Privacy Policy

The controller “Alpha Life Sciences” Ltd. carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

I. Basis for collecting, processing and storing your personal data

Art.1. The controller collects and processes your personal data on the basis of Art. 1, Regulation (EU) 2016/679, and in particular on the basis of the following:

Explicit consent obtained from you as a user of the service as a customer;
Performance of the Administrator’s obligations under a distance contract with you;
Compliance with a legal obligation applicable to the Administrator;
Performance of a task of public interest or in the exercise of official authority – of the Administrator;
For the purposes of the legitimate interests of the Controller or a third party.

II. Purposes and principles for the collection, processing and storage of your personal data

Art.2. (1) The Controller collects and processes the personal data you provide to us for the purpose of performing the obligations under the contract, including for the following purposes:

Securing the performance of the contract for the provision of the relevant service – sale of goods online;
Statistical Objectives;
Accounting purposes;
Information Security Protection;
Resolution of disputes between you and third parties.

(2) The controller shall comply with the following principles when processing your personal data:

legality, fairness and transparency;
limitation of the purposes of processing;
relevance to the purposes of the processing and minimisation of the data collected;
data accuracy and timeliness;
limitation of storage to achieve the objectives;
integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.

(3) In processing and storing personal data, the Controller may process and store personal data in order to protect its following legitimate interests:

Fulfilling its obligations to the National Revenue Agency, the Ministry of the Interior and other state and municipal authorities.

III. What types of personal data does the Controller collect, process and store?

Art.3. (1) The controller shall carry out the following operations with personal data for the following purposes:

Creating a profile to use the service (placing an order on the website) – the purpose of this operation is to identify the person in order to provide him with the service;
Service payment processing and accounting – the purpose of this operation is to enable payment for ordered products and accounting;
Order processing of goods – the purpose of this operation is to accept an order and deliver the goods from the online store to the final customer;
Collection of statistics from third parties (Google Analytics) – the purpose of this operation is to improve and optimize the performance of the online store;
Processing of delivery data by third parties for the purpose of delivering the products ordered by the customer (courier companies);
Creation of advertisements and marketing offers by the Administrator through third parties (Facebook Pixel) in order to engage the user and provide the most relevant offer for him;
Storage of data and provision of quality access to the https://alphalifesciences.com/ website through the use of third party hosting and domain – the purpose of this operation is to provide the best user experience and technical support of the online store service, so that at any time when a technical problem occurs, the best service and the fastest solution can be obtained;
Sending newsletters via email from the Administrator and third parties (MailChimp email management platform) – the purpose of this operation is to inform the user about promotional offers and offers, new products and individual offers according to his interest and his explicit consent.

(2) The controller shall collect from the data subject only such personal data as are necessary for the provision of the service for the performance of the contract with the data subject. For delivery via distance contract, the Controller processes the following categories of personal data and information for the following purposes: your individualized data (name and surname, telephone, e-mail and address) – for the purpose of processing and acceptance of the order and delivery of the ordered goods from the e-shop:

First and last name – to identify the person who placed an order online;
Telephone – in order to provide feedback and contact couriers when delivering the ordered products;
Email Email – in order to confirm the order and feedback;
Address – where required for delivery to addresses; In the event that the order is made to a courier office – no personal address is required;
IP address – for statistical purposes and for the correct and optimal functioning of the e-shop; The data is anonymous and does not link the person to the IP address, except in cases where the person has given their explicit consent to register;
Payment details – in order to pay for the ordered products. Type and duration of the services you have used:
Availability of an e-shop account – 3 years of passive use; After this period, in the absence of activity, the account data will be anonymized.
Sending advertising and marketing offers from third parties – from 3 to 6 months depending on user activity – the aim is to send engaging messages and offers that the customer is interested in.
Sending newsletters via email from Adminstrator and third parties (MailChimp email management platform) – 3 years in case the user has explicitly consented to receive them upon registration.
Processing of documents from accounting and reporting to legal institutions – the term for accounting records and financial statements is 10 years; for tax and social security control – 5 years after the expiration of the legal limitation period for repayment of the public claim to which they relate. Other accounting and commercial documents – 5 years. After the expiry of the retention periods, if they are not subject to archiving in the National Archive Fund, the data collected shall be destroyed.

