This Privacy Policy describes how ldg2.com (the „Site“) collects, uses, maintains, and protects the personal information of its users („Users“). The Policy has been developed in accordance with the requirements of Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR) and the Personal Data Protection Act of the Republic of Bulgaria.
By accessing and using the Site ldg2.com, Users agree to the terms of this Policy. If Users do not agree to this Policy, they should discontinue using the Site.
The LDG2.COM website is managed and administered by LDG2 LTD., a company registered under the laws of the Republic of Bulgaria, with its registered office and management address at. Harmanli, ul. 208380097, hereinafter referred to as “Administrator.“. The Controller guarantees that the personal data of Users will be processed lawfully, fairly and transparently, in compliance with all applicable data protection regulations.
This Policy provides Users with information about the categories of personal data that the Site collects, the purposes and grounds for processing, the method of storage and protection of data, as well as the rights of Users in relation to their personal data.
1.1. This policy is intended to inform users of the site about the collection, processing and storage of personal data, providing clarity and transparency regarding the processes involved in processing their information.
1.2. The contract aims to ensure compliance with applicable data protection legislation, including Regulation (EU) 2016/679 (General Data Protection Regulation) and the Data Protection Act, by creating a secure environment for the processing of personal data.
1.3. The purpose of entering into this Policy is to establish a framework for the rights and obligations of the parties in relation to the processing of personal data, to ensure the protection of the fundamental rights and freedoms of data subjects, and to facilitate the free flow of such data in accordance with applicable legal requirements.
1.4. The policy aims to create the conditions for the effective exercise of data subjects' rights, including access, rectification, erasure, restriction of processing and objection, and to provide information on the mechanisms for lodging complaints and exercising these rights.
2.1. The Controller and the Processor process personal data necessary for the performance of contractual obligations, the provision of services and compliance with legal requirements.
2.2 The personal data that may be processed includes the following categories: first name, last name, email address, IP address, as well as payment data provided by third parties, including, but not limited to, transaction data.
2.3. The processing of personal data shall be carried out in accordance with the principles of lawfulness, transparency and fairness, ensuring compliance with applicable law.
2.4. Special categories of personal data, such as those relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic data, biometric data, data concerning health or sex life shall not be processed under this contract.
2.5. The personal data processed shall be proportionate to the purposes for which they are collected and shall be limited to the minimum necessary in accordance with the data minimisation principle.
3.1. Personal data is processed by the Controller and the Processor for the purpose of fulfilling contractual obligations, including the management of user accounts and the provision of requested services as governed by Regulation (EU) 2016/679 and the Personal Data Protection Act.
3.2. The processing of personal data for the purpose of sending marketing messages shall be carried out solely on the basis of consent given by the subject, which may be withdrawn at any time, without prejudice to the lawfulness of the processing prior to withdrawal.
3.3 Personal data is processed to comply with legal obligations, including obligations under tax and accounting legislation, applying the principles of lawfulness, fairness and proportionality.
3.4. The Controller and Processor may process personal data on the basis of a legitimate interest where this does not conflict with the rights and freedoms of the data subject, such as for the protection of legal claims or the improvement of the security of systems.
3.5 Pursuant to Article 6 of Regulation (EU) 2016/679, processing shall only take place if at least one of the following legal grounds is present: consent of the data subject, performance of a contract, legal obligation, protection of the vital interests or legitimate interest of the Controller or a third party.
3.6. When processing personal data for purposes other than those originally specified, the Controller shall carry out an assessment of the compatibility of the new purposes with the original purposes, as required by Article 6(4) of Regulation (EU) 2016/679.
4.1. The Controller and the Processor may share personal data with third parties where necessary for the performance of contractual obligations, the enforcement of legal requirements or the protection of legitimate interests in accordance with applicable law.
4.2 Personal Data may be provided to payment processors, including but not limited to PayPal and Stripe, for the purpose of processing transactions related to the use of the Site Services.
4.3 Personal Data may be disclosed to accountants and auditors engaged by the Controller and Processor for the purpose of fulfilling financial and accounting obligations.
4.4 Personal data may be provided to IT service providers who provide technical support and maintenance of the systems used by the Controller and the Processor, provided that such providers ensure compliance with the data protection requirements set out in Regulation (EU) 2016/679.
