Privacy Policy


Personal Data Processing Policy

Personal Data administrator information:

Groutraise Ltd. is a company registered in the Commercial Register of the Registry Agency, UIC: 207187330, with registered and management address: 1000 Sofia City, 53A bul. Patriarh Evtimiy, apt. 10, fl. 4, phone number: +359885443259; e-mail: alex @

How we use cookies on this Website?

We process your personal data on the following grounds:

  • A contract between us in order to fulfill our obligations under it;
  • Your explicit consent – the purpose is stated on a case-by-case basis;
  • In the case of a statutory obligation;

In the following paragraphs, you will find detailed information about the processing of your personal data, depending on the basis on which we process it.


We process your personal information in order to fulfill our contractual and pre-contractual obligations and to benefit from the rights under the contracts concluded with you.

Processing Purposes:

  • to identify you;
  • to manage and execute your request and fulfill a contract already concluded;
  • to draft a contract proposal;
  • to draft and send an invoice/bill for the services you use with us;
  • to provide you with all the necessary services and to collect the amounts due for the services used;
  • to store correspondence regarding ordering, request processing, problem reporting and more.
  • for notification of everything related to the services you use with us;
  • client history analysis;
  • to identify and/or prevent unlawful acts or actions contrary to our terms of service;

Data we process on this basis:

Based on the contract concluded between us, we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:

  • personal contact information – contact address, email, phone number;
  • identification data – full name, unique civilian or foreigner personal number, permanent address;
  • data on orders placed;
  • full service correspondence – emails, letters, information about your troubleshooting requests, complaints, requests, feedback we receive from you;
  • credit or debit card information, bank account number, or other bank and payment information in connection with the payments made;

o   other information such as:

  • Customer ID, code or other identifier created for identification;
  • Demographics
  • Social network profile data
  • Information about your activity on the website

Processing of the personal data provided is obligatory for us to be able to conclude the contract with you and to therefore fulfill it. Without providing us with the above information, we will not be able to fulfill our contractual obligations.

We provide personal information to third parties

We provide your personal information to third parties, and our primary goal is to offer you quality, fast and comprehensive service. We do not disclose your personal information to third parties unless we make sure that all technical and organizational measures have been taken to protect that data, and we strive to exercise strict control over the fulfillment of this purpose. In this case, we shall be responsible for the confidentiality and security of your data.

We provide personal information to the following categories of recipients (data administrators):

  • postal operators and courier companies;
  • persons and entities maintaining equipment, software and hardware used to process personal data and necessary for the operation of the company
  • persons and entities providing consulting services in various fields.

We provide personal information to third parties

The data collected on this basis shall be deleted within 2 years after the termination of the contractual relationship, whether due to the expiry of the contract, its termination or for any other reason.


The law may provide an obligation for us to process your personal data. In these cases, we shall carry out the processing, such as:

  • Obligations under the Law on Measures against Money Laundering;
  • Fulfillment of obligations related to distance selling, off-premises sales provided for in the Consumer Protection Act;
  • Providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;
  • Provision of information to the Personal Data Protection Commission in relation to the obligations laid down in the legislation on personal data protection;
  • Obligations stipulated in the Law on Accounting and the Tax and Social Insurance Procedure Code and other related normative acts in connection with lawful accounting;
  • Providing information to the court and third parties, in the course of proceedings before a court, in accordance with the requirements of the applicable legislation;
  • Confirmation of age when on-line shopping.


We delete the data collected in accordance with a statutory obligation after the collection and storage obligation is fulfilled or eliminated. For instance:

  • under the Accounting Act – for storage and processing of accounting data (11 years),
  • obligations to provide information to the court, competent public authorities, and other grounds provided for in the applicable legislation (5 years).

Provision of data to third parties

When a law requires us to do so, we may provide your personal information to the competent governmental authority, natural or legal entities.


We shall process your personal data on this basis only with your express, unambiguous and voluntary consent. We will not provide for any adverse effect on you if you refuse us to process your personal data.

Consent is a separate basis for processing your personal data and the purpose of the processing shall be specified therein and is not covered by the purposes listed herein. If you give us consent and until its withdrawal or termination of any contractual relations with you, we shall prepare suitable product/service proposals for you by performing detailed analyses of your general personal data;

Detailed analysis is a method of analysis that allows the processing of large data through statistical models and algorithms, and others that involve the use of personal data, as well as pseudonymization and anonymization processes to extract trend information and different statistics.

Data we process on this basis:

On this basis, we only process data for which you have given us your explicit consent. Specific data shall be determined on a case-by-case basis. Typically, this information is a name, email, and phone number.

