Manage cookies
Cookie Settings
Cookies necessary for the correct operation of the site are always enabled.
Other cookies are configurable.
Other cookies are configurable.
Contact us
Just type your contacts
Privacy Policy
Privacy Policy
PLEASE READ THIS PRIVACY POLICY CAREFULLY
About this Privacy Policy
Protecting our Website visitors’ and clients' personal data is an essential priority for us at Smart Minds Ltd. (“we” or “us” or “our”).
This Privacy Policy is provided in line with the requirements of privacy laws such as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), as well as the applicable local legislation in Bulgaria.
When referring to “you” or “your”, we mean separately and collectively any visitor or user of this website as a data subject.
Data controller
The following company is controller with regards to the processing of your personal information as described in this Privacy Policy:
• Smart Minds Ltd., registered with the Bulgarian Commercial register No 208272591, having its seat and registered address at: 1 Edison Str., apt 22, Slatina district, Sofia 1111, Bulgaria
Any data subject may, at any time, contact us via the email below with all questions and suggestions concerning privacy and data protection.
Address: Edison, Sofia, Sofia-City 1111, BG
Email: [email protected]
Definitions
In this Privacy Policy, we use the following defined terms:
Personal Data is any information which can be used to identify you, either on its own, or in combination with other information;
Data Subject is any identified or identifiable natural person (you);
Processing is any operation or set of operations that is performed on your personal data or a set of personal data;
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to you without the use of additional information;
Controller is the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of your personal data. We are the Controller when it comes to the processing of your personal data on our website;
Processor is any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Information we may collect automatically through cookies and other technologies
While browsing or using some of the functionalities on our website, as well as by using cookies, we collect personal data. We may collect information about the products or services you looked at or searched for and this website’s functions you used, including time spent and other statistical information. Certain types of information may be received automatically, such as whenever you interact with the website or use our services. This information does not necessarily reveal your personal identity directly but may include information about the specific device you are using, such as device ID, operating system, web browser (such as Chrome, Firefox, Safari, or Internet Explorer) and your IP address/MAC address/device identifier.
Please refer to the Cookie Section of this Policy for additional information on how to manage our use of cookies.
What personal data we collect
We collect personal data about you when you contact us through the contact form on our website or through one of the e-mails or telephone numbers listed on the site. We may also collect data about other people related to you if you chose to disclose such information in your message to us.
The data necessary for contacting you that we may collect includes:
● Your full name;
● Your e-mail address;
● Your work place;
● Your job position.
The data we collect about you when you visit our website includes:
● With regards to online trackers (all visitors and users): browser name, version and fingerprint, IP address and geolocation, should you choose to enable these following our Cookie Policy as laid above.
Legal basis for collecting and processing personal data
The legal basis for our processing of your personal data is our legitimate interest in improving and offering our services to you and other potential clients.
If you chose to work with us, we would process your personal data as necessary to exercise our rights and perform our obligations under our contract with you.
Automated data processing and profiling
We do not use profiling and we will not make automated decisions about you that may significantly affect you unless (i) the decision is necessary as part of a contract that we have with you, (ii) we have your explicit consent, or (iii) we are required by law to use the technology.
What are your rights, and how to exercise them
The GDPR grants the data subjects a number of individual rights. Please be aware that those rights are not absolute and may not apply in certain circumstances.
Information or confirmation as to whether or not personal data concerning you are being processed.
Access information about, for instance, but not limited to, the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed.
Rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement/documents.
Erasure (to be forgotten) of personal data concerning yourself in certain circumstances. This right only applies to data held at the time the request is received. It does not apply to data that may be created in the future. Please note that when we are required by law to process certain personal data, then the right to erasure will not apply to such data, e.g. when we are obligated by law to retain the personal data for a certain period of time. We would like to clarify also that the right to be forgotten so apply that the erasure will be fulfilled in respect of live systems, but that the data will remain within the backup environment for a certain period of time until it is overwritten. This signifies that we will put the backup data ‘beyond use’, even if it cannot be immediately overwritten (the backup is simply held on our systems until it is replaced in line with an established schedule).
Restriction of processing in certain circumstances. This is an alternative to requesting the erasure of your data, where for instance (but not limited to), the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead unless this proves impossible or involves disproportionate effort.
Data portability of the personal data as long as the processing is based on consent or on a contract, and the processing is carried out by automated means. This right allows data subjects to obtain and reuse their personal data for their own purposes across different services, from one IT environment to another, in a safe and secure way, without affecting its usability.
