We value your privacy and protect personal data in accordance with the EU General Data Protection Regulation (GDPR) and applicable national laws in Austria, Belgium, France, Germany, the Netherlands and Spain.
These notices explain what data we collect, on what legal basis we process it, with whom we share it, whether it is transferred outside the EU/EEA, how long we keep it, and what rights you have.
The controller is Comforties.com Ltd., Parizhka Komuna 26, fl. 9, 9000 Varna, Bulgaria. Contact: [email protected]. Privacy contact: [email protected].
General information, log data
You can browse our website without telling us who you are.
When you access the site we automatically receive technical log data necessary for security and operation:
anonymised or truncated IP (where configured), date/time, requested URLs, referrer
Legal basis: our legitimate interests in security, error diagnostics and service integrity (Art. 6(1)(f) GDPR). Log files are retained for up to 30 days unless needed longer for incident investigation.
Collection, processing and use of your personal data
We process personal data only when you provide it or when it is necessary to operate the shop. Typical categories: first/last name, company, VAT number (B2B), billing/shipping address, email, phone (optional), order data, payment references, support content.
Purposes & legal bases (Art. 6 GDPR):
Order processing, delivery, returns/warranty — contract performance (Art. 6(1)(b))
You may withdraw consent at any time with effect for the future via our cookie banner or by emailing [email protected].
Provision to third parties (processors) & disclosures
We do not sell personal data. We share data only as necessary with service providers bound by GDPR-compliant data processing agreements (Art. 28 GDPR).
Examples of recipients: shipping carriers (address/contact for delivery), payment processors/banks (transaction processing, fraud checks), hosting/IT providers (infrastructure), email/newsletter provider (see below).
Mailchimp (newsletter): We use Mailchimp (Intuit Inc.) to send opt-in newsletters and manage subscriptions. Legal basis: consent (Art. 6(1)(a)). You can unsubscribe any time via the link in each email.
Cookies, analytics and targeting
We use essential cookies for core functions (cart, checkout, security). Non-essential cookies (analytics/marketing) are used only with your prior consent via our cookie banner, in line with EU ePrivacy rules.
Types of cookies:
1. Session cookies — stored temporarily to enable navigation and checkout; deleted when you close the browser.
2. Persistent cookies — remember preferences (e.g., language); expire automatically after a defined period.
3. Third-party cookies — may be set by analytics/ads providers when you consent.
You can change or withdraw consent at any time in the cookie banner or through your browser settings. Some features may not work without cookies.
Contact form and customer support
When you contact us via the contact form or email, we process the data you provide solely to handle your request and any follow-up. Legal basis: Art. 6(1)(b) GDPR (pre-contractual steps/contract) or Art. 6(1)(f) GDPR (legitimate interests in support efficiency).
Providing contact details is voluntary; by doing so you agree we may use them to respond. You may withdraw consent at any time by contacting [email protected].
Google Web Fonts
For consistent typography, we may use Google Web Fonts. Your browser may connect to Google servers to load fonts; Google may receive your IP address in this process. Legal basis: our legitimate interests in a consistent, efficient presentation (Art. 6(1)(f) GDPR). If your browser does not support web fonts, a standard font will be used.
Where service providers are located outside the EU/EEA (e.g., Mailchimp/Intuit in the USA), transfers occur only if an adequacy decision exists or Standard Contractual Clauses (SCCs) and supplementary safeguards are in place.
Mailchimp participates in the EU-U.S. Data Privacy Framework. If that framework does not apply to a specific flow, SCCs will be used.
Data retention
We keep personal data only as long as necessary for the purposes described or as required by law:
• Order/invoicing data / up to 10 years (statutory retention)
• Customer service correspondence / up to 12 months after resolution
• Newsletter data / until you unsubscribe or withdraw consent
• Security logs / up to 30 days unless needed longer to investigate incidents
Your rights
You have the following rights regarding your personal data (Arts. 12–22 GDPR):
right of access, rectification, erasure, restriction of processing
right to data portability and to object to processing based on legitimate interests
right to withdraw consent at any time (without affecting prior lawful processing)
To exercise your rights, contact: [email protected]. We will respond without undue delay.
You also have the right to lodge a complaint with your local supervisory authority. Our lead authority is the Bulgarian Commission for Personal Data Protection (CPDP), 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, www.cpdp.bg.
Security, children, updates
We implement appropriate technical and organizational measures (including SSL/TLS encryption) to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access.
Our services are not directed to children. If you believe a child has provided personal data, please contact us so we can delete it.
We may update this Privacy Policy to reflect legal, technical or business changes. The latest version is always available on this page. Last updated: October 2025.
