• i. registration on our App:
  • First and last name
  • E-mail address
  • Picture (optional)
  • Phone number
• ii. the contact form on our Site/App:
  • E-mail address
  • Other information that you may decide to provide Us when contacting us.

• Google Play Services
• Firebase Analytics
• Mixpanel
• HubSpot
• Hotjar
• Crashlyrics
• Google Analytics
• Facebook SDK

• To provide CindyApp’s services to your benefit
  • creating and managing a profile on the App and the Site;
  • processing of reservations, including, but not limited to, acceptance, validation, sending reminders of appointments, sending your personal data (names, email, phone number, photo, if available) to the venues where you made reservations for;
  • resolving issues related to cancellation of reservations or any other issues related to reservations or other services, provided by CindyApp;
  • providing support, including answering your questions about your reservations and the services on the Site and the App.

The processing of your data for these purposes is in most cases necessary for the conclusion and performance of a contract between ZARENA and you. Additionally, the implementation of these purposes requires processing under applicable law, including tax and accounting legislation.

• To respond to your inquiries
• To improve our services

We would always like to offer you the best experience using CindyApp’s services. For this purpose, we can use certain information about your user behaviour, invite you to fill in satisfaction surveys after completing a registration, or conduct directly, or with partners, market research, and other research, and send you educational emails. Educational emails contain instructions, tips or, perhaps, information about the advanced features of CindyApp. The purpose of these communications is to streamline end user work in the App. Educational emails never include marketing messages.

We base these activities on ourlegitimate business interests by always ensuring that your fundamental rights and freedoms are unaffected.

• For direct marketing

We require your prior consent to send you different marketing messages, e. g. newsletters, surveys. You can change your mind and withdraw your consent at any time by:

• Using the "Unsubscribe" link in the messages you receive from us;
• By contacting us using the contact details below.

• Participation in competitions and different promotions

We might organize different competitions and promotions, e.g. Instagram Giveaways. If you decide to participate in such an event, then we will process your personal data for conducting it. If you don’t want your personal data to be processed for such reasons, you should not participate in such events.

• Protecting our legitimate interests

There may be cases in which we use or transmit information to protect our rights and our commercial activities. These may include:

• measures to protect the Site/App and the users of the Site/App against cyber-attacks;
• measures to prevent and detect attempts at fraud, including the transmission of information to competent public authorities;
• measures to manage various other risks.

The main reason for these types of processing is our legitimate interest in protecting our business by making sure that we ensure that all the measures we undertake ensure a balance between our interests and your fundamental rights and freedoms.

In addition, in some cases, our processing is based on legal provisions such as the obligation to protect the goods and the values provided by the applicable legislation in this respect.

On our Site/App we can process information using cookies and similar technologies under the Cookie Policy below.

• to the service provides you have chosen to make reservation with;
• to our third-party service providers who provide services such as accounting, website hosting, data analysis, infrastructure provision, IT services, email delivery services and other services, to enable them to provide services;
• to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
• as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

• it is no longer necessary for the purposes for which it was collected; or
• you have withdrawn your consent (if the processing of the data is based solely on consent); or
• exercise a legitimate right of objection; or
• it has been unlawfully processed; or
• there is a legal obligation in this respect.

We have no obligation to honor your request for deletion of your Personal Data if processing is required:

• to fulfill a legal obligation; or
• to establish, exercise or protect a legal claim.

• its accuracy is being challenged (see Rectification of Personal Data section) to be able to verify its accuracy; or
• processing is illegal, but you do not want the data to be deleted; or
• it is no longer necessary for the purposes for which it was collected, but we still need to identify, exercise or defend a legal claim; or
• you have already exercised the right of objection and you are checking whether the dominance of our rights is still in place. We may continue to use your Personal Data as a result of a restriction request:
• if we have your consent; or
• to establish, exercise or defend a legal claim; or
• to protect the rights of the Site Owner or any other person or entity.

