GDPR and Privacy Policy

GDPR and Privacy Policy

Last revised on May 19, 2018, effective as of May 19, 2018


Notice: never sells personal data and carries out all processing operations in strict compliance with GDPR & European privacy laws. You are in control of Your personal information at all time. values Your Privacy and strives for its services to be safe and enjoyable for everyone. This Policy sets out and explains how collects and processes personal data, the purposes for processing and how We protect it. is committed to the Internet and to its Users. This is why one of its main commitments is to provide the most secure and confidential service possible, ensuring the privacy of Users’ communications and personal data. The aim of this is to make our GDPR & Privacy Policy clear and easy to understand. If you have any questions, please contact us


The database generated from the website and services belongs to C.P.A.P STORE Ltd, with company registration number BG202438857 and headquartered at 9 Tsar Boris III, Petrich 2850, Bulgaria. C.P.A.P STORE Ltd guarantees fulfillment of the data protection conventions, under the terms stipulated in Bulgaria Law. These Rules have been approved and issued under Article 23, paragraph (4) of the Law on Personal Data Protection and Regulation # 1 of February 7th, 2007 relating to the Minimum Level of Technical and Organizational Measures and Required Type of Protection of Personal Data, issued by the Commission for Personal Data Protection, promulgated in State Gazette # 25 of 23.03.2007. As soon as a User has registered on, their personal data, addresses and means of payments(only payment method) are incorporated into database so they may enjoy the services and products of The aim of this is to provide the User with access to and use of and its products and to allow to draw up statistics on those services used and requested by the User, as well as to send out requested service updates.
At any time, Users may exercise their rights of access, rectification, cancellation and opposition to the processing of personal data by sending an email to support(at) or by writing a letter to the above stated CPAP store Ltd address.

Information We Collect

  • Personal identification data: full name, address, phone number, and email address.
  • Financial data: VAT number if applicable.
  • Device-specific data: IP address, Device type and version,
  • Log data: referring URL and domain, pages visited, geographic location, preferred language used to display the webpage, and date and time when website pages were accessed.
  • All Other possible information which is associated with the order and our services.

How We Use the data

  • We use all the provided data to make to aim the order fulfill, promotional information, and all other communication ways in order to support, to send email notifications, to send promotional emails and everything else related of the services and products we provide.


Normally a cookie is set in your browser when submitting a comment. It is a part from this, your own responsibility to delete cookies in your browser
A cookie is a file that is downloaded onto Your device when You access certain webpages. Cookies allow the webpage, among other things, to store and retrieve information about the number of times You visit it, the browser habits of a user or computer and, depending on the information that it contains and the way in which the computer is used, cookies can be used for user recognition. Bear in mind that in order to be able to use certain services and functionalities that We offer on the platform, you will need to have cookies enabled on Your browser.
Most browsers allow You to choose whether to accept cookies or not. If You do not wish to have cookies placed on Your device, please set Your browser preferences to reject all cookies, before accessing
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit
For more info about the cookies make use of, please visit Our Cookie Information page.
Security and Data Center Location primary data and servers are hosted at FastComet data center in Amsterdam (EU). has implemented various measures to ensure that Your information is adequately protected against unauthorized access, use, disclosure and destruction. Please keep in mind that risk can never be eliminated but can be significantly mitigated and reduced. All measures which has taken significantly reduce the risk. shall not be held liable by any Third Party, including You, in any event of unauthorized access, use and/or disclosure of information provided that such is not due to Gross Negligence, willful misconduct, fraud or bad faith by
Security measures adopted by include:

  • access to the information stored within servers is restricted to a limited number of employees (only Manager of the company) and Third Parties who can access the information only in specific and limited circumstances and are bound by confidentiality.
  • servers are protected by (1) firewalls establishing a barrier between Our trusted, secure internal network and the Internet and (2) IP restrictions, limiting access to whitelisted IP addresses.
  • each User may only access information pertaining to its account.
  • we use HTTPS for Services providing secure transfer of data to prevent wiretapping and man-in-the-middle attacks. reviews its information collection and processing practices periodically and will review and amend this Privacy Policy accordingly.

Access and Disclosure does not rent or sell Your information, but we do disclose Your information to a limited set of trusted Third Parties in the situations explained below, for which You, by using Our Services, hereby explicitly consent.

