Privacy Policy
Eurograde Consult Ltd. recognises and complies with the established policies and general terms and conditions for personal data protection.
By using the websites https://eurograde-consult.bg and https://eurograde-consult.com, you agree to the terms regarding the collection, use and disclosure of your personal data in accordance with this Privacy Policy.
Information about the Personal Data Controller
Eurograde Consult Ltd. (hereinafter referred to as the Controller, Eurograde Consult Ltd., We, Us, the Company) is a limited liability company, registered in the Commercial Register under UIC 208530789, with registered office and correspondence address: Sofia, Lozenets Residential District, 1 Momin kladenets St., floor 3, contact phone: +359 886 050 318, +359 886 593 696, and email: office@eurograde-consult.bg
Data Protection Officer:
Name: Georgi Danchev
Contact details:
Correspondence address: Sofia, Lozenets Residential District, 1 Momin kladenets St., floor 3
Phone: +359 898 621 679
Email: georgidanchev@gmail.com
Contact details of the Supervisory Authority
Commission for Personal Data Protection (CPDP)
Address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2
Website: www.cpdp.bg
You are encouraged to take the time to read this Privacy Policy and to review it periodically, as we may amend it from time to time.
1. Scope
The protection of your personal data is a high priority for Eurograde. This Privacy Policy explains how Eurograde collects, stores, processes, protects, uses and discloses personal and other data collected about you in writing, orally, electronically or when you use the websites https://eurograde-consult.bg and https://eurograde-consult.com(together with any other and any future website operated by or on behalf of Eurograde Consult Ltd., collectively referred to as the “Website”). Our data protection practices comply with the applicable Bulgarian data protection legislation and with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation – GDPR).
2. Key definitions
For the purposes of this Privacy Policy, the following terms are used:
Personal data is any information related to an identified or identifiable natural person, including but not limited to:
(a) first name or initial and surname;
(b) personal identification number (EGN);
(c) permanent or current address;
(d) telephone number;
(e) email address or online identifier associated with the person;
(f) data regarding financial or health status or data related to professional experience;
(g) behavioural or demographic characteristics when linked to personal identifiers;
(h) voice data and video image; or
(i) any other information relating to a person which is combined with any of the above.
Other data, as defined by applicable law, may include anonymised and/or aggregated information, as well as any other information which does not reveal the identity of the person or is not directly linked to them. Other data may include, but is not limited to: cookies, IP address and information derived from the IP address, information contained in HTTP headers, other data stored in internet protocols, browsers or various devices, operating systems and information used by apps on your mobile device, screen resolution, behavioural data about your use of the websites and preferred languages.
Processing of personal and other data means any operation or set of operations which is performed on personal or other data, whether or not by automated means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination, and deletion or destruction.
Special categories of personal data (sensitive data) are personal data that may include, but are not limited to, data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
Suppliers of goods and services are third parties that we use under contractual relationships in order to fulfil our legal obligations and carry out our business activities, and to provide you with many of our services, features and aspects of the Website.
3. What personal and other data we collect
Our privacy practices depend on the type of relationship you have with Eurograde and on legal requirements. We strive to collect personal and other data only to the extent necessary to provide the products, services or information you have requested, or to recruit the personnel necessary for the normal functioning of the Company. We may use the information to improve the functionality of our Website, in accordance with this Privacy Policy. Below are the grounds and some of the ways in which we collect and use information.
Your personal data may also be collected in connection with loyalty programmes and promotions (games) organised by Eurograde Consult Ltd. Each loyalty programme or game has its own specific terms with detailed rules for participation, prize pools, the personal data required, the methods of collection, storage periods and purposes of processing.
When organising such loyalty programmes and games, Eurograde also complies with the general data protection rules of the social platform where the game is distributed, typically but not limited to Facebook, Twitter, Instagram.
3.1. Users
Eurograde collects user data in various ways. In all cases we collect only the personal data that you voluntarily provide to us and we do not collect any additional data that you have not provided without your voluntary consent.
3.1.1. Personal data you provide voluntarily
You may choose to communicate with us and provide personal data such as your:
• name, postal and email address, telephone and/or mobile number, city, postal code, age, bank account and other information.
