Here at Laterna Records we believe in the principle for treating you with respect, care and honesty. This also applies to the way we are processing your personal data and adhering to the legal provisions for that processing. Below we would like to share more information about that. Along with additional information required by the law this privacy notice is explaining how we collect, process, use, share and hold your personal data when you purchase an item from us, contact us, or otherwise use our services through our site (https://www.laternarecords.com), the https://www.discogs.com marketplace (further referred to as “Discogs”), our social media channels or via other acceptable means like email or phone. It will also remind you about your rights in regard to your personal data.
Laterna Records is a trading name of LATERNA EOOD. We operate in accordance with the applicable data protection law and Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter referred to as “GDPR”).
How and What Data do we Collect and Process
Automatically collected data when visiting our website
Every time you visit the https://www.laternarecords.com website (hereafter referred to as “the site”), technical information about the visit that is available to the Administrator is automatically recorded. This is done by automatically logging into log files the following information (or some of it):
- IP address of the device used to visit the site
- type and version of the used Internet browser
- the date and time of the site visit, and the time zone of the device
- the names and addresses of the files you read from the site
- the names and addresses of the pages you visit on the site
- access status code / HTTP status code
- size of the served files/resources
The collection and processing of these general data and information does not make any conclusions about individuals, do not create profiles of individuals, do not merge the individual data with other data sources for the purpose of identifying individuals, no other activities are carried out for the identification of natural persons.
The collection and processing of these data is intended to ensure the unobstructed connection and use of the site, ensuring comfortable use, improving the functionality of our site as well as system security and stability, and other administrative purposes. Collecting these data serves to increase the level of data protection in our company and to allow a retrospective review in case of unlawful attacks against the site system.
The legal basis for this data processing is based on Article 6 (1) of the CPA. The aforementioned objectives represent a legitimate interest within the meaning of the GDPR.
These data are usually stored for several hours and after that they are deleted.
Under the provisions of GDPR, you have the right to object to this processing.
The source of these data are the technical means of establishing an Internet protocol connection – a web server, a browser, the device you use, and the like.
These available data will not be transmitted to another recipient or used for purposes other than those described above.
Automatically collected data from the web hosting provider when visiting our website
The hosting provider for the site is SiteGround Spain S.L., which processes and stores traffic information similar to the above and for similar purposes. We cannot not access these data. The collection and processing of these data is usually within the range of 90-180 days. More information on how Siteground stores and processes these data can be found in the Data Processing Agreement, which is available at the following Internet address: https://www.siteground.com/term/301.htm.
Information processed for the fulfilment of your order
To fulfil your order, we must be provided with certain information such as your names, email address, postal address, phone number, or eventually will receive some payment account information (like your PayPal account email address or bank account number). You may also have to provide us with additional personal information (for a customized delivery, for example). Here is a more detailed breakthrough.
When you place an order via this site or Discogs, or using other acceptable means to make an order, we receive personal data including your name, email address, postal address and other details like your phone number.
When paying for your order with PayPal we also receive information about your postal and/or shipping address and email information. We do not receive any information about your bank or card details.
If you decide to pay via bank transfer the bank will certainly make us know your Bank Account Number (IBAN) and your name(s).
Names and contact information obtained in a question or other type of inquiry sent to us via Discogs, phone or mail/email or other publicly available channel will be used to reply to your inquiry and afterwards will be disposed of in a secure manner.
The legal basis for processing these personal data is the fulfilling of the contractual obligations about your order or product enquiry.
Data obtained when communicating with us
You have the possibility to contact us directly at the specified e-mail address(es) or telephone numbers, as you can provide us with your e-mail address or phone number and other information to help with your inquiry.
The legal basis for this data processing when contacting us is based on Article 6 (1) of the GDPR. When you contact us through the contact form, you provide us with a voluntary agreement within the meaning of this provision.
Data deletion takes place immediately after processing the query you have made. These data will not be shared with third parties or used for any purpose other than those for which consent has been given.
