Personal data protection

Last updated: 20.04.2026 | FESPA Bulgaria

1. Introduction

Fespa Bulgaria (hereinafter referred to as the "Company", "we", "us" or "our") is committed to protecting your personal data and complying with applicable data protection legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council (GDPR) and the Personal Data Protection Act (PDPA).

This page aims to inform you about the rights you have as a data subject and the way in which the Company protects your personal information.

2. Personal data administrator

The administrator of your personal data is:

FESPA Bulgaria

2E Academician Ivan Geshov Blvd., Serdika Business Center Bldg., 1303 Sofia, Bulgaria

CRN: 176093927

Email: office@fespa.bg

Phone: +359 87 8100 149

3. What personal data do we collect?

Depending on how you interact with us, we may process the following categories of personal data:

3.1 Data provided by you

  • Three names and contact details (email address, phone number)
  • Correspondence or billing address
  • Company details (when registering as a corporate client)
  • Information from correspondence with us (inquiries, requests, complaints)
  • Data for participation in events, exhibitions and seminars

3.2 Automatically collected data

  • IP address and technical device data
  • Cookies and tracking identifiers (see Cookie Policy)
  • Website behavior data (pages visited, duration of visit)

4. Purposes and legal grounds for processing

We process your personal data on the following legal grounds:

  • Performance of a contract – to process your requests, orders and membership relationships
  • Legal obligation – to comply with accounting, tax and other legal requirements
  • Legitimate interest – to improve our services, prevent fraud and maintain the security of our systems
  • Consent – ​​to send marketing communications and use optional cookies (you can withdraw your consent at any time)

5. Data retention period

We store your personal data for the period necessary to achieve the purposes for which it was collected or to comply with legal obligations. Specifically:

  • Contractual data: up to 5 years after the termination of the contractual relationship
  • Accounting documents: 10 years according to the Accountancy Act
  • Marketing data: until withdrawal of consent or request for deletion
  • Cookie data: according to the period specified in the Cookie Policy

6. Recipients of the data

We may share your personal data with:

  • Service providers (IT support, accounting, courier services) – in the presence of a data processing contract
  • Competent authorities – in the presence of a legal obligation (NA, courts, police)
  • FESPA International – in the presence of participation in international programs and membership

We do not sell or rent your personal data to third parties for their marketing purposes.

7. Data transfer outside the EU/EEA

If it is necessary to transfer data to third countries outside the European Economic Area, we guarantee an adequate level of protection through standard contractual clauses approved by the European Commission or another applicable transfer mechanism.

8. Your rights

As a data subject, you have the following rights under the GDPR:

  • Right of access – to receive a copy of your personal data
  • Right to rectification – to request correction of inaccurate or incomplete data
  • Right to erasure ('right to be forgotten') – where there are legal grounds
  • Right to restriction of processing – where the accuracy or lawfulness of the processing is contested
  • Right to data portability – to receive the data in a machine-readable format
  • Right to object – to processing based on legitimate interest or for direct marketing
  • Right to withdraw consent – ​​at any time, without affecting the lawfulness of the previous processing

To exercise your rights, please contact us at: office@fespa.bg

9. Right to appeal

If you believe that the processing of your personal data violates applicable law, you have the right to file a complaint with the Personal Data Protection Commission (PDPC):

Commission for Personal Data Protection (CPDP)

2 "Prof. Tsvetan Lazarov" Blvd., 1592 Sofia

Tel.: +359 2 915 35 18

Website: www.cpdp.bg

Email: kzld@cpdp.bg

10. Data security

We implement appropriate technical and organizational measures to protect your personal data from unauthorized access, loss, destruction or disclosure. The measures include encryption, access control and regular security reviews.

11. Updates to this information

We may update this page from time to time to reflect changes in our practices or applicable law. We encourage you to review it regularly. In the event of material changes, we will notify you in an appropriate manner.

12. Contact information

For questions related to personal data protection, you can contact us at:

office@fespa.bg

+359 87 8100 149