top of page

Leona Lilian" EOOD, EIK 204832936, ("Leona Lilian", "Company", "We") is a personal data controller within the meaning of Regulation (EU) 2016/679 (GDPR, Regulation) and the applicable legislation. We strive to comply with the highest applicable standards and established good practices in the processing of personal data. The competent leading supervisory authority regarding the protection of personal data processed by Leona Lilian is the Personal Data Protection Commission of the Republic of Bulgaria.


This Policy aims to familiarize you with the type of information we collect for you as our customers, partners and contractors, the purposes for which it is used, the basis for its collection and processing, the conditions for its storage in any form - oral, written or electronic, as well as the security measures implemented by the Company in relation to your personal data.

Who are we?

If you have questions about this Policy, wish to exercise any of your rights set out in the "Your Rights" section below, or have doubts that your personal data may be processed in violation of the Regulation or your expressed preferences / consents , you can contact us at the following contacts:

"Leona Lilian" EOOD

EIK 204832936

Phone: +359898447437


Contact person: Lilian Foteva

How to contact us?

When processing personal data, the Company strictly observes the following principles:

  • Personal data is processed lawfully, in good faith and in a transparent manner;

  • Personal data are collected for specific, explicitly stated and legitimate purposes and are not further processed in a manner incompatible with these purposes;

  • Personal data are relevant, relevant and limited to what is necessary in relation to the purposes for which they are processed;

  • Personal data are accurate and, if necessary, kept up-to-date;

  • Personal data are stored in a form that allows the identification of the data subject for a period no longer than is necessary for the purposes for which the personal data are processed;

  • Personal data is processed in a way that ensures an appropriate level of personal data security.

What are the principles for processing personal data?

„Personal Data“ means any information relating to an identified natural person or a natural person who can be identified directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics, specific to that natural person's physical, physiological, genetic, mental, economic, cultural or social identity;

„Special categories of personal data“ are personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the sole purpose of identifying a natural person, health data status or data about the sex life or sexual orientation of the natural person;

„Data subject“ means a natural person who can be identified directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or by one or more characteristics specific to the physical, physiological, genetic, the psychic, mental, economic, cultural or social identity of that natural person;

„Administrator“ of personal data is a natural or legal person, state body or local self-government body, which alone or jointly with another person determines the purposes and means of processing personal data;

„Processor“ of personal data is a natural or legal person, public authority or local authority that processes personal data on behalf of the controller of personal data. The relationship between the administrator and the processor of personal data is governed by a legal act, a written contract or another act of the administrator, in which the volume of obligations assigned by the administrator to the data processor is determined;

„Processing“ is any operation or set of operations performed on personal data, whether by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, dissemination or other way in which the data is made available, arranged or combined, restricted, deleted or destroyed

„Third party“ means a natural or legal person, public body, agency or other body other than the data subject, the controller, the personal data processor and the persons who, under the direct supervision of the controller or the personal data processor, have the right to process the personal data;

„Consent of the data subject“ means any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or a clear affirmative action, which expresses his consent for the personal data relating to him to be processed;

„Profiling“ means any form of automated processing of personal data consisting in the use of personal data to assess certain personal aspects related to a natural person, and more specifically to analyze or predict aspects related to the performance of professional duties that individual's economic status, health, personal preferences, interests, reliability, conduct, location or movement;

„Breach of personal data security“ means an action / circumstance that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed;

„Applicable legislation” means the legislation of the European Union and the Republic of Bulgaria, which is relevant to the protection of personal data (Law on the Protection of Personal Data, LLDP, etc.); 

„Regulation (EU) 2016/679“ 

means Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and on Repeal of Directive 95/46/EC (General Data Protection Regulation), published in the Official Journal of the European Union on May 4, 2016.

What are personal data and concepts related to them?

Leona Lilian mainly processes personal data that you provide us voluntarily, for example, in the course of fulfilling contracts/orders in connection with our activity as a supplier of cosmetic services and cosmetic products, registration for participation in games / raffles / campaigns organized by us, visiting and registering on our websites, sending requests / inquiries, booking appointments for cosmetic services, etc.


We may also receive information containing your personal data from our current or potential business partners, suppliers and intermediaries in the supply chain of cosmetic products or from public records, as well as from others in connection with games / raffles / organized by us campaigns.

What are personal data and concepts related to them?

Representatives, contact persons and employees of customers, partners and suppliers of Leona Lillian cosmetic products

We usually receive your personal data from your employer or from you personally when it is necessary to prepare, conclude or perform a contract with them or enter into a commercial relationship. For example, it is possible that you are named as a legal representative or contact person in a contract or in commercial correspondence in connection with the conclusion, execution or termination of a contract for the supply of cosmetic products, making an offer, resolving commercial disputes and the like. We process this data to fulfill our contractual and legal obligations, as well as on the basis of your voluntary consent when contacting us..

