Privacy Policy | Everglow Vitality

Privacy Policy for EverglowVitality.com

Effective Date: March 20th, 2025

SN Mar Ltd. is a Bulgarian limited liability company, registered in the Bulgarian Commercial Register under Unified Identification Code (UIC): 207313971, having its seat and registered address at: Banat Street No. 10, Floor 5, Apartment 15, Lozenets District, Sofia, 1407, Bulgaria, e-mail address: wellness@everglowvitality.com (hereinafter referred to as "Everglow Vitality," "we," "us," or "our").

Everglow Vitality operates the website www.everglowvitality.com (the "Website").

In accordance with applicable data protection legislation, Everglow Vitality acts as a data controller regarding the personal data provided by users of our services/programs and visitors to the Website.

We process your personal data responsibly and in compliance with applicable national and European legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), as well as the Bulgarian Personal Data Protection Act.

This Privacy Policy is designed to inform you what personal data we process, how we collect and use it, for what purposes and for how long when you visit or make a purchase from our Website, as well as to explain your rights regarding your personal data and how you can exercise them.

Please read this Policy carefully to understand how we collect, use, and protect your data. If you have any questions, you can contact us using the contact details provided below.

We may update or amend this Policy at any time. If we do so, we will notify you by updating the effective date at the top of this page. Any changes will become effective immediately upon publication on the Website. Therefore, we encourage you to periodically review this section for updates.

1. Principles Governing the Processing of Personal Data

We process personal data in accordance with the following key principles, ensuring compliance with the General Data Protection Regulation (GDPR) and applicable national laws:

Lawfulness, Fairness, and Transparency – We process personal data in a lawful, fair, and transparent manner, ensuring that individuals are fully informed about how their data is used.
Purpose Limitation – We collect personal data only for specified, explicit, and legitimate purposes, and do not process it further in a way that is incompatible with those purposes.
Data Minimization – We collect and process only the data necessary for the intended purposes, avoiding excessive or irrelevant information.
Accuracy – We take reasonable steps to ensure that personal data is accurate, complete, and up to date. Any inaccurate or outdated information is corrected or deleted promptly.
Storage Limitation – We retain personal data only for as long as necessary to fulfill the specified purposes or as required by law. Once the retention period expires, data is securely deleted or anonymized.
Integrity and Confidentiality – We implement appropriate technical and organizational security measures to protect personal data against unauthorized access, disclosure, alteration, or destruction.
Accountability – As a data controller, Everglow Vitality takes responsibility for ensuring compliance with these principles and can demonstrate compliance upon request from supervisory authorities.

2. Personal Data We Collect

2.1. Personal Data Collected When Visiting the Website

When you visit our Website, we automatically collect certain data related to your browsing activity. This data is generated by the Website’s infrastructure or through analytics tools and may include your IP address, browser type and version, device type and operating system, pages visited on the Website, links clicked, date, time, and duration of your visit, as well as unique device identifiers and diagnostic data.

Cookies
Everglow Vitality uses only strictly necessary cookies, which are essential for the operation and security of the Website. These cookies enable core functionalities such as page navigation, session security, and access to protected areas of the site. As they are required for the Website’s basic functionality, they do not require user consent under GDPR.

If, in the future, we introduce cookies that collect data for analytics, marketing, or tracking purposes, we will request your explicit consent before activating them. You will have the option to manage your cookie preferences and disable non-essential cookies through your browser settings or our cookie management tool.

For more details on cookies, please refer to Section 10.

Third-Party Links on the Website
Some pages on our Website may contain links to third-party websites. If you click on such a link, you will be redirected to an external website that operates under its own Privacy Policy. Everglow Vitality is not responsible for how third parties process your data, and we recommend reviewing their policies before providing any personal information.

Purpose and Legal Basis
The personal data collected when you visit our Website is processed for the following purposes:

To ensure the proper functioning and security of the Website, including preventing unauthorized access, detecting potential cyber threats, and protecting against fraudulent activities.
To optimize your user experience, ensuring the Website displays correctly across different devices and browsers.
To monitor Website performance and troubleshoot technical issues that may arise.

We process this data based on our legitimate interest (Art. 6(1)(f) GDPR), as maintaining a secure and stable Website is essential for both Everglow Vitality and its users.

Regarding the use of cookies, Everglow Vitality currently relies only on strictly necessary cookies, which do not require user consent under GDPR. These cookies enable core functions such as security authentication, page navigation, and access to protected areas.

However, if in the future we introduce cookies for analytical, marketing, or tracking purposes, we will seek your explicit consent (Art. 6(1)(a) GDPR) before processing such data. If you do not provide consent, these cookies will not be activated.

