Privacy policy

We at Studio.bg respect your personal data and want to be GDPR compliant. That is why we have tried to make the information in this Privacy Policy understandable and clear.

Who are we?

Studio.bg Ltd is located in Sofia, Bulgaria. Our office address is ul. "Tintyava" 15-17; 1113 NPZ Dianabad

Studio.bg Ltd is the owner of this website and as such is the controller of your personal data.

Studio.bg provides technology services to businesses around the globe. This website is our marketing tool and generally speaking, any personal data processed on this website is used for marketing purposes as described in this Policy in more detail.

Why do we process your data?

Generally, we use your data for marketing purposes. Please read this section and you’ll understand how we do this.

If you leave a contact request or approach us by email, we’ll use the personal data you’ve provided to contact you regarding your request. In this case, we process your personal data based on our legitimate interest to build client relations with your company.

If you download a case study or a whitepaper from our website, we’ll need to collect your personal data to know who has downloaded our marketing materials and conduct some marketing analytics based on that information. We do that based on our legitimate interest to adhere to effective marketing practices and know how to promote our services in future. The same applies to the information about what website has referred you to us.

Also, we may add your contact information, received from you through our website or by email, together with some publicly available information about you and your company to our CRM system for marketing analytics. We do that based on our legitimate interest to know our clients’ profile and conduct some market analytics as well.

Please keep in mind that you can always withdraw your consent by leaving us a clear note at info [at] studio.bg at any time or by clicking the Unsubscribe button in any email received from us.

Also, you may always object to our processing activities based on legitimate interest and have your data completely erased from all our systems. Just write us about your intent at info [at] studio.bg.

In both cases, we’ll stop the processing of your data as soon as we find your note in our Inbox, which should not take more than a business day.

Please also note that if you withdraw your consent for direct marketing by clicking the Unsubscribe button, we will not delete the rest of your data automatically. But you may request us to do so by sending us an email to the address above.

What information do we process?

Here is a complete list of the personal data we may want to know about you:

• Your name
• Your email
• Your phone number
• The company you work at
• Where your company is located
• Your job title
• The fact that you’ve visited our website
• What website referred you to studio.bg
• Whether you have downloaded any marketing materials from our website
• Your LinkedIn profile address

Most of the information comes directly from you. We could add some information that is not a secret, like your job title or link to your LinkedIn profile, if you’ve made those publicly available.

Who will we share your data with?

Service Providers

We may disclose your data to third-party vendors, service providers, contractors or agents who perform functions on our behalf, such as website management, hosting, technical support and marketing analytics. We’ll make sure that they treat it as protectively as we do.

Where is your data processed?

Your data is processed in Bulgaria, which is part of the EU. Your data will always be safe and under GDPR protection.

We treat your data as protectively as the GDPR requires from the moment we receive it. If for some reason we transfer your data outside of our company, we’ll use appropriate safeguards, such as standard contractual clauses, to ensure personal data does not leave the GDPR scope.

How long will my data be kept?

We will delete your personal data as soon as we no longer have a need or a legal basis to process it. What does it mean?

We’ll always delete your data when we receive a request from you to do so. Please take a look here to learn how to make such a request. In the unlikely event that we are still obliged under the law to keep your data, we’ll inform you about that.

We will not store or otherwise process your data for an “unlimited period” in other cases. If we rely on legitimate interest for processing, your data will be kept as long as we are in a business relationship with you. If we don’t start a business relationship with you, your data will be stored in our systems for a limited time to perform our analytics. In no case will we keep it for more than 1 year – the period necessary for communicating with your company as our potential client, after which we consider old analytics outdated, so your personal data is no longer needed.

Don’t forget that you may always instruct us to delete all the information we have about you as described here.

What are my rights?

We treat all our visitors equally according to the rules offered by the GDPR, which is believed to be the most progressive and extensive piece of privacy legislation as of now.

