Select by Brand
Privacy Policy
(Effective on 25.05.2018, amended on 14.02.2022, amended on 15.05.2023)
Personal data of visitors and users of "Zoya.BG" stores (located in Sofia, Bulgaria), the online store “Zoya.BG” (www.zoya.bg) and the "Kukuriak" blog (www.kukuriak.com) is being processed for the purposes of advertisement, sale and supply of organic foods and healthy products as well as for affiliated purposes.
Our mission is to be your favorite store for organic, healthy and natural foods, cosmetics and ingredients. In order to accomplish this, we make available information regarding food, cosmetic products, ingredients, supplies, their origin and guidance for use, as well as similar products or combinations of such.
Controller (“the Controller") of your personal data processed by the Zoya stores, the online store Zoya.BG and the blog Kukuriak is Internet Cafe-BG LLC, company reg. No.: 130533126 , with headquarters and registered address: 22 Aksakov St., 1000 Sofia, Bulgaria
The Data Protection Officer of the Controller will answer all your questions regarding the processing and protection of your personal data and will make the process of exercising your data subject rights easier and more understandable. You will be able to directly contact him / her via email at dpo@zoya.bg
Personal data that we process
I. We process the following categories of data on the basis of a contract or prior to entering into a contract, i.e, on a pre-contractual basis (ref. art. 6, para 1, (b) of GDPR):
1. Data contained in your account/profile at the Zoya.BG online store that is created for you after entering into an informal contractual obligation with the Controller by accepting the Terms and Conditions on the website and online store www.zoya.bg (the "General Terms and Conditions" or “GTC”):
● First and last name;
● E-mail address;
● Password;
● E-mail address;
● Password;
2. Data provided by you when placing an Order on the premises of the Zoya stores:
● Data on ordered food and products by type and quantity;
● Invoice data - names, personal ID number “EGN”, phone number, city, country, postcode, address;
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Phone number for the purpose of delivery;
● Type of delivery;
● Method of payment;
● Payment status
● Status of delivery;
● Invoice data - names, personal ID number “EGN”, phone number, city, country, postcode, address;
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Phone number for the purpose of delivery;
● Type of delivery;
● Method of payment;
● Payment status
● Status of delivery;
3. Data stemming from Online orders placed on Zoya.BG, initiated by you via informal contractual obligation from a distance with the Controller upon applying the General Terms and Conditions, as well as pre-order data (pre-contractual process of initiating/starting orders by phone according to the General Terms and Conditions):
● Data on ordered food and products by type (incl. SKU number of the relevant product from Zoya.BG) and quantity;
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Phone number for the purpose of delivery;
● Phone number from which the pre-contractual process is initiated;
● E-mail address (in the pre-contractual process);;
● Invoice data - names, personal ID number “EGN”, phone, city, country, postcode, address;
● Type of delivery;
● Method of payment;
● Order number;
● Payment amount;
● Payment status
● Status of delivery;
● Content of messages and/or voice communications;
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication);
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Phone number for the purpose of delivery;
● Phone number from which the pre-contractual process is initiated;
● E-mail address (in the pre-contractual process);;
● Invoice data - names, personal ID number “EGN”, phone, city, country, postcode, address;
● Type of delivery;
● Method of payment;
● Order number;
● Payment amount;
● Payment status
● Status of delivery;
● Content of messages and/or voice communications;
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication);
4. Data regarding loyal customers received by concluding an informal or formal contract with the Controller for the purpose of issuing a "loyal customer" card, which grants its owner an order discount:
● First and last name;
● E-mail address;
● Contact phone;
● E-mail address;
● Contact phone;
II. We process the following data based on your consent (ref. art. 6, para 1, (a) of GDPR) expressed through a deliberate action - entering of am optional set data and / or free choice of specific options:
1. Data contained in your account/profile at the Zoya.BG online store:
● Name of a legal entity and/or name of another incorporated or unincorporated entity / organization;
2. Contact Data and data contained in a sent message, voice communication or a published comment, provided by completing the contact form of the online store Zoya.BG or by sending us an email, conventional mail, telegram, fax, telephone call, sending SMS, posting a comment on the blog Kukuriak and other forms of communication and/or expression:
● First and last name;
● E-mail address;
● Phone number;
● Fax number;
● Address;
● Website;
● Content of the comment, message and/or voice communication;
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication);
● E-mail address;
● Phone number;
● Fax number;
● Address;
● Website;
● Content of the comment, message and/or voice communication;
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication);
3. Data stemming from Online orders placed on Zoya.BG:
● Order History
4. Data regarding bank account information for purposes of payment refund:
● You may withdraw any of the aforementioned consents through your account settings or the form and manner prescribed in this Policy. Upon withdrawal of consent, the processing of the relevant personal data for the stated purposes is discontinued. Withdrawal of consent does not affect the lawfulness of consent-based processing prior to its withdrawal