Object the processing of personal data. For instance (but not limited to), the data subject has the right to object, at any time, to the processing of personal data concerning them for marketing purposes; however, if the data subject is objecting to other uses, we can refuse to comply with the objection but only if we can prove we have a strong reason to continue processing your data that overrides your objection. In particular, the data subject has the right to object at any time the processing on the basis of legitimate interest, in which case we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Avoid automated decision-making (with no human involvement), such as profiling, which uses personal data to make calculated assumptions about individuals. There are strict rules about this kind of processing, and data subjects are permitted to challenge and request a review of the processing if they believe such rules are not being followed.
Withdraw data protection consent to the processing of your personal data at any time and we will cease the processing of the relevant information. However, please bear in mind that consent is only one of several lawful grounds for personal data processing, so exercising this right does not mean that there is no other legal basis in place.
Information on action taken within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
Information in case of a data breach that is likely to result in a high risk to the rights and freedoms of the data subject.
If a data subject wishes to exercise any of the above rights, they may, at any time, contact us at the contact details provided in this Privacy Policy.
Additionally, data subjects have the right to lodge a complaint with the competent supervisory authority and before the competent courts if the data subject considers that the processing of their personal data is in breach of the provisions of the applicable privacy laws, including the present Privacy Policy.
Please note that you can log a complaint before the competent supervisory authority. You can find the contact details of the competent authorities in the EEA at:
https://edpb.europa.eu/about-edpb/about-edpb/members_en
The details for the Bulgarian competent supervisory authority for data protection are:
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov blvd.
1592 Sofia
Tel. +359 2 915 3580 +359 2 915 3548
Fax +359 2 915 3525
Email: [email protected]
Website: https://www.cpdp.bg/
For how long do we keep your personal data
We retain your personal data for the minimum period required to comply with the purposes set out by this Privacy Policy unless we are obligated by law and/or have the right to retain it for a longer period.
We will retain personal data to enable us to:
● Maintain business records for analysis and/or audit purposes.
● Comply with record retention requirements under the law.
● Defend or bring any existing or potential legal claims.
● Deal with any future complaints regarding the services we have delivered.
Except otherwise expressed or required by applicable laws, please also note that we generally apply the following storage periods:
● All data is stored in its original format for a period of five (5) years on our server(s);
● No less than twelve (12) months after the collection and processing of data, related to geographical IP location, date, time, and duration of a website session of the person;
● Two (2) years after the date when you have contacted us via any communication channel we support and have provided any personal data.
We will retain personal data after those times if we are required to do so to comply with the law in the cases of outstanding claims or complaints that will reasonably require personal data to be retained, or for regulatory or technical reasons. Where we retain this data, we will continue to make sure that the data subjects’ privacy is protected.
How and why we may share or transfer personal data to third parties, third countries and international organisations
Where necessary we may provide (share or transfer) personal data about you:
● to anyone as a result of any restructure, sale or acquisition or to anyone to whom we transfer or may transfer our rights;
● if we are required, requested or permitted to do so by law, regulation, court order, or order of supervisory, regulatory or similar authority;
Please bear in mind that the data transferred is limited to the purpose for which it is transferred. By adhering to that notion, we give access to information to third parties only after a detailed documentation review and only if they meet the requirements of the applicable regulatory regime. This review carefully addresses the competence of each third party as well as technical and organisational data protection measures.
If your personal data is transferred outside the EEA to a country whose data protection standards are not deemed to be adequate, we do ensure that other measures guarantee data protection. The safeguards will include the use of contractual terms approved by the European Commission and/or other appropriate safeguards to ensure that personal data is sent and received in accordance with applicable laws.
We may disclose your personal information to the extent that we are obliged to do so by the applicable privacy legislation.
How do we protect your information
We take all the necessary measures to ensure the confidentiality of personal data and any other confidential information provided to us that is not personal data. We will comply with our obligations of confidentiality and establish and maintain adequate security measures to safeguard confidential information from unauthorised access or use.
We cannot bear responsibility for third-party sites that the website has a link to or for their policies. If you click on a link to a third-party site, please read the privacy policy/notice of the named site carefully and choose whether it is appropriate to use it.
Changes to this Privacy Policy
We reserve the right to make changes to this Privacy Policy from time to time, so please check back periodically for changes.
