regupol-euromax-logo

Privacy Policy

PRIVACY POLICY

Effective from: May 7, 2026 Last updated: May 7, 2026

This Privacy Policy governs the manner in which “EUROMAX” EOOD (trademark EuroMax) collects, uses, maintains, protects, and discloses personal data of individuals when using the website euromax.bg, in accordance with the requirements of Regulation (EU) 2016/679 (General Data Protection Regulation — “GDPR”) and the Personal Data Protection Act (PDPA).

1. Personal Data Controller

EUROMAX EOOD (trade name EuroMax)

“EUROMAX” EOOD is a data controller within the meaning of Art. 4, item 7 of the GDPR.

For questions related to the processing of your personal data and the exercise of rights under this Policy, you can contact us at: office@euromax.bg.

2. What Personal Data We Collect

The site does not require user profile registration. “EUROMAX” EOOD collects only the minimum necessary personal data, and only in the following cases:

2.1. When placing an order

  • Full name
  • Email address
  • Contact phone number
  • Delivery address
  • Billing address (if different)
  • Recipient company details, if the order is issued to a legal entity (name, UIC, VAT No., MOL)

2.2. Upon inquiry via contact form

  • Name
  • Email address
  • Phone number (optional)
  • Message content

2.3. Upon subscription to a newsletter

  • Email address

2.4. Technical data (automatically collected)

  • IP address
  • Device type and operating system
  • Browser type and version
  • Identifiers from cookies and similar technologies
  • Date, time, and duration of visit
  • Referring page

Detailed information regarding cookies is described in our separate Cookie Policy.

3. Legal grounds for processing

“EUROMAX” EOOD processes personal data on the following legal grounds according to Art. 6, para. 1 of the GDPR:

Legal BasisApplication
Art. 6, para. 1, (b) — performance of a contractOrder processing, delivery, returns
Art. 6, para. 1, (c) — legal obligationIssuing accounting documents, invoices, responses to NRA and NSSI
Art. 6, para. 1, (f) — legitimate interestSite security, fraud prevention, basic analytics
Art. 6, para. 1, (a) — explicit consentNewsletter, marketing messages, non-essential cookies

Where processing is based on consent (point “a”), you have the right to withdraw it at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

4. Purposes of Processing

The collected data is processed for the following purposes:

  • Acceptance, processing, and delivery of orders placed
  • Communication with customers regarding orders, deliveries, complaints, warranty claims, and technical consultation
  • Issuing invoices, receipts, and other accounting documents
  • Compliance with regulatory requirements (accounting, tax, consumer, and labor legislation)
  • Improving the functionality, stability, and security of the website
  • Sending commercial messages, promotions, and information about new products — only with explicitly given consent
  • Protection of legal claims in case of disputes

5. Recipients and third parties

“EUROMAX” EOOD provides personal data only when necessary to fulfill the above-mentioned purposes and to the following categories of recipients:

  • Courier and logistics companies — for order delivery (receive: name, phone, delivery address)
  • Banks and payment operators — for payment processing
  • External accounting services — for issuing accounting and tax documents
  • IT and hosting service providers — who are bound by a confidentiality agreement
  • Analytical service providers (e.g., Google Analytics) — only in aggregate/pseudonymized form, and only with consent for cookies
  • State institutions (NRA, NSSI, CPC, CPDP, law enforcement) — only when required by law

All our data processors enter into a contract with us under Art. 28 of the GDPR and undertake to comply with appropriate technical and organizational protection measures.

5.1. Data transfer outside the EU/EEA

Some of our technical partners (e.g., Google) may process data in third countries, including the USA. In such cases, the transfer is carried out on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission or an adequacy decision, ensuring a level of protection equivalent to that in the EU.

6. Retention periods

Data CategoryRetention PeriodBasis
Order data, invoices, accounting documents10 years from the end of the accounting yearArt. 12, para. 1 of the Accountancy Act
Contact form data6 months after completion of communicationLegitimate interest
Newsletter subscriber dataUntil withdrawal of consentConsent
Technical security logsUp to 12 monthsLegitimate interest
Complaints and warranty claim data5 years after completionArt. 110 of the Obligations and Contracts Act

After the expiration of the relevant periods, the data is permanently deleted or irreversibly anonymized.

7. Rights of data subjects

According to the GDPR (Art. 15–22), you have the following rights:

  1. Right of access (Art. 15) — to receive a copy of the data we process about you
  2. Right to rectification (Art. 16) — to request correction of inaccurate or incomplete data
  3. Right to erasure — “right to be forgotten” (Art. 17) — where grounds exist
  4. Right to restriction of processing (Art. 18)
  5. Right to object to processing (Art. 21), including against direct marketing
  6. Right to data portability (Art. 20) — structured, machine-readable format
  7. Right to withdraw your consent at any time when processing is based on consent
  8. Right not to be subject to a decision based solely on automated processing, including profiling (Art. 22)

7.1. How to exercise your rights

Applications are submitted in writing to: – Email: office@euromax.bg – Address: Druzhba 1, 41 Prof. Tsvetan Lazarov Blvd., 1592 Sofia

We respond within 30 calendar days of receiving the application. In complex cases, the period may be extended by up to another 60 days, of which we will notify you in a timely manner.

The service is free of charge. In case of clearly unfounded or excessive applications, we have the right to refuse or impose a reasonable fee.

8. Data Security

“EUROMAX” EOOD applies appropriate technical and organizational measures for the protection of personal data, including:

  • Encrypted HTTPS/SSL connection across the entire site
  • Controlled employee access on a “need-to-know” basis
  • Regular updates of software systems
  • Protection against unauthorized access, leakage, alteration, or destruction
  • Backups and recovery systems
  • Confidentiality agreements with all employees and subcontractors

In the event of a security breach that results in a risk to the rights of individuals, we will notify the Commission for Personal Data Protection within 72 hours according to Art. 33 of the GDPR, and in case of high risk — also the affected persons according to Art. 34 of the GDPR.

9. Cookies

The website euromax.bg uses cookies for:

  • Proper functionality (necessary cookies — without consent)
  • Remembering user preferences
  • Analysis of traffic and site behavior
  • Improving user experience.
  • Marketing and targeting (only with consent)

Detailed information about all cookies, their purposes, providers, and retention periods is described in our Cookie Policy.

Upon your first visit to the site, you can provide, withdraw, or change your consent via the cookie banner.

10. Protection of children’s data

The website of “EUROMAX” EOOD is not directed at persons under the age of 16. We do not knowingly collect personal data from children. If we determine that we have collected data from a person under 16 without parental or guardian consent, we will delete it immediately.

11. Changes to the Policy

“EUROMAX” EOOD reserves the right to periodically update this Privacy Policy. The current version is always available at euromax.bg/politika-za-poveritelnost/.

In case of significant changes, we will notify you via a prominent notice on the site or, if possible, by email.

The “Last Updated” date at the top of the document reflects the current version.

12. Complaints to a supervisory authority

If you believe that your rights under the GDPR have been violated, you have the right to lodge a complaint with:

Commission for Personal Data Protection (CPDP)

  • Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
  • Phone: 02/91-53-518
  • Email: kzld@cpdp.bg
  • Website: www.cpdp.bg

13. Contacts

EUROMAX EOOD (trade name EuroMax)

Important: This Policy has been prepared in accordance with Regulation (EU) 2016/679 (GDPR), the Personal Data Protection Act (PDPA), and applicable Bulgarian legislation as of May 7, 2026. We recommend a final review by a licensed attorney specializing in GDPR and e-commerce before publication.