Privacy policy

PRIVACY POLICY

Please read this Privacy Policy carefully.

ABOUT THIS PRIVACY POLICY

Protecting the personal data of visitors, users and/or customers of our website – https://mads3dprints.com/ – is a key priority for us at “Luka MS” OOD, UIC 208371881 (“We”, “Us” or “Our”).

This Privacy Policy is provided in accordance with the requirements of the legislation on personal data protection, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), as well as the applicable local legislation in the Republic of Bulgaria.

When we refer to “You” or “Your”, we mean individually and collectively each visitor or user of this website – https://mads3dprints.com/ – as a data subject.

     2. PERSONAL DATA ADMINISTRATOR

The following company is the administrator regarding the processing of your personal data as described in this Privacy Policy:

“Luka MS” OOD, registered in the Bulgarian Commercial Register under UIC 208371881, registered at this address: gr. Sofia, p.k. 1404, r-n Triaditsa, zh.k. Manastirski Livadi Iztok, ul. „Grigor Cheshmedzhiev“ No. 48, bl. 48, vkh. B, et. 5, ap. 22

Each data subject may contact Us at any time using the contact details below regarding any questions, suggestions and/or requests relating to privacy and data protection:

Registered office and management address: gr. Sofia, p.k. 1404, r-n Triaditsa, zh.k. Manastirski Livadi Iztok, ul. „Grigor Cheshmedzhiev“ No. 48, bl. 48, vkh. B, et. 5, ap. 22

or other correspondence address: gr. Sofia, zh.k. Manastirski livadi Iztok, ul. „Lavski rid“ No. 21, Office No. 1

tel.: +359899901389 or +359883574676

e-mail: mads3dprints@gmail.com

  3. DEFINITIONS

In this Privacy Policy we use the following defined terms:

“Personal data” means any information that can be used to identify You, alone or in combination with other information;

“Data subject” means any identified or identifiable person (You);

“Processing” means any operation or set of operations which is performed on Your personal data or on sets of personal data;

“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to You without the use of additional information;

“Administrator” means the persom or legal person, public authority, agency or other body which determines the purposes and means of the processing of Your personal data. We are a controller when it comes to the processing of Your personal data on our website;

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

INFORMATION WE MAY COLLECT AUTOMATICALLY THROUGH COOKIES AND OTHER TECHNOLOGIES

While You browse or use some of the functionalities of our website, as well as through the use of cookies, We collect personal data. We may collect information about the goods and/or services You have viewed or searched for, and about the features of this website that You have used, including time spent and other statistical information. Some types of information may be obtained automatically, for example, every time You interact with the website or use our services. This information does not necessarily directly reveal Your personal identity, but may include information about the specific device You use, such as device identifier, operating system, web browser (such as Chrome, Firefox, Safari, Internet Explorer and others) and Your IP address /MAC address/ device identifier.

Please see the Cookie Policy available on the website for additional information on how to manage Our use of cookies.

PRINCIPLES FOR THE COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA

We process (including but not limited to: collect and store) Your personal data solely in connection with our activities and in accordance with the requirements of the applicable legislation, including the Personal Data Protection Act of the Republic of Bulgaria and the GDPR. We may also collect data about other persons related to You, if You have chosen to disclose such information in Your communication with us.

In processing Your personal data, we are guided by the following fundamental principles:

  • processing is carried out lawfully, fairly and in a transparent manner;

  • data are used only for clearly specified and legitimate purposes;

  • retention periods are limited to the time necessary to achieve the specific purposes;

  • only data that are necessary and relevant are processed;

  • information is kept accurate and up to date;

  • protection, confidentiality and an appropriate level of security are ensured when processing personal data.

  6. LEGAL GROUNDS FOR COLLECTING AND PROCESSING YOUR PERSONAL DATA

The legal grounds on which we collect and process Your personal data are as follows:

  • Your consent to the processing of personal data;

  • processing is necessary for the performance of contractual obligations of the controller – trader to You;

  • processing is necessary in order to take steps at Your request prior to entering into a contract;

  • processing is necessary for compliance with legal obligations of the controller – trader.

If an individual decides not to provide some or all of the personal data that are necessary for a specific purpose as described above, we may not be able to provide the relevant service. This may include the inability to fulfil contractual obligations to You or difficulties in complying with certain legal requirements, including providing the data subject with the possibility to exercise their rights under the GDPR.