2.2. Personal Data Collected When Registering an Account
When you choose to register an account on our Website, we collect only your email address.

Providing an email address is required to create an account. Everglow Vitality does not require additional personal details such as your full name, phone number, or address during the registration process.

Purpose of Processing
The personal data collected during registration is processed for the following purposes:

To create and manage your user account, enabling you to access our services.
To facilitate login and authentication, allowing you to securely access your account.
To store your order history, making it easier for you to track past purchases.
To send essential account-related communications, such as updates on service availability, security notifications, or password recovery instructions.

Legal Basis for Processing
The processing of personal data for account registration is based on contractual necessity (Art. 6(1)(b) GDPR), as it is required to provide access to our services.

2.3. Personal Data Collected When Booking a Discovery Call
When you book a 20-minute discovery call through our Website, we collect the following personal data:

Full name (as provided by you)
Email address
Phone number (optional)
The subject matter of the call (if provided by you)

Purpose of Processing
The personal data collected when booking a discovery call is processed for the following purposes:

To schedule and conduct the discovery call, allowing us to discuss your needs and provide relevant service information.
To communicate with you regarding your inquiry, including sending confirmations, reminders, and follow-up emails.
To determine whether our services meet your needs based on the information you provide.
To keep a record of your inquiry in case you choose to proceed with a service at a later stage.

Legal Basis for Processing
We process this data based on contractual necessity (Art. 6(1)(b) GDPR), as the discovery call is an initial step towards a potential service agreement.

If you voluntarily provide additional information that is not required for scheduling the call (e.g., personal preferences, past experiences, or any sensitive data), such processing will be based on your explicit consent (Art. 6(1)(a) GDPR), and you may withdraw your consent at any time.

2.4. Personal Data Collected When Purchasing a Service or Program
When you purchase a service or program through our Website, you will be required to enter your payment details. While Everglow Vitality facilitates the payment process, we do not store or process full payment card details for our own purposes. Instead, your payment data is securely transmitted to our third-party payment provider, Stripe (or another relevant payment processor).

Personal Data Collected During Checkout
During the checkout process, the following personal data is collected:

Email address (required for order confirmation and transaction records).
Payment details, which you enter at checkout, including:
- Card number
- Expiration date
- CVC/CVV security code
- Cardholder name

Payment Processing & Security
Everglow Vitality does not process or store full payment card details. When you enter your payment details, they are momentarily collected and securely transmitted to Stripe (or another relevant payment processor), which handles the transaction in accordance with its own Privacy Policy and PCI DSS security standards.

Everglow Vitality only retains limited transaction metadata, including the payment amount, the date and time of the transaction and the confirmation status of a successful or failed payment. We do not have access to, nor do we store, your full card number, expiration date, or CVC/CVV security code.

For more information on how your payment details are handled, please refer to Stripe’s Privacy Policy (or the relevant payment provider’s policy).

Purpose of Processing
The personal data collected during a purchase is processed for the following purposes:

To process and fulfill your order, including verifying the payment and granting access to the purchased service or program.
To provide an invoice, if requested, in compliance with tax and accounting laws.
To send you confirmation emails and relevant updates about your purchased service or program.
To maintain transaction records for accounting, tax compliance, fraud prevention, and dispute resolution.

Legal Basis for Processing
We process this data based on the following legal grounds:

Contractual necessity (Art. 6(1)(b) GDPR) – as processing is required to complete your purchase and deliver the service or program.
Legal obligation (Art. 6(1)(c) GDPR) – for processing and storing billing information in compliance with tax and accounting regulations.
Legitimate interest (Art. 6(1)(f) GDPR) – to maintain transaction records for fraud prevention and dispute resolution.

2.5. Personal Data Collected Before, During, or After Service Provision
When you engage with our services or programs, we may collect certain personal data necessary for the effective delivery of the consultation. This includes information gathered before, during, or after our sessions in order to provide you with personalized recommendations and monitor your progress.

Personal Data Collected
Depending on the nature of the consultation or program, we may collect the following information:

Lifestyle and eating habits – including your daily routine, activity levels, food preferences, dietary restrictions, wellness goals, and any previous strategies you have tried, including what has worked, what hasn’t, and your expectations moving forward.
Tracking data – you may be invited to:
- Keep a food journal for three days or on a weekly basis;
- Track your weight, if you wish to monitor your progress;
- Provide your height and weight (in kilograms or pounds), which may be used to calculate your Basal Metabolic Rate (BMR);
- Share how you feel after meals, including your energy levels, mood, and digestive responses.
Health-related information (voluntarily provided) – such as your medical history or allergies, where relevant to assess whether the consultation is within our professional scope.

