Privacy Policy

1. Basics

This policy has been prepared in accordance with the requirements of Regulation (EU) 2016/679 on the protection of personal data (“General Data Protection Regulation (GDPR)“) and regulates in general the categories of personal data processed on the Internet sites of Bio Life Cosmetics Ltd., UIC 119612101 (“Company“), namely: and; the grounds for processing personal data; the rights of data subjects and their exercise; the obligations of the controller and processors; the principles, technical and organizational measures for the protection of personal data. The Company reserves the right to change this Privacy Policy at any time by publishing the current version of the sites.

2. Concepts and definitions

“The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

means the Data Protection Officer of the Company;

” means “Bio Life Cosmetics” Ltd., UIC 119612101;

“Personal data

” is any information that directly identifies or is able to identify a natural person – three names, date of birth, e-mail, address, etc.;

Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

General Data Protection
Regulation’ means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC;

” means in total the following two domains (Internet addresses) and and their subdomains, which are owned and administered by the Company, and the Site – each of them separately;


identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier/name, an identification number, location data, an online identifier or to one or more factors specific to physical, physiological, genetic, mental, economic, cultural or social identity.

Consent of the data

subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Third party

is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.



Grounds for the processing of personal

data under the General Data Protection Regulation

  • consent of the data subject – for each specific purpose, separate consent is given;
  • performance of a contract;
  • a legal obligation;
  • protection of the vital interests of the entity or of another person,
  • task in the public interest;
  • legitimate interests of the controller or a third party.

4. Categories of personal data to which this Policy applies and grounds for processing<

This Policy applies to personal data processed by the Company – administrator on the basis of the consent of the data subject or in fulfillment of a contract or the specific requirements of law, including but not limited to personal data provided by natural persons-subjects of personal data through registration on the Sites, by phone, etc.
The following personal data are collected from data subjects: name and surname, email address, postal address, telephone, IP address.
5. Personal Data Administrator
The personal data administrator is Bio Life Cosmetics Ltd., UIC 119612101, with headquarters and address of management in Sofia. Sofia, bul. Cl. Ohridski 65, represented by the manager Emil Tanev


Data Protection Officer (“DPO”):


Phone: + 359 2 483 09 59

Address: gr. Sofia, bul. Cl. Ohridski 65

5. Technical and organizational measures<
The Company – a personal data administrator has provided the necessary technical and organizational measures related to the protection of the personal data of the data subjects – users of Sites. The programs, applications, computer configurations and systems in which personal data is stored are protected by appropriate methods and means and the Company – administrator ensures that it stores the data of the subjects with due care. The technical and organizational measures are described in detail in the Instruction on the Protection of Personal Data and other domestic legal acts of the Company.

6. For what purposes is personal data collected?

Personal data is processed only for the purposes specified in this Policy.

(1) Личните данни на потребителите на Сайта се събират във връзка със следното:

a) For the purpose of selling goods that the Site offers and in fulfillment of a delivery order. For this purpose, each user should register on the Site and provide the personal data required by the Company – administrator. For the purposes of delivery, personal data is provided to companies performing courier services (“Econt” Ltd., “Speedy” AD), which have duly informed us that they are the administrator of personal data in connection with the performance of the postal delivery service and that they have taken the necessary measures to protect the data provided to them;

b) For the purpose of sending a newsletter and / or marketing messages to which users have explicitly agreed. These may include information about products, services and promotions.

7. How long do we keep your personal data?

We store your personal data for as long as necessary in relation to the purpose for which it is processed. At the same time, we monitor the accurate and timely response to your requests in connection with the exercise of your rights as data subjects set out below, compliance with the legal requirements for the data retention period under applicable law or the need to manage the data in connection with possible legal claims.

8. Do we share your personal data?

Your personal data is treated as strictly confidential and is not shared with third parties, except in cases where this is required by law or when it is necessary for the purposes of delivery (when it is provided to courier companies), as well as in the case of data processing by the Site

9. You have the following rights with respect to your personal data:

(a) Right to information – this right means to be clearly informed who the data controller is; why we will use your personal data (for what purposes); the categories of personal data being processed; the legal basis for the processing of your data; how long your data will be kept, etc.;

b) Right of access to your personal data, including the right to receive a copy of the personal data stored with us


Right to request correction
of inaccurate or outdated personal data;

d) Right to request erasure of your personal data (right to be forgotten)

