Privacy Statement and Personal Data Protection (GDPR)

Version 1.04 - 18.06.2026

1. INFORMATION ABOUT THE DATA CONTROLLER

• Company Name: TF GROUP 2009 Ltd
• UIC: BG205964874
• Registered Office and Business Address: 502, Shop 1, Mladost 1A Residential District, Sofia, Bulgaria
• E-mail: [email protected]
• Telephone: +359 884 829 368

TF GROUP 2009 Ltd processes personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR), the Bulgarian Personal Data Protection Act and all applicable European and Bulgarian legislation.

2. COMPETENT SUPERVISORY AUTHORITY

• Commission for Personal Data Protection
• Address: 2 Prof. Tsvetan Lazarov Blvd. 1592 Sofia Bulgaria
• Website: www.cpdp.bg
• E-mail: [email protected]
• Telephone: +359 2 91 53 518

3. GENERAL PRINCIPLES

TF GROUP 2009 Ltd processes personal data lawfully, fairly and transparently.

We do not sell, rent or disclose your personal data to third parties for their own marketing purposes.

We process only the personal data necessary to fulfil orders, provide services, comply with legal obligations and protect the legitimate interests of the Company.

4. LEGAL BASIS FOR PROCESSING

We process personal data based on one or more of the following legal grounds:

• performance of a contract or taking steps prior to entering into a contract;
• compliance with legal obligations;
• legitimate interests of TF GROUP 2009 Ltd;
• explicit consent of the data subject;
• protection of vital interests of the customer or recipient where applicable.

5. PERSONAL DATA WE COLLECT

When placing an order

• first and last name;
• telephone number;
• e-mail address;
• delivery address;
• city/town;
• postal code;
• information regarding ordered products;
• IP address;
• order history.

When creating a customer account

• first and last name;
• e-mail address;
• telephone number;
• delivery addresses;
• username;
• encrypted password;
• IP address;
• order history.

When issuing an invoice

For individuals:

• name;
• address;
• information required under applicable legislation.

For legal entities:

• company name;
• company registration number (UIC/VAT number where applicable);
• registered address;
• contact person;
• delivery details.

6. DATA OF GIFT RECIPIENTS AND DELIVERY RECIPIENTS

The nature of Top Flowers' business requires the processing of personal data relating to individuals who are not our direct customers but are recipients of gifts, bouquets and other products ordered by third parties.

In such cases, we process only the information provided by the sender that is necessary to complete the delivery:

• recipient's name;
• telephone number;
• delivery address;
• city/town;
• postal code.

Such information is used solely for delivery purposes and is not used for marketing activities.

7. PURPOSES OF PROCESSING

We process personal data for the following purposes:

• receiving and processing orders;
• preparing ordered products;
• organising deliveries;
• communication with customers and recipients;
• issuing accounting and tax documents;
• handling complaints and customer service requests;
• compliance with legal obligations;
• fraud prevention and abuse detection;
• improving service quality;
• marketing communications where a valid legal basis exists.

8. MARKETING COMMUNICATIONS

Marketing communications, newsletters, promotional offers and other advertising materials are sent only where a legal basis or valid consent exists.

Users may unsubscribe at any time using the available unsubscribe mechanisms or by contacting us directly.

9. WHO MAY HAVE ACCESS TO YOUR DATA

In connection with our business activities, we may share personal data with:

• courier service providers;
• payment service providers;
• accounting and auditing service providers;
• hosting providers;
• software service providers;
• analytics and marketing service providers;
• public authorities and institutions where legally required.

All such partners are required to maintain an appropriate level of personal data protection.

10. INTERNATIONAL DATA TRANSFERS

Certain services used by TF GROUP 2009 Ltd may involve processing personal data outside the European Union.

Where such transfers occur, appropriate safeguards are implemented in accordance with GDPR requirements, including Standard Contractual Clauses, adequacy decisions or other legally recognised transfer mechanisms.

11. COOKIES AND ANALYTICAL TOOLS

Our website uses cookies and similar technologies for:

• proper website functionality;
• security purposes;
• traffic analysis;
• improving user experience;
• measuring advertising campaign effectiveness.

Detailed information is available in our Cookie Policy.

12. DATA RETENTION PERIODS

Personal data is retained only for as long as necessary for the purposes for which it was collected.

Specifically:

• accounting documents and order-related records - up to 10 years;
• customer accounts - until account deletion or up to 5 years of inactivity;
• marketing consents - until withdrawn;
• technical logs and security-related records - up to 12 months;
• complaint-related data - until completion of the complaint procedure and expiration of applicable legal limitation periods.

13. SECURITY OF PERSONAL DATA

TF GROUP 2009 Ltd implements appropriate technical and organisational measures to protect personal data, including:

• restricted access to information;
• encrypted communications;
• access control procedures;
• protection against unauthorised access;
• periodic review of security measures.

14. YOUR RIGHTS

You have the right to:

• access your personal data;
• rectify inaccurate personal data;
• request erasure ("right to be forgotten") where applicable;
• request restriction of processing;
• receive your data in a portable format;
• object to processing;
• withdraw consent at any time;
• lodge a complaint with the Commission for Personal Data Protection or another competent supervisory authority.

15. EXERCISING YOUR RIGHTS

To exercise your rights, please contact us at:

E-mail:
[email protected]

Telephone:
+359 884 829 368

Requests are reviewed and processed within 30 days of receipt unless a different period is required by law.

For security purposes, we may request additional identification before fulfilling your request.

16. RELATIONSHIP WITH THE TERMS AND CONDITIONS

Where personal data is processed in connection with orders, deliveries, complaints, withdrawal requests or other customer-related matters, the applicable Terms and Conditions of www.top-flowers.com shall also apply.

17. POLICY UPDATES

TF GROUP 2009 Ltd reserves the right to update this Privacy Policy whenever required due to changes in legislation, technology or data processing activities.

The most current version will always be available on www.top-flowers.com.

18. CONTACT DETAILS

• TF GROUP 2009 Ltd
• Address:502, Shop 1, Mladost 1A Residential District, Sofia, Bulgaria
• Telephone: +359 884 829 368
• E-mail: [email protected]
• Website: www.top-flowers.com