! Note: Everglow Vitality does not collect or store medical records, laboratory test results, or clinical diagnoses, and we do not request such documentation. If you have a medical condition, it is your responsibility to consult with your healthcare provider before making changes to your diet, physical activity, or lifestyle.

Purpose of Processing
We process this data for the following purposes:

To personalize the consultation or program based on your individual needs and goals.
To assess your current habits and provide tailored strategies to support your wellness.
To monitor your progress and adjust recommendations as needed.
To maintain internal service notes that support continuity in future sessions or follow-ups.
To determine whether the services fall within the scope of our professional expertise.

Legal Basis for Processing

Contractual necessity (Art. 6(1)(b) GDPR) – for processing data necessary to deliver the agreed-upon consultation or program.
Explicit consent (Art. 9(2)(a) GDPR) – for processing voluntarily provided health-related data.

2.6. Personal Data Used for Marketing Purposes
With your explicit consent, we may use the personal data you have provided to send you newsletters, promotional materials, and other marketing communications related to our services and offerings that may be of interest to you.

You will only receive such communications if you have actively agreed to them, for example by ticking a checkbox when booking a service or signing up for updates.

You may withdraw your consent at any time by clicking the “unsubscribe” link included in our emails or by contacting us using the details provided in this Privacy Policy.

We do not send unsolicited marketing messages and we do not sell or share your personal data with third parties for their own marketing purposes.

3. How We Collect Your Data

We collect data through the following methods:

Direct interactions: You may provide us with your personal data by filling out forms on our Site (e.g., when booking a discovery call, registering an account, or making a purchase), by completing a form sent to you prior to a consultation, contacting us via email, by participating in our programs or by sharing information during consultation sessions.
Automated technologies: As you navigate through the Site, we may collect information about your equipment, browsing actions, and patterns using cookies and similar technologies. We only collect the data necessary for the purposes described in this Policy, and we do not obtain personal data from third-party sources or public databases.

4. Legal Basis for Processing Personal Data

For each category of personal data described above, we have specified the purposes of processing and the corresponding legal bases under the General Data Protection Regulation (GDPR). This section provides a summary of the legal grounds on which Everglow Vitality relies when processing personal data:

Consent: You have given us permission to process your Personal Information for a specific purpose.
Contractual Necessity: Processing is necessary for the performance of a contract with you.
Legal Obligation: Processing is necessary for compliance with a legal obligation.

5. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected and processed or to comply with applicable legal, accounting, reporting or other regulatory requirements. Personal data may be stored in electronic form (on secure servers, cloud systems, or email platforms), and in limited cases, in physical form (e.g. printed invoices or service records), depending on the context of the processing.

The specific retention periods are as follows:

Website browsing data (including IP address, session activity, and other technical information collected automatically) is stored for a limited period depending on the nature of the data. Some data, such as session cookies, are deleted immediately after you leave the Website. For more details, refer to our Cookies Policy (Section 10).
Account registration data (email address) is retained for as long as your account remains active. If you request to close your account, your data will be deleted unless we are legally required to retain it for a longer period (e.g. under tax or accounting laws).
Data collected when booking a discovery call is retained for as long as necessary to follow up on your inquiry, but not longer than 12 months, unless you request earlier deletion.
Purchase-related data, including payment metadata and transaction records, is retained for a minimum of 5 years to comply with applicable tax and accounting obligations under Bulgarian law, unless a longer or shorter period is required by law. We do not retain full payment card details.
Data collected during service delivery (e.g. consultation notes, lifestyle or wellness information) is retained for the duration of the active program and for up to 12 months after its completion, unless earlier deletion is requested or a longer retention period is required to protect our legal rights.
Marketing-related data, where you have consented to receive promotional emails or newsletters, is retained until you withdraw your consent or unsubscribe.

After the expiration of the relevant retention period, we take appropriate steps to securely delete or anonymize your data, unless applicable law requires a longer retention period.

6. Data Security

EverglowVitality.com website is hosted on the Wix.com platform, which provides the technical infrastructure for offering our services and products online. Your personal data may be stored through Wix.com’s secure data storage systems, databases and applications, which are protected by firewalls and comply with industry-standard security protocols.

Some of our services, including consultations or communication related to your services or program, may be conducted via third-party platforms such as Google Meet or through Wix’s integrated communication tools. These platforms apply appropriate technical and organizational measures to ensure the confidentiality and integrity of your data.

Internally, we limit access to personal data to only authorized personnel who require it to fulfill their duties. We use password-protected systems, access control tools, and secure cloud storage to prevent unauthorized access, loss, or misuse of data.

