Privacy Policy

Privacy Policy - Mondopia LLC

Data Controller: Mondopia LLC 
EU Registration: Bulgaria
US Operations Contact: Dimitar Tsonev
Privacy Officer: Dimitar Tsonev
Contact: support@armodini.com

I. Introduction

1. Privacy Laws and Regulations

This Privacy Policy for Mondopia LLC (a Bulgarian company) has been developed to comply with applicable US privacy laws for our US market operations, including the California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Connecticut Data Privacy Act (CTDPA), and other relevant state privacy regulations. As a foreign company operating in the US market, we are committed to protecting US consumer privacy rights and ensuring that personal information is processed transparently and with appropriate consent.

Cross-Border Data Transfers: As a Bulgarian company serving US consumers, personal information may be transferred to and processed in Bulgaria and other countries where our service providers operate. We implement appropriate safeguards to protect personal information during international transfers, including contractual protections and security measures that meet or exceed US privacy law requirements.

2. Key Definitions

"Personal Information" – Any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, including but not limited to name, address, email address, phone number, Social Security number, driver's license number, passport number, or other similar identifiers.

"Sensitive Personal Information" – Personal information that reveals a consumer's Social Security, driver's license, state identification card, or passport number; account log-in, financial account, debit card, or credit card number in combination with required security or access code; precise geolocation; racial or ethnic origin, religious or philosophical beliefs, or union membership; genetic data; biometric information for identification purposes; health information; or information concerning a consumer's sex life or sexual orientation.

"Processing" – Any operation or set of operations performed on personal information, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

"Data Controller" – The natural or legal person, public authority, agency, or other body that determines the purposes and means of processing personal information.

"Consumer" – A natural person who is a resident of the applicable state, regardless of temporary absence from the state.

"Consent" – A clear, freely given, specific, informed, and unambiguous indication of a consumer's agreement to the processing of personal information relating to the consumer.

"Data Breach" – A security incident that leads to accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal information transmitted, stored, or otherwise processed.

"Third Party" – A natural or legal person, public authority, agency, or body other than the consumer, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal information.

II. General Provisions

  1. This policy applies to all functions related to processing personal information, including those performed in relation to customer, employee, vendor, and partner personal information, as well as any other personal information the organization processes from various sources.

  2. This policy applies to all employees of Mondopia LLC. Any violation of applicable privacy laws will be treated as a breach of work discipline, and in case of suspected criminal activity, the matter will be immediately referred to appropriate law enforcement authorities.

  3. Partners and third parties who work with or on behalf of Mondopia LLC and who have or may have access to personal information are required to read, understand, and comply with this policy. No third party may access personal information held by Mondopia LLC without first entering into a data confidentiality agreement that imposes obligations on the third party no less stringent than those assumed by Mondopia LLC. For international data transfers, additional safeguards are implemented as required by applicable law.

III. Roles and Responsibilities Under US Privacy Laws

  1. Mondopia LLC acts as a data controller under applicable US privacy laws.

  2. The Privacy Officer at Mondopia LLC is responsible for:

    • Developing and implementing privacy law requirements in accordance with this policy
    • Managing security and risk related to policy compliance
    • Serving as the primary contact for privacy-related inquiries

  3. Compliance with data protection regulations is the responsibility of all Mondopia LLC employees who process personal information.

  4. Regular privacy training is conducted at Mondopia LLC to ensure proper application of privacy laws and regulations.

IV. Privacy Principles

1. Fair Information Practice Principles

All personal information processing is conducted in accordance with Fair Information Practice Principles. Mondopia LLC's policies and procedures ensure compliance with these principles:

Lawfulness – Identification of legal basis before beginning personal information processing, such as consumer consent, legitimate business interest, or legal compliance.

Transparency – Providing consumers with clear, conspicuous, and accessible privacy notices that explain our data practices in plain language.

Purpose Limitation – Personal information collected for specific purposes cannot be used for purposes other than those officially announced in our Privacy Notice.

