Privacy Policy
Last updated: 26 May 2026
The Bulgarian version of this document is the authoritative source. Translations are provided for convenience only.
This policy explains how ProIT EOOD processes personal data in compliance with Regulation (EU) 2016/679 (GDPR) and the Bulgarian Personal Data Protection Act.
1. Data controller
The data controller is ProIT EOOD, with its registered office at G.S. Rakovski 145, 1000 Sofia, Bulgaria. For questions regarding the processing of personal data, please contact info@proit.io.
2. Contact for data protection matters
Data protection requests should be sent to info@proit.io. No Data Protection Officer is currently designated.
3. Categories of processed data
We process identification data (name, email, organization), communication content, technical access data for the website, and uploaded documents where applicable. The scope depends on the nature of your interaction with us.
4. Contact form submissions
Through the contact form we collect name, email, organization, message content and interface locale. The legal basis is Art. 6(1)(b) GDPR (pre-contractual measures) and Art. 6(1)(f) GDPR (legitimate interest in handling enquiries). The purpose is to respond to your enquiry. Data is retained only as long as necessary for the respective purpose.
5. File uploads
Uploaded files (PDF, JPEG, PNG, WEBP up to 10 MB) are processed to respond to project enquiries. The legal basis is Art. 6(1)(b) and 6(1)(f) GDPR. Files are retained only for as long as necessary to process the enquiry, unless a statutory retention obligation applies.
6. Server log files
When you visit the website, standard server log data is automatically collected — IP address, timestamp, requested URL, status code, User-Agent. The legal basis is Art. 6(1)(f) GDPR — legitimate interest in operational security and stability. Data is retained only as long as necessary for the respective purpose.
7. Email processing via Microsoft 365
Email communication is processed via Microsoft 365 / Microsoft Graph. Data may be processed within the EU/EEA in accordance with Microsoft's data processing terms. A data processing agreement under Art. 28 GDPR is in place with Microsoft.
8. Hosting provider
The website is operated with technical hosting service providers. Data processing agreements with relevant service providers are used where required. Server locations are selected to comply with GDPR requirements.
9. Cookies and consent
In the current version, the website uses only strictly necessary technical cookies. No analytics or marketing cookies are set without your explicit consent. If optional cookies are introduced, a consent banner will be provided.
10. Data retention
Personal data is retained only for as long as necessary for the stated purpose and then deleted, unless applicable legislation (for example Bulgarian accounting law) requires longer retention.
11. Your rights under the GDPR
As a data subject, you have the right of access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction of processing (Art. 18), data portability (Art. 20) and objection (Art. 21). Where processing is based on consent, you may withdraw it at any time under Art. 7 GDPR without affecting the lawfulness of prior processing. To exercise your rights, contact info@proit.io.
12. Right to lodge a complaint
You have the right to lodge a complaint with the competent supervisory authority. In Bulgaria this is the Commission for Personal Data Protection (Комисия за защита на личните данни — CPDP / КЗЛД), 1592 Sofia, Blvd. Prof. Tsvetan Lazarov 2, www.cpdp.bg (kzld.bg).
13. Updates to this policy
ProIT EOOD may update this policy to reflect legal or technical changes. The current version is always available on the website; the date under 'Last updated' indicates the version.