PRIVACY POLICY
Carbonsafe AD
Last updated: July 2025
1. General Provisions
Carbonsafe AD respects the right to personal data protection of natural persons and is committed to processing such data in a lawful, fair, and transparent manner. This policy aims to inform users of the company’s website about the nature of the personal data processed, the purposes and legal grounds for processing, the retention periods, applicable security measures, data subjects’ rights, and how those rights may be exercised, in accordance with Regulation (EU) 2016/679 (GDPR) and the applicable national legislation.
2. Data Controller
The data controller is Carbonsafe AD, with registered office and management address: Sofia, “Izgrev” residential area, 126 Tintyava Street. For any questions regarding the protection of personal data, you can contact us at: privacy@carbonsafe.bg.
3. Categories of Personal Data
When using the website of Carbonsafe AD, various categories of personal data may be processed depending on how you interact with the website and its functionalities. When you access the website, technical data are collected automatically by your device and browser, including IP address, date and time of access, browser and operating system used, information about the pages you visit, and the actions you perform. These data are necessary to ensure stable and secure operation of the website.
When voluntarily filling in a contact form, we process the identification and contact details you provide, including your name, email address, and message content, for the purpose of responding to inquiries and maintaining communication. If you use the newsletter subscription option, in addition to your name and email address, we collect information about the time of registration, the IP address from which the registration was made, and the confirmation sent in accordance with the Double Opt-In procedure.
Additionally, based on your consent, data collected through cookies and similar technologies may be processed, such as session identifiers, language preferences, and behavioural patterns while using the site. All of the above data are processed in compliance with the applicable legislation, on the basis of legitimate interest, contractual relationship, legal obligation, or explicit consent of the data subject.
4. Purposes and Legal Grounds for Processing
The processing of personal data is carried out for specific, clearly defined, and legitimate purposes, including: ensuring the website’s functionality and security, managing inquiries, providing updated information and newsletters, improving website content and services through user behaviour analysis, and fulfilling legal obligations. Depending on the specific context, processing is based on the data subject’s consent, performance of a contract or pre-contractual measures, legal obligation, or the data controller’s legitimate interest, in compliance with the balance between such interest and the fundamental rights and freedoms of the data subject.
Our legitimate interest lies in ensuring website functionality and security and maintaining effective communication with users.
5. Use of Cookies
The website of Carbonsafe AD uses cookies to ensure its technical functionality, analyze traffic, and enhance user interaction. Strictly necessary cookies are used without requiring consent, whereas analytical and marketing cookies are applied only upon prior consent via the settings banner. Users may withdraw their consent or limit the use of cookies at any time through their browser settings.
6. External Services and Data Transfers
The website may include embedded content from third-party providers, such as YouTube videos or Google Maps. In this context, certain technical data (e.g. IP address and device information) may be transferred to entities established outside the European Economic Area. The primary provider – Google LLC – is certified under the EU-U.S. Data Privacy Framework, which ensures an adequate level of data protection when transferring personal data to the United States.
7. Newsletter Subscription
When subscribing to our newsletter, personal data are collected and processed for the purpose of sending updates, articles, event invitations, or other information related to Carbonsafe AD’s activities. Registration is carried out through a Double Opt-In mechanism to ensure the validity of the consent. Users have the right to unsubscribe at any time via the provided unsubscribe link or by direct contact with the data controller. Based on subscriber behaviour (e.g. email openings, link clicks), analysis is conducted to improve the content and relevance of future messages.
8. Data Retention Periods
Personal data are stored only for the period necessary to achieve the purposes for which they were collected or for the period defined by law. After the relevant period expires, the data are securely deleted or anonymized irreversibly. Messages sent through the contact form are retained until the correspondence is concluded. Data related to newsletter subscriptions are stored until the user unsubscribes or withdraws consent.
9. Security Measures
Carbonsafe AD implements a combination of technical and organizational measures to ensure the confidentiality, integrity, and availability of personal data. These include SSL encryption of traffic, role-based access control, access logging, regular data backups, and staff training on data protection best practices. Access to personal data is restricted to authorized personnel and service providers under contracts ensuring confidentiality and GDPR compliance.
10. Data Subject Rights
Every individual whose personal data are processed by Carbonsafe AD has the right to access, rectify, or supplement their data, the right to erasure (“the right to be forgotten”), the right to restrict processing, the right to object to processing based on legitimate interest, and the right to data portability in a structured, commonly used, and machine-readable format.
Where processing is based on consent, such consent may be withdrawn at any time without affecting the lawfulness of the processing carried out prior to withdrawal.
If you believe your rights have been violated, you have the right to lodge a complaint with the Commission for Personal Data Protection at: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria, or online at www.cpdp.bg.