Information related to payment and selected payment methods:

Cash on delivery via Postal Money Order – PPT through a licensed postal operator (payment on delivery) – in order to pay for the ordered products; Data is collected to identify the person who should receive and pay for the ordered products – names, address, telephone number and payment amount.
By bank transfer (payment by bank transfer before delivery) – in order to facilitate the customer in ordering the desired products; Data necessary for payment by bank transfer required by law are collected – names, IBAN account, payment amount and delivery address.
By credit/debit card – through a licensed financial service provider to facilitate the customer in paying for the desired products.

(3) The controller shall have the right to refuse the provision of the service or access to a site without registration or consent to the processing of personal data by the data subject, including but not limited to the following cases:

Individualization of the data subject is necessary for the purposes of receiving the ordered products, payment and issuing accounting documents;
The service provided requires individualization of the data subject for the purposes of the normal and qualitative functioning of the service;
Individualization of the data subject is necessary for the purposes of fulfilling the requirements for providing information or exercising the data subject’s rights under the GDPR and applicable law;
The information requested is necessary for the performance of the Controller’s obligations under applicable law.

(4) The Controller shall not collect or process personal data relating to the following:

reveal racial or ethnic origin;
reveal political, religious or philosophical beliefs, or trade union membership;
genetic, biometric, health or sexual orientation data

(5) The controller shall process the special categories of data referred to in paragraph (4) on one or more of the following grounds:

Your express consent;
Requirement of labour law and social security and protection law;
Processing is necessary to protect the vital interests of you or another natural person where you are physically or legally incapable of giving your consent in person;
You have made your data public;
Processing is necessary for the establishment, exercise or defence of legal claims or for the performance of the functions of the courts;
There is an important public interest based on EU or Member State law;
The processing is necessary for reasons of public interest in the field of public health;
The processing is necessary for archiving purposes in the public interest, for scientific or historical research, or for statistical purposes.

(6) Personal data is collected by the Controller from the following sources:

E-shop and the web platform of the Administrator – https://alphalifesciences.com/ via registration or contact form for customer service;
Online communication on the social network Facebook in the form of private messages with the Administrator or left as a public comment under the posts on the Facebook page of the Administrator – https://www.facebook.com/
Email when the user contacts the Administrator;
Electronic newsletter and advertising sent by the MailChimp email management platform;
Telephone call to clarify details around an order or telephone order.

IV. Storage period of your personal data

Art.4. (1) The controller shall keep your personal data for a period not exceeding 5 years or the legally required processing of accounting documents mentioned in Art.3. (2). After the expiry of this period, the Controller shall take the necessary care to delete and destroy all your data without undue delay.

(2) The Controller shall notify you in the event that the data retention period needs to be extended in order to fulfil the purposes, fulfil the contract, in view of the legitimate interests of the Controller or otherwise.

V. Transmission of personal data for processing

Art.5. (1) The controller does not and will not transfer personal data to third countries outside the EU or international organizations.

VI. Your rights in the collection, processing and storage of your personal data Right of Access

Art.6. (1) You have the right to request and obtain from the Controller confirmation as to whether personal data relating to you are being processed.

(2) You have the right to access the data relating to it and the information concerning the collection, processing and storage of your personal data.

(3) The controller shall provide you, upon request, with a copy of the personal data processed relating to you in electronic or other appropriate form.

(4) The Controller has facilitated the right of access to your personal data through a technical solution in your profile with the option “Download my data” link to the website page All you have to do is click the button and follow the instructions to electronically receive your personal data stored in the Controller’s system.

(5) Providing access to the data is free of charge, but the Controller reserves the right to impose an administrative fee in case of repetition or excessiveness of requests. The amount of the administrative fee shall start from 20 BGN and may increase manifold in case of excessive requests.

Right of correction or completion

Art.7. (1) You have the right to ask the Administrator to:

rectify inaccurate personal data relating to you via Annex 2;
fill in incomplete personal data relating to you;
to correct your personal data yourself through the technical solution provided in your profile – “My personal information” available here – link to the profile page Right to erasure (“to be forgotten”)

Art.8. (1) You have the right to request the Administrator to delete the personal data relating to you and the Administrator has the obligation to delete them without undue delay where one of the following grounds applies:

the personal data are no longer necessary for the purposes for which the processing is based and there is no other legal basis for the processing;
You withdraw your consent on which the processing is based and there is no other legal basis for the processing;
You object to the processing of personal data relating to you, including for direct marketing purposes, and there are no legitimate grounds for the processing that override;
personal data have been unlawfully processed;
the personal data must be erased in order to comply with a legal obligation under EU or Member State law to which the Controller is subject;
personal data have been collected in connection with the provision of information society services.

