an Alessa account, you send us your e-mail address, first and last name;
You can also add additional information to your personal page (My account) from the Alessa platform such as: photo, gender, nickname, mobile phone number, landline phone number, date of birth, education degree, delivery address, additional e-mail address, dates on bank cards, etc.;
When you place an order, you provide us with the following information: the product you want, first and last name, delivery address, billing information, payment method, phone number, dates on bank cards, etc.
In addition, we suggest you to register in the Alessa platform through your Facebook account. If you choose this option, you will be directed to the Facebook Admin page, where you will be notified about the transfer of your data to Alessa. You can view Facebook's privacy policies by clicking on the following link:
https://www.facebook.com/about/privacy
In addition, we may collect and subsequently process certain information about your browsing behaviour on our website or mobile application, to personalize your online experience and create suggestions that are tailored to your profile. We invite you to learn more in this regard by reading the processing section below.
In our website and in the mobile application we can store and collect information by means of cookies and similar technologies
Cookies and similar technologies
We use cookies to manage user sessions, store a selection of your language preferences, and provide you with relevant ads. Cookies are small text files that are transferred from a web server to your device's hard drive. Cookies can be used to collect the date and time of your visit to the website, your browsing history, your preferences and your username. You can set your browser to refuse all or some cookies or to alert you when the websites you visit set or access cookies. Please note that if you disable or refuse cookies, some parts of our services/Platform may become inaccessible or may not function properly. For more information about the cookies we use, please see our Cookies & Similar Technologies Policy.
Data from third parties or from publicly available sources
We receive your personal data from various third parties [and public sources] as set out below:
i. Specific technical data and information on the use of the Services by analytics providers such as Google Analytics, Facebook, Google, etc.;
ii. Data collected from reading cookies, data from advertising networks such as Adroll, etc.;
iii. Data from social network accounts when you access our services in the Platform through these profiles.
We will use your personal data for the following purposes:
1. Providing Alessa services in your favour
This general purpose may include, as appropriate:
creating and managing an account in the Alessa platform;
order processing, including acceptance, validation, shipment and invoicing; resolving problems related to order cancellations or any other problems related to orders, purchased goods or services; return of products in accordance with legal provisions; reimbursement of products in accordance with the legal provisions;
providing support, including answering your questions regarding your orders or Alessa's goods and services;
The processing of your data for these purposes is in most cases necessary for the conclusion and execution of a contract between Alessa and you. In addition, processing in accordance with applicable law, including tax and accounting law, is required to meet these purposes.
2. Improving our services
We would always like to offer you the best online shopping experience. For this purpose, we may use certain information about your customer behaviour, invite you to fill out customer satisfaction surveys after the completion of an order, or conduct it directly or with the help of partners and market research.
We base these activities on our legitimate business interests and always ensure that your fundamental rights and freedoms are not affected.
3. Marketing
We would like you to always be aware of the best offers for the products/services you are interested in. In this regard, we may send you all types of messages, via e-mail channels (e-mail / SMS / mobile push / webpush, etc.), which contain general and thematic information, information about similar products or products that complement those purchased by you, information about offers and promotions, information about the products added in the “Account/Cart” or “Account/Favorites” sections, or if you are interested in buying them, and other business communications such as market research and consumer opinion polls, and we can provide personalized recommendations on the website and mobile app. In order to provide you with information that is of interest to you, we may use certain information about your customer behaviour (for example, products viewed/added to the wish list/purchased products) to create an account. We always guarantee that this processing is carried out in compliance with your rights and freedoms, and that the decisions taken in connection with them do not give rise to any legal consequences for you and do not significantly affect you in this way.
In most cases, we require your prior consent to send you marketing messages. You can change your mind and withdraw your consent at any time by:
using the “Unsubscribe” link in the messages you receive from us; or by contacting Alessa using the contact details above.
In certain situations, we may base our marketing activities on our legitimate interest in promoting and developing our business. In any case, when we use your information for our legitimate interests, we take care and take the necessary measures to ensure that your fundamental rights and freedoms are not affected. However, you can at any time, using the means described above, stop processing your personal data for marketing purposes and we will respond to your request.
