DIVA PLUS Ltd. | UIC 175013870 | Last updated: January 2026

1. Who is Responsible for Data Processing?

The data controller within the meaning of the General Data Protection Regulation (GDPR) is:

  • Company: DIVA PLUS Ltd. (ДИВА ПЛЮС ЕООД)
  • UIC: 175013870
  • Registered address: Sofia, Bакston district, bl. 19, entr. A, apt. 6, Bulgaria
  • Managing Director: Nikolay Bolchev
  • Website: divaplus.org

For any questions regarding the processing of your personal data, please contact us at the address above or via the contact form on our website.

2. What Data Do We Collect?

2.1. Data You Provide Directly

We collect personal data when you place an order, create an account, or contact us:

  • Full name, delivery address, email address, phone number
  • Payment details (processed by certified payment providers)
  • Messages sent via contact form or email

2.2. Automatically Collected Data

When you visit our website, we automatically collect technical data:

  • IP address, browser type, and operating system
  • Date and time of visit
  • Pages visited and session duration

This data is collected using cookies. For more details, please refer to our Cookie Policy.

3. Why Do We Process Your Data?

We process your personal data for the following purposes:

  • Order management and delivery
  • Creating and managing your user account
  • Customer support and responding to inquiries
  • Compliance with legal obligations
  • Marketing communications (only with your explicit consent)
  • Improving our website and user experience

4. Legal Basis for Processing

  • Contract performance — when processing orders
  • Legal obligation — when complying with applicable legislation
  • Legitimate interest — for service improvement and fraud prevention
  • Consent — for marketing communications and cookies

5. Who Do We Share Your Data With?

We do not sell your personal data to third parties. We may share it only with:

  • Courier and logistics companies (for order delivery)
  • Payment providers (for processing payments)
  • Technical service providers (hosting, email services)
  • Public authorities (when legally required)

All third parties are obligated to maintain data protection standards equivalent to ours.

6. How Long Do We Retain Your Data?

Your personal data is retained:

  • For the period necessary to fulfill the purpose for which it was collected
  • For as long as a contractual or commercial relationship exists
  • After the relationship ends — for up to 5 years, for potential legal claims

7. Your Rights

Under GDPR, you have the following rights:

  • Right of access to your personal data
  • Right to rectification of inaccurate data
  • Right to erasure (‘right to be forgotten’)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent (where processing is based on consent)

To exercise your rights, please contact us. You also have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP): www.cpdp.bg

8. International Data Transfers

In some cases, we may use cloud-based services located outside the EU. In such cases, we ensure compliance with applicable regulations and implement appropriate safeguards to protect your data.

9. Changes to This Policy

We reserve the right to update this Privacy Policy. For significant changes, we will notify you via our website or by email. We recommend reviewing this document periodically.

DIVA PLUS Ltd. – All rights reserved.