(2) The controller is not obliged to erase the personal data if it stores and processes them:

to exercise the right to freedom of expression and the right to information;
to comply with a legal obligation requiring processing under EU or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
for public health reasons;
for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
for the establishment, exercise or defence of legal claims.

(3) The request for deletion and erasure of your data can be sent by e-mail with a completed Attachment No. 4 for Deletion/Erasure of Your Data.

Right to restriction

Art.9. (1) You have the right to request the Controller to restrict the processing of the data related to you through Annex 1 when:

contest the accuracy of the personal data, for a period that allows the Controller to verify the accuracy of the personal data;
the processing is unlawful, but you do not wish the personal data to be erased, but only for its use to be restricted;
The controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise or defence of legal claims;
you have objected to processing pending verification whether the legitimate grounds of the Controller override your interests.

Right to portability

Art.10. (1) If you have consented to the processing of your personal data or processing necessary for the performance of the contract with the Controller, or if your data are processed in an automated manner, you may, after having legitimised yourself to the Controller:

to request the Controller to provide you with your personal data in a readable format and to transfer it to another Controller via Annex 3;
to request the Controller to directly transfer your personal data to a controller you have indicated, where this is technically feasible in the form of a standard and generally accepted data export format – csv, exl or pdf.

Right to receive information

(1) You may request the Controller to inform you of any recipients to whom the personal data for which rectification, erasure or restriction of processing has been requested have been disclosed. The controller may refuse to provide this information if it would be impossible or would require a disproportionate effort.

Right to object

Art.12. (1) You may object at any time to the processing of personal data by the Data Controller which are transmitted to him, including if they are processed for profiling or direct marketing purposes.

Art.13. (1) If the Controller detects a breach of the security of your personal data which may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the breach, as well as of the measures that have been taken or are to be taken.

(2) The controller is not obliged to notify you if:

has taken appropriate technical and organisational measures to protect the data affected by the security breach;
has subsequently taken measures to ensure that the infringement will not result in a high risk to your rights;
notification would require a disproportionate effort.

(3) In the event that the Controller becomes aware of a personal data breach, the Controller shall notify the Personal Data Protection Commission of the breach no later than 72 hours after becoming aware of it, unless the data breach is likely to pose a risk to the rights and freedoms of natural persons.

(4) In the event that, after carrying out a data protection impact assessment, the Data Controller determines that the processing could give rise to a high risk, the Data Controller may, at its discretion, consult the Data Protection Commission.

VII. Persons to whom your personal data is provided

Art.14. (1) For the purpose of processing your personal data and providing the service – ordering and delivery of goods through online order – the Controller may provide the data to the following persons who are data processors:

EUshipment courier company – in order to provide courier service and delivery of ordered goods by the customer;
DHL courier company – in order to provide courier service and delivery of the goods ordered by the customer;
Courier company UPS – in order to provide courier service and delivery of the ordered goods by the customer;
My Pos and Stripe – to process debit and credit card payments;
The MailChimp email management platform with the aim of individual, qualitative and fast solution for the customer’s awareness after his explicit consent;
IT support and hosting – for the purpose of the existence of the online store, its technical support and quality storage of databases on a secured and protected server;
Accounting – to process orders, payments and legally required documents, reports and statements;
State institutions such as the National Revenue Agency, the Ministry of the Interior, the CPPD and other state and municipal authorities in order to fulfil their legal obligations towards them.

VIII. Technical and organisational measures to protect your personal data

Art.15. (1) The controller has taken all necessary measures to ensure the protection of your personal data by carrying out the following activities:

He has limited access to your personal data to the Data Protection and Technical Data Protection Officer;
All personal data is stored solely on the Controller’s online platform, to which there is limited access;
All data and pages in the Administrator’s e-shop are encrypted using an SSL certificate, which makes online shopping secure and safer;
The controller has taken care to automate your rights of access to your personal data and the right to erasure through a technical solution in your profile.
Administrator has provided quick access at any time to the Privacy Policy through a blue “Privacy policy” button at the bottom of the Home Page of the e-shop. Through it, you have quick access at any time to your privacy rights and the ability to manage cookies on the website.
A data processing impact assessment has been carried out to ensure security and demonstrate compliance with GDPR.

