My cart

Your shopping cart is empty

Privacy Policy

2025-05-28T16:06:31+03:00

Privacy Policy

"LIM" Ltd.
(Notification regarding the processing of personal data)

Personal Data Controller:

  1. Name: "LIM" Ltd.
  2. UIC: 208198228
  3. Registered office and address: 
  4. Telephone: 0894055508
  5. Email address: info@shopatlim.com
  6. Website: shopatlim.com

"LIM" Ltd. ("the Company" or "the Controller") carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data ("General Data Protection Regulation" or "GDPR"). This Privacy Policy (the "Privacy Policy" or "Policy") aims to inform each Client (as defined below) of the Company about the processing of data that identifies or could identify the specific Client.

For the purposes of this Policy, a "Client" is any natural person who is a party to a contract with the Company for the purchase of goods, or a natural person who has expressed intent to enter into pre-contractual relations with the Controller and/or a user of the E-commerce platform LIM, available online at: shopatlim.com, as well as a director, manager, representative, proxy, employee, partner, shareholder, or beneficial owner of a legal entity or other legal formation using the E-commerce platform.


1. What personal data do we process?

The Company, as a data controller, processes the following categories of personal data of its Clients:

  • Physical identity – names, personal identification number (EGN), address, phone number, email address;
  • Economic identity – bank account information.

Personal data is collected by the Controller directly from the individuals to whom the data pertains.


2. How do we collect personal data?

We collect personal data:

  • during registration on the e-commerce website or when using the platform without registration;
  • during communication with the Client, which may include written (including electronic) or oral communication;
  • through cookies when using or browsing our website.

In some cases, we may also collect information from third parties or public sources.

Our website collects data in log files. This information includes your IP address, internet service provider, browser, operating system, time of visit, and visited pages.

Our website uses "cookies"—small files with information sent from our site to the visitor’s browser, which stores this information in a text file on the user’s device. These help us optimize our site’s performance. More information can be found in our Cookie Policy at: www.shopatlim.com.


3. Do we process special categories of personal data?

The Company does not process special categories of personal data (sensitive data) of Clients.


4. For what purposes do we process personal data?

The Company processes Clients’ personal data for the following purposes:

  • providing requested information and assistance;
  • identifying and contacting Clients and beneficial owners;
  • managing all activities related to the establishment, modification, and termination of relationships between the Company and the Client;
  • offering and promoting additional services;
  • compliance with regulatory requirements;
  • protecting interests in case of disputes and cooperating with regulatory bodies as required by law.

Failure to provide or process this data may prevent us from providing our services or the requested assistance.


5. What is the legal basis for processing personal data?

Clients’ personal data is collected, processed, and used on the basis of:

  • performance of a contract or steps prior to entering into a contract;
  • compliance with a legal obligation applicable to the Company;
  • legitimate interests pursued by the Company or a third party, provided that such interests are not overridden by Clients’ rights—e.g., dispute resolution, fraud prevention, legal claims;
  • consent, where required by applicable law.


6. How long do we retain personal data?

We retain personal data during the contractual relationship and until the settlement of obligations under the contract, including a transitional period for compliance with archiving and accounting requirements.

If legal or other proceedings are initiated, data may be retained until the conclusion of such proceedings, including all appeal periods, after which it will be deleted or archived in accordance with applicable law.

Accounting and tax records containing personal data are retained for 10 years, starting from January 1 of the accounting period following the one to which they relate.

If data is processed based on your consent, it will be retained only as long as your consent remains valid.


7. With whom do we share personal data? Are they transferred to third countries?

The Company may share data with:

  • Data processors to fulfill the purposes of processing under GDPR compliance;
  • Third parties: service providers performing functions on our behalf;
  • Authorities: regulatory bodies, tax and financial authorities, courts, law enforcement agencies, all in accordance with applicable law.

This list is not exhaustive—there may be other legal reasons for data sharing or processing.

We notify Clients if there is an intention to transfer data to third countries or international organizations.


8. Are personal data protected?

The Company implements appropriate technical and organizational measures to protect personal data from unlawful access, use, accidental loss, alteration, disclosure, or damage. These measures ensure ongoing confidentiality and security and are reviewed regularly.


9. Do we use automated decision-making?

The Company does not carry out automated decision-making with personal data.


10. What are Clients’ data protection rights?

Clients can exercise the following rights via written notice to the Company:

  • Withdrawal of consent – Clients may withdraw their consent at any time, without affecting the lawfulness of prior processing.
  • Right of access – Clients have the right to confirm whether their data is processed and to receive a free copy, along with basic information, unless excessive or repetitive requests apply.
  • Right to rectification – Clients may correct or request correction of inaccurate, incomplete, or outdated data.
  • Right to erasure ("right to be forgotten"), when:
    • data is no longer needed;
    • consent is withdrawn;
    • data was unlawfully processed;
    • erasure is required by law;
    • data was collected in connection with information society services.
  • The Company may deny erasure if processing is necessary for freedom of expression, legal obligations, public interest, research, or legal claims.
  • Right to restriction of processing, when:
    • the accuracy is contested;
    • processing is unlawful but deletion is not desired;
    • data is no longer needed but required for legal claims;
    • processing is contested pending legitimate interest evaluation.
  • Right to object – Clients may object to processing based on legitimate interest. If justified, processing will be stopped unless overriding legal grounds exist.
  • Right to data portability, including:
    • receiving data in a structured, machine-readable format;
    • requesting transfer to another controller, where technically feasible.
  • Right to lodge a complaint with the Commission for Personal Data Protection:

Commission for Personal Data Protection
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
Phone: (02) 91 53 519
Fax: (02) 91 53 525
Email: kzld@cpdp.bg
Website: www.cpdp.bg


11. What happens if there is a change?

If there is a significant change in how the Company processes personal data, the types of data processed, or any aspect of this notification, Clients will be promptly notified and provided with an updated version of this Policy.

We use cookies to ensure that our website works well for you, respecting all rules and good practices for the privacy of your personal data. Agreement page