Privacy Policy

Last Updated: February 18, 2026

This Privacy Policy describes how “STO PLUS MEDICAL” LTD. EOOD (hereinafter referred to as the “Company”, “We”, “Us”, or “Our”) collects, uses, and discloses your Personal Data when you visit or make a purchase from bg.masterplusglobal.com (the “Site”).

For the purposes of identification and transparency, the Company is registered in Bulgaria under UIC (EIK): 206896866 and VAT No: BG206896866. In public registers, the Company name may also appear as a transliteration “STO PLUS MEDIKAL” Ltd (EOOD).

We are committed to protecting your privacy and ensuring that your personal data is processed in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Personal Data Protection Act of the Republic of Bulgaria.

1. General Provisions

1.1. By using the Site, registering an account, or placing an order, the User (hereinafter “You”) acknowledges and accepts the terms of this Privacy Policy.
1.2. The Controller of your personal data is “STO PLUS MEDICAL” LTD. EOOD (UIC/EIK: 206896866, VAT No: BG206896866).
1.3. If You do not agree with the terms of this Policy, You must stop using the Site immediately.

2. Information We Collect

We collect several types of information to provide and improve our service to you:

2.1. Personal Data
When you make a purchase, attempt to make a purchase, or register on the Site, we collect the following information:

Full Name (First and Last name);
Shipping Address and Billing Address;
Phone Number;
Email Address;
Personal Identification Number (EGN) – collected only if strictly required for issuing a VAT invoice to a physical person, for customs/shipping formalities where applicable, or for processing a credit application (BNPL/installments).

2.2. Payment Information
We do not store or process your full credit/debit card details on our servers. All payment transactions are processed through secure third-party payment gateways and regulated financial institutions (e.g., our acquiring bank and/or other payment service providers) that adhere to PCI-DSS and PSD2 (Payment Services Directive) requirements.

2.3. Technical Data (Automatically Collected)
When you visit the Site, we automatically collect certain information about your device, including:

IP address;
Browser type and version;
Time zone setting;
Operating system and platform;
Information about how you interact with the Site (pages visited, time spent).

3. Purpose and Legal Basis of Data Processing

Under GDPR, we must have a legal basis to process your data. We use your Personal Data for the following purposes:

Order Fulfillment (Contractual Necessity): To process payments, arrange shipping via courier services, and provide you with invoices and order confirmations. Without this data, we cannot fulfill the contract of sale.
Legal Obligations: To comply with accounting and tax laws (e.g., issuing invoices, maintaining statutory records, reporting to competent authorities where required).
Communication (Legitimate Interest): To communicate with you regarding your order, answer your queries, provide customer support, and screen orders for potential risk or fraud. Such screening may include automated checks; however, we do not rely solely on automated decision-making that produces legal effects concerning you, unless explicitly disclosed and permitted by law.
Credit Assessment (Consent/Contract): If you choose to pay via installments (e.g., via a financing/BNPL partner such as a bank), your data will be shared with the financial institution for credit scoring and contract preparation, in accordance with their privacy notice and applicable law.
Marketing (Consent): With your explicit consent (opt-in), we may send you emails about our store, new products, and other updates. You may withdraw consent at any time.

4. Disclosure of Data to Third Parties

We may share your Personal Data with third parties only to the extent necessary to perform our services and comply with the law:

Service Providers (Logistics): Courier companies and logistics partners to deliver your orders.
Financial Institutions: Payment processors and banks (including our acquiring bank) to process transactions or financing applications.
Professional Advisers: Accountants, auditors, and lawyers bound by confidentiality obligations.
Legal Compliance: We may disclose your information if required to do so by Bulgarian law or in response to valid requests by public authorities (e.g., NRA, CPDP, Court).

Some of our service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards (such as an adequacy decision or Standard Contractual Clauses) in accordance with GDPR.

5. Data Retention

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy.
Specifically:

Accounting Documents: Invoices and financial records are retained for 10 years as required by applicable Bulgarian accounting legislation.
Marketing Data: Retained until you withdraw your consent (unsubscribe).
Other Data: Retained for the duration of the applicable limitation period for legal claims (often up to 5 years), unless a longer period is required by law.

6. Security of Data

The security of your data is important to us. We use standard technical and organizational security measures, including SSL (Secure Socket Layer) encryption, to protect your personal information during transmission and storage. However, no method of transmission over the Internet or method of electronic storage is 100% secure.

7. Your Rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

Right to Access: You have the right to request a copy of the information we hold about you.
Right to Rectification: You have the right to request correction of any inaccurate or incomplete data.
Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete your personal data (unless we are required to keep it for legal or tax purposes, e.g., invoices).
Right to Restriction of Processing: You have the right to request that we limit the processing of your data under certain conditions.
Right to Data Portability: You have the right to receive your data in a structured, commonly used, machine-readable format and to transmit it to another controller where applicable.
Right to Object: Where we process your data on the basis of legitimate interests, you have the right to object to such processing. You also have the right to object at any time to processing of your personal data for direct marketing purposes.
Right to Withdraw Consent: Where we rely on your consent to process your data (e.g., for marketing), you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us using the contact information below. We may need to verify your identity before fulfilling certain requests. We will respond within the time limits required by GDPR.

8. Cookies

Our Site uses cookies to enhance your browsing experience. Detailed information about the types of cookies we use and how to manage them can be found in our separate Cookie Policy, accessible via the consent banner (Complianz) and the website footer.

9. Supervisory Authority

If you believe that your rights have been violated, you have the right to lodge a complaint with the supervisory authority in Bulgaria:

Commission for Personal Data Protection (CPDP)
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Website: www.cpdp.bg
Email: kzld@cpdp.bg

10. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. Changes are effective immediately after they are posted on this page.