Legal information

Privacy Policy

Last updated: 14 July 2026

1. Data controller

The data controller for personal data collected through botorngroup.com is:

Company
BOTORN KLIMA OOD · БОТОРН КЛИМА ООД
Company ID (EIK)
207289940
VAT
BG207289940
Registered address
1 13th March Blvd, floor 1, apt. 1, Sredets District, 1142 Sofia, Bulgaria

For questions about personal data processing, contact us at [email protected].

2. Scope

This policy explains how BOTORN KLIMA OOD processes personal data when you visit the website and submit an inquiry through the contact form. It is applied in accordance with Regulation (EU) 2016/679 (GDPR) and the Bulgarian Personal Data Protection Act.

3. What data we collect

We may process the following categories of personal data:

  • Contact form data: name, email address, phone number (optional), company name (optional), city or region of the facility (optional), inquiry type (optional), and message content.
  • Technical data: IP address, browser type, operating system, language settings, date and time of access, referring URL, and similar information automatically transmitted by your browser or our server when you visit the site.
  • Cookies and similar technologies: strictly necessary technical cookies required for the website and contact form to function correctly. The site does not use third-party marketing or analytics cookies.

4. Purposes and legal bases

We process personal data for the following purposes:

  • Responding to inquiries and preliminary project communication — based on your consent given when submitting the form and/or our legitimate interest in responding to a business inquiry (Art. 6(1)(a) and (f) GDPR).
  • Ensuring website security and stability — based on our legitimate interest in protecting the website, infrastructure, and data from misuse (Art. 6(1)(f) GDPR).
  • Compliance with legal obligations — where required by applicable law (Art. 6(1)(c) GDPR).

5. Source of data

Contact form data is provided directly by you. Technical data is generated automatically when you visit the site or submit the form.

6. Recipients and processors

Access to personal data is limited to authorised employees and representatives of BOTORN KLIMA OOD who need it to respond to your inquiry.

We may use email and hosting service providers (processors) to send and receive contact form messages. They process data only on our instructions and under appropriate data protection safeguards.

We do not sell or rent personal data to third parties.

7. Transfers outside the EU/EEA

We aim to process personal data within the European Union or European Economic Area. If we use a provider outside the EU/EEA, we will ensure appropriate safeguards under GDPR, including standard contractual clauses where applicable.

8. Retention periods

  • Contact form inquiries: we retain data until the communication regarding the specific inquiry is concluded and for up to 24 months after the last contact, unless a contractual relationship or legal obligation requires longer retention.
  • Technical logs: we retain them for up to 12 months, unless a longer period is required to investigate a security incident.

After the relevant period expires, data is deleted or anonymised unless the law requires otherwise.

9. Your rights

Subject to GDPR conditions, you have the right to:

  • access your personal data;
  • request rectification of inaccurate or incomplete data;
  • request erasure (“right to be forgotten”);
  • request restriction of processing;
  • object to processing based on legitimate interests;
  • withdraw consent at any time without affecting the lawfulness of processing before withdrawal;
  • receive your data in a structured, machine-readable format where applicable;
  • lodge a complaint with a supervisory authority.

To exercise your rights, email [email protected]. We will respond within the time limits set by GDPR.

10. Supervisory authority

You may lodge a complaint with the Commission for Personal Data Protection (CPDP): www.cpdp.bg, 2 Prof. Tsvetan Lazarov Blvd, 1592 Sofia, Bulgaria.

11. Security

We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or alteration. No system can guarantee absolute security, but we limit access to data and use encrypted connections (HTTPS) when communicating with the website.

12. Children

The website is aimed at business clients and professional contacts. We do not knowingly collect personal data from individuals under 16. If you believe we have received such data, please notify us so we can delete it.

13. Changes to this policy

We may update this policy when our services, legal requirements, or data processing practices change. The current version is always published on this page with the date of the latest update.