Data obtained when following us/contacting us on social media
Automated decision making and Profiling
We will not use the data we hold about you to make automated decisions or profiling.
Information Sharing and Disclosure
We will share your personal information when required to fulfil your order only to the extent necessary to perform these service. For example, your phone number is not provided to the postal service because it is not required for the delivery, but a courier delivery requires in most times both a phone number and/or an email address. We use the following delivery service providers, with whom, depending on your shipping preferences for the respective order/country, your personal data required for the order delivery, is shared:
- Bulgarian Posts (Postal Delivery Service)—https://bgpost.bg/bg/529
- Speedy (Courier delivery to Bulgaria, Greece and Romania, EU)—https://www.speedy.bg/en/gdpr
- Rapidо (Courier Delivery to EU)— https://www.rapido.bg/information/conditions/poveritelnost
- Econt Express (domestic deliveries in Bulgaria)—https://www.econt.com/econt-express/privacy-policy
We may share your personal data in other cases like adhering to a tax audit or court appeal or in other case that is legally justified (like, for example, responding to a legal process, government request, prevent a fraud or protect the rights or safety of an individual). In such case, before sharing any personal data, we will duly investigate the lawful basis of doing or not doing so.
International Transfer of Personal Data
A transmission and transfer of your data outside of the European Union and European Economic Area does not take place.
Transfer of your data to international organizations does not take place.
We always minimize the amount of data we will retain only to the required minimum and keep it for the required minimum of time. Once this time period has expired, these data will be disposed of or deleted in a safe and secure manner.
As required by the Bulgarian tax legislation we are obliged to keep the records (like invoice, delivery order, payment check, etc.) for your order for a period of 5 (five) years.
Please note that the order information that resides in Discogs or the transaction information in PayPal (and similar information for the order and the payment history in a banking or delivery organization) is something we cannot delete and may continue to be technically available to us even after the above period expires. We will, however, minimize and/or stop processing these data after your order is completed.
Security of Data Processing
For the overall security of your personal data, either in electronic or physical (paper) form, we add the reasonable amount of security measures like limited access, encryption, strong passwords, two-factor authentication, physical security, verified hardware and software. We also limit the actual information that we have to process to the bare minimum required by law or to fulfil our obligations.
The electronic copies, if any, of all eligible for retention order documents are stored in secure form on our server based in the Netherlands. It is maintained by the company Siteground as per the applicable Data Processing Agreement that can be found here—https://www.siteground.com/term/301.htm.
Personal data transferred in email communication (like in the email messages sent from PayPal and Discogs) is minimised whenever possible and such communication (and therefore processing) may not happen at all. After the information in that email is processed (to reply the email or fulfill the order) it is disposed. The email server is also operated and maintained by the company mentioned above.
Paper documents (if any) will be stored in a secured storage with no access by external people and accessed only by the authorised company personnel per the according procedures.
The above information does not cover the way Discogs or other third parties are storing similar information.
Your Data Protection Rights
You have rights outlined in the data protection legislation that we need to make you aware of.
The right of access—You have the right to request from us a copy of the personal information we hold about you.
The right to rectification—You have the right to request that we correct any information we hold about you that you believe is inaccurate. You also have the right to request us to complete the information you believe is incomplete.
The right to restrict—You have the right to ask us to restrict the processing of your information in certain circumstances.
The right to erasure—You have the right to request that we erase your personal information in certain circumstances.
The right to object—You can object to our processing of some of your information based on our legitimate interests.
The right to data portability—You have the right to request that we transfer the data you have given to us to another organization, or directly to you.
The right to complain—You have the right to complain about the way we process your personal data to a data protection authority. The list of the data protection authorities in the European countries is available at that page of the European Data Protection Board—https://edpb.europa.eu/about-edpb/board/members_en
Links to Other Sites and Privacy Policies of Other Organizations
Laterna EOOD, c/o Anton Dobrev, 1164 Sofia, Bulgaria
Bulgarian Commercial Registry number: 205365389
VAT number: BG 205365389