Personal data protection


Below you will find information about the transparency of the personal data we process in conformity with art. 13 of Regulation (EU) 2016/679 (the General Data Protection Regulation). Please read it carefully. For your convenience, the information is divided into sections if you opt to become familiar directly with any particular part thereof.


The controller of personal data is Suprimmo Jsc., Unique Identity Number (UIN): 204775702, seat and address of registered office: fl.5, 19 Yakubitsa St, Lozenets Administrative Area, 1164 Sofia.

You may contact the controller both on the address provided above and on the following email: or phone number: 0700 70 335.


The information, which contains your personal data, will be processed for one or more of the following purposes:

  • Conclusion and performance of contracts within the scope of our principal business;
  • Functioning of our internet site;
  • Direct marketing;
  • Human resources.
  • For your convenience, we provide the whole information regarding the processing of special categories of personal data, the legal basis for processing, the categories of recipients and the terms for the storage for each of specific purpose of processing.


    Personal data, which is processed for the conclusion and performance of the contracts, under which our company is a party, refers to the natural persons, with whom we conclude them, or to the representatives of the legal entities or contact persons, with whom we have contractual relations. The legal basis for the processing of personal data is art. 6, par. 1, letter b of Regulation (EU) 2016/679 performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract. The processed personal data includes the data referring to the identification of the parties under the contract, bank account details, if there is payment to be made, and other data depending on the subject-matter of the particular contract, absolutely necessary for its performance. Personal data may be provided to the data subject, to other bodies or entities only in the cases required by the applicable legislation (such as the National Revenue Agency, law enforcement and security authorities). The services of accounting companies may be used for such processing. The period for the storage of personal data is determined depending on the duration of the contract and the time-barring terms for filing possible claims.


    Do not forget that natural persons may be identified with online identifiers such as internet protocol addresses (IP addresses) and cookies. For the purpose of proper functioning of our site, we use cookies, for which we have provided the necessary information on our web site

    The nature of the data, which is collected via cookies, is IP address, location, reviewed page, type of device. The basis for such processing is your consent art. 6, par. 1, letter a of Regulation (U) 2016/679. Cookies for provision of service, which you have expressly requested, are excluded, as provided in art. 4, par. 4 of the Electronic Commerce Act.

    Categories of recipients may be law enforcement and security bodies within the scope of their authority.

    The data of the registered visitors is deleted if the account is not used for 5 years or until the persons revoke their consent, respectively until they delete such data. You may receive information about the storage of other cookies and how they can be deactivated from our Cookies Policy, which you will find on the link given above.


    With your consent we use your personal data to provide directly or indirectly the services, reputation and initiative of our company and to research the level of satisfaction of our clients from the used services. The legal basis for such processing is the consent of the data subject art. 6, par. 1, letter a of Regulation (U) 2016/679. You have the right to withdraw your consent for the processing of your personal data at any time.

    The categories of personal data we collect refer to a limited scope of personal information, which identifies the person (name, email address) and the consent given by him or her, including the withdrawal of such consent.

    Recipients of such information may be only law enforcement and security bodies within the scope of their authority. We do not transfer such data to third countries.

    The personal data for the purposes of direct marketing is stored until the consent for its processing is withdrawn. After that we store only limited volume of information to prove that there was consent for processing and that it was later withdrawn.


    For the purpose of human resources management, we process personal data of job applicants, current or former employees, representatives and shareholders of the controller. Depending on the nature of personal data, the legal basis on which it is processed is: art. 6, par. 1, letter c and art. 9, par. 2, letter b of Regulation (U) 2016/679 for compliance with a legal obligation to which the controller is subject. Such obligations arise mainly from the Commerce Act and from the Labour Code.

    The processed categories of personal data include: data for identification of natural persons, education and qualification data, health status data, contact details, as well as other data which may be required subject to the labour and social insurance legislation, the application of the tax laws, accounting and reporting, occupational health and safety. The collected data is used only for the above activities and is transferred to third parties only when the applicable law requires that. In such cases, data may be disclosed for example to the National Revenue Agency, General Labour Inspectorate Executive Agency, law enforcement and other public bodies within their authority and competence. The information is not stored outside EU and the European Economic Area.

    The collector provides all necessary technical and organizational measures for the protection of your personal data during the whole period of its storage, which is determined in accordance with the applicable requirements of the labour legislation: 50 years for payrolls for salaries, 3 years for sick leave documentation, 5 years after the termination of the employment contract for the employees job dossier, 6 months for documents for job applicants, with whom employment contracts were not signed.

