Privacy Policy

(Personal Data Collection and Processing Policy of website https://www.cruponsandals.com)

 
This privacy policy aims to give you information on how the company, which owns the website https://www.cruponsandals.com  (hereinafter referred to as The Website) – Crupon Lab Ltd., VAT: BG205379129 (hereinafter referred to as Crupon) treats (collects, processes, stores, shares, etc.) your personal data and how you could control your preferences and settings in relation to this treatment. Furthermore, this Privacy Policy is fully in line with the provisions of the  General Data Protection Regulation (GDPR) 2016/679, currently in force within the European Economic Area (EEA). You can find the full text of the regulation at: https://gdpr-info.eu/.
The Website has been built fully based on the functionalities, available via the e-commerce platform Shopify (https://www.shopify.com/), which allows traders to create their own unique online store using the available models, codes and designs and combining them as they find appropriate. The relationships between Crupon and Shopify are commercial and have been settled through a business agreement (General Terms and Conditions). Therefore, Crupon and the Website, as well as all applicable rules in relation to the processing of the Website users'personal data, are closely bound to Shopify's rules, which also determines the circumstance that this Policy contains references and links to the policies, adopted and implemented by our partner Shopify, which we have in turn adopted and implemented in our operations.
Generally and above all, we should note that Crupon collects and processes your personal data for the following purposes: (1) to fulfil our obligations as a seller of women's fashion clothing and accessories; (2) to deliver the Website's functionalities in the fullest and most efficient way possible; (3) to deliver information, products and services explicitly requested by our customers (for example, sending out newsletters, etc.); (4) to perform market analysis and statistical research for the purpose of internal marketing and statistical activities relating to Crupon.
I. Section One – Registered website users data we collect
For clarity purposes, below you will find lists of the respective types of personal data Crupon collects from the Website users, arranged based on the specific purposes and processes whose implementation requires the collection of personal data, namely:  
  1. Section 2 – Data collected about all Website visitors

III. Section 3 –Rules on the cookies used and data collected through cookies (Cookie Policy)


Any and all cookies used on the Website are session (temporary) cookies, which have different validity as set by our partner Shopify.
Cookies are essentially small text files sent by the web server to the used browser and stored on your device so the Website can recognize them. There are two types of cookies – permanent and session (temporary) cookies. Permanent cookies are stored as a file on your computer or mobile device for a longer period of time. Session cookies are stored temporarily on your device, when you visit the Website, and are erased relatively soon after you close the Website. Most cookies don't contain any sensitive information about you or any personal data that can identify you directly.
We use cookies mainly to monitor your behavior in the following aspects:
 

 
Third-party cookies
We use some third-party cookies as part of our services. These cookies are managed by the respective websites and are not in our control. We can also use some authorized third parties to put cookies during your visits of our websites for the purposes of the services they provide to us. Below, you can find a list of the third-party services we use, some of which can be switched off via the general settings of your browser. For other cookies, you may need to visit the respective websites and follow the instructions given there.
Cookie name Cookie function
_ab Used in connection with access to admin.
_orig_referrer Used in connection with shopping cart.
_secure_session_id Used in connection with navigation through a storefront.
Cart Used in connection with shopping cart.
cart_sig Used in connection with checkout.
cart_ts Used in connection with checkout.
checkout_token Used in connection with checkout.
Secret Used in connection with checkout.
Secure_customer_sig Used in connection with customer login.
storefront_digest Used in connection with customer login.
 
 
Cookie name Cookie function
_landing_page Track landing pages.
_orig_referrer Track landing pages.
_s Shopify analytics.
_shopify_fs Shopify analytics.
_shopify_s Shopify analytics.
_shopify_sa_p Shopify analytics relating to marketing & referrals.
_shopify_sa_t Shopify analytics relating to marketing & referrals.
_shopify_uniq Shopify analytics.
_shopify_visit Shopify analytics.
_shopify_y Shopify analytics.
_y Shopify analytics.
tracked_start_checkout Shopify analytics relating to checkout.
 
