Privacy policy of the NAI-NAI online store

Last updated: [02.05.2025]

1. General provisions

This Privacy Policy (hereinafter referred to as the “Policy”) determines the procedure for collecting, processing, storing and protecting personal data of users who visit or make purchases on the website https://www.nai-nai.com (hereinafter referred to as the “Site”), owned and operated by the following company:
Nai-Nai OOD
EIC: 208006562
Registered office:
Iztok, Tintava Str. 5, entrance 6, apartment 30, Izgrev,
m. Sofia 1113, Capital Community, Sofia (Capital) Region, Bulgaria
Contact e-mail: Valeriia.grankina@gmail.com

This Policy has been drawn up in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 - the General Data Protection Regulation (GDPR).

2. What data we collect

We may collect the following categories of personal data:

  • First and last name;
  • Phone number;
  • Email address;
  • Delivery address (country, city, zip code, street, etc.);
  • IP address;
  • Information automatically collected through cookies;
  • Device and browser information;
  • Behavioral actions on the website (via Google Analytics, Facebook Pixel).

We do not collect or store payment details - payments are processed on the secure servers of the Stripe payment system.

3. Purpose of personal data processing

Personal data is processed for the following purposes:

  • processing and delivery of orders;
  • providing service and customer support;
  • sending notifications about orders;
  • conducting electronic mailings (with the user's consent);
  • website improvement, user experience analytics (Google Analytics);
  • targeting and remarketing (Facebook Pixel - only after consent);
  • compliance with legal obligations.

4. Legal basis for processing

We process your data on the basis of:

  • fulfillment of the contract (placing an order);
  • legitimate interest (analytics, fraud protection);
  • your consent (marketing newsletters, analytical cookies);
  • fulfillment of legal obligations (for example, tax records).

5. Use of cookies and tracking technologies

We use cookies to:

  • Save the selected language and session settings;
  • analytics of interaction with the site;
  • conducting marketing campaigns (with your consent).

Before storing analytical or advertising cookies, we ask for your consent through a banner when you first visit the site.
You can change or withdraw your consent to the use of cookies at any time.

6. Payment processing

All payments on the site are made through the international payment platform Stripe.
We do not have access to or store payment information (card numbers, CVVs, expiration dates, etc.). Stripe acts as a separate controlled party and processes payment data in accordance with its own privacy policy.

7. Transfer of personal data to third parties

We do not sell or share your personal data with third parties, except for:

  • technical partners that ensure the operation of the website (hosting, analytics, email services);
  • Stripe payment system;
  • government agencies - only in cases provided for by law.

All third parties are GDPR compliant and have appropriate agreements with us.

8. Data retention period

We store your personal data:

  • until your account is deleted or you submit a request for deletion;
  • or as long as necessary to fulfill legal obligations (e.g., 5 years for financial statements).

9. Your rights under the GDPR

You have the right:

  • access to their personal data;
  • correct or update them;
  • request deletion (“right to be forgotten”);
  • limit processing;
  • withdraw consent;
  • file a complaint with the supervisory authority (in Bulgaria - the Commission for Personal Data Protection, www.cpdp.bg).

Inquiries can be sent by e-mail: Valeriia.grankina@gmail.com

10. Cross-border data transfer

We may process data on servers located in the EU or other jurisdictions with an adequate level of protection in accordance with the decisions of the European Commission. In case of transfer to third countries, standard contractual clauses (SCC) are used.

11. Data protection

We have implemented technical and organizational measures to protect personal data from:

  • unauthorized access,
  • loss or destruction,
  • alteration or illegal processing.

12. Amendments to the Policy

We may update this Policy from time to time. The updated version will be published on this page with the new date. We recommend that you check the Policy regularly.