Information about the personal data controller
Score Twins Ltd., a company registered under the Commerce Act of the Republic of Bulgaria, UIC 207707884, with registered office and business address in Bulgaria, Sofia 1404, Triaditsa district, residential complex Manastirski Livadi 177, entrance D, floor 3, apartment 1.
We process your personal data on the following legal grounds:
The contract concluded between you and us, in order to fulfil our obligations under it;
Your explicit consent – the purpose is specified in each individual case;
A legal obligation applicable to us.
In the following paragraphs you will find detailed information about the processing of your personal data depending on the legal basis on which we process it.
We process your personal data in order to fulfil our contractual and pre-contractual obligations and to exercise our rights under the contracts concluded with you.
Purposes of the processing:
Identifying you;
Managing and fulfilling your request and performing the concluded contract;
Preparing an offer for entering into a contract;
Preparing and sending statements/invoices for the services you use with us;
Ensuring the necessary overall service to you and collecting amounts due for services used;
Keeping correspondence in relation to orders, processing of requests, reporting of problems, etc.;
Notifying you of anything related to the services you use with us;
Establishing and/or preventing unlawful actions or actions that contradict our terms and conditions for the respective services.
Data we process on this basis:
On the basis of the contract concluded between you and us, we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:
Contact details – e-mail address, telephone number and others;
Identification data – full name, delivery address, e-mail address;
Other feedback we receive from you;
Information from your actions on our website.
Processing the above personal data is mandatory for us so that we can conclude and perform the contract with you. Without providing these data, we would not be able to fulfil our obligations under the contract.
We disclose your personal data to third parties, with our main goal being to offer you high-quality, fast and comprehensive service. We do not provide your personal data to third parties before ensuring that all technical and organisational measures for protecting these data have been taken and we strive to exercise strict control over the fulfilment of this objective. In this case, we remain responsible for the confidentiality and security of your data.
We provide personal data to the following categories of recipients (personal data controllers):
Postal operators and courier companies;
Persons engaged by us to maintain equipment, software and hardware used for processing personal data and necessary for the company’s activities;
Persons providing consultancy services in various fields.
When we delete data collected on this basis
Data collected on this basis are deleted 5 years after the termination of the contractual relationship, regardless of whether due to expiry of the contract term, termination or on any other ground.
In some cases, the law may require us to process your personal data. In these cases, we are obliged to carry out the processing, for example:
Obligations under the Law on Measures Against Money Laundering;
Fulfilment of obligations in connection with distance contracts and off-premises contracts under the Consumer Protection Act;
Providing information to the Consumer Protection Commission or to third parties as provided in the Consumer Protection Act;
Providing information to the Commission for Personal Data Protection in relation to obligations under the personal data protection legislation;
Obligations under the Accounting Act and the Tax and Social Insurance Procedure Code, and other related acts in relation to keeping lawful accounting;
Providing information to the courts and third parties in the course of court proceedings in accordance with the requirements of the applicable legislation.
When we delete personal data collected on this basis
Data collected under a statutory obligation are deleted after the obligation for collection and storage has been fulfilled or ceases to exist. For example:
Under the Accounting Act for storage and processing of accounting data – 11 years;
Obligations to provide information to courts, competent state authorities, etc. under the applicable legislation – 5 years.
Disclosure of data to third parties
Where a statutory obligation applies to us, we may provide your personal data to the competent state authority or to a natural or legal person, as required by law.
We process your personal data on this ground only after your explicit, unambiguous and voluntary consent. We will not foresee or apply any adverse consequences for you if you refuse the processing of personal data.
Consent is a separate legal basis for processing your personal data, and the purpose of the processing is indicated in the consent and is not covered by the purposes listed in this policy. If you give us the respective consent, and until its withdrawal or the termination of any contractual relations with you, we may:
Prepare offers for products/services suitable for you by carrying out detailed analyses of your basic personal data.
Detailed analysis is a method that allows us to process large volumes of data through statistical models and algorithms and others that involve the use of personal data, as well as processes of pseudonymisation and anonymisation, in order to extract information about trends and various statistical indicators.
