This Privacy Policy explains how CANDAON Ltd. (КАНДАОН ООД) (“we”, “us”, “our”) collects, uses, and protects personal data when you use the Crude & Rude website (the “Website”). We are committed to processing personal data lawfully, fairly, and transparently.
1. Data Controller
The data controller responsible for processing personal data is:
- Company: CANDAON Ltd. (КАНДАОН ООД)
- UIC / EIK: 204894731
- VAT number: BG204894731
- Registered address: 4 Arabakonak St., Entrance B, Floor 3, Apt. 32, 4003 Plovdiv, Bulgaria
- Email: crudeandrude@unstack.dev
- Phone: +359 899 937 142
2. Scope of This Policy
This Privacy Policy applies to visitors browsing the Website anonymously, registered users, and customers placing orders. It governs all processing of personal data carried out through the Website in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Bulgarian law.
3. Personal Data We Collect
3.1 Data You Provide Voluntarily
Depending on how you use the Website, we may collect personal data such as your name, email address, phone number, billing and delivery address, account credentials (if you create an account), and order-related information.
Payment information: payment card details are securely processed by Stripe, a third-party payment service provider. We do not receive, store, or have access to full payment card numbers, card verification codes (CVC), or similar sensitive authentication data. Stripe processes payment data in accordance with its own privacy policy and applicable security standards, including PCI-DSS requirements. Limited payment-related information (such as payment status, transaction ID, and billing details) may be shared with us solely for order processing, accounting, and customer support purposes.
3.2 Data Collected Automatically
When you visit the Website, limited technical data may be collected automatically, such as IP address, browser type and version, device type, and pages visited. This data is used strictly for security, operational stability, and legal compliance.
4. Purposes and Legal Basis of Processing
Personal data is processed only when a lawful basis exists under GDPR, including performance of a contract, compliance with legal obligations, legitimate interests related to Website security and functionality, or your explicit consent where required.
5. Cookies and Similar Technologies
We use cookies only to the extent necessary for the proper functioning of the Website. These include session cookies, security-related cookies, and essential preference cookies.
We do not use advertising or cross-site tracking cookies. If, in the future, privacy-respecting usage statistics or analytics are introduced, they will rely on anonymized or aggregated data and this Privacy Policy will be updated accordingly.
6. Data Sharing and Third Parties
Personal data may be shared only when necessary, including with courier services for delivery, payment service providers, IT and hosting providers, or competent authorities where required by law. We do not sell personal data.
7. Data Retention
Personal data is retained only for as long as necessary for contract execution, legal and accounting obligations, and dispute resolution. After applicable retention periods expire, data is deleted or anonymized.
8. Your Rights
You have the right to access, rectify, delete, or restrict processing of your personal data, to object to processing, to request data portability, and to withdraw consent where applicable. Requests can be sent to crudeandrude@unstack.dev.
You also have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection.
9. Data Security
Appropriate technical and organizational measures are implemented to protect personal data against unauthorized access, loss, alteration, or disclosure. While no system can be guaranteed as completely secure, reasonable safeguards are applied.
10. International Data Transfers
Personal data is not intentionally transferred outside the European Economic Area unless adequate safeguards are in place in accordance with GDPR.
11. Children’s Data
The Website is not intended for use by persons under the age of 16. We do not knowingly collect personal data from children.
12. Changes to This Policy
This Privacy Policy may be updated from time to time. The version in force at the time of data collection shall apply.
13. Contact
For questions regarding this Privacy Policy or the processing of personal data, contact us at crudeandrude@unstack.dev.