Privacy Policy

1.       Introduction

This privacy and data protection policy governs how  Nekrato Ltd. collects, processes and stores personal data in accordance with the requirements of the "General data protection regulation" - Regulation (EU) 2016/679, the Privacy Act of the Republic of Bulgaria and other normative Bulgarian or international acts. The privacy of our users information is a top priority for us. Nekrato Ltd. as the administrator of personal data and in accordance with legislation and good practices implements the required technical and organizational means for the protection of personal data of individuals.

This policy provides information about how and what types of personal information we collect from and about you, why we need it, to whom it can be provided or disclosed, and how they are protected. Please read them carefully. By providing your personal data to Nekrato Ltd., whether by electronic means or on paper, you accept and agree to the practices described in this privacy and privacy policy. If you have any questions related to this policy, please contact employee "Security" and if you disagree with any of the conditions contained in the privacy policy, we do not recommend the use of products and services, provided by Nekrato Ltd., for which you are required to provide your personal information.

This policy is an integral part of the general terms of use of the Internet site

It is important to know that:

  • By registering on the site you agree to the Policy and explicitly confirm that you accept it.
  • If you do not wish us to process your personal data in the manner described in the Policy, please do not provide them The provision of personal data is voluntary, in view of the use of the services on the site or access to them. Your eventual refusal to provide the necessary personal data to use the services on our site would imply a refusal to use the relevant services or to access the
  • In certain cases your explicit consent to the processing of personal data may not be necessary if another legal basis is available, for example: compliance with the legal obligations of the Administrator; necessary to execute a contract, etc.
  • The Supervisory authority with regard to the protection of personal data is: Commission for data protection.

2.       Information about Nekrato Ltd. as an administrator of personal data

Regarding of your personal data processing you can contact us at the following contact points:

Identification of a Personal Data Administrator


Nekrato Ltd.



Address for correspondence:

Buhovo,   104 Mina Str.


+359 700 800 34

City / Town:



[email protected]

ZIP code:



If you think that we are violating your rights relating to the processing of your personal data and in accordance with the requirements of the "General data protection regulation"- Regulation (EU) 2016/679 you have the right to submit a complaint to an employee "Security" – by e-mail to [email protected], complain to the Supervisory authority and seek legal protection.

3.       Legal basis. Principles governing the processing of personal data.

This privacy and data protection policy ("Policy ") is issued on the basis of the Personal Data Protection Act and its regulations ("Bulgarian legislation") and the General Data Protection Regulation - regulation (EU) 2016/679 ("GDPR ").

Bulgarian legislation and GDPR provide rules on how Nekrato Ltd. must collect, process and store personal data.

In order for the processing of personal data in compliance with the legal requirements, personal data is collected and used lawfully, the necessary security of processing operations is provided and Nekrato Ltd. has taken the necessary measures to avoid being The processing of personal data subject to unlawful disclosure. According to the basic principles, followed by Nekrato Ltd, your personal data is:

  • Processed lawfully, in good faith and in a transparent manner in relation to the data subject ("Legality, good faith and transparency");
  • Collected for specific, explicit and legitimate purposes and not further processed in a manner incompatible with these purposes ("limit of objectives");
  • Relevant, related and limited to what is necessary in relation to the purposes for which they are processed ("Data minimisation ");
  • Accurate and maintained in an up-to-date manner; Nekrato Ltd. has taken all reasonable steps to ensure the timely deletion or correction of inaccurate personal data, taking into account the purposes for which they are processed ("accuracy");
  • Stored in a form that allows the data subject to be identified for a period no longer than is necessary for the purposes for which the personal data are processed; ("Storage limit ");
  • Processed in a manner that ensures an appropriate level of security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or Organizational measures ("integrity and confidentiality");
  • Nekrato Ltd. is responsible and able to prove that it respects the basic principles relating to the processing of personal data ("accountability").

