Elixirika Biotech

Privacy Policy

PRIVACY POLICY

INTRODUCTION

This Privacy Policy outlines the rules regarding the protection of personal data of individuals using the Website, owned by https://elixirika.com/.

The Website fully complies with Regulation (EU) 2016/679 (GDPR), effective from 25.05.2018, and the Bulgarian Personal Data Protection Act. By using the Website you accept and agree to comply with this Privacy Policy, the Cookie Policy, and the Website's Terms and Conditions.

DEFINITIONS

  • "Personal Data" means any information relating to an identified or identifiable natural person who can be identified directly or indirectly by reference to identifiers such as name, personal identification number, location data, gender, address, phone number, online identifier, or other identifiers specific to that person's physical, physiological, genetic, mental, economic, cultural, or social identity.
  • "Processing of Personal Data" means any operation or set of operations performed on personal data, whether by automated or other means, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
  • "Data Subject" refers to any natural person who is a User of the Website.
  • "Website" means the content hosted at the domain https://elixirika.com/ and its subdomains.

PRINCIPLES FOR DATA PROTECTION

Lawfulness, Fairness, and Transparency

We process your personal data lawfully, fairly, and transparently. https://elixirika.com/ processes your data for the following purposes:

  • Managing your request and executing a contract
    • Contact information: full name, contact address, email, phone number
    • Identification data: full name, personal ID number, permanent address; for legal entities: company name, registration address, UIC, contact email and phone
    • Communication records related to requests, complaints, and correspondence
  • Maintaining records of correspondence for order fulfillment, problem resolution, and more
  • Contacting users and sending relevant information
  • Complying with legal obligations

Purpose Limitation

We collect and process data only for specific, legitimate purposes:

  • Account creation and full access to the e-commerce functionality
  • Order fulfillment
  • Contractual identification
  • Accounting
  • Statistical analysis
  • Information security

Data Minimisation

We collect only data that is adequate, relevant, and limited to what is necessary for the purposes for which it is processed. We use data anonymisation or pseudonymisation wherever applicable to reduce risks to data subjects.

Accuracy

We ensure data is accurate and kept up to date. Any inaccurate data will be corrected or deleted. The website is not liable for incorrectly submitted data by users.

Storage Limitation

Data is retained no longer than necessary. After account deletion or consent withdrawal, your data is deleted or anonymised without undue delay.

Integrity and Confidentiality

We process personal data in a way that ensures appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction, or damage, using appropriate technical and organisational measures.

We may disclose your personal data to competent authorities or legal entities when required by law.

USER RIGHTS

Users are entitled to all rights under the GDPR and national legislation.

Right of Access

You may request confirmation of whether your data is processed, a copy of the data, and information including:

  • Purposes of processing
  • Data categories
  • Data recipients
  • Sources of data
  • Storage period
  • Your rights (rectification, erasure, objection, etc.)
  • Automated decision-making, if applicable
  • Data transfers outside the EU

Right to Erasure ("Right to Be Forgotten")

You may request deletion of your data under certain circumstances, such as:

  • Data no longer needed
  • Consent withdrawal
  • The data subject objects to processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds, or objects pursuant to Article 21(2) GDPR
  • Unlawful processing
  • Legal obligations
  • Data collected from minors in relation to information society services pursuant to Article 8(1) GDPR

Right to Data Portability

You can request to receive your personal data in a structured, machine-readable format and have it transferred to another controller, provided:

  • Processing is based on consent or contract
  • Processing is automated

Right to Object

You may object to data processing. If processing is based on legitimate interest or for direct marketing, it must stop unless compelling legal grounds prevail.

PROCESSING OF ANONYMISED DATA

We may use anonymised data for statistical and analytical purposes, where identification of the individual is not possible.

Legal Requirements

We process personal data when required by law, such as:

  • Anti-money laundering regulations
  • Consumer protection laws (distance selling, off-premises sales)
  • Providing information to the Commission for Consumer Protection
  • Providing information to the Commission for Personal Data Protection
  • Accounting and tax compliance under the Accounting Act and Tax-Insurance Procedural Code
  • Providing information to courts and third parties in legal proceedings
  • Age verification for online purchases

Advertising and Remarketing

To improve our services and user experience, we use features provided by Google Ads and Meta Ads.

Our website uses Google Analytics, a web analytics service operated by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA. Google Analytics uses cookies — text files stored on your device — which allow us to analyse user behavior. The information generated by cookies is typically transmitted to and stored on a Google server in the USA. Google Analytics cookies are stored on the basis of Art. 6(1)(f) GDPR. The website administrator has a legitimate interest in analysing user behavior to optimise online services and advertising activities.

IP Anonymity — Our website has IP anonymisation enabled. Your IP address will be shortened by Google within the European Union or other EEA countries before being transmitted to the United States. Only in exceptional cases is the full IP address sent to a Google server in the USA and shortened there. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

Google Analytics Demographics — Our website uses demographic features of Google Analytics, enabling reports containing data on age, gender, and interests of website visitors. This data comes from interest-based advertising from Google and third parties. These aggregate data cannot be attributed to any individual. You can disable this feature at any time in your Google ad settings.

