top of page

Privacy Policy

   The purpose of this announcement is in accordance with the information requirements under Art. 13 and Art. 14 of the GDPR to inform you about the personal data processing activities carried out by ZEKENG JSCo, UIC: 206989555, the purposes for which the data are processed, the measures and guarantees for the protection of the processed data, your rights and the way in which you can exercise, in accordance with the requirements of Regulation (EU) 2016/679 of the EU of 27.04.2016 on the protection of natural persons/individuals in connection with the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/ EC (hereinafter only "Regulation 2016/679" or "GDPR") and other applicable acts of the European Union and the Republic of Bulgaria.

Administrator and contact details

   "ZEKENG" JSCo, UIC: 206989555, hereinafter referred to as "the company", is a legal entity that carries out commercial activities on the territory of the Republic of Bulgaria. The headquarters and address of management of "ZEKENG" JSCo are: (1715) Sofia City,  Mladost 4 Residential Quarter, Building 487, ground floor, office 7, to which address you can mail requests to the company as a data controller. 

   The company is the administrator of the personal data that is processed under or in the occasion of a concluded contract /written or oral/ with counterparties - art. 6, item 1, letters "b" and "e" of the Regulation, based on your consent - art. 6, item 1, letter "a" of the Regulation, as well as in fulfillment of statutory obligations - art. 6, item 1, letter "c" of the Regulation. By marking the bookmark on the company's website, by concluding a contract for commercial relations or by signing a declaration, customers give their full consent to their data being collected and processed in the sense and under the conditions of EU Regulation (EU) 2016/679 of 27.04.2016 and the current privacy policy.

   By using the Company's services, where the Policy is applicable and you have ticked a box of consent, entered into a contract for commercial services or consented thereto, you will be deemed to have read, understood and expressed your consent to the use of your personal data in accordance with the Internal Rules and this Privacy Policy.

   You can send your requests to the email address: or send in writing to the address: (1715) Sofia City, Mladost 4 Residential Quarter, 11 "Prof. Alexander Tanev" Str., 3rd floor, office 17.

Contact details for the Company's Personal Data Administrator

   The administrator can be contacted at the email address:, and in your message you should indicate the necessary data for your individualization and a contact for feedback.

Purposes and grounds for processing personal data, 

categories of processed data

   The company exercises powers assigned to it by counterparties on the occasion of a concluded contract or legally defined obligations. The personal data it collects from you is from the category of "ordinary" data, whereby it processes the same in connection with the following main activities:

  • Carrying out commercial activity - creation, installation, maintenance and sale of software and hardware, information technologies with high added value, media and media planning in the Internet space, production and distribution of software and hardware, services in the field of Internet communication technologies, multimedia and video production, advertising activity, graphic design and other activities in the field of information technology, etc.

  • Making and accounting of financial payments to and from clients;

  • Recruitment and personnel administration;

  • Reporting of website visits;

  • Ensuring order in the company's office and commercial premises and labor discipline.

   The company does not collect special (sensitive) personal data.

   When exercising its powers, the company processes personal data of candidates for employees/workers, its employees, clients of the company and other persons, mainly in fulfillment of its contractual or legal obligations - grounds for data processing under Art. 6 of the Regulation. In these cases, the processed data is related to:

  • the subject's physical identity - names, social security number, address, telephone numbers, e-mail address, photo, ID card number and date of issue, vehicle driving license number and date of issue;

  • economic identity;

  • social identity;

  • family identity - marital status;

  • criminal record data - when applicable;

  • health status data;

  • work experience data;

  • data on education, additional qualifications and competences, incl. copies of documents certifying completed education and acquired qualifications - diplomas, certificates;

  • data on visits to the company's website;

   The personal data collected in this way are used only for the purposes for which it is provided in the contract or in the relevant legal act.

   For the purposes of personnel administration and financial accounting, the company processes personal data based on Art. 6, paragraph 1, letter "c" and Art. 9, paragraph 2, letter "b" of the Regulation of job applicants, employees and natural persons/individuals, contractors and representatives of legal entities - contractors. The categories of processed data are about the physical and social, family and economic identity, data about the legal history and health status of the persons.

