Privacy Policy
Last updated: 14 May 2026
1. Controller
The controller responsible for the processing of personal data on this website (the "Site") is Avenir 2084 LTD, a limited liability company registered in the Republic of Bulgaria, with registered seat in gr. Belene, EU VAT number BG203220530, represented by its Managing Director Dr. Timofeeva. Inquiries related to data protection can be addressed to [email protected]. A Data Protection Officer has not been appointed, as the criteria of Art. 37 of Regulation (EU) 2016/679 (GDPR) are not met; the Managing Director acts as the responsible contact for all data protection matters.
2. Scope
This Privacy Policy describes how Avenir 2084 LTD collects, uses, stores and protects personal data when visitors browse the Site, contact the company through the contact form or other electronic channels, and when prospective or existing clients exchange information for the purposes of commercial offers and service delivery. The Policy is prepared in accordance with the GDPR, the Bulgarian Personal Data Protection Act (Закон за защита на личните данни — ZZLD) and other applicable Bulgarian and EU legislation.
3. Categories of personal data processed
Three main categories of personal data are processed through the Site. The first concerns technical data automatically transmitted by the visitor's browser, such as IP address (truncated where technically possible), device and browser type, operating system, referring URL, language settings, date and time of access, and pages visited. The second concerns contact form data, in particular the name, e-mail address, and any company name, telephone number or message content that the visitor voluntarily provides when submitting an inquiry. The third concerns business communication data generated during subsequent correspondence, including signed proposals, contracts, invoices, payment references and project-related communication.
Avenir 2084 LTD does not knowingly collect special categories of personal data within the meaning of Art. 9 GDPR, and does not collect data from individuals known to be under the age of 16.
4. Purposes and legal bases
Purpose
Categories of data
Legal basis (GDPR)
Operating the Site, ensuring its security and stability
Technical data, strictly necessary cookies
Art. 6(1)(f) — legitimate interest in a secure and functioning Site
Responding to inquiries received via the contact form or e-mail
Contact form data
Art. 6(1)(b) — pre-contractual steps; Art. 6(1)(f) where no contract follows
Preparing, signing and performing service contracts
Contact form and business communication data
Art. 6(1)(b) — performance of a contract
Issuing invoices, accounting and tax compliance
Business communication and billing data
Art. 6(1)(c) — compliance with legal obligations under Bulgarian tax and accounting law
Analytics and audience measurement (if enabled)
Technical data, analytics cookies
Art. 6(1)(a) — consent given via the cookie banner
Defence against legal claims
All of the above where applicable
Art. 6(1)(f) — legitimate interest
Avenir 2084 LTD does not use personal data collected via the Site for direct marketing through newsletters or commercial e-mailings, and does not operate a subscription mailing list.
5. Cookies and similar technologies
The Site uses cookies and comparable technologies as described in detail in the separate Cookie Policy. Strictly necessary cookies are stored on the basis of the legitimate interest in a functioning website. Analytics, marketing or other non-essential cookies are activated only after explicit consent given through the cookie consent banner. Consent can be withdrawn at any time with effect for the future, by re-opening the cookie settings on the Site.
6. Recipients and processors
Personal data may be disclosed to a limited circle of recipients strictly necessary for the operation of the Site and the provision of services. These typically include the hosting and infrastructure provider operating the technical environment of the Site, the e-mail provider used for [email protected] correspondence, the accounting service provider responsible for invoicing and tax filings, and, where applicable, advisors bound by professional secrecy. Each external processor acts on the basis of a written data processing agreement in accordance with Art. 28 GDPR. Personal data is not sold, rented or otherwise made available to third parties for their own marketing purposes.
7. International data transfers
Avenir 2084 LTD primarily processes personal data within the European Economic Area. Where a service provider is located in a third country, transfers take place only if an adequacy decision of the European Commission is in place or, in the absence of such a decision, on the basis of the Standard Contractual Clauses adopted by the European Commission and supplementary technical and organisational measures. Information on specific transfers and safeguards can be obtained on request at [email protected].
8. Retention periods
Technical log data is retained for a short period strictly necessary for security and incident analysis and is then deleted or anonymised. Inquiries received through the contact form that do not lead to a contract are retained for a reasonable period necessary to evaluate and respond to the request, and then deleted, unless a longer period is justified by potential legal claims. Contractual and accounting documentation is retained for the periods required by Bulgarian tax and accounting law (in particular ten years for accounting registers and primary accounting documents, and five years for other documents, as applicable). After expiry of the retention periods, personal data is deleted or irreversibly anonymised.
9. Rights of the data subject
Each data subject has the rights granted by Articles 15 to 22 GDPR, in particular the right of access to personal data, the right to rectification of inaccurate or incomplete data, the right to erasure ("right to be forgotten"), the right to restriction of processing, the right to data portability and the right to object to processing based on legitimate interest. Where processing is based on consent, the consent can be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.
Requests can be addressed to [email protected]. To protect the data of the requesting person, Avenir 2084 LTD may ask for additional information necessary to verify identity. Each request is handled within one month of receipt; this period can be extended by two further months in particularly complex cases, in which case the data subject is informed of the extension and the reasons for it.
10. Right to lodge a complaint
A data subject who considers that the processing of personal data infringes the GDPR or the ZZLD has the right to lodge a complaint with a supervisory authority, in particular with the Commission for Personal Data Protection of the Republic of Bulgaria (Комисия за защита на личните данни — KZLD), 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria, website https://www.cpdp.bg.
11. Security measures
Avenir 2084 LTD implements appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, alteration or destruction. These measures include, where appropriate, encrypted transport (TLS ), restricted access on a need-to-know basis, segregation of operational and accounting environments, secure password practices, regular review of providers and contractual data protection commitments. Despite these measures, transmission of information over the internet cannot be guaranteed to be entirely secure; data subjects are encouraged to use up-to-date software and to avoid sending sensitive information through unencrypted channels.
12. Changes to this Privacy Policy
This Privacy Policy may be updated from time to time to reflect legal, technical or organisational changes. The current version is always available on the Site, with the date of the latest update indicated at the top of the document. Material changes affecting existing data subjects will be communicated by appropriate means.