GDPR Compliance
Our Commitment to Data Protection
AI Group LTD is fully committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This regulation governs how we collect, use, and protect your personal data when you use our services or visit our website.
As a data controller registered in Bulgaria (EIK: 206987757), we take your privacy seriously and implement appropriate technical and organizational measures to ensure your data is protected.
Your Rights Under GDPR
Under the GDPR, you have the following rights regarding your personal data:
1. Right to Access (Article 15)
You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data and specific information about how we process it.
2. Right to Rectification (Article 16)
You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay. You also have the right to have incomplete personal data completed.
3. Right to Erasure / "Right to be Forgotten" (Article 17)
You have the right to obtain the erasure of personal data concerning you without undue delay when:
- The data is no longer necessary for the purposes for which it was collected
- You withdraw consent and there is no other legal ground for processing
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
- The data must be erased for compliance with a legal obligation
4. Right to Restrict Processing (Article 18)
You have the right to obtain restriction of processing when:
- You contest the accuracy of the personal data
- The processing is unlawful and you oppose erasure
- We no longer need the data but you require it for legal claims
- You have objected to processing pending verification
5. Right to Data Portability (Article 20)
You have the right to receive the personal data concerning you in a structured, commonly used, and machine-readable format, and to transmit this data to another controller without hindrance from us.
6. Right to Object (Article 21)
You have the right to object at any time to processing of personal data concerning you which is based on legitimate interests or for direct marketing purposes.
7. Right to Withdraw Consent (Article 7)
Where processing is based on consent, you have the right to withdraw consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
8. Right to Lodge a Complaint (Article 77)
You have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement.
How to Exercise Your Rights
To exercise any of your GDPR rights, please contact our Data Protection Officer:
Email: office@aigroup.bg
Address: Blagoevgrad 2700, Elenovo District, Block 95, Entrance B, Bulgaria
Phone: Available upon request via email
We will respond to your request within 30 days. If your request is complex or numerous, we may extend this period by two further months, in which case we will inform you of the extension.
Legal Basis for Processing
We process personal data only when we have a valid legal basis under GDPR:
Contract Performance (Article 6(1)(b))
Processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract. This applies when:
- Providing software development services
- Delivering accounting services
- Processing payments
Legal Obligation (Article 6(1)(c))
Processing is necessary for compliance with a legal obligation to which we are subject. This includes:
- Accounting and tax record keeping (Bulgarian Accounting Act)
- Fraud prevention
- Regulatory compliance
Legitimate Interests (Article 6(1)(f))
Processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights. This includes:
- Website analytics to improve user experience
- Network and information security
- Direct marketing (with opt-out option)
Consent (Article 6(1)(a))
Where we rely on consent as the legal basis, you have given us clear consent to process your personal data for a specific purpose. You can withdraw this consent at any time.
Data We Collect
We collect and process the following categories of personal data:
Identity Data
- First name and last name
- Job title
- Company name
Contact Data
- Email address
- Telephone number
- Business address
Financial Data
- Bank account details (for payments)
- Payment history
- Invoicing information
Technical Data
- IP address
- Browser type and version
- Operating system
- Time zone setting and location
- Referring website
Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
| Data Type | Retention Period | Legal Basis |
|---|---|---|
| Contact form data | 2 years | Legitimate interest |
| Client accounting data | 10 years | Bulgarian Accounting Act |
| Contract data | 5 years after contract end | Limitation period |
| Server logs | 1 year | Security purposes |
International Data Transfers
We are based in Bulgaria, EU, and primarily process data within the European Economic Area (EEA). If we transfer your personal data outside the EEA, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for countries recognized by the EU
- Binding Corporate Rules (for group transfers)
Data Security
We implement appropriate technical and organizational measures to protect your personal data:
- SSL/TLS encryption for all data transmission
- Secure servers with firewalls and intrusion detection
- Access controls and authentication mechanisms
- Regular security assessments and updates
- Staff training on data protection
- Incident response procedures
Data Breach Notification
In the unlikely event of a personal data breach, we will:
- Notify the supervisory authority within 72 hours of becoming aware
- Notify affected individuals without undue delay if the breach is likely to result in high risk to their rights and freedoms
- Document all breaches, their effects, and remedial actions
Cookies and Tracking
Our website uses minimal cookies:
- Essential cookies: Required for website functionality (cannot be disabled)
- Analytics cookies: Help us improve our website (with your consent)
You can control cookies through your browser settings. For more information, see our Privacy Policy.
Supervisory Authority
If you are not satisfied with our response to your data protection concerns, you have the right to lodge a complaint with:
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
Website: www.cpdp.bg
Phone: +359 2 915 3580
Updates to This Policy
We may update this GDPR compliance page to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated date.
Contact Us
For any questions about GDPR or data protection at AI Group LTD:
- Email: office@aigroup.bg
- Address: AI Group LTD, Blagoevgrad 2700, Elenovo District, Block 95, Entrance B, Bulgaria
- Company: EIK 206987757 | VAT: BG206987757