Privacy Policy
This privacy policy is an integral part of Cessima Ltd's General Terms and Conditions and covers personal data matters, including what information we collect as a Personal Data Administrator, how we use it, and what rights users have in this regard.


Cesima Ltd. is the controller of personal data under Regulation (EU) 2016/679 (hereinafter referred to as the Regulation).


Administrator identification: Cesima Ltd.

Registered office and registered office: 7 Sozopol Odesa Str

UIC 102867033, VAT number: BG102867033

MOL: A. Stajkov


Cesima Ltd. treats as personal data any information that identifies a particular individual or that relates to an individual through whom the same can be identified. The processing of personal data is an act or set of actions that can be performed in relation to personal data by automatic or other means.


How do we collect information about you?

We collect personal information, with the express consent of the person to whom it relates. When you register on our site or use any of the forms, you provide us with certain information voluntarily, which we process and store. This information may include: name, surname, surname, email address, telephone number, birth date, pins, comments and any other information you provide to us. You may choose to share location information or photos with us. We may prefer to reduce the amount of data we store and process according to the purposes of processing.

In a contractual relationship, in order to fulfill the contract, we must receive the following personal information: name, surname, surname, email, address, telephone number and gender. [1]


2. If you decide to purchase a product or order a specific service through, we collect payment information, contact information (address and telephone number) and details of the product or service you have ordered. .

When we link your account to your Facebook or Google account or other third-party services, we also receive information from those accounts (such as friends or contacts). The information we receive from these services depends on the settings and privacy statements, so each person should check what they are. [2]

Also, we receive technical information when you use our site. Each time you use the site, mobile application or other internet service, the system automatically creates and records certain information. Here are some of the categories of information we collect:

a / Log data. When you use the site, our servers record information ("log data" or "log data"), including information that your browser automatically sends when you visit a website or your mobile application automatically sends it when you use it. This log information includes the internet protocol address, address and activity of the websites you visit, searches, browser type and settings, date and time of your request, how you used the site, cookies and device data. If you would like more details about the information we collect - contact us via the contact form.


b / Cookies. We also use cookies (small text files sent from your computer each time you visit our website) or similar data capture technologies. When we use cookies or similar technologies, we use session cookies (they continue until you close your browser) or persistent cookies (which continue until you or your browser deletes them). For example, we use cookies to store your language preferences or other settings, so you don't have to set them every time you visit the site. Some of the cookies we use are related to your account (including information about you, such as the email address you gave us), while other cookies are not. For more information on how we use cookies, please review our cookies policy.


c / Device information. In addition to the log data, we collect information about the device that you use our site to include, including device type, operating system, settings, unique device identifiers, and crash data that help us understand when something breaks. Whether we collect some or all of the information often depends on the type of device you are using and its settings. For example, there are different types of information depending on whether you are using a Mac or PC or iPhone or Android phone. To learn more about what information your device makes available to us, please also check the policies of the device manufacturer or software vendor.

We use

Google Analytics, Google Tag Manager, and more. -
II. What do we do with the information we collect? Aims and time of processing:



Cessima Ltd. processes and stores the personal data mentioned above solely for the purpose of fulfilling its contractual obligations and more accurately processing the requests of its users, making deliveries, and for the following purposes:


a / On the grounds of Art. 6, item 1, letter “b” of the Regulation - for the implementation of pre-contractual relations;

b / On the basis of Art. 6, item 1, letter “b” of the Regulation - for fulfillment of contractual obligations that have arisen.

c / On the basis of Art. 6, para. 1, letter “a” and Art. 7 of the Regulation - for non-personalized advertising;

d / On the basis of Art. 6, para. 1, letter “a” and Art. 7 of the Regulation - for personalized advertising;

e / On the grounds of Art. 22, para. 2, letter “c”, art. 6, para. 1, letter “a” and Art. 7 of the Regulation - for carrying out a personalized evaluation of information;

f / On the grounds of Art. 6, para. 1, letter "e" - for marketing purposes.

g / On the grounds of Art. 6, para. 1 (e) of the Regulation - for retargeting in connection with marketing, remarketing or optimization goals;




The data is stored and processed for the duration of the user's account and for 1 year [1] after deactivation or deletion, as well as until it is needed to provide our services. If the person makes a request, the information shall be destroyed immediately.


For the purpose of delivery, when requested by the consumer, Cesima Ltd. has the right to provide the above personal data or part thereof to courier companies or national postal operators. In this regard, the user may receive SMS or calls from these persons.



Rights you may exercise in relation to your personal information:

All rights are exercised and the relevant requests and notifications regarding the rights of the data subjects are deposited through the PERSONAL DATA CONTACT FORM, e-mail Or mail the management address listed above. Requests shall be made in such a way as to permit the identification of the applicant. With respect to certain rights, technical options for exercising them may be applicable, such as the Unregister Button. In any case, the administrator should respond to the request or make a decision regarding the declared right to the address or e-mail provided within the contact form within one month of receipt.


According to the General Data Protection Regulation, a data subject is entitled to:


Awareness (regarding the processing of personal data by the controller); When there is a risk of a breach of your personal data security, the controller is obliged to inform you of the nature of the breach and what measures have been taken to rectify it and whether the breach has been notified to the supervisor.