III. We process the following data for compliance with legal obligations in accordance with the local and EU legislature (ref. art. 6, para 1, (c) of GDPR):
1. Data contained in your account/profile at the Zoya.BG online store:
● First and last name;
● E-mail address;
● Name of a legal entity and/or name of another incorporated or unincorporated entity / organization;
● E-mail address;
● Name of a legal entity and/or name of another incorporated or unincorporated entity / organization;
2. Data stemming from Online orders placed on Zoya.BG, as well as pre-order data:
● Data on ordered food and products by type (incl. SKU number of the relevant product from Zoya.BG) and quantity;
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Telephone for delivery;
● Phone number from which the pre-contractual process is initiated;
● E-mail address (in the pre-contractual process);
● Invoice data - names, personal ID number “EGN”, phone, city, country, postcode, address;
● Type of delivery;
● Method of payment;
● Order number;
● Payment amount;
● Status and payment history;
● Status and delivery history;
● Order History;
● Content of messages and/or voice communications;
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication);
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Telephone for delivery;
● Phone number from which the pre-contractual process is initiated;
● E-mail address (in the pre-contractual process);
● Invoice data - names, personal ID number “EGN”, phone, city, country, postcode, address;
● Type of delivery;
● Method of payment;
● Order number;
● Payment amount;
● Status and payment history;
● Status and delivery history;
● Order History;
● Content of messages and/or voice communications;
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication);
3. Data provided by you when placing an Order on the premises of the Zoya stores:
● Data on ordered food and products by type and quantity;
● Invoice data - names, personal ID number “EGN”, phone, city, country, postcode, address;
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Phone number for the purpose of delivery;
● Type of delivery;
● Method of payment;
● Payment status
● Status of delivery;
● Invoice data - names, personal ID number “EGN”, phone, city, country, postcode, address;
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Phone number for the purpose of delivery;
● Type of delivery;
● Method of payment;
● Payment status
● Status of delivery;
4. Data regarding loyal customers:
● First and last name;
● E-mail address;
● Contact phone;
● E-mail address;
● Contact phone;
5. Data stemming from video surveillance at the Zoya stores:
● Video footage from the physical stores, server rooms and warehouse facilities;
6. Contact Data and data contained in a sent message, voice communication or a published comment, provided by completing the contact form of the online store Zoya.BG or by sending us an email, conventional mail, telegram, fax, telephone call, sending SMS, posting a comment on the blog Kukuriak and other forms of communication and/or expression:
● First and last name;
● E-mail address;
● Phone number;
● Fax number;
● Address;
● Website;
● Content of the comment,message and/or voice communication;
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication);
● E-mail address;
● Phone number;
● Fax number;
● Address;
● Website;
● Content of the comment,message and/or voice communication;
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication);
IV. We process the following data on the basis of legitimate interest (ref. art. 6, para 1, (f) of GDPR):
1. Data contained in your account/profile at the Zoya.BG online store:
1. Data contained in your account/profile at the Zoya.BG online store:
● First and last name;
● E-mail address;
● Name of a legal entity and/or name of another incorporated or unincorporated entity / organization;
● E-mail address;
● Name of a legal entity and/or name of another incorporated or unincorporated entity / organization;
2. Data provided by you when placing an Order on the premises of the Zoya stores:
● Data on ordered food and products by type and quantity;
● Invoice data - names, personal ID number “EGN”, phone, city, country, postcode, address;
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Phone number for the purpose of delivery;
● Type of delivery;
● Method of payment;
● Payment status
● Status of delivery;
● Invoice data - names, personal ID number “EGN”, phone, city, country, postcode, address;
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Phone number for the purpose of delivery;
● Type of delivery;
● Method of payment;
● Payment status
● Status of delivery;
3. Data stemming from Online orders placed on Zoya.BG, as well as pre-order data:
● Data on ordered food and products by type (incl. SKU number of the relevant product from Zoya.BG) and quantity;
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Phone number for the purpose of delivery;
● Phone number from which the pre-contractual process is initiated;
● E-mail address (in the pre-contractual process);;
● Invoice data - names, personal ID number “EGN”, phone, city, country, postcode, address;
● Type of delivery;
● Method of payment;
● Order number;
● Payment amount;
● Status and payment history
● Status and delivery history;
● Order History
● Content of messages and/or voice communications
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication)
● First and last name of the person to be delivered;
● Delivery address - country, city, postcode, address;
● Phone number for the purpose of delivery;
● Phone number from which the pre-contractual process is initiated;
● E-mail address (in the pre-contractual process);;
