Contact us

Privacy Policy

This Privacy Policy is intended to inform you how SLAVLEN JSC (“the Company”) collects, uses, stores, and protects the personal data of individuals, as well as the rights that data subjects have under the applicable European and national legislation.

1. Who We Are

SLAVLEN JSC is a road construction company engaged in production, construction, and commercial activities.

  • Name: SLAVLEN JSC
  • Registered office and address of management: office 4.1, 126 Tintyava Str., 1172 Sofia, Bulgaria
  • Website: www.slavlen.eu
  • Email: office@slavlen.eu

SLAVLEN JSC is a personal data controller within the meaning of the General Data Protection Regulation (GDPR) and the applicable Bulgarian legislation.

2. The Controller and Your Personal Data

The Company strictly observes the protection of individuals’ personal data. As a data controller, SLAVLEN JSC processes personal data in compliance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and the applicable national legislation.

SLAVLEN JSC applies appropriate technical and organisational measures to protect personal data from unauthorised access, loss, alteration, or destruction, taking into account the nature and volume of the processed data, as well as the risks to the rights and freedoms of individuals. Access to personal data is granted only to authorised persons who require it for the performance of their duties and for the fulfilment of contractual or legal obligations.

This Privacy Policy reflects SLAVLEN JSC’s general approach to personal data protection and is updated whenever necessary, including in the event of changes in the Company’s operations or in the applicable legal framework.

3. What Are “Personal Data” and “Processing of Personal Data”?

3.1. “Personal Data”

For the purposes of this Policy, “personal data” means any information relating to an identified or identifiable natural person—whether a website visitor or a person who contacts the Company through the contact form or the contact details published on the website. A person is identifiable when they can be identified directly or indirectly, for example through their name, contact details such as a telephone number or e-mail address, or through other information that allows a connection with a specific individual to be established.

In the context of our website, personal data typically include your name, telephone number, e- mail address, and any additional information that you voluntarily provide in the free-text field of the contact form (for example, information regarding a project, property, company, status as a natural or legal person, insofar as such information may relate to an identifiable individual). Certain technical data related to your visit—such as IP address and online identifiers (“cookies”)—may also constitute personal data when they allow your behaviour in an online environment to be linked to you as an individual. Regardless of whether the information is provided in paper or electronic form, if it identifies a specific individual, it is considered personal data and is protected under the applicable legislation.

3.2. “Processing of Personal Data”

“Processing of personal data” refers to any operation or set of operations performed on personal data or on sets of personal data, whether or not by automated means. For our website, processing includes the collection of personal data—such as when you fill in and submit the contact form or send us an e-mail. After collection, the data are recorded and stored for a certain period in electronic systems or other appropriate media, allowing us to review your enquiry, contact you, and, if necessary, initiate correspondence or pre-contractual discussions.

Processing also occurs when our staff review the information you have provided in order to respond to your enquiry, provide an offer or further clarification, or arrange a meeting or site visit. Processing includes the internal transmission of data within the Company, where necessary, to the relevant employees or departments in order to prepare a response or quotation. Processing also encompasses the storage of certain technical data (logs, IP addresses, “cookie” information), insofar as they are required for the proper functioning and security of the website or for evidentiary purposes in the event of a dispute.

Processing further includes the deletion or anonymisation of personal data after the relevant retention period has expired or once the purposes for which the data were collected no longer apply, as well as the restriction of processing in cases required by law or requested by the data subject. In this sense, “processing” covers the entire life cycle of your data—from the initial collection through the website or its technical tools to the final deletion.

4. Why and Whose Personal Data Do We Process?

As a construction company, SLAVLEN JSC processes personal data of certain categories of individuals with whom it has various legal relationships. These include our employees, shareholders, job applicants, individual contractors, and representatives of corporate contractors. We also process personal data of visitors to our website and individuals who contact us via the contact form or the published contact details.

Processing personal data is necessary to identify individuals clearly and reliably, to ensure the proper functioning of employment relationships, and to comply with labour, social security, tax, accounting, and other statutory requirements applicable to our activity, including those in the fields of construction, transport, extraction and supply of inert materials, concessions, and related activities. Personal data are also processed to enable the lawful conclusion and performance of contracts, the protection of our legitimate interests, and the handling of legal or out-of-court claims.

For website visitors and persons who submit enquiries, SLAVLEN JSC processes only a limited amount of personal data necessary to review and respond to the enquiry, maintain communication, or take steps towards possible contractual engagement. This typically includes the individual’s name, contact details (e-mail and/or telephone number), and any additional information voluntarily provided in the message. For security and technical reasons, certain technical data may also be processed, such as IP address, log files, and cookie data, in accordance with our Cookie Policy and the applicable legislation.