7. Disclosure of Personal Data to Third Parties

EverglowVitality does NOT sell your data.

We may disclose your personal data only when necessary for the fulfillment of contractual obligations, compliance with applicable laws and regulations, or based on your explicit consent (where applicable). These third parties may act as data processors, joint controllers, or independent data controllers depending on the nature of the processing.

We may share your data with the following categories of recipients:

State authorities or other public bodies, when required by law or upon a lawful request such as a court order, subpoena, or regulatory inquiry.
IT service providers, including the website hosting provider (Wix.com), cloud storage services, or technical support partners that maintain and operate the Website or our communication systems.
Payment processors, such as Stripe, which process payments on our behalf and in accordance with their own privacy and security policies.
Legal, accounting, or auditing service providers, where necessary for fulfilling our legal obligations or protecting our legitimate interests.
Marketing service providers, only if you have given your prior consent to receive promotional messages.
Other third parties, but only after notifying you and obtaining your explicit consent, where required.

All third parties are granted access to your personal data only to the extent necessary to perform their specific duties and are contractually obliged to treat the data in accordance with applicable data protection laws.

International Transfers

As a general rule, we do not transfer or process your personal data outside the European Union.

However, some of the third-party service providers we use (such as Google Meet or Stripe) may process personal data on servers located outside the EU/EEA. In such cases, these providers are themselves responsible for ensuring that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or other lawful mechanisms under the GDPR.

We only work with third-party providers who demonstrate GDPR compliance and offer adequate protection of your personal data in accordance with applicable legal standards.

8. Your Rights Under GDPR

As a data subject, you have the following rights regarding the personal data we process about you. We are committed to ensuring that these rights can be exercised effectively and in a timely manner:

Right of access – You have the right to obtain confirmation as to whether or not personal data concerning you is being processed and, where that is the case, to access the data and receive information regarding its processing, including the purposes, categories of data, recipients, and retention period.
Right to rectification – If you believe that the personal data we hold about you is inaccurate or incomplete, you may request that it be corrected or supplemented accordingly.
Right to erasure – You may request the deletion of your personal data where it is no longer necessary for the purposes for which it was collected, or where you have withdrawn your consent (if applicable), or where the processing is otherwise unlawful.
Right to restriction of processing – You may request that we restrict the processing of your data in certain cases, such as when the accuracy of the data is contested, or you have objected to the processing and we are verifying whether we have compelling legitimate grounds.
Right to object to processing – In situations where we process your data based on our legitimate interest or for direct marketing purposes, you have the right to object to such processing.
Right to data portability – You may request to receive your personal data in a structured, commonly used and machine-readable format and to have that data transmitted directly to another controller, where technically feasible.

9. How to Exercise Your Rights

You may exercise any of the rights described above by contacting us using the details provided in the “Contact” section of this Policy.

We will respond to your request as soon as possible and no later than one month from the date of receipt. In cases of complex or multiple requests, this period may be extended, and we will inform you of the extension and the reasons for it.

Please note that we may ask you to verify your identity before fulfilling your request.

10. Cookies

Everglow Vitality uses cookies and similar technologies to ensure the proper functioning, performance, and security of the Website. Cookies are small text files stored on your device (computer, tablet, or smartphone) when you visit a website. They help enhance the user experience by enabling basic features such as page navigation, session control, and protection against malicious activity.

We currently use only strictly necessary and functional cookies. These do not require user consent under applicable data protection law (e.g., GDPR).

Cookies in Use on Our Website

Managing Cookies
As we only use cookies that are strictly necessary or functional, there is no requirement to display a cookie consent banner. However, you can still manage or delete cookies through your browser settings if you wish.

Here are links for managing cookies in popular browsers:

If we begin using cookies for analytics, advertising, or tracking purposes in the future, we will update this section and provide the necessary tools for you to give or withdraw your consent.

11. Changes to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or services. When we do, we will revise the “Effective Date” at the top of this document and publish the updated version on this page. We encourage you to review this Privacy Policy periodically for any changes.

12. Contact Us

If you have any questions about this Privacy Policy, the data we hold on you, or if you would like to exercise any of your rights, please contact us at:

Email: wellness@everglowvitality.com

Mailing Address:
SN Mar Ltd
Bulgaria, Sofia 1407, "Banat 10" Str.

13. Complaints

If you believe that your personal data is being processed unlawfully or that your data protection rights have not been respected, you have the right to lodge a complaint with the competent data protection authority.

In the Republic of Bulgaria, this is:

Commission for Personal Data Protection (CPDP)
Website: www.cpdp.bg
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Email: kzld@cpdp.bg
Phone: +359 2 915 35 18