3.1.2. For what purpose we use your personal data
Eurograde Consult Ltd. uses the above data, when provided by Users, in the following cases:
-
performance of a contract concluded with a client, including delivery of goods and services;
-
submission by clients of opinions, complaints, suggestions, objections, etc.;
-
customer satisfaction surveys;
-
providing a response;
-
contacting us by phone, email or post with a question, recommendation or complaint;
-
responding to your inquiries and complaints related to the quality of the goods or services offered;
-
in connection with loyalty programmes and in case you are a winning participant in Games organised by Eurograde Consult Ltd.
Eurograde Consult Ltd. does not collect personal data from its customers unless they contact us directly. In order to adequately respond to customer inquiries, it may be necessary for personal data to be shared with third parties.
3.1.3. Other data collected automatically
We collect data automatically via the Website. However, if we combine your personal data with data that we collect automatically (for example, geographic location from your IP address combined with behavioural information about your use of the Website and your name), we treat such information as personal data.
Eurograde and its online advertising and marketing partners may use various technologies to collect information, including:
3.1.4. Cookies
Like many other websites, we use tools that collect data such as “cookies”. We collect this data in order to analyse traffic to our page and to measure the effectiveness of the promotions we offer. A cookie is a small text string of information that the Website sends to the cookie file of the browser on your computer’s hard drive so that the Website can remember you.
A cookie typically contains the domain name from which the cookie has come, the “lifetime” of the cookie and a value, usually a randomly generated unique number.
This helps us provide you with a better experience on our Website and allows us to improve the services we offer.
Some important things to know about cookies:
Eurograde Consult Ltd. offers certain features that are available only through the use of cookies.
• They are used to improve the use of the Website.
• Most cookies are “session cookies”, which means they are automatically deleted from your hard drive at the end of the session.
You can choose to accept or reject cookies by changing your browser settings. If you refuse cookies, this may prevent you from using all interactive features on the Website.
3.1.4. Internet Protocol (“IP”) Addresses
The IP address is associated with your computer or your mobile device. Eurograde Consult Ltd. may use your IP address to help diagnose problems with Eurograde’s server, to administer the Website and to maintain contact with you while you use the Website.
3.2. Potential employees
If you wish to become part of the Eurograde Consult Ltd. team and submit an application or your CV, we process and store the personal data contained in the documents for no longer than 6 months after completion of the recruitment process. The collected personal data may include, but is not limited to:
• Identification: name, address, phone number, email address, date of birth, nationality, bank account;
• Education and professional qualifications: data related to education, work experience, professional and personal qualifications and skills, where necessary and required for the position.
These personal data are stored in accordance with the privacy rules provided during the recruitment process at Eurograde Consult Ltd.
3.3. Employees
With regard to its employees, Eurograde Consult Ltd. processes the following personal data:
• Identification: full name, personal identification number (EGN), date of birth, permanent address, education and professional qualification, professional experience, bank account number;
• Data relating to health status, including medical certificates for all employees and data from personal health books of employees working directly with food;
• Data concerning criminal record – certificate of criminal record (where legally required).
These personal data are stored in accordance with the internal data protection rules of Eurograde Consult Ltd. and the Employee Privacy Notice.
3.4. Contractors and suppliers
With regard to our suppliers of goods and services who are natural persons /freelancers/ and the representatives or contact persons of our suppliers who are legal entities, Eurograde Consult Ltd. processes the following personal data:
• Identification: name, personal identification number, address, phone number, email address, date of birth;
• Professional activity: position, job title.
These personal data are stored in accordance with the internal data protection rules of Eurograde and the Supplier and Partner Privacy Notice.
3.5. Visitors to premises
With regard to persons visiting premises of Eurograde Consult Ltd. where video surveillance is carried out, Eurograde Consult Ltd. processes the following personal data:
• Identification: voice data and video image.
These personal data are stored in accordance with the rules for personal data protection in video surveillance and monitoring at Eurograde Consult Ltd.
4. How we collect the data
Clients
The Company usually collects and processes clients’ personal data when preparing, arranging and providing reservations and accommodation at Eurograde sites.
