Privacy Policy

I. INTRODUCTION
This Personal Data Protection Policy (“Policy”) defines the rules regarding the protection of personal data of individuals using the Website https://www.contrapunct.com/ (the “Platform”), owned by Contrapunct SK Ltd., with UIC 207326627 and registered office in Dobrich, Daskal Dimitar Popov, 13

CONTRAPUNCT is fully compliant with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“the Regulation”), which entered into force on 25.05.2018, and the General Data Protection Regulation (“GDPR”).

By using the Platform, you accept and undertake to comply with this Personal Data Protection Policy, the Cookies Policy and the General Terms and Conditions of the Website.

II. DEFINITIONS
1. “Personal Data” is any information relating to a natural person (Data Subject) who is identified or can be identified directly or indirectly by an identifier such as: name, personal identification number, location information, gender, address, telephone number, online identifier or by one or more characteristics specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

2. “Processing of Personal Data” means any action or set of actions performed with personal data by automated or other means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or other means by which the data becomes accessible, arrangement or combination, restriction, deletion or destruction.

3. “Personal Data Subject” is any natural person who is a User of the Website and whose personal data is collected, stored, or otherwise processed in accordance with this Privacy Policy.

4. “Website/Site” means the content of CONTRAPUNCT and its subdomains.

III. PRINCIPLES OF PERSONAL DATA PROTECTION
1. Legality, Good Faith, Transparency
Personal data must be processed lawfully, fairly and in a transparent manner in relation to the data subject. In view of this, CONTRAPUNCT collects and processes your personal data only for the following purposes:

  • a) Management of your request and concluded contract – on the basis of the contract concluded between us and you, we process information about the type and content of the contractual relationship:
    • i) Personal contact details – full name, contact address, email, phone number;
    • ii) Identification data – three names, a single civil number or a personal number of a foreigner, permanent address;
    • iii) E-mail, letters, information about your requests for troubleshooting, complaints, requests, complaints;
  • b) Saving correspondence in connection with already placed orders, processing requests, reporting problems, etc.;
  • c) Contacting the User and sending information to him;
  • d) For the fulfillment of regulatory obligations;

2. Goal Limitation
Personal data must be collected for specific, explicit and lawful purposes and not processed in a way that is incompatible with these purposes. CONTRAPUNCT collects and processes your personal data for the following purposes:

  • a) Creating a profile and providing full functionality when using the online store;
  • b) Placing orders and purchasing goods;
  • c) Individualization of a party to the contract;
  • d) Accounting purposes;
  • e) Statistical purposes;
  • f) Protection of information security;

3. Data minimization 
Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. CONTRAPUNCT, in its capacity as Controller, applies anonymity or pseudonymization of personal data, if possible, in order to reduce the risks for the affected data subjects.

4. Accuracy
Personal data must be accurate and, if necessary, updated; Reasonable steps must be taken to ensure that inaccurate personal data, given the purposes for which they are processed, are erased or corrected in a timely manner. CONTRAPUNCT is not responsible for incorrectly provided data by its Users.

5. Storage limit
CONTRAPUNCT stores your personal data for a period not longer than the moment of withdrawal of consent for processing. After deletion of your account or successful completion, the Administrator takes the necessary care to delete and destroy all your data without undue delay or to anonymize it (i.e. to bring it into a form that does not reveal your identity).

6. Integrity and confidentiality
CONTRAPUNCT processes your personal data in a way that guarantees an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organizational measures.

Where we are required by law, we may provide your personal data to the competent state authority, natural or legal person.

IV. CONSUMER RIGHTS
Each User of the site enjoys all rights for the protection of personal data in accordance with the Bulgarian legislation and the law of the European Union.

1. Right of Access:
The right of access provides each User with the opportunity to receive a copy of their data, but also the right to receive detailed explanations as to whether the relevant data is being processed lawfully. Each Data Subject has the right to understand the following:

  • a) The purposes for which the personal data provided are used;
  • b) The categories of these data;
  • c) Whether the company has shared the data with third parties and, if so, who those parties are;
  • d) All sources from which the company obtained your personal data;
  • e) Retention period of your data;
  • f) Other rights you have against the company, including the right to rectify your data, delete your data (in certain circumstances), or restrict or object to the company’s use of your data;
  • g) If the Company uses your data in an automated decision-making process (such as decisions made through artificial intelligence or an algorithm), meaningful information about the logic behind that algorithm, and the significance and consequences that the Company foresees for the use of your information in this way;
  • h) if the data is sent outside the European Union and, if so, what safeguards are in place to protect your data;

2. Right to erasure 
The data subject has the right to request from the controller the deletion of the personal data related to him without undue delay, where any of the following grounds is applicable:

