Dear Users,
It is important to know that in order to provide you with our content and services, we use your personal data. This includes both the data you fill in and upload in your profiles when registering for our services, as well as the data we automatically collect when you visit our web application. You also provide us with personal data when you correspond with us via email or fill out various forms, including on paper. You can provide your personal data either personally or through your representative.
This Privacy Policy applies to all of the aforementioned personal data. It explains how “Remembrand” Ltd, the owner of the registered trademarks “Mama and Papa’s Diary” and “BEBEMONIA”, collects, processes, and ensures their protection in order to provide you with information and services in the web application Bebemonia – Mama and Papa’s Diary, accessible at bebemonia.com
In this document, you will read about:
What are our principles for collecting, processing, and storing your data 
    • Why and for what purposes do we collect your personal data
    • What types of personal data we use for each specific service
    • To whom we disclose your personal data
    • Where we collect and protect your personal data
    • For how long we store your personal data
    • What are your rights concerning your data and how you can protect them
    • Who to contact if you have a question or if you believe that your rights have been violated.
Explanations of the legal terms used in this document can be found in the uploaded glossary here.
If you do not agree with the use or collection of your data, please do not create profiles, do not use our services, or do not visit our website.
Please note that we may update this Privacy Policy. The date of the latest update will be indicated at the top of the document. If you do not agree with its latest version, please delete your profiles and data and do not use our services.
The content of this document is created in accordance with the General Data Protection Regulation (EU) No 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, as well as the Personal Data Protection Act and related regulations.

Principles for the Collection, Processing, and Storage of Personal Data
    • lawfulness, fairness, and transparency;
    • purpose limitation;
    • data minimization;
    • accuracy and up-to-dateness of the data;
    • storage limitation in view of achieving the purposes;
    • integrity and confidentiality of processing and ensuring an appropriate level of personal data security;
    • accountability;
    • compliance with journalistic ethics and morals when using personal data for journalistic purposes and in the public interest.
Why Do We Use and Process Your Personal Data and on What Grounds?
We use and process your data to provide you with the services you desire.
Our main goal with the web application is to inform and support current and future parents in raising their children. To access our various services, you need to visit them by first creating a profile.
While accessing the content in the web application, we automatically collect your personal data, which does not directly identify you, such as your IP address, but helps us analyze and generate statistics on the traffic of each page in the site and the time spent on it.
When you register a profile in the web application, you provide us with your personal data, which we use to provide you with the desired service.
It is important to know
Terms and Conditions for the use of the web application “Bebemonia – Mom and Dad’s Diary” constitute an agreement between you and “Remembrand” Ltd. By registering and visiting the web application, you confirm that you are familiar with and agree to our terms and undertake to comply with them. The lawfulness of the processing is based on Art. 6, para. 1, point “b” of Regulation (EU) 2016/679, namely, that processing is necessary for the performance of a contract to which the data subject is a party or to take steps at the request of the data subject prior to entering into a contract.
We collect and process your data related to the use of a specific Product and/or Service provided by us in order to fulfill our obligations under the Terms and Conditions you have accepted, including compliance with national legislation, as well as other obligations arising from inspections and investigations by competent state authorities. (Art. 6, para. 1, point “c” of Regulation (EU) 2016/679).
Purposes of Data Collection
On the basis of our legitimate interest – Art. 6, para. 1, point “f” of Regulation (EU) 2016/679 – we collect and process your data for the following purposes:
    • For Internal Analyses
To create new content, features, and services, we analyze your behavior on our web application – such as which content is read the most, how much time you spend reading our articles, the cities our readers are from, whether you open the newsletters sent to you, and so on.
When using the “Mom and Dad’s Diary” web application, we will also generate general statistics on data related to the dates of adding a specific “sticker” in order to expand the functionalities of our service and, in particular, to update the published information related to the expected period for acquiring certain habits in children based on observing their development. This data will be used after prior anonymization.
    • For Reporting to Advertisers
Thanks to our advertisers, we obtain financial resources to maintain and develop our products. Advertisers are interested in how many times their ads are shown and whether you have clicked on them to get additional information. This is done through your identification via IP address, where we do not personally identify you but track your unique visit to the web application, the pages visited, time spent, location, and more. Since we send advertisements in our age-based newsletters, we use the data in your profile to account for the ads sent to you in this way.
    • To Show You Relevant Ads
We may share some of the information collected through your IP address (read more) with marketing service providers and digital marketing networks to display relevant ads to you on the site.
