ZARENA AD (“ZARENA” or “we”) adopted this privacy policy (“Privacy Policy”) to reflect our commitment to protecting your privacy. We take the collection of personal information from our End-Users seriously and we are committed to protecting each User’s privacy in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and this Privacy Policy. The Privacy Policy is part of the Terms and Conditions (the “Terms”) which are available on our website (the “Site”) and on our mobile application “CindyApp” (the “App”) (collectively the Site and the App “CindyApp”). All capitalized terms have the meaning given to them in the Terms, unless otherwise stated herein.
What is Personal Data
Personal Data is any information that relates to an identified or an identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data.
Personal Data We May Collect
Information that you provide to us We collect the following information that you provide us through
  • i. registration on our App:
    • First and last name
    • E-mail address
    • Picture (optional)
    • Phone number
  • ii. the contact form on our Site/App:
    • E-mail address
    • Other information that you may decide to provide Us when contacting us.
Information that we collect from third parties
We may receive information about you from other sources. We can add this information to the information we have already collected from you through our services to improve them. Links to the privacy policies of third-party service providers used by the App:
  • Google Play Services
  • Firebase Analytics
  • Mixpanel
  • HubSpot
  • Hotjar
  • Crashlyrics
  • Google Analytics
  • Facebook SDK
To the extent permitted by applicable law, we may use Personal Data:
  • To provide CindyApp’s services to your benefit
    • creating and managing a profile on the App and the Site;
    • processing of reservations, including, but not limited to, acceptance, validation, sending reminders of appointments, sending your personal data (names, email, phone number, photo, if available) to the venues where you made reservations for;
    • resolving issues related to cancellation of reservations or any other issues related to reservations or other services, provided by CindyApp;
    • providing support, including answering your questions about your reservations and the services on the Site and the App.

The processing of your data for these purposes is in most cases necessary for the conclusion and performance of a contract between ZARENA and you. Additionally, the implementation of these purposes requires processing under applicable law, including tax and accounting legislation.

  • To respond to your inquiries
  • To improve our services
  • We would always like to offer you the best experience using CindyApp’s services. For this purpose, we can use certain information about your user behaviour, invite you to fill in satisfaction surveys after completing a registration, or conduct directly, or with partners, market research, and other research, and send you educational emails. Educational emails contain instructions, tips or, perhaps, information about the advanced features of CindyApp. The purpose of these communications is to streamline end user work in the App. Educational emails never include marketing messages.

    We base these activities on ourlegitimate business interests by always ensuring that your fundamental rights and freedoms are unaffected.

  • For direct marketing
  • We require your prior consent to send you different marketing messages, e. g. newsletters, surveys. You can change your mind and withdraw your consent at any time by:

    • Using the "Unsubscribe" link in the messages you receive from us;
    • By contacting us using the contact details below.
  • Participation in competitions and different promotions
  • We might organize different competitions and promotions, e.g. Instagram Giveaways. If you decide to participate in such an event, then we will process your personal data for conducting it. If you don’t want your personal data to be processed for such reasons, you should not participate in such events.

  • Protecting our legitimate interests
  • There may be cases in which we use or transmit information to protect our rights and our commercial activities. These may include:

    • measures to protect the Site/App and the users of the Site/App against cyber-attacks;
    • measures to prevent and detect attempts at fraud, including the transmission of information to competent public authorities;
    • measures to manage various other risks.

The main reason for these types of processing is our legitimate interest in protecting our business by making sure that we ensure that all the measures we undertake ensure a balance between our interests and your fundamental rights and freedoms.

In addition, in some cases, our processing is based on legal provisions such as the obligation to protect the goods and the values provided by the applicable legislation in this respect.

On our Site/App we can process information using cookies and similar technologies under the Cookie Policy below.

As a rule, we store your Personal Data while you have an account on the App/Site. You may always ask Us to delete certain information or to close your account and we will respond to this request by retaining certain information, even after the account is closed when the applicable law or legitimate interests impose it. Personal information, collected for contact purposes only is stored until completion of the communication, unless otherwise required by law.
We ask that you not send us, and you not disclose, any sensitive Personal Data (e.g., information related to racial or ethnic origin, political opinions, religion or other beliefs, health or medical condition, criminal background or trade union membership) on or through the Site and the App or otherwise to us.
To the extent permitted by applicable law, your Personal Data may be disclosed:
  • to the service provides you have chosen to make reservation with;
  • to our third-party service providers who provide services such as accounting, website hosting, data analysis, infrastructure provision, IT services, email delivery services and other services, to enable them to provide services;
  • to a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings).
  • as we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.
Access to your Personal Data
You have the right to view, amend, or delete the Personal Data that we hold about you. To request access please email We will provide the information free of charge and within one month, except in the event that the request is unfounded, excessive or repetitive, in which case we reserve the right to charge a proportionate administration fee or refuse.
Rectification of Personal Data
If any of the information we hold on you is inaccurate or incomplete, you may ask us to correct or complete it at any time.
Your right of erasure, or to be forgotten
You may ask us to delete your Personal Data, but only if:
  • it is no longer necessary for the purposes for which it was collected; or
  • you have withdrawn your consent (if the processing of the data is based solely on consent); or
  • exercise a legitimate right of objection; or
  • it has been unlawfully processed; or
  • there is a legal obligation in this respect.

