Privacy Policy

Information about the personal data administrator:

Organization “Flyspring” is a company registered under the Commercial Code of the Republic of Bulgaria with Registration number 177163648, with headquarters and address of management: Sofia 1345, j.k. Zaharna fabrika bl. 44 fl. 6 apt. 30, email address:, tel: +359894475741.


We process your personal data for the following reasons:

  • Concluded contract between us and in order to fulfill our obligations under it;
  • Your explicit consent – the purpose is stated on a case-by-case basis;
  • Under a statutory obligation by law

In the following paragraphs, you will find information about the processing of your personal information, depending on the on the reason, that we handle it.


We process your personal data in order to perform contractual and pre-contractual obligations and to use the rights under the entered contracts with you.

Processing purposes::

  • to establish your identity;
  • managing and executing your application and executing a contract;
  • prepare and send a receipt / invoice for the services you use with us;;
  • Keeping correspondence with orders placed, processing queries, reporting issues, and more.
  • making a user profile;

Based on the agreement between us, we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:

  • personal contact information – contact address, email, phone number;
  • identification data – full name, ID number or foreigner ID number, permanent address;
  • ДData about the orders made through the profile;
  • emails, letters, information about your troubleshooting requests, complaints, applications;
  • credit or debit card information, bank account number or other bank and payment information related to the payments made;;

The processing of the personal data we provide is mandatory for us to be able to sign the contract with you and execute it.


We provide your personal information to third parties, and our main purpose is to offer you quality, fast and comprehensive service.

We provide personal data to the following categories of recipients (personal data administrators):

  • postal operators and courier companies;
  • persons performing consultancy services in different areas.


The data collected on this basis is erased 5 years after the termination of the contractual relationship, whether due to expiration of the contract, termination or other grounds. The deadline is set by the 5-year limitation period for possible claims under the contract.


It is possible that we are obligated by law to process your personal data. In these cases, we are required to process it, for example:

  • Obligations under the Measures against Money Laundering Act;
  • fulfillment of distance selling obligations, off-premises sales provided in the Consumer Protection Act;
  • providing information to the Consumer Protection Commission or third parties as stated in the Consumer Protection Act;
  • providing information to the Personal data protection Commission in relation to obligations provided by the legislation on the protection of personal data;
  • obligations provided by the Act on Accounting and the Tax-Social Insurance Procedure Code and other related statutory instruments in relation to the keeping of lawful accounting.
  • providing information to the court and third parties, in proceedings before a court, in accordance with the requirements and regulations applicable to the proceedings;
  • age verification when shopping online.


The data collected in accordance with a statutory obligation is deleted once the collection and storage obligation has been fulfilled or ceased. For example:

  • under the Act on Accounting for the storage and processing of accounting data (11 years),
  • obligations to provide information to the court, competent state bodies or other grounds, provided by current legislation (5 years).


When we are required to do so by law, we may provide your personal data to the competent governmental authority, a natural or legal person.

After you give your consent

We process your personal data on this basis only after your explicit, unambiguous and voluntary consent. We will not anticipate any adverse consequences for you if you refuse to process your personal data.

Consent is a separate ground for the processing of your personal data and the purpose of the processing is specified therein and is not covered by the objectives listed in this policy. If you give us the appropriate consent, and until we withdraw or terminate any contractual relationship with you, we prepare appropriate product / service offerings for you.

For this reason, we only process the data you have explicitly given to us. The specific data is determined for each individual case. Typically, the data includes:

  • Email;
  • Telephone number;
  • Address;
  • Full name;


Your consent may be withdrawn at any time. Withdrawal of consent will not affect the performance of contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we will not use your personal data and information for the purposes set out above.

Data collected on this basis is deleted at your request or 1 year after its initial collection.


We process your data for statistic purposes, this means for analysis, where the results are only generalizing and therefore the data is anonymous. It is impossible to identify a particular person from this information.

How we protect your personal data

To ensure adequate data protection for the company and its customers, we apply all the necessary organizational and technical measures provided by the Personal Data Protection Act.

For the sake of maximum security when processing, transferring and storing your data, we may use additional security mechanisms such as encryption, pseudonymisation, and more.


Consumer Rights

Each User of the website enjoys all rights to protection of personal data in accordance with Bulgarian and European Union law.

Each User is entitled to:

  • Information(in connection with the processing of his or her personal data by the administrator);
  • Access to their own personal data;
  • Correction (if data is inaccurate);
  • Deleting personal information (right to be forgotten);
  • Restriction of processing by the administrator or processor of personal data;
  • Portability of personal data between individual administrators;
  • Opposition to the processing of his or her personal data;
  • The data subject is also entitled not to be the subject of a decision based solely on automated processing involving profiling that produces legal consequences for the data subject or similarly affects him or her significantly;
  • Entitlement to judicial or administrative redress if the rights of the data subject have been violated.

The user can request deletion if one of the following conditions is true:

  • Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • The consumer withdraws his / her consent on which the processing of the data is based and no other legal basis for the processing;
  • ПThe user objects to the processing and there are no legitimate grounds for the processing that will take precedence;
  • Personal data has been unlawfully processed.
  • Personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State which applies to the administrator;
  • Personal data have been gathered in connection with the provision of information society services to children, and consent is given by the parent who is responsible for the child.

The user is entitled to restrict the processing of his personal data by the administrator when:

  • Challenges the accuracy of personal data… In this case, the limitation of the processing is for a period that allows the administrator to verify the accuracy of the personal data;
  • Processing is unlawful, but the User does not want the personal data to be deleted, but instead requires a limitation of their use;
  • The administrator no longer requires personal data for the purposes of processing, but the User requires them to identify, exercise or protect legal claims;
  • opposes the processing pending verification that the legal grounds of the administrator have an advantage over the User’s interests.

Right of portability.

The data subject has the right to receive the personal data that concerns him and which he has provided to an administrator in a structured, widely used and machine readable format and has the right to transfer that data to another administrator without hindrance by the administrator to whom the personal data is provided when the processing is based on consent or a contractual obligation and the processing is done in an automated manner. When exercising its right to data portability, the data subject is also entitled to receive a direct transfer of personal data from one administrator to another where this is technically possible.


Right of objection.

Users have the right to object to the controller against the processing of their personal data. The Personal Data Administrator is required to discontinue the processing unless he can prove that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject or for identifying, exercise or protection of legal claims. In case of objection to the processing of personal data for the purposes of direct marketing, the processing should be terminated immediately.


Appeal to the supervisory authority

Each User has the right to file a complaint against unlawful processing of his or her personal data with the Personal Data Protection Commission or the competent court.

Use of the website by children.

We do not intend our Web sites or other services to be used by anybody under the age of 18. If you are a parent or guardian and think we may have collected information about a child, please contact us at

Competent supervisory authority

The competent supervisory authority is the Commission for the Protection of Personal Data, Sofia 1592, “Prof. Tzvetan Lazarov Str. № 2, Internet address, tel. 02 915 3 518