    • To Display Services Related to Your Location
We may use your IP address to determine your location and provide you with services or advertisements related to it.
    • To Protect Our Legitimate or Your Vital Interests
In cases where it is necessary to collect your personal data due to our legitimate interest or to protect your vital interests, we will inform you in a timely manner and explain your rights. When using “legitimate interest” as a basis, we always take into account the impact on the interests, rights, and freedoms of the data subjects and assess whether they do not override our legitimate interests by conducting a thorough analysis and balance test.
You have the right to object to our collection of your personal data if you believe that we do not have a legitimate interest in doing so. We will take additional measures and provide you with further information and our reasoning within no more than 1 month of your request.
    • Based on Your Consent – Art. 6, para. 1, point “a” of Regulation (EU) 2016/679 – we collect and process your personal data for the following purposes:
Apart from cases where we collect personal data based on law, contract, legitimate interest, or to protect your vital interests, we will seek your explicit consent for a specific purpose. Such purposes may include:
    • Use of the web application
    • Receiving our marketing communications
    • Receiving newsletters
    • Participation in non-anonymized surveys and questionnaires
    • Use of your data to promote our services in media and advertising campaigns
When organizing games and contests, separate information about how your personal data will be used and under what conditions will be provided for each campaign through the publication of additional rules for the specific event.
What types of personal data do we collect and process?
    • Personal data processed during the use of the Web Application bebemonia.com
Data about your device (computer, phone, tablet, etc.), including IP address, the browser you use, and your language settings
Legal basis: legitimate interest
Purpose: conducting internal analyses, displaying services related to your location
Note: The data relates to all visitors who do not have a registration. These data are anonymous and do not allow identification.
Subscription to Age-specific Newsletter
Legal basis: explicit consent
Purpose: receiving a monthly newsletter with information on child-rearing
Note: The service is available only to registered users who have explicitly expressed their desire to receive such information. The newsletter is sent through the site namama.bg, which is owned by us.
Log files – date and time of account login and information on whether the login was through the mobile version, app, or desktop browser
Legal basis: legitimate interest
Purpose: ensuring the reliable functioning of the Services and identifying technical problems; ensuring the security of the Services and detecting malicious activities; developing and improving the Services; measuring the traffic and usability of the web application.
Note: The login log allows for the detection and automatic blocking of unauthorized attempts to access accounts.
Cookies and other passive technologies
Legal basis: legitimate interest
Purpose: the administrator may use “cookies” for the purpose of providing full functionality of the web application, improving the user experience, statistical purposes, facilitating access, etc., which you agree to by using our website and web application. You can control and/or delete “cookies” at any time through the settings of your browser. “Cookies” are not personal data and are not used to identify visitors and users of our web application.
Client access time
Purpose: In the application, we use information about the time on the client’s computer to record the time of breastfeeding and other activities in the trackers. The times are stored in the database in “neutral” UTC time (which coincides to fractions of a second with Greenwich time – except during the summer when they differ by 1 hour). Information about the client’s time zone at the time of entering the breastfeeding record is not stored in the database – it is used momentarily to calculate the “neutral” UTC time.
Note: using the trackers is entirely voluntary.
    • Personal data collected and processed during the creation of a profile in the web application “Bebemonia – Mom and Dad’s Diary” at https://bebemonia.com and its use. Hereinafter referred to as “the Diary” or “the web application” for brevity.
Date, time, and IP address
Legal basis: contractual basis – general terms, legitimate interest
Purpose: information about the registration and agreement with the Terms and Conditions of use
Note: Explicit consent to the general terms is required to create a profile.
Parent identification data – name, email address, and password
Legal basis: contractual basis – general terms
Purpose: creating a profile in the Web Application, email communication, processing an order for the purchase of a subscription or a printed diary
Note: Name, email address, and password are mandatory for registration. An email address is mandatory for processing the order and communication with the user.
Child identification data – first name, date of birth, gender, whether the child was born at term
Legal basis: contractual basis – general terms
Purpose: Creating a profile in the Web Application and sending an age-specific newsletter (optional)
Note: Required for registration and use of the functionalities of the Web Application. You can withdraw your consent to receive the age-specific newsletter at any time by email.
Location data
Legal basis: contractual basis – general terms, legitimate interest
Purpose: creating a profile in the Web Application
Note: required for registration.
Health data, development, or events related to the child – growth, skills, behavior, nutrition, schedule, responsive care, consultations, memories, etc.
