Privacy policy

Personal Data Protection Policy (“Policy”)
Last updated: 07.09.2025

This document sets out the rules of “Laliv” Ltd (Laliv Ltd) regarding security and processing of personal data. It is related to the Website Terms & Conditions but is not an integral part thereof, as it does not establish rights and obligations.

Its purpose is to explain:
• what personal data we collect;
• how we process it;
• what we use it for;
• what security measures we apply.

Here you will also find an explanation of your rights as clients and users in relation to the processing of your personal data by “Laliv” Ltd (Laliv Ltd).

If changes are made to the Policy, we will publish an updated text on this page.

If you do not agree with the practices described in this Privacy Policy, please discontinue visiting the website, do not provide us with your information, and do not interact with us or with the website.

1) Personal Data Controller and Contacts

Controller: “Laliv” Ltd (Laliv Ltd)
UIC: 208209139
Registered office: Samokov, 35 Targovska Str.
Website: https://thelaliv.com
Email: contact@thelaliv.com

“Laliv” processes data provided/received when using thelaliv.com and its related online channels (“Site”, “Website”), in the course of:
• placing orders,
• communication via email/phone/chat,
• visiting our store/office,
• marketing activities, promotions, games/lotteries, inquiries.

All operations are carried out in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Bulgarian legislation.

2) Scope of the Policy

This Privacy Policy applies to all individuals who:
(1) visit and use our website thelaliv.com, our social media pages and other platforms and online services; and
(2) purchase, use, or have access to any products or services, mobile applications, software, platform, and all other relevant services and products provided and offered by us, our affiliates, and our partners (together “site”, “products” or “services”).

Partners and third parties who work with/for “Laliv” and have or may have access to personal data are required to familiarize themselves with and comply with this document.

Access to data stored by “Laliv” is not granted without a prior confidentiality and data processing agreement which:
• imposes requirements no less strict than ours; and
• grants audit rights.

The Policy also applies to:
• employees and workers of “Laliv”,
• external contractors under agreement.

Violations of GDPR are dealt with under employment/contractual rules, and in cases of suspected crime the competent authorities are notified.

For visitors who only browse the Site without placing orders or inquiries, the Cookie Policy applies.

3) Key Terms (under GDPR)

• “Personal data” – any information relating to an identified or identifiable natural person.
• “Special categories of data” – data revealing racial/ethnic origin, political opinions, religious/philosophical beliefs, trade union membership, genetic/biometric data, health, sex life/sexual orientation.
• “Processing” – any operation performed on personal data (collection, storage, use, disclosure, erasure, etc.).
• “Controller” – the organization that determines the purposes and means of the processing (in this case – “Laliv”).
• “Data subject” – the natural person to whom the data relates.
• “Consent” – freely given, specific, informed, and unambiguous indication of will.
• “Child” – a person under 16 years (for certain services parental/guardian consent is required).
• “Profiling” – automated processing for evaluation of personal characteristics.
• “Data breach” – an event affecting the confidentiality/integrity/availability of data.
• “Recipient” / “Third party” – a person/entity to whom personal data is disclosed.

4) Principles We Follow

We operate in accordance with the principles of:
• lawfulness, fairness, and transparency;
• purpose limitation;
• data minimization and accuracy;
• limited storage periods;
• integrity and confidentiality;
• accountability.

5) Categories of Data Subjects We Process Data About

“Laliv” processes data relating to:

  1. Visitors without registration (e.g. email/phone if provided);

  2. Registered users (information from registration/profile);

  3. Persons who sent inquiries/complaints (via email, phone, forms);

  4. Persons with whom we conclude contracts (incl. distance sales);

  5. Persons about whom we receive data from third parties (e.g. gift delivery).

6) Types of Personal Data We Process

6.1. When placing an order (distance contract)
• Names, email, phone, delivery address;
• Invoice data (incl. Personal ID Number for invoices issued to individuals);
• Payment information (processed securely through a payment operator);
• For gifts – recipient’s data (you declare that you have the right to provide it).

6.2. When registering a profile
• The above data;
• Order history;
• IP address, date/time of registration;
• Acceptance of Policy/Terms & Conditions;
• Account login records;
• Technical logs.

6.3. Through social media/platforms
Connection via Meta (Facebook) / Google, etc. is possible – the platform may provide us with data (name, email, phone, public attributes) depending on your settings. We recommend reviewing the privacy policies of the respective platform.

6.4. Comments/reviews/posts
We record IP address and name/email (if entered). Under Bulgarian Electronic Document and Electronic Certification Services Act we store a log of the electronic statement for 1 year.

6.5. Correspondence, complaints, signals
Name, email, phone, address, content of the request, and result of processing.

6.6. Technical data
• Device/browser identifier, IP;
• Logs (URL, actions);
• Language/time zone;
• Cookies;
• Location (if allowed);
• Security/maintenance/development logs;
• “Quick searches”.

6.7. User-generated content
This includes information you create, or content you post or upload on our site, social media, or public forums related to us, such as blogs, data, text, software, documents, audio, photos, graphics, video, messages, discussions, comments, emails, or other materials you create or provide to us through public or private transmissions.

6.8. Web behavior information (cookies, pixel tags, etc.)
We may use cookies, web beacons/pixel tags, and other technology (“cookies”) to automatically collect information about you when you visit our site or interact with us. Web behavior information usually cannot identify you on its own and is not associated with you.

