Data protection and data security

Data protection and data security are top priorities for TEDi. Therefore, we would like to take this opportunity to explain to you, how we handle personal information and what information we collect and process from you. 

The controller responsible for the collection and processing of your personal data is:

TEDi Targovia na drebno EOOD
Delta Center, room 206
Okolovrasten Pat St. 251
BG - 1766 Sofia
Phone: +359 2 9070020

Our data protection officer can be reached at the following email address: data-protection-bg@tedi.com.

How and for what purposes does TEDi process personal data?

Data are collected by TEDi within the scope of the following procedures:

  • Newsletter subscription: The information submitted by you to subscribe to our newsletter is processed here. This includes at least your email address. Any additional information is used to personalise the appeal and offers in your newsletter as required. Please also note the information regarding the newsletter below in the explanatory notes of this data protection policy.
  • Participation in sweepstakes: The information submitted by you to participate in our sweepstakes/lotteries is processed here. This includes at least your name and your email address. Participating in our sweepstakes/lotteries does not involve any further obligations or an automatic subscription to our newsletter. 
  • Application form: The information submitted by you as a prospective candidate are processed here. This includes at least your title, first name, last name, street and house number, postal code and town, country of your current residency, birth date, willingness to relocate, telephone number, email, earliest possible start date, high school diploma / education / degrees of studies as well as data from uploaded cover letters, CVs, school and graduation diplomas, and work references. The personal data provided by you will be retained only until the data processing purpose has been fulfilled. This time period is typically six months long.
  • Expansion management: The information submitted by you as a prospective candidate are processed here. This includes at least your title, last name, first name, street, postal code, town and email address.
  • Your contact information: When you contact us (e.g. using the contact form, by email, by phone or through social media), we process your contact details in order to handle your inquiry and process it in accordance with Art. 6 Sect. 1 lit. b) of the GDPR. Your details can be stored in a customer relationship management system ("CRM system") or similar inquiry management system.
  • Your contact information in case of layaways: If you request to have products put in our branch’s layaway, we will use your personal data, at least your name, as reference for your layaway. After the products are picked up, the personal data will be destroyed or deleted without delay.
  • Exchanging and returning products: In accordance with our claim "Exchanges without discussion", you have the option to exchange or return items acquired from TEDi at our branch. This involves receipts for the exchange for documentation purposes. You are required to complete this documentation by filling in your personal data such as your last name, first name, address and signature.
  • Back-up: In accordance with applicable data security regulations, data stored by TEDi will be backed up onto media. Your personal data may be used by TEDi internally to improve services and ensure technical availability.
  • Cookies: TEDi uses Cookies to make your visit to our TEDi websites as convenient as possible. Please also note the information regarding the use of Cookies below in the explanatory notes of this data protection policy.
  • Video surveillance: TEDi uses video surveillance to prevent and solve burglaries, theft and vandalism, as well as any other crimes, to the extent permitted by law. Please also note the information regarding video surveillance below in the explanatory notes of this data protection policy.
     

In addition, you have the option, in part, to submit further information on a voluntary basis, and thus help us to design our website to be more user-friendly, and tailored to your requirements. Such information will allow us to customise offers according to your information and interests, for example.

If we are required by authorities or in the context of legal disputes to disclose information to authorities, courts or other third parties, we will comply with this request, as far as we are legally obligated.

Contact form

If you send us any inquiries using the contact form, we will save the information you provide on the form, including your contact data, for the purpose of processing the inquiry and in case of follow-up questions. The data entered in the contact form will thus be processed based on your consent (Art. 6 Sect. 1 lit. a GDPR). You can revoke this consent at any time. This can be done by sending us an informal notification by email. This shall not affect the legality of the data processing operations performed prior to the revocation of consent. Your contact form data shall be retained until you request that we delete it or revoke your consent to data storage or until there is no longer a need to store the data (e.g. after your inquiry has been processed and closed). Mandatory legal regulations – particularly retention periods – shall not be affected.

Notes regarding newsletter subscriptions

We will use your email address to email you our newsletter informing you about our current products and promotions, if you have given your consent. You are entitled to revoke your consent at any time by either unsubscribing the newsletter on our website, or by clicking on the unsubscribe link at the end of each newsletter. For statistical purposes, we anonymously analyse which links are clicked on within the newsletter.

