The present Privacy Policy by Dimitrova & Staykova Law Firm is intended to help you understand what kind of Personal Data we collect, why we collect it and how we use it.  Please, take the time to read this Privacy Policy carefully as  we want you to be aware of how we use your information and the ways in which you can protect your privacy.

This Privacy Policy applies to your Personal Data when you visit and use our website: (“Site”) and does not apply to online websites or services that we do not own or control.


Dimitrova & Staykova Law Firm with Unified Identification Code: 176667645 and registered office and address of management: Sofia, Oborishte district, post code:  1000, 37 Georgi Benkovski Str., 1st floor, hereinafter referred to as “DSP”.

Data Protection Officer: Attorney-at-law Nevena Stanimirova Staykova,

email: , tel .: +359 878 73 11 83.

We respect your right to privacy and we are continuously striving to keep the data we process minimal, but maximally protected.  However, in order to use our Services, we must process certain personal data.  When you use the contact form on our Site and / or use our legal services, you acknowledge that you have read and understood this Privacy Policy in connection with the processing of personal data by DSP.


Personal data is data that identifies and relates to someone as an individual.

DSP, in its capacity as Data Controller, processes personal data as follows:

Personal data received from our contact forms:

When we have received a message / inquiry from a person through the contact form on the Site or through any of the social networks supported by DSP, we will use the name, email and other contact details provided by him / her (if provided in his / her message) to contact and provide him / her with the information and / or assistance that the person needs.

Personal data received through the contact form on the Site or through any of the social networks maintained by DSP will be stored for up to 6 (six) months from receipt of the message / inquiry.

We will not use your contacts to advertise third party products and / or services.


We process solely the data which you have voluntarily granted to us.  This means that it is your responsibility not to provide third party data in violation of third party’ rights to personal data protection, as we have no practical ability to control whether you provide us with third party data with their knowledge and consent in accordance with the legal requirements.

Therefore, each person bears full personal responsibility if he / she provides us with third party data without their knowledge or without their consent in compliance with the requirements of the applicable data protection legislation.


We take appropriate technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is accessible only by those who need access to it in order to perform their job, and that they are properly trained and authorised to do so. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.


For providing quality services DSP may engage third party service providers – Sub-processors, carefully selected according to their capacity for personal data protection and processing in compliance with our obligations under the GDPR. Without them, the implementation of the assistance requested by you will not be possible.  We use only sub-processors – professionals in the field, through which we provide additional security for your data and to whom we provide solely the information needed to perform their assigned activities.  Such sub-processors are our IT and other software and hardware service providers.

In the cases required by law, your personal data may be provided to the competent state authorities and institutions.

We do not provide your personal data to third parties without legal or contractual grounds, nor do we sell or distribute it in any other way.


We do not share personal information with companies, organisations and individuals unless one of the following circumstances applies:

  1. With your consent – we will share personal information with companies, organisations or individuals – employers, when we have your explicit consent to do so;
  2. For making some services possible – to third party sub-processors, as described above;
  3. For legal reasons – we will share personal information with companies, organisations or individuals, if we have a good reason to believe that access, use, preservation or disclosure of the information is reasonably necessary to:
    1. meet any applicable law, regulation, legal process or enforceable governmental request.
    2. collect amounts due;
    3. detect, prevent, or otherwise address fraud, security or technical issues.
    4. protect against harm to the rights, property or safety of ours, our Users or the public as required or permitted by law.


You have the right to request a copy of your personal data at any time, to check the accuracy of the stored information, to correct or update this information, to ask for your personal information to be deleted if there are grounds for doing so, as described below. Moreover, you have the right to complain when your privacy rights have been violated. Below is a detailed description of your rights as a personal data subject:

– you have the right to request confirmation if personal data relating to you is being processed and to request a copy of your personal data as well as the information relating to the collection, processing and storage of your personal data.

– you have the right to request your personal data to be deleted if there are any of the following grounds: personal data is no longer necessary for the purposes for which it has been collected; where you have objected against the processing when the processing is unlawful; where data is processed on your consent and you withdraw that consent; where personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller. You may be denied deletion of your personal data for the following reasons: exercising the right of freedom of expression and the right of information; to comply with our legal obligation or to carry out a task of public interest or in the exercise of the official authority that has been granted to us; for reasons of public interest in the field of public health; for the establishment, exercising or protection of legal claims.

– you have the right to request your personal data to be corrected if it is inaccurate or to be supplemented if it is incomplete.

– you have the right to request restriction of the processing of your personal data if applicable and there is a reason to do so, for example: you dispute the accuracy of personal data for a period that allows us to verify the accuracy of personal data; the processing is illegal, but you do not want personal data to be deleted but only to be limited; we do not need any more personal data for the purposes of processing, but you require them to identify, exercise or protect your legal claims; you have objected against the treatment pending verification that our legitimate grounds have an advantage over your interests.

– you have the right to request to receive personal data that concern you and which you have provided in a structured, widely used and machine readable format, and you have the right to transfer this data to another administrator when the processing is based on consent or on contractual obligation and the processing is done in an automated manner.

– you have the right to make an objection against the processing of your personal data before the Data Protection Officer if there are reasons to do so.

You can address all requests to the Data Protection Officer. In order to be able to provide you with full assistance, please provide us with accurate information about you and specify your request. It is possible that, in exercising your rights, we may ask for additional information to establish your identity.

Please, keep in mind that when your requests are clearly unreasonable or excessive, in particular because of their repeatability, we can:

  1. charge a fee, taking into account the administrative costs of providing information or communication or undertaking the requested activities, or
  2. refuse to take actions on the request.

We will make reasonable efforts to review your request within 30 days of receiving your application. If necessary, this term may be extended by a further two months, taking into account the complexity and the number of requests.


If you think we have infringed your privacy rights, you can lodge a complaint with the Supervisory Authority of Bulgaria, which is the Commission for Personal Data Protection.

More information can be found at:

Moreover, you can lodge your complaint in the country where you live, your place of work or at the place where you believe we have infringed your right(s).