5. Principles We Follow When Processing Personal Data

SLAVLEN JSC does not collect or process personal data arbitrarily or without limitation. Personal data are processed lawfully, fairly, and transparently—always on the basis of a valid legal ground (law, contract, legitimate interest, or consent) and for clearly defined purposes of which the individuals are informed.

We collect only the data necessary for the specific purpose—for example, to review an enquiry, respond to correspondence, conclude or perform a contract, or comply with a legal obligation. We strive to ensure that personal data are accurate and updated where necessary, and that outdated or unnecessary data are deleted within reasonable time periods or after the statutory retention periods have expired.

SLAVLEN JSC ensures that personal data are stored in a manner that guarantees their confidentiality and security and reduces the risk of unauthorised access, misuse, loss, or damage. The Company is responsible for applying these principles and for organising the processing of personal data in accordance with the applicable legislation.

6. What Rights Do Individuals Have?

Individuals whose personal data are processed have all rights provided under the applicable legislation. They have the right to obtain confirmation as to whether SLAVLEN JSC processes their data, what data are processed, and for what purposes, as well as to receive a copy of their personal data. They also have the right to request the rectification or completion of inaccurate or incomplete personal data, whether on their own initiative or on the initiative of the controller.

Where the law permits, individuals may request the deletion of their personal data (“the right to be forgotten”) or the restriction of processing, and they may exercise their right to data portability when the processing is based on consent or a contract and carried out by automated means. In certain cases, individuals may object to the processing of their personal data if legal grounds exist.

An individual may request erasure if any of the following conditions are met:

  • The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • The individual withdraws their consent on which the processing is based and there is no other legal ground for the processing;
  • The individual objects to the processing and there are no overriding legitimate grounds for the processing;
  • The personal data have been unlawfully processed;
  • The personal data must be erased for compliance with a legal obligation under Union law or the law of a Member State applicable to the controller;
  • The personal data have been collected in relation to the offering of information society services to children, and consent was provided by the holder of parental responsibility for the child.

The individual has the right to restrict the processing of their personal data by the controller where:

  • They contest the accuracy of the personal data. In this case, the restriction of processing shall apply for a period enabling the controller to verify the accuracy of the personal data;
  • The processing is unlawful, but the individual does not wish the personal data to be erased and requests the restriction of their use instead;
  • The controller no longer needs the personal data for the purposes of the processing, but the individual requires them for the establishment, exercise, or defence of legal claims;
  • They have objected to the processing pending verification as to whether the controller’s legitimate grounds override those of the individual.

If individuals consider that their rights have been violated, they may seek protection either by lodging a complaint with the competent supervisory authority or through judicial proceedings, as provided by law.

7. How Can You Exercise Your Rights?

You may exercise your rights personally or through an authorised representative by submitting a written request addressed to the Executive Directors of SLAVLEN JSC, either at the Company’s registered office or by postal mail through a licensed postal operator. For any questions related to the exercise of your rights, you may contact us using the details provided in Section 10 of this Policy.

8. When May We Disclose Your Personal Data?

SLAVLEN JSC takes measures to protect personal data from loss, theft, misuse, unauthorised access, and from unlawful disclosure, alteration, or destruction. However, in certain cases expressly provided by law, personal data may be disclosed to third parties—for example, upon request from a court or investigative authorities such as the police, investigative bodies, or the prosecutor’s office, as well as other public authorities where such disclosure is permitted by law. Disclosure may also occur when necessary or appropriate for purposes of national security, the prevention or detection of crime, or in situations of public importance where the law authorises such disclosure. In all cases, disclosure is limited to what is strictly necessary and is carried out in compliance with applicable legal requirements.

9. Retention Periods for Personal Data

SLAVLEN JSC retains personal data for periods arising from the applicable legislation, including labour, accounting, and tax laws, as well as other special regulatory requirements. Where the processing relates to contractual relationships, the data are retained for the time necessary for the conclusion, performance, and termination of the respective contract and for the period during which claims may arise. Personal data may also be stored for longer periods when necessary for the protection of the Company’s legitimate interests, such as pending disputes, claims, or proceedings before administrative or judicial authorities. After the relevant retention periods expire or when the legal basis for processing no longer exists, the data are anonymised or deleted/destroyed in accordance with the Company’s internal procedures, unless another legal basis justifies further retention.

10. Contact Information

For more information regarding this Privacy Policy, or to submit enquiries, complaints, or suggestions, you may contact us at:

  • Telephone: +359 889 622 922 (business days, 10:00–16:00)
  • Website: www.slavlen.eu
  • E-mail: office@slavlen.eu

If you disagree with the manner in which we process your personal data, you have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP) – Sofia, 2 Prof. Tsvetan Lazarov Blvd., website: www.cpdp.bg