  7. WHAT PERSONAL DATA DO WE PROCESS?

We process (including but not limited to: collect and store) the following categories of personal data, each category being related to specific purposes and legal grounds:

  • Your basic identification data such as name, telephone number and e-mail, as well as additional information which You provide at Your own discretion. This data is used to process Your inquiries, provide offers, prepare services and communicate with You. Processing is carried out on the basis of Your request to take steps prior to a possible conclusion of a contract and on the basis of taking steps prior to entering into a contract, or on the basis of consent given by You;

  • all or some of the following identification data: first name and surname; e-mail address; telephone number; delivery address; personal identification number (EGN) or date of birth and/or other national personal identification number of a foreigner and/or citizen of the European Union, where this is necessary for issuing invoices and other accounting or tax documents. The data are processed for correspondence with You in relation to services used and on the basis of the necessity to take steps at Your request, performance of a contract or fulfilment of our legal obligation;

  • all or some of the following identification data: first name and surname; e-mail address; telephone number; delivery address, necessary for concluding a contract, making a payment, processing orders, reservations or purchases, including for the performance of the contract, as well as information for the refund of amounts paid in case of cancelled orders, reservations or returned products. This data is processed in connection with the registration of a profile, conclusion of contracts, performance of orders or services, return of products, cancellation of orders, etc. The data are processed for the performance of our contractual obligations to You and/or for compliance with legal obligations;

  • Your IP address, browser settings and preferred language, as well as information about the pages visited and actions taken, are used for sending notifications where You have expressed willingness to receive them;

  • Your IP address and pages visited are processed for the purpose of ensuring information security;

  • other information that You voluntarily provide. This data is processed in connection with the performance of a contract, on the basis of given consent or for compliance with statutory obligations.

Please note that data relating to Your bank card used to make payments on the controller–trader’s website are not stored and processed by the latter. Your bank card data are processed by the Payment Processor – a third party that processes electronic payments, which as of the effective date of these General Terms is Shopify, information about which is available at the following web page: https://www.shopify.com. The data processed for the purposes of the payment may include: cardholder’s name; card number (the full card number is processed only by the payment system); expiry date; CVC/CVV code (three-digit code on the back of the card); amount and order number.

We may have access only to information about the successful transaction (amount, date, last 4 digits of the card, order identifier) for accounting and customer service purposes.

By accepting this Privacy Policy, You explicitly agree that the specified data will be processed by Shopify for the purpose of entering into a contract with Us and processing payments. Shopify’s Privacy Policy can be accessed at the following link: https://www.shopify.com/legal/privacy/consumers

  8. AUTOMATED DATA PROCESSING AND PROFILING

We do not use profiling and will not make automated decisions about You that may significantly affect You, unless (i) the decision is necessary as part of a contract we have with You, (ii) we have Your explicit consent or (iii) we are required by law to use such technology.

  9. SPECIAL CATEGORIES OF PERSONAL DATA – SENSITIVE DATA

We do not collect or process from You data falling within the so-called “special categories of personal data”, such as information about racial or ethnic origin, political opinions, genetic or biometric data, as well as information related to an individual’s sex life or sexual orientation.

  10. PROVISION OF DATA BY YOU RELATING TO THIRD PARTIES

We usually receive personal data directly from the data subject. When You provide personal data of third parties in order for them to receive the order (for example when ordering as a gift or other donation), or when personal data are provided in relation to personalised goods and/or services (including goods made to order and services under the General Terms), responsibility for sharing and informing those persons about the data provided lies entirely with You.

  11. HOW LONG DO WE STORE YOUR PERSONAL DATA?

We store Your personal data for the minimum period necessary to fulfil the purposes set out in this Privacy Policy, unless we are required by law and/or entitled to keep them for a longer period.

Unless otherwise specified or required by applicable laws, please also note that we generally apply the following retention periods:

  • Personal data provided via a communication channel are stored until the request is fulfilled or the query is resolved, and for a maximum of two years thereafter for internal statistical and marketing analyses;

  • Personal data of customers processed in connection with contracts between Us and the respective individual are stored for up to ten years, starting from 1 January of the year following the year in which the contract was recorded for tax purposes;

  • Personal data related to the issuance of tax documents (invoices) are stored for up to ten years from 1 January of the year following the one recorded for tax purposes;

  • Personal data provided with Your explicit consent are stored until You withdraw Your consent, unless another legal basis for processing such data applies for which a longer retention period is provided.

We will retain personal data after the expiry of these periods if we are obliged to do so in order to comply with the law in cases of pending proceedings or complaints that reasonably require the retention of personal data, or for regulatory or technical reasons. When we retain such data, we will continue to ensure that the confidentiality of data subjects is protected.

Upon expiry of the relevant periods, we take the necessary measures to securely delete or destroy personal data without undue delay.

  12. WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?

The GDPR grants data subjects a number of individual rights. Please note that these rights are not absolute and may not apply in certain circumstances.

Such rights include:

  • Information or confirmation as to whether Your personal data are being processed;

  • Right of access to information concerning, for example but not limited to: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed;

  • Right to rectification of inaccurate personal data concerning You. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by providing a supplementary statement/documents;

  • Right to erasure (the so-called right to be forgotten) of personal data concerning You in certain circumstances. This right applies only to data stored at the time the request is received. It does not apply to data that may be created in the future. Please note that where we are legally obliged to process certain personal data, the right to erasure will not apply to such data. We would also like to clarify that the right to be forgotten is applied so that erasure will be carried out in respect of live systems, but the data will remain in the backup environment for a certain period of time until it is overwritten. This means that we will place the backup data “out of use” even if it cannot be immediately overwritten (the backup is simply retained in our systems until it is replaced in accordance with an established schedule);

