1. Who processes your data DRAFT — pending legal review
TBD: full registered company name, EIK, VAT number, registered address. Data contact email: privacy@hostika-bg.com.
Short and in plain language. No 47 pages of fine print.
Version: 2026-05-27
TBD: full registered company name, EIK, VAT number, registered address. Data contact email: privacy@hostika-bg.com.
When you fill a form (builder, demo, newsletter, affiliate signup) we collect the name, email, phone, and project details you provide. Visiting the site logs IP and user-agent (for security and traffic measurement). Paying customers enter billing details through the client area (WHMCS). We do not store card data — payments go directly through PCI-DSS-certified processors.
Consent (inquiry forms, newsletter). Contract performance (for paying hosting and service customers). Legitimate interest (security, abuse prevention, basic anti-spam). Legal obligation (accounting records under Bulgarian tax law).
Form leads — 24 months from last contact. Customer accounts — duration of contract + 5 years for accounting. Security logs — 90 days. Newsletter — until you unsubscribe. We delete on request unless law requires retention.
We share data only with processors who help deliver the service: Brevo (newsletter), Stripe / Revolut Business (payments), Sofia datacenter provider. We do not sell data. We do not pass data to third parties for marketing. Subprocessor list updated when it changes.
By default, all data stays in the EU (Sofia, Frankfurt). If a subprocessor handles data outside the EU, we use EU Standard Contractual Clauses (SCCs) or rely on an adequacy decision under GDPR Article 45.
You have the right to: access your data, correction, deletion ("right to be forgotten"), restriction of processing, data portability, objection to processing based on legitimate interest, and withdrawal of consent at any time. Email privacy@hostika-bg.com — we respond within 30 days.
If you believe we have not handled your request properly, you may file a complaint with the Bulgarian Commission for Personal Data Protection (KZLD): kzld.bg, 2 Prof. Tsvetan Lazarov Blvd, 1592 Sofia.
We use only essential functional cookies: lang (selected language), csrf_token (form protection), sessionStorage for builder drafts. No advertising tracking cookies by default. Analytics — aggregated only, no cross-site tracking.
TLS everywhere, CSRF protection on forms, parameterized SQL, hashed passwords (bcrypt), 2FA admin access, daily backups with 14-day history, 24/7 monitoring. Perfect security does not exist — but we do more than required.
For material changes, we email registered customers 30 days in advance. Last-edited date is shown at the top of the page.
Data protection questions, requests, complaints: privacy@hostika-bg.com. General questions: contact@hostika-bg.com.
Have a question about how we handle your data? Email us.
privacy@hostika-bg.com