bgaccounting.
BG EN
Get free quote
Legal

Privacy policy

How Opticentre Bulgaria EOOD processes your personal data under GDPR and Bulgarian law.

Contents

Last updated: 28 April 2026

1. Data Controller

This Privacy Policy describes how Opticentre Bulgaria EOOD (“we”, “us”, “our”) collects, uses, and protects your personal data when you visit our website www.bgaccounting.eu or use our accounting services and the Exiqze client portal.

Data Controller:
Opticentre Bulgaria EOOD
47 Porto Lagos St., Floor 3
4003 Plovdiv, Bulgaria
Phone: +359 87 988 6200
Contact: through the website contact form

We process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and the Bulgarian Personal Data Protection Act.

2. Personal Data We Collect

a) Data you provide directly:

  • Identification data (name, email, phone) submitted via contact forms
  • Business information (company name, VAT number) for client onboarding
  • Payment information (processed by Stripe; we do not store card details)
  • Documents you upload to your client portal (invoices, receipts, contracts)

b) Data collected automatically:

  • IP address, browser type, device identifiers
  • Pages visited, time spent, referral source
  • Cookies and similar technologies (see Section 8)

c) Data from third parties:

  • Authentication data (when you sign in via Google or Facebook)

3. Purpose and Legal Basis (Article 6 GDPR)

We process your personal data on the following legal bases:

PurposeLegal basis
Providing accounting servicesContract performance (Art. 6(1)(b))
Tax filings and legal complianceLegal obligation (Art. 6(1)(c))
Client portal accessContract performance + legitimate interest
Marketing emailsConsent (Art. 6(1)(a))
Website analyticsConsent (Art. 6(1)(a))
Fraud prevention and securityLegitimate interest (Art. 6(1)(f))
Defending legal claimsLegitimate interest (Art. 6(1)(f))

4. Data Retention

We keep personal data only as long as needed:

  • Accounting records: 10 years (Bulgarian Accounting Act, Art. 12)
  • Tax-related records: 5–10 years (tax legislation)
  • Contact form submissions: 2 years
  • Marketing consent records: until consent is withdrawn
  • Website analytics: 14 months
  • Cookies: see Section 8

5. Data Recipients

Personal data may be shared with:

  • Bulgarian National Revenue Agency (NAP) — for tax filings
  • National Social Security Institute (NOI) — for payroll
  • Banks and payment processors (Stripe, Fibank) — for payment processing
  • Hosting provider (Exiqze EOOD) — for website and portal infrastructure
  • Email delivery service (SMTP2GO) — for transactional emails
  • Authentication providers (Google, Facebook) — only when you choose to sign in via those
  • Analytics providers (Google Analytics, Meta) — only with your consent
  • Bulgarian courts and law enforcement — only when legally required

We do not sell personal data.

6. International Data Transfers

Some recipients (Google, Meta, Stripe) may transfer data outside the European Economic Area. Such transfers are protected by:

  • EU-US Data Privacy Framework adequacy decision, or
  • Standard Contractual Clauses (SCCs) approved by the European Commission

7. Your Rights (Articles 15–22 GDPR)

  • Right of access (Art. 15) — request a copy of your data
  • Right to rectification (Art. 16) — correct inaccurate data
  • Right to erasure (Art. 17) — delete your data, subject to legal retention requirements
  • Right to restriction of processing (Art. 18) — temporarily block processing
  • Right to data portability (Art. 20) — receive your data in machine-readable format
  • Right to object (Art. 21) — to processing based on legitimate interest
  • Right to withdraw consent (Art. 7(3)) — at any time, without affecting prior processing
  • Right not to be subject to automated decision-making (Art. 22)

To exercise any right, contact us via the website contact form. We will respond within 30 days.

If you believe your rights have been violated, you may complain to:

Commission for Personal Data Protection (KZLD)
2 Tsvetan Lazarov Blvd., 1592 Sofia
Phone: +359 2 91 53 555
Website: www.cpdp.bg

8. Cookies

We use cookies and similar technologies in the following categories:

  • a) Strictly necessary cookies — required for the site to function (session, security, language preference). No consent needed.
  • b) Functional cookies — remember your preferences (theme, language). Set only with consent.
  • c) Analytics cookies — Google Analytics, used to understand site usage. Set only with explicit consent.
  • d) Marketing cookies — Meta Pixel, used for ad measurement and remarketing. Set only with explicit consent.

You can manage your cookie preferences via the cookie banner or by clearing cookies in your browser.

9. Children

Our services are not directed at children under 16. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us via the website form so we can delete it.

10. Security

We implement appropriate technical and organizational measures to protect personal data, including encryption in transit (HTTPS/TLS), access controls, audit logs, and regular security reviews. The Exiqze client portal uses GDPR-compliant document storage with encrypted access.

11. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent revision. Material changes will be communicated via the website. Continued use after a change constitutes acceptance.

12. Contact

For privacy-related questions or to exercise your rights, please use the contact form on this website. We do not publish a public email address for security reasons; messages submitted via the form are routed securely to the Data Controller.