EU Regulation 2016/679 on the Protection of Personal Data

and Privacy Policy for the Protection of Data

Obligatory information for data protection of personal data

KIKA GROUP Ltd (hereinafter KIKA GROUP) is delighted to find out about your visits on our website and social media networks. A huge ‘Thank you’ for your interest in our company and products.

The privacy of our website visitors is an inextricable part of our corporate policy and we are committed to safeguarding it. We process the data, collected during your visit on our webpage for marketing purposes in accordance with the European Regulation 2016/679 on the Protection of Personal Data (hereinafter GDPR).

Consenting to our use of cookies in accordance with the terms of this policy when you first visit our website permits us to use cookies every time you visit our website.

The information is provided by the data administrator:

Administrator: KIKA GROUP LTD,

Unified Identification Code (UIC) 203763896, having its registered office and registered address: Plovdiv, 121 Vasil Levski Str.

The administrator company is incorporated under the laws of the Republic of Bulgaria and you can contact us as follows:

Address: 121 Plovdiv, Vasil Levski Str

Contact phone: 032 515151


KIKA GROUP LTD through the site (hereafter “Administrator”) carries out its business activity in accordance with the EU Regulation on the Protection of Personal Data 2016/679 as of April 27, 2016, on the protection of natural persons in connection with the collecting of personal data and on the processing of such data. The information you need is intended to inform you of all aspects of your personal data processing and handling that you may have in this connection.



  1. 1. Collection, processing and usage of personal data

1.1. Processed data categories:

  • Communication data (e.g. name, telephone number, e-mail address, address, IP address) are processed.

1.2. Principles

Personal data consists of all information related to an identified or identifiable natural person, this includes, e.g. names, addresses, phone numbers, email addresses, contractual master data, contract accounting and payment data, which is an expression of a person’s identity.

We collect, process and use personal data (including IP addresses) only when there is either a statutory legal basis to do so or if you have given your consent to the processing or use of personal data concerning this matter, e.g. by means of registration.

1.3. Processing purposes and legal bases

We as well as the service providers commissioned by us, process your personal data for the following processing purposes:

  • Provision of this online offer
    Legal basis: Justified interest in direct marketing on our part, as long as this is carried out in compliance with data protection regulations and competition law regulations
  • In reply to user inquiries in the framework of a contact form
    Legal basis: Justified interest in direct marketing on our part and in the enhancement of our products and services, as long as this is carried out in compliance with data protection regulations and competition law regulations resp. contractual performance resp. consent
  • Determination of malfunctions and for safety reasons
    Legal basis: Fulfilment of our legal obligations in the field of data security and predominantly, justified interest in the rectification of malfunctions and the security of our offers.
  • Our own advertising as well as market research and reach measurement in accordance with the legally permissible extent resp. consent-based
    Legal basis: Consent or predominantly, justified interest in direct marketing on our part, as long as this is carried out in compliance with data protection regulations and competition law regulations.
  • Safeguarding and defending our rights
    Legal basis: Justified interest on our part in the assertion and defense of our rights.

1.4. Log files

Each time you use the internet, your browser is transmitting certain information which we store in so-called log files.

We store log files to determine service disruptions and for security reasons (e.g., to investigate attack attempts) for a short period of time and delete them afterward. Log files that need to be maintained for evidence purposes are excluded from deletion until the respective incident is resolved and may, on a case-by-case basis, be passed on to investigating authorities.

Log files are also used for analytical purposes (without or without the complete IP address) for our own and advertising as well as market research and reach measurement in accordance with the legally permissible extent resp. consent-based.

The following information, in particular, is stored in the log files:

  • IP address (Internet protocol address) of the end device from which the online offer is accessed;
  • Internet address of the website from where the online offer has been accessed (so-called origin or referrer URL);
  • Name of the service provider through which access to the online offer is achieved;
  • Name of the retrieved files or information;
  • Date and time as well as the duration of the access;
  • Transferred data volume;
  • Operating system and information on the Internet browser used, including add-ons (e.g. for the flash player);
  • http status code (e.g. “Inquiry successful” or “Requested file not found”).
  1. 2. Transfer of data

2.1. Data transfer to other controllers

Principally, your personal data is forwarded to other controllers only if required for the fulfillment of a contractual obligation, or if we ourselves, or a third party, have a legitimate interest in the data transfer, or if you have given your consent. Particulars on the legal basis and the recipients or categories of recipients can be found in the section “Processing purposes and legal bases”.

