Personal data protection policy

DIO FOODS LTD is a company registered in the Commercial Register of the Registry Agency with UIC 204383288, with registered office and address of management: Sofia 1680, Vitosha district, residential complex Manastirski Livadi, 59B Kazbek Str., Bl.2

We process your personal data on the following grounds:

The contract concluded between us and you in order to fulfill our obligations under it;

Explicit consent from you – the purpose is indicated for each specific case;

In case of an obligation under law

In the following paragraphs you will find information about the processing of your personal data depending on the basis on which we process them.



We process your personal data in order to fulfill the contractual and pre-contractual obligations and to use the rights under the contracts concluded with you.

Purposes of processing:

establishing your identity;

management and execution of your request and execution of a concluded contract;

preparing and sending an invoice for the services you use with us;

Maintaining correspondence in connection with orders, processing requests, reporting problems, etc.

preparation of a user profile;

distribution of an electronic newsletter

Based on the contract concluded between us and you, we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:

personal contact details – contact address, email, phone number;

identification data –  names, unique civil number or personal number of a foreigner, permanent address;

data on the orders made through the user profile;

e-mail, letters, information about your requests for troubleshooting, complaints, requests, grievances;

credit or debit card information, bank account number or other banking and payment information in connection with the payments made;

The processing of the specified personal data is obligatory for us so that we can conclude the contract with you and fulfill it.

We provide your personal data to third parties, and our main goal is to offer you quality, fast and comprehensive service.

We provide personal data to the following categories of recipients (personal data controllers):

postal operators and courier companies;

persons providing consulting services in various fields.

marketing agencies in order to provide relevant content and advertisements (including, but not limited to, Facebook and Google advertisements) and, accordingly, analysis of the provided advertising content

We delete the data collected on this basis 5 years after the termination of the contractual relationship, regardless of whether due to the expiration of the contract, cancellation or other grounds. The term is determined by the 5-year limitation period for possible claims under the contract.


Cookies are small text files that are stored on your device (desktop, laptop, tablet, smartphone) when you visit websites. Cookies usually contain the name of the site, a unique identification number and a period of validity. They can also record how long you have been on a page, which links you click, language preferences, site colors, and more. Cookies cannot be used to disclose your identity or personal information.


login and authentication – when logging in to your personal account at, we save a unique ID number and the exact moment of login to an encrypted cookie on your device. This cookie allows you to go from page to page on the site without having to re-enter each page. You can also save your login information so that you do not have to log in each time you visit the site.

protection – we use cookies to detect fraud and abuse of our websites and services.

storing information that you provide on a website. When you provide information or add products to a shopping cart at, we store the data in a cookie in order to remember the products and information you have added.

Social Networks – Facebook cookies, including those that allow users who are logged in to the social networking service to share content through this service.

marketing data related to preferences for obtaining marketing information from us and third parties, and a preferred way of communication. We process this data so that we can include you in our promotions, such as games, prizes and free gifts, provide you with adequate content and advertisements, and accordingly understand the effectiveness of these advertisements.

data related to the use of our website and online services, such as IP address, login details, browser details, duration of visits to the pages of our website, page views and navigation paths, details of the number of visits to our website , time zone settings and other technologies of the devices you use to access our website. The source of this data is from our analysis tracking system.


The law may provide for an obligation for us to process your personal data. In these cases, we are obliged to perform the processing, such as:

Obligations under the Anti-Money Laundering Measures Act;

fulfillment of obligations in connection with the distance selling, the sale outside the commercial site, provided for in the Consumer Protection Act;

providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;

providing information to the Commission for Personal Data Protection in connection with obligations provided for in the legislation for personal data protection;

obligations provided for in the Accounting Act and the Tax and Social Security Procedure Code and other related normative acts in connection with the keeping of lawful accounting;

providing information to the court and third parties, in the framework of proceedings before a court, in accordance with the requirements of the applicable regulations;

age verification when shopping online.

