Privacy policy
Privacy Policy
Last updated: 17/05/2026
Thank you for visiting our website. The protection and confidentiality of your personal data is of particular importance for us.
With this policy, we aim to inform you about the processing of personal data that we collect from users and customers of our website (www.moaren.com), hereinafter referred to as “Moarén” or “the website”.
www.moaren.com is a site belonging to the company DESH GROUP Ltd registered under number 207460583 and domiciled at the address Svoboda 41, Sofia,1220, Bulgaria (hereinafter referred to as the “ Data Controller ”).
www.moaren.com is very concerned about the confidentiality of your personal data as Users visiting and browsing our Online Store. This is why we, Online Store www.moaren.com, strive to respect your rights, set out in the General Data Protection Regulation 2017/679 (GDPR), the ePrivacy directives of the European Parliament and the Council and the national data protection laws in Bulgaria.
Article 1 – Definitions
- 1 . “ Personal data ” or “ personal data ”: any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); is deemed to be an “identifiable natural person” a natural person who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more specific elements specific to their physical, physiological, genetic, psychological, economic, cultural or social identity;
- 2. “ processing ” means any operation or set of operations whether or not carried out by automated means and applied to personal data or sets of data, such as collection, recording, organization, processing, structuring, conservation, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of making available, reconciliation or interconnection, limitation, erasure or destruction;
- 3. “ controller ” means the natural or legal person, public authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller may be designated or the specific criteria applicable to its designation may be provided for by the law of the processing party. Union or by the law of a Member State;
- 4. “ processor ” means the natural or legal person, public authority, service or other body which processes personal data on behalf of the controller;
- 5. “ recipient ” means the natural or legal person, public authority, service or other body which receives communication of personal data, whether or not a third party. However, public authorities 4.5.2016 L 119/33 Official Journal of the European Union EN who are likely to receive communication of personal data in the context of a particular fact-finding mission in accordance with Union law or under the law of a Member State are not considered recipients; the processing of these data by the public authorities in question complies with the applicable data protection rules depending on the purposes of the processing;
- 5. “ consent ” of the data subject means any free, specific, informed and unambiguous expression of will by which the data subject accepts, by a declaration or by a clear positive act, that personal data concerning him or her are subject to 'a treatment;
- 6. “ personal data breach ” means a breach of security resulting, accidentally or unlawfully, in the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, stored or processed by another manner, or unauthorized access to such data;
- 7. “ Cookie ”, a cookie is a text file automatically saved in the browser of any User when visiting a website. This text file may contain personal data and/or information relating to the User's navigation.
Article 2 – Purpose
The current Privacy and Cookies Policy (hereinafter the “ Policy ”) aims to define the methods of collection, storage, processing and deletion of personal data (hereinafter “ personal data ”) of any natural person (hereinafter the “Policy”). “ User ”) who, in the context of a strictly personal or domestic activity, simply uses or browses this Online Store.
The Data Controller assures the User that it implements all the necessary means to ensure compliance with the provisions of the General Data Protection Regulation 2017/679 of the European Parliament and of the Council dated April 14, 2016 by ensuring compliance with retention periods, the need to collect the aforementioned personal data, and the confidentiality of the personal data collected (hereinafter the “ Regulation ” or the “ GDPR ”).
Article 3 – User Consent
This Policy must be read and accepted by any User visiting the Online Store. By clicking on the box stating “ read and accepted ” referring to this Policy at the time of arrival on the Online store , the User acknowledges having read and given his free, informed and unambiguous consent to the processing of his personal data.
The User may, at any time, and without justification or prejudice, withdraw their consent to this Privacy and Cookies Policy. The User may exercise his right to withdraw consent to this Policy by notifying the Data Controller at the following email address: info@moaren.com.
This withdrawal of consent will take effect at the time the Data Controller receives notification of the withdrawal of the User's consent.
Article 4 – Data collected
As part of the visit and use of the Online Store, certain personal data of Users may be collected by the Data Controller, in its capacity as Data Controller or by one or more subcontractors acting in the name and for the account of the Data Controller.
1 – Collection means
The User's personal data is collected by the following means:
· When the User communicates them
Either by (1) filling out the billing and delivery address form; (2) by filling out payment information, (3) by filling out the contact form; (4) by creating a personal account on the Publisher's Site or (5) by completing the newsletter registration form.
· By automated collection
When the User browses the Online store, the Data Controller automatically records certain information relating to preferences and use of the Online Store by the User. Cookies are used in particular during the User's navigation on the Online Store to collect this information automatically.
