Privacy Policy


The present privacy policy (the “Privacy Policy”) contains information with regards to the processing of customer-related personal information on the website (the “Website”).

The Website is property of D2Line OOD, a company registered in the Commercial Register of the Republic of Bulgaria under universal identification code: 204965840, VAT reg. number BG 204965840, with seat and address of management at No. 301 Saedinenie Str., Lozen, Capital Municipality, Sofia City Province, Bulgaria (hereinafter “D2Line”, “We” or “Us”).



Whenever consumers visit the Website to view its contents and/or use its features including to make purchases from the Website We collect personally identifying information (“Personal Data”) about consumers via digital tracking technologies (cookies) as well as personal data manually entered in the Website for the purposes of analysing user behaviour and interests, adding products to user Shopping Cart or developing wishlists, participation in promotion campaigns and loyalty programmes as well as any other personal data they provide including for the purposes of making registration on the Website or subscribing for any D2Line newsletters.

The types of personal data that we collect whenever visitors and users of the Website manually enter it in the course of making registration or purchasing products include name, address, phone number, email address, purchase information and purchase method, and associated information such as credit or debit card information used to facilitate the sale of the products.
To review our rules with regards to the automatic collection of personal data and our use of digital tracking technologies please visit our Cookie Policy which represents an integral part to this policy.



The personal data collected through the Website is primarily processed using computer and electronic means, adopting security measures in order to reduce to a minimum the risks of destruction or loss, including accidental loss, of the data itself, unauthorized access or processing without consent, or processing that is not in conformity with the purposes of collection indicated in this Privacy Policy.
Each purchase on the Website is made with the utmost security thanks to our partnership with Fibank Bulgaria ( and their secure virtual POS terminal payment system.



Through the Website, different types of personal data are collected and processed, for different purposes and on different legal grounds. More precisely:

(a) personal data related to browsing and collected via cookies is processed on grounds of the performance of contracts or functioning of the Website (for necessary and functionality cookies) or on grounds of our legitimate interest (for marketing and analysing cookies);

(b) personal data provided manually by users in the course of making orders on the Website is processed on grounds of the conclusion and performance of contracts for sale of the products marketed on the Website;

(c) personal data provided manually by users in the course of registering on the Website or the personal data related to subscribing to our newsletter and other D2Line communication is processed on grounds of the explicit consent of the consumer.



Personal data linked to the purchase will be stored for at least 10 years to comply with tax and civil law. Moreover, the data linked to the purchase may be stored for a longer period of time in order to comply with the contractual unlimited warranty granted to the client.
Unless provided otherwise by the applicable laws consent-based processing of personal data such as data provided for marketing and profiling activities are kept as long as necessary for the particular processing also with reference to the specific sector of activity and considering the interest demonstrated by the users to be updated on the products. Consumers subscribing to our newsletter will be asked to renew their consent no later than 2 (two) years after subscription or consent renewal.
Personal data of consumers who have not renewed their consent and where D2Line cannot demonstrate any other legal grounds for the processing shall be deleted without undue delay.



D2Line discloses the personal data collected over the Website only as permitted by law. Personal data shall be processed and disclosed to:
(i) consultants of D2Line such as lawyers or accounts, processing data in their capacity of persons in charge of the processing for internal organization of the activities;
(ii) D2Line business partners such as banks, couriers, system administrators and marketing companies acting in their capacity of data processors and providing D2Line with specific technical and organizational services in relation to the Website or the sale of the products (logistics services, IT services and marketing services).
(iii) police and judicial authorities, in compliance with the law and upon their request, or in case there are good reasons to believe that such disclosure is reasonably necessary to (1) investigate, prevent or take initiatives in relation to suspected unlawful activities, or assist national supervisory authorities; (2) prepare a defence against third party claims or charges, protect the security of its own website and of the company; (3) exercise or protect the rights, property or security of D2Line, its affiliates, customers, employees and third parties.

D2Line process personal data using servers located within the European Union.
Although D2Line does not intend to, in the cases when D2Line transfers personal data outside the European Economic Area it shall ensure that the relevant country has been established to have an adequate level of personal data protection or D2Line shall require its partner to conclude the EU’s Standard Contractual Clauses in order to protect the transferred personal data.



A user always has the right to obtain confirmation whether or not personal data concerning him/her exists, even if it is not yet recorded, and to have it communicated to him/her in an intelligible form.
A user also has the right to obtain information about the source of personal data; the purposes and methods of processing it, the logic applied in the event of processing that is performed with the aid of electronic instruments; the identification details of the controller and data processors; and indication of the persons or categories of persons whose personal data may be communicated, or who could end up being known by, for example, data processors or agents as data supervisors or data processors.
A user also has the right to request an update, correction or, when s/he has an interest in doing so, an inclusion of personal data, deletion, conversion to an anonymous form or the blocking of personal data, that has been processed in violation of the law, including data which it is not necessary to keep in relation to the purposes for which it was collected or subsequently processed; a statement that the above operations were disclosed, including in terms of their content, to those parties to whom the data was communicated, except in the case in which such performance proves impossible or entails the use of methods that are clearly disproportionate to the right protected. The user can also ask for the portability of his/her data.
A user nevertheless has the right to object, in part or in full, for legitimate reasons, the processing of personal data concerning him/her, even if it is pertinent to the scope of the collection, the processing of personal data concerning him/her for the purposes of sending advertising or direct marketing materials, or to conduct market research or commercial communications and he has the right to ask restriction of processing concerning itself. The right to object may also be exercised specifically with regard to one or more methods of sending marketing communications.
The user also has the right to lodge a complaint with a data protection authority (please find more information below) as well as the right to withdraw the consent previously given.



This Privacy Policy is in effect from May 25th 2018. Date of latest update is September 2nd, 2019.

Please note that this Privacy Policy has been drawn up and is governed by the EU General Data Protection Regulation (Regulation 2016/679/EU). Insofar as the General Data Protection Regulation does not apply, this Privacy Policy shall be regulated by the laws of the Republic of Bulgaria.

Changes in the applicable laws including the GDPR might require Us to amend this policy from time to time. We shall inform you for any such changes to this policy to the email address provided by you for receiving communications from D2Line.

In case you need any information or assistance with regards to the processing of your data or to exercise your legal rights as data subject please contact Us at [email protected].

The application of this Privacy Policy and the processing of personal data carried by D2Line is subject to the control of the Commission for Personal Data Protection of the Republic of Bulgaria,

Depending on your place of living you might also be able to refer to another Data Protection Authority (DPA) within the European Union. Please find a list of DPAs within the EU and their contact details here: