+359 2 000 0142
SMARTSTROY
BUILD. PROTECT. DELIVER.
— LEGAL

Privacy Policy

Last updated: 23 May 2026

1. Data Controller

This website is operated by Smart Stroy Bulgaria EOOD ("SmartStroy", "we", "us"), UIC/PIC 208418391, registered at Acad. Boris Stefanov, Winter Palace, fl. 3, Office 2, Studentski grad, Sofia 1700, Bulgaria. We are the data controller of personal data collected through this site.

Contact: sales@smartstroy.bg · +359 2 000 0142

2. Information We Collect

  • Order & account data: name, email, phone, billing and shipping address, company name and VAT number (if applicable).
  • Payment data: processed directly by our V-POS provider. We do not store full card numbers, CVV codes or any other bank-card data on our servers.
  • Technical data: IP address, browser, device, pages visited, referring URL, cookies and similar identifiers.
  • Communications: messages you send through the contact form, email or phone.

3. How We Use Your Data

  • Process orders, payments, invoices and deliveries.
  • Provide customer support and respond to enquiries.
  • Comply with Bulgarian tax, accounting and consumer-protection law.
  • Prevent fraud and secure the site (legitimate interest).
  • Send service-related emails (order confirmations, shipping updates).
  • Send marketing emails only with your prior consent — you may unsubscribe at any time.

4. Legal Basis (GDPR)

We process personal data on the basis of: (a) performance of a contract (Art. 6(1)(b) GDPR) when you place an order; (b) legal obligation (Art. 6(1)(c)) for tax and accounting records; (c) legitimate interests (Art. 6(1)(f)) for security and fraud prevention; (d) consent (Art. 6(1)(a)) for marketing and non-essential cookies.

5. Sharing Your Data

We share personal data only with trusted processors that help us operate the store:

  • V-POS payment processor — card authorisation and settlement.
  • Shopify — e-commerce platform and order management.
  • Courier and shipping partners within Bulgaria and the EU for delivery.
  • Hosting and email providers bound by data-processing agreements.
  • Tax authorities and public bodies when required by law.

We do not sell your personal data.

6. International Transfers

Some processors (e.g. Stripe) may transfer data outside the EU/EEA. Such transfers are protected by Standard Contractual Clauses approved by the European Commission and adequate technical safeguards.

7. Retention

Order and invoice data is kept for 10 years under Bulgarian accounting law. Account and marketing data is kept until you delete your account or withdraw consent. Technical logs are kept for up to 12 months.

8. Your Rights

Under the GDPR you have the right to: access, rectify, erase, restrict or object to processing, data portability, and to withdraw consent at any time. To exercise any right, email sales@smartstroy.bg. You may also lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP), cpdp.bg.

9. Cookies

We use strictly necessary cookies (cart, session, security) and, with your consent, analytics cookies to improve the site. You can disable cookies in your browser settings.

10. Payment Terms

Card payment details, accepted card schemes, and our handling of bank-card data are set out in our Terms & Conditions.

11. Security

All payments are processed over TLS through PCI-DSS certified processors. We apply industry-standard organisational and technical measures to protect your data.

12. Changes

We may update this policy. Material changes will be announced on this page and dated above.