Privacy policy

Your privacy,
our responsibility.

Effective date: April 1, 2026

Your privacy is important to us at ETHA GLOBAL Ltd. This policy outlines how we collect, use, share, and protect your personal data in accordance with the GDPR (EU) 2016/679 and applicable EU laws.

Who we are

ETHA GLOBAL EOOD

VAT Number: BG207372140

Blvd. Ring Road 3, Floor 5, Office 53, 1618 Sofia, Bulgaria

Email: namaste@etha-life.com

www.ethalife.com  |  shop.ethalife.com

This policy applies to both domains listed above, including any services, products, or features provided through them.

When and what personal data we collect

  • When you place an order
    Full name, email address, phone number, shipping and billing address, and payment details. Payment information is processed securely via trusted third-party providers. We do not store full card details. If you request an invoice, additional identification information may be required by law.

  • When you take our Dosha Quiz
    Responses relating to body type, sleep, mood, digestion, behavioural patterns, and lifestyle preferences. This information may constitute special category data under GDPR and is treated with the highest level of protection. It is processed only with your explicit consent.

  • When you contact us
    Your email address and any information you voluntarily provide. When contacting us by phone, calls may be recorded — in which case we process your phone number, voice data, and any information provided during the call.

  • When you subscribe to our newsletter
    Your email address, used to send you news, updates, and offers with your consent.

  • Technical and usage data
    IP address, device and browser type, session duration, page interactions, referral source, and data gathered via cookies and similar tracking technologies.

Purposes for processing your data

  • Fulfil orders, deliver products, and communicate about order progress, tracking, and payments

  • Provide personalised product recommendations based on your Dosha Quiz results

  • Respond to enquiries and support requests

  • Improve our websites, quizzes, and customer journey

  • Send newsletters and promotional communications (with your explicit consent)

  • Handle phone calls efficiently and resolve disputes

  • Comply with legal obligations including tax, accounting, and consumer protection law

  • Conduct official legal proceedings such as civil proceedings, administrative inspections, and dispute resolution


Legal basis for processing

  • Consent (Article 6(1)(a) GDPR)For sending marketing emails, processing Dosha Quiz results, and use of optional cookies. You may withdraw your consent at any time without affecting the lawfulness of prior processing.

  • Performance of a Contract (Article 6(1)(b) GDPR)To deliver products and services you have purchased, and to take steps prior to entering into a contract at your request.

  • Legal Obligation (Article 6(1)(c) GDPR)Where processing is expressly required by applicable law, including accounting, tax, or consumer protection obligations.

  • Legitimate Interests (Article 6(1)(f) GDPR)To analyse usage, improve the user experience, send messages about offers and new products to existing customers, record phone calls, and prevent abuse of online orders. You may object to processing on this basis at any time.

Automated decision-making

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you.

Data we do not process

We only process personal data of individuals who are 18 years of age or older.

We do not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data used for identification, or data concerning sex life - except where wellness-related data is voluntarily provided via the Dosha Quiz with your explicit consent, and solely for the purpose of personalising your experience.


Data sharing

We do not sell or rent your personal data. We may share it only in the following circumstances:

  • Service providers
    Trusted third parties who process data on our behalf, including payment processors, email platforms, hosting and IT support, CRM systems, delivery couriers, and legal and accounting service providers. These parties are contractually bound to handle your data securely and only for specified purposes.

  • Group companies
    With affiliated entities within the Etha corporate group, where necessary to provide our services.

  • Legal authorities
    Where required by applicable law, court order, or in connection with official legal proceedings.

  • With your consent
    With any other third parties where you have given us explicit permission.

All recipients have implemented appropriate technical and organisational measures to ensure an adequate level of data security. Please note that if you do not wish your data to be shared with the service providers necessary to fulfil your order, we may be unable to provide you with our products and services.

International data transfers

As an EU-based company, we process your data primarily within the European Economic Area (EEA). Where data is transferred outside the EEA, we ensure appropriate safeguards are in place — such as Standard Contractual Clauses approved by the European Commission — to maintain GDPR-equivalent protections.

Data security

We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, misuse, alteration, or destruction. These include data encryption, secure payment processing, limited access controls, and regular security reviews.

While we take every reasonable precaution, no method of transmission over the internet is entirely secure. If you have reason to believe your data has been compromised, please contact us immediately at info@etha-life.com.


Data retention

We retain your personal data for the shortest period necessary to fulfil the purposes described in this policy, or for the statutory periods required by law.

Data type
Retention period
Order and contractual data
Up to 5 years from transaction date
Accounting records
Up to 10 years (Bulgarian accounting law)
Dosha Quiz data
While consent is active and account remains open
Marketing data
Until unsubscribe or consent is withdrawn
Legitimate interests data
Until you object or the interest no longer exists
Where data is no longer required, it is securely deleted or anonymised.

Links to third-party websites

Our websites, newsletters, and communications may contain links to third-party websites. Personal data you provide through those websites is not subject to this Privacy Policy. We encourage you to review the privacy policies of any third-party sites you visit.

Your rights

Under GDPR, you have the following rights in relation to your personal data:

  • Right to informationTo be informed at the point of data collection about what we collect, who processes it, and on what grounds.

  • Right of accessTo request a copy of the personal data we hold about you.

  • Right to rectificationTo request correction of inaccurate or incomplete data.

  • Right to erasureTo request deletion of your data where there is no legitimate reason for continued processing, where consent is withdrawn, or where processing is unlawful. This right may not apply in all circumstances as provided by law.

  • Right to restriction of processingTo ask us to pause processing where you contest data accuracy, where processing lacks a legal ground, or where you require the data for legal claims.

  • Right to data portabilityTo receive your data in a structured, machine-readable format and to have it transferred directly to another controller where technically feasible.

  • Right to objectTo object to processing based on legitimate interests or for direct marketing purposes.

  • Right to withdraw consentWhere processing is based on consent, you may withdraw it at any time by contacting us or clicking the unsubscribe link in any marketing email.

  • Right to lodge a complaintWith the Commission for Personal Data Protection (CPDP) at www.cpdp.bg. If you are located in another EU Member State, please reach out to us and we will assist.

To exercise any of these rights, please contact us at info@etha-life.com or in writing at the address below. Where requests are manifestly unfounded or excessive, we reserve the right to charge a reasonable administrative fee or decline to act.

Cookies and tracking

  • Site functionality and personalisation

  • Analytics and performance (e.g. Google Analytics)

  • Marketing and retargeting (with your consent)

You can adjust or withdraw your cookie preferences at any time via your browser settings or our Cookie Settings Panel. For full details, please refer to our Cookies Policy.

Changes to this policy

We may update this Privacy Policy from time to time. Any changes will be posted on our website and will become binding upon publication. Where changes are significant, we will notify you directly by email where applicable.

For any questions, concerns, or data-related requests, contact us at info@etha-life.com or write to us at: Etha Global EOOD, Blvd. Ring Road 3, Floor 5, Office 53, 1618 Sofia, Bulgaria.