    The activities related to occupational health and safety are settled through a contract with an occupational health service company under the provisions of Ordinance No. 3 of 25 January 2008 regarding the terms and conditions for the work of the occupational health service companies.


    We remind you that the Member States of the European Union, of the European Economic Area (Iceland, Lichtenstein and Norway) and the Swiss Confederation are NOT third countries. Third countries are all which are not enlisted above.

    If it is required to transfer personal data to recipients in such countries, then the guarantees provided in art. 44 and following of Regulation (U) 2016/679 shall apply. If, the European Commission has not taken decision for the specific country regarding the adequate level of protection, your personal data may be transferred only if this is necessary to perform the contract with you or to take steps prior to entering the contract which you have requested. In all events, the principles of Regulation (U) 2016/679 shall apply for the transfer of personal data in order to protect your rights and freedoms.


    The general data protection regulation provides the following rights for the natural persons regarding their personal data processing:

  • Right of access to your personal data processed by the collector;
  • Right to rectification of inaccurate or incomplete personal data;
  • Right to erasure (right to be forgotten) of personal data, which is unlawfully processed or for which there are no overriding legitimate grounds (expiry of the term for its storage, withdrawn consent, fulfilled initial goal, for which it was collected, etc.);
  • Right to restriction of processing if there is dispute between the data controller and the natural person regarding the legitimacy or accuracy of the processed personal data until such dispute is solved and/or until the legal claims are established, exercised or defended;
  • Right to data portability, when your personal data is automatically processed based on consent or contract. For that purpose, the data is provided in a structured, commonly used and machine-readable format;
  • Right to object personal data processing at any time on grounds relating to your particular situation, if your personal data is processed on the basis of legal interest, public interest or official authorities;
  • Right to object personal data processing for the purposes of direct marketing. You do not need to enclose motives; we will comply with your objection always when it is made on such grounds;
  • Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her. The automated processing we apply is not connected with filly automated decision-making with significant legal or other consequences for you.
  • You may exercise the rights arising from Regulation (U) 2016/679 with written or electronic statement submitted to the data collector. In your application, you shall write down your name, personal number, address and other data, which identifies you as data subject, to describe the concept of your request, specify the form of communication you prefer and the actions you expect as a result of your request. You have to sign your request, write the date of submission and your contact address. These requirements arise from the provisions of articles 37b and 37c of the Personal Data Protection Act. You may use the controllers contact details to send your application. It is good to know that even after removal of your profile or if you have requested erasure of your data, copies of some information from your profile may be still visible under certain circumstances, such as, if you have shared information with social media or other services, or when the preservation of such copies is necessary to observe legal obligations or for legal protection. Due to the technology of information cache, your profile may not become immediately inaccessible to the others.


    If you think that your rights under Regulation (U) 2016/679 are violated, you have the right to submit a claim to the Commission of Personal Data Protection, 2 Prof. Tsvetan Lazarov Blvd, 1592 Sofia, Fax: 029153525,


    When we process your personal data for the purpose of conclusion and performance of contracts with you, the provision of personal data is a required precondition for the conclusion of the contract. If such data is not provided, it will impede the possibility to take steps on claims that are anonymous.

    With your consent, we process your personal data when you voluntarily decide to subscribe for our offers, promotions, latest news, market research. If you do not give your consent for that, it will not be possible for us to know in which offers you show interest and provide you the services specially focused on you.


    Personal data is processed both automatically and manually and is protected with suitable safety measures taking into account the achievements of the technical progress, the costs and expenses for implementation and the nature, scope, context and purpose of such processing. The company introduces suitable administrative, technical, staff and physical measures to protect all personal data we keep against loss, theft or unauthorized use, disclosure or change.


    The processed personal data we receive from you being the data subject. If necessary, in addition, we may have access to publicly accessible registers such as the property or commercial register, but we would not do anything if we do not have contractual or pre-contractual relations with you.


    This personal data protection policy does not cover possible links in our site to other websites. We recommend to read the transparency/privacy policies/statements of the other websites, which you visit.


    Our company has the right to amend or update this personal data protection policy. Any amendment in this personal data protection policy will be published in advance on the official web site of the company.

    You successfully saved this property or selection in your list of "Favorite properties"
    You deleted this property or selection from your list with favourite properties