2. Information Provided to Consumers

Specific information provided to consumers includes:

  • Identity and contact details of Mondopia LLC and our Privacy Officer
  • Categories of personal information collected
  • Purposes for processing personal information
  • Legal basis for processing
  • Retention periods for personal information
  • Consumer rights regarding their personal information
  • Categories of third parties with whom we share information
  • Whether we sell or share personal information for targeted advertising
  • How to exercise consumer rights
  • Contact information for submitting privacy requests

3. Data Quality and Retention

  • The Privacy Officer ensures that Mondopia LLC does not collect information that is not strictly necessary for the stated purpose
  • All data collection methods are reviewed annually to ensure collected data remains adequate, relevant, and not excessive
  • Data is regularly reviewed and updated as necessary
  • Data is not retained if there is reason to believe it may not be accurate
  • All personnel receive training on the importance of collecting and maintaining accurate data
  • Consumers are responsible for declaring that data they provide is accurate and current
  • At least annually, the Privacy Officer reviews retention periods for all personal information processed by Mondopia LLC

4. Security Measures

The Privacy Officer considers the following when determining appropriate technical measures:

  • Password protection
  • Automatic locking of inactive workstations
  • Removal of USB and portable media access privileges
  • Antivirus software and firewalls
  • Role-based access permissions
  • Protection of devices leaving organizational premises
  • Local and wide area network security
  • Privacy-enhancing technologies such as pseudonymization and anonymization

Organizational measures considered include:

  • Appropriate training levels for all staff
  • Employee vetting procedures (performance reviews, references, etc.)
  • Disciplinary measures for data processing violations
  • Regular staff compliance audits
  • Physical access controls to electronic and paper records
  • Clean desk policies
  • Secure storage of paper databases in locked cabinets
  • Restrictions on portable device use outside the workplace
  • Clear password creation and usage policies
  • Regular data backups with secure off-site storage
  • Contractual obligations requiring appropriate security measures from third-party contractors

V. Consumer Rights

1. Rights Under US Privacy Laws

Consumers have the following rights regarding their personal information:

  • Right to Know – Request confirmation of whether we process their personal information and obtain details about our processing activities
  • Right to Access – Request a copy of their personal information we maintain
  • Right to Correct – Request correction of inaccurate personal information
  • Right to Delete – Request deletion of their personal information (subject to certain exceptions)
  • Right to Opt-Out – Opt-out of the sale or sharing of personal information for targeted advertising
  • Right to Limit Use of Sensitive Personal Information – Request limitation of use and disclosure of sensitive personal information
  • Right to Non-Discrimination – Not receive discriminatory treatment for exercising privacy rights
  • Right to Data Portability – Receive their personal information in a portable format (where applicable)

2. Exercising Consumer Rights

Consumers may submit requests to exercise their privacy rights by contacting us at support@armodini.com. Requests should include sufficient detail to verify the requester's identity and specify the exact nature of the request.

Mondopia LLC provides mechanisms for consumers to exercise these rights:

  • Consumers may submit requests to exercise their rights through our designated contact methods
  • Consumers may opt-out of marketing emails by sending a request to support@armodini.com or using unsubscribe links in our communications
  • We respond to verified requests within the timeframes required by applicable law (typically 45 days, with possible 45-day extension for complex requests)

VI. Consent and Legal Basis

  1. Mondopia LLC obtains consent that is freely given, specific, informed, and unambiguous. Consumers may withdraw consent at any time.

  2. We only consider consent valid when the consumer has been fully informed about the intended processing and has given consent without coercion. Consent obtained under pressure or based on misleading information is not valid.

  3. Consent cannot be inferred from a consumer's failure to respond to a communication. Valid consent requires active communication between the controller and consumer.

VII. Data Security

  1. All employees are responsible for ensuring the security of data they handle and that data is not disclosed to unauthorized third parties unless Mondopia LLC has authorized such disclosure through contract or confidentiality agreement.

