Privacy Policy

1. Introduction

Pugu Content Ltd (“we”, “us”, “our”), registered in Bulgaria under UIC 205946490 and VAT number BG205946490, is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit https://pugudigital.io (the “Website”) or engage with our services.

This Policy is issued in accordance with the EU General Data Protection Regulation (GDPR) 2016/679, Regulation (EU) 2021/1119 (as applicable), and Bulgarian Law on Personal Data Protection. By using our Website, you acknowledge you have read and understood this Policy.

2. Data Controller

For the purposes of GDPR, the Data Controller is:

Company Name: Pugu Content Ltd
UIC: 205946490
VAT Number: BG205946490
Registered Country: Bulgaria
Website: https://pugudigital.io
Contact Email: admin@pugudigital.io

If you have any questions regarding the processing of your personal data, please contact us at the email address above.

3. Data We Collect

3.1 Information You Provide Directly

We may collect the following personal data when you interact with us:

  • Identity data: name, job title, company name.
  • Contact data: email address, telephone number, postal address.
  • Communication data: messages sent through our contact forms, email, or enquiry tools.
  • Business data: information about your organisation and marketing requirements shared during consultations.

3.2 Information Collected Automatically

When you visit our Website, we automatically collect certain technical data:

  • Usage data: pages visited, links clicked, time spent on pages, referral source.
  • Device and technical data: IP address, browser type and version, operating system, device identifiers.
  • Cookie data: as described in our Cookie Policy.

3.3 Information from Third Parties

We may receive personal data about you from third parties, including:

  • Analytics providers (e.g. Google Analytics).
  • Advertising partners and social media platforms (e.g. Meta, LinkedIn).
  • Publicly available sources such as professional networks.

4. Legal Bases for Processing

We process your personal data only where we have a valid legal basis under Article 6 GDPR:

Consent (Art. 6(1)(a))
For placing non-essential cookies, sending marketing communications, and other processing activities where we have asked for your agreement.

Contract (Art. 6(1)(b))
To fulfil our obligations under a contract with you or to take pre-contractual steps at your request, including responding to service enquiries.

Legal Obligation (Art. 6(1)(c))
To comply with applicable EU and Bulgarian laws, tax obligations, and regulatory requirements.

Legitimate Interests (Art. 6(1)(f))
For purposes that serve our legitimate business interests and do not override your rights, including website security, fraud prevention, and improving our services.

5. How We Use Your Data

We use the personal data we collect for the following purposes:

  • To operate and maintain the Website and ensure its security and stability.
  • To respond to your enquiries and provide you with the services you request.
  • To manage our business relationship with you, including sending service-related communications.
  • To send marketing and promotional communications where you have given consent or where permitted by applicable law.
  • To analyse Website usage and performance and improve our services.
  • To comply with legal and regulatory obligations.
  • To detect, prevent, and address fraud, security incidents, and abuse.

6. Marketing Communications

We will only send you direct marketing communications where you have opted in or where we have a legitimate interest to do so and you have not opted out.

You may withdraw your consent to receiving marketing communications at any time by:

  • Clicking the unsubscribe link in any marketing email.
  • Contacting us directly at privacy@pugudigital.io.

Withdrawal of consent will not affect the lawfulness of processing carried out before such withdrawal.

7. Sharing and Disclosure of Personal Data

We do not sell your personal data. We may share your data with the following categories of recipients:

  • Service providers and processors: companies that provide IT infrastructure, analytics, email, CRM, and other services on our behalf, bound by appropriate data processing agreements.
  • Professional advisors: lawyers, accountants, auditors, and insurers, subject to confidentiality obligations.
  • Regulatory authorities: supervisory authorities, law enforcement, or government bodies where required by law.
  • Business transferees: in the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

8. International Data Transfers

Where we transfer personal data outside the European Economic Area (EEA), we ensure that an adequate level of protection is provided through one or more of the following mechanisms:

  • Adequacy decisions of the European Commission.
  • Standard Contractual Clauses (SCCs) as approved by the European Commission.
  • Binding Corporate Rules where applicable.

Further information about the safeguards in place for international transfers is available on request.

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the satisfaction of any legal, accounting, or reporting requirements.

Typical retention periods:

  • Contact and enquiry data: up to 3 years from last interaction.
  • Client and contract data: 5 years from the end of the contractual relationship.
  • Website analytics data: 26 months (as configured in Google Analytics).
  • Tax and financial records: as required by Bulgarian tax law (currently 5–10 years).
  • Consent records: for the duration of the consent plus 3 years.

At the end of the applicable retention period, personal data will be securely deleted or anonymised.

10. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights. You may exercise these rights by contacting us at privacy@pugudigital.io.

Right of Access (Art. 15)
You have the right to obtain confirmation of whether we process your personal data and, if so, to receive a copy of that data along with supplementary information.

Right to Rectification (Art. 16)
You have the right to request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure (Art. 17)
You have the right to request deletion of your personal data where there is no compelling reason for its continued processing.

Right to Restriction of Processing (Art. 18)
You have the right to request that we restrict the processing of your personal data in certain circumstances.

Right to Data Portability (Art. 20)
Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.

Right to Object (Art. 21)
You have the right to object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to Withdraw Consent (Art. 7(3))
Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

Right Not to be Subject to Automated Decision-Making (Art. 22)
You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects.

We will respond to all verifiable requests within 30 days. In complex or high-volume cases, we may extend this period by up to two additional months and will notify you accordingly.

11. Children’s Privacy

Our Website and services are not directed to individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately so we can delete it.

12. Website Security

We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include:

  • Encrypted data transmission (TLS/SSL).
  • Access controls and authentication mechanisms.
  • Regular security assessments and staff training.

No method of transmission over the internet or electronic storage is completely secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security.

13. Links to Third-Party Websites

Our Website may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party websites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. The date of the latest revision is displayed at the top of this document. Where changes are material, we will provide prominent notice on the Website or by other appropriate means.

15. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. In Bulgaria, the competent supervisory authority is:

Authority: Commission for Personal Data Protection (CPDP)
Website: https://www.cpdp.bg
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
Email: kzld@cpdp.bg
Phone: +359 2 91 53 519

You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or where the alleged infringement occurred.

16. Contact Us

For all data protection enquiries, requests to exercise your rights, or to report a concern, please contact us:

Company: Pugu Content Ltd
UIC: 205946490
VAT Number: BG205946490
Website: https://pugudigital.io
Email: privacy@pugudigital.io

Scroll to Top