Privacy Policy

PRIVACY POLICY

This Privacy Policy of Tessoris is intended to help you understand what kind of Personal Data we collect, why we collect it and how we use it. Please take the time to read this Privacy Policy carefully as we want you to be aware of how we use your information and the ways in which you can protect your privacy.

This Privacy Policy applies to your Personal Data when you visit https://www.tessoris.com/ (the Website) or use our services through this Website and does not apply to online websites or services that we do not own or control.

If you have any questions or requests, please contact us at: Sofia 1784, Mladost District, 4111R Tsarigradsko shose Blvd., Synergy Tower, Office 12, email: office@tessoris.com

Data protection contact person: Plamen Dragnev, email: office@tessoris.com

WHO WE ARE?

The Company, providing you services through this Website is “TESSORIS” VCC, incorporated and existing under the Laws of the Republic of Bulgaria, registered with the Commercial Register and the Register of Non-Profit Legal Entities at the Registry Agency in the Republic of Bulgaria under Unified Identity Code 208183363 having its seat and registered office at Sofia 1784, Mladost District, 4111R Tsarigradsko shose Blvd., Synergy Tower, Office 12 (hereinafter referred to as the "Controller", "we", "us", and/or the "Company").

PERSONAL DATA WE COLLECT AND HOW WE USE IT

Personal data is data that describes and is linkable to someone as a person. We collect personal data in order to provide the services to our visitors. We don’t sell or otherwise distribute your personal data. We may share it with our selected service providers only when it is vital for the provision of our services as explicitly described below.

We processes the following personal data provided by you:

Personal data received from the “Contact Us” Section in the Website - When you contact us through our contact form, by phone or via email, we will process the personal data you provide us with, including, but not limited to your full name, email address and / or phone number in order to provide the assistance you need.

The term for storing your data if you have contacted us through our contact form is 6 months in order to facilitate the communication and assist you in all matters.

We shall not use your personal data for any other purpose, except for these described above. We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.

Newsletter and marketing information - If you have given your consent to receive marketing information and/or have subscribed to our newsletter through the Website (where such an option is available), we will use your email address to send you up-to-date information about our activities, upcoming events, new products or services, or other information that we believe may be of interest to you. Your consent is voluntary. We will not deny you our services if you have not given your consent to receive marketing information and/or have not subscribed to our newsletter through the Site (where such an option is available). You may withdraw your consent to receive this information at any time. Personal data processed for direct marketing purposes is stored until the given consent for direct marketing is explicitly withdrawn or an objection to the processing of personal data for direct marketing is received.

METHOD OF COLLECTION

Each visitor provides personally the personal data, entered or uploaded to the Website. Visitors are not allowed to enter third party personal data without due authorisation by such third party. We do not monitor or control the content, entered or uploaded by the visitor. It is the visitor’s sole responsibility to provide and guarantee that the processing of personal data activities performed within our Website are compliant with the requirements of the GDPR and other applicable personal data protection legislation.

SECURITY MEASURES

We take appropriate technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is only accessible by only those who need access to do their job, and that they are properly trained and authorised. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.

PROCESSORS AND PROCESSING OUT OF EU

For providing quality services we may engage third party service providers - processors, carefully selected according to their capacity for personal data protection and processing in compliance with our obligations under the GDPR. We provide personal data to our processors to process it for us, only based on our instructions and only in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

Personal data may be transferred to the providers of IT and software services, hosting services etc.

INFORMATION WE SHARE

We do not share personal information with companies, organisations and individuals unless one of the following circumstances applies:

1. With your consent - we will share personal information with companies or organisations, when we have your explicit consent to do so;
2. For making some services possible – to third party processors, as described above.
3. For legal reasons - we will share personal information with companies, organisations or individuals, if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
   • a) meet any applicable law, regulation, legal process or enforceable governmental request.
   • b) investigate potential violations;
   • c) detect, prevent, or otherwise address fraud, security or technical issues;
   • d) protect against harm to the rights, property or safety of ours, our visitors or the public as required or permitted by law.

MINORS

We allow our Website to be used only by persons aged 18 and over. If aged under 18, please ask for the assistance of a person aged at least 18 in order to use our Website. If we obtain actual knowledge that we have collected personal data from a person under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data. Please, contact us, if you believe that we have mistakenly or unintentionally collected information from a person under the age of 18.

YOUR RIGHTS

You have the right to request a copy of your personal data at any time, to check the accuracy of the stored information, to correct or update this information, to ask for your personal information to be deleted if there are grounds for doing so, as described below. You also have the right to complain when your privacy rights have been violated. Below is a detailed description of your rights as a personal data subject:

• you have the right to request confirmation if personal data relating to you is being processed and to request a copy of your personal data as well as the information relating to the collection, processing and storage of your personal data.
• you have the right to request your personal data to be deleted if there are any of the following grounds: personal data is no longer necessary for the purposes for which they have been collected; where you have objected against the processing when the processing is unlawful; where data is processed on your consent and you withdraw that consent; where personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller. You may be denied deletion of your personal data for the following reasons: exercising of the right of freedom of expression and the right to information; to comply with our legal obligation or to carry out a task of public interest or in the exercise of the official authority that has been granted to us; for reasons of public interest in the field of public health; for the establishment, exercising or protection of legal claims.
• you have the right to request your personal data to be corrected if it is inaccurate or to be supplemented if it is incomplete.
• you have the right to request the restriction of the processing of your personal data if applicable and there is a reason to do so, for example: you dispute the accuracy of personal data for a period that allows us to verify the accuracy of personal data; the processing is illegal, but you do not want personal data to be deleted but only to be limited; we do not need any more personal data for the purposes of processing, but you require them to identify, exercise or protect your legal claims; you have objected against the treatment pending verification that our legitimate grounds have an advantage over your interests.
• you have the right to request to receive personal data which concerns you and which you have provided in a structured, widely used and machine readable format, and you have the right to transfer this data to another administrator when the processing is based on consent or on contractual obligation and the processing is done in an automated manner.
• you have the right to make an objection against the processing of your personal data before the Data Protection contact person if there are reasons to do so.

You can address all requests to the Data Protection contact person. In order to be able to provide you with full assistance, please provide us with accurate information about you and specify your request. It is possible that, in the exercise of your rights, we may ask for additional information to establish your identity.

Please keep in mind that when your requests are clearly unreasonable or excessive, in particular because of their repeatability, we can:

1. charge a fee, taking into account the administrative costs of providing information or communication or undertaking the requested activities, or
2. refuse to take actions on the request.

We will make reasonable efforts to respect your request within 30 days of receiving your application. If necessary, this term may be extended by a further two months, taking into account the complexity and the number of requests.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems). Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.

If you file a privacy-related complaint, we will collect your name and/or company name, name of a complaint-related person, email, and country location and details that gave rise to your complaint. We will use the information you provide to investigate your complaint and to send you an answer once your complaint is reviewed.

SUPERVISORY AUTHORITY

If you think we have infringed your privacy rights, you can lodge a complaint with the supervisory authority of Bulgaria, which is the Commission for personal data protection. More information can be found at: www.cpdp.bg.

You can also lodge your complaint in the country where you live, your place of work or where you believe we infringed your right(s).

Privacy Policy Last Updated: July 24, 2025