Privacy policy

Regulation (EU) 2016/679

Since the 25th of May 2018 in view of all the citizens of the European Union a new personal data protection regulation becomes effective – namely, Regulation (EU) 2016/679.

The present policy of “Leather 2014“ SP LTD on protection of Personal data privacy describes the manner in which we store, process and protect your personal information that you provide us with in relation to using our services. The present policy is integral part of the General terms and conditions for the website use.

Should you have some questions or comments concerning the present Policy, at our “Contacts” page you could find information about contacting us or directly write us.

Please review carefully the present Policy before using our services.

It is important to know that:

• If you do not agree to be processing your personal data in the manner described in the Policy, please do not provide us with them. The provision of Personal data is voluntary, in view of using the services at our Platform or accessing them. Your possible refusal to provide the necessary Personal data on using the services at our platform would mean a refusal to be using the particular services or functionalities.

• In certain cases your explicit consent for having your personal data processed may not be necessary if there are other legal grounds, for example: conformity with Personal data controller’s statutory obligations; need of performing the contract etc.

• The control body in terms of Personal data protection is the following: Commission for Personal Data Protection.


The COMPANY or the CONTROLLER: “Leather 2014“ SP LTD, with Uniform Identification Code 203104248, with head office and registered address: town of Gabrovo, 1, “Uspeh” Str.

PERSONAL DATA: Each and every piece of information that refers to a physical person who was identified or is directly or indirectly identifiable via identification number or via one or more specific features.

PERSONAL DATA PROCESSING: This is each and every action or a multitude of these that could be performed in terms of the Personal data with automatic or other means, such as collecting, recording, storing, arranging, adapting or modifying, recovering, consulting, using, disclosing or delivering, disseminating, updating or combining, blocking, deleting or destroying data.

PERSONAL DATA SUBJECT: Every physical person whose Personal data are being processed.

PLATFORM: Software or software modules that operate jointly, being Company ownership that service the website www.gracia-s.bg. The platform includes modules for:

Creation of consumer basket contents.

Opportunity for publishing replies.

Opportunity for asking questions.

Chat section.



1. Types of Personal data subjects, Categories of processed data, Processing purposes, Storage term.

In view of the manner in which the persons are using our Platform and the services being rendered by it, these could be included in several sub-divisions below. Depending on them, Subjects’ data are being processed in individual Personal data registers, whereas in each particular case processing could include different data categories, purposes and grounds, storage terms, protection measures etc.

One and the same person could file simultaneously in more than one of the abovementioned sub-divisions. For example, each and every Consumer-buyer is a Visitor.

2. Visitor

• Visitor is every person that uploads in his/her web browser a page, part of the Platform or visits its various sections and pages (irrespective of whether via direct web address entry in the browser or via reference from other website or resource).

• Data categories that could be processed: Online identifiers stored in local “cookies” in visitor’s device/browser; Data about location, defined by the visitor; Data about country/city based on the IP address of the user device, being integral part of the information received by each and every website; Information about actions performed by the subject at the Platform; Subject’s preferences towards specific aspects and set-ups of the platform functionalities; Information about the type of the used browser/device.

• Processing purposes: Provision of main and auxiliary functions, which are necessary for the particular and comprehensive Platform functioning; Counting the visits at the Platform; Ensuring the necessary terms and conditions for rendering the services at the marketing platforms.

• Storage term: Until the validity expiration of each and every cookie (up to 1 year as of the time of recording it), carrier of the particular information or until its erasure on behalf of the subject in whose device/browser it is being stored.

• Legal grounds of processing: Consent with the Policy on cookies.

3. E-mail subscriber

• E-mail subscriber is each and every Visitor who performed subscription for an automatic digital e-mail bulletin at the Platform, for receiving letters via e-mail that contain commercial proposals and others. The digital e-mail bulletin would be sent directly by the Controller, without using independent intermediation services.

• Data categories that could be processed: Names, E-mail address, Data about the location, contact telephone, subscriptions (e-mail bulletins), for which the visitors are subscribed – for receiving an e-mail of different information type from the Platform, commercial proposals etc.

• Storage term: Up to 6 months after the subscription was terminated by the subscriber or by the Controller.

• Legal grounds of processing: Consent for inclusion in recipients’ list (subscription for the e-mail bulletin).

III. Consumer-buyers

• Consumer-buyer is every Visitor that via Platform’s technical means performs (or declares) entering Contract for purchase and sale with a particular Salesperson-seller, with the purpose of remotely purchasing the service/commodity offered by the latter in the Platform (or similar action).