Visitors to and other websites we may maintain

The information we collect about you on our website usually depends on the purpose of your visit and the functionality you use. Some of the functionalities do not require registration, allowing you to visit our website without us being able to identify you, for example access to the database of cosmetic products provided by us. However, some functionalities require that you provide us with personal data, for example, when registering your account, in order to be able to reserve online appointments for the provision of cosmetic services or our online contact form. In these cases, the information required would include, but not be limited to: name, date of birth, email address, telephone number, address (for product delivery).


We collect this information based on your consent to provide it and in order to provide you with our service or product and/or respond to your inquiry regarding the services and/or products we offer. Depending on the information you have filled in, it is possible for the same to be processed to establish and exercise rights in connection with a potential or arising dispute with you, arising from complaints, claims or complaints made.


When you visit our website, we collect information about your IP address and cookies in order to determine the traffic of our website and improve the service. In order to achieve this goal, when you enter our website, you will be asked to provide or refuse to provide your consent for us to save cookies on your device. More information can be found in our Cookie Policy.

Participants in games / raffles / campaigns held on our sites, Facebook and Instagram profiles

If you wish to participate in games (including by placing a comment on your part under a post on our official page) organized and conducted by Leona Lilian, you voluntarily provide your personal data such as names, email address, telephone, delivery address of the prize won, or your Facebook and Instagram profile, through which you identify yourself for the purposes of the game being held. We process this data on the basis of your voluntarily demonstrated consent to participate in the game, fulfilling the conditions of participation and our interest in establishing and exercising our rights in relation to a potential or arising dispute with you. The purposes for which we need your data are limited to your registration to participate in our games, the opportunity to contact you and notify you in the event that you win and to send you your prize or to inform you about the service you have won with subsequent instructions for its use, as well as for the purpose of announcing the winners and guaranteeing transparency and equality of all participants.

Visitors to the territory of Leona Lillian sites 

When visiting our beauty salons and/or offices and areas for common use, your visit will be registered with technical means that have been put in place to ensure security, protect the Company's property and the physical integrity of its employees, protect employees and visitors, as well as controlling the access of our employees and other visitors to the premises.

Employees of Leona Lillian 

As our current and former employees, we process your personal data, including special categories of personal data related to an employment or civil relationship, or data of job applicants. We process this data for the purpose of fulfilling our legal obligations in the field of labor and social legislation and the obligations assumed towards you by signing an employment or civil contract.

What information do we collect about you?

Leona Lilian stores your personal data in electronic (server and cloud systems) and hard copy. The company stores the various types of personal data contained in various documents for a strictly defined period of time. The specified storage periods are always in accordance with the purposes for which the personal data is processed.


For example, accounting and related documents that are an essential part of them (e.g. annexes), as well as documents that concern and contain accounting information, are stored for a maximum period of 10 years, starting from January 1 of the year following the year , in which the relevant contract is terminated. The storage terms are described in the Company's internal Document Storage and Destruction Policy.

Your contact details, used solely for sending information, will be stored until you withdraw your consent to receive emails from us.


The videos are stored for 2 months.

Storage of your personal data?

Leona Lilian respects and protects the privacy of your personal data. In compliance with the legal requirements, it is possible for the Company to disclose your personal data to the following persons:

- When performing contracts for the provision of cosmetic services, we do not provide your personal data to third parties, but only to our employees - beauticians;

- When fulfilling the contracts for the supply of cosmetic products, we provide your personal data to third parties to our customers, carriers, contractors, couriers and partners in the supply chain, and when sharing your personal data, all necessary measures have been taken for their protection;

- Service providers: When we use service providers related to technical support of internal information systems and operational support of our activity, as well as software companies responsible for the maintenance of our websites or their individual functionalities, Leona's official Facebook and Instagram page Lillian, it is possible for the Company to disclose personal data. Such disclosure of data shall only take place if there is a valid reason for doing so and based on a written agreement that the recipients provide an adequate level of protection where applicable;

- In certain cases, it is possible for us to share information about you with our partners in the territory of the European Union and the European Economic Area or outside them. Such disclosure of personal data is carried out in compliance with the applicable Bulgarian and European legislation.

State and municipal authorities: in fulfillment of its legal obligations, the Company may be obliged to disclose your personal data upon express instruction of state or municipal authorities (Customs, Executive Agency "Maritime Administration", Ministry of Transport, Information Technologies and Communications, National revenue agency, etc.);

To whom do we provide your personal data?

Leona Lilian does not process sensitive personal data of its customers - individuals or employees / representatives of customers, partners and suppliers, website visitors and pages in social networks.

Special categories of data

We operate our website in accordance with applicable law. Children aged 18 or younger should always have the consent of a legal representative before providing us with personal data through the Website. If, upon collecting the data, we determine that a user is under that age and has not provided consent to a legal representative before providing any personal data, we will not use or maintain their personal data without the consent of their legal representative. However, without such consent, the child may not be able to use our cosmetic services or order cosmetic products from our websites. However, in certain circumstances, we may maintain and use such information (in accordance with our Privacy Policy and applicable law) to notify and obtain the consent of the legal representative and for certain safety, security, liability and other purposes under applicable law. The legal guardian may review, remove, amend or refuse further collection or use of their child's personal data, including the child's name, address and email address, by contacting us or our data protection officer.