4. Protection of our legitimate interests
There may be cases in which we use or transmit information to protect our rights and business. These may include:
measures to protect the website and users of the Alessa platform against cyberattacks;
measures to prevent and detect attempted fraud, including the transmission of information to the competent public authorities;
measures to manage various other risks.
The main reason for these types of processing is our legitimate interests in protecting our business, stipulating that we ensure that all measures we take ensure a balance between our interests and your fundamental rights and freedoms.
In addition, in some cases, our processing is based on legal provisions such as the obligation to protect goods and values provided for by the applicable legislation in this regard.
As a rule, we store your personal data as long as you have an Alessa account. You can always ask us to erase certain information or close your account, and we will respond to this request by retaining certain information, even after closing the account when applicable law or legitimate interests so require.
Depending on the case, we may transmit or give access to some of your personal data to the following categories of recipients:
courier service providers;
payment/banking service providers;
marketing/telemarketing service providers;
market research service providers;
insurance companies;
IT service providers;
other companies with which we may develop joint programs to market our goods and services.
If we are required by law, or if this is necessary to protect our legitimate interests, we may also disclose certain personal data to public authorities.
We guarantee that access to your data by private third-party entities shall be carried out in accordance with the legal provisions in the field of data protection and confidentiality of information, based on contracts concluded with them.
We currently store and process your personal data in Bulgaria. However, some of your personal data may be transferred to entities located inside or outside the European Union, including in countries for which the European Commission has not recognized an adequate level of personal data protection.
We will always take steps to ensure that any international transfer of personal data is carefully managed in order to protect your rights and interests. Data transfers to service providers and other third parties will always be protected by contractual obligations and, where appropriate, by other guarantees, such as standard contractual clauses issued by the European Commission or certification schemes such as the Privacy Shield for the protection of personal data transferred by the EU to the United States.
You may contact us at any time using the contact details provided above to find out the countries to which we transfer your data and the protective measures we apply to such data transfer.
We are committed to ensuring the security of personal data by applying appropriate technical and organizational measures in compliance with industry standards.
All information we receive about you is stored on secure servers and we have implemented technical and organizational measures that are appropriate and necessary to protect your personal data. Alessa continuously evaluates the security of its network and the suitability of its internal information security program, which is designed to:
(a) help protect your data from accidental or unlawful loss, access or disclosure;
(b) identify reasonably foreseeable security risks to the Alessa network;
(c) minimize security risks, including through risk assessment and regular testing.
In addition, we ensure that all payment data is encrypted using SSL technology.
Despite the measures we take to protect your personal data, we are aware that, in general, the transfer of information over the Internet or other public networks is not completely secure, and there is a risk that the data may be viewed and used by unauthorized third parties. We cannot be held responsible for these vulnerabilities in systems that are not under our control.
The General Data Protection Regulation recognizes a number of rights in relation to your personal data. You may request access to your data, the correction of errors in our files, and/or raise objections to the processing of your personal data. You can also exercise your right to lodge a complaint with the competent supervisory authority or the court. Depending on the case, you may also have the right to ask for your personal data to be deleted, the right to restrict the processing of your data and the right to data portability.
You can get more information about each of these rights by looking at the table below. To exercise your rights, you can contact us using the contact details provided above. Please note the following if you wish to exercise these rights:
Identity. We take the confidentiality of all records containing personal data seriously. For this reason, please send us your requests for these records using your email address listed in your Alessa account. Otherwise, we reserve the right to verify your identity by requesting additional verification information.
Fees. You have no obligation to pay a fee for access to your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, recurring, or excessive. We may refuse to comply with your request in these circumstances.
Response deadline. We plan to respond to all valid requests within one month, unless the request is particularly complex, or if you have made multiple requests, in which case we will respond within a maximum of two months. We will let you know if we need more than a month. We may ask you to tell us exactly what you want to receive or what you are worried about. This will help us to act faster and reduce the response time to your request.
Third party rights. We will not need to respond to a request if it adversely affects the rights and freedoms of other data subjects.
The right to request access to your personal data (commonly referred to as a “data subject access request”). This allows you to obtain a copy of your personal data that we store and verify that it has been lawfully processed.
