Privacy Policy
Last updated: 21 April 2026
1. Introduction
This Privacy Policy describes how VVM Digital Solutions EOOD ("we", "us") collects, uses, and shares personal data when you visit our website at https://vvmdigital.com or communicate with us by email about our services.
We are an engineering practice based in Varna, Bulgaria. This Policy is written to comply with the European General Data Protection Regulation (GDPR) and the Bulgarian Personal Data Protection Act.
If you have questions about anything in this Policy, reach us at info [at] vvmdigital [dot] com.
2. Data controller
The data controller responsible for your personal data is:
VVM Digital Solutions EOOD112 Vladislav Varnenchik Blvd., fl. 5
Odesos district, Varna 9009
Bulgaria
EIK: 208703903
Email for privacy-related requests: info [at] vvmdigital [dot] com
3. What data we collect
We collect the minimum data we need to run the site, respond to inquiries, and understand how the site is used.
a) Inquiries sent by email
When you email us (for example at [email protected]), we receive whatever you put into that email — typically your name, your email address, and the content of your message. We use this to reply to you.
b) Server logs
Our web server and Cloudflare, our CDN and DDoS protection provider, automatically log standard request metadata: IP address, user-agent string, referrer, timestamps, and the paths of the resources you fetch. This is standard web-server behaviour; we use it to keep the site online, diagnose issues, and protect against abuse.
c) Analytics
We use two analytics tools:
- Google Analytics 4, provided by Google Ireland Limited. GA4 collects information about how visitors interact with the site — which pages they visit, how long they stay, device type, and rough geography derived from IP. GA4 transfers this data to Google's infrastructure, including servers in the United States.
- Yandex Metrica, provided by Yandex LLC (Russian Federation). Yandex Metrica collects similar usage data and may record aggregated session interactions.
Both tools set cookies — see the Cookies section.
d) Cookies
We set or allow a small number of cookies, listed in the Cookies section below.
We do not collect biometric data, health data, payment details, or any special categories of personal data defined in GDPR Article 9.
4. Legal basis for processing
Under GDPR Article 6, we process personal data on one of the following bases:
- Legitimate interest (Art. 6(1)(f)) — for server logs, security monitoring, and aggregate analytics. We have balanced our legitimate interest against your privacy, taking into account the limited and non-sensitive nature of the data.
- Consent (Art. 6(1)(a)) — for non-essential cookies set by Google Analytics 4 and Yandex Metrica. You are asked to accept or reject these cookies through our cookie banner, and you may withdraw consent at any time.
- Contract performance (Art. 6(1)(b)) — when we engage with you as a client under a written service agreement, we process the personal data necessary to deliver that service.
- Legal obligation (Art. 6(1)(c)) — where Bulgarian law requires us to retain specific records, such as tax and accounting data.
5. How long we keep data
We keep personal data only as long as we need it.
| Category | Retention period |
|---|---|
| Email inquiries (inbox correspondence) | 12 months from the last reply, then archived or deleted |
| Server access logs | 14 days rolling window |
| Google Analytics 4 data | 14 months (GA4 property default) |
| Yandex Metrica data | 14 months |
| Cookies set on your browser | See the Cookies section for individual durations |
| Client engagement records (contracts, invoices, related correspondence) | Retained for the period required by Bulgarian accounting and tax law — generally ten years from the end of the relevant fiscal year |
7. International transfers
Some of our providers process personal data outside the European Economic Area:
- Google Analytics 4 transfers data to Google infrastructure, including servers in the United States. Google relies on the EU-US Data Privacy Framework as the mechanism for lawful transfer.
- Yandex Metrica processes data on Yandex infrastructure in the Russian Federation, under its own terms and Russian data protection law.
- Cloudflare operates a global edge network; data may transit through Cloudflare points of presence outside the EEA on its way to our origin servers. Cloudflare relies on Standard Contractual Clauses for international data transfer.
By continuing to use the site while accepting non-essential cookies, you understand that your data may be processed in these jurisdictions.
8. Your rights under GDPR
Under GDPR Articles 15 to 22, you have the right to:
- Access — request a copy of the personal data we hold about you.
- Rectify — ask us to correct data that is incomplete or inaccurate.
- Erase — ask us to delete personal data (the "right to be forgotten"), subject to legal retention obligations.
- Restrict — ask us to stop processing your data while a concern is investigated.
- Object — object to processing based on our legitimate interest.
- Port — request your data in a structured, commonly used format.
- Withdraw consent — for any processing based on consent (primarily cookies).
To exercise these rights, write to info [at] vvmdigital [dot] com with a clear description of your request. We respond within the GDPR-mandated one-month window.
You also have the right to lodge a complaint with the Commission for Personal Data Protection of Bulgaria (CPDP) — the Bulgarian supervisory authority. Their website is https://www.cpdp.bg.
10. Contact
For any question about this Privacy Policy or your personal data:
VVM Digital Solutions EOODAttention: Privacy
112 Vladislav Varnenchik Blvd., fl. 5
Odesos district, Varna 9009
Bulgaria
EIK: 208703903