Privacy Policy
Effective Date: 31 May 2026
1. Controller
KONDEVS Ltd.
Akad. Petar Dinekov 23, 1415 Sofia, Bulgaria
Email: [email protected]
2. Data We Collect
Contact Form Submissions
When you submit our contact form, we collect:
- Name
- Email address
- Company name (optional)
- Phone number (optional)
- Message content
This data is processed solely to respond to your enquiry. We retain it only as long as necessary to handle your request and any related follow-up correspondence, after which it is deleted.
Website Analytics
Where enabled, we use Cloudflare Web Analytics — a privacy-first analytics service that does not use cookies and does not collect personal data. Only aggregate, anonymous traffic statistics are produced; no individual visitor is identified.
Server Logs
Our hosting provider (Cloudflare) collects standard server access logs, which may include IP addresses, browser type and pages visited. These logs are used for security and performance purposes and are retained according to Cloudflare's data retention policies.
3. Legal Basis for Processing
We process personal data on the following legal bases under the GDPR:
- Consent (Article 6(1)(a)) — when you voluntarily submit the contact form and agree to this policy. You may withdraw your consent at any time (see Section 6).
- Legitimate interest (Article 6(1)(f)) — to operate, secure and maintain the website, prevent abuse, and keep server logs.
4. Data Sharing (Processors)
We do not sell, rent or trade your personal data. We share it only with the service providers (processors) needed to operate the site:
- Cloudflare — hosting, CDN, security and bot protection.
- Resend — email delivery, used to forward contact-form submissions to us.
These processors act on our instructions under data processing agreements and process data in accordance with the GDPR.
5. International Transfers
Some of our processors (including Cloudflare and Resend) are based in the United States and may process personal data outside the European Economic Area (EEA). Where data is transferred outside the EEA, it is protected by appropriate safeguards — such as the European Commission's Standard Contractual Clauses and/or the processor's certification under the EU–US Data Privacy Framework. You can request more information about these safeguards using the contact details below.
6. Your Rights
Under the GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Erase your data ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time, without affecting the lawfulness of processing carried out before withdrawal (Article 7(3))
- Lodge a complaint with a supervisory authority — in Bulgaria, the Commission for Personal Data Protection (Комисия за защита на личните данни), cpdp.bg
To exercise any of these rights, contact us at [email protected].
7. Cookies
This website uses one strictly-necessary, first-party cookie — csrf-token — set when you open the contact page. It protects form submissions against cross-site request forgery, contains no personal data, and expires within one hour. We do not use cookies for tracking, profiling or advertising. Cloudflare may set its own strictly-necessary cookies for security and bot protection (for example, when CAPTCHA verification is enabled on the contact form).
8. Data Security
We implement appropriate technical and organisational measures to protect your personal data, including HTTPS encryption, secure email transmission, and access controls.
9. Changes to This Policy
We may update this privacy policy from time to time. Changes will be posted on this page with an updated effective date.
10. Contact
For privacy-related enquiries, contact us at:
Email: [email protected]