Projects Services About
Home / Privacy Policy

Privacy Policy

Last updated: 2026-03-08

1. Introduction

AEDIS EOOD ("Aedis", "we", "us", "our") is committed to protecting the privacy of your personal data. This Privacy Policy describes how we collect, use, store, and protect your information when you visit our website aedis.bg and use our services.

Please read this policy carefully. By using our website, you acknowledge the practices described herein.

2. Data Controller

The data controller for your personal data is:

  • Company: AEDIS EOOD
  • UIC: [UIC number]
  • Address: Sofia, Bulgaria
  • Email: office@aedis.bg

3. Data We Collect

We collect the following categories of personal data:

3.1. Data You Provide

  • Contact form: name, email address, phone number (optional), project type, and inquiry description
  • Correspondence: content of messages you send us via email or the contact form

3.2. Automatically Collected Data

  • Technical data: IP address, browser type and version, operating system, screen resolution, browser language
  • Usage data: pages visited, time of visit, session duration, traffic sources
  • Device data: device type (desktop, mobile, tablet), unique device identifier

3.3. Cookies and Similar Technologies

Our website uses the following types of cookies:

  • Strictly necessary: CSRF token for form security, session identifier
  • Functional: theme (light/dark) and language preferences — stored via localStorage in your browser
  • Cookie consent: record of your choice to accept/decline cookies

We do not use tracking cookies, advertising cookies, or third-party cookies for marketing purposes.

4. Processing Purposes

Your personal data is processed for the following purposes:

  • Communication: responding to inquiries submitted via the contact form or email
  • Service delivery: processing requests for construction and architectural services
  • Website improvement: analyzing usage to improve user experience and functionality
  • Security: protecting the website from abuse, unauthorized access, and cyber attacks
  • Legal obligations: compliance with applicable legislation and responding to lawful requests from authorities

5. Legal Basis

We process your personal data on the following legal grounds under Regulation (EU) 2016/679 (GDPR):

  • Consent (Art. 6(1)(a)): when you voluntarily submit your data through the contact form — you provide consent via the GDPR checkbox
  • Performance of a contract (Art. 6(1)(b)): when processing is necessary to provide a requested service or to take steps prior to entering into a contract
  • Legitimate interest (Art. 6(1)(f)): to maintain website security, prevent fraud, and improve our services
  • Legal obligation (Art. 6(1)(c)): when processing is necessary to comply with applicable law

6. Sharing Data with Third Parties

We do not sell, rent, or provide your personal data to third parties for marketing purposes.

Your data may be shared only in the following cases:

  • Hosting providers: servers hosting our website, for technical purposes
  • Legal requirements: when we are legally required to provide data to competent authorities
  • Protection of rights: when necessary to protect our legal rights, property, or safety

7. International Data Transfers

Your personal data is stored and processed on servers located within the European Union. We do not transfer data outside the EEA (European Economic Area) unless appropriate safeguards under GDPR are in place.

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • SSL/TLS encryption on all website connections (HTTPS)
  • CSRF protection on forms to prevent cross-site request forgery
  • Honeypot protection against automated spam
  • Rate limiting to prevent abuse
  • Regular software and security system updates
  • Access control — limited to authorized personnel only

Despite the measures taken, no method of data transmission over the internet is 100% secure. We cannot guarantee absolute security.

9. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

  • Contact form data: 3 months, then automatically deleted
  • Technical data (logs): anonymized within 90 days
  • Cookie data (localStorage): stored in your browser until you delete it
  • Contractual data: in accordance with applicable limitation periods under Bulgarian law

10. Your Rights

Under GDPR, you have the following rights regarding your personal data:

  • Right of access (Art. 15): to obtain confirmation whether we process your personal data and to receive a copy thereof
  • Right to rectification (Art. 16): to request correction of inaccurate or incomplete personal data
  • Right to erasure (Art. 17): to request deletion of your personal data ("right to be forgotten") when there is no longer a legal basis for processing
  • Right to restriction (Art. 18): to request restriction of processing under certain circumstances
  • Right to portability (Art. 20): to receive your data in a structured, machine-readable format
  • Right to object (Art. 21): to object to the processing of your data based on legitimate interest
  • Right to withdraw consent: to withdraw your consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal

To exercise your rights, please contact us at office@aedis.bg. We will respond to your request within 30 days.

11. Complaints

If you believe that the processing of your personal data violates GDPR, you have the right to file a complaint with:

  • Commission for Personal Data Protection (CPDP)
  • Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
  • Website: www.cpdp.bg
  • Email: kzld@cpdp.bg

12. Children

Our website is not intended for children under the age of 16. We do not knowingly collect personal data from children. If we discover that we have collected data from a child under 16 without parental/guardian consent, we will take immediate steps to delete it.

13. Policy Changes

We reserve the right to update this Privacy Policy at any time. Changes take effect from the date of publication on this page. The date of last update is indicated at the beginning of this document.

We recommend that you periodically review this policy for any changes.

14. Contact

For any questions, requests, or concerns regarding the processing of your personal data, please contact us:

We use cookies for traffic analysis and improving our services. See our privacy policy.