● Invoice data - names, personal ID number “EGN”, phone, city, country, postcode, address;
● Type of delivery;
● Method of payment;
● Order number;
● Payment amount;
● Status and payment history
● Status and delivery history;
● Order History
● Content of messages and/or voice communications
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication)
4. Data regarding loyal customers:
● First and last name;
● E-mail address;
● Contact phone;
● E-mail address;
● Contact phone;
5. Data stemming from video surveillance at the Zoya stores:
● Video footage from the stores, server rooms and warehouse facilities;
6. Contact Data and data contained in a sent message, voice communication or a published comment, provided by completing the contact form of the online store Zoya.BG or by sending us an email, conventional mail, telegram, fax, telephone call, sending SMS, posting a comment on the blog Kukuriak and other forms of communication and/or expression:
● First and last name;
● E-mail address;
● Phone number;
● Fax number;
● Address;
● Website;
● Content of the comment, message and/or voice communication;
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication);
● E-mail address;
● Phone number;
● Fax number;
● Address;
● Website;
● Content of the comment, message and/or voice communication;
● Traffic data according to the Bulgarian Electronic Communications Act or metadata (if available and depending on the communication);
Purposes of the processing of personal data
1. The data contained in your account/profile at the Zoya.BG online store is being processed for the purposes of:
1. The data contained in your account/profile at the Zoya.BG online store is being processed for the purposes of:
● Entering into contractual relations;
● Accountability of the Controller by recording legally significant data in electronic protocols - technical logs;
● Delivery of ordered foods and products;
● Provision of support for technical malfunctions, providing customers with information via our call center, responding to complaints, tracking supplies, payments and more;
● Verifying your account data by sending an email to ensure the security of access or for resetting your password;
● Authentication when signing in to your account;
● Sending messages via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications for purposes of direct marketing only with your explicit consent. Data for sending direct marketing messages via electronic means regarding our own similar products or services may be processed under Art. 261, para. 2 of the Bulgarian Electronic Communications Act, when your contact details are received in a similar commercial transaction for the provision of our products or services;
● Notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications in connection with an order or changes in the relevant terms and conditions;
● Complying with legal rulings, judgments, orders and decisions of state authorities and administrative supervisors. This includes using your personal data to collect and verify accounting data and comply with the accounting rules;
● Implementation / operation of a management information system (Enterprise resource planning, ERP);
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
● Accountability of the Controller by recording legally significant data in electronic protocols - technical logs;
● Delivery of ordered foods and products;
● Provision of support for technical malfunctions, providing customers with information via our call center, responding to complaints, tracking supplies, payments and more;
● Verifying your account data by sending an email to ensure the security of access or for resetting your password;
● Authentication when signing in to your account;
● Sending messages via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications for purposes of direct marketing only with your explicit consent. Data for sending direct marketing messages via electronic means regarding our own similar products or services may be processed under Art. 261, para. 2 of the Bulgarian Electronic Communications Act, when your contact details are received in a similar commercial transaction for the provision of our products or services;
● Notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications in connection with an order or changes in the relevant terms and conditions;
● Complying with legal rulings, judgments, orders and decisions of state authorities and administrative supervisors. This includes using your personal data to collect and verify accounting data and comply with the accounting rules;
● Implementation / operation of a management information system (Enterprise resource planning, ERP);
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
2. The data provided by you when placing an Order on the premises of the Zoya stores is being processed for the purposes of:
● Entering into contractual relations;
● Delivery of ordered foods and products;
● Providing customers with information via our call center, responding to complaints, tracking supplies, payments and more;
● Sending messages via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications for purposes of direct marketing only with your explicit consent. Data for sending direct marketing messages via electronic means regarding our own similar products or services may be processed under Art. 261, para. 2 of the Bulgarian Electronic Communications Act, when your contact details are received in a similar commercial transaction for the provision of our products or services;
● Notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications in connection with an order or changes in the relevant terms and conditions;
● Complying with legal rulings, judgments, orders and decisions of state authorities and administrative supervisors. This includes using your personal data to collect and verify accounting data and comply with the accounting rules;
