Privacy Policy

(Personal Data Collection and Processing Policy of website

This privacy policy aims to give you information on how the company, which owns the website  (hereinafter referred to as The Website) – Crupon Lab Ltd., VAT: BG205379129 (hereinafter referred to as Crupon) treats (collects, processes, stores, shares, etc.) your personal data and how you could control your preferences and settings in relation to this treatment. Furthermore, this Privacy Policy is fully in line with the provisions of the  General Data Protection Regulation (GDPR) 2016/679, currently in force within the European Economic Area (EEA). You can find the full text of the regulation at:
The Website has been built fully based on the functionalities, available via the e-commerce platform Shopify (, which allows traders to create their own unique online store using the available models, codes and designs and combining them as they find appropriate. The relationships between Crupon and Shopify are commercial and have been settled through a business agreement (General Terms and Conditions). Therefore, Crupon and the Website, as well as all applicable rules in relation to the processing of the Website users'personal data, are closely bound to Shopify's rules, which also determines the circumstance that this Policy contains references and links to the policies, adopted and implemented by our partner Shopify, which we have in turn adopted and implemented in our operations.
Generally and above all, we should note that Crupon collects and processes your personal data for the following purposes: (1) to fulfil our obligations as a seller of women's fashion clothing and accessories; (2) to deliver the Website's functionalities in the fullest and most efficient way possible; (3) to deliver information, products and services explicitly requested by our customers (for example, sending out newsletters, etc.); (4) to perform market analysis and statistical research for the purpose of internal marketing and statistical activities relating to Crupon.
I. Section One – Registered website users data we collect
For clarity purposes, below you will find lists of the respective types of personal data Crupon collects from the Website users, arranged based on the specific purposes and processes whose implementation requires the collection of personal data, namely:
  • Personal data needed for user registration – data provided by the users when they register on the Website as indicated in the Website's General Terms and Conditions, in particular: (1) first name and (2) family name of the user; (3) valid email address; and (4) individual password for each individual user. In addition and solely by their own discretion, upon completing their registration, Website users can also add to the data listed in their Website profile (5) their address.
  • Personal data needed for shipping purchased items – (1) first name and (2) family name of the user; (3) valid email address; (4) telephone number to contact the user and (5) delivery address.
  • Personal data relating to payments made by the user – Crupon uses one payment system to support online payments. In particular, these system is maintained by the third entities listed below and the respective data, collected when these systems are used, is as follows:
  • PayPal ( – this provider fully processes all payments made by the Website users/buyers, where all banking and financial data (respectively credit and debit cards, including data thereof, etc.) are processed solely by this entity.
  • Data collected through Cookies – for more information, please see Section 3 below – "Rules relating to the cookies used and data collected through cookies"'
  • IP address;
  • User browser identifier;
  • User device identifier;
  • Information about the number of user Website visits;
  • Search history by item categories offered on the Website and purchase history;
  1. Section 2 – Data collected about all Website visitors
  • IP address;
  • User browser identifier;
  • User device identifier;
  • Information about the number of user Website visits;
  • Search history by item categories offered on the Website and purchase history;
  • Information about the landing page used by users to reach the Website,
  • Data collected through cookies - – for more information, please see Section 3 below – "Rules on the cookies used and data collected through cookies"'

III. Section 3 –Rules on the cookies used and data collected through cookies (Cookie Policy)

Any and all cookies used on the Website are session (temporary) cookies, which have different validity as set by our partner Shopify.
Cookies are essentially small text files sent by the web server to the used browser and stored on your device so the Website can recognize them. There are two types of cookies – permanent and session (temporary) cookies. Permanent cookies are stored as a file on your computer or mobile device for a longer period of time. Session cookies are stored temporarily on your device, when you visit the Website, and are erased relatively soon after you close the Website. Most cookies don't contain any sensitive information about you or any personal data that can identify you directly.
We use cookies mainly to monitor your behavior in the following aspects:

