Skip to content Skip to footer
DSP
DSP
Close

PRIVACY POLICY
REGARDING THE PROCESSING OF PERSONAL DATA
BY “DIMITROVA AND STAYKOVA” LAW FIRM

This Privacy Policy regarding the processing of personal data by “Dimitrova and Staykova” Law Firm aims to provide you with clear, transparent and comprehensive information and to help you understand what personal data we collect, why we collect it and how we use it. Please take the time to read this Privacy Policy carefully. We want you to be aware of how we use your information and the ways in which you can exercise your rights.

This Privacy Policy applies to your personal data when you visit our website https://www.dsp.bg/ (the “Website”) or use our services through it. It does not apply to other websites and/or services that we do not own or control.

WHO WE ARE

The entity providing services through this Website, in its capacity as a Data Controller, is “Dimitrova and Staykova” Law Firm, BULSTAT: 176667645, with and address for service at: 37 Georgi Benkovski Str., fl. 1, Oborishte District, City of Sofia 1000, Republic of Bulgaria.

Contact person regarding data protection matters:

Attorney-at-law Nevena Stanimirova Staykova, email: n.staikova@dsp.bg

We respect your right to privacy and continuously strive to ensure that the personal data we process is kept to a minimum and is adequately protected. However, in order to provide our services, it is necessary for us to process certain personal data.

By using any of the services available on the Website, you acknowledge that you have read and understood this Privacy Policy.

DATA WE COLLECT AND HOW WE USE IT

We collect personal data solely for the purpose of carrying out our activities through https://www.dsp.bg/. Personal data is processed only on lawful grounds and in compliance with the principles of data minimisation, transparency and security. In this regard, we do not use personal data for purposes incompatible with those for which it was originally collected. We do not sell or otherwise distribute your personal data.

In its capacity as a data controller, Law Partnership “Dimitrova and Staykova” processes personal data as follows:

Personal data obtained through our contact form:

When we receive an inquiry via the contact form available on the Website, or via telephone or email, we use the contact details provided (name and email address) to respond and provide the requested information or assistance.

Personal data obtained through the contact form is stored for a period of up to 6 (six) months from the date of receipt of the inquiry.

Personal data collected through Newsletter subscription:

If you have subscribed to our Newsletter through the Website, we will process the email address you have provided in order to send you updates about us, upcoming events, news, analyses, and other information related to our activities that we believe may be of interest to you.

By subscribing, you give your explicit consent to the processing of your personal data for the purposes described above. Your consent is voluntary, and refusal to subscribe to the Newsletter will not restrict your access to our services.

You may withdraw your consent to receive such information at any time.

Your personal data will be stored until your consent is withdrawn.

METHOD OF DATA COLLECTION

We process and use only personal data that has been provided directly and voluntarily by our users. This means that each user is responsible for ensuring that they do not provide personal data of third parties in violation of their data protection rights, as we do not have a practical ability to verify whether such data has been provided with the knowledge and consent of the relevant third parties in accordance with applicable legal requirements.

Accordingly, any person bears full responsibility if they provide us with personal data of a third party without their knowledge or without obtaining the required consent under applicable data protection legislation.

SECURITY MEASURES

We have implemented a wide range of technical and organisational measures to protect your personal data against loss or unlawful processing. Personal data is accessible only to those individuals who need access in order to perform their duties related to the provision of our services. These individuals are properly trained and authorised. Our staff processes personal data in accordance with the principles of lawfulness, confidentiality, professional ethics and appropriate use of data.

SUBCONTRACTORS

In order to provide high-quality services, we engage service providers acting as Data Processors, carefully selected based on their ability to ensure adequate data protection. Without them, the provision of our services would not be possible. We use only professional subcontractors in their respective fields, to whom we provide only the information necessary for the performance of their tasks.

We do not disclose your personal data to third parties without a legal or contractual basis, nor do we sell or otherwise distribute it.

MINORS

Our services and Website are intended only for individuals over the age of 18. If you are under 18, please seek assistance from a person who is at least 18 years old in order to use our services.

If we become aware that we have collected personal data from a person under the age of 18, we will promptly delete such data, unless we are legally obliged to retain it.

Please contact us if you believe that we have inadvertently collected data from a minor.

YOUR RIGHTS

You have the right to request a copy of your personal data at any time, to verify the accuracy of the information we hold, to correct or update such information, and to request that your personal data be erased where grounds for this exist, as described below. You also have the right to lodge a complaint where your data protection rights have been infringed. Below you will find a detailed description of your rights as a data subject:

– You have the right to request confirmation as to whether personal data concerning you are being processed and to request a copy of your personal data, as well as access to information relating to the collection, processing, and storage of your personal data;

– You have the right to request the erasure of your personal data where one of the following grounds applies: the personal data are no longer necessary for the purposes for which they were collected; you have objected to the processing; the processing is unlawful; the data are processed on the basis of your consent and you withdraw that consent; or the personal data must be erased in order to comply with a legal obligation under Union or Member State law applicable to the Controller. We may refuse to erase your personal data for the following reasons: for exercising the right of freedom of expression and information; for compliance with a legal obligation or for the performance of a task carried out in the public interest or in the exercise of official authority vested in us; for reasons of public interest in the area of public health; or for the establishment, exercise, or defence of legal claims;

– You have the right to request the rectification of your personal data if they are inaccurate, or to have incomplete data completed;

– You have the right to request restriction of the processing of your personal data where applicable and where grounds exist, for example: where you contest the accuracy of the personal data, for a period enabling us to verify the accuracy of the personal data; where the processing is unlawful but you oppose the erasure of the personal data and request the restriction of their use instead; where we no longer need the personal data for the purposes of processing, but you require them for the establishment, exercise, or defence of legal claims; or where you have objected to processing pending the verification whether our legitimate grounds override your interests;

– You have the right to receive the personal data concerning you, which you have provided, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller, where the processing is based on consent or on a contractual obligation and is carried out by automated means;

– You have the right to object, on grounds relating to your particular situation, to the processing of your personal data by contacting the designated data protection contact person, where applicable.

You may address your requests to the contact person indicated above. In order to provide you with full assistance, please give us accurate information about yourself and specify your request. We may request additional information when you exercise your rights in order to verify your identity.

Please note that where your requests are manifestly unfounded or excessive, in particular due to their repetitive nature, we may:

  1. charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the requested action; or
  2. refuse to act on the request.

We will make reasonable efforts to comply with your request within 30 days of receiving it. Where necessary, this period may be extended by up to two additional months, taking into account the complexity and number of the requests.

SUPERVISORY AUTHORITY

If you believe that we have infringed your rights in relation to your personal data, you may lodge a complaint with the Bulgarian supervisory authority – the Commission for Personal Data Protection, at the following contact details: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria; kzld@cpdp.bg.

You may also lodge your complaint in the country where you reside, where you work, or where you consider that the alleged infringement has occurred.

Last update of our Privacy Policy: 01.05.2026