Contacts

Privacy Policy for use of the Website https://agroconsult.bg/ en/

This policy the processing of personal data by Agroconsult Ltd., UIC: 123016872, with registered seat and address of management: Stara Zagora, postal code 6000, 33 Kolyo Ganchev Street, floor 7, email address: office@agroconsult.bg, telephone number: 070042600 (hereinafter referred to as “Controller”), in the performance of the Controllerr’s activities and, in particular, when using the website https://agroconsult.bg/ en/, in accordance with the General Data Protection Regulation (EU Regulation 2016/679, referred to as “the Regulation”) and the Personal Data Protection Act.

In order to comply with the legal requirements, with this Privacy Policy the Controller provides information about your rights, the categories of personal data that is collected, the basis for their processing, how they are stored and used, as well as when they are provided to third parties.
According to Article 4 of EU Regulation 2016/679, “personal data” means any information relating to an identified natural person or an identifiable natural person, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, psychological, economic, cultural or social identity of that natural person.
You may send any questions, requests, complaints, objections, and appeals related to your personal data to the Controller using the contact details mentioned above.

I. Legal basis, purposes and term for processing personal data by the Controller
1.1. The Controller collects and processes your personal data in connection with the use of the Website and the conclusion of contracts, as well as other accompanying activities, and in particular on the following grounds:
1.1.1. For the conclusion of a contract
a) Legal basis and purposes: The Controller processes your data on the basis of article 6, paragraph 1, letter “b” of the Regulation, where processing is necessary for the performance of a contract to which you or a person represented by you is a party, or for taking steps at your request prior to entering into a contract.
b) Processed data: full name, email address, telephone number.
c) Term for processing: up to one month from the termination of the contractual relationship or from the moment of learning that the contract will not be concluded. If there is a legal requirement for some of the data to be stored for a longer period (tax, accounting legislation etc.), the longer period shall apply.
d) Necessity of providing the data: the provision of personal data for processing on this basis is necessary for the conclusion of a contract, and if the data are not provided, it may not be possible to conclude the contract you have requested.
1.1.2. Consent for the proper and efficient functioning of the Website
a) Legal basis and purposes: The Controller processes your data on the basis of article 6, paragraph 1, letter “a” of the Regulation, where you have given your explicit and informed consent to the processing of your data for the proper and efficient functioning of the Website.
b) Processed data: your IP address and the page from which you were referred to our website; information about your stay on our website and the sections you have visited; information about your browser and operating system; other technical information, in accordance with the technical requirements of the information system.
c) Term for processing: until consent is withdrawn.
d) Necessity of providing the data: the provision of personal data for processing on this basis is not a condition for entering into a contract; the provision of data representing analytical cookies and third-party cookies is not mandatory, and failure to provide them will have no consequences for you. Additional information on this matter is available in our Cookie Policy.
1.1.3. Consent for the purposes of marketing, advertising, and receiving information
a) Legal basis and purposes: The Controller processes your data on the basis of article 6, paragraph 1, letter “a” of the Regulation, where you have given your explicit and informed consent to the processing of your data for the purposes of marketing, advertising, and receiving information from the Controller.
b) Processed data: email address. If you have provided other personal data based on your consent for the purpose of receiving information from the Controller, other data such as your name, address, telephone number, social media contacts, and website may also be processed.
c) Term for processing: until consent is withdrawn.
d) Necessity of providing the data: The provision of personal data for processing on this basis is not a condition for concluding a contract, is not mandatory, and if you do not provide it, you will not receive the relevant advertising, marketing, and other information from us.
1.1.4. To comply with a legal obligation
a) Legal basis and purposes: The Controller processes your data on the basis of article 6, paragraph 1, letter „c“ of the Regulation, when a public authority conducts an inspection of the Controller’s activities and requests access to your data on a relevant legal basis.
b) Processed data: names, address, social media contacts, website, email address, telephone number.
c) Term for processing: until the completion of the relevant procedure with the authority, unless the data are processed on another basis, in which case the period for the other basis applies if it is longer.
d) Necessity of providing the data: the data is never provided by you for the purposes of processing on this basis, therefore the necessity of providing it depends on the basis on which you provide it.
1.2. When data are processed based on your explicit informed consent, prior to providing your personal data you give your consent by checking the boxes for the purposes for which you agree to have your data processed and clicking on the pop-up button on our website that says: “I have read the Privacy Policy, I accept it and I give my consent for my personal data to be processed by the Controller for the purposes specified in this field.” If you agree to your data being used only for some of the specified purposes, you can select only those purposes with which you agree.

II. Personal data that are not processed:

  1. The Controller shall not collect or process personal data that:
    a) reveal the racial or ethnic origin of users or other data relating to their health or mental state;
    b) reveal political, religious or philosophical beliefs, or trade union membership;
    c) disclose users’ genetic or biometric data or sexual orientation data,
    and in the event that the above are shared by users of the site, they will not be subject to processing and will be deleted immediately upon receipt.