4.       Policy Objectives

With the adoption and implementation of the current policy of Nekrato Ltd under the General Data Protection Regulation and Regulation (EU) 2016/679 protect fundamental rights and freedoms of persons, and in particular their right to the protection of personal data.

With the current Policy Nekrato Ltd. aims to ensure:

  • Legality of the processing of personal data carried out by  Nekrato LTD;
  • The rights of natural persons subject to personal data under Regulation (EU) 2016/679;
  • Compliance with the requirements of the regulation of Nekrato Ltd in its capacity of Administrator and/or Processor.

5.       Definitions

  •  „Personal data“ means any information relating to an identified person or individual who can be identified ('data subject'); a person who can be identified is a person who can be identified, directly or indirectly, in particular by means of an identifier such as name, identification number, location data, online ID or one or more signs, specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that individual;
  • "Processing" means any operation or collection of operations carried out with personal data or a set of personal data through automatic or other means, such as collection, recording, organising, structuring, storing, adapting or modifying, retrieving, Consultation, use, disclosure by transmission, distribution or other means by which data becomes available, arranged or combined, restricted, deleted or destroyed.

6.       Types of data subjects, categories of data processed, processing objectives, storage period

The administrator Nekrato Ltd. collects and uses personal information to better understand the needs and interests of customers and to offer better service.

The data and personal information provided by users are used by Nekrato Ltd to manage orders, to deliver products and services, to process payments, to communicate with customers about orders, products, services.

According to the way people use, they are divided into several subdivisions listed below. Depending on them, the data of the entities shall be processed in separate registers of personal data, in which case the processing may include different categories of data, objectives and grounds, storage periods, protection measures and others.

The same person may be at the same time in more than one of the listed subdivisions. For example, each registered user is also a visitor; Every customer is also a registered user and visitor.

  • Visitors

Visitor is any person who uploads to their web browser the website or visits its various sections and pages (whether by directly entering the e-mail address in the browser, or by reference from another Internet site or Resource).

Categories of data that can be processed: Online identifiers stored in local cookies (cookies) in the visitor's device/browser; Location data indicated by the visitor; Country/City data based on the IP address of the user device, which is an integral part of the information received by each website; Information on the actions carried out by the subject on the site; The subject's preferences regarding specific aspects and settings of the functionalities of the platform; Information about the type of browser/device used.

Purposes of processing: provision of basic and ancillary functions necessary for the correct and full functioning of the site; Census of the site's attendance;

Storage time: Until the expiration of each cookie (up to 1 year from the time of recording), the holder of the relevant information or the deletion by the entity in whose device/browser it is stored.

Legal basis for the processing: consent to the cookie policy.

  • E-mail subscribers

An e-mail subscriber is any visitor who has made a subscription to an electronic e-mail bulletin on the site, for receiving e-mails with information from the site, trade proposals and others. The Electronic e-mail newsletter is sent directly to the Subscriber by the administrator without the use of external intermediary services.

Categories of data that can be processed: e-mail address

Purposes of processing: enabling and servicing of electronic subscriptions (e-mail newsletters), for which visitors are subscribed-for receiving by e-mail the information from the site, trade proposals and others.

Storage time: Up to 1 month after termination of the subscription legal basis of the processing: consent for inclusion in a list of recipients (subscribe to an e-mail newsletter).

  • Registered users 

Registered user is every visitor who has made the registration on the site, by entering the name, surname, e-mail address and password, whereby the action creates its own so called account or account.

Categories of data that can be processed:

Basic mandatory data: Name, surname, e-mail address, IP addresses;

Optional user input: address, telephone number;

Purposes of processing: Enabling and maintaining the user to register an account facilitating the use of services through the site, such as: conclusion of distance selling contracts and maintaining user profile.

Storage time: Up to 1 month after termination of registration;

Legal basis for the processing: consent for registration in the electronic shop, consent of the subject for processing of personal data.