  • Identifying the identifier of your device and the browser you use (so we know when you visit the website, i.e. to "recognize you");
  • The time you spend on the Website;
  • Information about the number of user Website visits;
  • Search history in item categories offered on the Website and purchase history;
  • Information about the landing page used by users to reach the Website, etc.
Third-party cookies
We use some third-party cookies as part of our services. These cookies are managed by the respective websites and are not in our control. We can also use some authorized third parties to put cookies during your visits of our websites for the purposes of the services they provide to us. Below, you can find a list of the third-party services we use, some of which can be switched off via the general settings of your browser. For other cookies, you may need to visit the respective websites and follow the instructions given there.
  • Shopify cookies ( – when a company uses the Shopify platform to create their online store, which is the case with Crupon and this Website, Shopify puts the following cookies on the Website:
  • Cookies necessary for the functioning of the Website:
Cookie name Cookie function
_ab Used in connection with access to admin.
_orig_referrer Used in connection with shopping cart.
_secure_session_id Used in connection with navigation through a storefront.
Cart Used in connection with shopping cart.
cart_sig Used in connection with checkout.
cart_ts Used in connection with checkout.
checkout_token Used in connection with checkout.
Secret Used in connection with checkout.
Secure_customer_sig Used in connection with customer login.
storefront_digest Used in connection with customer login.
  • Cookies used for reporting and analytics:
Cookie name Cookie function
_landing_page Track landing pages.
_orig_referrer Track landing pages.
_s Shopify analytics.
_shopify_fs Shopify analytics.
_shopify_s Shopify analytics.
_shopify_sa_p Shopify analytics relating to marketing & referrals.
_shopify_sa_t Shopify analytics relating to marketing & referrals.
_shopify_uniq Shopify analytics.
_shopify_visit Shopify analytics.
_shopify_y Shopify analytics.
_y Shopify analytics.
tracked_start_checkout Shopify analytics relating to checkout.
  • Google Analytics cookies – Google Analytics is a leading tool used to collect information about user behavior, allowing website owners to establish the performances, visits and results of their websites. In general, Google Analytics cookies that the Website can serve are the following:
Cookie name Cookie function
_ga Used to distinguish users.
_gid Used to distinguish users.
_gat or _dc_gtm_<property-id> Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named dc_gtm<property-id>.
_dc_gtm_<property-id> Used when data is deployed via Google Tag Manager, where <property-id> is a unique identifier of the Google Tag Manager profile, for example: _dc_gtm_UA-68436640-7
AMP_TOKEN Used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
_gac_<property-id> Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.

Here are some sources where you can find detailed information about Google Analytics:
You can find detailed technical information here:;
You can find the Privacy Policy and Terms and Conditions of Google, including Google Analytics, here:;
If you would like to ban Google Analytics from tracing your behavior, you can use the following tool provided by the provider:

  • Facebook cookies – The social network provides a series of additional services related to the following purposes: measuring the activities of our Website visitors; choosing, delivery and measurement of network content serving; user personalization based on their behavior, including for advertising goals, etc. Facebook has not provided any detailed information about the cookies they use. You can find more information here: You can find Facebook's Privacy Policy here:

Section 4 – Who do we share your personal data with

Sometimes we share your personal data with third parties. This is aimed at providing you with the best possible experience when using our Website, and sometimes – to secure and make available our service in general.
Crupon does not grant usage rights, and does not sell, reveal or share your information (personal data under GDPR) with other entities or non-related companies, unless this is necessary to provide you with the services you requested and you have given your permission, or in any of the following hypotheses:

  • Information is provided to our trusted partners working on assignments made by Crupon based on contractual relationships and under confidentiality agreements. This third-party entities include, but are not limited to:
  • Shopify (agreement) – we provide them with the following user data: first name, family name, email address, delivery address, and contact phone number. Thus, the provided information is used to administer the orders, prevent fraud (including personal data fraud), for authentication of registered users who have forgotten their individual passwords or user names, and to improve the services offered by the Website and the Shopify platform. For more information about the privacy rules applied by Shopify that Crupon conforms to, please visit:
  • Paypal (agreement) – Crupon accepts payments by credit and debit cards (as set out in the Website's General Terms and Conditions) for the items you have selected and purchased, where payments are fully administered by a third entity – PayPal based on an agreement (PayPal processes personal data based on assignments made by Crupon, where the process guarantees the highest level of user personal data protection, for more information, please visit:
  • When using PayPal, Crupon has no access to any user financial data (the only personal data access we have via PayPal is access to the names and email addresses as set out in the Website's Policy and General Terms and Conditions).
  • Shipping companies (agreements) – for the purpose of shipping the items, ordered via the websites, and to return these items to Crupon (in line with all the terms and conditions described in the Website's Terms and Conditions):
  • Information needed to fulfil our legal obligations based on legitimate requests coming from authorized government authorities, including but not limited to judicial authorities; investigative authorities; tax authorities, etc. (under the Law on Electronic Communications, The Criminal Code, the Law on the Ministry of Interior, the Law on the Judiciary, etc.)