• Data categories that could be processed: Names, Address, Telephone number, E-mail address, IP addresses, Information about the performed purchases, Information about the actions performed by the subject at the Platform.

• Processing purposes: Provision of opportunity for effecting purchases via the Platform, via remotely entering contracts with Salesperson-sellers; Providing the particular Salesperson-sellers with information about the occurred purchases and the buyers which is necessary for performing the entered contracts and delivery of the particular purchased services.

• Storage term: 2 years after the latest purchase effected by the consumer-buyer.

• Legal grounds of processing: Performance of the contract entered with the particular salesperson-seller, via the Platform.

IV. Your rights

If we are processing your personal data, you would have the following rights that you could enforce after sending an application to Company’s address provided above, or via email – to the following e-mail address: kavalerbg@gmail.com, or via the “Contact” page:

• Right to accessing your personal data: You have the right to receive confirmation from us on whether personal data are being processed about you, and if this is the case, access to the personal data and information.

• Right to personal data correction: If you find out that the personal data we are processing about you, are inaccurate, you have the right to request us to correct these personal data.

• Right to personal data erasure (right to be forgotten): In certain circumstances, for example if your personal data are being processed in unlawful manner or you have withdrawn your consent (if personal data processing is based on consent) and there are no grounds for their processing continuation, you will have the right to request the erasure of your personal data on our behalf.

• Right to processing limitation: In certain cases, for example, if you doubt the accuracy of your personal data or if you have objected against our legitimate objective for processing your personal data, you have the right to ask us to limit your personal data processing, until a solution is found.

• Right to objection against processing: In certain circumstances, for example, if you doubt our legitimate interest in processing your personal data, you will have the right to object because of concerns related to your particular situation, against such processing.

• Right to data transfer: If your personal data are being processed by automated means with your consent or in order to perform our contractual relations, you will have the right to ask us to provide you with your personal data in machine-readable format so that these could be transferred to other data controller.

• Right to lodging a complaint to the attention of control body: You have the right to lodge a complaint in view of your personal data being processed by us in the competent control body – Commission for personal data protection or to the court.


V. Provision of Personal data to third parties

The Company does not provide third parties with data, except for the following cases:

a. The provision described in the previous article that is necessary for the purposes of a contract being entered between the Consumer-buyer and the Salesperson-seller;

b. If we have legal obligation to disclose or share data;

c. If we have received the consent of the particular Data subject;

d. Digitally pseudonymized data about Visitors, Consumers and Subscribers of the Platform could be provided automatically to the external services rendered by our suppliers, integrated within the Platform, in order to count the visit rate or with advertisement objectives. More information about these external services is available in the Policy on cookies, as well as settings for refusing particular types of services. This refusal could be performed via external instruments (for Google Analytics here; for Google advertisement platformshere; for Facebook advertisement platformshere; for other platforms – here and here);

е. If the consumer-buyer has effected payment, and consequently this payment is being investigated by a banking or payment institution or by a statutory body, because of alleged fraudulent or non-recognized payment or in the case of investigating misuses, the Controller could provide the Consumer-buyer with data to the particular banking or payment institution or statutory body.

VI. Data security

We have undertaken all necessary technical and organizational measures on our behalf in order to ensure the protection of your Personal data against unauthorized access or disclosure, accidental or unlawful destruction or modification.

The information provided in digital pattern is being stored on protected data centres throughout the European Union. The data transfer between the servers and client’s device/browser is performed in encrypted manner, via HTTPS.

IP addresses

If the Company stores IP addresses of data subjects, this is being done to provide the consumers with adequate cooperation in various circumstances, should they need it (for example: lost purchases, inquiries on purchase statuses etc.). IP addresses are being stored for up to 1 year (this period is in conformity with the behaviour demonstrated by some of Platform’s audience in view of the purchasing frequency and other actions). Under no circumstances third parties are to be provided with IP addresses, except for the abovementioned. 


The Platform websites, as well as the external services being used by them and rendered by third parties, use cookies for temporary storage of small pieces of information, in order to ensure the accurate functioning and rendering services that are as good as possible. Detailed information about the types of the used cookies, set-ups, erasure etc. are available in the following document – Policy on cookies.


The Website uses the following cookies:

__cfduid – key for the online chat in the website

__zlcmid – key for the online chat in the website

wplc_chat_status – key for the online chat in the website

_gat – analytical key for google analytics

_gid – analytical key for google analytics

_ga – analytical key for google analytics

fr – key of facebook likebox.

laravel_session – it contains only referral to the session stored at the web server. Consumer’s browser does not store information and this “cookie” could be used only during the current session.


1. All possible future changes in the present Policy would be published at the present website.