We have no obligation to honor your request for deletion of your Personal Data if processing is required:

  • to fulfill a legal obligation; or
  • to establish, exercise or protect a legal claim.
There are certain other circumstances in which we are not obliged to comply with your request for data deletion, even though these are the most likely circumstances in which we may decline your claim. To request deletion of your personal information, contact using the email address we hold for you or otherwise proving your identity. Please be aware that the process of deleting data and deleting the Site with all data and documents associated with it is an irreversible process.
Restrict data processing
You may ask us to restrict the processing of your Personal Data, but only if:
  • its accuracy is being challenged (see Rectification of Personal Data section) to be able to verify its accuracy; or
  • processing is illegal, but you do not want the data to be deleted; or
  • it is no longer necessary for the purposes for which it was collected, but we still need to identify, exercise or defend a legal claim; or
  • you have already exercised the right of objection and you are checking whether the dominance of our rights is still in place. We may continue to use your Personal Data as a result of a restriction request:
  • if we have your consent; or
  • to establish, exercise or defend a legal claim; or
  • to protect the rights of the Site Owner or any other person or entity.
Data portability
You may ask us to provide your Personal Data in a structured, widely used and machine-readable format, or you may request that it is directly transferred to another data operator, but only if:
  • the processing is based on your agreement or the conclusion of a contract with you; and
  • processing is carried out automatically.
Right of objection
You may object at any time, for reasons related to your particular situation, to the processing of your Personal Data based on our legitimate interests if you believe that your fundamental rights and freedoms dominate these interests. You may also object at any time to processing your data for direct marketing purposes by following the instructions on the email we send you or by sending an email to
Making automated decisions
ZARENA does not conduct profiling or automated individual decision-making. You can ask us not to be the subject of a decision based solely on automatic processing, but only when that decision:
  • has legal consequences for you; or
  • affects you in a similar way and to a great extent.
This right is inapplicable if the decision taken after the automatic decision has been taken:
  • is needed for execution and fulfillment of a contract with you;
  • is permitted by law and there are adequate safeguards for your rights and freedoms; or
  • is based on your explicit consent.
Your right to file a complaint with the Supervisory Body

If you believe that ZARENA processes your personal data in the wrong way, you can contact

You have the right to complain to the local authority on the processing of your Personal Data.

In Bulgaria, the contact details of the supervisory authority for the protection of Personal Data are as follows:

Commission for Personal Data Protection

2 Prof. Tsvetan Lazarov Blvd., Sofia 1592,

Phone Number: + 359 2 915 35 18


Other Information We May Collect
“Other Information” is any information that does not reveal your specific identity, such as:
  • browser and device information, carrier, internet connectivity
  • server log file information and application usage logs
  • information collected through cookies, pixel tags and other technologies
  • demographic information and other information provided by you
  • location information
We may use and disclose Other Information for any purpose, except where we are required to do otherwise under applicable law. If we are required to treat Other Information as Personal Data under applicable law, then we may use and disclose Other Information for all the purposes for which we use and disclose Personal Information.
For the purpose of securing the User’s data against their unauthorized or accidental disclosure, we utilize reasonable and appropriate technical and organizational measures. Technical measures consist in the application of technologies that prevent unauthorized access to the User’s data by third parties. For the purpose of maximum protection, we use encryption of the User’s and end users’ data, primarily including passwords for logging into the CindyApp system, communication within the CindyApp system and all data stored on servers. Organizational measures comprise a set of rules of behavior for our employees and are incorporated into CindyApp’s internal regulations, which are, however, considered confidential due to security reasons. CindyApp takes to ensure that, in the event of the placement of servers at a data center operated by a third party, similar technical and organizational measures are also implemented by such third party.

All data are placed only on servers located within the European Union or in countries ensuring personal data protection in a manner equivalent to the protection ensured by the legal regulations of the Republic of Ireland.

