Legal information

Privacy Policy

This Privacy Policy explains how DATRA EOOD collects, uses, stores and protects personal data when you visit this website, contact us or send a project inquiry. It is written with reference to Regulation (EU) 2016/679 (GDPR), Bulgarian data protection law and applicable ePrivacy rules.

1. Scope of this policy

This policy applies to personal data processed when you use the DATRA website, submit a contact form, send us an email, call us or otherwise communicate with us in relation to our services. It does not cover websites, platforms or services operated by third parties.

2. Personal data we process

Depending on how you interact with us, we may process the following categories of personal data:

  • Identification and contact data, such as name, company name, email address, phone number and business role.
  • Inquiry and communication data, such as project description, messages, attachments you choose to send and records of correspondence.
  • Technical data, such as IP address, browser type, device information, language preference, pages visited, approximate location derived from technical data and server logs.
  • Cookie and analytics data, where applicable and subject to the Cookie Policy and your browser or consent settings.
  • Business relationship data, such as information needed to prepare proposals, respond to requests, manage negotiations or perform pre-contractual steps.

3. Sources of personal data

We usually receive personal data directly from you when you complete a form, send us a message, call us or provide information during business discussions. We may also receive limited technical data automatically when your device connects to the website.

4. Purposes and legal bases

We process personal data only when there is a lawful basis under the GDPR. The main purposes and legal bases are:

  • Responding to inquiries, preparing project discussions and taking pre-contractual steps at your request, based on Article 6(1)(b) GDPR.
  • Managing business communication, maintaining website security, improving our website and protecting our legitimate business interests, based on Article 6(1)(f) GDPR.
  • Complying with legal, accounting, tax, regulatory or court obligations, based on Article 6(1)(c) GDPR.
  • Sending optional communications or using non-essential cookies where consent is required, based on Article 6(1)(a) GDPR. You may withdraw consent at any time.
  • Establishing, exercising or defending legal claims, based on legitimate interests or applicable legal requirements.

5. Contact forms and project inquiries

When you submit a contact form, we use the information you provide to review your request, contact you, clarify project requirements and, where relevant, prepare a proposal or continue business communication. Please do not include special categories of personal data unless strictly necessary.

6. Cookies and website technologies

We may use cookies and similar technologies to operate the website, remember preferences, understand aggregated usage and maintain security. More information is available in our Cookie Policy. Where required by law, non-essential cookies are used only with consent.

7. Recipients and processors

We may share personal data only where necessary and proportionate with the following categories of recipients:

  • Hosting, IT, email, analytics, security and website maintenance providers acting as processors under appropriate contractual safeguards.
  • Professional advisers, accountants, auditors, insurers, banks, logistics or technical partners where needed for business operations.
  • Public authorities, courts, regulators or law enforcement bodies where disclosure is required by law or necessary to protect legal rights.
  • Project partners or subcontractors only when this is necessary for discussing or delivering a requested project and subject to appropriate confidentiality expectations.

8. International transfers

Where personal data is transferred outside the European Economic Area, we use an appropriate GDPR transfer mechanism, such as an adequacy decision, Standard Contractual Clauses or another safeguard permitted by law. We aim to keep website and business processing within the EEA where reasonably possible.

9. Retention periods

We keep personal data only for as long as necessary for the purposes for which it was collected, including legal, accounting and dispute-resolution requirements.

  • Website server logs are normally kept for a limited security and troubleshooting period.
  • Contact form and inquiry data is kept for the time needed to respond and manage the business discussion, and longer if a project relationship starts.
  • Contract, accounting and tax records are kept for the periods required by applicable law.
  • Data processed on the basis of consent is kept until consent is withdrawn or the relevant purpose ends, unless another lawful basis applies.

10. Your GDPR rights

Subject to the conditions and limits set by law, you have the following rights in relation to your personal data:

  • Right of access to your personal data and information about how it is processed.
  • Right to rectification of inaccurate or incomplete personal data.
  • Right to erasure where the data is no longer needed or processing is unlawful.
  • Right to restriction of processing in certain cases.
  • Right to data portability where processing is based on consent or contract and carried out by automated means.
  • Right to object to processing based on legitimate interests, including profiling based on such interests.
  • Right to withdraw consent at any time where processing is based on consent.
  • Right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects.

11. How to exercise your rights

You can exercise your rights by contacting us at the email address shown on this page. We may need to verify your identity before responding. We aim to respond within one month, unless the request is complex or numerous, in which case the GDPR allows an extension.

12. Complaints to a supervisory authority

If you believe that your personal data has been processed unlawfully, you have the right to lodge a complaint with a supervisory authority. In Bulgaria, the competent authority is the Commission for Personal Data Protection (CPDP), address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria, website: www.cpdp.bg.

13. Security

We apply appropriate technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration or disclosure. No website or electronic communication can be guaranteed to be completely secure, so please send only information necessary for your inquiry.

14. Children

Our website and services are intended for business and professional users. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can take appropriate action.

15. Automated decision-making

We do not use personal data collected through this website for automated decision-making or profiling that produces legal effects or similarly significant effects for individuals.

16. Changes to this policy

We may update this Privacy Policy when our processing activities, website functionality or legal requirements change. The latest version will always be available on this page.

Privacy contact

For questions about this Privacy Policy or to exercise your rights, contact DATRA EOOD at info@datraagro.com.