IX. Cookie Policy

What are cookies?

Art.16. (1) When you visit a website, it may store or save your browser preferences in the form of small text files called cookies. This information is stored for a period of time so that you do not have to enter the same information each time you visit the site. “Cookies are designed for use by web pages. This data allows the identification of the user’s device and the correct behaviour of a web page, tailored to their individual preferences. “Cookies” usually contain the name of the website, the storage time on the end device and a unique number.

How do we use cookies?

(2) Cookies are used to adapt the content of the page to the user’s preferences and to optimize the use of the website. They are also used to create anonymous statistics (about the user’s behaviour on the website) in order to improve the structure and content of the website.

What cookies do we use?

(3) Some cookies are strictly necessary for the website to function and others are necessary to make the website more user-friendly and relevant to your interests. You can delete or block cookies, but if you do, some features of the site may not work fully. There are generally two main types of cookies used – “session” and “fixed”. Session cookies are temporary files that remain on your device until you exit the website or disable the software that you are using to view the web pages (web browser). Fixed cookies are stored for the period specified in the cookie parameters or until they are manually removed by the user.

Types of cookies

(4) According to the need for the service:

Necessary cookies – these help the website to function properly and be usable by giving access to essential functions such as page navigation, ordering and access to secure areas of the website. The website cannot function properly without these cookies. If you do not want these cookies, you cannot use our website.
Functional cookies – these allow the website to remember information that changes the way the website behaves or looks, such as your preferred language or the region you are in. They are designed to provide a high level of functionality to the site. Turning them off may limit the performance of certain site features.
Statistical cookies – these help the website understand how visitors interact with it by collecting and reporting information anonymously. This improves the user’s experience when visiting the website.
Marketing cookies – these are used to track visitors to the website. The aim is to serve ads that are relevant, likeable and engaging to the individual user and therefore more valuable to publishers and third-party advertisers.

(5) According to the time in which cookies will be stored on the user’s device:

Temporary – cookies placed during the stay on the site (session). They are deleted when the session is terminated.
Persistent – they remain on the user’s device for a set period of time or without an expiration date until they are deleted.

(6) According to the administrator who manages cookies;

Cookies from the site – they are placed directly by the site owner;
External cookies – these are placed by third parties with the consent of the site owner.

(Such cookies are Google’s, Facebook’s – used for statistics and marketing purposes) cookies and Personal Data

(7) The personal data collected by the cookies may only be used to perform specific functions on the website relating to the user. The personal data is encrypted to prevent access by unauthorised persons.

Deletion of cookies and refusal

(8) If you do not want to allow cookies at all, or only want to use certain cookies, please see your browser settings or the link at the bottom of our site labeled Privacy. From there you will be able to give your consent to certain cookies and you can use your browser settings to withdraw consent to our use of cookies at any time, and to delete cookies already accepted. Your browser’s “Help” section menu or the www.allaboutcookies.org website contains detailed information about the cookie opt-out process for different browsers.

(9) Please note that disabling certain cookies may restrict your access to certain features and pieces of content on our website. Without the necessary cookies, our e-shop cannot function and therefore you cannot use it.

(10) To opt-out of Google Analytics tracking on our websites, use http://tools.google.com/dlpage/gaoptout.

(11) You can find out more about our Cookie Policy here – https://publications.europa.eu/bg/cookies-notice If you wish to opt-out of third party cookies in relation to interest-based advertising, please visit this address – www.youronlinechoices.eu/bg.

X. Dispute Resolution

Art.17. (1) All disputes between Controllers or between the Controller and the data subject may be referred to the Commission for Personal Data Protection (CPDP) for resolution. More information can be found on the website of the CPDP here – https://www.cpdp.bg and on the website of the European Commission and in particular the Data Protection Regulation.

(2) All disputes between the Controller and the data subjects concerning the protection of personal data shall be resolved voluntarily by negotiation between the parties and, if they fail to reach an agreement, shall be settled by the competent Bulgarian courts.