The Company usually does not process clients’ personal data when preparing and selling drinks and food at its establishments.
Clients’ personal data are processed when the client chooses to participate in any of the programmes or games organised by the Company. In such cases, the personal data of clients (which may include, depending on the specific case, the client’s first and last name, address, email address, date of birth, phone number, payment details and, where applicable, order information and purchase locations) are processed solely with the client’s consent, provided voluntarily in accordance with the rules of the relevant programme or game.
Clients’ personal data are processed within loyalty programmes for the purposes of facilitating the execution of their orders, for marketing purposes (e.g. as part of marketing campaigns of the Company, to provide information about new products, to send commercial communications from the Company or to notify about prizes won or other winnings), and for the purposes of tracking customer satisfaction.
Clients’ personal data (as described above) are also processed when a client contacts the Company to submit opinions, complaints, suggestions, objections, etc.
Users of the Website
The Company uses cookies on its Website. Cookies ensure a faster and more efficient browsing of the Website and adapt the display of products and other content to the User’s personal interests and specific needs. Cookies are used to collect aggregated anonymous statistical data that help us understand how the Website is used and allow us to optimise its structure and content, as well as to provide certain Website features and to personalise advertising.
The Company uses two types of cookies – temporary (session) and persistent cookies. Session cookies are used temporarily and are stored on the User’s device until he/she leaves the Website or closes the application (web browser). Persistent cookies remain on the User’s device for the period specified in the cookie parameters or until the User deletes them.
Information obtained through the use of cookies may be collected only for the purposes of mediation and performing certain user functions. These data are encrypted in a way that prevents unauthorised access.
The application used to view the Website generally allows cookie files to be stored on the User’s device under default settings. This mode can be changed either by fully blocking cookies in the browser settings, or by partially blocking them – in which case the User is notified each time cookies are stored. More detailed information regarding the options and ways to manage cookies is available in the browser settings.
The Website collects information about the User’s IP address (i.e. the number that uniquely identifies the network interface of the User’s computer network), domain name, as well as the type of browser and operating system. The purposes of processing these data are similar to those of cookies – they are used by the Company to collect statistical data to analyse the use of the Website and to personalise advertising.
Users’ personal data are processed where there is consent voluntarily provided by the User through loading the Website or implicitly expected in connection with the use of the Website.
Personal data of Users who register or send an inquiry via the Website are processed where there is consent voluntarily provided by the User at the time of registration or inquiry.
Employees and Potential Employees
The Company processes personal data of employees and potential employees to the extent necessary for recruitment and hiring, and for the performance of legal obligations (such as obligations to withhold or pay taxes, to keep records for health and social security purposes, etc.). The employee is obliged to provide these data to the Company. Failure to provide such data should be considered a breach of legal requirements by the employee and/or the Company and may lead to sanctions by the competent authorities.
The Company processes employees’ personal data beyond what is required by law only with their consent and as part of the legitimate interests of the Company or the performance of the contract between the Company and the employee, in particular for the purposes of processing personal data in CVs of job applicants, preparing promotional materials, managing the Company’s social media profiles, keeping records of the use of company cars, providing information about Company events, protecting Company property (mainly the use of video surveillance systems) or providing access to authorised persons to Company premises.
5. What we do with the personal and other data we collect
First and foremost, we use the data you provide or that we collect to provide you with the products, services or information you have requested. We also use the data to improve the functionality of our Website.
We may use your data to provide you with information about Eurograde Consult Ltd. products or services that may be of interest to you. In order to automatically route customer inquiries and to provide services offered through our Website, we may share information with our service providers.
We may provide your data to data processors such as accounting companies, for the purpose of fulfilling Eurograde Consult Ltd.’s legal obligations under labour, social security, tax and administrative legislation. The provision of personal data from Eurograde Consult Ltd. to data processors is based on and in connection with written contracts under which data processors have explicitly defined obligations of confidentiality and to take appropriate measures to protect the personal data they process on our behalf. The data processors on behalf of Eurograde Consult Ltd. guarantee that they will not use the information provided for purposes other than those contractually agreed and that they will protect the data in accordance with the applicable confidentiality requirements and the general principles of privacy set out in this Privacy Policy and defined in Regulation (EU) 2016/679 and the Bulgarian Personal Data Protection Act (PDPA).