Children's data

Leona Lilian does not use your data to prepare personal or user profiles for marketing purposes. We also do not apply automated processing to your personal data.

Profiling and automated processing of personal data

In general, the Company does not disclose personal data to persons established outside the European Union or the European Economic Area.


When providing personal data to persons established within a member state of the European Union, personal data benefit from the level of protection provided by Regulation (EU) 2016/679, as well as the related normative acts of the European Union.

When providing personal data in countries outside the European Economic Area, it should be taken into account that the European Commission recognizes some of these countries as providing an adequate level of protection. This can be checked on the official website of the European Commission, as well as on the website of the Commission for the Protection of Personal Data in the Republic of Bulgaria.

Regarding the provision of data to other countries that are not recognized by the European Commission as providing an adequate level of protection, when such provision is required, the Company implements adequate data protection measures, such as organizational and legal measures (e.g. signing approved by the European Commission Standard Contractual Clauses).

Recipients of personal data established outside the territory of the Republic of Bulgaria

При спазване на приложимото законодателство, Вие имате следните права спрямо личните Ви данни, обработвани от Леона Лилиан:


1. Right of access and right to receive a copy of your personal data

You have the right to receive confirmation as to whether we are processing your personal data. If so, you may be given access to your personal data and certain information about how it is processed, as well as a copy of it. For this purpose, you can fill out the corresponding access request..


2. Right to correct your personal data

You have the right to request the correction of your personal data that is inaccurate or incomplete.


3. Right to deletion ("right to be forgotten")

You have the right to request the deletion of your Personal Data when they are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in other cases provided for in the Regulation, for example if you wish to withdraw your consent or the data is were processed unlawfully.


4. Right to restriction of processing

If you dispute the accuracy of your personal data for a period that allows us to verify it, as well as in other cases provided for in the Regulation, you may request the restriction of the processing of your personal data.


5. Right of Portability 

You have the right to receive the personal data you have provided to us in a structured, widely used and machine-readable format, and the right to transfer such personal data to another data controller where the processing of such personal data:

  • is based on consent or a contract with us and

  • is performed in an automated manner.

When you have exercised your right to portability, you have the right to ask the Company to directly transfer your personal data to another controller where technically feasible.

6. Right to object

You have the right, on grounds related to your specific situation, to object to the processing of personal data concerning you, which is based on the Company's legitimate interests.


7. Right to Withdraw Your Consent

If you have given your consent to the processing of your personal data, you may withdraw it at any time.


If you wish to exercise any of your rights or have questions regarding the processing of your personal data, please contact us at the indicated contacts. We will consider your inquiry/complaint and within 30 days of receiving it you will receive a response. If necessary, this period can be extended by up to two months, taking into account the complexity and number of requests, of which you will be promptly informed, including the specific reasons for the delay.


You may exercise your rights without paying fees, except in certain cases.


Detailed information on the terms and conditions in which you can exercise your rights can be found in Leona Lillian's Policy for the Exercise of the Rights of Personal Data Subjects on our website

If you believe that your personal data have not been processed lawfully, you can contact the Commission for the Protection of Personal Data and file a complaint at tel. 02/91-53-518, e-mail:

What are your rights?

Leona Lilian maintains appropriate administrative, technical and organizational measures designed to help protect the security and integrity of your personal data and to protect it from accidental or unlawful destruction, loss, unauthorized correction, disclosure or access, misuse and any other unlawful form of processing. Leona Lillian maintains secure computer systems through which personal data is processed. Adequate control mechanisms for the separation and management of data are applied to our systems, limited access and security of the objects is provided, which is subject to periodic inspection.


To fulfill its obligations to protect your personal data, Leona Lilian duly takes into account the achievements of technical progress, introducing tested methods in the management of security systems and possible risks.


Leona Lilian only works with verified partners that provide adequate measures to protect personal data.


Leona Lillian has implemented security procedures as well as technical and physical restrictions on access and use of personal data.


Leona Lilian conducts trainings for its employees regarding personal data protection policies and procedures to help preserve information and limit access to your personal data to only those of our employees who need access to perform your duties.


Leona Lillian has strict policies and procedures applicable to its personnel to minimize the risks of processing personal data.

Security of personal data

Security of personal data

Leona Lillian has adopted procedures to effectively recognize, report and investigate breaches of the security of personal data. In the event of a violation of the security of personal data, the Company will take immediate actions to limit the effect of the violation, as well as to inform the affected data subjects and the supervisory authority for the protection of personal data.

Breach of personal data security

Leona Lillian will promptly update, by amending and supplementing, this Policy at any time in the future when legal requirements or other circumstances require it.

01.01.2023 г.

More information


bottom of page