1.1 On 28.05.2018 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as the “GDPR”) entered into force.

1.2 The present Personal Data Processing and Protection Policy (hereinafter referred to as the “Policy”) is intended to inform users about what kind of personal data  is processed by attorney at law Liliya Stefanova Tsoncheva, Sofia Bar Association, No. 160073241, e-mail: (the “Administrator”) in connection with the visit and use web site

1.3 This website is owned and managed by attorney at law Liliya Stefanova Tsoncheva, Sofia Bar Association, No. 160073241, in accordance with the provisions of the Personal Data Protection Act and Regulation (EC) 2016/679 (“GDPR”).

1.4 In this Policy, you may find information regarding your rights as a personal data subject whose data protection is collected, processed and stored by me as Administrator of personal data within the meaning of Art. 4, item 7 of the GDPR. As Administrator I process your personal data for the purposes, within the terms and in the manner described below, respecting the principles and rules set forth in the GDPR and in the Bulgarian legislation in force – the Personal Data Protection Act (PDPA).

1.5 Protection of personal data is of the utmost importance. The Administrator does not sell your data to others. If I provide your data to third parties, these third parties are my contractors who process the information on my behalf and follow my instructions for the highest standard for protecting your personal information


2.1 “Personal data” means any information related to identification of an individual (such as name, age, date of birth, telephone, e-mail address, etc.).

2.2 Personal data revealing race or ethnic origin, political opinions, religious or philosophical beliefs, membership of trade unions and genetic data processing, biometric data to uniquely identify an individual, health, or data on sexual life or sexual orientation of an individual are a special category of personal data. The Administrator does not process such information about you.


The Administrator collects, uses, stores and processes your personal data which is required for performance of the services provided by the Administrator. Your data is used to compile and send personalized information about the services  provided by the Administrator. They can also be used for statistical purposes, which are related to improving the quality of the services as well as marketing activities.

There is an option at the site to contact me through a message by entering the specified data below. Entering the specified personal data is not a registration on the website. In this way, you will not be created a profile on which your personal data will be stored or will be subsequently identified.


The website collects a series of general data and information when a data subject or automated system calls up the website. This general data and information are stored in the server log files. Collected may be (1) the browser types and versions used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrers), (4) the sub-websites, (5) the date and time of access to the Internet site, (6) an Internet protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) any other similar data and information that may be used in the event of attacks on our information technology systems.

When using these general data and information, we do not draw any conclusions about the data subject. Rather, this information is needed to (1) deliver the content of our website correctly, (2) optimize the content of our website as well as its advertisement, (3) ensure the long-term viability of our information technology systems and website technology, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. Therefore, we analyze anonymously collected data and information statistically, with the aim of increasing the data protection and data security of our enterprise, and to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.


Cookies are technology that can be used to provide personalized information from a web site. An HTTP cookie, commonly referred to as a “cookie”, is a packet of information sent from a web server to an Internet browser, and then returned by the browser each time it has access to that server.

Keep in mind that the site may use the so-called “cookies” in order to offer you better, optimized and up-to-date services, product information, and terms, as well as to provide personalized content to website users. Through the “cookies”, including other similar technologies, the Administrator can obtain specific user information such as: the pages you are viewing; the things you download; the links you follow; the duration of the site visit; your IP address; the domain from which you enter our website, etc. This information helps me learn more about how you use the related technologies and to provide you with adequate services and information. As soon as “cookies” are used by this site, you will be notified by publishing Cookies Use Policy on the website.


6.1 In some cases, the Administrator may disclose certain personal data to strategic subcontractors who work with the Administrator to provide services related to the Administrator’s activities or to help him. Personal information will be shared by me only in order to improve our services and advertising; it will not be shared with third parties for their marketing purposes.

6.2 In cases where the Administrator shares information about you with third parties – Administrator’s providers, the Administrator has mechanisms to ensure that they provide data protection level according to the agreed standard for that. Your data is also considered confidential for our partners.

6.3 It may be necessary, by law and/or at the request of public authorities or officials who, under the current legislation, are authorized to request and collect such information in accordance with statutory procedures, the Administrator discloses your personal information.


7.1 The Administrator does not transfer your data to third countries outside the EU. In individual cases, your data may be transferred to third parties by virtue of a contract between the Administrator and a contractor of certain non-EU services. In such cases, the Administrator will ensure that this transfer is carried out in full compliance with the legal provisions, thus ensuring the level of protection of your data (including but not limited to standard transfer terms approved by the European Commission). If the Administrator’s partners are in the United States, their Privacy Shield certification will be checked, which is a legal mechanism for transferring data to that country.


8.1 The Administrator takes precautions, including administrative, technical, and physical measures, to protect your personal information from loss, theft and misuse, as well as unauthorized access, disclosure, alteration or destruction.

8.2 The Administrator complies with organizational and technical measures to protect your personal information. Access to your data is limited to the necessity of performing the duties of the Administrator.


9.1 The period for which we process and store your personal data is determined by the content of your message, with the minimum time limit for administering and responding to your message. If your message implies any obligations for us to perform certain actions or activities (for example, to perform an alert check, etc.), the processing of your personal data will be extended until finishing the relevant activities/actions or any other legally prescribed period, in connection with our legitimate obligations, rights and interests.


10.1  If you have provided your personal data to the Administrator, you have the following options at any time:

  • the right to access your personal data processed by the Administrator;

  • the right to request appropriate correction, deletion, blocking of your personal data, “the right to be forgotten”;

  • the right to data portability in a structured, widely used and machine-readable format;

  • the right to object at any time against the processing of your personal data when there are legitimate reasons for doing so;

  • the right to refuse the processing of your personal data for the purpose of receiving an electronic newsletter and other marketing communications;

  • the right to complain to the Personal Data Protection Commission if you consider that your data protection rights have been violated.

10.2 If you wish to exercise your rights or to unsubscribe from any electronic communication, including newsletter and other marketing communications, you may contact the Administrator by sending a message to


If there are any subsequent updates to the Policy, it will be published on the website and the date will be updated so you can always know what information is collected from me online, how it is used, and what options and opportunities are provided to you.

Last updated: 30.03.2020