Privacy Policy for Customers

Кликнете тук за версия на български език

Your privacy is important to us

We, Schwarz Global Services Bulgaria EOOD take the protection of your personal data very seriously and strive to provide you with comprehensive information about the processing of your personal data. The following privacy policy applies to you if we process the data of natural persons. The specific legal bases are the EU General Data Protection Regulation (GDPR) and the respective Bulgarian legislation. Which data is processed in the individual case depends primarily on the agreed services rendered. As a result, not all of this information will be relevant to you.

1. "Controller" within the meaning of Article 4(7) GDPR

The controller responsible for data processing within the meaning of Article 4(7) GDPR is the company named in the e-mail signature or the company which you are contacting or which is rendering services to you.

2. Processing activities

a) Visiting this website

When you visit this website, log files are generated containing the following information:

  • the website from which you visit our site;
  • the IP address;
  • the date and time of access;
  • the client request;
  • the http response code;
  • the data volume transmitted;
  • information about the type of browser and operating system you are using.

Recipients/categories of recipient

Each time that a user accesses this website and each time a file is accessed, Schwarz IT KG, Stiftsbergstraße 1, 74172 Neckarsulm save log files documenting this process; this serves exclusively to protect our systems and to prevent improper and/or fraudulent behavior.

Storage time/criteria for determining storage time:

Storage time is 7 days.

b) Contact form/requests by e-mail/phone/mail

Purpose of the processing/legal basis: We treat all personal data which you provide us with by telephone, e-mail or mail confidentially. We use your data solely for the limited purpose of processing your inquiry. The legal basis for the processing is Article 6(1)(f) GDPR. Our legitimate interest arises from the interest in responding to inquiries so that customer satisfaction is ensured and promoted.

Recipients/categories of recipients: As a rule, we do not transfer the data to third parties. In exceptional cases, we will have a processor process the data on our behalf. Such processors are carefully selected, audited by us and bound by contract in accordance with Article 28 GDPR.

Storage time/criteria for determining storage time:

We retain your personal data only for as long as is necessary to fulfill the legitimate interest and deletion is not precluded by compliance with a legal obligation to which the controller is subject (e.g., statutory documentation and retention obligations set out in Bulgarian legislation like for example storage for tax purposes – 10 years starting as of 1st of January of the year following the year in which the tax obligation has arisen, for legal claims – 5 years after the termination of the contracts and after the performance of all rights and obligations therein or for as long as necessary in case of commenced court proceedings/ lawsuits and/or other claims, etc.

c) Whistleblowing signals

Pursuant to Bulgarian legislation implementing the EU Whistleblowing Directive Schwarz Global Services Bulgaria EOOD is obliged to create a channel for receiving signals for violations of legislation in various areas. In case such signal is filed by employee or third party Schwarz Global Services Bulgaria EOOD is obliged to investigate the signal. For these purposes the following categories of data might be processed:  the signal sender's three names, address and telephone number, as well as an email address, if any;    the names of the person against whom the report is filed and their workplace, if the report is filed against specific persons and they are known;    specific details of an actual or potential breach, the place and time of the breach, if already committed, a description of the act or the situation and other circumstances, as far as these are known to the whistleblower; date of submission of the report; signature, electronic signature or other identification of the sender and other circumstances around the signal, as well as any other data voluntarily shared by the signal sender. The personal data shall be stored for a period of one year after the case is solved or closed without solving.

3. Is data transferred to third countries?

If we transfer personal data to recipients outside the European Economic Area (EEA), the transfer will only take place if an adequate level of data protection has been confirmed for that third country by the European Commission, if an adequate level of data protection has been agreed with the data recipient (e.g., by means of EU standard contractual clauses) or if we have received your consent.

4. Your rights as the data subject

Under Article 15(1) GDPR, you have the right to obtain information, free of charge, on the personal data stored about you.

If the statutory requirements are met, you also have a right to rectification (Article 16 GDPR), erasure (Article 17 GDPR) and restriction of processing (Article 18 GDPR) of your personal data.

If the basis of processing is Article 6(1)(e) or (f) GDPR, you have a right to object under Article 21 GDPR. If you object to processing, your data will no longer be processed thereafter, unless the controller demonstrates compelling legitimate grounds for the processing which override the interests of the data subject in the objection.

If you have provided the processed data yourself, you have a right to data portability under Article 20 GDPR.

If the data processing is carried out on the basis of consent granted under Article 6(1)(a) or Article 9(2)(a) GDPR, you may revoke that consent at any time with effect for the future without this affecting the lawfulness of the previous processing.

In the above-mentioned cases, or if you have questions or complaints, please write to or e-mail the data protection officer (see no. 5). You also have a right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority located in the state in which you live or where the controller is domiciled has jurisdiction.

5. Data protection officer/coordinator

For further questions concerning the processing of your data or the exercise of your rights, please contact the competent data protection officer/coordinator of the controller at:

Schwarz Global Services Bulgaria EOOD

Lozenets, blvd. “Cherni vrah” 51, floor 11,



Aus Gründen der besseren Lesbarkeit wird bei Personenbezeichnungen und personenbezogenen Hauptwörtern auf dieser Website die männliche Form verwendet. Entsprechende Begriffe gelten im Sinne der Gleichbehandlung grundsätzlich für alle Geschlechter. Die verkürzte Sprachform hat nur redaktionelle Gründe und beinhaltet keine Wertung.