Analytics tool: Matomo

Use of Matomo
On this website, we use the web analysis service Matomo to analyse and check the use of our website. The obtained statistics allow us to improve our offer and make it more interesting for you as a user.

Categories of personal data / recipients
Matomo uses so-called cookies. These are text files that are stored on your computer and enable us to analyse the use of our website. For this purpose, the information on usage obtained through the cookie is transmitted to our servers and stored so that usage behaviour can be evaluated. Your IP address is immediately anonymised; this means that you remain anonymous as a user. The information generated by the cookie about your use of this website is not passed on to third parties. The IP address transmitted by your browser via Matomo is not merged with other data collected by us. The legal basis for the use of Matomo is Art. 6 para. 1 p. 1 lit. f GDPR.

Consent
Matomo is deactivated when you visit our website. Only if you actively consent, your usage behaviour will be recorded anonymously.

Further information
The program Matomo is an open source project. Information of the third-party provider on data protection can be found at matomo.org/privacy-policy/.

Google Maps

We integrate maps from the "Google Maps" service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data protection policy: https://policies.google.com/privacy?hl=en Opt-Out: https://tools.google.com/dlpage/gaoptout?hl=en. In order to utilise the functions of Google Maps, you must allow your IP address to be saved. This information is typically transmitted to a Google server in the US and saved there. TEDi has no influence over this data transmission. We use Google Maps in the interest of making our website more appealing to users and making it easier to find the locations we indicate on the site. This constitutes a legitimate interest in accordance with Art. 6 Sect. 1 lit. f of the GDPR. For more information on the handling of user data, refer to Google's data protection policy: https://policies.google.com/privacy?hl=en&gl=de.

 

Notes regarding the use of cookies

TEDi uses cookies to make your visit to our websites as convenient as possible. A cookie is information that a web server sends to a browser which the browser sends back to the server each time it accesses the web server ("session cookies"). The use of cookies allows to store information between website visits, and also allows a server to recognise the visitor's browser, and thus the visitor himself/herself, or to remain recognised during a session. 

Furthermore, TEDi also uses cookies that persist beyond the duration of one session ("persistent cookies"). The number of visits is saved here only to allow us to continuously expand and improve our website based on the user behaviour. These persistent cookies remain stored on your computer for twelve months from your last visit, unless you delete them earlier. 

A cookie can only contain information that the website provider sends to the user; private data of the user cannot be read. Therefore, our cookies are not considered to be a risk, as is often portrayed as such in public discussions. Please also note that cookies can only be retrieved by the creator of the cookies. No third party can see cookies on the customer's hard drive, and only the web server, which sends a cookie to the customer’s browser, can retrieve this cookie again. 

If you are not sure if you should accept our cookies, email us at data-protection-bg@tedi.com.

You can also purposefully control the use of cookies. The help function in the menu bar of most web browsers tells you how to prevent your browser from accepting new cookies, how to display new cookies and how to delete and block all cookies already received. The procedure varies from browser to browser. How this works with Internet Explorer is explained below:

  1. In the "Extra" menu, select "Internet Options"
  2. Click on the "Data protection” tab
  3. There, you can set whether cookies should be accepted, selected or rejected
  4. Acknowledge your selection with "OK"

In order to be able to use www.tedi.com with full functionality and full access, we recommend leaving cookies enabled.

What is TEDi's legal basis for processing your personal data?

TEDi is subject to the applicable regulations of the European Union General Data Protection Regulations ("GDPR").

If you have given your consent to have your personal data processed by TEDi, we will process your personal data based on your consent in accordance with Article 6 paragraph 1 sentence 1 lit. (a), and Article 7 of the GDPR. Furthermore, we will process your personal data for the purposes outlined above in accordance with Article 6 paragraph 1 (b) and 1 (f) of the GDPR. The legitimate interests have been laid out above in these explanatory notes of this data protection policy.

Consent and revocation

If you have given your consent to the processing of your personal data by TEDi, then this was done on a voluntary basis. You are entitled to revoke your consent at any time with effect for the future.

