Privacy Policy
Privacy Policy
Website: https://www.hubo.bg/ Version: 1.0 · Effective: 9 June 2026
Language notice. This is a courtesy English translation. The Bulgarian version is the legally binding original; in case of any discrepancy, the Bulgarian text prevails.
This Policy explains how HUBO OOD collects, uses, stores and protects your personal data when you use the website https://www.hubo.bg/, in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation, GDPR) and the Bulgarian Personal Data Protection Act (PDPA).
1. Data controller
| Controller | HUBO OOD |
| UIC (ЕИК) | 208329964 |
| Registered seat & address of management | 1 Veliko Tarnovo St., Plovdiv, Bulgaria |
| Email for data-protection matters | [email protected] |
| Phone | +359 898 69 10 89 |
The company is not required to appoint a Data Protection Officer (DPO). For any matter relating to your personal data, please contact the email above.
2. Scope
This Policy concerns the processing of personal data of visitors to the website hubo.bg. It does not cover future services (e.g. a mobile application and paid battery rental), for which separate information will be published at launch.
3. What personal data we process
Depending on how you use the Site, we may process:
- When you make an inquiry via a contact form or email: name, email, phone number (if provided) and the content of your message.
- When you subscribe to a newsletter (if available): email and/or name.
- Automatically collected data (via cookies and similar technologies): IP address, browser and device type, operating system, pages visited, date/time and duration of the visit, referring page. See the Cookies Policy.
We do not knowingly collect special categories of personal data (sensitive data) through the Site.
4. Purposes and legal bases for processing
We process your personal data on the following grounds under Article 6(1) GDPR:
| Purpose | Data categories | Legal basis |
|---|---|---|
| Responding to your inquiries and providing assistance | name, email, phone, message | steps taken at your request / legitimate interest (Art. 6(1)(b)/(f)) |
| Sending newsletters and marketing messages | email, name | your consent (Art. 6(1)(a)) |
| Maintenance, security and improvement of the Site | automatically collected data | legitimate interest (Art. 6(1)(f)) |
| Traffic analysis (statistical cookies) | automatically collected data | your consent (Art. 6(1)(a)) |
| Compliance with legal obligations | applicable data | legal obligation (Art. 6(1)(c)) |
Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.
5. Retention periods
We retain data only for as long as necessary for the relevant purpose:
- Contact-inquiry data: up to 6 months after the communication ends.
- Newsletter data: until you withdraw consent or the service is discontinued.
- Data under legal (accounting/tax) obligations: for statutory periods (e.g. up to 10 years, where applicable).
- Cookie data: for the periods stated in the Cookies Policy.
After the relevant period expires, data is deleted or anonymised.
6. Recipients of data (third parties)
We do not sell your personal data. It may be disclosed only to trusted processors and partners in order to provide our services:
- providers of hosting, IT services and technical support for the website;
- a newsletter delivery provider (if used);
- analytics providers (e.g. Google Analytics — if used; see Section 7 and the Cookies Policy);
- public authorities, where expressly required by law.
Processors act on our instructions and under data-processing agreements.
7. Transfers outside the EU/EEA
Some providers (e.g. analytics or marketing tools) may process data outside the European Economic Area. In such cases, transfers are made with appropriate safeguards under the GDPR — an adequacy decision or standard contractual clauses (SCCs).
8. Your rights as a data subject
Under the GDPR you have the following rights, which you may exercise by written request to [email protected]:
- Right of access — to know what data we process about you.
- Right to rectification — to have inaccurate or incomplete data corrected.
- Right to erasure ("right to be forgotten") — where grounds exist.
- Right to restriction of processing.
- Right to data portability — to receive your data in a structured, machine-readable format.
- Right to object — to processing based on legitimate interest or for direct marketing.
- Right to withdraw consent at any time.
We will respond to your request without undue delay and no later than one month from receipt.
9. Right to lodge a complaint
You have the right to lodge a complaint with the supervisory authority: Commission for Personal Data Protection (CPDP / КЗЛД) 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria email: [email protected] · website: cpdp.bg
10. Automated decision-making
We do not carry out automated decision-making producing legal effects concerning you, including profiling within the meaning of Article 22 GDPR.
11. Data security
We apply appropriate technical and organisational measures to protect personal data against unauthorised access, loss, alteration or disclosure (including connection encryption, access control and regular updates).
12. Children's privacy
The Site is not directed at persons under 14 years of age, and we do not knowingly collect their personal data. If we become aware of such processing without the required consent, we will take steps to delete it.
13. Changes to this Policy
We may update this Policy from time to time. The current version is always published on this page, with the date of the latest change indicated.
14. Contact
For all matters relating to your personal data: [email protected] · phone +359 898 69 10 89.