Privacy Policy

This Privacy Policy explains how we collect, use, store and protect information received through our website. By accessing the site you accept the practices described here. We process personal data in accordance with the EU General Data Protection Regulation (GDPR), the Bulgarian Personal Data Protection Act (ZZLD) and applicable Bulgarian and European law.

The data controller is "Nikolay Ralev Cleaning and Detailing" EOOD (EIK: 208457857), registered office: 20A Todor Kozhuharov St., Sofia, Bulgaria. For questions about the processing of personal data: [email protected], +359 98 834 0843.

Depending on how you use the site, we may process the following categories of data:

Contact form data — name, email address, phone (optional) and the content of your message. This data is received only when you submit it yourself through a form on the site.

Technical data — IP address, browser and operating system type, visit timestamp, pages visited, referer. This data is logged automatically by the server for security and technical-support purposes.

We process personal data for the following purposes: • Responding to your enquiries and communicating with you — Art. 6(1)(b) GDPR (steps taken at your request prior to entering into a contract) and 6(1)(f) (legitimate interest in replying). • Maintaining, securing and protecting the site — Art. 6(1)(f) GDPR (legitimate interest). • Complying with legal obligations — Art. 6(1)(c) GDPR. • Non-essential cookies — Art. 6(1)(a) GDPR (your explicit consent).

We do not sell personal data to third parties. The following processors act on our behalf under Art. 28 GDPR data-processing agreements:

Cloudflare, Inc. (USA) — invisible protection of contact forms against automated submissions (Cloudflare Turnstile). Transfers to the USA are safeguarded by the European Commission's Standard Contractual Clauses. Details: https://www.cloudflare.com/turnstile-privacy-policy/

Resend (USA) — delivery of emails sent from the contact forms. Transfers to the USA are safeguarded by Standard Contractual Clauses. Details: https://resend.com/legal/privacy-policy

Vercel Inc. (USA) — hosting and delivery of the site. Transfers to the USA are safeguarded by Standard Contractual Clauses. Details: https://vercel.com/legal/privacy-policy

Database provider (EU or USA with SCCs) — storage of site content and form submissions. Access is restricted and secured.

Some processors are established in the USA. Personal-data transfers are based on the European Commission's Standard Contractual Clauses (Decision (EU) 2021/914) and appropriate technical and organisational safeguards, including encryption in transit.

The site uses strictly necessary cookies for functionality and security (including bot protection via Cloudflare Turnstile where that technology is enabled). We do not use advertising or tracking cookies without your prior consent. You can also manage cookies through your browser settings.

Technical logs are retained for approximately 90 days. Contact-form enquiries are kept for up to 24 months from first contact, unless a contractual relationship arises — in that case data is retained as required by applicable accounting and tax law (typically 5–10 years). After the retention period, data is deleted or anonymised.

Under GDPR you have the following rights in relation to your personal data:

• Right of access — to obtain confirmation whether we process your data and a copy of it. • Right to rectification — to request correction of inaccurate or incomplete data. • Right to erasure ("right to be forgotten") — when data is no longer needed. • Right to restriction of processing — under defined conditions. • Right to data portability — to receive your data in a structured, machine-readable format. • Right to object — to processing based on legitimate interest or direct marketing. • Right to withdraw consent — where processing is based on consent. • Right to lodge a complaint with a supervisory authority.

To exercise any of these rights, contact us at the email shown in the "Data controller" section. We respond within one month of receiving the request.

If you believe that the processing of your personal data infringes GDPR, you have the right to lodge a complaint with the supervisory authority — the Bulgarian Commission for Personal Data Protection (KZLD):

Commission for Personal Data Protection (KZLD) Address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria Phone: +359 2 91-53-518 Email: [email protected] Web: https://www.cpdp.bg

We do not make decisions producing legal effects concerning you, or similarly significantly affecting you, based solely on automated processing, including profiling.

We may update this policy from time to time to reflect changes in our practices or applicable law. The current version is always available on this page, and the date of the last revision is shown at the top. We will notify you of material changes by appropriate means.

For questions about this Privacy Policy or about our processing of personal data, please contact us using the details in the "Data controller" section.