Skip to main content

Information About the Data Controller

Provider

Summer Sunrise Holding ltd. is a company (“Provider”) registered in accordance with the Companies Law of the Republic of Bulgaria, company registration number 207417272, registered address Bitolya Str. 29, 1st Floor, Office 1, Varna, Republic of Bulgaria, email address: This email address is being protected from spambots. You need JavaScript enabled to view it., telephone +359 88 50 77 378.

Legal Basis and Purposes for Processing Your Personal Data
We process your personal data on the following grounds:

  • Contracts for the delivery of our products;

  • Your explicit consent – the purpose is specified for each specific case;

  • When required by law.

In the following sections, you will find detailed information about the processing of your personal data depending on the legal basis for such processing.

For the Performance of a Contract
We process your personal data to fulfill contractual and pre-contractual obligations and to exercise rights under the contracts concluded with you.

Purposes of processing:

  • Verifying your identity;

  • Providing the functionalities of our website;

  • Preparing and sending invoices for the services you purchase from us;

  • Detecting and/or preventing unlawful actions or actions contrary to our terms.

Data we process on this basis:
Based on the contract concluded between us, we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:

  • Contact details – address, email, phone number;

  • Identification data – full name, personal identification number, address;

  • Data about orders placed;

  • Correspondence related to overall service – emails, letters, requests for problem resolution, complaints, petitions, feedback received from you;

  • Payment information – credit/debit card details, bank account number, or other banking/payment information related to transactions;

  • Other information such as:

    • IP address when visiting our website;

    • Demographic data;

    • Social media profile information;

    • Information about your actions on the website.

Processing the personal data listed above is mandatory for us to conclude and perform the contract with you. Without providing these data, we would not be able to fulfill our contractual obligations.

Sharing personal data with third parties
We may share your personal data with third parties – subcontractors, including courier service providers, for the purpose of delivering ordered goods or, with your explicit consent, for direct marketing purposes.

Retention period for data collected on this basis
Data collected on this basis are deleted 2 years after termination of the contractual relationship, regardless of whether due to expiration of the contract term, cancellation, or other reason.

For Compliance with Legal Obligations
We may be legally required to process your personal data. In such cases, we are obliged to carry out processing, for example:

  • Obligations under the Law on Measures Against Money Laundering;

  • Compliance with obligations regarding distance selling, off-premises sales under the Consumer Protection Act;

  • Providing information to the Consumer Protection Commission or other entities under the Consumer Protection Act;

  • Providing information to the Data Protection Commission as required by data protection law;

  • Obligations under the Accounting Act, Tax and Social Security Procedural Code, and other related regulations;

  • Providing information to courts or third parties during legal proceedings, according to applicable law;

  • Age verification for online purchases.

Retention period for data collected on this basis
Data collected under legal obligations are deleted once the obligation to collect and store them is fulfilled or no longer applies.

Based on Your Consent
We process your personal data on this basis only after your explicit, unambiguous, and voluntary consent. No adverse consequences will result if you refuse to provide consent.

Consent is a separate legal basis for processing your personal data, and the purpose of processing is stated in the consent itself. If you provide consent, we may prepare personalized product/service offers and perform detailed analyses of your basic personal data until the consent is withdrawn or any contractual relationship ends.

Data we process on this basis:
On this basis, we may process personal data for direct marketing purposes, including website usage data and social media profile data.

Sharing personal data with third parties
We may share your data with marketing agencies, Facebook, Google, or similar entities.

Withdrawal of consent
Consent may be withdrawn at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent, you can use our website or contact details.

Retention period for data collected on this basis
Data collected on this basis are deleted upon your request or 12 months after initial collection.

How We Protect Your Personal Data
To ensure adequate protection of company and client data, we implement all necessary organizational and technical measures provided by data protection law.
The company has established rules to prevent misuse and security breaches, supporting data security processes.
For maximum security during processing, transfer, and storage of your data, we may use additional mechanisms such as encryption, pseudonymization, etc.

Data Subject Rights
Every website user has all rights under Bulgarian and EU law regarding personal data protection.
Users can exercise their rights by sending a message to our email.

Every user has the right to:

  • Be informed about the processing of their data;

  • Access their personal data;

  • Rectify inaccurate data;

  • Delete personal data (“right to be forgotten”);

  • Restrict processing by the administrator or processor;

  • Data portability between administrators;

  • Object to the processing of their personal data;

  • Not be subject to decisions based solely on automated processing, including profiling, which significantly affects them;

  • Seek protection through judicial or administrative means if their data rights are violated.

Conditions for deletion:
A user can request deletion if:

  • Data are no longer necessary for their purpose;

  • The user withdraws consent and there is no other legal basis;

  • The user objects to processing and no lawful grounds prevail;

  • Data were processed unlawfully;

  • Data must be deleted to comply with legal obligations;

  • Data were collected in relation to online services offered to children, with parental consent.

Conditions for restricting processing:
Processing may be restricted if:

  • The accuracy of the data is contested;

  • Processing is unlawful but deletion is not desired;

  • The administrator no longer needs the data, but the user requires them for legal claims;

  • The user objects pending verification of lawful grounds.

Right to data portability
Users have the right to receive personal data they provided in a structured, commonly used, machine-readable format and transfer it to another administrator without hindrance. Direct transfer between administrators is possible when technically feasible.

Right to object
Users may object to data processing, and the administrator must cease processing unless overriding legal grounds exist. Objections to direct marketing must be immediately honored.

Complaint to supervisory authority
Users have the right to file a complaint with the Data Protection Commission or competent court if data processing is unlawful.

About us

Contact Us

Company Details

Cookies Policy

Privacy Policy

Terms and Conditions

Cancellation Policy

Accessibility

We host with green power:  

hosted with 100% green energy by all‑inkl.com

©2025 Summer Sunrise Holding Ltd. All rights reserved