Draft · Company registration details below are placeholders pending verification. Final published version will be reviewed by a Bulgarian lawyer before live payments launch.

Privacy Policy.

This page explains what personal data we collect when you visit lamperia24.com, place an order, or write to us — and what your rights are under the EU General Data Protection Regulation (GDPR, Regulation 2016/679) and the Bulgarian Personal Data Protection Act.

Plain language. No dark patterns. If something is unclear, write to [email protected] and we'll explain.

1. Who is the data controller

The controller of your personal data is:

Company"LAMPERIA24" EOOD (placeholder — to be confirmed)
EIK / UIC[pending registration]
VAT (DDS)BG[pending]
Registered officeBurgas, Bulgaria (full address to be confirmed)
Contact[email protected]

We do not currently have a designated Data Protection Officer (DPO) — the operation does not meet the GDPR Art. 37 thresholds. All data-protection enquiries go to [email protected].

2. What data we collect, and why

2.1 When you place an order

DataPurposeLegal basisKept for
Name, delivery address, phoneTo fulfil the order, hand to courierContract (Art. 6.1.b)10 years (BG accounting law)
EmailOrder confirmation, dispatch notice, after-sale supportContract (Art. 6.1.b)10 years
Order details (items, total, VAT)Invoicing, tax complianceLegal obligation (Art. 6.1.c)10 years
Payment card / IBANNever reaches us. Handled directly by Stripe (PCI-DSS Level 1).

2.2 When you subscribe to the newsletter

DataPurposeLegal basisKept for
Email + timestamp + consent flagSending our newsletter (max 2× / month)Consent (Art. 6.1.a)Until you unsubscribe

2.3 When you browse the site

DataPurposeLegal basisKept for
IP address (anonymised), browser typeSecurity, abuse prevention, performance via Cloudflare CDNLegitimate interest (Art. 6.1.f)24h (Cloudflare default)
Server access logsDebugging, security auditsLegitimate interest30 days, then auto-deleted
Cookies (functional + analytics)See Cookie PolicyConsent (analytics) / Necessity (functional)See cookie table

2.4 When you contact us

Emails you send to [email protected] are stored on our mail server and kept for as long as needed to handle the enquiry — typically 2 years, then deleted.

3. Who we share data with (processors)

We don't sell or rent your data. Ever. We do share it with the following processors, strictly to deliver the service you ordered:

ProcessorWhat they getWhyLocation
Stripe Payments Europe Ltd.Card data, amount, order ID, emailProcess paymentEU (Ireland)
Resend (resend.com)Email, name (if provided)Newsletter + transactional email deliveryEU + US (SCC)
CloudflareIP address, headersCDN, DDoS protectionGlobal (SCC)
DPD / SpeedyName, address, phoneDeliveryEU
Hosting (Cloudzy, Amsterdam)Server access logsWeb hostingEU (Netherlands)

All processors located outside the EU are bound by Standard Contractual Clauses (SCC) approved by the European Commission.

4. Your rights under GDPR

You have the following rights regarding your personal data. To exercise any of them, write to [email protected] — we respond within 30 days (usually within 48 hours).

5. How we keep data safe

6. Children

This site is not directed at children under 16. We do not knowingly collect data from anyone under 16. If you believe a minor has provided us with personal data, write to [email protected] and we'll delete it immediately.

7. Changes to this policy

We update this page when our practices or applicable law change. Material changes are announced at least 30 days in advance via newsletter (for subscribers) and a banner on the homepage. Older versions are kept for reference — write to us if you want to see one.

8. Contact

Privacy questions, access requests, complaints — all to: [email protected].

If you prefer regular mail: send to the registered office address listed in §1 above.

Last updated: 21 May 2026 · Version 1.0 (draft)