Legal basis: contractual basis – general terms
Purpose: filling in information in the diary and trackers, analyzing the filled-in information
Note: non-mandatory data. These are entered by you voluntarily when choosing a functionality of the Web Application.
Data on third parties – specialists (name, specialty, email address, phone) and other contacts (name, email address, phone)
Legal basis: contractual basis – general terms
Purpose: notes on specialists and sharing a link to the diary
Note: non-mandatory data that are entered at the user’s discretion. Remembrand Ltd. is not responsible for the shared data. Sharing can be discontinued at any time.
Uploading images in the Diary
Legal basis: contractual basis – general terms
Purpose: adding photos to the diary entries
Note: non-mandatory data that we process to create, download, and print a diary with photos.
Entering free text
Legal basis: contractual basis – general terms
Purpose: adding notes and comments to diary entries
Note: non-mandatory data that we process to create, download, and print a diary containing text written by you.
Date, time, duration, content of an event in trackers
Legal basis: contractual basis – general terms
Purpose: using the Tracker functionality
Note: non-mandatory data that we process to provide you with access to the trackers’ functionalities.
Any other type of information about your child/children that constitutes personal data is provided by you voluntarily and at your discretion, including information about your child’s development status, including designations (“stickers”) placed in specially designated areas in our Web Application, as well as the completion of Notes. We apply the same high-security measures for processing these personal data, but these data are not used by us for any purpose other than the specific purpose outlined in this Policy. The above personal data are available only in your profile and are accessible only to you.
    • Personal data collected and processed when making purchases online
Identification data – first name and surname, email address, phone number
Contractual basis: general terms
Purpose: Processing an order to unlock a paid subscription or print a diary
Note: required for order processing, except for the phone number, which is not mandatory when purchasing a subscription through Stripe.
Location data
Legal basis: contractual basis – general terms
Purpose: delivery of a printed diary or voucher
Note: required for order processing.
Financial data – data required by the platform of the partnering financial institution, acting as the Data Processor
Legal basis: contractual basis – general terms, legal obligation
Purpose: payment for service usage
Note: Payments are made through our partners – the online trading platform Shopiko, the payment platform Stripe, Inc., and Borika, either as Data Processors or independent controllers, depending on whether they determine their purposes independently. You provide your personal data to the Data Processor/Independent Controller for order and transaction processing.
Correspondence data – data required by our partnering courier company, acting as an independent data controller
Legal basis: contractual basis
Purpose: order delivery
Note: the data is used to process the order.
When purchasing from partnering platforms, you also agree to their personal data policies.
Processing of Personal Data for Individuals Under 14 Years of Age
It is important for us to take additional precautions to ensure the protection and safety of children. For this reason, children under the age of 14 are not allowed to create their own personal profiles on our platforms without the explicit consent of a parent or guardian. “Remembrand” Ltd. will delete any profile created by a child under the age of 14 without parental or guardian consent as soon as we become aware of it. If you are under the age of 14, please do not send or publish any information about yourself, including but not limited to name, address, phone number, email address, and others.
Other Sources
We may collect information about you from other lawful sources to provide you with high-quality services. Such sources include email communication with you, information from your registration on other websites we own, information from our partners such as parent events (provided you have given your consent), and publicly available information. This information includes contact details. We only collect other publicly available information after we have received an explicit declaration from the person sharing it with us that you have agreed to share it with us. When we contact you, we will inform you where we obtained your personal data from, provided that we did not collect it from you directly.
Transfer of Personal Data
We transfer your personal data outside of the European Economic Area only for the purpose of using cloud services. Our external service providers include Amazon Inc. and Retool, Inc., with whom we, in their capacity as Data Processors, have taken additional measures to ensure that they provide an adequate level of protection for your data in accordance with European requirements. Such measures include, for example, the conclusion of an agreement incorporating standard contractual clauses approved by the European Commission, in accordance with Commission Implementing Decision (EU) 2021/914 of June 4, 2021, on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council. Your personal data are not subject to profiling or automated decision-making as per Article 22 of Regulation (EU) 2016/679.
Who Receives Your Personal Data?
“Remembrand” Ltd. discloses your personal data only in the following cases:
    • Only to state authorities, institutions, and individuals to whom we are legally obliged to provide personal data;
    • To individuals who maintain the equipment, software, and hardware used for processing personal data under contract;
    • To our partners, who, under contract with “Remembrand” Ltd., help us provide our services and with whom we have agreements to ensure the confidentiality of information and personal data protection. We provide your delivery address to our partner courier company only if you have requested delivery to a personal address.
