top of page
Screenshot 2025-01-07 165255.png

Privacy Policy

Last Updated: 30.01.2025

 

ShineOut ("we," "us," or "our"), a company registered in Bulgaria, is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, and safeguard your personal data in compliance with the General Data Protection Regulation (GDPR) when you use our website (https://shineout.io) and services.

1. Data Controller & Contact Information

The data controller responsible for your personal data is:

NT GLOBAL EOOD
Str. Major Mincho Dimitriev 4, Varna 9000, Bulgaria

support@shineout.io

2. Legal Basis for Processing

We process your personal data under the following legal bases as defined in Article 6 of the GDPR:

  • Consent: Where you have given us explicit consent to process your data for a specific purpose (e.g., marketing communications). You have the right to withdraw your consent at any time.

  • Contract: Where processing is necessary for the performance of a contract with you (e.g., to provide services you requested).

  • Legitimate Interests: Where processing is necessary for our legitimate interests, such as improving our platform, ensuring security, and preventing fraud, and your rights and freedoms do not override these interests.

  • Legal Obligation: Where processing is necessary for compliance with a legal obligation to which we are subject.

3. Personal Data We Collect

We collect and process the following types of personal data:

  • Information You Provide Directly:

    • Identity Data: Name, email address, password, and other contact details.

    • Profile Data: Stylists and creators may provide a bio, portfolio, social media links, and areas of expertise. Clients may provide preferences, style interests, and purchase history.

    • Financial Data: Payment card information or bank details necessary to process transactions. We utilize secure third-party payment processors, and we may not directly store your full payment information.

    • Communication Data: Content of your communication with us and other users through the platform.

  • Information Collected Automatically:

    • Usage Data: Data on how you interact with our platform (pages visited, searches, interactions).

    • Device Data: Type of device, operating system, browser type, IP address.

    • Cookie Data: Information collected through cookies and similar technologies. See our Cookie Policy for details.

4. Purpose of Processing

We process your personal data for the following purposes:

  • Contractual Performance: To operate our platform, provide services, and fulfill contractual obligations to you.

  • Service Improvement: To improve our platform and user experience, personalize recommendations, and offer a seamless service.

  • Communication: To send updates, marketing materials (if you opt-in), respond to inquiries, and manage our relationship with you.

  • Transaction Processing: To process payments, subscriptions, and cash advances, and to fulfill purchase requests.

  • Security and Fraud Prevention: To detect and prevent fraud, misuse, and unauthorized access.

  • Legal Compliance: To comply with applicable laws and regulations.

  • Legitimate Business Interests: To pursue our legitimate business interests provided that this does not override your rights and freedoms.

5. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients:

  • Users on Our Platform: Your public profile information will be visible to other users (stylists, creators, clients).

  • Service Providers: We use third-party service providers for platform operation, payment processing, data analysis, and other services. We have Data Processing Agreements in place with these providers to ensure they comply with GDPR. A full list of service providers is available upon request.

  • Legal Authorities: Where required by law, we may share information with law enforcement or regulatory agencies.

  • Business Transfers: In case of a merger, acquisition, or sale, data may be transferred to a new entity.

  • With Your Consent: With other entities where we have your explicit consent.

6. Data Transfers Outside the European Economic Area (EEA)

If we transfer your personal data outside the EEA, we will ensure appropriate safeguards are in place, such as:

  • Transferring to countries recognized by the EU Commission as having an adequate level of protection.

  • Using Standard Contractual Clauses approved by the European Commission.

  • Other appropriate safeguards as recognized by the GDPR.

7. Your Data Protection Rights

Under GDPR, you have the following rights:

  • Right to Access: You can request a copy of the personal data we hold about you.

  • Right to Rectification: You can request the correction of any inaccuracies in your data.

  • Right to Erasure (Right to be Forgotten): You can request the deletion of your data under certain conditions.

  • Right to Restrict Processing: You can request the restriction of processing your data under certain circumstances.

  • Right to Object: You can object to our processing your data for direct marketing purposes and other processing if the legal basis is "legitimate interest."

  • Right to Data Portability: You can request your data be provided to you or another controller in a machine-readable format.

  • Right to Withdraw Consent: You can withdraw your consent at any time.

  • Right to Lodge a Complaint: You have the right to lodge a complaint with the supervisory authority in your country.

To exercise any of these rights, please contact us using the information in the “Data Controller & Contact Information” section.

8. Data Retention

We will only retain your personal data for as long as necessary for the purposes for which it was collected, taking into account legal and regulatory obligations.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, disclosure, alteration, and destruction. This includes:

  • Encryption of personal data.

  • Access controls.

  • Regular security assessments and testing.

  • Data minimization practices.

10. Children's Privacy

Our platform is not intended for use by children under the age of 16. We do not knowingly collect personal data from children. If you believe a child under 16 has provided us with data, please contact us immediately.

11. Updates to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and, where appropriate, contacting you by email.

12. Cookie Policy

Please refer to our Cookie Policy [Link to Cookie Policy] for information on how we use cookies and tracking technologies.

13. Complaints

If you have any complaints about our data handling practices, you have the right to lodge a complaint with the relevant supervisory authority in the EU.

bottom of page