  • a) The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • b) The data subject withdraws his/her consent on which the data processing is based and there is no other legal basis for the processing;
  • c) The data subject objects to the processing pursuant to Article 21(1) (GDPR) and there are no legitimate grounds for the processing to prevail, or the data subject objects to the processing pursuant to Article 21(2) (GDPR);
  • d) The personal data has been processed unlawfully;
  • e) The personal data must be erased in order to comply with a legal obligation under Union or Member State law that applies to the controller;
  • f) The personal data was collected in connection with the provision of information society services under Article 8(1) (GDPR);

3. Right to Portability
The data subject has the right to receive the personal data concerning him or her and which he has provided in a structured, commonly used and machine-readable format and has the right to transfer this data to another controller without hindrance where:

  • a) The processing is based on consent in accordance with Article 6(1)(a) or Article 9(2)(a) (GDPR) or on a contractual obligation pursuant to Article 6(1)(b) (GDPR);
  • b) The processing is carried out in an automated way;

4. Right to Object
Users have the right to object to the controller against the processing of their personal data. It is obliged to terminate their effect unless it proves that there are compelling legal grounds for it that take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. If you object to the processing of personal data for direct marketing purposes, it should be stopped immediately.

V. PROCESSING OF ANONYMISED DATA
We process your data for static purposes, this means for analyses in which the results are only aggregated and therefore the data is anonymized. It is impossible to identify a specific person from this information.

1. For the Fulfillment of Regulatory Obligations
There may be a legal obligation for us to process your personal data. In these cases, we are obliged to carry out the processing, such as:

  • a) Obligations under the Measures Against Money Laundering Act;
  • b) Fulfillment of obligations in relation to distance selling, off-premises sales provided for in the Consumer Protection Act;
  • c) Providing information to the Commission for Consumer Protection or third parties provided for in the Consumer Protection Act;
  • d) Providing information to the Commission for Personal Data Protection in relation to obligations provided for in the legal framework for personal data protection;
  • e) Obligations provided for in the Accountancy Act and the Tax and Social Security Procedure Code and other related normative acts, in connection with the keeping of lawful accounting;
  • f) Provision of information to the court and third parties, within the framework of proceedings before a court, in accordance with the requirements of the normative acts applicable to the proceedings;
  • g) Age verification when shopping online;

2. Processing and Storage Periods
The data collected under a statutory obligation is deleted after the collection and storage obligation has been fulfilled or has ceased to exist, such as:

  • a) Under the Accountancy Act for storage and processing of accounting data (11 years);
  • b) Obligations to provide information to the court, competent state authorities, etc. grounds provided for in the legislation in force (5 years);

VI. DATA SECURITY
In order to maximize security in the processing, transmission and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.

Ensuring the security and confidentiality of the personal data entrusted to you is our priority. Therefore, CONTRAPUNCT applies all appropriate technical and organizational measures in accordance with the applicable legal provisions, taking into account the nature of the personal data transmitted by you, as well as the risks associated with their processing, in order to maintain their security and in particular to prevent any accidental or unlawful destruction, any kind of loss, alteration, disclosure, intrusion or unauthorized access to them.

VII. INCIDENT REPORTING PROCEDURE
Each User has the right to file a complaint against unlawful processing of his/her personal data to the Commission for Personal Data Protection or to the competent court.

Name Commission for Personal Data Protection
Registered office and address G. Sofia 1592, blvd. “Prof. Tsvetan Lazarov No 2
Address for correspondence G. Sofia 1592, blvd. “Prof. Tsvetan Lazarov No 2
Telephone -531.5274725
Website www.cpdp.bg

VIII. CONTACTS:
Each user, the User, can send an inquiry or exercise his/her rights under this Personal Data Protection Policy at the following e-mail address info@contrapunct.com and/or through the information provided in the “Connect” section of https://www.contrapunct.com

IX. USE OF COOKIES:

1. What Are Cookies?

Cookies are small data files stored on your device that help improve your user experience. Some cookies are essential for the site to function properly, while others help us analyze traffic or provide targeted advertising.

2. Cookies We Use

  • a) Essential Cookies (WooCommerce): Required for the operation of our online store. These include cart functionality, login sessions, and payment processing;
  • b) Analytics Cookies (Google Analytics): These cookies help us understand how users interact with our website. All data is anonymized and used to improve our services;
  • c) Marketing Cookies (Facebook Pixel): We use Facebook Pixel to deliver personalized advertisements and track their performance;

3. Your Consent

Upon your first visit, a banner will ask for your consent to use non-essential cookies. You may adjust your preferences or withdraw consent at any time by clicking the “Cookie Settings” link at the bottom of the page.

4. Managing Cookies

Most browsers allow you to control cookies via settings. You can also clear cookies from your browser manually.

5. Third-Party Services

We use third-party services such as Google and Facebook. These services may process your data in accordance with their own privacy policies.

Date: 09.06.2025