Security & Privacy Policy

Security & Privacy

This policy applies to the processing of personal data that Bonbona ("Bonbona" or "we") collects about you, which may come from, for example, via our websites (including social networks belonging to third parties), electronic mail, SMS, telephone, store, registration forms, in other contacts with us, camera surveillance, from third parties and from publicly available information.

We protect your personal privacy. This policy regulates how we collect, use and protect information about you and how you can exercise your rights. Please contact us if you have questions or comments regarding this personal data policy.

With reference to the law below, we mean the Data Protection Regulation (eng. General Data Protection Regulation, GDPR) and other applicable albanian data protection legislation.

What information do we collect about you?

"Personal data" means data that concerns you and can identify you.

In this personal data policy, the terms "personal data" and "data about you" are used synonymously and interchangeably.

In general, you can use our website without providing us with any information other than technical. On some pages, information will be requested from you, for example in connection with purchases and service matters or if you register to take part in electronic newsletters. Furthermore, we may use information about you that we have obtained from other sources provided by third parties, e.g. marketing and sales activities company.

The personal data about you that is collected can be:

Personal and contact information - such as your name, address, e-mail address and telephone number, demographic information (such as date of birth, age, gender, geographical location, favorite products and hobbies) as well as, when it is clearly justified with regard to the purpose of the processing or the importance of a secure identification, including social security number.

Financial information - information needed to complete an order or that you use to make a purchase, such as payment or credit card details.

Technical data about your device or internet connection - for example IP address, cookies, geographical location and login details.

Information about your user behavior - such as your search patterns and activities on the website, your page response time and how you use our services.

User-generated information – content you register, submit or publish yourself, for example in connection with calls to customer service (which may be recorded), competitions, subscription to newsletters and content that you share with us by uploading to our website or social media network (that you allow the network to share with us), such as texts, videos and photographs.

Information from other sources – Publicly available information or information from our partners that we collect, for example, to keep our information about you up to date or to secure, for example, payment.

Purpose and legal basis

In order for our processing of your personal data to be legal, it is assumed that there is a legal basis for this, i.e. that it is necessary to fulfill an agreement with you or a legal obligation incumbent on us, or that the processing is done after a balancing of interests or that you have given your consent to a specific processing. Below are examples of the purposes for which we process your personal data and the legal basis on which this is done.

Bonbona processes your personal data for various purposes. Mainly, Bonbona processes your data for the following purposes and the following stated legal bases for the same:

One of our primary purposes for collecting personal data is to fulfill our obligations to you as a customer, such as processing and delivering your orders, invoicing and providing customer service and other commitments linked to the purchase of our products. For example, we may need to answer your questions via our customer service in connection with the purchase and send you information for product safety purposes, e.g. if any of our products need to be recalled, and otherwise assure us that legal requirements are complied with (for example, the Accounting Act).

Legal basis: Fulfillment of contract (conditions of sale) or legal obligation

Another main purpose is to be able to offer you good products and service through customized services and to deliver better services with more relevant content. We use the information we collect to be able to provide you with information about products you request, but also to understand our customers better. To achieve this, we conduct customer surveys, among other things. Furthermore, we analyze information about our customers' demographic and geographic conditions, interests and behavior based on the information we receive from our website or other services, so-called. profiling. Customer and market analysis and processing for statistical purposes are performed on an aggregated level and are not intended to identify individual customers.

Legal basis: Legitimate interest

We may use information about you to send newsletters by post, e-mail, SMS/MMS or by telephone, to inform you about new products, campaigns, offers, competitions and other information about our products and activities that we offer and which we think may be of interest to you. We may therefore use the information about you for direct marketing, including so-called profiling, provided you have not instructed us not to do so. However, to the extent that you do not have a customer relationship with us or have had one in the last twelve months, we will only use your data for electronic direct marketing if you have given your consent. Your personal data can also be used for interest-based advertising on the internet via us or the digital advertising networks we cooperate with and which in some cases can be adapted to your interests based on information we have collected, so-called profiling.

You have the opportunity at any time to object to us using your personal data for direct marketing purposes by contacting us in the manner described under the heading Contact below, or directly in our electronic mailings.

Legal basis: Legitimate interest or consent (unless otherwise expressly stated in connection with the collection of your personal data).

