Privacy Policy

1. Data Controller

The data controller responsible for the personal data described in this Privacy Policy is:

This Privacy Policy applies to personal data processed in connection with visits to the website at sofia-connect.net and the provision of telecommunications and connectivity services by Sofia Connect EAD. It is prepared in accordance with Regulation (EU) 2016/679 (“GDPR”) and the Bulgarian Personal Data Protection Act.

2. Personal Data We Collect

2.1 Contact and Enquiry Data

When you submit a contact form, request a quote, or correspond with us by email or phone, we collect:

• Full name and job title
• Business email address and phone number
• Company name and country
• The content of your message or enquiry

2.2 Service and Billing Data

For customers with an active service agreement, we process:

• Contact details of the Customer’s authorised representatives and NOC contacts
• Billing address and payment reference details (we do not store full payment card numbers)
• Service usage data (traffic volumes, uptime records) for billing and SLA monitoring purposes

2.3 Website and Analytics Data

When you visit our website, we may collect:

• IP address (anonymised where required)
• Browser type, device type, and operating system
• Pages visited, time on page, and referral source
• Cookie identifiers (see Section 8 for our Cookie Policy)

3. Legal Basis for Processing

4. How We Use Your Data

• To respond to your enquiries and provide requested information or quotations.
• To provision, operate, monitor, and bill for contracted services.
• To communicate scheduled maintenance, service alerts, and security notifications relevant to your services.
• To improve the functionality and usability of our website through aggregated analytics.
• To comply with applicable legal and regulatory requirements, including cooperation with lawful requests from competent authorities.
• To send marketing communications where you have explicitly opted in; you may opt out at any time.

5. Data Sharing and Third Parties

We do not sell your personal data to third parties. We may share personal data with:

• Service providers.Carefully selected processors that assist with hosting, analytics, billing software, and CRM systems, all bound by data processing agreements in accordance with GDPR Art. 28.
• Competent authorities. Where required by Bulgarian or EU law, court order, or lawful regulatory request.
• Business transfers. In the event of a merger, acquisition, or sale of all or substantially all of our assets, personal data may be transferred as part of the transaction, subject to equivalent privacy protections.

Where personal data is transferred outside the European Economic Area (“EEA”), Sofia Connect ensures appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission (Art. 46(2)(c) GDPR).

6. Data Retention

Personal data is deleted or anonymised at the end of the applicable retention period unless a longer period is required by law.

7. Your Rights as a Data Subject

Under GDPR, you have the following rights with respect to your personal data:

• Right of Access (Art. 15). You may request a copy of the personal data we hold about you.
• Right to Rectification (Art. 16). You may request correction of inaccurate or incomplete personal data.
• Right to Erasure (Art. 17). You may request deletion of your personal data where there is no overriding legal basis for continued processing.
• Right to Restriction (Art. 18). You may request that we restrict processing of your data in certain circumstances.
• Right to Data Portability (Art. 20). Where processing is based on consent or contract, you may request your data in a structured, machine-readable format.
• Right to Object (Art. 21). You may object to processing based on legitimate interests, including direct marketing.
• Right to Withdraw Consent. Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, submit your request to info@sofia-connect.net. We will respond within one (1) month of receiving your request, which may be extended by up to two (2) additional months for complex requests.

You also have the right to lodge a complaint with the Commission for Personal Data Protection of Bulgaria (CPDP), 2 Professor Tsvetan Lazarov Blvd, Sofia 1592, or with the supervisory authority in your EU member state of habitual residence.

8. Cookie Policy

Our website uses cookies and similar tracking technologies. Cookies are small text files placed on your device to help the website function and provide usage insights.

Cookie Categories

You can manage or withdraw cookie consent at any time through your browser settings or our cookie preference centre. Disabling certain cookies may affect website functionality.

9. Security

Sofia Connect implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include access controls, encryption in transit (TLS), and periodic security reviews. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, as required by GDPR Art. 33 and Art. 34.

10. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. The “Last updated” date at the top of this page indicates when the current version was published. Material changes will be communicated to registered customers by email or website notice.