1. Identification of “CHEFNOTES” EOOD
“CHEFNOTES” EOOD (hereinafter “CHEFNOTES” or “Administrator”) is a limited liability company, registered under UIC 208291677 in the Commercial Register and the Register of Non-Profit Legal Entities at the Registry Agency, with its seat and registered address: Sofia, Vitosha residential district, 6 Boris Arsov St., entrance A, floor 4, apartment 84.
2. Contact with the Administrator
You can contact the Administrator through one of the following methods: In writing at the address: Sofia, Vitosha residential district, 6 Boris Arsov St., entrance A, floor 4, apartment 84 Via email: [email protected] Website: https://chefnotes.com/
3. Personal Data Processed by the Administrator
The Administrator collects and processes your personal data in connection with your access to and use of the website https://chefnotes.com/, maintained by the Administrator, which represents an online platform for receiving and processing orders/requests for the purchase and delivery of goods, including food products, beverages, and ready meals, as well as upon creation of a personal user account.
Processing Conditions:
Contact with website users, the operation of the online platform https://chefnotes.com/, and order fulfillment are conducted under Article 6, paragraph 1 of Regulation (EU) 2016/679 of the European Parliament and Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “General Data Protection Regulation”).
Additionally, to personalize your preferences for better service, the Administrator may collect and subsequently process certain information about your behavior while browsing the website and using the platform.
The Administrator may store and collect information through cookies and similar technologies in accordance with the Cookie Policy available on the website of the online platform.
The Administrator does not collect or otherwise process sensitive data falling within the special categories of personal data under the General Data Protection Regulation. Furthermore, the Administrator does not wish to collect or process data from minors under the age of 16.
3.1. Personal Data
3.1.1. Automatically Collected Data:
Log Files – When you access https://chefnotes.com/, the Administrator automatically receives information from log files (a set of system data): IP address, browser type and language, ISP, referring and exit pages, operating system, date/time stamp, clickstream data, time spent on the site, and pages visited. This may include the use of cookies – for more details, see the Cookie Policy on https://chefnotes.com/
3.1.2. Data You Provide:
Full name
Postal address, email address, delivery address, location, geolocation
Phone number
Please note: Data required for payments (bank account, card number, dates, or card details) is obtained by the third party handling the payment. The Administrator has no control over nor responsibility for their processing.
3.2. Legal Basis for Processing
The Administrator processes your personal data based on:
a) Article 6(1)(a) – your explicit consent for accessing, browsing the website, communication, account creation, or cookie usage. b) Article 6(1)(b) – for taking steps prior to and fulfilling a contract for deliveries. c) Article 6(1)(c) – for compliance with legal obligations such as accounting and tax laws. d) Article 6(1)(f) – for the legitimate interests of the Administrator to conduct and protect its business (including security measures, fraud prevention, and risk management).
3.3. Purpose of Processing
Your personal data is processed for the following purposes:
Accessing and browsing https://chefnotes.com/
Communicating with users
Account creation and full use of the platform
Execution of the purchase-sale contract, order processing, confirmations, deliveries, billing, and dispute handling
Improving the website and user experience
Complying with accounting and tax regulations
Matching you with the nearest partner/courier, processing payments, providing support and services
3.4. Data Recipients
Your data may be shared with:
a) Competent authorities in accordance with Bulgarian law b) Service providers: legal/tax consultants, accountants, couriers, banks, marketing agencies, insurers, IT vendors, joint marketing partners, platform developer ("SOURCECODE" EOOD), and others related to platform operations c) Product/service providers, stores, restaurants, and fast-food outlets d) Telecommunications service providers
If legally required or necessary to protect legal interests, the Administrator may disclose your data to public bodies. Any third-party access is governed by data protection and confidentiality laws and contracts.
3.5. Retention Periods
a) During the order term and up to 2 months afterward, or up to 5 years in some cases b) For the lifetime of your account – after deletion, data will be erased/anonymized c) Until consent is withdrawn or objections are submitted, depending on cookies/marketing settings d) For longer periods if required by law (e.g. tax or accounting records)
3.6. Data Transfers Outside Bulgaria
The Administrator does not intend to transfer your data outside the EU/EEA. If this occurs, appropriate measures will be taken to protect your rights under data protection laws.
4. Your Rights Regarding Personal Data
You may request the following at any time:
4.1. Correction – If your data is inaccurate or incomplete. 4.2. Deletion – If data is no longer needed, consent is withdrawn, you object to processing, data was processed unlawfully, or required by law. Exceptions apply if data is needed for legal obligations or defense of legal claims. 4.3. Restriction – If accuracy is contested, processing is unlawful but deletion is not desired, data is needed for claims, or pending objection review. 4.4. Objection – If data is processed based on legitimate interest, for direct marketing, or for research/statistics. 4.5. Withdrawal of Consent – Consent can be withdrawn anytime, without affecting prior processing. However, data needed for contract execution and potential disputes will still be processed.
All these rights may be exercised by sending a written request to the Administrator’s address or by email, as provided in section 2.
5. Right to Access Data
You may request confirmation, a copy, or information about your personal data. A reasonable administrative fee may apply for multiple copies.
6. Right to Data Portability
You may receive your personal data in a suitable format and transfer it to another data controller when processed by consent or contract and via automated means. Direct transfer is possible if technically feasible.
7. Right to Complain to a Supervisory Authority
You may lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) if you believe your data is being unlawfully processed or your rights are violated.
CPDP Contact: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd. Email: [email protected] Website: www.cpdp.bg
8. Provision of Personal Data
Providing personal data for ordering and concluding a sales contract through the platform is necessary for executing the contract and your related rights. You are not obliged to provide this data, but failure to do so may prevent contract performance and the Administrator’s legal duties.
Providing data for browsing, using, or contacting the platform is also necessary for full functionality. Refusal may limit or block access and communication with the platform.
9. Use of Automated Decision-Making
For website improvement and personalized service, the Administrator may analyze your activity (e.g. viewed or ordered products). Automated systems may generate tailored content, offers, or ads, significantly influencing your choices.
You may object to decisions based solely on automated processing if they produce legal effects or significantly affect you, unless:
They are necessary for contract performance
Permitted by law with safeguards
Based on your explicit consent
10. Links to Other Websites
The platform may contain links to external websites. You should review their privacy policies separately. This Policy applies only to the Administrator’s activities.
This Privacy Policy is adopted on 05.05.2025 and remains valid until its repeal or amendment is published on https://chefnotes.com/.