A “cookie” is a small text file placed by the site server in the browser. Cookies may be first- or third-party. Examples of collected data: browser type/version, OS, language, ISP, pages viewed, links clicked, IP address, presence/absence of flash plugins, screen resolution, connection type, sites visited before/after ours, purchase details, and emails you open/forward/click through to our site.

By collecting web behavior information we can:
• Better understand how you interact with us or our site;
• Provide you with a more personalized and optimized online experience by tracking your preferences;
• Deliver contextual/behavioral or targeted advertising;
• Improve our site and products/services;
• Fulfill contracts with our business partners;
• Confirm receipt of and reactions to our emails;
• Provide more effective customer service.

Note: Cookie management is described in our Cookie Policy.
Note: We do not require or process “special categories of data” unless you voluntarily provide them to us. We do not carry out automated decisions with legal consequences for you. We do not process data of persons under 18.

7) Purposes and Legal Bases for Processing

• Conclusion and performance of contracts – online purchases, deliveries, warranties, complaints.
• Payments and fraud prevention – incl. cooperation with payment and IT providers.
• Customer service and communication – including important notifications about account/order.
• Legitimate interest of “Laliv” and/or third parties:

  1. maintenance, development, and security of the Site;

  2. usability analysis and improvements;

  3. protection of rights and legitimate interests (incl. legal defense);

  4. processing of complaints and signals;

  5. limited marketing and personalized offers.
    • Legal obligations – accounting/tax laws, labor law, orders of authorities, GDPR (incident notification), Consumer Protection Act (right of withdrawal).
    • Consent – for email/SMS marketing, games/lotteries, certain cookies. Consent may be withdrawn at any time.

8) Retention Periods

We store data only as long as necessary for the purposes, legal requirements, and protection of legitimate interests.

9) Sharing Personal Data with Third Parties

“Laliv” does not sell or rent your personal data.

Data is provided to third parties only on a valid legal basis – law, contract, legitimate interest, consent.

Possible recipients:
• State authorities (Ministry of Interior, courts, NRA) – on legal grounds;
• Accounting, legal, IT, and hosting partners – under contract;
• Payment institutions/banks – for payments and fraud prevention;
• Couriers and logistics companies – for delivery;
• Marketing providers – only with your consent and contractual guarantees.

The Site may contain links or embedded content from external platforms (e.g. YouTube) that have their own privacy policies.

10) Accuracy of Information

The responsibility for accuracy of the data lies with the user. Please update it in a timely manner.

11) Security Measures

“Laliv” applies:
• access control;
• password and logical protection;
• data encryption (incl. SSL for payment operations);
• pseudonymization;
• backups;
• incident response procedures.

Access to personal data is granted only to authorized persons who have undergone training and signed confidentiality declarations.

Information is stored in a controlled environment – secure systems, locked rooms/cabinets.

Nevertheless, data transmission over the internet is never 100% secure. In the event of a breach, we will comply with all legal notification requirements.

12) Links to Third-Party Websites

The website may contain links to other websites (“Third-party websites”).

Providing a link:
• is not a guarantee or confirmation that we are affiliated with them;
• does not mean agreement with their personal data policies.

13) Access and Correction of Personal Data

You may request access, correction, update, or deletion of your personal data via email: contact@thelaliv.com.

Data is retained only for the period necessary for the services or provided by law, after which it is deleted.

14) Cookie Policy

A separate Cookie Policy published on thelaliv.com applies to this Policy.

15) Changes to the Policy

“Laliv” may update the Policy in case of:
• legal changes, or
• on its own initiative.

We always publish the latest version here.

16) International Users (outside Bulgaria and the EU)

  1. Scope. The products and services of “Laliv” Ltd are offered from Bulgaria. We do not declare or guarantee that the content of the site, products, descriptions, labeling, promotions, or practices are appropriate, permitted, or compliant with the laws of the country in which you are located.

  2. Customer responsibility. If you order and/or use the site outside Bulgaria, including in countries outside the European Union/EEA, you alone are responsible to ensure that access, ordering, receipt, possession, and/or use of the products is lawful under your local law (incl. import rules, consumer protection, labeling, health/pharmaceutical restrictions, age restrictions, etc.).

  3. Duties, taxes, and restrictions. All duties, taxes, import fees, customs clearance costs, as well as the consequences of refusal/confiscation by customs or other authorities in the recipient’s country are entirely at the customer’s expense and risk. “Laliv” Ltd is not liable for delays, detentions, or refusal of the shipment by local authorities.

  4. Illegality/prohibition. We reserve the right to refuse, cancel, or terminate an order and/or delivery to territories where the products or part of our services are prohibited, restricted, or require special permits/registrations. Nothing on the site constitutes an offer or invitation to purchase in jurisdictions where this would be unlawful.

  5. Processing and transfer of personal data. When you provide us with personal data outside Bulgaria/EU, you agree that your data may be processed and stored in Bulgaria and/or in the EU in accordance with our Privacy Policy. If you are located outside the EU/EEA, note that data protection standards in your country may differ from those applicable in Bulgaria/EU.

  6. Applicable law. Unless mandatory provisions of local law provide otherwise, Bulgarian law applies to the use of the site, concluded contracts, and processing of personal data, and any disputes are resolved by the competent Bulgarian court, as described in the Terms & Conditions.

  7. Non-excludable rights. Nothing in this section limits or excludes consumer rights that cannot be derogated from under the applicable mandatory law in the relevant country.

17) Contacts

Controller: “Laliv” Ltd (Laliv Ltd)
UIC: 208209139
Address: Samokov, 35 Targovska Str.
Email: contact@thelaliv.com
Website: https://thelaliv.com