Privacy Policy
Last updated: 4 July 2026
This Privacy Policy explains how Vedena — Information Systems and Solutions Ltd. ("Vedena", "we", "us") processes personal data in connection with this website, vedena.net, in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, "GDPR") and applicable Bulgarian law.
1. Data controller
Vedena — Information Systems and Solutions Ltd.
Registered in Bulgaria (EU) · UIC: 175199193
Registered office: 9 Borovan Str., 1619 Sofia, Bulgaria
Contact: [email protected]
2. What personal data we process, and why
2.1 When you contact us
If you write to us at [email protected], we process the personal data you choose to include — typically your name, email address, organisation, and the content of your message.
- Purpose: responding to your enquiry and, where relevant, preparing an offer or engagement.
- Legal basis: Art. 6(1)(b) GDPR (steps prior to entering into a contract) or Art. 6(1)(f) GDPR (our legitimate interest in responding to business correspondence).
- Retention: for the duration of our correspondence and up to 2 years thereafter, unless a contractual relationship follows or a longer period is required by law.
2.2 Technical data (server logs)
When you visit this website, our infrastructure automatically records limited technical data: IP address, date and time of the request, requested page, HTTP status, browser type (user agent), and referring page.
- Purpose: operating the website securely, detecting abuse, and diagnosing technical problems.
- Legal basis: Art. 6(1)(f) GDPR (our legitimate interest in the security and availability of our systems).
- Retention: log data is kept for up to 30 days and then deleted, unless needed to investigate a specific security incident.
3. Cookies
4. Who processes data on our behalf
This website is hosted on infrastructure operated by the following providers, acting as our processors or independent controllers for network transit:
- Hetzner Online GmbH (Germany, EU) — server hosting.
- Cloudflare, Inc. — DNS and content delivery network. Traffic to this website passes through Cloudflare's global network; Cloudflare processes technical connection data under EU Standard Contractual Clauses and the EU-U.S. Data Privacy Framework.
- Email infrastructure providers within the EU/EEA and Switzerland — for receiving and sending email.
We do not sell personal data. We do not share personal data with third parties for marketing purposes.
5. International transfers
Our systems are located in the European Union. Where a provider (such as Cloudflare) may process technical data outside the EU/EEA, this takes place under appropriate safeguards pursuant to Chapter V GDPR (adequacy decisions or Standard Contractual Clauses).
6. Your rights
Under the GDPR you have the right to:
- access the personal data we hold about you (Art. 15);
- rectification of inaccurate data (Art. 16);
- erasure ("right to be forgotten", Art. 17);
- restriction of processing (Art. 18);
- data portability (Art. 20);
- object to processing based on legitimate interest (Art. 21).
To exercise any of these rights, write to [email protected]. We will respond within one month.
You also have the right to lodge a complaint with the Bulgarian supervisory authority: Commission for Personal Data Protection (Комисия за защита на личните данни), 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria — www.cpdp.bg.
7. Changes to this policy
We may update this policy to reflect changes in our practices or legal requirements. The current version, with its effective date, is always published on this page.