If you do not wish us to send the information to some of our partners, you can withdraw your consent by contacting us in any of the ways indicated at the bottom of this Policy.
V. Section 5 – Personal Data Protection 

Crupon shall maintain appropriate technical and organizational measures to guarantee the security of all Website user data in line with all mandatory requirements of the applicable EU and Bulgarian law.
All your personal data we receive is processed in Ireland by the e-commerce platform Shopify and is stored on Shopify servers physically based in the US/Canada.
We limit any access to your information by employees or third-party vendors, working on assignments and under the control of Crupon
This Website uses HTTPS-encrypted connection and Shopify certificates.
VI. Section 6 – Data transfer outside EEA

Crupon does not perform direct user personal data transfer to countries outside the EU and the EEA.
Some of our partners may transfer data outside the EEA, when a decision has been made in terms of the adequate level of protection, for example – in the case of the EU-US Privacy Shield. For more information, please see our partners' privacy policies.

VII. Section 7 – How long we store your personal data

Data storage continues for as long as we have a reason to store the data. For example – a user has agreed for us to collect and process their information or has a profile on the Website.
Generally, the period after which we will delete the data used to purchase an item via the Website, including to return this item, is six months after the last activity in relation to the particular case.
For the purposes of measuring user behaviour on the Website, we store personal data based on the period of validity of the respective cookie recording.
VIII. Section 8 – Data subject rights under GDPR

  • Right of access to your personal data – you have the right to receive confirmation from us as to whether we process your personal data and, if this is the case, you have the right to access your personal data and information.
  • Right of rectification of personal data: if you discover that the personal data we process on you is incorrect, you have the right to make us correct this personal data.
  • Right of erasure of personal data (the right to be forgotten): under certain circumstances, if your personal data is processed illegally or you have withdrawn your consent (if the personal data processing is based on consent), you have the right to request and receive erasure of your personal data by us.
  • Right to restrict processing: under certain circumstances, for example if you doubt the accuracy of your personal data or have objected our legitimate goal for processing your personal data, you have the right to request us to restrict the processing of your personal data until a solution is found.
  • The right to object: under certain circumstances, for example if you doubt our legitimate interest in processing your personal data, you have the right to object such processing based on reasons related to your particular situation.
  • Right to data portability: if your personal data is processed automatically based on your consent or for the purpose of performing our contractual obligations, you have the right to request us to provide you with your personal data in a machine-readable format to transfer them to another data controller.
  • Right to lodge a complaint with a supervisory authority: you have the right to lodge a complaint in terms of the processing of your personal data by us with the respective competent supervisory authority under the legislation of the Republic of Bulgaria and under Chapter VI of the GDPR or any other applicable EU regulation or international agreement. The competent supervisory authority in the Republic of Bulgaria is the Personal Data Protection Commission.

Section 9 – Miscellaneous

This Privacy Policy is an integral part of the General Terms and Conditions in force for the services, available on the Website. It should be interpreted in relation to them in terms of purchasing products from the Website.
In the event of any disputes between a user and Crupon, these disputes shall be settled in the spirit of mutual understanding and compromise. If impossible, the competent authority to resolve any possible disputes shall be the Bulgarian court, applying Bulgarian and EU legislation applicable as of the moment of resolving the problem.
Crupon reserves the right to make changes to this Privacy Policy at any given moment by publishing the changed terms and conditions on the Website. In this case, you will be asked to accept the changed Privacy Policy once again.
Personal Data Controller: Crupon Lab Ltd, VAT: BG205379129, having its registered office and principal place of business in: city of Bulgaria, 1407 Sofia, 47 Cherni Vrah Blvd; contact address and phone number: city of Bulgaria, 1407 Sofia, 47 Cherni Vrah Blvd; phone number: +359 886 077 159; email address:
Data Protection Officer: Dimitar Stefanov Nedialkov; email address:
(Please not that any data subject access requests under Regulation (EU) 2016/679 sent by mail or courier require additional identification by presenting an ID document by the data subject or by sending the request by email, where this request shall be e-signed by the subject data. Data access requests can also be sent by a legalized proxy of the subject data, where in this case, the proxy should provide a duly notarized power of attorney).