1 Introduction
This Privacy Policy governs the conditions under which Asenov Zars Group EOOD, UIC: 201712853 (hereinafter referred to as the Administrator), processes personal data of individuals when using the electronic platform www.borsatrans.com, in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Bulgarian legislation.
2 Administrator Information
Company:Art Deli EOOD
UIC:203558076
Registered office and management address:Blagoevgrad, postal code 2700, "Strumsko-centar" district, Block 19a
3 Categories of Personal Data
We collect the following categories of personal data:
- Identification Data: first name, last name, company name, UIC/Bulstat
- Contact Data: phone number, email address
- Profile Data: username, password
- Payment Data: IBAN, payment information (processed only by certified providers)
- Technical Data: IP address, browser used, device type, cookie data
- Correspondence Data: messages, inquiries, reports
4 Purposes of Processing
We process your data for the following purposes:
- Registration and maintenance of user profile
- Fulfillment of contracts for paid services (subscriptions)
- Issuing invoices and processing payments
- Providing technical support and feedback
- Compliance with legal obligations (e.g., accounting, tax)
- Sending notifications and marketing messages (only with consent)
- Protection against abuse, unauthorized actions, and fraud
5 Legal Basis
Processing is carried out based on:
- Art. 6, par. 1, lit. b) – performance of a contract
- Art. 6, par. 1, lit. c) – legal obligation
- Art. 6, par. 1, lit. f) – legitimate interest (e.g., security, fraud prevention)
- Art. 6, par. 1, lit. a) – consent (for marketing)
6 Data Retention Period
- Data is stored for up to 5 years after termination of the profile or contract
- In case of legal dispute – until the completion of the respective proceedings
- Data processed by consent – until its withdrawal
7 Data Recipients
Your personal data may be provided to:
- Payment operators (e.g., BORICA, Stripe, Paysera), which have their own GDPR obligations
- Accountants and auditors, under confidentiality obligations
- Hosting and IT support providers
- Competent state authorities, when there is a legal basis
Note: BorsaTrans does not store and does not have access to bank card numbers.
8 Data Subject Rights
Every user has the right to:
- Access to their own personal data
- Request correction or erasure ("right to be forgotten")
- Request restriction of processing
- Object to processing when based on legitimate interest
- Data portability to another administrator
- Withdraw given consent
- File a complaint with the Commission for Personal Data Protection
9 Data Security
The Administrator applies technical and organizational measures, including:
- SSL encryption of the website
- 3D Secure protection for payments
- Protected servers and access control
- Confidentiality agreements with third parties
- Regular checks and protection from malicious software
10 Cookies
The website uses "cookies" for the purpose of:
- Improving functionality
- Saving user preferences
- Traffic analysis
Users can manage cookie settings through their browser.
Details are contained in the Cookie Policy.
11 Automated Decision-Making
The platform does not apply automated decision-making, including profiling, that would have legal consequences for users.
13 Policy Changes
This policy may be amended upon changes in legislation or internal processes. The current version will be published on this website.
Effective date: March 1, 2026