    • We allow our advertisers and partners to collect information related to your visits (e.g., your browser, device, IP address, time of visit, etc.) that does not allow for personal identification from your browser or device, in order to measure the effectiveness of the ads displayed on our site.
    • To the external individuals you have specified (specialists, relatives, etc.) through an email containing a link to the child’s diary located in your profile in the web application. This option is available only to the specific profile holder through the use of the functionalities of the web application. “Remembrand” Ltd. is not responsible for the sharing of data contained in the diary, as this is done only at your request. You can terminate access for the selected external person to your Diary at any time.
    • Opinions and your personal data provided by you via email or through our social media profiles may be forwarded to our employees or professionals who are qualified to answer the questions asked. The purpose of our communication through email and social media is to engage in dialogue with users of the web application “Mom and Dad’s Diary” and interested parties to improve our services or respond to your questions. The data you enter when liking, commenting under articles, or sharing on social networks are public, and you are responsible for sharing them.
“Remembrand” Ltd. takes measures to ensure that all these parties apply the same protection to your personal data as our own employees and comply with the “Remembrand” Ltd. Data Protection Policy. It is of utmost importance to us to work only with entities that treat personal data responsibly and apply appropriate technical and organizational measures.
We use service providers for the processing of personal data for certain purposes, such as measuring and tracking user behavior on the sites, sending email messages, sharing user content, and purchasing our products and services. These companies include (but are not limited to):
How Do We Protect Your Data?
“Remembrand” Ltd. collects, processes, and stores your personal data in good faith, in compliance with all legal requirements, and by applying adequate technical and organizational security measures. In our role as an administrator, we collect your data for specific and legitimate purposes related to providing specific services for which you have separately agreed. The data is limited to what is necessary for each specific purpose. We keep the data up to date and take all reasonable measures to ensure its protection. We promptly delete or correct inaccuracies if necessary.
All data is protected using SSL (Secure Sockets Layer) technology, which is a cryptographic protocol for client-server communication for data transmission over the Internet.
For maximum security in processing, transmitting, and storing your personal data, we use additional security mechanisms where necessary, such as encryption, pseudonymization, anonymization, and others.
The data collected during registration in the application is stored in a database on a server located abroad. Additionally, when logging into the application, we store the user’s name and email locally (in the browser of the respective user, not on our server), but not in a cookie, instead in the browser’s local storage. The browser’s local storage is a more modern alternative for storing data on the user’s device compared to storing data in cookies.
How Long Do We Store Your Personal Data?
Your personal data is stored for the period defined in the applicable laws, depending on the purpose for which it was collected. In the absence of such a legal period, “Remembrand” Ltd. assumes that it will retain your personal data for a reasonable period, determined based on additional criteria. The criteria for determining the period are consistent with our desire to provide high-quality services and maintain our partnership relationships. When the personal data we collect is no longer needed for the stated purposes, we delete, anonymize, or destroy it in another appropriate manner.
Without providing an exhaustive list, here are some of the periods for which we retain certain data we process:
Type of data: traffic data when using the website. These are data processed for the purpose of transmitting a message over an electronic communications network or necessary for its billing.
Retention period: According to the Electronic Communications Act, traffic data is stored for a period of 6 months
Type of data: cookies when using application-related sites – store, information site
Retention period: for the validity period of the respective cookie. You can control and/or delete “cookies” at any time through the settings of your browser.
Type of data: entered by you for the purpose of receiving an age-specific newsletter (names, email, due date or child’s date of birth)
Retention period: 2 years from receiving the last age-specific newsletter OR until you delete it. Deleting your profile for the application does not delete your subscription to the age-specific newsletter. The latter can be deleted through your profile My Newsletter on the site namama.bg or by sending an email to our official contacts. This is because when you indicate your desire to receive an age-specific newsletter upon registration in the application, we create a separate profile for you on our website namama.bg, through which we send you the newsletters.
Type of data: entered by you for creating a profile and using the application (names, emails, due date or child’s date of birth, notes, photo data, etc.)
Retention period: After implementing functionality for downloading archive of Trackers and analyses, profiles of users with a child aged 3 years and above without an active paid subscription will be deleted. Our policies regarding this period are not finalized and are subject to change. For more information, please contact us through our official contacts.
