Information about the Data Controller:
“Bira Bulgaria” Ltd. is a company registered under the Commercial Act of the Republic of Bulgaria, UIC: 204562907, with its registered office and management address in BULGARIA, e-mail: birabulgaria@gmail.com.
Legal grounds and purposes for processing your personal data
We process your personal data on the following legal grounds:
- The contract concluded between you and us, in order to fulfil our obligations under it;
- Your explicit consent – for each specific case where such consent is required;
- A legal obligation imposed on us by applicable law.
In the sections below, you will find detailed information regarding the processing of your personal data, depending on the specific legal basis on which it is processed.
FOR CONTRACT PERFORMANCE OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS
We process your personal data in order to perform our contractual and pre-contractual obligations and to exercise the rights arising from the agreements concluded between us.
Purposes of the processing:
- To verify your identity;
- To manage and fulfil your order and perform the concluded contract;
- To prepare an offer for a contract;
- To issue and send an invoice for the services you use with us;
- To provide you with comprehensive customer service and to collect any amounts due for services used;
- To retain correspondence related to orders, request processing, reporting issues, etc.;
- To send you notifications regarding everything related to the services you use with us;
- To detect and/or prevent unlawful actions or actions contrary to our terms and conditions for the respective services.
Data processed on this basis:
On the basis of the contract concluded between you and us, we process information about the type and content of the contractual relationship, as well as any other information related to it, including:
- Personal contact data – e-mail address;
- Identification data – full name, delivery address, e-mail;
- Other feedback we receive from you;
- Information about your actions on our website.
The processing of the above personal data is mandatory for us to be able to conclude and perform the contract with you. Without providing this information, we would be unable to fulfil our obligations under the agreement.
Disclosure of personal data to third parties
We may disclose your personal data to third parties, with the main purpose of providing you with high-quality, efficient, and comprehensive service. We do not share your personal data with third parties before ensuring that all required technical and organisational measures are in place to protect such data, and we exercise strict control over their implementation. In such cases, we remain fully responsible for maintaining the confidentiality and security of your data.
Your personal data may be disclosed to the following categories of recipients (data controllers or processors):
- Postal and courier service providers;
- Parties responsible for maintaining equipment, software, and hardware used for data processing, necessary for the company’s operations;
- Consultants and professional service providers in various fields.
Data retention period for this legal basis:
Personal data collected on this basis are deleted five (5) years after the termination of the contractual relationship, regardless of whether such termination results from contract expiration, dissolution, or another ground.
FOR COMPLIANCE WITH LEGAL OBLIGATIONS
In certain cases, the law requires us to process your personal data. In such cases, we are legally obliged to perform such processing. Examples include:
- Obligations under the Measures Against Money Laundering Act;
- Obligations related to distance selling and off-premises contracts, as provided in the Consumer Protection Act;
- Provision of information to the Consumer Protection Commission or other third parties as required by the Consumer Protection Act;
- Provision of information to the Commission for Personal Data Protection, in connection with our obligations under the applicable data protection legislation;
- Obligations arising under the Accounting Act and the Tax and Social Insurance Procedure Code and related statutory acts, ensuring lawful accounting practices;
- Provision of information to the court or other competent authorities within judicial or administrative proceedings, as required by the applicable laws.
Data retention period for this legal basis:
Personal data collected under a legal obligation are deleted after the obligation for data collection and retention has been fulfilled or has ceased to exist. For example:
- Under the Accounting Act – accounting data are retained and processed for eleven (11) years;
- Under obligations to provide information to courts, state authorities, and other entities defined by applicable legislation – five (5) years.
Disclosure to third parties:
Where required by law, we may disclose your personal data to competent government authorities, individuals, or legal entities.
BASED ON YOUR CONSENT
We process your personal data on this legal ground only after obtaining your explicit, unambiguous, and voluntary consent. We will not impose any adverse consequences if you choose not to provide consent for the processing of your personal data.
Consent represents an independent ground for processing your personal data. The specific purpose of the processing is described in each case and does not overlap with the purposes outlined elsewhere in this Policy.
If you have granted your consent, and until such consent is withdrawn or your contractual relationship with us ends, we may prepare tailored offers for products or services, performing detailed analyses of your core personal data.
A detailed analysis is a method that allows for the processing of large volumes of data through statistical models, algorithms, and similar approaches. It may involve pseudonymisation and anonymisation of data for the purpose of deriving trends and statistical insights.
Data processed on this legal basis:
We process only the data for which you have given explicit consent. The specific data depend on each individual case but generally include:
- Email address;
- Full name;
- IP address.
Disclosure of data to third parties:
On this basis, we may provide your data to marketing agencies, Facebook, Google, or other similar platforms and partners.
Withdrawal of consent:
You may withdraw your consent at any time. The withdrawal of consent does not affect the performance of any contractual obligations already in force. If you withdraw your consent for any or all of the processing purposes mentioned above, we will cease processing your personal data for the respective purposes.
The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
You may withdraw your consent easily by using our website or by contacting us directly via the contact details provided.
Data retention period for this legal basis:
Data collected on this basis are deleted upon your request or within six (6) months from their initial collection.
PROCESSING OF ANONYMISED DATA
We may process your data for statistical purposes, meaning that analyses are conducted only on aggregated results, and therefore the data are anonymous. It is impossible to identify any specific individual from this information.
Your data may also be anonymised. Anonymisation represents an alternative to deletion, whereby all personally identifiable elements are irreversibly removed. Anonymised data are not considered personal data and are not subject to legal requirements for deletion.
Why and how we use automated algorithms:
We use partially automated algorithms and analytical methods when processing your personal data. This allows us to continuously improve our products and services, adapting them to your needs in the best possible way. This process is known as profiling.
How we protect your personal data:
To ensure adequate protection of both company and customer data, we apply all necessary organisational and technical measures as required under the Personal Data Protection Act.
The company has established internal rules and procedures to prevent misuse and security breaches.
For maximum security during the processing, transfer, and storage of your data, we may apply additional safeguards such as encryption, pseudonymisation, and similar protective mechanisms.
Personal data received from third parties:
We may also receive personal data about you from other users or business partners.
USER RIGHTS
Every user of the website is entitled to all rights provided under Bulgarian and European Union data protection law.
You may exercise your rights through the contact form on our website or by sending an email to us directly.
Each user has the right to:
- Be informed regarding the processing of their personal data;
- Access their own personal data;
- Rectify inaccurate or incomplete data;
- Erase personal data;
- Restrict processing by the controller or processor;
- Data portability between different controllers;
- Object to the processing of their personal data;
- Not be subject to a decision based solely on automated processing;
- Seek judicial or administrative protection if their rights have been violated.
Complaint to the supervisory authority:
Every user has the right to lodge a complaint regarding unlawful processing of their personal data with the Commission for Personal Data Protection or with the competent court.
This Privacy Policy was adopted and approved on February 4, 2022 by “Bira Bulgaria” Ltd.

