Data Protection Policy for the clients of ‘Nuance Gallery’ Ltd

This Data Protection Policy is applicable to the visitors of the web site and the clients of ‘Nuance Gallery’ Ltd.

Information about the Company:

‘Nuance Gallery’ Ltd (the ‘Company’ and/or the ‘Administrator’) registered in the Commercial Register and the Register of Non-Profit Legal Entities (NPLE) at the Registry Agency, with a Unified Identification Number 202748642, management and principal place of business address: Sofia, Ivan Denkoglu Street No. 42, tel: 02 448 58 54, e-mail:

‘Nuance Gallery’ Ltd takes all necessary measures to ensure that your personal data is processed in accordance with the legal framework for the protection of personal data in the Republic of Bulgaria and the European Union. The Company has introduced and applied all requisite technical and organizational measures to prevent unregulated access, loss or unauthorized use of your personal data.

With the purpose of a lawful, conscientious and transparent processing of the data, we are introducing this policy which describes the type of personal data we process, for what purpose, for what period, to whom we will provide it and the type of protection measures we have adopted, as well as the rights you have as data subjects.

You can view this Data Protection Policy on our website or on site in the gallery.

Which categories of personal data do we process, on what basis, for what purpose and for how long do we store it?

We process your personal data when you use our services and/or the forms for commentary and/or you want to subscribe to our newsletter via

When submitting your personal data for one or more of the purposes listed below, you express your free, specific and informed consent to allow us to process your personal data so that we can fulfil your commitments and provide you with the service you expect.

Your personal data is required for the following purposes:

  1. In order to respond to your enquiry about a work we offer. In such cases it is necessary for you to provide us, and for us to process, your first name, surname and e-mail address.
  2. When you use our form to post a comment on the blog or comment on a work on our website. In such cases it is necessary for you to provide us, and for us to process, your first name, surname and your e-mail address (the e-mail address not published on the website).
  3. If you would like to receive our newsletter which contains information about upcoming events, you can request it online by providing your e-mail address or on site at the gallery by providing your first name, surname, e-mail address and phone number.
  4. For financial and accounting purposes, whenever you sign a service agreement with us, we process your first name, surname, telephone number, address, e-mail address – for natural persons, and for legal entities – first name and surname of the manager/ managing director of the company, telephone number, e-mail address.

We shall store your data for the purposes listed as items 1 and 2 up to 30 days of the publication of the comment, under item 3 of the list – until we receive notification of your refusal to receive the bulletin, and under item 3 of the list, until the service is provided. Regarding the accounting purpose, your data shall be stored up to 1 (one) month after the expiration of the statutory deadlines for keeping invoices which is 10 (ten) years.

To whom do we provide your data?

The Company does not provide your personal data to third parties without ensuring that the necessary technical and organizational measures for the security of this data have been implemented.

The personal data you provide us will not be transferred to third countries outside the European Union under any circumstances.

The data collected for the purposes listed as items 1, 2, and 3 in this policy will not be provided to anyone else, and the data collected under item 4 shall only be provided to the accounting company that carries out printing and delivery of invoices.

In cases anticipated by the law, in compliance with the requirements of Regulation (EU) 2016/679, covering the Administrator – Processor relations, the data will be provided to the officers of the competent authorities within the limits of their powers (state and municipal institutions, judicial and / or administrative bodies and / or enforcement bodies, lawyers, auditors, licensed postal operators and courier services, insurers)

The personal data you provide shall not be used for automated decision making, including profiling.

In the event that you do not provide your personal information, we will not be able to respond to your inquiry or to perform a service that we offer.

What are your rights?

As a data subject, you have the right:

  • To ask for confirmation that we process your personal data and to gain access to it.
  • If your personal data is incorrect, incomplete or inaccurate, you may ask for it to be corrected.
  • At any point of time, you could withdraw your consent (to object) to processes your personal data and as a data subject you have the right to request to have all your personal data we process erased if such withdrawal does not affect the lawfulness of processing based on your consent before it is withdrawn.
  • You may request that we directly provide you with your data in a structured, widely used and machine readable format to another personal data Administrator, as long as this is technically feasible.
  • You have the right to request a limitation of the processing of your personal data if:
    • you dispute the correctness of the data for a period of time that allows us to check its accuracy;
    • the data processing is improperly carried out, but you do not wish to have your data erased as instead you want to limit their usage;
    • we no longer need the data (for the purpose for which it was collected) but you require it to identify, exercise or defend legal claims;
  • As a data subject, if you believe that your personal data is being processed unlawfully, you have the right, at any time, to file a complaint with the Supervisory Authority – the Personal Data Protection Commission: Sofia, postcode 1592, bul. ‘Professor Tsvetan Lazarov ‘ No. 2, tel.; 02/91-53-518;

If you would like to obtain information about the processing of your data and the realization of your rights, you can contact us on site in Sofia, Ivan Denkoglu No.42, or via tel: 02 448 58 54, e-mail:

How do we protect your personal data?

We have adopted technical and organizational measures to protect your personal data against destruction, loss, misuse, change, disclosure, unauthorized access. We constantly adapt our security measures in accordance with technological developments. We protect your data by controlling the access of persons to places where we store documents containing personal data, we also have an active Firewall protection, an anti-virus programme, and anonymized IP addresses.


This Policy can be changed by the Company.