ZARENA does not transfer personal data to third countries, outside the EU, unless to companies that have undertaken to comply with the principles of personal data protection imposed through a Privacy Shield. Such companies operate only in the position of personal data processors.
The App and the Site may contain links to other websites, mobile applications, and other online services operated by third parties. This Privacy Policy does not address, and we are not responsible for, the privacy, information or other practices of any third parties, including any third party operating any site to which these Sites contain a link. The inclusion of a link on thе Site/App does not imply endorsement of the linked site by us.

We are also not responsible for the collection, usage and disclosure policies and practices (including the data security practices) of other organizations, such as Facebook, Apple, Google, Microsoft, RIM or any other app developer, app provider, social media platform provider, operating system provider, wireless service provider or device manufacturer, including in connection with any Personal Data you disclose to other organizations through or in connection with our social media pages.

What are cookies?
Cookies are small text files that are stored on your computer or mobile device. They are widely used in order to make websites work, or work in a better, more efficient way. They can do this because websites can read and write these files, enabling them to recognize you and remember important information that will make your use of a website more convenient (for example by remembering preference settings).

The Site automatically identifies the user’s IP address. An IP address is a number automatically assigned to the user’s computer after connecting to the internet. All such information is recorded in an activity file by the server, which enables the subsequent processing of data.

Why do we use cookies?
Cookie files and similar technologies serve several purposes, which include:
  • Log-in and verification: As soon as the User uses a personal account in order to log on, an encrypted cookie file is stored on the User’s device, which enables the User to move between the pages of the website without the need to repeatedly log on. The User can also save their log-in information so that they do not need to log in every time they return to the Site.
  • Editing: CindyApp uses cookie files in order to adjust the content and information to the requirements of Users in order to ensure the user-friendliness of the website.
  • Marketing: CindyApp uses cookie files in order to monitor its advertising campaigns, and for the monitoring of User submissions, applications and discount coupons, promotions and contests.
  • Diagnostics: CindyApp uses cookie files for the purpose of diagnosing and repairing technical problems reported by Users or programmers that are associated with the IP addresses under the control of a specific web company or connection provider.
  • Analysis: CindyApp uses cookie files and other identifiers for the purpose of collecting data on the use and performance of the website

There may also be third party cookie files located on the Site. This may be, for example, because we have authorized a third party to conduct a website analysis. CindyApp utilizes the following service providers:

  • Google Inc. (,,,,,
  • Mixpanel Inc. (
  • Facebook, Inc. (,,
Cookie Settings

The majority of web browsers accept cookie files automatically. However, it is possible to utilize the controls that enable them to be blocked or removed. Users of the Site are thus entitled to set their browser in such a way so that the use of cookies on their computer is prevented.

We utilize two types of cookie files – permanent and one-time. A permanent cookie file remains on the hard disk even after the browser is closed. Permanent cookie files may be used by the browser during subsequent visits to the website Permanent cookie files may be removed. One-time cookie files are temporary and are erased as soon as you close the browser.

Instructions for blocking or removing cookie files in browsers can generally be found in the personal data protection principles or in the user guide documentation of individual browsers.

Protocol Files
The User’s browser automatically reports certain information upon every display of the website When registering on the website or when browsing the website, servers automatically record certain information that the web browser sends upon every visit to the website. These server protocols (so-called “log files”) may contain information such as a web request, IP address, type of internet browser, browser language, linking / exit sites and URLs, platform type, number of clicks, domain names, entry portals, number of pages seen and the order of such pages, the amount of time spent on certain pages, the date and time of a submitted
The data controller for the information you provide or that we collect pursuant to this Privacy Policy is: ZARENA AD, UIC 120008977, with seat and management address at: Isaka 66A, Markovo 4108, Bulgaria.

US You may contact ZARENA directly if you have any question regarding our privacy practices. Please send your query to CHANGES TO THIS PRIVACY POLICY We may modify this Privacy Policy at any time. The current version of the Privacy Policy is always be available on the Site and the App. If a significant change occurs within this policy in regard to the manners of handling personal data, ZARENA will inform you by publishing a notification in a visible manner prior to the implementation of such changes. We agree that changes cannot be retroactive. We recommend checking the Privacy policy from time to time when utilizing the CindyApp system.

Your continued use of the Site and the App after the changes of the Privacy Policy have been announced to you, means that you are consenting to the updated terms.

Last Updated: 04.01.2021

Ние и нашите избрани партньори използваме бисквитки и друго подобни технологии, както е описано в политиката ни за поверителност. Вие можете да се съгласите с използването на тези технологии като кликнете "Позволи" или затворите този прозорец.