Google AdWords, Conversion Tracking, Facebook Pixels, and Remarketing — Our website uses Google AdWords, an online advertising programme by Google. As part of Google AdWords services, we use "Conversion Tracking." Each AdWords advertiser has a different cookie, making cross-site tracking impossible. The information obtained through these cookies is used to create conversion statistics. Advertisers see the total number of users who clicked their ad and were redirected to a conversion tracking page. However, advertisers do not receive any personally identifiable information.

If you do not wish to participate in tracking, you can opt out by disabling the Google Conversion Tracking cookie in your browser settings.

Google Analytics cookies are stored on the basis of Art. 6(1)(f) GDPR. For more information about Google AdWords and Conversion Tracking, please see Google's Privacy Policy: https://policies.google.com/privacy/.

Our website may use cookies such as Facebook Pixel and AdWords Remarketing tags, which collect session information and allow us to display follow-up advertisements based on user actions on our site.

To manage Meta ads: Visit https://www.facebook.com/ads/settings

To manage Google AdWords: Visit https://myadcenter.google.com/

Data Retention Periods

Data collected pursuant to legal obligations is deleted once the obligation has been fulfilled or expired, for example:

  • Under the Accounting Act for accounting data storage and processing (11 years)
  • Obligations to provide information to courts, competent state authorities, and other grounds under applicable legislation (5 years)

DATA SECURITY

To ensure maximum security in the processing, transmission, and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymisation, and others.

Ensuring the security and confidentiality of your personal data is our priority. We apply all appropriate technical and organisational measures in accordance with applicable legal provisions, taking into account the nature of the personal data and the risks associated with its processing, to safeguard its security and, in particular, to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion, or unauthorised access.

DATA PROTECTION OFFICER (DPO) RESPONSIBILITIES

The company's responsible officers support the Controller or Data Processor on all matters related to the protection of personal data. Specifically, they shall:

  • Inform and advise the Controller and/or Processor and their employees on data protection obligations
  • Monitor compliance with all data protection legislation, including audits, awareness activities, and training of staff involved in processing operations
  • Advise on and monitor Data Protection Impact Assessments (DPIAs)
  • Act as a point of contact for individuals regarding the processing of their personal data and the exercise of their rights
  • Cooperate with Data Protection Authorities (DPAs) and act as a contact point for DPAs on processing matters

INCIDENT REPORTING PROCEDURE

Every User has the right to file a complaint against unlawful processing of personal data with the Commission for Personal Data Protection or the competent court.

Name: Commission for Personal Data Protection

Registered office and address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2

Correspondence address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2

Phone: +3592/91-53-518

Website: www.cpdp.bg

CONTACT

For questions or to exercise your rights under this Privacy Policy, please contact us via the details provided in the "Contacts" section of the Website.

Date: 10.06.2025

Cookie Policy

Use of Cookies

Cookies are small text files or data packets stored via your internet browser on your device (computer, tablet, laptop, or mobile phone) when visiting websites. Their main purpose is to recognise returning users and optimise their experience. Some cookies have more specific functions, such as remembering user behavior on the site and facilitating the use of the Website. More information about how cookies work can be found online.

How We Use Cookies on This Website

We use cookies on this Website primarily to improve usability, enhance performance, and store information about user behavior. No personal data is stored through our cookies — they cannot identify you as an individual, and therefore the Personal Data Protection Act does not apply to the collection of this information. The information collected through cookies is typically used in aggregate form to analyse user behavior on the Website, enabling us to improve site functionality, user journeys, and content.

Types of Cookies Used on This Website

Session Cookies

These cookies facilitate your use of the site by temporarily storing information within your browser session. The information stored typically includes products or services you have added to your cart, pages visited, and how you reached specific content. These cookies do not collect information from your device and are automatically deleted when you leave the Website or close your browser session.

Persistent Cookies

These allow us to store specific browsing information, such as site visit analysis, how you reached the Website, pages viewed, options selected, and where you navigated from the Website. Tracking this information enables us to improve the Website, including correcting errors and expanding content. The retention period for these cookies varies depending on their specific purpose.

Third-Party Cookies

Our Website may contain links to or embedded content from other sites, such as Facebook, YouTube, Twitter, Google+, LinkedIn, or partner websites. When visiting these sites or opening their content, cookies from those websites may be stored on your device. These are defined as "third-party cookies," and we have no control over their generation and management. We therefore advise you to seek information about them and their management on the respective third-party websites.

Managing Cookies

All browsers allow cookie management from a dedicated folder. You can block cookies, delete all or some of them, or set your preferences regarding cookie use before visiting our site. Please note that deleting or blocking cookies may adversely affect the functionality of our Website and your user experience.

Disabling or Blocking Cookies

Cookie control, disabling, or blocking is managed through your browser settings. Please note that a complete ban on all cookies may affect the functional performance of the site, its efficiency, and access to certain information.