Data we process on this basis:
On this basis we process only the data for which you have explicitly given your consent. The specific data are determined for each individual case. Usually, the data include:
E-mail address;
Name;
Address;
Telephone number;
IP address;
Other data.
Disclosure of data to third parties
On this basis, we may provide your data to marketing agencies, Facebook, Google or similar partners.
Withdrawal of consent
You may withdraw your consent at any time. Withdrawal of consent does not affect the performance of contractual obligations. If you withdraw your consent for processing your personal data for some or all of the purposes described above, we will no longer use your personal data for those purposes. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
To withdraw your consent, you only need to use our website or our contact details.
When we delete data collected on this basis
Data collected on this basis are deleted upon your request or 6 months after their initial collection.
We process your data for statistical purposes, i.e. for analyses in which the results are only aggregated and therefore the data are anonymous. Identifying a specific person from this information is impossible.
Your data may also be anonymised. Anonymisation is an alternative to deleting the data. When data are anonymised, all personally identifiable elements (elements allowing your identification) are irreversibly removed. There is no legal obligation to delete anonymised data, as they are no longer personal data.
For the processing of your personal data we partially use automated algorithms and methods in order to constantly improve our products and services and to adapt them to your needs in the best possible way. This process is called profiling.
To ensure adequate protection of the company’s and its clients’ data, we apply all necessary organisational and technical measures provided for in the Personal Data Protection Act.
The company has established internal rules for preventing misuse and security breaches.
For maximum security when processing, transferring and storing your data, we may use additional protection mechanisms such as encryption, pseudonymisation and others.
It is possible that we receive personal data about you from other users of our services.
Every user of the website enjoys all rights to the protection of personal data under Bulgarian law and the law of the European Union.
You may exercise your rights via the contact form or by sending a message to our e-mail address.
Each user has the right to:
Be informed (regarding the processing of their personal data by the controller);
Access their own personal data;
Rectification (if data are inaccurate);
Erasure of personal data (the “right to be forgotten”);
Restriction of processing by the controller or processor;
Data portability between different controllers;
Object to the processing of their personal data;
Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them;
Seek protection by judicial or administrative means if their rights as a data subject have been violated.
You may request erasure of your personal data if one of the following conditions applies:
The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
You withdraw your consent on which the processing is based and there is no other legal ground for the processing;
You object to the processing and there are no overriding legitimate grounds for the processing;
The personal data have been processed unlawfully;
The personal data must be erased in order to comply with a legal obligation under EU law or the law of a Member State applicable to the controller;
The personal data have been collected in relation to the provision of information society services to children and consent has been given by the person exercising parental responsibility for the child.
You have the right to restrict the processing of your personal data by the controller when:
You contest the accuracy of the personal data. In this case, the restriction of processing is for a period enabling the controller to verify the accuracy of the personal data;
The processing is unlawful, but you do not want the personal data to be erased and request restriction of their use instead;
The controller no longer needs the personal data for the purposes of processing, but you require them for the establishment, exercise or defence of legal claims;
You object to processing, pending verification whether the legitimate grounds of the controller override your interests.
You have the right to receive the personal data concerning you, which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent or on a contractual obligation and the processing is carried out by automated means.
When exercising your right to data portability, you have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
You have the right to object to the controller to the processing of your personal data. The personal data controller is obliged to stop the processing unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. Where you object to processing for the purposes of direct marketing, the processing must be stopped immediately.
Every user has the right to lodge a complaint against unlawful processing of their personal data with the Commission for Personal Data Protection or with the competent court.
We maintain a record of the processing activities for which we are responsible. This record contains all of the following information:
The name and contact details of the controller;
The purposes of the processing;
A description of the categories of data subjects and of the categories of personal data;
The categories of recipients to whom the personal data have been or will be disclosed, including recipients in third countries or international organisations;
Where possible, the envisaged time limits for erasure of the different categories of data;
Where possible, a general description of the technical and organisational security measures.
This Privacy Policy was adopted and approved on 01.05.2025 by Score Twins Ltd.
