PRIVACY POLICY

Last updated: January 17, 2026

1. INTRODUCTION

This Privacy Policy describes how CHAIKITE LTD (hereinafter referred to as "Agency", "we", "us" or "our") collects, uses, stores and protects the personal data of our clients and users in accordance with the General Data Protection Regulation (GDPR) and the Personal Data Protection Act (PDPA) of the Republic of Bulgaria.

This policy applies to all services provided by our event organization agency.

2. DATA CONTROLLER

The data controller is:

CHAIKITE LTD
Registration No.: 208145658
Address: Sofia (1619), Vitosha District, Studen Kladenets Str. 36B, Apt. 11
Email: hello@chaikite.com
Phone: +359893446090

3. WHAT PERSONAL DATA WE COLLECT

When using our event organization services, we may collect the following categories of personal data:

  • Identification data: first and last name
  • Contact data: email address, phone number
  • Event data: date, type of event, number of guests, special requirements
  • Financial data: payment and invoicing information
  • Communication data: correspondence via email, phone or other channels
  • Technical data: IP address, cookie data (see Cookie Policy)

4. HOW WE COLLECT YOUR DATA

We collect your personal data in the following ways:

  • Directly from you: when you fill out forms, contact us or enter into a contract
  • Automatically: through cookies and similar technologies when visiting our website
  • From third parties: service providers we work with for your event

5. PURPOSES AND LEGAL BASIS FOR PROCESSING

We process your personal data for the following purposes and on the following legal bases:

5.1. Performance of a contract (Art. 6(1)(b) GDPR)

  • Organization and execution of commissioned events
  • Communication regarding event details
  • Coordination with service providers
  • Processing payments and issuing invoices

5.2. Legal obligation (Art. 6(1)(c) GDPR)

  • Accounting and tax obligations
  • Document retention according to Bulgarian legislation
  • Response to requests from government authorities

5.3. Legitimate interest (Art. 6(1)(f) GDPR)

  • Improving the quality of our services
  • Analysis and statistics for internal purposes
  • Protecting our legitimate interests in disputes
  • Fraud prevention

5.4. Consent (Art. 6(1)(a) GDPR)

  • Sending marketing communications and offers
  • Using photos and video materials from events
  • Publishing testimonials and recommendations

You have the right to withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal.

6. DATA RETENTION PERIOD

We retain your personal data for the following periods:

  • Contract data: up to 5 years after event completion (according to the Obligations and Contracts Act)
  • Accounting and financial documents: 10 years (according to the Accounting Act)
  • Marketing data: until consent withdrawal or up to 3 years from last activity
  • Correspondence and inquiries: up to 2 years from last communication
  • Technical data (cookies): see Cookie Policy

After the relevant period expires, your data is permanently deleted or anonymized.

7. SHARING DATA WITH THIRD PARTIES

We may share your personal data with the following categories of recipients:

7.1. Service providers

We share data with providers who help organize your event (catering, decoration, sound, photography, etc.), but only to the necessary extent.

7.2. Professional advisors

Accounting, legal and other advisors who assist us in our operations.

7.3. Payment processors

For online payments, we share necessary information with payment institutions.

7.4. Government authorities

When legally required (tax authorities, court, police, etc.).

All third parties are obligated to comply with GDPR and PDPA requirements and to process data only for specified purposes.

8. DATA TRANSFER OUTSIDE THE EU

We do not transfer your personal data outside the European Economic Area (EEA). If this becomes necessary for providing our services, we will ensure appropriate safeguards in accordance with Art. 46 GDPR (standard contractual clauses, certification, etc.) and will inform you in advance.

9. SECURITY MEASURES

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, destruction or alteration:

  • Data encryption during transmission (SSL/TLS) and storage
  • Limited access to personal data only for authorized employees
  • Regular data backups
  • Password protection and two-factor authentication
  • Regular security system checks and updates
  • Information security policies and staff training
  • Physical protection of offices and servers

10. YOUR RIGHTS

Under GDPR and PDPA, you have the following rights regarding your personal data:

10.1. Right of access (Art. 15 GDPR)

To obtain confirmation whether we process your data and a copy of it.

10.2. Right to rectification (Art. 16 GDPR)

To request correction of inaccurate or incomplete data.

10.3. Right to erasure (Art. 17 GDPR)

To request deletion of your data ("right to be forgotten"), under certain conditions.

10.4. Right to restriction of processing (Art. 18 GDPR)

To request temporary restriction of processing under certain circumstances.

10.5. Right to data portability (Art. 20 GDPR)

To receive your data in a structured, commonly used format and transfer it to another controller.

10.6. Right to object (Art. 21 GDPR)

To object to the processing of your data, especially for direct marketing.

10.7. Right to withdraw consent

When processing is based on consent, you have the right to withdraw it at any time.

10.8. Right to lodge a complaint with a supervisory authority

To lodge a complaint with the Commission for Personal Data Protection (CPDP).

To exercise your rights, please contact us at: info@chaikite.bg or +359 XX XXX XXXX

We will respond to your request within 1 month of receiving it (may be extended by 2 more months in complex cases).

11. CONTACT WITH SUPERVISORY AUTHORITY

For questions or complaints regarding the processing of your personal data, you can contact:

Commission for Personal Data Protection (CPDP)
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
Phone: +359 2 915 3 518
Email: kzld@cpdp.bg
Website: www.cpdp.bg

12. POLICY CHANGES

We reserve the right to update this Privacy Policy from time to time to reflect changes in our practices, legislation or for other operational, legal or regulatory reasons.

In case of significant changes, we will notify you via email (to the address you provided) or through a visible notice on our website before they take effect.

We recommend periodically reviewing this policy for current information.

13. CONTACT

For questions regarding this Privacy Policy or to exercise your rights, please contact us:

CHAIKITE LTD
Address: Sofia (1619), Vitosha District, Studen Kladenets Str. 36B, Apt. 11
Email: info@chaikite.bg
Phone: +359 893446090
Website: www.chaikite.com