   When the company processes data based on the subject's consent, personal data is processed only if the individuals have freely, specifically, informed and unequivocally expressed their consent to the processing.

   Data processing is carried out for the specific and precisely defined purposes by law, and the data is processed lawfully and in good faith and cannot be further processed in a manner incompatible with these purposes.

   The source of the personal data are the data subjects, the company's customers and its employees.

   We declare that the personal data we collect will only be used for the following purposes:

  • To provide the services offered by the company to customers;

  • To check orders and payments made by customers;

  • At the request of customers;

  • For the purposes of accounting and administrative-legal service;

  • To send messages to customers' e-mails;

  • For contact with customers in the event of a case regarding a service provided to them;

  • Ensuring order in the company's office and commercial premises and labor discipline.

Categories of data recipients outside the company

The company does not disclose personal data to third parties and recipients, unless there is a legal or contractual basis for receiving the data or the data is not publicly available due to its inclusion in a public register.

   Apart from the cases of general availability of the data included in a public register, recipients of data according to the specific case can be:

  • State bodies and bodies charged with public functions, within the framework of their powers (NRA, NSSI, Ministry of the Interior, etc.);

  • Banks - for the needs of remuneration payments;

  • Courier companies and postal operators – for the needs of carrying out correspondence with natural persons-data subjects;

  • Business partners

  • Accounting - for the needs of the company's financial and accounting activities

  • Lawyers and/or law firms - to ensure the administrative-legal activity of the company

Data storage period

   As a data controller, the company processes data for a period of minimum duration according to the purposes of processing and provided for in the current legislation in accordance with the principle of storage limitation, and the data will be stored in the following way: on a secure electronic medium such as a server or on paper.

   For a period of 50 years, the data related to labor law and insurance relations are stored. The archive with decisions on imposition of disciplinary sanctions is kept for 15 years, and the rest of the customer data is kept for a period of up to 6 years after the termination of the provision of the service. All other data not requiring a long storage period are deleted or removed from the database in a timely manner.

Rights of data subjects

   The measures taken to protect personal data in accordance with the requirements of Regulation 2016/679 are aimed at ensuring the rights of the subjects whose personal data are processed, namely:

  • Right of access;

  • Right to correct inaccurate or incomplete data;

  • Right to erasure (the right to be forgotten), if the conditions of Art. 17 of REGULATION 2016/679 are applicable;

  • Right to restriction of processing;

  • Right to data portability, if the conditions for portability under Art. 20 of REGULATION 2016/679 are available;

  • Right to object, if the conditions of Art. 21 of REGULATION 2016/679 are available;

  • Right for the data subject not to be subject to a decision based solely on automated processing, including profiling.

  • You have the right to ask the company to limit the processing of your available data, in which case the data will only be stored, but not processed.

   If the Company needs to use your personal data for a new purpose that is not covered by the original one or by a data protection declaration, you will be provided with a new data protection notice and, when and where necessary, your consent will be requested prior consent to the new processing.

   You can exercise the above rights by sending a request to the company (in writing or by electronic means), in which you should specify your request. The request should be signed and sent to the address of the company, according to the order provided in this privacy policy.

Right to complaint to the Personal Data Protection Commission or to the court

   If you believe that your rights under Regulation 2016/679 have been violated, you can file a complaint with the Commission for the Protection of Personal Data or with the Administrative Court - Sofia City.

Transfer of personal data to third countries or international organizations

   The company does not transmit the processed personal data to third countries or international organizations, except to its business partners in connection with the preparation of an offer, initiation, execution or settlement of the business relations of the same by the company "ZEKENG" JSCo, UIC: 206989555.

Measures introduced by the company to protect personal data

   Internal rules of the company for the measures for the protection of personal data, adopted by the Manager, have introduced measures for the effective protection of the processed personal data and the possibility of exercising the rights of the data subjects provided for in REGULATION 2016/679. The company has implemented the necessary technical and organizational measures to prevent unauthorized access, loss or unauthorized use of your personal data. Their collection and processing takes place in full compliance with the requirements of Bulgarian and European legislation.

   Additional information about the company's personal data protection measures can be obtained from the contact person of the personal data administrator - Boryana Gyurova, by sending a request to the following email address:


bottom of page