4.5 Personal data may be provided to competent government authorities, including but not limited to tax, regulatory and law enforcement authorities, where required to do so by law or as necessary to comply with legal obligations.
4.6. The processing of personal data by third parties is governed by a contract or other legal act in accordance with the requirements of Regulation (EU) 2016/679, which obliges the third party to comply with the principles and measures for the protection of personal data.
4.7. The Controller and the Processor shall ensure that the transfer of personal data to third parties is proportionate to the purposes of the processing and is limited to the minimum necessary to achieve them.
4.8. When transferring personal data to third countries or international organisations, the Controller and the Processor undertake to take all necessary measures to ensure an adequate level of protection in accordance with the requirements of Regulation (EU) 2016/679.
5.1. Personal data is stored by the Controller and Processor in accordance with applicable law, including Regulation (EU) 2016/679 and the Personal Data Protection Act.
5.2. Order data shall be stored for a period of 10 years from the date of execution of the order, unless applicable law provides for a longer storage period.
5.3. User account data is stored until it is explicitly deleted by the User or until the termination of the service associated with the account, unless the law requires a longer storage period.
5.4. After the expiry of the specified periods, the data shall be destroyed or anonymised, unless their retention is necessary for the defence of legal claims, the performance of legal obligations or other legitimate purposes provided for by law.
5.5. The Controller and the Processor shall implement appropriate technical and organisational measures to ensure the security of personal data stored, including protection against unauthorised access, accidental loss, destruction or alteration, in accordance with Article 32 of Regulation (EU) 2016/679.
5.6. The Controller and the Processor shall keep records of the categories of processing activities, which shall include information on the retention periods of personal data, in accordance with Article 30 of Regulation (EU) 2016/679.
6.1. The User shall have the right to access his personal data processed by the Administrator, provided that he submits a corresponding request in writing or electronically. The Controller shall provide the information within 30 days of receipt of the request.
6.2. The user has the right to rectification of his personal data when they are inaccurate or incomplete. Corrections shall be made within 30 days of the request for correction.
6.3. The user has the right to request the deletion of his personal data when they are no longer necessary for the purposes for which they were collected or when their processing is unlawful, unless their storage is necessary to comply with legal obligations.
6.4. The user has the right to restrict the processing of his/her personal data in the cases provided for in Article 18 of Regulation (EU) 2016/679, including when he/she contests the accuracy of the data or objects to the processing.
6.5. The user shall have the right to data portability, whereby he may obtain his personal data in a structured, commonly used and machine-readable format, as well as to transfer them to another controller where the processing is based on consent or contract and is carried out in an automated manner.
6.6. The user has the right to object to the processing of his personal data if it is based on a legitimate interest of the Controller or of a third party. In the event of an objection, the Controller is obliged to terminate the processing unless it proves that there are compelling legitimate grounds for its continuation.
6.7. The user has the right to withdraw his consent to the processing of personal data at any time, without prejudice to the lawfulness of the processing prior to withdrawal.
6.8. The user has the right to lodge a complaint with the Commission for Personal Data Protection or with the competent court in case of violation of his rights in relation to the processing of personal data.
6.9. The Controller shall provide the User with clear information about his/her rights in relation to the processing of personal data, as well as facilitate the exercise of these rights through appropriate technical and organizational measures.
7.1. The Controller and the Processor undertake to implement appropriate technical and organisational measures to ensure the security of personal data as provided for in Article 32 of Regulation (EU) 2016/679.
7.2. Security measures include, but are not limited to: data encryption, pseudonymisation, control of access to systems and data media, regular testing and evaluation of the effectiveness of the measures implemented.
7.3. The Controller and the Processor shall ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services by taking action to protect against unauthorised access, accidental loss, destruction or alteration of personal data.
7.4. In the event of a physical or technical incident, the Controller and the Processor shall ensure timely restoration of the availability of and access to Personal Data.
7.5. The Controller and the Processor shall maintain a register of processing activities which contains information on the technical and organisational security measures in accordance with Article 30 of Regulation (EU) 2016/679.
7.6. In the event of a personal data breach, the Controller shall notify the competent supervisory authority and the affected subjects within 72 hours as provided for in Article 33 of Regulation (EU) 2016/679.