To revoke your consent, you must notify TEDi (TEDi Targovia na drebno EOOD, Delta Center, room 206, Okolovrasten Pat St. 251, BG - 1766 Sofia, data-protection-bg@tedi.com) in the form of an explicit policy (e.g. a letter sent by post, fax or email) of your decision to revoke your consent.

Consequences of the revocation

In case of revocation, the processing of your data until then will remain legal. After the revocation, your personal data can be further processed, if this is legally permissible, e.g. for invoices, or based on statutory retention periods, or in litigations before courts or authorities.

Disclosure of personal data?

TEDi does not sell your personal data.

TEDi discloses your personal data to third party controllers without your consent exclusively in exceptional cases to the extent permitted by law. For example, data may be transmitted to the relevant law enforcement authorities or, in the case of litigation, to courts within the scope of what is legally permitted in the event of suspected criminal offences.

If TEDi uses data processors, such as Cloud providers and other service providers, and passes on personal data to them, these providers will be selected very carefully. In addition, TEDi will agree with them on data protection policies in form of order processing agreements, and instruct and supervise them in accordance with applicable regulations. 

TEDi may also commission order processors outside the European Union. Not all countries have a level of data protection equivalent to that of the European Union. If it is transmitted to a country with a lower level of data protection (e.g. the US), we will ensure adequate data protection in a suitable manner, such as through contractual agreements with the recipient.

For an up-to-date list of the rder processors commissioned by TEDi as well as information on any potential transmission of your data to countries outside the European Union and information on how an adequate level of privacy is ensured there, send your request to data-protection-bg@tedi.com.
 

Where does TEDi store your personal data?

TEDi stores your personal data in Europe.

For how long does TEDi store your personal data?

Personal data stored by TEDi will be deleted, if these are no longer necessary for the purposes for which they were initially collected, and if TEDi is not legally entitled or obligated to a prolonged retention of the data.
 

How can you find out details about your personal data?

Within the limits of statutory regulations, you are entitled to request information from TEDi about your personal data that is being processed. Furthermore, you are entitled within the limits of statutory regulations to request rectification, deletion or restriction of the processing of your personal data. Within the limits of statutory regulations, you are entitled to object to the processing of your personal data by TEDi at any time. Furthermore, you are entitled within the limits of statutory regulations to request disclosure of your personal data to you or a third party.

If you have given your consent to the processing of your personal data by TEDi, you will be entitled to revoke this consent at any time, while the legality of the processing carried out on the basis of the consent until the revocation remains unaffected. The consent may be revoked by email or in writing (see above address). After the revocation, your personal data can be further processed by TEDi, if this is legally permissible.

The state representative for data protection and freedom of information in North-Rhine Westphalia is in charge as competent regulatory authority for complaints.

Notes regarding video surveillance

In order to prevent and investigate burglaries, theft and vandalism, as well as any other violations of the law, the TEDi Group uses visible cameras for video surveillance at its branches, as well as in the entrance area and on the company premises at our main office in Sofia. These cameras are used in compliance with the statutory regulations, Article 6 paragraph 1 sentence 1 lit (f) of the GDPR).

By using the cameras, images of clients and employees can be saved and processed. It may also become necessary to transfer the data within the corporate group of TEDi for the purpose of further processing.

The recordings are generally deleted after 48 hours, unless they are required to solve violations of the law, or a prolonged retention is required and legally permissible, while the legitimate interests of the data subject are adequately protected. If criminal behaviour is uncovered during the evaluation of the video recordings, it can result in civil as well as criminal prosecution.

Details about the authority responsible for the processing of your personal data as it relates to video surveillance can be found on the information placards displayed at all TEDi branches and at our main office in the locations where the video surveillance cameras are posted.

The corporate data protection officer is in charge of answering any further questions regarding video surveillance.

Within the limits of statutory regulations, you are entitled to request information from us about your personal data that is being processed. Furthermore, you are entitled within the limits of statutory regulations to request rectification, deletion or restriction of the processing of your personal data. Within the limits of statutory regulations, you are entitled to object to the processing of your personal data by TEDi at any time. Furthermore, you are entitled within the limits of statutory regulations to request disclosure of your personal data to you or a third party.

The Personal Data Protection Commission is in charge as competent regulatory authority for complaints.
https://www.cpdp.bg/
 

Cookies