Access to your own personal data and the right to withdraw your consent to the processing. As a data subject, you have the right to request confirmation of your personal data being processed and, if so, to have access to your data and the following information: for what purpose the data is processed, what personal data, data recipients, processing time . Requests for access must be made in writing / electronic and addressed to the administrator. You also have the right to withdraw your consent to the processing of your personal data at any time.

Correction (if data is incorrect). As a data subject, you have the right to request corrections of your personal data that are inaccurate / out of date. You must submit a separate request for this. Your request will be answered by the administrator as follows - in writing, at the email address provided.

Deletion of personal data (right to be forgotten). As a data subject, you have the right to "be forgotten", ie. request that your personal data be deleted without undue delay, ie. the controller to delete your personal data from all systems and records where it is stored, including to notify all third parties / processors to whom it has provided the data. A request for deletion may be made on the grounds provided for in the Regulation, incl. on any of the following grounds: personal data are no longer necessary for the purposes for which they were collected; when you have withdrawn your consent; when you object to the processing, when the processing is unlawful; where personal data must be deleted in order to comply with a legal obligation under Union or Member State law applicable to the controller; when personal data have been collected in connection with the provision of information society services. The controller may refuse to delete personal data on the grounds set out in the Regulation - where the processing of specific data is for the purpose of: exercise of the right to freedom of expression and information; fulfillment of a legal obligation or task of public interest or exercise of public authority; for public health purposes; archiving for public interest, historical research, or statistical purposes; or the establishment, exercise or defense of legal claims.


Restriction of processing by the controller or the processor. As a data subject, you have the right to ask your data controller to restrict their processing. The restriction is allowed in the following cases: - when you consider that your personal data are incorrect, in which case the restriction is for the time required for the controller to verify the accuracy; - when the processing of your personal data is unlawful, but you do not want to delete them, but only want to restrict their use; - when the controller no longer needs your personal data for the purposes of processing, but you, as the data subject, require it for the establishment, exercise or defense of legal claims; - when you object to processing pending review of whether the administrator's legitimate grounds outweigh your interests. To do this, you should apply under any of the above conditions.

Portability of personal data, incl. between individual administrators. The data subject shall have the right of portability - to receive the personal data concerning him which he has provided to the controller in a structured, widely used and machine-readable format and to transfer that data to another controller without hindrance, to whom personal data are provided when processing is based on consent or contractual obligation and processing is carried out in an automated manner. When exercising its right to data portability, the data subject shall also have the right to receive personal data directly from one controller to another, where technically feasible.

Objection to the processing of his personal data. As a data subject, you have the right to object to the processing of your personal data at any time, incl. when it comes to direct marketing. The administrator should be motivated if he accepts the objection, respectively. why he continues to process personal data if he rejects the objection.
• The data subject is entitled not to be the subject of a decision based solely on automated processing involving profiling which has legal effects on the data subject or similarly significantly affects it. The data subject shall have the right to challenge the automated decision at any time.


The right to a judicial or administrative remedy in the event that the data subject's rights have been violated. As a data subject, you have the right to file a complaint against the processing of your personal data or a violation of your rights regarding the protection of personal data before the competent supervisory authority - Commission for Protection of Personal Data, address: 1592 Sofia, Prof. . Tsvetan Lazarov ”№ 2 ( In addition, a person who has suffered pecuniary or non-pecuniary damage as a result of a breach of this Regulation shall be entitled to receive compensation from the controller or processor for the personal injury suffered.


Security We have taken numerous technical, legal and organizational measures to protect the personal data of each person. To avoid unauthorized access, we perform encryption procedures in some areas. We also use SSL protocols to prevent third-party data misuse. We do not share data with third parties unless we have to deliver the ordered goods.


We may use third party services that are processing personal data for the aforementioned processing purposes. These persons process personal data at our discretion and are obliged to comply with the applicable data protection provisions. These individuals are carefully selected by us and have access only to the information they need to provide the services they are committed to and within the scope of our agreement. If these persons are outside the EU and do not meet the required GDPR requirements, based on its statutory status, we will guarantee the protection of personal data through contractual or other legal instruments. Also, it is possible that personal data may be provided to state or municipal bodies that exercise different types of control within the law.


Advertising By confirming an account registration request, confirming an order for a service or product, the user gives his explicit consent to the processing and transfer of his personal data for one or more of the following purposes:

a / Include the consumer's assessment and opinion in marketing surveys by electronic methods - by e-mail or messenger.

b / Receive e-mails for products, services, etc. promotional messages on all owned devices.

c / Receive a custom ad that is tailored to the user's preferences. Personalization is performed on the basis of an evaluation of user behavior data;

d / Receive customized sales offers by email, mail or messenger, tailored to the user's behavior and preferences. To this end, consumer consumption data based on their purchasing behavior, their participation in advertising campaigns, and the use of the site may be subject to analysis and forecast of the consumer's interests.

e / Receive non-personalized advertising. Users will also receive information on current products, services, initiatives and more. advertising messages.


Declaration In the process of processing personal data, Cesima Ltd. adheres to the principles of European and national legislation related to the protection of personal data of individuals. By implementing a package of organizational, technical and legal measures, we strive to ensure a high level of personal data security, protection against unauthorized processing, destruction or corruption.