6. Choice
You have the right to opt out of certain uses and disclosures of your personal data as set out in this Policy. Before disclosing sensitive data to a third party or processing sensitive data for a purpose other than the original or subsequently authorised purpose, Eurograde Consult Ltd. will make reasonable efforts to obtain your explicit consent, where such consent is required by law or contract.
If you participate in any promotion, the personal data you provide will be processed in accordance with the privacy rules applicable to that promotion, to the extent that they differ from this Policy.
7. Where we store your personal data
All personal data submitted and collected through the websites are stored on our servers, on shared servers, on the servers of other controllers or processors with whom Eurograde Consult Ltd. has recruitment or service contracts, or on the servers of our suppliers of goods and services. By using our websites, you agree that your data may be stored at these locations.
7.1. Provision of data to third parties
The Company provides already processed personal data only to partners with established technical and organisational measures for data protection and for fulfilling other obligations arising from Regulation (EU) 2016/679 and the PDPA.
The Company’s partners have access to personal data only to the extent necessary for the performance of their obligations.
Accordingly, in certain cases, the Company provides personal data to other companies and third parties that provide services to the Company related to hosting data on shared servers, managing loyalty programme applications, enabling payments for purchases from the Company, and analysing marketing research.
Employees’ personal data are provided to the external accounting firm that maintains the Company’s accounting and tax records and payrolls, and in some cases to companies providing services that allow Company employees to report breaches of legal provisions or situations where the Company, its partners or employees act unethically.
Under no circumstances does the Company provide personal data to third parties in exchange for payment.
7.2. Transfer of personal data to third countries
The Company may transfer personal data to countries outside the European Union and, in some cases, to third countries (such as the USA), regardless of whether or not there is a decision by the European Commission that those third countries ensure an adequate level of data protection equivalent to that in the EU.
Personal data transfers to other companies and third parties are carried out, where necessary, on the basis of a contract under which the recipient of the data undertakes to maintain high standards of data protection (such transfers are based on the “standard contractual clauses” for the protection of personal data under Article 46(2)(c) of the GDPR) and/or subject to the consent of the data subject.
Retention period. The personal data you provide will be stored for no longer than is necessary to achieve the purposes for which they are processed.
8. How we protect your data
Eurograde Consult Ltd. applies organisational, physical, IT and other necessary measures to ensure the security and protection of your personal data and to monitor data processing.
Among others, such security measures include:
-
Eurograde Consult Ltd. has established internal procedures for the processing, recording and storage of personal data, compliance with which is constantly monitored;
-
employees’ access to personal data and their authorisation to process personal data in Eurograde’s databases is restricted depending on their duties;
-
Eurograde Consult Ltd. has imposed confidentiality obligations on its employees;
-
access to Eurograde’s office equipment and each employee’s computer is restricted;
-
we apply all necessary organisational and technical measures provided for in the Personal Data Protection Act, as well as best practices from international standards;
-
for maximum security in the processing, transfer and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymisation, etc.
The security measures we apply are subject to ongoing improvement and adaptation to current technologies.
9. Access
Where permitted by law, you may use any of the methods in Section 13 of this Policy to obtain confirmation that Eurograde Consult Ltd. processes personal data about you and to request access, correction or deletion of personal data processed by us, including where data are processed in violation of the principles of Regulation (EU) 2016/679 and the PDPA. Such requests will be handled in accordance with Eurograde’s internal rules, which comply with Regulation (EU) 2016/679 and the PDPA.
Eurograde respects and takes the necessary care to uphold the rights of data subjects, but there may be cases where it is not possible to provide the requested information, for example, but not limited to:
-
where the law takes precedence over the rights of data subjects;
-
where providing information would pose a risk to the security of data subjects;
-
where it would infringe the privacy of other persons or where the information constitutes trade secrets.
If the Controller determines that access must be restricted, Eurograde Consult Ltd. will make reasonable efforts to inform you of the reasons for the restriction and will provide contact details for further inquiries.