III. Automated decision-making and profiling

  1. The Controller does not carry out automated decision-making, including profiling.

IV. Technical security regarding the protection of personal data
4.1. The Controller has implemented all technical and organizational measures necessary for the processing and protection of personal data in accordance with EU Regulation 2016/679 and applicable Bulgarian law.
4.2. The measures taken are appropriate to the specific risks associated with the processing and storage of the personal data provided. Organisational and technical safeguards are in place to protect your data from loss, alteration, theft or unauthorised access by unauthorised third parties.

V. Processors and recipients of personal data
5.1. Personal data processors
The Controller may provide personal data to processors who process the data on behalf of and on the instructions of the controller, based on a contract under Article 28 of Regulation (EU) 2016/679, including, but not limited to:
a) providers of hosting, virtual servers (VPS), cloud and IT infrastructure services;
b) providers of information system maintenance, administration and security services;
c) providers of software solutions used in connection with the operation of the website;
d) advertising and marketing service providers, when acting on the instructions of the Controller and having no independent purpose for processing.
These persons are not entitled to use personal data for their own purposes.
5.2. Independent or joint controllers
In certain cases, the Controller may disclose personal data to third parties – independent or joint controllers who process the data for their own purposes, including:
a) providers of online advertising, marketing, and analysis services (e.g., Google, Meta/Facebook), when this is based on valid consent;
b) third parties involved in the organisation and running of games, competitions or promotions, in accordance with the rules of the relevant initiative;
c) professional consultants and service providers such as accountants, auditors, lawyers, notaries, when they process personal data as independent controllers, unless they act as processors of personal data on the instructions of the Controller.
In these cases, the relevant third parties are solely responsible for the processing of personal data in accordance with applicable law.
5.3. Transfer of personal data outside the European Union
In the event that personal data are transferred to recipients outside the European Union or the European Economic Area, the Controller, after assessing the level of protection and, where applicable, implementing additional measures, shall ensure an adequate level of protection by applying the mechanisms provided for in the Regulation, such as:
a) adequacy decisions of the European Commission;
b) standard contractual clauses;
c) other applicable legal safeguards.
5.4. Guarantees for the protection of personal data
The Controller shall take appropriate technical and organizational measures to ensure that all processors and recipients of personal data process them in accordance with the requirements of Regulation (EU) 2016/679 and the applicable Bulgarian legislation.

VI. Principles relating to processing of personal data
The Controller guarantees that the personal data being processed are:
a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’);
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’);
f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

VII. Your rights as a personal data subject

  1. Under the Regulation, each personal data subject has the following rights:
    7.1. Right of access
    You have the right to find out free of charge what personal data we process about you and whether we process it.
    7.2. Right of rectification
    In the event of a discrepancy between your data and that which we process, you have the right to request that we correct, without undue delay, any data held by us which is inaccurate.
    7.3. Right to restriction of processing
    In certain circumstances you have the right to request the restriction or blocking of the processing of certain data. These include the need to verify the accuracy of your personal data, the basis for processing or the unlawfulness of processing.
    7.4. Right to erasure
    If the basis for processing is no longer valid, you have the right to request the erasure of all data processed by us, except in cases where the law requires further storage.
    7.5. Right to data portability
    In the event that you wish to use your personal data provided electronically for the same service, but by another Controller, you have the right to request that it be transmitted to another Controller in a machine-readable format.
    7.6. Right to object
    If you disagree with the way we process your personal data, you have the right to object. This right applies only to data the processing of which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, and to data the processing of which is necessary for the purposes of the legitimate interests of the Controller or of a third party, except where the interests of the data subject override such interests.
    7.7. Right to withdraw consent
    When providing data on the basis of your consent, you have the right at any time to withdraw consent to the processing of the specific type of personal data, without affecting the lawfulness of the processing based on consent before it was withdrawn.
    7.8. Right of appeal
    If you are dissatisfied with the manner in which the application submitted by you in relation to any of the above rights has been administered or you believe that we are not lawfully processing your personal data, you have the right to lodge a complaint with the Personal Data Protection Commission, which is the supervisory authority responsible for the implementation of EU Regulation 2016/679 and the Personal Data Protection Act.
    If you wish to exercise any of the above rights, you may send a request to that effect with your exact request to the e-mail address, provided in this policy.

VIII. Contacts of the Commission for Personal Data Protection (CPDP)
Address: 1592 Sofia, 2 “Prof. Tsvetan Lazarov” Blvd.
Information and Contact Centre – tel. 02/91-53-519
Reception – working hours 9:00 – 17:30
E-mail address: kzld@cpdp.bg
Website: www.cpdp.bg

This policy was adopted on 02/09/2026 and has not been amended since that time.