Privacy Policy

Last updated: 16.04.2026

1. Data Controller

Defend.bg, based in Sofia, Bulgaria, email: office@defend.bg (hereinafter "Controller").

2. Legal Basis and Purposes of Data Processing

We process personal data on the following grounds under Article 6 of Regulation (EU) 2016/679 (GDPR):

  • Consent (Art. 6(1)(a)) — when submitting inquiries via contact form or consultation request
  • Legitimate interest (Art. 6(1)(f)) — for improving services and website security
  • Performance of contract (Art. 6(1)(b)) — when providing requested services

3. What Data We Collect

  • Contact form data: name, email, phone, company, message
  • Consultation request data: name, email, phone, company, topic, description
  • Technical data: IP address, browser type, operating system (for security and analytics)
  • Cookies: functional cookies for site language preference

4. Data Retention Period

  • Inquiry data: up to 12 months after last communication
  • Technical logs: up to 6 months
  • Cookies: as specified for each cookie

5. Data Recipients

We do not share personal data with third parties, except:

  • When necessary for the performance of a requested service
  • When required by law (by court order or competent authority)
  • To hosting service providers processing data on our behalf with appropriate safeguards

6. Data Subject Rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Erasure / "right to be forgotten" (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Object to processing (Art. 21 GDPR)
  • Withdraw consent at any time
  • Lodge a complaint with the Bulgarian DPA (CPDP): kzld.bg

To exercise these rights, contact us at: office@defend.bg

7. Cookies

The website uses only functional cookies:

  • lang — stores preferred language (1 year)
  • PHPSESSID — session cookie (expires when browser is closed)

We do not use advertising or tracking cookies.

8. Security

We implement technical and organizational measures to protect data, including:

  • SSL/TLS encryption for all communications
  • Rate limiting against brute force attacks
  • Content Security Policy (CSP) headers
  • Regular security audits
  • Limited data access on a "need to know" basis

9. Changes to This Policy

We reserve the right to update this policy. Changes take effect upon publication on this page.

10. Contact

For privacy-related questions: office@defend.bg

Secured Site

Free Consultation

Choose a topic and tell us about your needs. We'll get back within 24 hours.

Your data is protected and will not be shared with third parties.