  • Right to restriction of processing in certain circumstances. This is an alternative to requesting erasure of Your data where, for example but not only, the processing is unlawful but the data subject does not want their personal data to be deleted and instead requests the restriction of their use, unless this proves impossible or requires disproportionate effort;

  • Right to data portability, insofar as the processing is based on consent or on a contract and is carried out by automated means. This right enables data subjects to receive and reuse their personal data for their own purposes across different services, moving them from one IT environment to another in a safe and secure way, without affecting their usability;

  • Right to object to the processing of personal data. For example (but not only), the data subject has the right to object at any time to the processing of their personal data for direct marketing purposes. However, if the data subject objects to other uses, we may refuse to comply with the objection only if we can demonstrate that we have compelling reasons to continue to process Your data which override Your objection. In particular, the data subject has the right to object at any time to processing based on legitimate interest, in which case we will no longer process the personal data unless we demonstrate that there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims;

  • Avoidance of automated decision-making (without human involvement), including profiling, where personal data are used to make inferred assumptions about individuals. There are strict rules on this type of processing and data subjects have the right to challenge and request a review of the processing if they believe that these rules are not being complied with;

  • Right to withdraw the consent given for the processing of Your personal data at any time, in which case we will cease processing the relevant information. Please note, however, that consent is only one of several legal bases for processing personal data, so the exercise of this right does not mean that there is no other legal basis.

You are entitled to information on the action taken on a request within one month of its receipt. Where necessary, this period may be extended by a further two months, taking into account the complexity and number of the requests.

You are also entitled to information in the event of a personal data breach likely to result in a high risk to the rights and freedoms of the data subject.

  13. EXERCISING YOUR RIGHTS

If a data subject wishes to exercise any of the rights listed above, they may contact us at any time using the contact details set out in this Policy, including at the following email address: mads3dprints@gmail.com

In addition, data subjects have the right to lodge a complaint with the competent supervisory authority and with the competent courts if the data subject considers that the processing of their personal data infringes the provisions of the applicable privacy laws, including this Privacy Policy.

Please note that You may lodge a complaint with the competent supervisory authority. You can find the contact details of the competent authorities in the EEA at:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

The contact details of the Bulgarian competent supervisory authority for data protection are:

Commission for Personal Data Protection

Address: Sofia 1592, bul. „Prof. Tsvetan Lazarov“ No. 2

GPS coordinates: N 42.668839 E 23.377495

E-mail: kzld@cpdp.bg

Website: www.cpdp.bg

Tel.: 02/91-53-519

  14. HOW AND WHY WE MAY SHARE OR TRANSFER PERSONAL DATA TO THIRD PARTIES, THIRD COUNTRIES AND INTERNATIONAL ORGANISATIONS

Where necessary, we may provide (share or transfer) personal data about You:

  • to anyone as a result of restructuring, sale or acquisition, or to anyone to whom we transfer or may transfer our rights;

  • where we are required or permitted to do so by law, regulation, court order or order of a supervisory, regulatory or similar body;

  • to accountants, professional advisors and lawyers – for the purposes of the financial, accounting and administrative servicing of our activities;

  • to cloud platforms for data processing and storage – for organisational servicing, such as storage and processing of contracts with data subjects with a view to enhanced security;

  • to postal service providers – for sending goods subject to purchase and sale;

  • to IT service and system administration providers – for maintaining and enhancing the security of the website and data processing;

  • to companies providing marketing services – for optimising the functioning of the website and more reliable communication with the users of the website;

  • to providers of services for the storage of third-party information (hosting companies) – for the performance of contracts with users of the website.

Please note that the transferred data are limited to the purpose for which they are transferred. In line with this principle, we grant access to information to third parties only after a detailed review of their documentation and only if they meet the requirements of the applicable regulatory framework. This review carefully examines the competence of each third party, as well as the technical and organisational measures for data protection.

If Your personal data are transferred outside the EEA to a country whose data protection standards are not considered adequate, we will ensure that other safeguards guarantee data protection. The safeguards will include the use of contractual clauses approved by the European Commission and/or other appropriate safeguards to ensure that personal data are sent and received in accordance with the applicable legislation.

We may disclose Your personal information to the extent that we are required to do so under the applicable privacy legislation.

In the event that a data subject requests the erasure of their personal data from our database, we will retain only such data as are necessary to protect our legitimate interests or to comply with the requirements of public authorities.

  15. HOW DO WE PROTECT YOUR INFORMATION?

We take all necessary measures to ensure the confidentiality of personal data and any other confidential information that is provided to us and is not personal data. We will comply with our confidentiality obligations and will establish and maintain appropriate security measures to protect confidential information from unauthorised access or use.

We cannot be held responsible for third-party websites to which this website links, or for their policies. If You click on a link to a third-party site, please read carefully the privacy policy/notice on that website and decide whether it is appropriate for You to use it.

  16. CHANGES TO THIS PRIVACY POLICY

We reserve the right to make changes to this Privacy Policy at any time, so please check periodically for updates.

This Privacy Policy is drafted in Bulgarian and in English. In the event of any inconsistency between the two versions, the Bulgarian version shall prevail.

This Privacy Policy is effective as of 04.12.2025.