XI. Additional Provisions

Art.18. (1) For the purpose of these rules, the Personal Data Controller is the company “Alpha Life Sciences” Ltd, with UIC: 207614241 with registered office and management address. Sofia, Triaditsa district, Dimitar Manov 75-83.

(2) Correspondence details of the Administrator: e-mail: info@alphalifesciences.bg, tel: +359 882611127

(3) The administrator, as a legal entity offering goods and services in the digital sector, has agreed to adhere to the requirements of the Sector Code of the IAB Bulgaria.

(4) Processing means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

(5) This Privacy Policy is subject to the approval and notification of the persons to whom it applies.

The Privacy Policy was approved on: 03.11.2025.

ANNEX No. 1 on withdrawal of consent for processing purposes

APPENDIX No. 1 to the Personal Data Protection Policy of Alpha Life Sciences Ltd. for the use of the online store https://alphalifesciences.com/

Withdrawal of consent form for processing purposes

Your name: …………………….

Your email address with which you are registered in the online store: …………………….

Contact details (e-mail): …………………….

“Alpha Life Sciences” Ltd; UIC: 207614241;

Registered office and registered address. Registered office and registered address.

Website: https://alphalifesciences.com/

E-mail: info@alphalifesciences.bg

Tel: +359 882611127

I hereby withdraw my consent to the processing of my personal data for the purpose of receiving newsletters, promotional messages or other marketing materials, having read the conditions for withdrawal of consent in accordance with the Mandatory Information on the Rights of Individuals on the Protection of Personal Data of the e-shop policy https://alphalifesciences.com/.

ANNEX No 2 for request for rectification of data

APPENDIX No. 2 to the Personal Data Protection Policy of Alpha Life Sciences Ltd. for the use of the online store https://alphalifesciences.com/

Request for correction of data

Your name: …………………….

Your email address with which you are registered in the online store: …………………….

Contact details (e-mail): …………………….

“Alpha Life Sciences” Ltd; UIC: 207614241;

Registered office and registered address. Registered office and registered address.

Website: https://alphalifesciences.com/

E-mail: info@alphalifesciences.bg

Tel: +359 882611127

I request that the following personal data that you collect, process and store, provided by me or by third parties related to me, be corrected as follows:

Data subject to correction:

………………………………………………………………………………………………………………………………

Please be corrected as follows:

………………………………………………………………………………………………………………………………

ANNEX No. 3 to the request for portability of personal data

APPENDIX No. 3 to the Personal Data Protection Policy of Alpha Life Sciences Ltd. for the use of the online store https://alphalifesciences.com/

Request for portability of personal data

Your name: …………………….

Your email address with which you are registered in the online store: …………………….

Contact details (e-mail): …………………….

“Alpha Life Sciences” Ltd; UIC: 207614241;

Registered office and registered address. Registered office and registered address.

Website: https://alphalifesciences.com/

E-mail: info@alphalifesciences.bg

Tel: +359 882611127

I request that all personal data relating to me that is collected, processed and stored in your databases be sent in a commonly used format to:

E-mail: …………………….

Data Receiving Administrator: …………………….

ANNEX No. 4 for request for anonymisation/deletion of personal data

APPENDIX No. 4 to the Personal Data Protection Policy of Alpha Life Sciences Ltd. for the use of the online store https://alphalifesciences.com/

Request “to be forgotten” – to delete/anonymise personal data relating to me

Your name: …………………….

Your email with which you registered and placed orders in the online store: …………………….

Contact details (e-mail): …………………….

“Alpha Life Sciences” Ltd; UIC: 207614241;

Registered office and registered address. Registered office and registered address.

Website: https://alphalifesciences.com/

E-mail: info@alphalifesciences.bg

Tel: +359 882611127

I request that all personal data that you collect, process and store, provided by me or by third parties who are related to me, according to the indicated identification, be deleted from your databases.

I declare that I am aware that some or all of my personal data may continue to be processed and stored by the controller for the purposes of fulfilling its legal obligations.

Berberine

Berberine Complex

Glucosamine Complex

L-Glutathione

Silky Hug Day Cream

Silky Hug Night Cream

Silky Hug Premium Set

Silky Hug Serum

Protection of personal data

Free delivery to Bulgaria