Your rights are as follows:

• The right to be informed: You have the right to know what is going on with your data.
• The right of access: You have the right to request that we provide you with the information we have about you.
• The right to rectification: You have the right to instruct us to correct your personal data if the information we store is for some reason inaccurate or outdated.
• The right to erasure: You have the right to request that we delete all your data.
• The right to restrict processing: You have the right to ask us to stop processing your data if it is unclear whether we must delete it.
• The right to data portability: You have the right to ask us to transfer your data that we are processing based on your consent to another controller. However, this right will not apply in the case of interaction between you and us, because it is only applicable when personal data is processed based on consent or contract, while we rely on your consent only to provide you with our direct marketing materials.
• The right to object: You have the right to object to our processing based on legitimate interest, as described here.
• Your rights in relation to automated decision making and profiling: You have the right not to be subject to a decision based solely on automated means, if the decision has a legal effect on you or significantly affects you in a similar way. However, we don’t do anything like that.
• The right to withdraw your consent as described here.
• The right to lodge a complaint with a supervisory authority: You have the right to complain either to a supervisory authority in the Member State where you live/work or to the Bulgarian Commission for Personal Data Protection.

For more information about your rights and how to exercise them we recommend visiting this excellent resource from the European Commission, which is available in many languages.

Do you profile me?

If you’ve consented to receive marketing materials from us, we’ll use the information we have about you, as described in this Policy, to provide you with more relevant materials. That’s all the profiling we do.

What about cookies?

What are cookies?

Cookies are small pieces of text that are stored on your device when you visit a website. During your further visits to that website, the information stored in the cookie is sent back to the site. This allows the website to recognize you and tailor its content to your needs.

Why do we use cookies?

Basically, almost every website places some cookies on your device, unless you’ve blocked cookies in your browser.

This may be done for a few reasons.

• Functional – when cookies are used to tailor your experience. For instance, cookies permit:
  • Our website to remember the details you’ve provided when filling in forms – so that you don’t have to enter the same information multiple times.
  • You to share website pages on social networks like Facebook, Twitter and LinkedIn.
• Performance – when cookies are used to analyze how you use our websites and to monitor website performance. This allows us to identify and fix any issues that arise quickly. For example, we use Google Analytics cookies to keep track of which pages are the most popular and to “remember” what a user has done when visiting other pages on the website. We might also use cookies to highlight articles or offerings that we think will be of interest to you based on how you use our website.
• Advertising reasons – when cookies are used to target you with our advertising. We do not allow third-party advertisements on our websites, but we do advertise our offers and services on other sites. Some of the sites on which we advertise may use cookies to store information about offers and services in which you have shown an interest as you browse the web. For example, if you read some articles on the Retail Industry at the Studio.bg website, then this might suggest that you are interested in this topic. The information from those cookies allows the third-party site to display the most appropriate advertisements for you.

How to reject and delete cookies?

Most web browsers automatically accept cookies. However, you do not have to accept cookies and you can reject or block the use of cookies and delete all cookies currently stored on your device. You can find out how to do this for your particular browser by clicking “help” on your browser’s menu, or by visiting this useful resource.

Is my data secured?

Studio.bg LTD is ISO-27001 certified. Therefore we don’t allow any unreliable practices regarding the security of the information we deal with. Consequently, we take all appropriate technical and organizational measures to keep your data safe, as required by the GDPR. Below are examples of how we do that.

• All our employees, consultants or any recipients of your data are bound by confidentiality and are not authorized to process your data for purposes other than those described in this Policy. We take full responsibility for that.
• We follow the Information Security Policy, which is mandatory and applies to all our consultants, contractors, and all other individuals who can have authorized access to information resources.
• Our Information Security Policy applies to all the information stored on physical or electronic data carriers, as well as any software and hardware that we possess or use temporarily.
• All our security practices and documents are reviewed on a yearly basis, approved by the executive management and are implemented throughout the company as well as communicated to all our employees and consultants.
• We conduct mandatory training for all our employees and consultants on privacy and security.
• We ensure authentication and authorization controls are robust and properly treated.
• We continuously gather and analyze data regarding all new and existing threats and vulnerabilities, actual attacks on other organizations, as well as information about the effectiveness of existing security controls.
• Our servers, workstations and internet gateway devices are updated periodically with the latest antivirus definitions that include zero-day anti-malware protection.
• We conduct risk assessment on a yearly basis.

Still have some questions?

You can reach us at info [at] studio.bg, if you:

• Want to know more about the privacy of your information
• Want to make any kind of claim or request with regard to your personal data
• Want to say that we are wrong on any privacy issue
• Want to share your thoughts on how we could make our privacy practices better