● Loss prevention as well as detecting and preventing misuse in filing, registering and/or delivering orders;
● Implementation / operation of a management information system (Enterprise resource planning, ERP);
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
● Delivery of ordered foods and products;
● Providing customers with information via our call center, responding to complaints, tracking supplies, payments and more;
● Sending messages via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications for purposes of direct marketing only with your explicit consent. Data for sending direct marketing messages via electronic means regarding our own similar products or services may be processed under Art. 261, para. 2 of the Bulgarian Electronic Communications Act, when your contact details are received in a similar commercial transaction for the provision of our products or services;
● Notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications in connection with an order or changes in the relevant terms and conditions;
● Complying with legal rulings, judgments, orders and decisions of state authorities and administrative supervisors. This includes using your personal data to collect and verify accounting data and comply with the accounting rules;
● Loss prevention as well as detecting and preventing misuse in filing, registering and/or delivering orders;
● Implementation / operation of a management information system (Enterprise resource planning, ERP);
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
3. The data stemming from Online orders placed on Zoya.BG, as well as pre-order data, is being processed for the purposes of:
● Entering into contractual relations;
● Delivery of ordered foods and products;
● Provision of support for technical malfunctions, providing customers with information via our call center, responding to complaints, tracking supplies, payments and more;
● Sending messages via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications for purposes of direct marketing only with your explicit consent. Data for sending direct marketing messages via electronic means regarding our own similar products or services may be processed under Art. 261, para. 2 of the Bulgarian Electronic Communications Act, when your contact details are received in a similar commercial transaction for the provision of our products or services;
● Notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications in connection with an order or changes in the relevant terms and condition;
● Preventing and investigating abuse of online orders and related supplies, as well as losses and fraud;
● Complying with legal rulings, judgments, orders and decisions of state authorities and administrative supervisors. This includes using your personal data to collect and verify accounting data and comply with the accounting rules;
● Statistical Analysis of the information obtained after anonymization of your data;
● Implementation / operation of a management information system (Enterprise resource planning, ERP);;
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
● Delivery of ordered foods and products;
● Provision of support for technical malfunctions, providing customers with information via our call center, responding to complaints, tracking supplies, payments and more;
● Sending messages via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications for purposes of direct marketing only with your explicit consent. Data for sending direct marketing messages via electronic means regarding our own similar products or services may be processed under Art. 261, para. 2 of the Bulgarian Electronic Communications Act, when your contact details are received in a similar commercial transaction for the provision of our products or services;
● Notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications in connection with an order or changes in the relevant terms and condition;
● Preventing and investigating abuse of online orders and related supplies, as well as losses and fraud;
● Complying with legal rulings, judgments, orders and decisions of state authorities and administrative supervisors. This includes using your personal data to collect and verify accounting data and comply with the accounting rules;
● Statistical Analysis of the information obtained after anonymization of your data;
● Implementation / operation of a management information system (Enterprise resource planning, ERP);;
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
4. The contact data and the data contained in a sent message, voice communication or a published comment is being processed for the purposes of:
● Identify you as sender / author of a message or a posted comment;
● Establishing communication with you, incl. notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications in connection with an order, message or comment, as well as regarding changes in the relevant terms and conditions;
● Improvement and quality control of customer service;
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
● Establishing communication with you, incl. notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications in connection with an order, message or comment, as well as regarding changes in the relevant terms and conditions;
● Improvement and quality control of customer service;
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
5. The data regarding loyal customers is being processed for the purpose of:
● Performance of contractual obligation by granting discount on the price of orders;
● Authentication and identification of the "loyal customer" status and the rights deriving from it;