– where the personal data are no longer necessary in relation to the purposes for which they were collected; when you have withdrawn your consent; when you have objected to the processing when the processing is unlawful; The personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject. where the personal data have been collected in relation to the offer of information society services. Please note that we may refuse to delete your personal data for any of the following reasons: (i) for exercising the right to freedom of expression and information; (ii) for compliance with a legal obligation by the controller or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller; (iii) for reasons of public interest in the field of public health; (iv) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or for the establishment, exercise or defence of legal claims;

e) Right to request restriction of processing of your personal data
– (i) where you believe that the personal data are not accurate, in which case the restriction shall be for a period within which the controller can verify the accuracy of the personal data; (ii) when the processing of your personal data is unlawful, but you do not want them to be erased, but only want their use to be restricted; The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims. (iv) where you have objected to processing pending the verification whether the legitimate grounds of the controller override those of the controller;

f) Right to object to the processing of your personal data –
you should indicate the grounds on which you object to the data processing;

g) Right to withdraw your consent at any time
– for this purpose, you should send a message in free text to the administrator / DPO at the above addresses, and upon request you will be provided with a form of the administrator of the respective request / request;

h) Right to object to data processing through video surveillance

и) Право да възразите срещу директния маркетинг – за целта следва да изпратите съобщение в свободен текст до администратора/ДЛЗД на посочените по-горе адреси, като при поискване ще Ви бъде предоставена и бланка на администратора на съответната молба/искане;

й) Право на възражение срещу автоматизираното вземане на решение, включително профилиране – за целта следва да се свържете с ДЛЗД и да изпратите възражение в свободен текст;

к) Право на преносимост на данните – това означава, че можете да получите личните данни, които Ви засягат и които сте ни предоставили, в структуриран, широко използван и пригоден за машинно четене формат и да прехвърлите тези данни на друг администратор на данни без възпрепятстване. This right to portability includes: 1) personal data that concerns the data subject and 2) personal data that the data subject has provided to us (for example, account data – correspondence address, username, age, which are provided through an online form). This latter category of data does not include the data created by the data controller (using the monitored data or the input data directly provided), such as a user profile created by analysing the primary data collected by an intelligent metering device;

l) Right to file a complaint with the supervisory authority when you believe that your rights as data subjects have been violated
– Commission for Personal Data Protection, address: Sofia 1592, bul. “Prof. Tsvetan Lazarov” No 2 (

To exercise the above rights, please send a message/request/request in free text to the DPO to the following contacts: Email: , Phone:+ 359 2 483 09 59, Address: Sofia, bul. Cl. Ohridski 65

You can request and be provided with a sample of application / request from the Company – an administrator who will send you this template, which is tailored to the specifics of your case.

Your message must include all details about the data subject, the type of personal data, the purpose for which they are provided and any other information that will help the controller locate and identify your personal data. The DPO may request additional information, including information relating to the identification of the subject, the type of personal data or the processing activities to which the request relates. You have the right to receive a response within 1 (one) month from the submission of the request (except in the case of a request for deletion of the data, when the administrator is obliged to respond to you without undue delay), which may be extended to 2 (two) months at the discretion of the DPO.

10. Principles of data processing

The processing of personal data shall be carried out in compliance with the principles of lawfulness, fairness and transparency of processing, and in particular:

a) processing in accordance with the principles of personal data protection laid down in the General Data Protection Regulation;

(b) ensuring data protection by design and by default;

c) collection of personal data for specified, explicit and legitimate purposes and limitation of the purposes for their processing;

(d) data accuracy and data minimisation;

(e) the personal data are kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;

f) notifying the Commission for Personal Data Protection and the data subject in case of personal data breach;

g) carrying out a data protection impact assessment and interaction, including prior consultations with the Commission for Personal Data Protection;

(i) processing the data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures and implementing appropriate technical and organisational measures to ensure data security.

“Bio Life Cosmetics” Ltd. is a company registered as a Personal Data Administrator within the meaning of Art. 3, para. 1 of the Personal Data Protection Act under identification number 48995.

“Bio Life Cosmetics” Ltd. guarantees its customers the confidentiality of the provided information and personal data.

“Bio Life Cosmetics” Ltd. undertakes not to edit or disclose personal information without the express prior permission of users, except in cases where it has to comply with legal procedure.


For any questions related to the processing of your personal data, you can contact the Data Protection Officer at the following contacts: , Phone: + 359 2 483 09 59 , Address: gr. Sofia, bul. Cl. Ohridski 65