 
Cookie name Cookie function
_ga Used to distinguish users.
_gid Used to distinguish users.
_gat or _dc_gtm_<property-id> Used to throttle request rate. If Google Analytics is deployed via Google Tag Manager, this cookie will be named dc_gtm<property-id>.
_dc_gtm_<property-id> Used when data is deployed via Google Tag Manager, where <property-id> is a unique identifier of the Google Tag Manager profile, for example: _dc_gtm_UA-68436640-7
AMP_TOKEN Used to retrieve a Client ID from AMP Client ID service. Other possible values indicate opt-out, inflight request or an error retrieving a Client ID from AMP Client ID service.
_gac_<property-id> Contains campaign related information for the user. If you have linked your Google Analytics and Google Ads accounts, Google Ads website conversion tags will read this cookie unless you opt-out.

Here are some sources where you can find detailed information about Google Analytics:
You can find detailed technical information here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage;
You can find the Privacy Policy and Terms and Conditions of Google, including Google Analytics, here: https://policies.google.com/technologies/partner-sites?hl=bg;
If you would like to ban Google Analytics from tracing your behavior, you can use the following tool provided by the provider: https://tools.google.com/dlpage/gaoptout.


Section 4 – Who do we share your personal data with


Sometimes we share your personal data with third parties. This is aimed at providing you with the best possible experience when using our Website, and sometimes – to secure and make available our service in general.
Crupon does not grant usage rights, and does not sell, reveal or share your information (personal data under GDPR) with other entities or non-related companies, unless this is necessary to provide you with the services you requested and you have given your permission, or in any of the following hypotheses:

 

If you do not wish us to send the information to some of our partners, you can withdraw your consent by contacting us in any of the ways indicated at the bottom of this Policy.
 
V. Section 5 – Personal Data Protection 


Crupon shall maintain appropriate technical and organizational measures to guarantee the security of all Website user data in line with all mandatory requirements of the applicable EU and Bulgarian law.
All your personal data we receive is processed in Ireland by the e-commerce platform Shopify and is stored on Shopify servers physically based in the US/Canada.
We limit any access to your information by employees or third-party vendors, working on assignments and under the control of Crupon
This Website uses HTTPS-encrypted connection and Shopify certificates.
 
VI. Section 6 – Data transfer outside EEA


Crupon does not perform direct user personal data transfer to countries outside the EU and the EEA.
Some of our partners may transfer data outside the EEA, when a decision has been made in terms of the adequate level of protection, for example – in the case of the EU-US Privacy Shield. For more information, please see our partners' privacy policies.


VII. Section 7 – How long we store your personal data


Data storage continues for as long as we have a reason to store the data. For example – a user has agreed for us to collect and process their information or has a profile on the Website.
Generally, the period after which we will delete the data used to purchase an item via the Website, including to return this item, is six months after the last activity in relation to the particular case.
For the purposes of measuring user behaviour on the Website, we store personal data based on the period of validity of the respective cookie recording.
 
VIII. Section 8 – Data subject rights under GDPR

Section 9 – Miscellaneous


This Privacy Policy is an integral part of the General Terms and Conditions in force for the services, available on the Website. It should be interpreted in relation to them in terms of purchasing products from the Website.
In the event of any disputes between a user and Crupon, these disputes shall be settled in the spirit of mutual understanding and compromise. If impossible, the competent authority to resolve any possible disputes shall be the Bulgarian court, applying Bulgarian and EU legislation applicable as of the moment of resolving the problem.
Crupon reserves the right to make changes to this Privacy Policy at any given moment by publishing the changed terms and conditions on the Website. In this case, you will be asked to accept the changed Privacy Policy once again.
Contacts:
Personal Data Controller: Crupon Lab Ltd, VAT: BG205379129, having its registered office and principal place of business in: city of Bulgaria, Gorna Oriahovitca, 5 Pirot St; contact address and phone number: city of Bulgaria, Sofia, 25 Solunska; phone number: +359 886 077 159; email address: info@crupon.eu
Data Protection Officer: Dimitar Stefanov Nedialkov; email address: 3dviss@gmail.com
(Please not that any data subject access requests under Regulation (EU) 2016/679 sent by mail or courier require additional identification by presenting an ID document by the data subject or by sending the request by email, where this request shall be e-signed by the subject data. Data access requests can also be sent by a legalized proxy of the subject data, where in this case, the proxy should provide a duly notarized power of attorney).