● Sending messages via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications for purposes of direct marketing only with your explicit consent. Data for sending direct marketing messages via electronic means regarding our own similar products or services may be processed under Art. 261, para. 2 of the Bulgarian Electronic Communications Act, when your contact details are received in a similar commercial transaction for the provision of our products or services;
● Notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications in connection with an order or changes in the relevant terms and conditions;
● Implementation / operation of a management information system (Enterprise resource planning, ERP);
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
● Authentication and identification of the "loyal customer" status and the rights deriving from it;
● Sending messages via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications for purposes of direct marketing only with your explicit consent. Data for sending direct marketing messages via electronic means regarding our own similar products or services may be processed under Art. 261, para. 2 of the Bulgarian Electronic Communications Act, when your contact details are received in a similar commercial transaction for the provision of our products or services;
● Notification via email, conventional mail, SMS, OTT (Viber, etc.), RCS, telephone calls, VoIP and / or push notifications in connection with an order or changes in the relevant terms and conditions;
● Implementation / operation of a management information system (Enterprise resource planning, ERP);
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
6. The data stemming from video surveillance at the Zoya stores is being processed for the purposes of:
● Tracking of incidents and violations;
● Crime prevention and reporting;
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
● Crime prevention and reporting;
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
7. The data regarding bank account information is being processed for the purposes of:
● Refunding of payments when a claim has been received and/or in case of overpayment / mistaken bank transfers;
● Implementation / operation of a management information system (Enterprise resource planning, ERP);
● Implementation / operation of a management information system (Enterprise resource planning, ERP);
● Protecting legal rights and interests in out-of-court, judicial, pre-trial and administrative proceedings;
Third parties with access to your personal information for the fulfillment of their duties
1. We use the following service providers for cloud services, hosting, reverse proxy, CDN, servers / clusters and collocation:
● "NS 1" Ltd. , with UIC: 175018740 - provides hosting for the online store Zoya.BG, by using the services of the subcontractor "TELEPOINT" Ltd., with UIC: 175424163. You can read their privacy policy at the following address: https: // www. ns1.bg/privacy.php
● TELEPOINT Ltd. , with UIC: 175424163 - carries out colocation of backup servers used for the online store Zoya.BG and also subcontractor of NS 1 Ltd., by means of their data center in Sofia at 122 Ovche Pole Str. You can read their privacy policy at the following address: https://telepoint.bg/files/Politika_za_poveritelnost_clients_BG.pdf
● Cloudflare, Inc. , provides reverse proxy, DNS and CDN (content delivery network). Their privacy policy is available at https://www.cloudflare.com/security-policy/
● TELEPOINT Ltd. , with UIC: 175424163 - carries out colocation of backup servers used for the online store Zoya.BG and also subcontractor of NS 1 Ltd., by means of their data center in Sofia at 122 Ovche Pole Str. You can read their privacy policy at the following address: https://telepoint.bg/files/Politika_za_poveritelnost_clients_BG.pdf
● Cloudflare, Inc. , provides reverse proxy, DNS and CDN (content delivery network). Their privacy policy is available at https://www.cloudflare.com/security-policy/
2. Consultants and suppliers in different spheres for the purposes of protecting our legitimate interests in maintaining and improving the quality of the services we provide to you, to meet legal requirements, to protect legal rights and interests in judicial, pre-trial and administrative proceedings. In addition to engaged lawyers, tax consultants, accountants, etc., we use the following entities on regular bases:
● "GENSOFT" Ltd , with company reg. No.: 121497880 - provides licensed specialized software for warehousing, implemented in the Controller's workflow. More about them can be found on their website: http://gensoft.bg/
● "DIGITAL FORMAT" Ltd , with company reg. No.: 831826092 - provides advices and technical support for our accounting software “Microinvest Delta Pro”;
● DDelivery companies we use for supplying food and products: Econt, Speedy, Aramex, DHL, TNT, etc.;
● Sand Dune Mail Ltd. (SMTP2GO) , provides technical connectivity in regards to the sending of marketing/notification messages (via email). More about them can be found on: https://www.smtp2go.com/privacy/;
● Mailjet SAS , with company reg. No.: 524 536 992 - provides technical connectivity in regards to the sending of marketing/notification messages (via email). More about them can be found on: https://www.mailjet.com/privacy-policy/;
● LINK Mobility Bulgaria EAD , with company reg. No.: 131384920 - provides technical connectivity in regards to the sending of marketing/notification messages (via SMS, ОТТ, RCS). More about them can be found on: https://linkmobility.com/privacy/;
● ONLINECITY.IO ApS , VAT-nr.: DK-27364276 - provides technical connectivity in regards to the sending of marketing/notification messages (SMS) via the platform GatewayAPI.com. More about them can be found on: https://gatewayapi.com/security-and-compliance/;