About this Privacy Policy
Protecting our Website visitors’ and clients' personal data is an essential priority for us at Smart Minds Ltd. (“we” or “us” or “our”).
This Privacy Policy is provided in line with the requirements of privacy laws such as Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (“GDPR”), as well as the applicable local legislation in Bulgaria.
When referring to “you” or “your”, we mean separately and collectively any visitor or user of this website as a data subject.
Data controller
The following company is controller with regards to the processing of your personal information as described in this Privacy Policy:
• Smart Minds Ltd., registered with the Bulgarian Commercial register No 208272591, having its seat and registered address at: 1 Edison Str., apt 22, Slatina district, Sofia 1111, Bulgaria
Any data subject may, at any time, contact us via the email below with all questions and suggestions concerning privacy and data protection.
Address: Edison, Sofia, Sofia-City 1111, BG
Email: [email protected]
Definitions
In this Privacy Policy, we use the following defined terms:
Personal Data is any information which can be used to identify you, either on its own, or in combination with other information;
Data Subject is any identified or identifiable natural person (you);
Processing is any operation or set of operations that is performed on your personal data or a set of personal data;
Pseudonymisation means the processing of personal data in such a manner that the personal data can no longer be attributed to you without the use of additional information;
Controller is the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of your personal data. We are the Controller when it comes to the processing of your personal data on our website;
Processor is any natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Information we may collect automatically through cookies and other technologies
While browsing or using some of the functionalities on our website, as well as by using cookies, we collect personal data. We may collect information about the products or services you looked at or searched for and this website’s functions you used, including time spent and other statistical information. Certain types of information may be received automatically, such as whenever you interact with the website or use our services. This information does not necessarily reveal your personal identity directly but may include information about the specific device you are using, such as device ID, operating system, web browser (such as Chrome, Firefox, Safari, or Internet Explorer) and your IP address/MAC address/device identifier.
Please refer to the Cookie Section of this Policy for additional information on how to manage our use of cookies.
What personal data we collect
We collect personal data about you when you contact us through the contact form on our website or through one of the e-mails or telephone numbers listed on the site. We may also collect data about other people related to you if you chose to disclose such information in your message to us.
The data necessary for contacting you that we may collect includes:
● Your full name;
● Your e-mail address;
● Your work place;
● Your job position.
The data we collect about you when you visit our website includes:
● With regards to online trackers (all visitors and users): browser name, version and fingerprint, IP address and geolocation, should you choose to enable these following our Cookie Policy as laid above.
Legal basis for collecting and processing personal data
The legal basis for our processing of your personal data is our legitimate interest in improving and offering our services to you and other potential clients.
If you chose to work with us, we would process your personal data as necessary to exercise our rights and perform our obligations under our contract with you.
Automated data processing and profiling
We do not use profiling and we will not make automated decisions about you that may significantly affect you unless (i) the decision is necessary as part of a contract that we have with you, (ii) we have your explicit consent, or (iii) we are required by law to use the technology.
What are your rights, and how to exercise them
The GDPR grants the data subjects a number of individual rights. Please be aware that those rights are not absolute and may not apply in certain circumstances.
Information or confirmation as to whether or not personal data concerning you are being processed.
Access information about, for instance, but not limited to, the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipients to whom the personal data have been or will be disclosed.
Rectification of inaccurate personal data concerning you. Taking into account the purposes of the processing, the data subject has the right to have incomplete personal data completed, including by means of providing a supplementary statement/documents.
Erasure (to be forgotten) of personal data concerning yourself in certain circumstances. This right only applies to data held at the time the request is received. It does not apply to data that may be created in the future. Please note that when we are required by law to process certain personal data, then the right to erasure will not apply to such data, e.g. when we are obligated by law to retain the personal data for a certain period of time. We would like to clarify also that the right to be forgotten so apply that the erasure will be fulfilled in respect of live systems, but that the data will remain within the backup environment for a certain period of time until it is overwritten. This signifies that we will put the backup data ‘beyond use’, even if it cannot be immediately overwritten (the backup is simply held on our systems until it is replaced in line with an established schedule).
Restriction of processing in certain circumstances. This is an alternative to requesting the erasure of your data, where for instance (but not limited to), the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead unless this proves impossible or involves disproportionate effort.
Data portability of the personal data as long as the processing is based on consent or on a contract, and the processing is carried out by automated means. This right allows data subjects to obtain and reuse their personal data for their own purposes across different services, from one IT environment to another, in a safe and secure way, without affecting its usability.
