| B2B Privacy Notice

PRIVACY POLICY

Effective Date: June 2026

01. Data Controller Information

SLY COMMERCE Ltd. operates this website and is the data controller for personal data submitted through our public B2B inquiry and wholesale application forms.

Our controller contact details are:

SLY COMMERCE LTD.
Address: Severna 1 Street, 5800 Northern Industrial Zone, Pleven, Bulgaria
Official Correspondence Email: office@slycommerce.com
Privacy Inquiries: office@slycommerce.com

This notice explains what we collect from business visitors, how we use it, who may process it for us, and how you can exercise your rights.

02. Information We Collect

We collect the information needed to respond to B2B inquiries, review wholesale applications, and protect the website from spam or misuse. The public contact and wholesale forms do not request payment card data, financial account details, credit evaluation data, or shipment clearance files.

Depending on the form you submit, we may collect these categories:

  • Business Contact Details: Name, company name, work email, phone number, country or region, and professional inquiry context.
  • Company Identification Details: Company name, VAT or tax ID where you provide it in a wholesale application, industry, and country or region.
  • Inquiry and Application Details: Nature of inquiry, product or business needs, message details, wholesale application information, and related notes you choose to submit.
  • Optional Website or Social Link: A business website or social media link if you provide it in the wholesale application.
  • Technical and Security Logs: Basic technical logs may be processed by our hosting, database, and security providers to keep the website available, diagnose errors, and prevent abuse.
  • Consent Record Metadata: When you submit a public form, we store a consent evidence record with the form source, privacy and terms versions, effective date, locale, policy paths, timestamp, and stable consent statement identifier.

03. Purpose & Legal Processing Grounds

We process personal data only where we have a lawful basis under Article 6 of the GDPR. We do not sell form submissions or share them with advertising networks.

We use public form data for these purposes and legal bases:

  • Contract or Pre-Contract Steps (Art. 6(1)(b) GDPR): Responding to inquiries, reviewing wholesale applications, discussing products and quotes, and preparing possible B2B account setup.
  • Legal Obligation (Art. 6(1)(c) GDPR): Keeping business records, invoices, tax or accounting documents, and compliance records when a relationship proceeds beyond an initial inquiry.
  • Legitimate Interests (Art. 6(1)(f) GDPR): Communicating with business representatives, protecting the website, preventing spam, handling support requests, and maintaining B2B records.
  • Consent (Art. 6(1)(a) GDPR): Recording your confirmation that you accepted the Privacy Policy and Terms & Conditions at the time of submission.

Where relevant, the following recipients or processors may handle personal data on our behalf or in connection with your request:

  • Hosting and Database Provider: Providers that host the website, database, and related infrastructure for form submission storage and availability.
  • Internal Sales and Administration Team: Sly Commerce personnel who review inquiries, wholesale applications, account setup needs, and follow-up communication.
  • Accounting and Logistics Providers: Used only where relevant to quotes, orders, invoices, delivery, compliance, or ongoing B2B relationships.
  • IT and Security Providers: Providers that support diagnostics, security, spam prevention, and system maintenance.

04. Data Retention & Industrial Security

We use reasonable technical and organizational measures to protect public form submissions and related B2B records from unauthorized access, loss, or misuse.

Our measures and retention approach include:

  • Access Controls: Access is limited to personnel and service providers who need the information to handle the request, manage account setup, or meet business obligations.
  • Secure Transmission: The website uses standard HTTPS/TLS protection for data submitted through public forms.
  • Security and Diagnostics: Technical logs may be used for security, diagnostics, availability, and abuse prevention for a limited period.

Retention Guidelines: Inquiries and applications are retained as needed to handle the request and maintain B2B records. Accounting and legal records are retained according to applicable Bulgarian and EU obligations. Consent records are retained as evidence of consent. Technical logs are retained only for a limited period needed for security and diagnostics.

05. Your Legal Rights (GDPR)

If GDPR applies to you, you may have the following rights regarding your personal data:

  • Right of Access (Art. 15): Ask whether we process your personal data and request a copy.
  • Right to Rectification (Art. 16): Ask us to correct inaccurate or incomplete business contact data.
  • Right to Erasure (Art. 17): Ask us to delete personal data where retention is no longer required by law or legitimate business needs.
  • Right to Restriction (Art. 18): Ask us to limit processing in certain circumstances.
  • Right to Data Portability (Art. 20): Ask for data you provided to us in a structured, commonly used format where this right applies.
  • Right to Object (Art. 21): Object to processing based on legitimate interests where GDPR gives you that right.

To exercise these rights, contact us at office@slycommerce.com.

You may also lodge a complaint with the Bulgarian supervisory authority:

Commission for Personal Data Protection (CPDP)
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
Website: www.cpdp.bg