7.7. The Processor shall immediately notify the Controller of any personal data breach in order to take the necessary action to mitigate the consequences and to notify the relevant authorities and entities.
8.1. The Administrator and the Processor use cookies and other technologies to track the ldg2.com website in order to improve functionality, analyse user behaviour and provide personalised advertising messages in accordance with Regulation (EU) 2016/679.
8.2. Cookies are small text files that are stored on the User's device when visiting the Site. They can be „session“ (stored only temporarily) or „persistent“ (stored for a certain period of time).
8.3. Tracking technologies used include standard traffic analysis tools, functional cookies for user experience optimization and advertising cookies for content targeting.
8.4. The user has the right to manage his cookie preferences through his browser settings or other available tools, and in the case of refusal of certain categories of cookies, the functionality of the site may be limited.
8.5. The Controller and Processor shall ensure that the use of cookies and tracking technologies is proportionate to the purposes for which the data were collected and is carried out in accordance with the principles of lawfulness, fairness and transparency.
8.6. The user can obtain detailed information about the types of cookies, their purpose and storage periods through the privacy notice published on the site, as well as contact the Administrator for further clarification.
8.7. The Controller and the Processor shall implement appropriate technical and organisational measures to protect data collected through cookies and tracking technologies, including encryption and access control, in accordance with Article 32 of Regulation (EU) 2016/679.
9.1. For donations made through the ldg2.com website, the Controller and Processor process a minimum amount of personal data, including the donor's name and email address, for the purpose of administering the donation and fulfilling legal obligations.
9.2. The processing of personal data in relation to donations shall be carried out in accordance with the principles of lawfulness, fairness and proportionality as set out in Regulation (EU) 2016/679.
9.3. Data relating to donations shall be kept for the period prescribed by the applicable tax legislation, after which they shall be destroyed or anonymised, unless their retention is necessary for the defence of legal claims or the fulfilment of other legal obligations.
9.4 Personal data processed in connection with donations shall not be disclosed to third parties unless this is required by law or necessary for the performance of contractual relations with payment operators.
9.5. The Controller and Processor shall implement appropriate technical and organisational measures to protect personal data, including encryption and access control, to prevent unauthorised access, loss, destruction or alteration of data.
9.6. The donor has the right of access to his/her personal data, the right to rectification, the right to erasure, the right to restriction of processing, the right to object and the right to data portability as provided for in Regulation (EU) 2016/679.
9.7. The Donor may exercise their rights relating to the processing of personal data by written request addressed to the Controller's email address set out in this document.
10.1. The Data Controller shall provide data subjects with the opportunity to submit questions, requests or complaints regarding the processing of personal data through the contact email address [insert example email address] or through any other appropriate communication channel that is indicated on the official website of the Data Controller.
10.2. Any questions, requests or complaints relating to the processing of personal data shall be made in writing and shall contain sufficient information to identify the data subject and the nature of the request or complaint.
10.3. The controller shall respond to any request or complaint made within 30 calendar days of receipt, unless the nature of the request suggests an extension of time, of which the data subject shall be duly notified.
10.4. In the event of a dispute regarding the processing of personal data, data subjects shall have the right to apply to the Personal Data Protection Commission or to the competent court in accordance with the applicable law.
10.5 The Licensee undertakes to assist the Controller in resolving any issues relating to personal data, including by providing the necessary information as required by law.
11.1. This Policy shall come into effect from [date] as determined by the Administrator.
11.2. All amendments and additions to this Policy shall be made by the Administrator, and the updated version shall be posted on the ldg2.com website.
11.3. The administrator shall notify users of material changes to the policy by appropriate means, including posting on the website or sending notification by email where applicable.
11.4. Users are obliged to familiarize themselves with updates to the policy whenever it is amended. Continued use of the site after amendments shall be deemed acceptance of the new terms.
11.5. In the event that any provision of this policy is held to be invalid or unenforceable, this shall not affect the validity of the remaining provisions. The invalid or unenforceable provision shall be replaced by a provision that most closely meets the intent of the original provision.
11.6. All disputes arising in connection with this Policy shall be settled in accordance with the applicable law of the Republic of Bulgaria, with jurisdiction in the relevant Bulgarian court.
Last update date: 15.12.2025