  2. Personal information should only be accessible to those who need it, with access granted according to established access control policies. All personal information must be handled with utmost care and stored:

  • In separate rooms with controlled access; and/or
  • In locked cabinets or filing systems; and/or
  • If computerized, password-protected according to internal requirements; and/or
  • On portable computer media secured according to organizational and technical access control measures

  1. Computer screens and terminals are positioned so they cannot be viewed by unauthorized persons. All employees receive training on access control measures and workstation locking procedures.

  2. Paper documents cannot be left where they may be accessible to unauthorized persons and cannot be removed from designated office areas without express permission. Paper documents are destroyed promptly when no longer needed.

VIII. Privacy Notices

Mondopia LLC commits to providing clear and understandable privacy notices that explain:

  • What information is collected
  • Why and how it is processed
  • Data retention periods
  • Consumer rights
  • How to exercise those rights

These notices are written in plain, understandable language to ensure accessibility and transparency.

IX. Information Sharing and Disclosure

1. Third-Party Sharing

Mondopia LLC ensures that personal information is not disclosed to unauthorized third parties unless required by applicable law. We may share personal information with the following categories of third parties to fulfill our obligations to customers:

Fulfillment Partners: Amazon, for order processing and fulfillment
Shipping Companies: Such as UPS and FedEx, for order delivery 
Payment Systems: Shopify payments & Stripe for payment processing
E-commerce Platform: Shopify, for managing and operating our online store

2. International Data Transfers

As a Bulgarian company, personal information collected from US consumers may be transferred to and processed in Bulgaria, other EU countries, and countries where our service providers operate. We implement appropriate safeguards for international transfers, including:

  • Standard contractual clauses approved by relevant authorities
  • Adequacy decisions where applicable
  • Additional security measures and contractual protections
  • Regular assessments of data transfer security

3. Third-Party Obligations

Each third party is required to process shared personal information in compliance with applicable data protection laws and under confidentiality agreements ensuring proper use.

Mondopia LLC requires partners and vendors to implement appropriate technical and organizational measures to protect personal information in accordance with applicable privacy laws.

When personal information is shared with third parties based on legal obligation or contract, consumers are informed of such sharing when required by law.

X. Data Retention and Destruction

  1. Mondopia LLC does not retain personal information in a form that permits identification of consumers for longer than necessary for the purposes for which it was collected.

  2. Mondopia LLC may retain data for longer periods only when personal information will be processed for archival purposes in the public interest, scientific or historical research, or statistical purposes, provided appropriate technical and organizational measures are implemented.

  3. When personal information is no longer needed, it is securely destroyed or anonymized in accordance with our data retention schedule and applicable legal requirements.

XI. Data Inventory and Processing Records

1. Data Mapping

Mondopia LLC maintains a comprehensive data inventory as part of our risk management approach to privacy compliance. Our data inventory includes:

  • Business processes using personal information
  • Sources of personal information
  • Number of consumers affected
  • Categories of personal information and elements in each category
  • Processing activities
  • Purposes of processing
  • Legal basis for processing
  • Recipients or categories of recipients
  • Primary systems and storage locations
  • Any personal information subject to transfers outside the US
  • Retention and deletion periods

2. Risk Assessment

Mondopia LLC conducts privacy impact assessments when processing activities may result in high risk to consumer privacy rights. We assess the level of risk to individuals associated with processing their personal information and manage identified risks to reduce the likelihood of non-compliance.

3. High-Risk Processing

When processing may result in high risk to consumer rights and freedoms, especially when using new technologies, Mondopia LLC conducts a privacy impact assessment before beginning processing. High-risk processing decisions must be reviewed by the Privacy Officer.

Effective Date: May 22, 2025

Last Updated: May 22, 2025

For questions about this Privacy Policy or to exercise your privacy rights, please contact us at:

Email: support@armodini.com
Privacy Officer: Dimitar Tsonev
Company: Mondopia LLC 
US Operations Contact: Available via email above