Privacy Policy

This Privacy Policy explains how IRIS ART BY NORA, operated by IRIS ART LTD (“we”, “us”, “our”), collects, uses, and protects personal data when you use the website irisartbynora.com.

Data Controller

The data controller is IRIS ART LTD. Contact: info@irisartbynora.com.

Data We Collect

• Identification data: first and last name;
• Contact data: email address and phone number;
• Delivery/Billing data: address, recipient name (for orders);
• Technical data: IP address, browser type/version, logs, cookies (see the Cookie Policy);
• Communications: content sent via contact forms.

Purposes of Processing

• Processing and delivery of orders; customer support;
• Communication regarding your inquiries and requests;
• Improving the website, ensuring security, and preventing misuse;
• Marketing communications (only with your consent);
• Compliance with legal obligations (e.g., accounting).

Legal Bases (Art. 6(1) GDPR)

• (b) Contract — processing necessary to perform a contract (order/delivery);
• (c) Legal obligation — when law requires it (e.g., accounting records);
• (f) Legitimate interests — service improvement, security, fraud prevention;
• (a) Consent — for email marketing / analytical and functional cookies.

Retention Period

We keep personal data only as long as necessary for the purposes for which it was collected or as required by law. After that, data is deleted or anonymized.

Recipients & Sharing

Data may be shared with trusted processors acting on our behalf under a data processing agreement (e.g., hosting, maintenance, courier services, payment providers, analytics). Data may also be disclosed where required by law or competent authorities.

Transfers Outside the EEA

If data must be transferred outside the EEA, we apply appropriate safeguards under Art. 46 GDPR (e.g., Standard Contractual Clauses).

Cookies

We use cookies for functionality and analytics. See the Cookie Policy for details and preferences. You can change your choices at any time.

Your Rights (Art. 15–22 GDPR)

• Access (Art. 15) — obtain a copy of your data;
• Rectification (Art. 16) — correct inaccurate/incomplete data;
• Erasure (Art. 17) — the “right to be forgotten”;
• Restriction (Art. 18) — suspend processing in certain cases;
• Portability (Art. 20) — receive your data in a structured, commonly used format;
• Object (Art. 21) — object to processing based on legitimate interests;
• No automated decisions (Art. 22) — not to be subject to decisions based solely on automated processing, including profiling.

To exercise your rights, email info@irisartbynora.com. We will respond without undue delay and no later than 1 month (extendable by up to 2 months where necessary — Art. 12(3) GDPR).

Supervisory Authority

If you believe your rights have been infringed, you may lodge a complaint with:

Commission for Personal Data Protection (CPDP)
1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd
Website: www.cpdp.bg

Security

We apply appropriate technical and organizational measures to protect against unauthorized access, loss, or misuse.

Children

Our services are not directed to individuals under 16. If we learn that information from a person under 16 was collected without parental consent, we will delete it.

Changes to This Policy

We may update this Policy to reflect changes in practices or legal requirements. Updates will be published on this page.

Contact

For privacy questions: info@irisartbynora.com