When we talk about “we” (or “our” or “us”), we mean Mitik Ltd and all its wholly owned subsidiaries. We are based in Bulgaria but we supply goods all over the world.
For European Union data protection purposes, when we act as a controller in relation to your personal data, Hristo Mitev is our representative in the European Union. You can contact him at firstname.lastname@example.org.
We treat any data that could directly or indirectly identify you (or your family or your personal device over time and across services) as “Personal Data”. This includes information like your name, address, telephone number and your email address but in some cases it may include less obviously identifying information, like your IP Address (see below).
When you visit puffybear.com or buy Puffy products online, we collect different types of Personal Data about you and your use of our website. We treat this information as falling into three categories: Customer Information, Usage Data and your IP Address.
Customer Information is the information you explicitly provide to us when you make an online purchase, sign up to receive our newsletters or other communications, or participate in any program or competition which requires you to complete a form on our website. This includes:
Usage Data is general information about how you interact with our website or other services, such as:
Whenever you visit a website (including puffybear.com), the computer from which the web pages are served (i.e. our web server) needs to know your computer’s public network address so that it can send the pages you request to your browser. The public network address associated with your computer is called its “public IP Address” and is sent automatically each time you access any website. From a computer’s IP Address, it is usually possible to determine the general geographic location of that computer but often not the specific computer and if multiple people use the computer not the specific user (although if your IP Address is unique to you and is published somewhere or if you later identify yourself while using the same IP Address, it is possible that IP Address could identify you).
In many jurisdictions (including California, the EU and Australia), your IP Address is considered to be personal data, and we treat it accordingly.
Information you provide to us directly: When you shop with us online, we will ask you to provide personal data (such as your name and address) so we can fill your order. We may also ask you to provide personal data when you sign up for a newsletter, respond to a job application or an offer, join us on social media, take part in surveys or contact us for help. If you don’t want to provide personal data, you don’t have to, but it might limit your ability to do certain things on the website.
Information we collect automatically: When you visit puffybear.com or shop with us online, we collect some information about you automatically, including Usage Data.
We store backups of some data, including order details (which will include Customer Information) on our servers in Bulgaria. We use appropriate technical and organisational measures to protect the personal data that we collect and process. The measures we use are designed to provide a level of security appropriate to the risk of processing your personal data, including using 256-bit SSL (secure sockets layer) encryption technology to protect your Personal Data when you purchase from our online store.
Where we collect your personal data, we’ll only process it:
The main reason we use your personal data is to fill orders and to manage our relationship with you (for example, dealing with questions about products, returns and warranty claims).
We also use personal data for other purposes, including:
To communicate with you: this may include providing you with information you’ve requested or that we’re required to provide to you, that relates to changes to our website or policies, marketing communications in accordance with your preferences or to invite you to provide feedback or to take part in research we are conducting.
To support you: this may include dealing with any questions you have about our products, dealing with warranty claims or any issues relating to our goods or services.
To improve our website: we use Usage Data to help us understand the online behaviour of our customers, which helps us to focus our marketing activities and improve the services we provide. Using web analytics on our website enables us to measure, collect, analyse and report on Usage Data for the purposes of understanding and optimising customers’ experiences on our website. We try to ensure that all Usage Data is pseudonymised (i.e. we cannot trace the Usage Data back to an identifiable specific person - in other words, you - either at all or without considerable effort) unless we have your consent.
Geographical location information contained in Usage Data also enables us to tailor your experience on our website by displaying different content based on your location, such as providing content in your preferred language (where possible), showing local currency and pricing, and showing relevant advertising. Again, geographical location information is pseudonymised unless we have your consent, which you gave when you either clicked the “cookie consent” banner or continued to use the site.
To protect you (and us): we use Customer Information and your IP Address to detect and prevent fraudulent activity when you want to make a purchase from us.
To market to you: we use Usage Data for remarketing (sometimes called retargeting) to better target our ads to interested customers. After you have visited our website, you (or another user of your computer) may see Puffybear ads on certain participating third party websites, such as on the Google Display Network and Facebook. This will only occur if you have consented to us using cookies by either clicking on the “cookie consent” banner or continuing to use the site. You can also opt out of targeted advertising: see http://www.aboutads.info/choices
To analyse, aggregate and report: we may use the personal data we collect about you and other users of our website to produce aggregated and pseudonymised analytics and reports, which we may share with third parties.
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to:
Over the past 12 months, we have disclosed personal information to third parties for the following purposes (note that not all of these will apply to everyone):
There also may be times when we are legally required to disclose personal data, such as to regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable laws and regulations, or to exercise our legal rights.
We only share your Customer Information with third parties where it is either necessary to enable online transactions (such as PayPal) or where you have consented to receive direct marketing material (such as mail services).
Your personal data is never disclosed to third parties for remarketing or retargeting purposes by third parties, and most importantly:
When we do transfer data, we will make sure that there are safeguards in place to protect your personal data.
For individuals in the European Union (EU), this means that your personal data will be transferred outside of the EU. EU personal data will only be transferred to countries that have been identified as providing adequate protection for EU data or to a third party where we have approved transfer mechanisms in place – this means that we have either entered into an appropriate Data Processing Agreement or by ensuring that the entity has appropriate data protection in place, including where the entity is Privacy Shield certified (for US-based third parties).
How long we retain your personal data depends on what it is, what we need it for (for example, keeping track of your warranty rights) and whether we are legally required to keep it (for example, for tax). Once we no longer need to retain it, we will make sure your personal data is deleted or pseudonymised.
Your personal data belongs to you, and you have the right to:
If you no longer wish to receive any online communications, just let us know by clicking the ‘unsubscribe’ link at the bottom of any marketing communication we send you.
You can notify us if you no longer wish us to process your personal data, but note that if you do so, this may mean that we can no longer provide our services to you.
If you are in the EU: you can email us at email@example.com or write to us at:
11 Vastanicheska Str
and we will respond to your request within one month. You also have the right to complain to your local Data Protection Authority about the collection and use of your Personal Data.
ou can email us at firstname.lastname@example.org and we will respond within 60 days.
If you have any general questions, complaints or concerns about how we manage your personal data, please contact us by emailing email@example.com