We provide personal information to third parties

On this basis, we may share your information with marketing agencies, Facebook, Google, or other similar local and foreign business partners.

Withdrawal of consent

Consents provided may be withdrawn at any time. Withdrawal of consent shall not affect the fulfillment of any contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we shall not use your personal data and information for the purposes set out above. Withdrawal of consent shall not affect the lawfulness of the processing based on an consent prior to its withdrawal.

To withdraw the consent given, you just need to use our website or simply our contact information.

When we delete data collected on this basis

Data collected on this basis shall be deleted at your request or within 12 months after the initial collection.


We process your data for statistic purposes, that is, for analyses where the results are only aggregate and therefore the data are anonymous. It is impossible to identify a specific person from this information.

Your data may also be anonymized. Anonymization is an alternative to deleting data. In the case of anonymization, all personally identifiable items that make your identification possible, shall be permanently deleted. There is no legal obligation to delete anonymized data, since they do not represent personal data.

Why and how we use automated algorithms

To process your personal data, we use partially automated algorithms and methods to continually improve our products and services to tailor our products and services to your needs in the best possible way. This process is called profiling.

How we protect your personal information

In order to ensure adequate protection of the data of the company and its clients, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.

For maximum security in processing, transferring and storing your data, we may use additional security mechanisms such as encryption, pseudonymization, etc.

Personal data we gather from third parties

We do not gather information from third parties.


Each User of the Website has all the rights to protection of personal data in accordance with the Bulgarian legislation and the law of the European Union.

Users can exercise theirs rights through the contact form or by sending us an email.

Each User has the right to:

  • Awareness (regarding the processing of personal data by the administrator);
  • Access to their own personal data;
  • Correction (if the data is incorrect);
  • Deletion of personal data (the right to be “forgotten”);
  • Restriction of processing by the administrator or the processor;
  • Transferability of personal data between different administrators;
  • Objection to the processing of their personal data;
  • The data subject is entitled not to be the subject of a decision based solely on automated processing involving profiling which has legal effects on the data subject or similarly significantly affects them;
  • The right to a judicial or administrative protection in the event that the data subject’s rights have been violated.

The User may request deletion if one of the following conditions becomes present:

  • Personal data are no longer required for the purposes for which they were collected or processed;
  • The User withdraws their consent, which the processing of the data is based on, and there is no other legal basis for the processing;
  • The User objects to the processing and there are no legal grounds for processing to take precedence;
  • Personal data were processed illegally;
  • Personal data shall be deleted in order to comply with a legal obligation under Union law or a Member State law applicable to the administrator;
  • Personal data were collected in connection with the provision of information society services to children and consent was given by the person bearing parental responsibility for the child.

The User has the right to restrict the processing of their personal data by the administrator when:

  • Challenges the accuracy of the personal data. In this case, restricting the processing shall be for a period allowing the administrator to verify the accuracy of the personal data;
  • The processing is unlawful, but the User does not want the personal data to be deleted, but instead requires a restriction on their use;
  • The administrator no longer needs the personal data for the purposes of processing, but the User requires it for the establishment, exercise or protection of legal claims;
  • objects to the processing pending verification that the legal grounds of the administrator take precedence over the interests of the User.

Right to transferability

The data subjects shall have the right to receive the personal data concerning them which they have provided to the administrator in a structured, widely used and machine-readable format and shall have the right to transfer this data to another administrator without hindrance from the administrator whom the personal data were provided to, when such processing is based on consent or contractual obligation and is carried out in an automated manner. When exercising their right to data transferability, the data subject shall also have the right to receive and directly transfer their personal data from one administrator to another, where technically feasible.

Right to objection

Users have the right to object before the administrator against the processing of their personal data. The personal data administrator shall suspend the processing unless they prove that there are compelling legal grounds for processing that take precedence over the data subject’s interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. When objecting to the processing of personal data for direct marketing purposes, the processing shall be stopped immediately.

Claims to the supervisory authority

Each User has the right to file a claim against the unlawful processing of their personal data to the Data Protection Commission or to the competent court.


We shall maintain a register of processing activities for which we are responsible. This register shall contain all the following information:

  • name and contact details of the administrator
  • purposes of processing;
  • a description of the categories of data subjects and the categories of personal data;
  • Categories of recipients to whom personal data are or will be disclosed,
  • Including recipients in third countries or international organizations;
  • When applicable, time limits for deletion of the different categories of data;
  • When applicable, general description of the technical and organizational security