If necessary, the Data Protection Officer of Eurograde Consult Ltd. will liaise with another person to cooperate and complete the process of providing the requested data. In order to protect your data, the Controller will take the necessary steps to verify your identity before granting access or making any changes related to your data.
10. Data integrity – purpose limitation
Eurograde Consult Ltd. processes the personal data it receives while you use the sites or for as long as is necessary to complete the purpose(s) for which they were collected, for example, but not limited to: until the services are completed, for dispute resolution, legal protection, audits, where legitimate business interests exist, to execute agreements and to comply with applicable laws. Your consent for these purposes is not required.
11. Further sharing
Eurograde Consult Ltd. does not provide personal data to third parties unless a client or potential employee requests or has consented to such disclosure, or the disclosure is required by law. The Controller may share personal data with its service providers, consultants and affiliates for internal or business purposes, or to provide you with a product or service you have requested.
Payment information will be processed only to fulfil the order and may be stored by our service provider for future orders or for accounting purposes.
The Controller requires its service providers or other data processors to provide written assurances of confidentiality and data protection for the personal data they maintain on behalf of the Controller, including ensuring at least the minimum level of protection required by the principles of Regulation (EU) 2016/679, and that such data will not be used for purposes other than those defined by the Controller. Service providers must notify the Controller if they determine that they can no longer meet their obligations. For further transfers of data provided to third parties, the Controller monitors how the data are processed and requires assurances from the processing party that it complies with the principles of Regulation (EU) 2016/679.
Your personal data are treated as a company asset and may be disclosed or transferred to a third party in the event of a change in the legal or organisational structure of Eurograde Consult Ltd., for example in any reorganisation, sale, merger, division, joint venture, transfer, consolidation or other type of acquisition, disposal, or financing of all or part of our business or certain business assets or shares (including in connection with insolvency or similar proceedings). In such cases, your data are transferred to the third party to enable you to continue receiving the same products and services or to maintain the same relationship with that third party.
Although we make every effort to preserve the confidentiality of the personal data we collect, Eurograde reserves the right to disclose personal data to third parties under certain limited circumstances, including:
(a) compliance with a law, search warrant, subpoena, court proceeding, judicial or administrative order;
(b) response to a lawful request from public authorities, including to meet national security or law enforcement requirements;
(c) enforcement of the Controller’s policies or agreements;
(d) collection of amounts due;
(e) protection of users of the sites from fraud or abuse;
(f) during emergencies when safety is at risk, as determined by the Controller;
(g) when necessary to establish, exercise or defend legal claims.
At the Controller’s discretion, server logs may be reviewed for security purposes, e.g. to detect unauthorised activity on the sites. In such cases, server data containing IP addresses will be shared with law enforcement agencies so they can identify users in connection with investigations into unauthorised activity.
12. Security
Although there is no such thing as “guaranteed security”, we and our partners use commercially acceptable measures (including all steps required by applicable law) designed to protect your personal information from loss, unauthorised access, use, alteration, disclosure or other misuse.
13. Rights of data subjects
You may also lodge a complaint with your Supervisory Authority – in Bulgaria this is the Commission for Personal Data Protection, at the address indicated in this Policy. Eurograde Consult Ltd. will fully comply with any recommendations given by Supervisory Authorities and will take the necessary steps to remedy any non-compliance with legal principles.
Commission for Personal Data Protection
Address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2
Website: www.cpdp.bg
If you suspect a breach of legal requirements, you have the right to lodge a complaint with the data protection
Supervisory Authority.
Your legal rights include:
• To request information as to whether we process your personal data, what data we process and for what purpose.
• To request access to your personal data (“Data Access Request”). This allows you to obtain a copy of the personal data we hold about you and to check that we are processing them lawfully.
• To request correction of the personal data we hold about you. You have the right to correct any incomplete or inaccurate information we hold about you.
• To request deletion of your personal data. This allows you to request that we delete or remove personal data where:
-
the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
-
you withdraw your consent on which the processing is based and there is no other legal ground for the processing;
-
you object to the processing, including profiling, and there are no overriding legitimate grounds for the processing, or you object to processing for direct marketing purposes;
-
the personal data have been unlawfully processed;
-
the personal data must be erased in order to comply with a legal obligation under Union or Bulgarian law;
-
the personal data have been collected in relation to the offer of information society services.