● Service providers of: analysis and optimization of commercial data; development and implementation of design, front end, back end; and/or creating marketing and advertising content, managing social channels and media, creating and managing video and graphic content and texts. Such providers as: Switch 93 LTD, with company reg. No.: 205447904; Mishmash IO Services Ltd, with company reg. No.: 206466380; KABOOM Ltd, with company reg. No.: 204897485;;
● NAVTECH GROUP EOOD, with company reg. No.: 200344206 - services related to implementation / operation of a management information system (Enterprise resource planning, ERP);
● PRICE INTERNATIONAL EOOD, with company reg. No.: 131194611 - provides phone switchboard type services. More about them can be found on: https://callflowlab.com/;
● "DIGITAL FORMAT" Ltd , with company reg. No.: 831826092 - provides advices and technical support for our accounting software “Microinvest Delta Pro”;
● DDelivery companies we use for supplying food and products: Econt, Speedy, Aramex, DHL, TNT, etc.;
● Sand Dune Mail Ltd. (SMTP2GO) , provides technical connectivity in regards to the sending of marketing/notification messages (via email). More about them can be found on: https://www.smtp2go.com/privacy/;
● Mailjet SAS , with company reg. No.: 524 536 992 - provides technical connectivity in regards to the sending of marketing/notification messages (via email). More about them can be found on: https://www.mailjet.com/privacy-policy/;
● LINK Mobility Bulgaria EAD , with company reg. No.: 131384920 - provides technical connectivity in regards to the sending of marketing/notification messages (via SMS, ОТТ, RCS). More about them can be found on: https://linkmobility.com/privacy/;
● ONLINECITY.IO ApS , VAT-nr.: DK-27364276 - provides technical connectivity in regards to the sending of marketing/notification messages (SMS) via the platform GatewayAPI.com. More about them can be found on: https://gatewayapi.com/security-and-compliance/;
● Service providers of: analysis and optimization of commercial data; development and implementation of design, front end, back end; and/or creating marketing and advertising content, managing social channels and media, creating and managing video and graphic content and texts. Such providers as: Switch 93 LTD, with company reg. No.: 205447904; Mishmash IO Services Ltd, with company reg. No.: 206466380; KABOOM Ltd, with company reg. No.: 204897485;;
● NAVTECH GROUP EOOD, with company reg. No.: 200344206 - services related to implementation / operation of a management information system (Enterprise resource planning, ERP);
● PRICE INTERNATIONAL EOOD, with company reg. No.: 131194611 - provides phone switchboard type services. More about them can be found on: https://callflowlab.com/;
3. State authorities and institutions in connection with inquiries carried out by them in accordance with legal requirements and restrictions;
In regards to the usage of private entities, we require and enforce these third parties to apply all adequate technical and organizational measures in order to protect your data.
In regards to the usage of private entities, we require and enforce these third parties to apply all adequate technical and organizational measures in order to protect your data.
Your personal data is processed for the following time periods
1. Data provided on a contractual basis:
● Account/profile data - up to 5 years from the date of the last online order; in the absence of an order - until the account/profile is deleted through the online store’s functionality or 5 years from the date of your last login, whichever is happens first; Account/profile data is related to and defining for the online order data, which determines the application of the term set in relation to the online order data. In the absence of an order you still have the legal expectation to be permitted to use those services for the full remainder of the 5 year term based on the informal contract you have as a user and therefore we provide you, as a remedy for this situation, with the option at any time to delete your account before the end of the five-year term.
● Order data (online and on the premises)- up to 5 years from the date of any given order. The term is determined on the basis of the limitation period for repayment of the receivables.
● Data regarding loyal customer - until termination of the contract;
● Order data (online and on the premises)- up to 5 years from the date of any given order. The term is determined on the basis of the limitation period for repayment of the receivables.
● Data regarding loyal customer - until termination of the contract;
2. Data on the collection and verification of accounting data and accounting compliance - accounting records and financial statements, including tax audit, audit and subsequent financial inspection documents, shall be kept for 10 years from 1st of January of the reporting period following the reporting period to which they refer; all other holders of accounting information - three years from 1st of January of the reporting period following the reporting period to which they refer;
3. Data provided on the basis of consent - until the withdrawal, as provided, including through the functionality of the online store or the blog or by deletion, and with respect to the online store - until the expiration of 5 years from the date of your last login, whichever is happens first; Your Kukuriak blog data is related to the comments you posted under articles and/or videos, which is exercise of your constitutional right to free expression. Therefore, no deadline is set after the expiration of which processing ceases, and instead you are given the opportunity to remove the published content by exercising your data subject rights in the form and manner prescribed in this Policy. When the content of a specific comment contains offensive words or phrases, disgraceful, libelous and/or damaging claims, the Controller has the legitimate right to remove the content of the comment from its site.
