PRIVACY POLICY

of GIS-INFRA Ltd.
Last updated: 01.12.2025

GIS-INFRA Ltd. (“we”, “the Company”) processes personal data in accordance with Regulation (EU) 2016/679 (GDPR), the Bulgarian Personal Data Protection Act (PDPA), and all applicable national and European legal provisions. This Privacy Policy aims to inform you what data we collect through this website, why we process it, on what legal basis, how long we store it, and what rights you have.

  1. Data Controller

GIS-INFRA Ltd.
UIC: BG203856311
Address: Sofia, 18 Belmeken Str., Entrance A
E-mail: office@gis-infra.bg

Phone: +359 2 44 04 000

The Company is a data controller within the meaning of the GDPR.

  1. What Personal Data We Process

We process only the minimum necessary data related to the use of our website and communication with us. This includes:

2.1. Data provided by the user:

  • first and last name (if entered in a form);
  • email address;
  • phone number;
  • information entered in contact forms or inquiries;
  • data related to a specific request.

2.2. Data collected automatically through the website:

  • IP address;
  • browser and device information;
  • data about visits and page activity (analytics, statistics);
  • cookies and identifiers (see Cookie Policy).

2.3. Data from correspondence:

  • content of messages sent to us;
  • additional information voluntarily provided by you.

We do not collect sensitive personal data (as defined in Article 9 of the GDPR) through this website.

  1. Purposes of Processing Personal Data

We process your data exclusively for the following purposes:

3.1. Administration and response to inquiries

  • to contact you after you submit an inquiry;
  • to provide information about our services.

3.2. Website improvement

  • analysis of website traffic and user behaviour;
  • optimization of content and functionality.

3.3. Security

  • monitoring and prevention of misuse;
  • protection of the website from unauthorized access.

3.4. Compliance with legal obligations

  • accounting, tax, and regulatory requirements.

3.5. Marketing (only with consent)

  • displaying personalized advertising;
  • analyzing campaign effectiveness.

We never use personal data for automated profiling without your consent.

  1. Legal Basis for Processing

Processing is carried out on one or more of the following legal grounds:

  • Consent – when submitting contact forms or accepting analytical and marketing cookies.
  • Legitimate interest – improving security, optimizing the website, preventing fraud.
  • Pre-contractual steps – when you inquire about our services.
  • Legal obligation – when retention of documentation or information is required by law.
  1. Data Retention Periods

We store personal data for reasonable periods of time:

  • Data from contact forms: up to 12 months after the last correspondence.
  • Contract-related data: in accordance with legal requirements (up to 10 years).
  • Technical data (logs): up to 1 year, unless a longer period is justified.
  • Cookie data: according to their type (see Cookie Policy).

After the retention period expires, data is deleted or anonymized.

  1. Sharing of Personal Data

GIS-INFRA Ltd. does not sell, rent, or disclose personal data to third parties for marketing purposes.

Data may be shared only with:

  • IT and hosting service providers;
  • partners supporting the operation of the website;
  • competent authorities – only when legally required.

All partners act as data processors and are bound by data protection agreements.

  1. Data Transfers Outside the EU

As a rule, we do not transfer personal data outside the EEA.
If we use services from providers such as Google or Meta, this may involve data transfers, which are carried out under safeguarded mechanisms — such as Standard Contractual Clauses (SCCs) or the EU–U.S. Data Privacy Framework.

  1. Your Rights as a Data Subject

Under the GDPR, you have the following rights:

  • Right of access to your personal data;
  • Right to rectification of inaccurate or incomplete data;
  • Right to erasure (“right to be forgotten”);
  • Right to restriction of processing;
  • Right to object to processing based on legitimate interest;
  • Right to data portability;
  • Right to withdraw consent at any time;
  • Right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP).

Commission for Personal Data Protection (CPDP)
1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd.
www.cpdp.bg

  1. Data Security

We apply appropriate technical and organizational measures, including:

  • secure servers and encrypted connection (SSL);
  • restricted access to personal data;
  • protocols protecting against unauthorized access;
  • regular audits and maintenance.

However, internet communication cannot be guaranteed as 100% secure, and we apply best practices to minimize risks.

  1. Changes to This Policy

We may update this Privacy Policy to reflect changes in legislation or in the way we process personal data. All updates will be published on our website.

  1. Contact Information

If you have any questions regarding personal data protection or wish to exercise your rights, you may contact us at:

GIS-INFRA Ltd.
Address: Sofia, 18 Belmeken Str., Entrance A
E-mail: office@gis-infra.bg

Phone: +359 2 44 04 000