Privacy Policy
How we collect, use, and protect your personal data
Introduction
Welcome to Chronoteka. We are committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website chronoteka.com. Chronoteka operates as a catalog-only platform for luxury watches. We do not offer online purchases, checkout functionality, or user account registration. All transactions occur offline through direct contact with our team. By using our website, you consent to the data practices described in this policy.
Data Controller
Chronoteka LTD (Hronoteka OOD)
ul. Balsha 3
Sofia 1408, Bulgaria
UIC: 207343338
VAT: BG207343338
Email: info@chronoteka.com
Phone: +359 879 182 121
As a company with fewer than 250 employees, we are not required to appoint a Data Protection Officer under GDPR Article 37. For any data protection inquiries, please contact us at the email address above.
Data We Collect
Contact Form Data
- Name (required)
- Email address (required)
- Phone number (optional)
- Country (required)
- Message content
- Watch reference (if inquiring about a specific watch)
Trade-in/Sell Request Data
- Name, email, phone (required)
- Country (required)
- Watch details (brand, model, reference, year, condition)
- Included accessories information
- Photos of your watch (1-10 images)
- Target watch for trade-in (if applicable)
Newsletter Subscription Data
- Email address (required)
- Consent date and IP address
- Double opt-in confirmation date
Technical Data (automatically collected)
- IP address
- Browser type and version
- Device information
- Access timestamps
- Pages visited
- Referral source
How We Use Your Data
Contact Form Submissions
- To respond to your inquiries about watches
- To schedule consultations or appointments
- To provide information about our services
Trade-in/Sell Requests
- To evaluate your watch for potential trade-in or purchase
- To contact you regarding your submission
- To provide valuations and offers
Newsletter
- To send marketing communications about new watches
- To inform you about promotions and events
- To share industry news and updates
Website Operation
- To ensure website functionality and security
- To analyze usage patterns and improve our services
- To detect and prevent fraud or abuse
Legal Basis for Processing
| Data Type | Legal Basis |
|---|---|
| Contact form submissions | Contract performance (Art. 6(1)(b)) - necessary to respond to your inquiry |
| Trade-in/sell requests | Contract performance (Art. 6(1)(b)) - necessary to process your request |
| Trade-in photos | Contract performance (Art. 6(1)(b)) - necessary to evaluate your watch |
| Newsletter subscription | Consent (Art. 6(1)(a)) - based on your explicit opt-in |
| Essential cookies | Legitimate interest (Art. 6(1)(f)) - necessary for website operation |
| Analytics cookies | Consent (Art. 6(1)(a)) - based on your cookie preferences |
| Technical/security data | Legitimate interest (Art. 6(1)(f)) - necessary for security |
Data Sharing
Supabase Inc.
- Purpose: Database hosting and storage
- Data processed: All form submissions and user data
- Location: EU (Frankfurt, Germany)
- Privacy policy: supabase.com/privacy
Google LLC (Google Analytics 4)
- Purpose: Website analytics and traffic analysis
- Data processed: Browsing behavior, page views, device information
- Location: USA (with Standard Contractual Clauses)
- Privacy policy: policies.google.com/privacy
Microsoft Corporation (Clarity)
- Purpose: Session recording and heatmaps
- Data processed: User interactions, mouse movements, clicks
- Location: USA (with Standard Contractual Clauses)
- Privacy policy: privacy.microsoft.com
Vercel Inc.
- Purpose: Website hosting
- Data processed: Technical logs, IP addresses
- Location: Global CDN with EU nodes
- Privacy policy: vercel.com/legal/privacy
We do not sell your personal data to third parties.
International Data Transfers
Primary storage: EU (Supabase Frankfurt data center)
Transfers to USA:
- Google Analytics (analytics data)
- Microsoft Clarity (session data)
Safeguards:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Encryption in transit (TLS 1.3)
- Encryption at rest
- Access controls and authentication
These transfers are necessary for the operation of our website analytics and are conducted in compliance with GDPR Chapter V requirements.
Data Retention
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Contact requests | 3 years | Bulgarian Commerce Act |
| Trade-in requests | 5 years | Warranty and claims period |
| Newsletter subscribers | Until unsubscribe + 30 days | GDPR Article 17 |
| Consent records | 5 years | GDPR accountability requirement |
| Audit logs | 5 years | Bulgarian Personal Data Protection Act |
| Analytics data | 24 months | Google Analytics default |
After these periods, your data is securely deleted or anonymized.
Your Rights Under GDPR
Right of Access (Article 15)
You can request a copy of all personal data we hold about you. We will respond within 30 days.
Right to Rectification (Article 16)
You can request correction of inaccurate or incomplete personal data.
Right to Erasure (Article 17)
You can request deletion of your personal data ("right to be forgotten") when it is no longer necessary for the purposes for which it was collected.
Right to Restrict Processing (Article 18)
You can request that we limit how we use your data in certain circumstances.
Right to Data Portability (Article 20)
You can request your data in a structured, commonly used, machine-readable format.
Right to Object (Article 21)
You can object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent (Article 7(3))
Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
How to Exercise Your Rights:
Email us at info@chronoteka.com with your request. We may need to verify your identity before processing your request.
Security Measures
Technical Measures:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Secure, access-controlled database infrastructure
- Regular security updates and patches
- Rate limiting on all forms (5 submissions per hour per IP)
Organizational Measures:
- Staff training on data protection
- Access limited to authorized personnel only
- Regular review of data processing activities
- Incident response procedures
Despite our efforts, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security but strive to protect your data to the best of our abilities.
Children's Privacy
Our website is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you are a parent or guardian and believe your child has provided us with personal data, please contact us at info@chronoteka.com. We will take steps to delete such information from our records.
Policy Updates
Material Changes:
For significant changes that affect how we process your data, we will provide 30 days' notice via a prominent banner on our website.
Minor Changes:
For clarifications or non-material updates, we will update the "Last Updated" date at the top of this policy.
We encourage you to review this policy periodically.
Contact & Complaints
If you have questions about this Privacy Policy or our data practices:
Chronoteka LTD
ul. Balsha 3, Sofia 1408, Bulgaria
Email: info@chronoteka.com
Phone: +359 879 182 121
Supervisory Authority:
You have the right to lodge a complaint with the Bulgarian data protection authority:
Commission for Personal Data Protection (CPDP)
Komisiya za zashtita na lichnite danni (KZLD)
2 Prof. Tsvetan Lazarov Blvd.
Sofia 1592, Bulgaria
Phone: +359 2 915 35 18
Email: kzld@cpdp.bg
Website: https://www.cpdp.bg