Shop your school uniforms

   +359 876 741 377   Sofia

Privacy Policy

Last updated: 26 Jan 2026

This Privacy Policy describes how “Smart Todis” Ltd. (trademark TODDIS) processes personal data when you use our online store, including for inquiries, orders, deliveries, complaints/returns, and communication with customers.

  1. Data Controller

Controller: “Smart Todis” Ltd. (TODDIS), UIC 206710258, address: Sofia, Simeonovo district, 53rd Street No. 7.

Contact for data protection matters: online@toddis.eu; tel.: [add phone].

  1. What personal data we process
  • Identification and contact data: names, delivery/billing address, phone number, e-mail.
  • Order data: selected items, sizes/variants, quantities, price, purchase history, complaints/returns.
  • Payment data: payment status, reference/transaction numbers. We do not store full bank card details.
  • Account data (if you create one): username, password (stored in encrypted/hashed form), preferences.
  • Technical data: IP address, security logs, cookie identifiers (see Cookie Policy).
  • Communications: content of inquiries, chat/e-mail correspondence, GDPR requests.
  1. Sources of data
  • Directly from you – when you register, place an order, send an inquiry, or contact us.
  • From third parties at your request – e.g. a courier (delivery status) or a payment provider (payment status).
  • For group/institutional orders (e.g. school/parents’ association) – we may receive limited data (e.g. name/class/code) only when necessary for delivery/distribution. In such cases, the respective organization must have a valid legal basis to provide us with the data and must inform the data subjects/parents. Where required, the parties will sign a processing agreement (Art. 28 GDPR).
  1. Purposes and legal bases (Art. 6 GDPR)
  • Performance of a contract and processing of orders, deliveries, complaints/returns – Art. 6(1)(b) (contract).
  • Accounting, tax, and other statutory obligations – Art. 6(1)(c) (legal obligation).
  • Legitimate interests – preventing fraud, protecting legal claims, improving security and our service – Art. 6(1)(f). We always assess the balance of interests and respect your right to object.
  • Marketing (newsletter, promotions) – only with separate, freely given consent (opt‑in) – Art. 6(1)(a). Consent may be withdrawn at any time.
  1. Data recipients and processors

We may disclose data to the following categories of recipients, only to the extent necessary:

  • Couriers/logistics partners – for delivery and tracking.
  • Payment operators/banks – for processing payments and confirmations.
  • Hosting, website maintenance, and IT providers – for operation and security.
  • Accounting/auditors – for statutory obligations.
  • Public authorities – where required by law.

Where applicable, we enter into processor agreements with all processors pursuant to Art. 28 GDPR.

  1. Retention periods
  • Sales invoices and accounting records – in accordance with applicable accounting and tax legislation (typically up to 10 years).
  • Customer account data – until the account is deleted or after 2 years of inactivity (we may notify you before deletion/anonymization).
  • Marketing based on consent – until consent is withdrawn or up to 2 years after the last activity.
  • Security logs – typically up to 12 months, unless a longer period is necessary due to an incident/dispute.
  1. Your rights
  • Right of access, rectification, erasure (“right to be forgotten”), restriction of processing.
  • Right to data portability (where applicable).
  • Right to object to processing based on legitimate interests.
  • Right to withdraw your consent at any time (for marketing) without adverse consequences.

We respond to your requests within 1 month (Art. 12 GDPR), with the possibility of an extension in complex cases.

  1. How to exercise your rights

You can submit a request to online@toddis.eu. To protect your data, we may request additional information to verify your identity.

  1. Complaint to a supervisory authority

You have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP), address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.; e-mail: kzld@cpdp.bg; website: www.cpdp.bg.

  1. Children’s data

We aim to minimize data for student orders (e.g. sizes and codes, without a personal ID number). Where processing is based on “consent” and the data subject is under 14 years of age, consent from a parent/guardian is required (Art. 8 GDPR and applicable Bulgarian law).

  1. Transfers outside the EU/EEA

If we use providers that process data outside the EU/EEA, the transfer is carried out subject to appropriate safeguards (e.g. an adequacy decision or Standard Contractual Clauses).

  1. Security

We implement appropriate technical and organizational measures (access controls, encryption/hashing of passwords, backups, logs) to protect against unauthorized access, loss, or misuse.

  1. Security breach (Data Breach)

If a breach is identified that may create a risk to the rights and freedoms of individuals, we notify the competent supervisory authority and/or affected individuals within the deadlines and in accordance with Arts. 33–34 GDPR, where applicable.

  1. Changes to this policy

This policy may be updated. The current version is published on the website; in the event of material changes, we will notify users in an appropriate manner.

If you believe your account is being used unlawfully, please contact us immediately.

Information

APPAREL STUDIO TODDIS

Smart Todis Ltd. offers high-quality uniform school clothes as well as sports and casual men’s, women’s and children’s clothing. In this online store you will not find imported goods! Our products are manufactured in Bulgaria by our partner MODAK Ltd., a clothing manufacturer with over 30 years of experience in the textile industry. Our production base is located in the city of Kardzhali. We use selected fabrics – Bulgarian and imported, with attitude and attention to workmanship and standards. We offer an individual approach to each client with the ability to prepare original proposals, satisfying even the most daring desires of our clients.

© Smart TODDIS Ltd. 2026. All rights reserved. | TODDIS ®

Close