PRIVACY AND PERSONAL DATA PROTECTION POLICY FOR THE WEBSITE lachio.bg

This document outlines the Privacy and Personal Data Protection Policy for users of the website lachio.bg, owned by LACHI SIMEONOV ET.

This Privacy Policy informs you about how lachio.bg processes your personal data as a data controller and how you can control your preferences and settings regarding this processing.

Please read this Privacy Policy carefully before accessing the Site and its services. If you do not agree with any part of these terms, you should not use the Site or its services.

This Privacy Policy is an integral part of the General Terms and Conditions of lachio.bg. All definitions in the General Terms apply here as well.

WHAT DOES THIS PRIVACY POLICY REGULATE AND WHAT IS ITS LEGAL BASIS?

Since May 25, 2018, the General Data Protection Regulation (GDPR) applies in Bulgaria. This EU regulation standardizes data protection laws across member states. lachio.bg complies with GDPR requirements, including:

  • Informing you about what data we collect and why.
  • Requesting your consent for data processing.
  • Allowing you to modify or withdraw consent.
  • Enabling data deletion (“right to be forgotten”).
  • Disclosing third parties with whom we share data.

This policy applies when you use lachio.bg but does not cover third-party websites or services.

DATA CONTROLLER

The entity responsible for protecting your personal data is:

  • Company Name: LACHI SIMEONOV ET
  • Registered Office: Bulgaria, Lom, 13 “Turlis” St.
  • Contact: info@lachio.bg | +359 89 844 5405
  • Commercial Register (EIC): 202993378
  • Manager: Lachi Simeonov

We process personal data in compliance with EU and Bulgarian data protection laws.

LEGAL BASIS FOR DATA COLLECTION

We collect and process your personal data under Article 6(1) GDPR, based on:

  1. Your explicit consent (voluntary, withdrawable at any time).
  2. Contract fulfillment (e.g., order processing).
  3. Legal obligations (e.g., tax compliance).
  4. Legitimate interests (e.g., fraud prevention).
  5. Information security purposes.

PRINCIPLES OF DATA PROCESSING

We adhere to the following principles:

  • Lawfulness, fairness, and transparency.
  • Purpose limitation (collecting only necessary data).
  • Data minimization (only essential information).
  • Accuracy and up-to-date records.
  • No profiling or direct marketing without consent.
  • Limited storage duration.
  • Security and confidentiality.

WHAT DATA DO WE COLLECT?

1. Non-Sensitive Data

We do not collect sensitive data (e.g., political views, ethnicity, religion).

2. Data from Phone Inquiries

  • Name & phone number (for communication purposes).

3. Data from Contact Forms

  • Name, email, phone, message content (to respond to inquiries).

4. Automatically Collected Data

  • IP address, browser type, visited pages, search history (to improve security and user experience).

5. Order Processing Data

  • Full name, email, address, phone, payment details (for contract fulfillment and accounting).

6. Registration & Newsletter Data

  • Name, email, address, phone (for account management and marketing).

COOKIES

For details, see our Cookie Policy on lachio.bg.

PURPOSES OF DATA PROCESSING

We process data for:

  • Site functionality & service delivery.
  • Customer communication.
  • Order fulfillment & legal compliance.
  • Security & fraud prevention.
  • Marketing (with consent).

DATA RETENTION PERIODS

  • Contact form inquiries: Up to 3 months (if no purchase is made).
  • Phone inquiries: Up to 1 month (if no purchase is made).
  • Registered accounts: Until deletion request or business closure.
  • Contractual data: 5 years (for tax/legal compliance).

WHERE IS YOUR DATA STORED?

All data is stored on servers in Bulgaria.

SECURITY MEASURES

We implement technical & organizational safeguards, including:

  • Employee training on data protection.
  • Restricted access to personal data.
  • Regular security audits.

THIRD-PARTY DATA SHARING

We do not share your data unless:

  • You consent explicitly.
  • Required by law or authorities.
  • Necessary for service providers (e.g., couriers, payment processors).

LINKS TO OTHER WEBSITES

We are not responsible for third-party sites (e.g., Facebook, Instagram).

CHILDREN’S DATA

We do not knowingly collect data from users under 18. If we discover such data, we delete it immediately.

YOUR RIGHTS UNDER GDPR

  1. Right to Access – Request a copy of your data.
  2. Right to Rectification – Correct inaccurate data.
  3. Right to Erasure (“Right to Be Forgotten”) – Delete your data.
  4. Right to Restrict Processing – Limit data usage.
  5. Right to Data Portability – Transfer your data.
  6. Right to Object – Opt out of processing.
  7. Right to Complain – File a complaint with the Bulgarian Commission for Personal Data Protection (CPDP).