VarnaIT
DE EN BG
Privacy

Privacy Policy

This privacy policy explains which personal data is processed on the VarnaIT website, for what purposes and which rights data subjects have.

Privacy

Privacy Policy

This privacy policy explains which personal data is processed on the VarnaIT website, for what purposes and which rights data subjects have.

Controller

The controller within the meaning of the GDPR is:

  • Varna Informationstechnologie EOOD
  • Seliolu 3, App. 11, BG – 9002 Varna, Bulgaria
  • Email: kontakt@varnait.eu
  • Mobile Germany: +49-15151564140
  • Mobile Bulgaria: +359-897978134

Privacy contact

Please use the official contact address for privacy enquiries. A data protection officer is currently not appointed unless a statutory obligation applies.

  • Privacy contact: kontakt@varnait.eu

Website access and server log files

When the website is accessed, technically necessary access data is processed to deliver the website, operate it reliably, protect it against abuse and analyse errors.

  • processed data: IP address, date and time, requested URL, referrer, user agent, HTTP status and technical access data
  • legal basis: Art. 6(1)(f) GDPR, legitimate interest in secure and functional operation
  • retention: usually up to 14 days, longer only in case of security incidents or legal enforcement

Contact form and email enquiries

When you contact us via the form or by email, we process your details to handle the enquiry, communicate with you and prepare or perform a business relationship.

  • processed data: name, email address, company, topic/interest, message, language of the enquiry, time of submission
  • legal basis: Art. 6(1)(b) GDPR for pre-contractual or contractual enquiries; additionally Art. 6(1)(f) GDPR for general business communication
  • necessity: without the required contact data we cannot process the enquiry

Twenty CRM self-hosted

Enquiries may be transferred to a self-hosted Twenty CRM to manage prospects, companies, enquiries and later project communication in a structured manner.

  • purpose: lead and enquiry management, project preparation, follow-up and communication
  • legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR
  • access: only authorised internal users and technically necessary administrators

Recipients and processors

Personal data is only disclosed where necessary for operation, processing or legal obligations.

  • possible recipients: hosting provider, email provider, IT service providers, CRM system, tax advisors or legal advisors where required
  • processor agreements are concluded with processors where required
  • contact data is not published

Hosting and storage location

The website and related systems are operated, where possible, in the EU or via suitable hosting partners. Specific hosting locations may vary depending on the project and system.

  • hosting locations for customer projects are agreed project by project
  • third-country transfers, if any, are assessed for appropriate safeguards or other legal requirements

Cookies and similar technologies

The theme itself does not set marketing cookies. Technically necessary cookies may be required for language selection, security, login functions or form protection. Optional analytics, marketing or external media services are loaded only after configuration and, where required, consent.

  • legal basis for necessary functions: Art. 6(1)(f) GDPR
  • legal basis for optional services: Art. 6(1)(a) GDPR where consent is required
  • details are available on the Cookie Settings page

Retention periods

Personal data is stored only as long as necessary for the respective purposes or as long as statutory retention obligations apply.

  • contact enquiries: for the duration of processing and reasonable follow-up
  • business records: according to statutory commercial and tax retention obligations
  • technical logs: usually up to 14 days unless a security incident occurs

Your rights

Data subjects have the GDPR rights of access, rectification, erasure, restriction of processing, data portability and objection. Consent-based processing can be withdrawn at any time with effect for the future.

  • please send requests to kontakt@varnait.eu
  • proof of identity may be required to prevent unauthorised disclosure
  • consent can be withdrawn at any time

Right to lodge a complaint

You have the right to lodge a complaint with a data protection supervisory authority. In Bulgaria, the competent authority is the Commission for Personal Data Protection / Комисия за защита на личните данни.

  • Commission for Personal Data Protection, 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
  • Website: cpdp.bg
  • Email: kzld@cpdp.bg

Automated decision-making

This website does not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you.

  • no scoring-based rejection of enquiries
  • no solely automated contract decisions

Updates to this privacy policy

This privacy policy may be updated if technical processes, services or legal requirements change.

  • Last updated: May 2026