Privacy Policy

Last updated: [date]

This Privacy Policy is an integral part of the Terms of Use of the Stoitchkov.eu website, hereinafter referred to as "Site", "the Site", "the Website".

In its activities, Stoitchkov Nutrition Ltd. acts as a personal data controller and processes personal data in accordance with Regulation (EU) 2016/679 (GDPR), the Personal Data Protection Act, and applicable European and national legislation.

 

 

I. Details of the Personal Data Controller

Controller: Stoitchkov Nutrition Ltd.
UIC: 208611116
Address: Bulgaria, Sofia 1000, 46 Acad. Stefan Mladenov St.
Email: office@stoitchkov.eu
Phone: 0892 35 7777
Website: Stoitchkov.eu

 

 

II. What personal data do we process?

1. Data voluntarily provided by users

Depending on the services used, we may process:

  • first and last name

  • email address

  • phone number

  • delivery address

  • order details (products, quantities, prices, status, purchase history)

  • subscription details (frequency, delivery dates, status)

  • communication content (inquiries, complaints, grievances)

  • data required for refunds (bank account if needed)

2. Data automatically collected when using the Site

When visiting the Site, the following may be collected:

  • IP address

  • device type, browser, and operating system

  • language and regional settings

  • on-site behavior data (pages, clicks, time spent, traffic source)

  • identifiers from cookies and similar technologies (when enabled)

Details about cookies are described in the Cookie Policy.

3. Payment data

Payments are processed by external payment providers. We do not store bank card data, but only receive information about payment status and transaction references.

 

 

III. Children's data

The Site and products are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children. If such data is identified, it will be deleted, unless otherwise required by law.

 

 

IV. Purposes and legal bases for processing

We process personal data for the following purposes:

1. Order fulfillment and delivery

  • order processing and delivery

  • returns and refunds

Legal basis: Art. 6, para. 1, letter "b" GDPR (performance of a contract)

2. Subscription management

  • creation, administration, modification, and termination of subscriptions

Legal basis: Art. 6, para. 1, letter "b" GDPR

3. Customer service and communication

  • response to inquiries, complaints, and grievances

Legal basis: Art. 6, para. 1, letters "b" and "c" GDPR

4. Accounting and tax obligations

  • issuing and storing accounting documents

Legal basis: Art. 6, para. 1, letter "c" GDPR

5. Security and fraud prevention

  • Site protection, prevention of misuse

Legal basis: Art. 6, para. 1, letter "f" GDPR (legitimate interest)

6. Email communication and marketing (Klaviyo)

We use Klaviyo for:

  • transactional emails (order confirmations, delivery status, subscription changes);

  • marketing emails (promotions, news, personalized offers), only with explicit consent.

Legal basis:

  • transactional emails: Art. 6, para. 1, letter "b" GDPR

  • marketing: Art. 6, para. 1, letter "a" GDPR (consent)

Unsubscribing is possible at any time via the link in the emails or at office@stoitchkov.eu.

7. Analysis and improvement of services

  • analysis of traffic and effectiveness of the site and advertisements

Legal basis: Art. 6, para. 1, letter "a" GDPR (consent for cookies) and/or "f" (legitimate interest)

 

 

V. Storage periods

  • order and customer data - up to 24 months after last activity

  • accounting documents - according to legal deadlines (up to 10 years)

  • marketing data - until consent is withdrawn

  • security and dispute data - until the dispute is resolved

  • cookies - according to the Cookie Policy

 

 

VI. Recipients of personal data

Personal data may be provided to:

  • courier and logistics partners

  • payment providers and banks

  • e-commerce platforms and hosting providers

  • Klaviyo, Inc. - email communication platform

  • accountants, auditors, lawyers

  • state and supervisory authorities, when required by law

All data processors act on our instructions and with contractual security guarantees.

 

 

VII. Transfer of data outside the EU/EEA

Some processing may be carried out by providers outside the EU (including Klaviyo). In these cases, we apply Standard Contractual Clauses and other lawful protection mechanisms.

 

 

VIII. Security measures

We implement technical and organizational measures, including:

  • encrypted connections (SSL)

  • restricted access to data

  • internal security policies

  • staff training

 

 

IX. Rights of data subjects

You have the right to:

  • information and access

  • rectification

  • erasure ("right to be forgotten")

  • restriction of processing

  • data portability

  • object (incl. to marketing)

  • withdraw consent

  • lodge a complaint with a supervisory authority

 

 

X. How to exercise your rights?

Send a request to office@stoitchkov.eu.
We will respond within 1 month, in accordance with the GDPR.

 

 

XI. Supervisory authority

Commission for Personal Data Protection (CPDP)
Address: Bulgaria, Sofia 1592, 2 "Prof. Tsvetan Lazarov" Blvd.
Email: kzld@cpdp.bg
Website: cpdp.bg

 

 

XII. Changes to the policy

This policy may be updated due to changes in legislation or our activities. The current version is always available on Stoitchkov.eu.

 

Join our charitable cause for a better future!

A portion of the proceeds from every purchase is donated to support UNICEF's initiatives
for a healthier and better future for children worldwide.

Learn more