Privacy and Cookie Policy
Effective from: 1 April 2026
1. Introduction
Welcome to Eco Supplements. Your privacy is important to us. Eco Supplements Ltd. is committed to protecting your personal data and processing it in accordance with applicable data protection legislation, including the EU General Data Protection Regulation (GDPR) 2016/679.
This policy describes how we collect, use, and protect information, as well as how we use cookies, when you use our website and services.
Data Controller
Eco Supplements Ltd.
14 Antim I Street
1303 Sofia, Bulgaria
Registration number (EIK/UIC/TIN): 207958071
VAT number: BG207958071
Email: support@ecosupplements.eu
Phone: +46 720 251 636
2. What personal data we collect
We collect information necessary for delivering our products and improving our services:
- Identification and contact data: name, delivery and billing address, email address, phone number.
- Order and transaction data: products purchased, order history, payment status. Payment data is processed by our payment partners and is not stored by us.
- Website usage data: IP address, browser type, pages visited, timestamps, and device information.
- Cookies and tracking technologies: we use cookies and similar technologies to improve functionality, analyse traffic, and display relevant advertising.
3. Legal basis for processing
We process your personal data based on the following legal grounds under the GDPR:
- Contract (Article 6(1)(b)): processing and delivery of your order.
- Legal obligation (Article 6(1)(c)): compliance with accounting and tax obligations under applicable law.
- Legitimate interest (Article 6(1)(f)): improving our website, preventing fraud, and managing customer service.
- Consent (Article 6(1)(a)): sending newsletters, marketing communications, and certain cookies.
4. How we use your personal data
We use the information collected to:
- process and deliver orders,
- manage payments and deliveries,
- provide customer support,
- send order confirmations and delivery information,
- send newsletters if you have given your consent,
- analyse traffic and improve the website,
- comply with legal obligations.
5. Third parties and service providers
To provide our services, we share certain information with trusted third parties:
- Payment partners: Mollie B.V. (processing of card, PayPal, Klarna payments). Payment data is processed directly by the payment partners.
- Delivery partner: DPD and other logistics partners for the delivery of orders.
- Warehouse / fulfilment: Dextrum CZ Fulfillment, Kirilovova 181, 739 21 Paskov, Czech Republic.
- Hosting: Kinsta (servers within the EU).
- Analytics and marketing: Google Analytics, Google Tag Manager, and Meta Pixel.
- Affiliate marketing: CJ Affiliate (cj.com).
These providers process personal data only in accordance with our instructions and applicable data protection legislation.
6. International transfers of personal data
Our company is established in Bulgaria, an EU Member State. All processing takes place within the EU/EEA or with countries that ensure an adequate level of protection in accordance with the GDPR. Transfers of data outside the EU/EEA are protected by Standard Contractual Clauses (SCCs) approved by the European Commission.
7. Retention of personal data
We retain your personal data only for as long as necessary for the purposes for which it was collected:
- Order and billing data: retained for up to 10 years in accordance with Bulgarian accounting law.
- Customer account data: retained for as long as the account is active.
- Marketing data: retained until consent is withdrawn.
- Cookies and analytics data: depending on the settings of specific tools, generally 1 to 2 years.
8. Cookies
We use cookies and similar technologies to improve functionality, analyse traffic, and display relevant advertising. We use a cookie consent management system that allows you to choose which cookies you accept.
Types of cookies we use:
- Necessary cookies: essential for the operation of the website (cart, login).
- Analytics cookies: Google Analytics for traffic analysis.
- Marketing cookies: Google Tag Manager, Meta Pixel for targeted advertising.
- Affiliate cookies: CJ Affiliate for affiliate marketing tracking.
Overview of cookies used
| Name / Provider | Type | Purpose | Duration |
|---|---|---|---|
| _ga / Google Analytics | Analytics | Distinguishes users for visit statistics | 2 years |
| _ga_* / Google Analytics | Analytics | Stores session state for Google Analytics 4 | 2 years |
| _fbp / Meta Pixel | Marketing | Conversion tracking and ad targeting on Facebook/Instagram | 3 months |
| _fbc / Meta Pixel | Marketing | Stores clicks on Facebook ads | 2 years |
| CJ Affiliate | Marketing | Affiliate tracking and conversion measurement | 30 days |
| woocommerce_cart_hash | Necessary | Tracks the contents of the shopping cart | Session |
| woocommerce_items_in_cart | Necessary | Indicates whether the cart contains products | Session |
| wp_woocommerce_session_* | Necessary | Maintains the customer session (cart, checkout) | 2 days |
| wordpress_logged_in_* / wp-settings-* | Necessary | Authentication of logged-in user | Session / 1 year |
| cookie_consent / YesCookies | Necessary | Stores your cookie preferences | 1 year |
| _gtm_* / Google Tag Manager | Analytics/Marketing | Manages tracking scripts and marketing tags | Per tag |
Managing and withdrawing consent
You can change or withdraw your consent at any time:
- By clicking the Cookie Settings button in the footer of our website.
- By changing your browser settings – instructions can be found in your browser’s help section.
Withdrawing consent does not affect the lawfulness of processing carried out before the withdrawal. Please note that blocking certain cookies may affect the functionality of the website.
9. Your rights
Under the GDPR, you have the right to:
- request access to your personal data,
- request rectification of inaccurate data,
- request erasure of your data (“right to be forgotten”),
- object to the processing of your data,
- request restriction of processing,
- request data portability.
You can exercise your rights by email to support@ecosupplements.eu. We process requests within 30 days.
You also have the right to lodge a complaint with the supervisory authority. In Ireland, the competent authority is:
Data Protection Commission (DPC)
21 Fitzwilliam Square South, Dublin 2, D02 RD28
www.dataprotection.ie
10. Security of personal data
We implement technical and organisational measures to protect your personal data against unauthorised access, loss, or destruction. All communications are encrypted via the SSL/TLS protocol. Access to personal data is limited to authorised persons.
11. Changes to this policy
We may update this Privacy and Cookie Policy as necessary. The most recent version is always available on this page. The effective date is indicated in the document header.
12. Contact
If you have any questions about this policy or how we process personal data, please contact us:
Eco Supplements Ltd.
14 Antim I Street, 1303 Sofia, Bulgaria
Email: support@ecosupplements.eu
Phone: +46 720 251 636
This policy forms part of our Terms and Conditions, available on the corresponding page of the online shop.
