Skip to content
Tomov Trade
FILE / PRIVACY § PRIVACY

Personal Data Protection Policy

This policy describes how TOMOV-TREYD EOOD processes the personal data of visitors to and counterparties of the tomov.trade website in accordance with Regulation (EU) 2016/679 (GDPR) and the Personal Data Protection Act (PDPA).

Last updated: 2026-07-02 ТОМОВ-ТРЕЙД ЕООД

1. Data controller

The data controller is TOMOV-TREYD EOOD, EIK 120609508, with registered office in Smolyan, „Mogilata“ area, managed by Georgi Nikolaev Tomov. Contact for data-protection matters: e-mail tomov.trade@gmail.com, tel. +359 878 239 022.

For any questions about personal data and these documents, write to tomov.trade@gmail.com or call +359 878 239 022.

2. Categories of personal data

We process only the data you voluntarily provide via the contact form or in written/telephone correspondence:

  • identification data — name;
  • contact data — e-mail, telephone (if provided);
  • content of the inquiry — subject and message;
  • technical data — IP address and access time in server logs (security only).

3. Purposes and legal basis

Processing is carried out only for specific and legitimate purposes:

  • Responding to your inquiry and correspondence — Art. 6(1)(b) GDPR (necessary for performance of a contract or steps at your request prior to a contract);
  • Improving site security and operation — Art. 6(1)(f) GDPR (our legitimate interest);
  • Analytics and statistics (when such scripts are introduced) — only with your consent — Art. 6(1)(a) GDPR. You may withdraw consent at any time.

4. Recipients of the data

Data is processed by authorised employees of TOMOV-TREYD EOOD. We do not pass your personal data to third parties for commercial purposes. Data may be disclosed only where required by law or by a competent state authority. To deliver correspondence we use an e-mail/hosting provider acting as a processor under Art. 28 GDPR.

5. Transfers to third countries

We aim to process data within the European Economic Area. If a provider outside the EEA is used in future, transfers will take place only where an adequacy decision exists or under the Commission's Standard Contractual Clauses (Art. 46 GDPR).

6. Retention periods

Inquiries and correspondence are kept as long as necessary to respond and to fulfil any ensuing obligations, and no longer than 12 months after the correspondence ends, unless a longer retention is required by law (e.g. accounting or tax obligations until expiry of limitation periods). Server logs are kept briefly (up to 30 days) for security purposes.

7. Data-subject rights

To exercise your rights send a written request to the controller described above. We reply within one month (Art. 12(3) GDPR); in case of delay we will inform you of the reasons and the timeframe.

  • right of access — confirmation and a copy of the data processed;
  • right to rectification — correcting inaccurate or incomplete data;
  • right to erasure („right to be forgotten“) in the cases of Art. 17 GDPR;
  • right to restriction of processing — Art. 18 GDPR;
  • right to data portability — to receive data in a structured form — Art. 20;
  • right to object — against processing based on legitimate interest — Art. 21;
  • right to withdraw consent at any time (for consent-based processing).

8. Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with Commission for Personal Data Protection (CPDP), Sofia, 2 Vitosha Blvd., fl. 2; www.cpdp.bg; cpdp@cpdp.bg if you consider that the processing of your personal data infringes the GDPR.

9. Automated decision-making and profiling

We do not carry out automated decision-making, including profiling, producing legal effects or similarly significantly affecting you (Art. 22 GDPR).

10. Information about children

The site is intended for business clients and adult users. We do not knowingly process data of minors. If you believe a child has provided us with data, contact us for immediate erasure.

11. Cookies and electronic communications

Detailed information on the cookies and tracking technologies used is provided in our Cookie Policy. We currently do not use analytics or marketing cookies. Should any be introduced, we will request your prior consent via a consent banner.

12. Security measures

We apply technical and organisational measures to protect personal data: encrypted connection (HTTPS), access control, restricted access to logs, updates and regular security reviews of the systems.

13. Changes to this policy

We reserve the right to update this policy. Changes take effect upon publication on this page. We recommend reviewing it periodically.

For any questions about personal data and these documents, write to tomov.trade@gmail.com or call +359 878 239 022.