• To object to processing for certain types of processing, such as direct marketing (unsolicited marketing messages), as well as where processing is based solely on the Controller’s legitimate interest.
• To object to automated decision-making, including profiling, i.e. not to be subject to any automated decision-making based solely on your personal data.
• To request restriction of the processing of your personal data where:
-
you contest the accuracy of the personal data, for a period enabling the Controller to verify the accuracy of the personal data;
-
the processing is unlawful, but you do not want the personal data to be erased and request restriction of their use instead;
-
the Controller no longer needs the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
-
you have objected to processing based on the Controller’s legitimate interests, pending verification whether the legitimate grounds of the Controller override those of the data subject.
• To request the transfer of your personal data in an electronic and structured form to you or to another party (commonly referred to as the “right to data portability”). This enables you to receive your data from us in a usable electronic format and to transmit it to another party in a similar format.
• To withdraw your consent. In the rare cases where you have given consent for the collection, processing and transfer of your personal data for a specific purpose, you have the right to withdraw your consent at any time for that specific processing. Once we receive notice that you have withdrawn your consent, we will cease processing your information for the purposes for which you originally agreed, unless we have another legal ground to do so.
Requests may be made by completing a Request Form and sending it to the email address of the Data Protection Officer or to the address of Eurograde Consult Ltd.
To ensure that we have correctly identified the person, we may contact you to confirm your request.
Eurograde Consult Ltd. undertakes to review your request without undue delay and in all cases within 30 days of receiving the request. In cases of legal and factual complexity, this period may be extended by a further 30 days. You do not have to pay a fee to exercise your rights listed above. In the case of repeated requests on the same grounds, obviously unfounded or excessive requests, a fee may be charged.
In order to provide complete, accurate and clear information in relation to your request, we may ask you for specific identifying data to help us confirm your identity. This is an additional security measure to ensure that your personal data are not disclosed to persons who have no right to receive them.
14. Information relating to children
We do not knowingly collect personal information from children under 16 years of age. If we become aware that we have collected personal information from a child under 16, we will take steps to delete that information as soon as possible or to obtain consent from the person bearing parental responsibility for the child.
If you are a parent or legal guardian of a child whom you believe has provided us with personal data, please contact our Data Protection Officer, who will take immediate action to delete the information in accordance with applicable law.
15. Links to third-party websites
Please note that the Website may contain links to other websites for your convenience and information. The Controller does not control external websites and their privacy practices. Please note that these practices may differ from those set out in this Policy. Eurograde Consult Ltd. does not endorse and makes no representations about third-party websites. Personal data that you choose to provide to websites not affiliated with us are not covered by this Policy. We encourage you to review the privacy policies of other websites before providing your personal data. Some third parties may choose to share their users’ personal information with us; such sharing is governed by their own privacy policies, not by this Policy.
16. Changes to the Privacy Policy
The Controller may update this Privacy Policy. When the Policy is changed, we will update the “last revised” date at the top of the Policy.
If there are any changes to this Policy, we will notify you. We encourage you to read our Privacy Policy to stay informed about how we protect the information you provide.
If you continue to use the Website after the publication or amendment of the Policy, this will be deemed as your agreement to be bound by it and by any such changes.
Any change to this Privacy Policy enters into force immediately upon its publication.
17. Other relevant policies
This Policy may be supplemented by one or more specific privacy policies or notices. In the event of any conflict between this Policy and any specific policy, the specific policy will prevail.
How to contact us
If you wish to exercise your rights or have any other questions regarding this Policy, you can contact us at:
Sofia, Lozenets Residential District, 1 Momin kladenets St., floor 3
Phone: +359 886 050 318, +359 886 593 696
Email: office@eurograde-consult.bg
Data Protection Officer: Georgi Danchev
Phone: +359 898 621 679
Email: georgidanchev@gmail.com
In addition, you have the right to lodge a complaint with the Commission for Personal Data Protection:
Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2, or electronically via the Commission’s website: https://www.cpdp.bg.
This Policy is approved and enters into force as of October 2025.