Object the processing of personal data. For instance (but not limited to), the data subject has the right to object, at any time, to the processing of personal data concerning them for marketing purposes; however, if the data subject is objecting to other uses, we can refuse to comply with the objection but only if we can prove we have a strong reason to continue processing your data that overrides your objection. In particular, the data subject has the right to object at any time the processing on the basis of legitimate interest, in which case we shall no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Avoid automated decision-making (with no human involvement), such as profiling, which uses personal data to make calculated assumptions about individuals. There are strict rules about this kind of processing, and data subjects are permitted to challenge and request a review of the processing if they believe such rules are not being followed.
Withdraw data protection consent to the processing of your personal data at any time and we will cease the processing of the relevant information. However, please bear in mind that consent is only one of several lawful grounds for personal data processing, so exercising this right does not mean that there is no other legal basis in place.
Information on action taken within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests.
Information in case of a data breach that is likely to result in a high risk to the rights and freedoms of the data subject.
If a data subject wishes to exercise any of the above rights, they may, at any time, contact us at the contact details provided in this Privacy Policy.
Additionally, data subjects have the right to lodge a complaint with the competent supervisory authority and before the competent courts if the data subject considers that the processing of their personal data is in breach of the provisions of the applicable privacy laws, including the present Privacy Policy.
Please note that you can log a complaint before the competent supervisory authority. You can find the contact details of the competent authorities in the EEA at:
https://edpb.europa.eu/about-edpb/about-edpb/members_en
The details for the Bulgarian competent supervisory authority for data protection are:
Commission for Personal Data Protection
2, Prof. Tsvetan Lazarov blvd.
1592 Sofia
Tel. +359 2 915 3580 +359 2 915 3548
Fax +359 2 915 3525
Email: [email protected]
Website: https://www.cpdp.bg/
For how long do we keep your personal data
We retain your personal data for the minimum period required to comply with the purposes set out by this Privacy Policy unless we are obligated by law and/or have the right to retain it for a longer period.
We will retain personal data to enable us to:
● Maintain business records for analysis and/or audit purposes.
● Comply with record retention requirements under the law.
● Defend or bring any existing or potential legal claims.
● Deal with any future complaints regarding the services we have delivered.
Except otherwise expressed or required by applicable laws, please also note that we generally apply the following storage periods:
● All data is stored in its original format for a period of five (5) years on our server(s);
● No less than twelve (12) months after the collection and processing of data, related to geographical IP location, date, time, and duration of a website session of the person;
● Two (2) years after the date when you have contacted us via any communication channel we support and have provided any personal data.
We will retain personal data after those times if we are required to do so to comply with the law in the cases of outstanding claims or complaints that will reasonably require personal data to be retained, or for regulatory or technical reasons. Where we retain this data, we will continue to make sure that the data subjects’ privacy is protected.
How and why we may share or transfer personal data to third parties, third countries and international organisations
Where necessary we may provide (share or transfer) personal data about you:
● to anyone as a result of any restructure, sale or acquisition or to anyone to whom we transfer or may transfer our rights;
● if we are required, requested or permitted to do so by law, regulation, court order, or order of supervisory, regulatory or similar authority;
Please bear in mind that the data transferred is limited to the purpose for which it is transferred. By adhering to that notion, we give access to information to third parties only after a detailed documentation review and only if they meet the requirements of the applicable regulatory regime. This review carefully addresses the competence of each third party as well as technical and organisational data protection measures.
If your personal data is transferred outside the EEA to a country whose data protection standards are not deemed to be adequate, we do ensure that other measures guarantee data protection. The safeguards will include the use of contractual terms approved by the European Commission and/or other appropriate safeguards to ensure that personal data is sent and received in accordance with applicable laws.
We may disclose your personal information to the extent that we are obliged to do so by the applicable privacy legislation.
How do we protect your information
We take all the necessary measures to ensure the confidentiality of personal data and any other confidential information provided to us that is not personal data. We will comply with our obligations of confidentiality and establish and maintain adequate security measures to safeguard confidential information from unauthorised access or use.
We cannot bear responsibility for third-party sites that the website has a link to or for their policies. If you click on a link to a third-party site, please read the privacy policy/notice of the named site carefully and choose whether it is appropriate to use it.
Changes to this Privacy Policy
We reserve the right to make changes to this Privacy Policy from time to time, so please check back periodically for changes.
© 2025 Smart Minds
Contact Us