Privacy Policy




 This Privacy Policy is created on the basis of the legal requirements of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and Bulgarian Personal Data Protection Act (amended and supplemented, State Gazette, issue 17 of 26.02.2019), for the purpose of providing all necessary information to  users of the website (the "Website") in connection to collection and processing of their personal data, as data subjects, as well as in connection to their rights. By using the Website and its features, users and representatives of the Buyers agree and explicitly accept their personal data to be collected and processed for the purposes described below.

This Privacy Policy treats the term "user" with the meaning explicitly stated in the General Terms of Use of the Website and the meaning herewith cannot differ from the meaning therein.

This Privacy Policy also applies to individuals acting on behalf of buyers of the Website (with the meaning set out in the General Terms of Use of the Website) when collecting and processing their personal data.


1.1. This Privacy Policy (hereinafter referred to as "the Policy") is made and provided by Desirfurn Ltd, registered under the law of the Republic of Bulgaria under company number: 205436142, with seat and registered office:  10 Apostol KaramitevStr., fl. 5, Office 13, Burgas, 8000, Bulgaria, (hereinafterreferred to as "the Controller" orsimply Desirnfurn) as a personal data controller within the meaning of the Personal Data Protection Act and Regulation (EU) 2016/679.

1.2. In case needed, any user of the Website can contact the Controller by using the following email address:


2.1. The Controller collects, processes, stores, transfers to third parties and deletes personal data of users of the Website, in their capacity of "data subjects" for the purposes of the present Privacy Policy, on thegrounds of set of internal procedures and policies, approved in advance as per national and European personal data protection legislation.

2.2. Below, data subjects shall find information about the whole mechanism of collecting and processing of their personal data, the purposes and legal ground for this, the limitation periods forthe storage of personal data and the rights data subjects have in connection to such processing.


3.1. Desirfurn, with contact details as specified above, is a trader acting as an intermediary between manufacturers and end buyers (for more information see General Terms of Use of the Website), and as such, within the scope of its professional activities, collects and processes personal data, individually and/or jointly with other controllers, personal data processors and/or subcontractors, of all website visitors (data subjects) for the following purposes:

3.1.1. Collection and processing of analytic information about the use of the Website;

3.1.2. Processing of received purchase orders for selected goods offered by the manufacturers through the Website and for the purpose of fulfillment of obligations under contracts concluded in connection to the purchase orders;

3.1.3. Establishing contact and providing customer service, by various means, through contact information provided by the Buyers;

3.1.4. Invoicing of goods purchased through the Website;

3.1.5. Prevention of tax and other types of fraud, money laundering, abuse and any other illegal activities;

3.1.6. Sending information about the products and services offered on the Website;

3.1.7. Personalization of search results on the Website and identification of the data subject for the purpose of making the use of the Website more convenient and easier upon subsequent visit and search, and displaying of content that meets the preferences of the respective user;

3.1.8. Offers for participation in advertising campaigns and customer loyalty programs, whereas information about the best deals available on the Website is sent in a timely manner;

3.1.9. Market researches made with anonymous data. In case use of data that could identify the data subject is required, an explicit consent of the data subjects shall be required in advance.

3.2. Desirfurn collects and processes personal data of its present and potential buyers on the following legal grounds:

3.2.1. Consent - on visiting the Website, as well as in all cases where an explicit consent given by the user is necessary for the fulfillment of a specific purpose within the activity of the Controller. The users have the right to refuse to give their consent or subsequently to withdraw it, but in these cases Desirfurn may not be able to perform certain contract operations. Desirfurn gives opportunity to data subjects to withdraw the given consent at any time, whereas this shall not affect the lawfulness of processing based on consent before its withdrawal.

3.2.2. Legal Obligation - Generally, Desirfurn has no legal obligation to collect and process personal data, but in the event of  necessity, and in all cases when the Controller is obliged to cooperate with state authorities and institutions in connection to the activities performed by the company of the Controller, as well as in some cases arising from the  legislation in force, the controller can use this legal ground for processing.


4.1. For the achievement of the abovementioned purposes of its activity, the Controller collects the following categories of personal data from data subjects:

4.1.1. Analytical and other HTTP header information, cookies (see “Cookie policy” for more information) and other online tools;

4.1.2. Identification data, such as name and surname, contact details, for example telephone and e-mail address, the position occupied by the person, representative of a client – legal entity – for the cases of registration of a client on the Website;

4.1.3. Identification information such as name and surname, contact details, such as telephone and email address of users in case the users submit an online enquiry  through the Website;

4.2. Desirfurn does not collect or process any special categories of personal data (sensitive personal data). In the event that processing of such data becomes necessary for the professional activity of the Controller, Desirfurn shall request your explicit consent for provision of this type of personal data in advance.