Additionally, data may be transferred to other controllers when we are obliged to do so due to statutory regulations or enforceable administrative or judicial orders.

2.1.1. Transfer of data to service providers

We involve external service providers with tasks such as sales and marketing services, contract management, payment handling, programming, data hosting and hotline services. We have chosen those service providers carefully and monitor them on a regular basis, especially regarding their diligent handling of and protection of the data that they store. All service providers are obliged to maintain confidentiality and to comply with the statutory provisions.

2.2. Duration of storage; retention periods

Principally, we store your data for as long as it is necessary to render our Online Offers and connected services or for as long as we have a legitimate interest in storing the data (e.g. we might still have a legitimate interest in postal mail marketing after fulfillment of our contractual obligations). In all other cases we delete your personal data with the exception of data we are obliged to store for the fulfillment of legal obligations (e.g. due to retention periods under the tax and commercial codes we are obliged to have documents such as contracts and invoices available for a certain period of time).

  1. External links

Our Online Offers may contain links to internet pages of third parties, in particular providers who are not related to us. Upon clicking on the link, we have no influence on the collecting, processing and use of personal data possibly transmitted by clicking on the link to the third party (such as the IP address or the URL of the site on which the link is located) as the conduct of third parties is naturally beyond our control. We do not assume responsibility for the processing of personal data by third parties.

  1. 4. Security

Our employees and the companies providing services on our behalf are obliged to confidentiality and to compliance with the applicable data protection laws.

We take all necessary technical and organizational measures to ensure an appropriate level of security and to protect your data that are administrated by us especially from the risks of unintended or unlawful destruction, manipulation, loss, change or unauthorized disclosure or unauthorized access. Our security measures are, pursuant to technological progress, constantly being improved.

  1. 5. User rights

To enforce your rights, please use the details provided in the “Contact” section (see below). In doing so, please ensure that an unambiguous identification of your person is possible.

5.1. Right to information and disclosure

You have the right to obtain information from us concerning the processing of your data. For this purpose, you can enforce a right to information in relation to the personal information that we process from you.

5.2. Right of rectification and deletion

You can demand from us the rectification of false data and – insofar as the legal prerequisites are fulfilled – the completion or deletion of your data. This does not apply to data that is subject to the statutory retention obligation. Insofar as access to such data is not required, the processing thereof will be restricted (see below).

5.3. Restriction of processing

You can demand from us the restriction of the processing of your data insofar as the legal prerequisites are fulfilled.

5.4. Right of objection

5.4.1. Objection to data processing based on the legal basis of “legitimate interest”

In addition, you have the right to object to the processing of your personal data at any time, insofar as this is based on “legitimate interest”. We will then terminate the processing of your data unless we demonstrate compelling legitimate grounds according to legal requirements which override your rights.

5.4.2. Objection to direct marketing

Additionally, you may object to the processing of your personal data for direct marketing purposes at any time. Please take into account that due to organizational reasons, there might be an overlap between your objection and the usage of your data within the scope of a campaign that is already running.

6.5. Withdrawal of consent

In case you consented to the processing of your data, you have the right to revoke this consent at any time with effect for the future. The lawfulness of data processing prior to your withdrawal remains unchanged.

6.6. Right to appeal to the supervisory authority


You have the right to submit an appeal to a data protection supervisory authority. For this purpose, you can refer to the data protection supervisory authority, which is competent for our group or to the data protection supervisory authority which is competent for your place of residence. This is:

Commission for Personal Data Protection
Address: 2 Prof. Tsvetan Lazarov Bvd, 1592 Sofia

  1. 6. Change of the data protection notice

We reserve the right to make modifications to our security and data protection measures, insofar as this is necessary due to the technical development. In these cases, we will also adapt our data protection notice accordingly. Therefore, please note the currently valid version of our data protection notice.

  1. 7. Contact

If you wish to contact us, please find us at the address stated in the “Controller” section.

To notify data protection incidents please use the following link.

For suggestions and complaints regarding the processing of your personal data, we recommend that you contact us by email at