  • we will disclose Your personal information where We are bound to do so, at law or via a court order as well as to meet any legal or regulatory requirement or obligations. We will use all reasonable efforts to ensure that those requirements or obligations are in accordance with Applicable Law.
  • we reserve the right to disclose Your information to any Third Party if We have reasonable information to believe that the disclosure is necessary for the purpose of an investigation and/or for the enforcement of any breaches of the Terms of Service (if applicable), to detect, prevent or otherwise address fraud, security, technical issues or other irregularities or illegalities, protect the rights and interests as well as the property of also works with Third Party providers which provide important functions to us that allow us to provide You a better service, and other business partners. We need to disclose user data to them from time to time so that the services can be performed.
  • We only share information with the Third Party that is required for the service they are offering and contractually bind these providers to keep any information We share with them as confidential and to be used only for particular purposes. For example, amongst others, we have providers that process Our credit card transactions, support Our internal support system, and manage Our marketing communications. By using, You explicitly consent to, and authorize us to sub-contract in this manner.
  • We may revise this Privacy Policy from time to time. The most current version of the policy, found at will govern Our use of Your information collected and processed from
  • We will provide You with advance notice of the modifications via email to the email associated to Your account and You hereby agree that this shall constitute adequate notice in this regard. All changes to this Privacy Policy automatically take effect on the sooner of the day You use the Site and/or Services, after they are initially posted on the Site. Your use of the Site and/or Services following the effective date of any modifications to this Agreement will constitute Your acceptance of the Agreement, as modified.
  • For more information regarding the cookies “click here
  • How to delete the cookies “click here
  • For more information about our cookie policy “click here

Third Parties Companies and what we share with them individually.

Please visit and read about the privacy policy relating to the 3rd party services we use.

  • Facebook
  • twitter
  • instagram
  • google +
  • youtube

Accounting Office

All our transaction invoiced to the user and for each of sale we share the needed data with our accounting office for accounting purposes.


We share with invoice2go your name,address,phone,email,and the ordered products just to have the possibility of the invoice. please check their privacy

Google Analytics

We use GA (Google Analytics) to track how many unique visitors we get and GA do use cookies and they save IP-numbers. The same goes for Google Fonts. You can read more about GA and GDPR here. Regarding Google and how they save user data, our account is set to the minimum which means that user data is saved for 14 months.

  • What is is a mailing system that we use to send emails, updates, news and any promotional information’s to our subscribers, also we use MailChimp platform as a reminder to remind users to act accordingly of the purchase or interesting. Lastly, we have integration that allows MailChimp to track the and link the Cart with the email of potential client that we use in order to send a reminder of the abandoned cart.
  • What we share with the MailChimp: IP address, Geo Location, email, first and last name.
  • How to unsubscribe: in order to unsubscribe just press the “unsubscribe” from bottom of the email. Or send us email to support(at) and we will do the rest for you.
  • You can read more about MailChimp and GDPR here

  • What is is order tracking platform, we adding manually the tracking numbers of our shipments and also as order notification panel that customer could get announced about the location of His/Her Order via email or even by the mobile text message.
  • What we Share: First name last name, order ID, email, phone number. Address of origin address of destination, IP address.
  • Delete the data above: send us an email to support(at) and we will delete all your data from the

Deliveries via Post and TNT courier

  • What is TNT courier and Regular Post: TNT is a global leader as a delivery company, for high value orders we use the TNT as our primary shipment company and for low costs we use regular post.
  • What we share: First and Last names, address, email, phone number and one description of the ordered products.
  • How to delete the data: we use all the data above just to make possible one safe delivery.

OneSignal push notification

  • What is OneSignal push notification: Onesingal is third party services, for push notification and we use their platform to send the notification to our subscribers and you have to MANUALLY subscriber.
  • What we share: Ip address, Device, Country, Language, Activity.
  • How to Delete the subscription:  manually unsubscribe please click here! also read the privacy of onesignal and GDPR

Contact form

All contact forms go directly to our address. No information except for what you provide is being sent or registered. All emails that we receive are, after being answered and resolved, are deleted and no information is kept. What resolved means? Answered refers to me answering your question and thereby considering your initial question being answered and resolved

Payments Gateways

To insure the safety of the very sensitive data we use the most know payment gateways such as, and We do not handle or manage any payment details nor do we keep any payment details on file/ record. When an order is processed and payment is successful, the customer will be re-directed back to our “Thank You” page.

    PayPal requires and account and a linked card in order to procced with the purchase with paypal. All the data is stored on paypal servers and not in our.
    Mollie one of the most trustful company in Europe which is also fully complain with the GDPR and it’s locating in Netherland. They offer a variety of electronic payment ways.
    Skrill is a part PaySafe group and they offer credit card payment gateways.

Governing Law and Dispute Resolution
This Privacy Policy forms an integral part of Our Terms of Service. The Governing Law and Dispute Resolution mechanism found in Our Terms of Service shall also apply to Our Privacy Policy.
Further Information
If you have any questions about our Privacy Policy or our privacy practices, please contact Us.
If You are based in Europe and need standard contractual clauses signed to be able to use, You can use the form below to generate a data processing agreement. Privacy Policy Certification


Please use the form below for any and all queries relating to GDPR and or our site.

Your Name (required)

Your Email (required)

Telephone Number(required)


Your Message