5.1. In the course of its business activities Desirfurn provides personal data to the  following categories of recipients:

5.1.1. Personal data processors that process analytical and other information data from HTTP headers, cookies, and other online tools, e.g. Google Analytics, Google AdWords, Facebook Pixel, etc.;

5.1.2. Accountants or external accounting companies used for book keeping of the accounts of the Controller;

5.1.3. Manufacturers who have access to a purchase order made by a customer while processing the purchase order and delivering goods to the client;

5.1.4. Telephone or online operators for direct communication with buyers;

5.1.5. External contractors providing various services through which they can access personal data, for example software support services, hardware maintenance, system administrators and other IT support services.


6.1. Desirfurn does not transfer personal data to third countries or international organizations.

6.2. Should this become necessary for the performance of its activities, the Controller shall comply with all the requirements of Regulation (EU) 2016/679 on the protection of personal data.


7.1. Users’ personal data shall be stored  for no longer than is necessary for the trader to fulfil its obligations, except where the law requires storage for a longer period.

7.2. In case the prescribed storage periods and necessary time for processing and storage of a specific personal data has expired, the said data shall be permanently deleted.

7.3. Some of the storage limitations in this regard are:

7.3.1. Data collected on visiting the Website shall be stored until the consent is withdrawn or until the system records on a webhosting level expire;

7.3.2. In the case of explicitly given consent to processing – storage shall be until consent withdrawal and unless there is another legal ground requiring storage and / or processing for a longer period;

7.3.3. In case of online inquiries sent to the Controller or in case of sent purchase orders – storage period shall be 1 year from the date on which the correspondence was finally closed or from the date of execution of the contract for the purchase order.


8.1. In connection to the collection and processing of personal data, the Controller provides the opportunity of all buyers and users, under certain conditions, to enjoy all the rights, specified exhaustively in details in Regulation (EU) 2016/679, namely:

• Right of Access - according to Art.15 of the Regulation, the data subject shall have the right to obtain from the Controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, to have access to the said data;

• Right to rectification – according to Art. 16 of the Regulation, the data subject has the right to ask the Controller to correct inaccurate personal data relating to him/her;

• Right to erasure (‘right to be forgotten’) - according to Art. 17 of the Regulation, the data subject has the right to request the Controller to delete the personal data related to him/her. The Controller is obliged to delete personal data without undue delay whenever possible;

• Right to restriction of processing - according to Art. 18 of the Regulation, the data subject is entitled to require from the Controller to limit the processing when one of the following applies:

 (a) the accuracy of the personal data is contested by the data subject, for a period enabling the Controller to verify the accuracy of the personal data;

(b) the processing is unlawful but the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

(c) the Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;

• Right to data portability - according to Art. 20 of the Regulation the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to the Controller, in a structured, commonly used and machine readable format and have the right to transmit those data to another controller without hindrance from the Controller to which the personal data have been provided;

• Right to object - pursuant to Art. 21 of the Regulation, the data subject is entitled, at any time and on grounds relating to his particular situation, to object to the processing of personal data concerning him/her. The Controller shall terminate the processing of personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

8.2. For the exercise of the above rights, the data subject shall not pay any charges or fees to the Controller. However, the latter may charge fees where the request is unfounded or excessive or in case it is often repeated.

8.3. The data subject is aware that in order to use the options to register on the Website, as well as to make an online inquiry and order selected goods, he/she must provide a certain set of personal data which the Controller has reduced to the absolute minimum in order to be able to proceed with further communication, provide an adequate response to a request, deliver the purchase goods, etc.

8.4. The data subject agrees that the provision of personal data by him/her is not a mandatory requirement for the purpose of simply visiting the Website, but is obligatory for making an online inquiry through the Website, since without the minimum set of identifying personal data, such as email or address, the Controller will not be able to answer questions or to deliver the ordered items.

8.5. The data subject shall have the right to approach the competent supervisory authority, namely the Commission for Personal Data Protection, at its address: 1592 Sofia, 2 Prof. Tsvetan Lazarov Str., fax: 02/9153 525, email:


9.1. Desirfurn does not use the opportunity for automated decision making, incl. profiling, for its users and potential users. In the event that this becomes necessary for any reason related to the performance of its activity, the Controller is obliged to inform the data subjects thereof in advance. Data subjects, in turn, have the right to object to such processing, where they have reason to do so, when such processing has legal effects on them and thus significantly affects them, incl. when their legitimate interest outweighs that of the data Controller.

9.2. By accepting this Privacy Policy, the Controller hereby declares that collected personal data shall be processed solely for the purposes exhaustively stated above. If the Controller wishes to process this data for purposes different from those for which it was originally collected, the latter must obtain an explicit consent for such processing in advance.