Privacy policy

Last updated: April 14, 2026

1. Who We Are

This website, Omayna, is operated by Teoma Ltd., a company registered in the Republic of Bulgaria, with registered office at zh.k. Krasna polyana II, bl. 28, vh. A, et. 7, ap. 19, Sofia 1330, UIC 208493383.

For the purposes of applicable data protection legislation, including the General Data Protection Regulation (EU) 2016/679 ("GDPR"), we act as the data controller of your personal data.

If you have any questions regarding this Privacy Policy or the processing of your personal data, including exercising your GDPR rights, you may contact us at:

Email: contact@omayna.eu
Postal address: zh.k. Krasna polyana II, bl. 28, vh. A, et. 7, ap. 19, Sofia 1330, Bulgaria

2. What Personal Data We Collect

We may collect and process the following categories of personal data:

Information you provide directly:

  • Name
  • Billing and shipping address
  • Email address
  • Phone number
  • Order details
  • Information included in custom order requests
  • Messages sent through our contact form

Customised and Personalised Orders

If you request a customised or personalised product, we process the information you provide solely for the purpose of manufacturing and fulfilling your order.

Such information is not used for marketing purposes and is not shared beyond what is necessary to complete the production and delivery of the product.

Digital files and production-related materials containing personalisation details are deleted after the order is completed, unless retention is required by law or necessary to resolve a dispute.

Payment information:

Payments are processed securely by third-party payment providers. We do not store full credit or debit card details.

Automatically collected information:

  • IP address
  • Browser type
  • Device information
  • Website usage data
  • Cookies and similar technologies

3. Legal Basis for Processing (GDPR)

We process your personal data on the following legal grounds:

Performance of a contract
- to process and deliver your order
- to manage payments
- to handle returns and customer support

Legal obligation
- to comply with accounting and tax regulations

Legitimate interest
- to improve our website and services
- to prevent fraud
- to respond to enquiries

Marketing, Abandoned Carts & Targeted Advertising
This may include sending reminder emails regarding incomplete purchases (abandoned carts), where permitted by applicable law and where you have provided your contact details during the checkout process and have not objected to such communication.

Consent (where applicable)
- for marketing communications
- for optional cookies

You may withdraw your consent at any time.

4. How We Use Your Data

We use your personal data to:

  • Process and deliver orders
  • Respond to enquiries and custom requests
  • Provide customer support
  • Manage returns and refunds
  • Improve website functionality
  • Fraud prevention and automated processing - detect and prevent fraudulent transactions using fraud prevention tools provided by Shopify and payment service providers. These tools may involve automated risk analysis; however, no solely automated decision producing legal effects is made without the possibility of human review.
  • Comply with legal obligations
  • To send marketing communications where you have provided consent, including newsletters and promotional offers.

We do not sell your personal data.

Automated Decision-Making

Some service providers used by our website (including payment processors and fraud prevention systems) may apply automated tools to assess transactions and detect potentially fraudulent activity.

These tools may involve automated analysis of certain data such as IP address, device information, transaction history, or payment behaviour.

Such processing is used solely for fraud prevention and security purposes and does not produce legal effects concerning you without the possibility of human review.

5. Sharing of Personal Data

We may share your data with:

  • Shopify (our e-commerce platform provider)
  • Payment service providers
  • Shipping and courier companies
  • IT and hosting providers
  • Accountants or legal advisors where required by law
  • Advertising and analytics partners, including providers of marketing and tracking technologies (such as Meta, Google and similar platforms), where you have given consent to the use of marketing cookies.

All third parties process personal data in accordance with GDPR requirements and only for the purposes necessary to provide their services.

Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of such websites. We encourage users to review the privacy policies of any external sites they visit.

6. International Transfers

Some of our service providers, including Shopify, payment processors, marketing and analytics providers, may process personal data outside the European Economic Area (EEA) or the United Kingdom.

Where personal data is transferred outside the EEA or UK, we ensure that appropriate safeguards are in place in accordance with GDPR. These may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Participation in the EU-US Data Privacy Framework (where applicable);
  • Other legally recognised transfer mechanisms.

You may request further information about the safeguards applied to international transfers by contacting us.

7. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected and in accordance with applicable legal requirements.

In particular:

  • Order and invoicing data are retained for 10 years, in accordance with Bulgarian accounting and tax legislation.
  • Data relating to complaints, returns and warranty claims are retained for 3 years following the final resolution of the case.
  • Data submitted through the contact form or general enquiries are retained for up to 12 months, unless a contractual relationship is established.
  • Data relating to customised or personalised orders are retained until completion of the order and for up to 12 months thereafter, unless longer retention is required by law.
  • Marketing data are retained until you withdraw your consent or object to processing.

After the applicable retention period expires, personal data are securely deleted or anonymised.

8. Your Rights (EEA & UK Residents)

Under GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Request deletion ("right to be forgotten")
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent at any time

You also have the right to lodge a complaint with your local data protection authority.

In Bulgaria, this is:

Commission for Personal Data Protection
https://www.cpdp.bg

9. Cookies

Our website uses cookies and similar technologies to ensure proper functionality and improve user experience.

For detailed information, please see our Cookie Policy.

10. Security

We take appropriate technical and organisational measures to protect your personal data. However, no system can guarantee complete security.

11. Children’s Data

This website is not intended for children under 16 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a revised "Last updated" date.