Privacy Policy
Effective date: 30 January 2026 · Last updated: 30 January 2026
This Privacy Policy explains how Vaultwynn EOOD (“Vaultwynn”, “we”, “us” or “our”) collects, uses, shares and protects personal data when you visit www.vaultwynn.com (the “Website”), contact us, or engage our marketing services. We are committed to processing personal data lawfully, fairly and transparently in accordance with Regulation (EU) 2016/679 (the “GDPR”) and the Bulgarian Personal Data Protection Act.
1. Who we are
The data controller responsible for your personal data is:
Vaultwynn EOOD
ul. Nezavisimost 19, fl. 3
5000 Veliko Tarnovo, Bulgaria
Email: privacy@vaultwynn.com
Phone: +359 62 615 040
Company registration number (EIK): 207654321
VAT number: BG207654321
2. Personal data we collect
We collect personal data that you provide directly, that is generated as you use the Website, and that we receive from third parties acting on our behalf:
- Information you give us — when you complete our contact form, email us or engage our services, including your name, company, email address, telephone number, the service you are interested in, budget range and any message content.
- Client & project data — information necessary to deliver our services, including billing details and any materials you share with us.
- Technical & usage data — IP address, browser type, device information, pages viewed and referring URLs, collected through cookies and similar technologies (see our Cookie Policy).
- Communications — records of correspondence when you contact us.
We do not intentionally collect special categories of personal data (such as data revealing health, religion or political opinions). Please do not submit such information through our Website.
3. How and why we use your data
We use personal data to:
- respond to your enquiries and provide the information or quotes you request;
- enter into and perform contracts and deliver our marketing services;
- manage our client relationship, including invoicing and support;
- operate, maintain, secure and improve the Website;
- send service communications and, where permitted, occasional updates about our services;
- comply with our legal, accounting and regulatory obligations; and
- establish, exercise or defend legal claims.
4. Legal bases for processing
Under the GDPR, we rely on the following legal bases:
| Purpose | Legal basis |
|---|---|
| Responding to enquiries and pre-contract discussions | Steps taken at your request prior to entering a contract (Art. 6(1)(b)) and our legitimate interests (Art. 6(1)(f)) |
| Providing our services and managing contracts | Performance of a contract (Art. 6(1)(b)) |
| Marketing communications to existing clients | Legitimate interests, subject to your right to object (Art. 6(1)(f)) |
| Non-essential cookies and analytics | Your consent (Art. 6(1)(a)) |
| Accounting, tax and legal compliance | Legal obligation (Art. 6(1)(c)) |
Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
5. Sharing & service providers
We do not sell your personal data. We share it only where necessary with:
- Service providers (processors) who act on our instructions — such as website hosting, email delivery, analytics, advertising platforms and accounting software — under written agreements that require appropriate safeguards;
- Professional advisers such as accountants and lawyers, where required;
- Authorities or regulators where we are legally obliged to disclose information; and
- Successors in the event of a business reorganisation, merger or sale, subject to this Policy.
6. International transfers
We aim to keep personal data within the European Economic Area (EEA). Where a provider processes data outside the EEA, we ensure an adequate level of protection through an adequacy decision of the European Commission or appropriate safeguards such as the Standard Contractual Clauses. You may request a copy of the relevant safeguards by contacting us.
7. How long we keep data
We retain personal data only for as long as necessary for the purposes set out above:
- Enquiries that do not become clients — up to 24 months from last contact.
- Client records — for the duration of our engagement and for the period required by Bulgarian accounting and tax law thereafter (generally up to 10 years for accounting documents).
- Website analytics — for the retention period configured in our analytics tools (see the Cookie Policy).
When data is no longer required, we securely delete or anonymise it.
8. Your rights
Subject to the conditions in the GDPR, you have the right to:
- access the personal data we hold about you;
- request correction of inaccurate or incomplete data;
- request erasure of your data (“right to be forgotten”);
- restrict or object to our processing;
- data portability, where applicable;
- withdraw consent at any time; and
- lodge a complaint with a supervisory authority.
To exercise any of these rights, email privacy@vaultwynn.com. We will respond within one month, as required by law. We may need to verify your identity before acting on a request.
9. Cookies
We use cookies and similar technologies to operate the Website and, with your consent, to understand how it is used. For full details and how to manage your preferences, please read our Cookie Policy.
10. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure, including encryption in transit, access controls and supplier due diligence. No method of transmission over the internet is completely secure, but we work to protect your data and continuously review our safeguards.
11. Children
The Website and our services are intended for businesses and individuals aged 18 and over. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us so we can delete it.
12. Changes to this Policy
We may update this Privacy Policy from time to time. The latest version will always be available on this page with a revised “Last updated” date. Material changes will be communicated where appropriate.
13. Contact & complaints
If you have any questions or concerns about this Policy or our handling of your personal data, please contact us at privacy@vaultwynn.com.
You also have the right to lodge a complaint with the Bulgarian supervisory authority:
Commission for Personal Data Protection (CPDP)
2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria
Website: www.cpdp.bg
Email: kzld@cpdp.bg