Bonbona's legitimate interest in the aforementioned personal data processing is to be able to offer you a better purchasing and customer experience as well as to provide you with personalized offers and other relevant information.

Information about cookies

We use cookies, electronic images and similar tracking technologies on our website and in our email communications. For more information about how we use cookies and the like, see our cookie information.

To whom do we disclose your data?

We treat your personal data with the utmost care and your data is only used by us and selected third parties.

Third parties that we engage to help us run our business (such as for customer surveys and mailings) are only permitted to use your personal data on our behalf and for the specific tasks they have to perform on our instructions and act as personal data processors to us. They are required to keep your personal data confidential and secure. If required by law, you have the right to receive a list of any personal data processors who process your personal data on our behalf.

In order to be able to offer better services and for marketing purposes, we may also forward your personal data to third parties, usually as independent personal data controllers, so that they can perform a service for us or you, for example for address updates, a postal or shipping service companies that will deliver products, insurance companies, banks/credit reporting companies or to digital advertising networks that we cooperate with.

We may also disclose personal data in other special cases, e.g. when we have reason to believe that the information is necessary to identify, contact or prosecute someone who may have infringed the website, or who otherwise infringed or encroached on our rights or property or the rights of our customers or other visitors.

Your rights

In accordance with the law, you have the right to request information about personal data we have about you after you have identified yourself and clearly stated what information you wish to access. Such a request must be in writing and personally signed and sent to the address listed below under the heading Contact below. We will respond to your request as soon as possible and within a month. In cases where we are unable to fulfill your request, we will notify you and state why.

If you believe that the information about you is incorrect or incomplete, you have the right, in a manner and limited to what is prescribed by law, to turn to us with a request for correction. We will correct or update the information about you as quickly as reasonably possible.

You also have the right, as prescribed by law, to request that the data about you be deleted or to request that we limit the processing of your personal data and to revoke any consents. You also have the right, as prescribed by law, to have the personal data you provided to us transferred (ported).

Note that we may be required to retain necessary personal data in connection with deletion, withdrawal of consent or porting to fulfill our obligations under law or contract. We may also be permitted by law to retain certain personal data to meet our business needs.

You have the right to object to such processing of your personal data that we do based on balancing interests, including profiling. We must then, after you have specified which treatment you object to, show that there are interests that weigh more heavily. You also have the right to object at any time to the processing of your personal data for direct marketing.

How long do we store your personal data?

We save your personal data only as long as it is necessary for the purposes that follow from this personal data policy or as long as it is required by law or agreement. Your personal data is thinned or anonymized when it is no longer relevant for the purposes for which it was collected or is no longer required by law or agreement.

What do we do to protect your data?

To prevent unauthorized access, use, alteration, destruction or disclosure, we have implemented appropriate and reasonable standards to protect and secure the information about you that we process. The measures are taken with the aim of preventing unauthorized or illegal processing of the data about you and accidental loss or destruction of, or damage to, this data. Among other things, Bonbona uses SSL (Secure Socket Layer), which means that the orders you place are encrypted.

Should a personal data incident be discovered, this will be reported to the Albanian Data Protection Authority as well as to you in the manner prescribed by law.

Links to other websites

Please note that this website may contain links to other websites. In the event that you follow such a link, this may result in you visiting other websites that contain different rules for privacy protection than those stated in this privacy policy.

Amendment of the personal data policy

This privacy policy may be updated by us. If there are material changes to this privacy policy, we will notify you by placing a prominent notice on the website or by other necessary means. We encourage you to read through this personal data policy to keep you informed about how we process your personal data.

Complaints and damages

If you believe that the processing of your personal data has been handled incorrectly, please report this to us as soon as possible. You also have the option of submitting a complaint to the Data Protection Authority regarding our processing of personal data.

If you believe that you have suffered damage due to our processing of your personal data in violation of the law, you may be entitled to compensation. You can then request damages from us or file a lawsuit in court.


Bonbona, is the personal data controller for the processing of your personal data as above, unless otherwise expressly stated in connection with the collection of your data. Bonbona complies with albanian data protection legislation. If you have questions about the policy or our processing of personal data, please contact us as below.

Address: Rr. "Barrikadave", 9-Katëshet, Godina 2, Hyrja 1, Apartamenti 12, 1001 Tiranë