  • Consumers-Buyers

User-Buyer is every visitor and/or registered user, who through the technical means of the site enter into a Contract of sale-purchase from a distance with the administrator (merchant).

Categories of data that can be processed: name and surname, address, telephone number, e-mail address, IP addresses, information on purchases made, information about the actions performed on the site by the subject.

Purposes of processing: the conclusion and execution of a distance selling contract;

Storage time: - 5 years after the last purchase by the consumer-buyer - for name and surname, address, e-mail and phone number or

-11 years after the last purchase by the purchaser – for first and last name, address and personal ID and in case the purchaser has requested the issuance of an invoice.

Legal basis for the processing: concluding and executing a distance sale contract with the respective consumer-buyer, Accountancy Law, VAT Act, consent of the subject for processing of personal data.

7.       Transparency. Rights of persons whose data are processed by Nekrato Ltd.

Information on your rights relating to the processing of personal data, According to Article 14, paragraph 2, letter c)



Description of the right

Right of access

Art. 15

Right to confirm processing and access to your personal   information.

Right of correction

Art.  16

Correct inaccurate or incomplete personal data.

Right to delete

Art. 17

Request a deletion of your personal information.

Right to Restrict Processing

Art. 18

Require a restriction on the processing of your personal   data.

Obligation to notify

Art. 19

Require to be notified in any action related to   correcting, deleting, or limiting the processing.

Right of objection

Art. 21

To object at any time against the processing of your   personal information:

for the performance   of a task of public interest or on the basis of official authority or for the   purposes of legitimate interests, including profiling.

processing for direct marketing purposes

processing for scientific or historical research purposes   or for statistical purposes.

Right of withdrawal from automated processing

Art. 22

You have the right to refuse to be the subject of a   decision based solely on automated processing, including profiling, which has   legal consequences for you or concerns you considerably.

Right of portability

Art. 20

You have the right to receive your personal data.

Right to appeal and effective judicial protection

Art.  77, 78 and 79

You have the right to file a complaint with the Commission   for Personal Data Protection in case of violations of Regulation (EC) No   2016/679 of 27 April 2016 and the right to effective protection against CPDP,   administrator or the processing of your personal data.

Right to compensation

Art. 82

You are entitled to compensation for material or   immaterial damages suffered as a result of a breach of Regulation (EC) No   2016/679.


Personal data subjects are entitled to exercise their rights in the following way:

How to Exercise Your Rights

In place

In Internet


104 Mina Str.



Buhovo 1830


[email protected]

You can also exercise your rights in any office of the   organization. Full list can be found at:

8.       Transmission of personal data to third countries or international organizations

Nekrato Ltd. does not carry out transfer of personal data to third countries outside the EU.

In the event that the company decides to implement such transfer in the future, it will be carried out only under the terms of the General Data Protection Regulation - Regulation (EU) 2016/679, subject to the conditions set out in chapter V of the regulation.

9.       Violations and breach notifications

"Breach of security of personal data" means a breach of security resulting in accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access to personal data that is transmitted, stored or otherwise processed by Nekrato Ltd.

In the event of a breach of the security of personal data, immediate notice shall be given:

Contacts   with Data Protection officer, According to Article 14, paragraph 1, letter b)

Position: employee "Security"

Country: Bulgaria

Address: 104 Mina Str.

Phone: +359 700 800 34

City/Town: Buhovo

E-mail: [email protected]

ZIP code: 1830


In the case of a personal data breach, where there is a risk of a risk to the rights and freedoms of individuals, without undue delay and where feasible - not later than 72 hours after he / she understands it, Nekrato Ltd. informs the Commission for the protection of personal data about the violation.

In the event that a specific breach poses a risk to the rights and freedoms of individuals, Nekrato Ltd takes steps to inform the persons concerned in order to minimize the possible adverse consequences.

10.   Changes to Privacy Policy

Nekrato Ltd. has the right to update, modifying and completing the Privacy Policy at any time in the future, when the circumstances require it.