• the processing is based on your agreement or the conclusion of a contract with you; and
• processing is carried out automatically.

• has legal consequences for you; or
• affects you in a similar way and to a great extent.

• is needed for execution and fulfillment of a contract with you;
• is permitted by law and there are adequate safeguards for your rights and freedoms; or
• is based on your explicit consent.

If you believe that ZARENA processes your personal data in the wrong way, you can contact support@cindyapp.com.

You have the right to complain to the local authority on the processing of your Personal Data.

In Bulgaria, the contact details of the supervisory authority for the protection of Personal Data are as follows:

Commission for Personal Data Protection

2 Prof. Tsvetan Lazarov Blvd., Sofia 1592,

Phone Number: + 359 2 915 35 18

E-mail: kzld@cpdp.bg

• browser and device information, carrier, internet connectivity
• server log file information and application usage logs
• information collected through cookies, pixel tags and other technologies
• demographic information and other information provided by you
• location information

All data are placed only on servers located within the European Union or in countries ensuring personal data protection in a manner equivalent to the protection ensured by the legal regulations of the Republic of Ireland.

We are also not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including in connection with any Personal Data you disclose to other organizations through or in connection with our social media pages.

The Site automatically identifies the user’s IP address. An IP address is a number automatically assigned to the user’s computer after connecting to the internet. All such information is recorded in an activity file by the server, which enables the subsequent processing of data.

• Log-in and verification: As soon as the User uses a personal account in order to log on, an encrypted cookie file is stored on the User’s device, which enables the User to move between the pages of the website without the need to repeatedly log on. The User can also save their log-in information so that they do not need to log in every time they return to the Site.
• Editing: CindyApp uses cookie files in order to adjust the content and information to the requirements of Users in order to ensure the user-friendliness of the website.
• Marketing: CindyApp uses cookie files in order to monitor its advertising campaigns, and for the monitoring of User submissions, applications and discount coupons, promotions and contests.
• Diagnostics: CindyApp uses cookie files for the purpose of diagnosing and repairing technical problems reported by Users or programmers that are associated with the IP addresses under the control of a specific web company or connection provider.
• Analysis: CindyApp uses cookie files and other identifiers for the purpose of collecting data on the use and performance of the website www.cindyapp.com.

There may also be third party cookie files located on the Site. This may be, for example, because we have authorized a third party to conduct a website analysis. CindyApp utilizes the following service providers:

• Google Inc. (googleapis.com, google-analytics.com, google.com, google.bg, googleadservices.com, googletagmanager.com)
• Mixpanel Inc. (mixpanel.com)
• Facebook, Inc. (facebook.com, analytics.facebook.com, developers.facebook.com)

The majority of web browsers accept cookie files automatically. However, it is possible to utilize the controls that enable them to be blocked or removed. Users of the Site are thus entitled to set their browser in such a way so that the use of cookies on their computer is prevented.

We utilize two types of cookie files – permanent and one-time. A permanent cookie file remains on the hard disk even after the browser is closed. Permanent cookie files may be used by the browser during subsequent visits to the website www.cindyapp.com. Permanent cookie files may be removed. One-time cookie files are temporary and are erased as soon as you close the browser.

Instructions for blocking or removing cookie files in browsers can generally be found in the personal data protection principles or in the user guide documentation of individual browsers.

US You may contact ZARENA directly if you have any question regarding our privacy practices. Please send your query to support@cindyapp.com. CHANGES TO THIS PRIVACY POLICY We may modify this Privacy Policy at any time. The current version of the Privacy Policy is always be available on the Site and the App. If a significant change occurs within this policy in regard to the manners of handling personal data, ZARENA will inform you by publishing a notification in a visible manner prior to the implementation of such changes. We agree that changes cannot be retroactive. We recommend checking the Privacy policy from time to time when utilizing the CindyApp system.

Your continued use of the Site and the App after the changes of the Privacy Policy have been announced to you, means that you are consenting to the updated terms.

Last Updated: 04.01.2021