Privacy Policy and Personal Data Protection

Effective from: 29.10.2025

I. Introduction

„AURA FITNESS“ Ltd („Aura Fitness“, „we“) respects the personal space and the right to personal data protection of its clients. This Privacy Policy has been prepared in accordance with Regulation (EU) 2016/679 („GDPR“) and the Personal Data Protection Act (PDPA) and aims to inform you about what personal data we collect, how we use, store, and protect it.

The policy applies to all users of our website www.aurafitness.bg, to clients who make online orders, as well as to individuals with whom we communicate via email, phone, or social networks in connection with our e-commerce activities.

Please read this Policy carefully before using the site or providing us with your personal data. By providing them, you agree to the conditions described here.

II. Personal Data Administrator

„AURA FITNESS“ Ltd
UIC: 208487722
Registered office and management address: Sofia, Mladost 4, Vasil Radoslavov St. 6, 3rd floor
Contact email: eshop@aurafitness.bg
Phone: +359 88 942 9181

All questions regarding the processing of personal data can be sent to the specified email.

III. Categories of Personal Data We Process

  • Identification data: first name, last name;
  • Contact data: email, phone, delivery and billing address;
  • Payment data: IBAN (for refunds), last 4 digits of card (only through the payment operator);
  • Order data and purchase history;
  • Data from your online profile (if you are a registered user);
  • Correspondence data: emails, inquiries, complaints;
  • Technical data: IP address, device type, browser, cookies;
  • Marketing data: preferences and consent for receiving newsletters.

IV. Purposes and Legal Grounds for Processing

We process your personal data only when there is a legal basis, such as:

  1. For the performance of a contract – for processing orders, delivery, payment, invoicing, complaints, and warranty service.
  2. For the fulfilment of legal obligations – issuing accounting documents, reporting under VAT and tax laws, obligations under the Consumer Protection Act.
  3. Based on your consent – for creating a profile, sending marketing messages and newsletters, participating in campaigns or games.
  4. For legitimate interests – for improving service, protection against abuse, and website optimisation.

V. Use of Data for Direct Marketing and Newsletters

We may use your data (email, name) to send promotional offers, news, and newsletters, only if you have given explicit consent during registration or when placing an order. You can withdraw this consent at any time via the „Unsubscribe“ link at the end of each email or by writing to us at eshop@aurafitness.bg.

VI. Categories of Third Parties to Whom We May Provide Data

  • Courier company Econt Express – for delivery of parcels;
  • Bank UniCredit Bulbank and payment operator BORICA – for processing payments;
  • IT and hosting providers that support our website;
  • Accounting firm – for accounting and tax services;
  • Competent state authorities – when required by law.

All third parties that process personal data on our behalf are bound by confidentiality agreements and comply with the requirements of GDPR.

VII. Retention Period of Personal Data

  • Order and contract data – up to 5 years after the end of the relationship, according to the statutory limitation periods.
  • Accounting documents – a minimum of 10 years according to the Accounting Act.
  • Marketing data – until consent is withdrawn.
  • Email correspondence and inquiries – up to 2 years from the last contact.

VIII. Your Rights

As a data subject, you have the following rights:

  • Right of access to your personal data and a copy of it;
  • Right to rectification of inaccurate or incomplete data;
  • Right to erasure („right to be forgotten“);
  • Right to restriction of processing;
  • Right to object to processing, including for direct marketing;
  • Right to data portability to another administrator;
  • Right to withdraw your consent at any time;
  • Right to lodge a complaint with the Commission for Personal Data Protection (CPDP).

Contact of CPDP: Sofia 1592, „Prof. Tsvetan Lazarov“ Blvd. No. 2, www.cpdp.bg.

IX. How We Protect Your Data

Aura Fitness implements organisational, technical, and physical security measures to prevent unauthorised access, loss, or misuse of personal data. These include:

  • SSL encryption of the connection when entering data on the site;
  • Restricted access to data only for authorised personnel;
  • Privacy and confidentiality policy for staff;
  • Regular updates and protection of servers and databases;
  • Archiving and access control to information.

X. Cookies

The site uses cookies to ensure its proper functioning, to improve user experience, and to analyse traffic. Some cookies are necessary for the functioning of the site, while others are used only with your consent. You can learn more in our Cookie Policy.

XI. Changes to the Policy

This Policy may be updated periodically. All changes will be published on this page with the current effective date. We recommend reviewing it regularly to stay informed about how we protect your data.

For questions regarding this Policy or the processing of personal data, you can contact us at: eshop@aurafitness.bg.

Products to compare (/5)