GDPR Data Protection Policy

At ExpozyMart, we are committed to protecting your personal data and respecting your privacy. This GDPR Policy explains how we collect, process, and safeguard your personal information in compliance with the General Data Protection Regulation (GDPR).

Data Controller Information

ExpozyMart is the data controller responsible for your personal data. Our contact details are:

  • Company Name: ExpozyMart Ltd.
  • Address: 15 Vitosha Street, Sofia, Bulgaria
  • Email: [email protected]
  • Phone: +359 888 123 456

If you have any questions about this GDPR Policy or our data practices, please contact our Data Protection Officer at [email protected].

Personal Data We Collect

We may collect, use, store, and transfer different kinds of personal data about you, including:

Identity & Contact Data

  • Name
  • Email address
  • Phone number
  • Shipping address
  • Billing address

Financial Data

  • Payment information
  • Cryptocurrency wallet addresses
  • Transaction history
  • Purchase history

Technical Data

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Time zone and location

Usage Data

  • Pages visited
  • Products viewed
  • Time spent on site
  • Click patterns
  • Shopping preferences

How We Use Your Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

To process your orders

We need your personal data to fulfill our contract with you, including processing your payment, shipping your order, and providing customer support.

To improve our services

We analyze usage data to enhance our website, products, and customer experience based on our legitimate interests.

To communicate with you

We may use your contact information to send you important updates about your orders, our services, or changes to our terms and policies.

For marketing purposes

With your consent, we may send you marketing communications about our products, promotions, and special offers. You can opt out of these communications at any time.

Data Security

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. These measures include:

  • Encryption of sensitive data
  • Secure SSL connections for all website traffic
  • Regular security assessments and penetration testing
  • Access controls and authentication procedures
  • Staff training on data protection and security

We limit access to your personal data to employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and are subject to a duty of confidentiality.

We have procedures in place to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Data Retention

We will only retain your personal data for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process your personal data
  • Whether we can achieve those purposes through other means
  • The applicable legal requirements

In general, we keep basic customer information (name, email, address) for up to 7 years after your last purchase for tax and accounting purposes. Payment information is retained according to payment processor requirements and applicable laws.

Your Legal Rights

Under the GDPR, you have the following rights regarding your personal data:

Right to Access

You can request a copy of the personal data we hold about you and check that we are lawfully processing it.

Right to Rectification

You can request that we correct any incomplete or inaccurate data we hold about you.

Right to Erasure

You can request that we delete your personal data in certain circumstances, such as when the data is no longer necessary.

Right to Restrict Processing

You can request that we suspend the processing of your personal data in certain circumstances.

Right to Data Portability

You can request that we transfer your personal data to you or a third party in a structured, commonly used, machine-readable format.

Right to Object

You can object to the processing of your personal data in certain circumstances, particularly for direct marketing purposes.

To exercise any of these rights, please contact us at [email protected]. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to distinguish you from other users of our website. This helps us provide you with a good experience when you browse our website and also allows us to improve our site.

We use the following types of cookies:

  • Strictly Necessary Cookies: Required for the operation of our website. They include, for example, cookies that enable you to log into secure areas or use a shopping cart.
  • Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our website. This helps us improve the way our website works.
  • Functionality Cookies: Used to recognize you when you return to our website. This enables us to personalize our content for you and remember your preferences.
  • Targeting Cookies: Record your visit to our website, the pages you have visited, and the links you have followed. We use this information to make our website and the advertising displayed on it more relevant to your interests.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

For more detailed information about the cookies we use, please see our Cookie Policy.

International Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
  • Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield, which requires them to provide similar protection to personal data shared between Europe and the US.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Last Updated: May 14, 2025

If you have any questions about this GDPR Policy, please contact our Data Protection Officer at [email protected].

Need to exercise your GDPR rights?

Our Data Protection team is ready to assist you with any requests regarding your personal data.

Submit a Request