+359 888 446 484 contact us

Privacy and Personal Data Protection Policy


This notice aims, in accordance with the information requirements under Art. 13 and Art. 14 of the GDPR (General Data Protection Regulation), to inform you about the personal data processing activities carried out by Stunning Blue LTD, the purposes for which the data are processed, the measures and limits for the protection of the processed data, your rights and the manner in which you can exercise them, in accordance with the requirements of Regulation (EU) 2016/679 of the EU of 27.04.2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter only Regulation 2016/679 or "GDPR") and other applicable acts of the European Union and the Republic of Bulgaria.

1. Data about the administrator and contact information
"Stunning Blue" EOOD is a commercial company, to which the rules provided for in Chapter Thirteen of the Commercial Act apply, with UIC / BULSAT: 208225111
"Stunning Blue" EOOD is the administrator of personal data that is processed in or on the occasion of carrying out the subject of the company's activity.
The address of the company's management is: Sofia, Ilinden district, 7 Sehovo Str., entrance J, apt. 151.
Send your requests to the e-mail address: office@stunning-blue.com.

2. Contact details of the Data Protection Officer
You can contact the company's Data Protection Officer at the following email address: office@stunning-blue.com, and in your message you should indicate the necessary data for your individualization and contact for feedback. Purposes and grounds for processing personal data, categories of processed data

3. The company exercises powers in connection with the exercise of the following activities:
  • Consulting activities (oral and written consultations) in the sectors: tourism, aviation and real estate;
  • Sale and rental of real estate;
  • Real estate valuation;
  • Valuation of intellectual and industrial property;
  • Advertising;
  • Travel agency activities;
  • Preparation of any documents related to the work assigned by the client;
  • Human resources management;
  • Financial and accounting activities
In these cases, the company processes personal data of clients, representatives of clients, contractors and partners; individuals, contractors and representatives of legal entities within the framework of contractual and pre-contractual relations (Art. 6, §1, b. “b” of the Regulation) and/or in the presence of a legitimate interest – grounds under Art. 6, §1, b. “f” of the Regulation). In these cases, the processed data are related to the physical identity of the subject, economic identity, social identity, family identity, data regarding health status and are used for the purposes provided for in the relevant law or other regulatory act, as well as for the fulfillment of the obligations provided for in the concluded contracts.
For the purposes of personnel administration (human resources management) and financial and accounting reporting, the company processes personal data on the basis of Art. 6, §1, b. “c” and Art. 9, §2, b. “b” of the Regulation of job applicants, employees and individuals, contractors and representatives of legal entities, contractors. The categories of processed data are about the physical and social, family and economic identity, data on the judicial history and health status of the persons.
When the company processes data based on the consent of the subject, personal data are processed only if the persons have freely, specifically, informed and unambiguously expressed their consent to the processing.
Data processing is carried out for specific and precisely defined purposes by law, and the data is processed lawfully and in good faith and cannot be further processed in a manner incompatible with these purposes.

4. Categories of data recipients outside the company
The company and its owner do not disclose personal data to third parties and recipients, unless there is a legal basis for receiving the data or the data is not publicly available due to inclusion in a public register.
Outside the cases of public availability of data included in a public register, data recipients, depending on the specific case, may be:
  • State bodies and bodies entrusted with public functions, within the framework of their powers (courts, prosecutor's offices, bailiffs, notaries, other bodies entrusted with public functions, NRA, NSSI, Ministry of Interior, etc.);
  • Banks for the needs of payments made;
  • Courier companies and postal operators - for the needs of correspondence with individuals - data subjects.

5. Data retention period
As a data controller, the company processes data for a minimum period of time, no longer than is necessary in the context of the purposes for which the data were collected or for which these data are further processed, in accordance with the principle of storage limitation
The processed personal data are stored for a period of between 2 months and 50 years, depending on the type of data determining the legal obligation for processing, including their storage.

6. Rights of individuals - data subjects
The measures taken to protect personal data in accordance with the requirements of Regulation 2016/679 are aimed at ensuring the rights of the subjects whose personal data are processed. Where required by applicable law, the interested individual may exercise the following specific rights pursuant to Articles 15-22 of the GDPR:
  • Right of access: The interested individual has the right to access his or her personal data in order to ensure that they are processed in accordance with the law;
  • Right to rectification of inaccurate or incomplete data: The interested individual has the right to request the rectification of inaccurate or incomplete data in order to protect the accuracy of such information and to adapt it to the data processing.
  • Right to erasure (right to be forgotten) if the conditions of Art. 17 of Regulation 2016/679 apply: The interested individual has the right to request the data controller to delete information concerning him or her and to no longer process such data;
  • Right to restriction of processing: The interested individual has the right to request the data controller to restrict the processing of his or her data;
  • Right to data portability, if the conditions of Art. 20 of Regulation 2016/679 apply: The interested individual has the right to request data portability, which means that the interested individual can receive the personal data initially provided in a structured and commonly used format or that the interested individual can request the transfer of the data to another data controller;
  • Right to object, if the conditions of Article 21 of Regulation 2016/679 are met: The interested individual who provides personal data to a data controller has the right to object at any time to the processing of data for a number of reasons specified in the GDPR, without having to justify his decision;
  • Right to be excluded from automated individual decision-making: The interested individual has the right not to be subject to a decision based solely on automated processing, including profiling, if such profiling produces legal effects concerning the interested individual or otherwise significantly affects him;

Where the processing is based on consent as provided for in Article 7 of the GDPR, the data subject may withdraw his or her consent at any time.

You may exercise the above rights by means of a request addressed to the controller (in writing or electronically), in which you indicate which right you wish to exercise, sufficiently individualizing your request and the data to which it relates. The request must be signed and sent to the company's address.

7. Right to complain to the Personal Data Protection Commission or to the court
If you believe that your rights under Regulation 2016/679 have been violated, you may file a complaint with the Personal Data Protection Commission or to the Sofia City Administrative Court.

8. Transfer of personal data to third countries or international organizations
The company does not transfer processed personal data to third countries or international organizations, except in connection with the activities of a travel agency, when such data should be provided to an administration in a third country in connection with the services provided.

9. Personal data protection measures introduced in the company
The internal rules of "Stunning Blue" EOOD for personal data protection measures have introduced measures for effective protection of processed personal data and the possibility of exercising the rights of data subjects provided for in Regulation 2016/679, the full text of which will be provided to you upon your written request addressed to the data protection officer in the company at the company's email address or www.stunning-blue.com.
Additional information on the personal data protection measures in "Stunning Blue" EOOD can be obtained from the data protection officer at www.stunning-blue.com
This privacy policy is the privacy policy of "Stunning Blue" EOOD.

"Stunning Blue" Ltd.