Type of data: entered by you for the purpose of placing an order
Retention period: Data from completed orders – for a period of 5 years or according to the policies of our partnering companies.
How Can You Check, Change, or Delete Your Data?
You have the right to access your personal data at any time, which you entered when creating your profiles, as well as the right to correct or delete it.
If you wish to delete your profile for using the application during the usage period, you should request its deletion through the functionalities of the web application. Before deleting your profile, use the functionalities to download your records and diaries.
Anonymization of data in the profile – when deleting your profile, each field with personal information is anonymized – the original data you entered in the field is replaced with fictitious data. This anonymization is applied to the following fields in the profile: email, names, which can no longer be associated with the dates you entered, which remain available for statistical purposes. Uploaded photos and notes are deleted. The dates of adding the respective “sticker” are anonymized to use for statistical purposes.
The child’s date of birth, gender, and whether the child was born 4 weeks before term can be edited by you within 2 years of the date you created the profile in the application.
Regulation (EU) 2016/679 and the Personal Data Protection Act grant you certain rights as a data subject, which are listed below. To exercise any of these rights, you must send us a “Request to Exercise Data Subject Rights,” which must be submitted personally or by an expressly authorized person through a notarized power of attorney. You can find a template here.
You can submit the Request in person or send it to us by courier at the following address: Sofia, “Gorski Patnik” St. № 40, entrance B, apt. 602, or to the following email address: dpo@dpa.bg
If we have reasonable doubts regarding the identity of the individual submitting the request, we may request the provision of additional information necessary to confirm identity.
    • Your Right to Access and Receive Information
You have the right to request access to your personal data at any time. You have the right to know what personal data we process about you, for what purpose, and how we store it. With this Data Protection Policy, we inform you how we process and store personal data. You can access your data at any time through the functionalities provided in your profile or by sending us a Request to Exercise Your Rights. In rare cases where we are unable to provide access to your personal data within no more than 1 month, we will state the reasons.
    • Your Right to Rectification
Additionally, you have the right to request “Remembrand” Ltd. to correct any inaccuracies in your personal data. You can correct your data yourself through the functionalities provided in your personal profile. For questions and clarifications, please write to dpo@dpa.bg
    • Right to Have Your Personal Data Deleted (Right to be Forgotten)
Under certain circumstances, you have the right to request that your personal data be deleted. Such circumstances include:
    • Your personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
    • if you have withdrawn your consent for the processing of your personal data;
    • if your personal data is being processed unlawfully;
    • if you have objected to the processing of your personal data;
    • other cases provided for in the data protection legislation.
In some cases, we are legally required to retain your personal data. In such cases, it will not be possible to delete it from our systems.
    • Other Rights as a Data Subject
        • request restriction of the processing of your personal data for a certain period of time;
        • data portability.
        • object to the processing
The listed rights depend on the specific reason for processing your personal data. We always strive to fulfill your requests when they are permissible and justified and to respond within the statutory timeframe. In rare cases, we may need to extend this period, but not exceeding the allowable and maximum period permitted by law.
Contact us if you have any questions at dpo@dpa.bg . We will assist you in exercising your rights and provide you with additional information on each of your rights.
    • Right to File a Complaint
If your rights are violated by us, you can contact our “Data Protection Officer,” who is available at the email address: dpo@dpo.bg
You also have the right to file a complaint with the Commission for Personal Data Protection, with its headquarters and address: Sofia 1592, “Prof. Tsvetan Lazarov” Blvd. № 2, correspondence address: Sofia 1592, “Prof. Tsvetan Lazarov” Blvd. № 2, phone: 02 915 3 518, website:  www.cpdp.bg
Contact Information
The administrator of your personal data is “Remembrand” Ltd. with UIC: 175359720. If you have any questions regarding the personal data we use or if you believe your rights have been violated, you can contact our appointed Data Protection Officer or the local data protection authorities as follows:
To contact the Data Protection Officer: dpo@dpa.bg
To contact the Commission for Personal Data Protection: Sofia 1592, “Prof. Tsvetan Lazarov” Blvd. №2, email address: kzld@cpdp.bg , website: www.cpdp.bg
Updates
“Remembrand” Ltd. reserves the right to unilaterally amend, supplement, and cancel this Personal Data Protection Policy. Upon any subsequent change, the Administrator will promptly notify the data subjects of the entry into force of the new policy by uploading it to the web application.
Previous updates: 11.04.2022 and 04.01.2023
Last update: 10.09.2024