 The data collected in accordance with an obligation provided by law are deleted after the obligation for collection and storage is fulfilled or ceases to exist. For example:

under the Accounting Act for storage and processing of accounting data (11 years),

obligations to provide information to the court, competent state authorities, etc. grounds provided for in the current legislation (5 years).

 When there is an obligation for us by law, it is possible to provide your personal data to the competent state authority, natural or legal person.



We process your personal data on this basis only after your explicit, unambiguous and voluntary consent. We will not foresee any adverse consequences for you if you refuse to process personal data.

Consent is a separate basis for the processing of your personal data and the purpose of the processing is stated in it, and is not covered by the purposes listed in this policy. If you give us the relevant consent and until its withdrawal or termination of any contractual relationship with you, we prepare suitable proposals for products / services.

On this basis, we only process data for which you have given us your express consent. The specific data are determined for each individual case. Usually the data include:







On this basis, we may provide your data to marketing agencies and third parties.

Concessions granted may be withdrawn at any time. Withdrawal of consent does not affect the performance of contractual obligations. If you withdraw your consent to the processing of personal data in any or all of the ways described above, we will not use your personal data and information for the purposes set out above.

We delete the data collected on this basis at your request or 1 year after their initial collection.



 We process your data for static purposes, i.e. for analyzes in which the results are only summary and therefore the data is anonymous. It is not possible to identify a specific person from this information.



To ensure adequate data protection of the company and its customers, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.

In order to ensure maximum security in the processing, transmission and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.



Each User of the site enjoys all rights to personal data protection under Bulgarian law and European Union law.

 Each User has the right to:

Awareness (in connection with the processing of his personal data by the administrator);

Access to your own personal data;

Correction (if data is inaccurate);

Deletion of personal data (right to be “forgotten”);

Restriction of processing by the controller or processor of personal data;

Portability of personal data between individual administrators;

Objection to the processing of his personal data;

The data subject shall also be entitled not to be the subject of a decision based solely on automated processing, including profiling, which has legal consequences for the data subject or similarly affects him to a significant degree;

Right to judicial or administrative protection in case the data subject’s rights have been violated.

The user can request deletion if one of the following conditions is true:

Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

The user withdraws his consent on which the data processing is based and there is no other legal basis for the processing;

The user objects to the processing and there are no legal grounds for the processing to take precedence;

Personal data has been processed illegally;

Personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller;

Personal data have been collected in connection with the provision of information society services to children and the consent has been given by the parent responsible for the child.

The user has the right to restrict the processing of his personal data by the administrator when:

Dispute the accuracy of personal data. In this case, the restriction of processing is for a period that allows the controller to verify the accuracy of personal data;

The processing is illegal, but the User does not want the personal data to be deleted, but instead requires restricting their use;

The Administrator no longer needs the personal data for the purposes of processing, but the User requires them for the establishment, exercise or protection of legal claims;

objects to the processing pending verification of whether the legal grounds of the administrator take precedence over the interests of the User.


The data subject has the right to receive the personal data concerning him and which he has provided to the controller, in a structured, widely used and machine-readable format and has the right to transfer this data to another controller without hindrance from the controller. data are provided when the processing is based on consent or a contractual obligation and the processing is carried out in an automated manner. When exercising its right to data portability, the data subject shall also be entitled to receive a direct transfer of personal data from one controller to another where this is technically feasible.




Users have the right to object to the controller against the processing of their personal data. The controller of personal data shall be obliged to terminate the processing, unless he proves that there are convincing legal grounds for the processing, which take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or protection of legal claims. In the event of an objection to the processing of personal data for the purposes of direct marketing, the processing should be stopped immediately.



Each User has the right to file a complaint against illegal processing of his personal data to the Commission for Personal Data Protection or to the competent court.



    Вашата количка
    Вашата количка е празнаОбратно в магазина
      Calculate Shipping
      Apply Coupon