4. Data stemming from video surveillance at the Zoya stores - the video footage is being stored within 60 days.
5. Content of voice communication - recordings of conversations are stored for up to 12 months from their creation.
Once this deadline has expired, the data is deleted and cannot be recovered or used anymore. The data shall not be deleted but will continue to be processed only for the purpose of protecting our legitimate rights and legitimate interests or in the fulfillment of our legal obligations, if at the date of expiration of that period, there is a pending legal, administrative and pre-trial proceedings or a misconduct, admitted or brought to our knowledge, complaints and potential violations - until their completion.
Your rights in relation to your personal data
1. Right of access, including the right to copy the data under processing:
● You have the right to request information about the personal data we hold on you at any time. You may contact us and, based on a written request and authentication of your identity, the data will be provided to you;
2. Right to rectification:
● You have the right to request rectification of your personal data if the information is incorrect, including the right to have incomplete personal data completed. You can do so through your account/profile or by writing to us, after duly authenticating your identity;
3. Right to erasure ("Right to be forgotten") in the following cases:
● the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
● Withdrawal of consent when processing is based on consent;
● Illegal data processing;
● Legal obligation to delete;
● Withdrawal of consent when processing is based on consent;
● Illegal data processing;
● Legal obligation to delete;
The right to be forgotten is not an absolute right and may not be granted in the cases provided for by the law or due to a lack of proper authentication of your identity.
4. Right to restriction when:
● you object to a processing based on Controller’s legitimate interest, the Controller shall restrict all processing of such data pending the verification of the legitimate interest.; or
● you have claim that your personal data is incorrect, the Controller must restrict all processing of such data pending the verification of the accuracy of the personal data.; or
● the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead; or
● if the Controller no longer needs the personal data but it is required by you to defend legal claims.
● you have claim that your personal data is incorrect, the Controller must restrict all processing of such data pending the verification of the accuracy of the personal data.; or
● the processing is unlawful you can oppose the erasure of personal data and instead request the restriction of the use of your personal data instead; or
● if the Controller no longer needs the personal data but it is required by you to defend legal claims.
In the case of rectification, erasure or restriction of processing, we will inform any recipient to whom personal data have been disclosed, unless this is impossible or involves a disproportionate effort.
5. The portability of machine-readable data , according to which we will:
● provide the data directly to you; or
● If requested by you and technical possibility, the data is provided to another controller of your choice;
● If requested by you and technical possibility, the data is provided to another controller of your choice;
6. Right to object to processing based on a legitimate interest:
● You may object to the processing of your personal data based on the legitimate interest of the Controller or a third party. The Controller will not continue to process your personal data unless it is proven that there are compelling legal bases that have priority over your interests and rights or due to litigation and other procedural and extra-procedural actions.
7. Right to object to direct marketing:
● You have the right to object to the receipt of marketing communications, including profiling and analysis for direct marketing purposes.
8. Right to complain with a supervisory authority in the Member State of habitual residence, place of work or place of suspected violation if you consider that the processing of your personal data is in breach of the provisions of Regulation (EC) 2016/679. On the territory of the Republic of Bulgaria, where the Controller's headquarter is located, the supervisory authority is the Personal Data Protection Commission.
The aforementioned rights shall be exercised by written request in the form determined by the Administrator, which you can get at the seat of the Controller or electronically upon request to the Data Protection Officer of the Controller and filling the received in response electronic form by applying the necessary documents. If you have a registration at the online store Zoya.BG, you can use the automatic data subject rights form located at your account/profile.
You will receive an answer to your request within one month of receipt of your written request.
You will receive an answer to your request within one month of receipt of your written request.
Methods used for automated making of individual solutions, including profiling
We do not use automated algorithms and / or profiling.
We do not use automated algorithms and / or profiling.
On “Cookie” usage
Regarding the data contained in the coockies used on the online store Zoya.BG and the Kukuriak blog, you can read about in our Cookie Policy .
Regarding the data contained in the coockies used on the online store Zoya.BG and the Kukuriak blog, you can read about in our Cookie Policy .
