Privacy Policy
Last updated: 23.03.2026
1. Who we are
This website is operated by Bulgarian Launch and Compliance ЕООД (“we”, “us”, “our”). We act as the controller of personal data collected through this website.
Controller details
Company name: Bulgarian Launch and Compliance ЕООД
Registered address: Bulgaria, Sofia, Levski G, George Kiumiurdziev 17A
Email: office@blc-bg.com
2. Scope of this Privacy Policy
This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you:
visit our website;
submit an inquiry through our contact or intake forms;
request information about our service packs or custom services;
communicate with us regarding business launch, compliance, coordination, documentation, banking-readiness preparation, or related support services;
interact with cookies or similar technologies on our website.
3. What personal data we may collect
​
Depending on how you interact with the website, we may collect:
Information you provide directly
first and last name;
email address;
phone number;
country of residence or case location;
company name;
VAT number or other business registration details;
selected service pack;
information included in your message, request, or intake form;
documents or business details you voluntarily provide.
Technical and website usage information
IP address;
browser type and version;
device and operating system information;
date and time of access;
pages viewed and interactions on the website;
referral source;
cookie and consent preferences.
Business and onboarding information
If your inquiry progresses into a working relationship, we may also process additional business, compliance, onboarding, invoicing, and service-delivery information relevant to the services requested.
​
4. How we collect personal data
​
We collect personal data:
directly from you when you complete a form, email us, or otherwise contact us;
automatically through cookies, logs, and similar technologies when you use the website;
from service providers or business partners where this is necessary to handle your request or deliver services lawfully.
​
5. Why we process your data and the legal bases we rely on
​
We process personal data only where we have an appropriate legal basis under applicable data protection law.
​
a. To respond to your inquiry and provide pre-contract information
We use your information to review your request, communicate with you, and provide relevant information about the selected service pack or requested services.
Legal basis: taking steps at your request prior to entering into a contract and, where appropriate, our legitimate interests in responding to business inquiries.
​
b. To manage onboarding and service delivery
We use personal data to prepare proposals, coordinate next steps, organise document handling, manage service delivery, and maintain business records.
Legal basis: performance of a contract, pre-contractual steps, and where applicable our legitimate interests in organising our operations.
​
c. To comply with legal obligations
We may process personal data where necessary for accounting, tax, legal, anti-fraud, compliance, or regulatory obligations.
Legal basis: compliance with a legal obligation.
​
d. To maintain website security and integrity
We may process technical and usage data to maintain website functionality, prevent misuse, detect security incidents, and troubleshoot technical problems.
Legal basis: legitimate interests.
​
e. To use cookies or similar technologies
We use essential cookies where necessary for security and core website functionality. Where functional, analytics, or other non-essential cookies are enabled on the website, they will be used only where required by law and only after the relevant visitor has provided consent through the cookie banner.
Legal basis: legitimate interests for strictly necessary technologies and consent for non-essential cookies or similar technologies.
​
6. Legitimate interests
​
Where we rely on legitimate interests, these may include:
handling inquiries efficiently;
organising and documenting communications;
improving our website and service presentation;
maintaining the security and proper functioning of our systems;
protecting our business against misuse, fraud, or technical abuse.
Where required, we balance these interests against your rights and freedoms.
​
7. Who we may share personal data with
​
We do not sell your personal data.
We may share personal data only where necessary and proportionate with trusted service providers and professional recipients, including:
- Wix — website hosting, infrastructure, and site functionality;
- Tally — form collection and intake submissions;
- Notion — internal CRM and request management;
- Make — workflow automation;
- Google Workspace services, including Gmail and Google Drive — business communication, email handling, and document storage;
accountants, legal advisers, consultants, or professional partners where relevant;
competent authorities, regulators, courts, or law enforcement where required by law.
We share personal data only where this is necessary for our operations, service delivery, legal compliance, or protection of our legitimate interests.
​
8. International data transfers
​
Some of our service providers may process personal data outside the European Economic Area. Where this happens, we aim to ensure that appropriate safeguards are used, such as an adequacy decision or appropriate contractual safeguards under applicable law. The European Commission states that where personal data is transferred outside the EEA, special safeguards are required so that the protection travels with the data.
​
9. How long we keep your data
​
We keep personal data only for as long as necessary for the purposes for which it was collected, including to meet legal, tax, accounting, dispute-resolution, and record-keeping obligations.
As a general rule:
general inquiries and form submissions are typically kept for up to 12 months after the last meaningful contact;
where an inquiry progresses into a client relationship, we may retain relevant records for the duration of the relationship and thereafter for as long as necessary for legitimate business, legal, accounting, or tax purposes;
technical and security logs may be retained for a limited period reasonably necessary for security, diagnostics, and system integrity;
cookie preferences may be retained for the period set by the consent tool or browser settings.
​
10. Data minimisation and accuracy
​
We aim to process only the personal data that is relevant and necessary for the purposes described in this Privacy Policy. We also take reasonable steps to keep personal data accurate and up to date where needed. These principles reflect the GDPR’s core requirements, including data minimisation, accuracy, storage limitation, integrity, confidentiality, and accountability.
​
11. Security
​
We use appropriate technical and organisational measures intended to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures may include restricted access, role-based permissions, password protection, secure service providers, and other proportionate safeguards.
No online environment can be guaranteed to be completely secure, but we take reasonable steps appropriate to the nature of the data and the risks involved.
​
12. Your rights
​
Under applicable data protection law, and subject to the conditions and limits of that law, you may have the right to:
- request access to your personal data;
- request correction of inaccurate or incomplete data;
- request deletion of personal data;
- request restriction of processing;
- object to processing based on legitimate interests;
- object to direct marketing, where applicable;
- request portability of data where applicable;
- withdraw consent at any time where processing is based on consent;
lodge a complaint with a supervisory authority.
To exercise any of these rights, please contact us at: office@blc-bg.com
We may need to verify your identity before fulfilling certain requests.
​
13. Complaints
If you believe your personal data has been processed unlawfully, you have the right to lodge a complaint with the competent supervisory authority. In Bulgaria, this is the Commission for Personal Data Protection (CPDP / КЗЛД). The CPDP is Bulgaria’s data protection authority and publishes complaint-related information on its official website.
​
14. Cookies and similar technologies
​
Our website may use cookies and similar technologies to:
ensure the website functions properly;
remember preferences;
support security and fraud prevention;
understand website usage and performance;
support site functionality and integrations.
Essential cookies may be used where they are necessary for the operation, security, and stability of the website. Functional, analytics, or other non-essential cookies, if enabled, will be used only after consent where required by law. Cookies used for non-essential purposes generally cannot be set on first load before consent has been obtained.
​
15. Third-party links
​
Our website may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. You should review their privacy notices separately before providing personal data to them.
​
16. Children
​
This website and our services are intended for business and professional use and are not directed at children. We do not knowingly collect personal data from children through this website.
​
17. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect legal, business, or technical changes. The latest version will always be posted on this page with the updated date.
​
18. Contact
If you have questions about this Privacy Policy or about how we process personal data, you can contact us at:
Bulgarian Launch and Compliance ЕООД
Bulgaria, Sofia, Levski G, George Kiumiurdziev 17A
Email: office@blc-bg.com
​