Cookie Policy

COOKIE POLICY
YACHTPOINT BG OOD
Effective from: 4 June 2026 · Last updated: 4 June 2026

1. What this Policy is

This Cookie Policy explains how YACHTPOINT BG OOD (UIC 208803797, Burgas, info@yachtpoint.bg) uses cookies and similar technologies on the website yachtpoint.bg. It is an integral part of, and should be read together with, the Privacy Policy.

“Cookies and similar technologies” means small files or records stored or read on your device — including cookies, local storage (localStorage/sessionStorage) and pixels. For brevity we refer to all of these as “cookies” below.

2. Legal basis and consent

• Strictly necessary cookies are used on the basis of Art. 4a(4) of the Electronic Commerce Act (ЗЕТ) and do not require consent, as they are necessary for the site to function.
• All other (optional) cookies — for analytics, advertising, functionality and form protection — load only after your prior, informed and explicit consent, given via the consent banner (Art. 4a(1) ЗЕТ in conjunction with Art. 6(1)(a) of Regulation (EU) 2016/679 — GDPR).

Consent is freely given, specific and active. We do not use pre-ticked boxes. You can accept all, reject all (with an equally easy action), or customize your choice by category.

3. How to manage and withdraw your consent

• On your first visit, a banner is shown through which you make your choice.
• You can change or withdraw your consent at any time via the “Cookie settings” link in the site footer. Withdrawal is as easy as giving consent.
• We keep a record of your consent. Consent is renewed periodically (typically about every 12 months).
• You can also manage and delete cookies via your browser settings:
  Chrome · Firefox · Safari · Edge

If you reject the functional category (form protection), the contact form may not work, as it uses spam and bot protection (Cloudflare Turnstile).

4. What happens if you reject

If you reject or do not consent, we do not load optional cookies and the relevant analytics and advertising tools do not fire. Where Google Consent Mode is active, Google tools may receive only anonymous, cookieless signals that cannot identify you and are used solely for aggregate statistics. Strictly necessary cookies remain active, as the site cannot function without them.

5. Cookie categories and list

We use cookies in the following categories. The complete and current list of specific cookies (with name, provider, purpose and duration) is maintained automatically by our consent-management tool and is available in the “Cookie settings” banner/panel. This list updates when the technologies we use change, so it always stays accurate.

5.1. Strictly necessary (no consent)

Needed for the core functioning of the site — language, session and cart, login, payment security. Examples: pll_language (language, Polylang), wp_woocommerce_session_*, woocommerce_cart_hash, woocommerce_items_in_cart (cart/session, WooCommerce), WordPress cookies for logged-in users, and __stripe_mid / __stripe_sid (Stripe — fraud prevention at payment).

5.2. Analytics (consent required)

Help us understand how the site is used (number of visitors, most-viewed pages). Provider: Google Analytics 4 (e.g., _ga, _gid).

5.3. Marketing / advertising (consent required)

Used to measure and optimise our advertising and for retargeting. Providers: Meta Pixel (e.g., _fbp, _fbc), Google Ads (e.g., _gcl_au), and WooCommerce order attribution (sbjs_*). These cookies share data with the relevant advertising platforms (see section 6).

5.4. Functional / form protection (consent required)

Spam and bot protection on contact forms. Provider: Cloudflare Turnstile. Turnstile does not set first-party cookies on this site — protection works by loading a script from Cloudflare, and during a challenge Cloudflare may set short-lived state on its own domain (challenges.cloudflare.com). Because this involves a connection to a third party, we place it in the consent-required category.

6. Third parties and international data transfers

Some of the listed cookies belong to third parties that may process data outside the European Economic Area (e.g., in the United States):

• Google (Google Analytics, Google Ads) — Google Cookie Policy
• Cloudflare (Turnstile) — Cloudflare Privacy Policy
• Meta (Meta Pixel) — Meta Cookie Policy
• Stripe — Stripe Privacy Policy

Transfers to the US are protected by EU Standard Contractual Clauses and/or the EU-U.S. Data Privacy Framework. For details of personal-data processing, see our Privacy Policy.

7. Supervisory authority

You have the right to lodge a complaint with the Commission for Personal Data Protection (KZLD): 2 Prof. Tsvetan Lazarov Blvd, Sofia 1592, Bulgaria; email kzld@cpdp.bg; website www.cpdp.bg.

8. Changes and language

We may update this Policy. The current version is published on the site with a last-updated date. This Policy is drawn up in Bulgarian, which is the legally binding version; the English translation is for convenience only, and in case of discrepancy the Bulgarian version prevails.