Correction
You may ask us to correct or supplement your inaccurate or incomplete personal data.
We may try to verify the inaccuracy of the data before correcting it.
Data erasure
You can ask us to erase your personal data, but only if:
they are no longer needed for the purposes for which they were collected; or you have withdrawn your consent (if the processing of the data is based on consent); or you exercise a legal right to object; or they have been illegally processed; or there is a legal obligation in this regard. We have no obligation to fulfill your request for the erasure of your personal data if processing is required:
to fulfill a legal obligation; or to establish, exercise or defend a legal claim;
There are certain other circumstances in which we are not obliged to comply with your request for erasure of data, although these are also the most likely circumstances in which we may refuse your request. Please note that before exercising this right, you must download from your Alessa account and keep all documents related to the orders placed by Alessa, regardless of whether the invoicing was made to you or to another natural or legal person (such as invoices, warranty certificates). If you do not do this before exercising your right to erasure, you will lose all these documents and Alessa will not be able to provide them to you, as the case may be, as the process of erasing data and deleting the Alessa account with all data and documents associated with it is an irreversible process.
Restriction of data processing
You can ask us to restrict the processing of your personal data, but only if:
their accuracy is disputed (see the section on data correction) in order to be able to verify their accuracy; or the processing is illegal, but you do not want the data to be erased; or they are no longer necessary for the purposes for which they were collected, but we still need to establish, exercise or defend a legal claim; or you have already exercised the right to object and are checking whether the dominance of our rights is still present.
We may continue to use your personal data as a result of a restriction request:
if we have your consent; or to establish, exercise or defend a legal claim; or to protect the rights of Alessa or another natural or legal person.
Data portability
You can ask us to provide your personal data in a structured, widely used and machine-readable format, or you can request that it be “transferred” directly to another data operator, but only if:
the processing is based on your consent or the conclusion of a contract with you; and the processing is performed by an automatic means.
Right to object
You may object at any time for reasons related to your specific situation against the processing of your personal data based on our legitimate interests, if you believe that your fundamental rights and freedoms dominate these interests.
In addition, you may object at any time to the processing of your data for direct marketing purposes (including the creation of accounts) without giving any reason, in which case the processing will be terminated as soon as possible.
Automated decision-making
You can ask us not to be the subject of a solution based solely on automated processing, but only when that solution:
creates legal consequences for you; or it affects you in a similar way and to a significant extent.
This right is not applicable if the decision taken after the automatic decision-making is necessary for us in order to conclude or fulfill a contract with you; is permitted by law and there are adequate guarantees for your rights and freedoms; or is based on your explicit consent.
Complaints
You have the right to lodge a complaint with the local supervisory authority regarding the processing of your personal data. In Bulgaria, the contact details of the data protection supervisor are as follows:
For local data protection issues, your local supervisor is:
Commission for Personal Data Protection, Address: 2 Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria, Tel. +359 2 915 3580 Fax +359 2 915 3525 Email: kzld@cpdp.bg Website: http://www.cpdp.bg/
Without prejudice to your right to contact the supervisory authority at any time, please contact us in advance and we promise to make every effort to resolve your issues by mutual agreement.
We remind you that you can contact Alessa's Data Protection Officer at any time by sending your request to him/her via one of the following methods: by e-mail to data.privacy@alessa.bg or by regular mail or courier to the following address: apt. 7, fl. 4, 47 General Radko Dimitriev Str., 4000 Plovdiv, Bulgaria - by writing down the following text: to the attention of the Alessa’s Data Protection Officer.
You, as a data subject, have the right
to request from Miare EOOD - personal data controller to suspend the automated processing, including profiling and YOU HAVE THE RIGHT not to be the subject of a decision based solely on automated processing, including profiling;
You can do this as follows:
To verify your identity, you need to provide one or more of the following data: first name and last name, email address, phone number, serial number of the ordered product, invoice number.
Alessa uses cookies to facilitate your shopping. If you continue to use our services, we will assume that you agree with the use of such cookies. Learn more about cookies, and About how you can decline them.
Contact us: 0700 20660 
Account /Register 