2 – Type of data collected
The personal data that may be collected are:
|
Categories of personal data |
Types of personal data |
|
Information about you |
First name, last name |
|
Contact details |
Email, mobile number |
|
Personal identification |
Personal Identification Number (PIN) or other type of unique identification, required only for invoicing upon request of the customer |
|
Address details |
Billing address, country, city, ZIP and/or postcode |
|
Bank data |
Partial data about your bank account |
|
Purchase history |
Data about orders you have made on the Moaren website |
|
Cookies’ data |
Data collected by Cookies to identify your browser or device |
|
Other data |
Other types of personal information, which you may provide by contacting us and/or making a request / inquiry |
|
Inferences or profile data |
Inferences drawn from any personal data collected about you and used to create a profile reflecting your preferences
|
DESH GROUP Ltd does not collect any special categories of personal data as such are not required for the use of our website and / or for the purchase of products using www.moaren.com. If sensitive categories of personal data are provided by you in the course of your communication with the Company or use of our web site, it will be deleted as soon as possible after the processing of such data is established.
3 – Data recipients
The recipients of personal data are:
- the Data Controller
- internal employees of the Data Controller acting on its behalf
- the subcontractor of the Data Controller in charge of hosting the domain of the Online Store
- any legally or administratively authorized person (judicial authorities for example)
Article 5 – Data processing
1 – Legal bases for processing
The processing of Users’ personal data via the Online Store must necessarily be justified by one of the conditions provided for in Article 6 §1 of the Regulations. In accordance with the Regulations, Users’ personal data will only be processed if one of the following conditions is met:
The User has given consent: the User concerned has consented to the processing of their personal data for one or more specific purposes.
The execution of the contract requires: the processing is necessary for the execution of a contract to which the User concerned is a party or for the execution of pre-contractual measures taken at the User’s request.
Compliance with the law requires: the processing is necessary for compliance with a legal obligation to which the data controller is subject.
A legitimate interest justifies it: the processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless the interests or fundamental freedoms and rights of the User concerned which require data protection prevail. Of a personal nature, in particular when the User concerned is a minor.
2 – Purposes of processing and duration of data retention
In accordance with Article 13 of the Regulation, the reason and duration of storage and processing of personal data must be justified by a valid purpose, in addition to one of the legal bases cited below.
|
Purpose of processing |
Legal basis |
The duration of the conversation |
Archiving |
|
Commercial prospecting by the Editor |
Consent |
3 years from communication by the User |
N / A |
|
Registration of Users to the Publisher's newsletter |
Consent |
3 years from communication by the User |
N / A |
|
Internal statistics of the Publisher, not shared outside the Publisher's company |
Consent |
3 years from communication by the User |
N / A |
|
Management and payment of orders, access to dematerialized content sold and invoicing |
Execution of the contract |
3 years from communication by the User |
5 years |
|
Fraud prevention |
Legitimate interest |
13 months from communication by the User |
5 years |
|
Accounting and tax obligations |
Compliance with the law |
3 years from communication by the User |
7 years |
|
Facilitation of user navigation and promotion of products relating to Customer preferences |
Consent |
13 months from the placing of advertising cookies on the User's browser |
N / A |
Article 6 – Means of data protection
In accordance with Article 5 and Article 32 of the Regulation, the Data Controller is bound by an obligation to guarantee the security of the personal data of Users that it stores and processes.
The Data Controller ensures the maintenance of a register containing all the collected personal data of Users. The Data Controller affirms that it implements all necessary security means to protect the personal data of Users contained in this register and to avoid any violation of the User's personal data.
To do this, the Data Controller affirms that it has undertaken a study of the risks linked to the storage and processing of Users' personal data in order to implement adequate security measures as follows:
– By allowing the pseudonymization and encryption of the User's personal data;
– By implementing means to guarantee the constant confidentiality, integrity, availability and resilience of processing systems and services;
– By implementing means to restore the availability of personal data and access to them within appropriate time frames in the event of a physical or technical incident;
– By guaranteeing the use of a procedure aimed at regularly testing, analyzing and evaluating the effectiveness of technical and organizational measures to ensure the security of the processing.
The Data Controller assures Users that the data it stores and processes is stored within the European Union, in a member state subject to the Regulation.
In the event of a violation of the User's personal data, the Data Controller undertakes to notify the competent supervisory authority of this violation within 72 hours in accordance with Articles 33 and 34 of the Regulation.
Article 7 – Cookies
1 – Purpose of using cookies
As explained above, a cookie is a text file automatically saved in any User's browser when visiting a website. This text file may contain personal data and/or information relating to the User's navigation.
Cookies used on the Online Store have the sole objective of improving your browsing experience as a User. The cookies used facilitate your navigation by memorizing some of your personal data when you access and browse the Online Store. Three types of cookies are used on the Online Store, their purpose varying depending on their type:
- Functional cookies : these cookies allow you to memorize your data entered during authentications or searches carried out on the shop
- Advertising cookies : these cookies make it possible to identify the consumption and search habits and preferences of Users in order to offer them advertising content related to their personal preferences.
- Security cookies : these cookies allow the security of Users' personal data by guaranteeing the encryption of data contained in other cookies.
2 – Cookies used, lifespan, and function
Each cookie used on the Online Store is identifiable by a name. Each cookie has a lifespan, i.e. a period after which it disappears and ceases to be active, forgetting any personal data is stored. Each cookie also has a function, i.e. a utility which justifies its placement on the Online Store.
Here is the list of cookies used on the Online Store with their name, lifespan and function:
|
Cookie name |
Lifetime |
Function |
Supplier |
|
m
|
2 years |
Determines the device used to access the website. This helps format the website accordingly. |
m.stripe.com |
|
__stripe_mid |
1 year |
This cookie is necessary to complete credit card transactions on the website. The service is provided by Stripe.com which allows online transactions without storing credit card information. |
m.stripe.com |
|
__stripe_sid |
1 day |
This cookie is necessary to complete credit card transactions on the website. The service is provided by Stripe.com which allows online transactions without storing credit card information. |
m.stripe.com |
|
elementor |
Persistent |
Used in the context of the WordPress theme of the website. This cookie allows the website owner to implement or modify the content of the website in real time. |
|
|
wc_cart_hash_# |
Persistent |
Allows basket management during navigation on the Site based on the items selected by the User. |
|
|
wc_fragments_# |
Session |
Allows basket management during navigation on the Site based on the items selected by the User. |
|
|
Cookie Consent |
1 year |
Stores the User's cookie consent state for the current domain. |
|
|
o2s-chl |
14 days |
This cookie is used to distinguish humans from robots. |
|
|
_ga_# |
2 years |
Used by Google Analytics to collect data on the number of times a User has visited the website and the dates of the first and most recent visit. |
|
|
_ga |
2 years |
Registers a unique identifier which is used to generate statistical data on how the User uses the website. |
|
|
_gid |
1 day |
Registers a unique identifier which is used to generate statistical data on how the User uses the website. |
www.moaren.com |
|
_gat |
1 day |
Used by Google Analytics to reduce request rate. |
|
|
tk_ai |
5 years |
Records data on User behavior on the website. This data is used for internal analysis and website optimization purposes. |
www.moaren.com |
|
tk_qs |
1 day |
Records data on User behavior on the website. This data is used for internal analysis and website optimization purposes. |
|
|
tk_tc |
Session |
Collection of data about User preferences and behavior on the website – This information is used to make content and advertising more relevant to the specific visitor. |
3 – Manage cookies: activation and deactivation
It is possible for the User to manage Cookies at any time on the browser they use. The User can activate or deactivate them at any time. The ways to manage cookies depend on each browser. To facilitate the management of Users' cookies, below is explanatory help for managing cookies on the main browsers used by Users:
Google Chrome: https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en
Safari: https://support.apple.com/fr-fr/guide/safari/sfri11471/mac
Mozilla Firefox: https://support.mozilla.org/fr/kb/activate-or-deactivate-cookies on-firefox-for-android
Internet Explorer: https://support.microsoft.com/fr-fr/help/17442/windows-internet-explorer-delete-manage-cookies
Article 8 – User Rights
The User has the right to request from the Data Controller access to his personal data, the rectification or erasure thereof, or a limitation of the processing relating to the User concerned, or the right to object to the processing and the right to data portability.
The User has the right to withdraw their consent to the processing of their personal data at any time. This withdrawal of consent will take effect at the time the Data Controller receives notification of the withdrawal of the User's consent.
You can exercise any of the above rights by submitting a formal request to the following address: Svoboda 41, Sofia, 1220, Bulgaria, or email: info@moaren.com. In order to exercise your rights, it is mandatory to establish the identity of the claimant when submitting a request for exercising your rights.
You also have the right to file a complaint with the Bulgarian Commission for Protection of Personal Data when the relevant prerequisites are in place.
Article 9 – Updating this Privacy & Cookies Policy
This policy may be updated periodically to reflect changes in personal data protection legislation and best practices. DESH GROUP Ltd. will notify you of any significant changes to this privacy policy. When we make changes to this policy, we will change the "last updated" date above.