Ask a question:

Important: The Legal Questions and Answers are intended to be a guide only and do not provide full detail or cover every scenario. It is only appropriate for use as an aid to understanding basic concepts. If you have any questions related to the Bulgarian legislation, please contact us via email on the following email address and we will answer as soon as possible. E-mail: Е-мейл адресът e защитен от спам ботове.

Please bear in mind however that without detailed examination of the individual case, reviewing the relevant documents and obtaining all necessary information, the firm can only provide you with a general opinion.

We believe that prior to engaging in any legal activity, it is necessary for the client to seek legal advice on the consequences and the possible risks involved, so the most adequate solution could be found which will lead to optimal results. In our practice we often encounter clients who have acted on their own without consulting a lawyer – they have signed contracts or completed other legal actions leading to unfavorable legal consequences. To prevent this from happening we always advise that clients contact us prior to engaging in any legal activity rather than after.



The General Data Protection Regulation (GDPR) began to apply on 25-05-2018 and the administrators of personal data should bring their documentation and technical and organizational measures relating to data protection in relation with the requirements of the Regulation.

The personal data could be your personal ID, your ID card, your name, your address, as well as your IP address, your tax number, bank account, etc., namely the details which may identify the data subject.

Data subject is any natural person who can be identified, directly or indirectly, by identifier/name, identification number, location data, online identifier or one or more physical, physiological, genetic, mental, mental , economic, cultural or social identity, any information that directly identifies or is capable of identifying an individual.

A Personal Data Administrator is a natural or legal person, a public authority, an agency or other entity which, alone or jointly with others, defines the purposes and means of data processing.

The grounds for processing personal data may be:

- consent of the data subject - for each specific purpose, consent should be given.

- execution of contract

- legal obligation,

- protection of the vital interests of the subject or of another person,

- public interest objective,

- legitimate interests pursued by the Administrator or a third party.

In any case, the administrator or controller must prove that there is a legal basis for processing the personal data.

At the time of data collection, the data subjects should be clearly informed at least of:

• who is the administrator of their personal data;

• why the administrator will use their personal data (for what purposes);

• the categories of relevant personal data;

• the legal basis for the processing of their data;

• how long the data will be saved;

• whether personal data will be transferred to other recipient including outside the EU.

The Law Firm "Valova and Angelova" is an administrator of personal data in any case where the client is an individual and signs a contract for legal help. The lawyers / the law firm could be also a controller, if the client assigns processing of personal data of other physical persons (for example, of its employees).

The data subject has the following rights under GDPR:

- to request access to the personal data at any time. The request should include all the details that will help the administrator to find the personal data. Access can be provided to archived data, but not to deleted data;

- to request about correction of inaccurate or outdated personal data (for example, an adjustment may be requested when the name, address or other information about the data subject is erroneous or when there has been made a change in previously provided information - for example, the address of the subject);

- to ask the data administrator to restrict the processing of the personal data, in which case the data will only be stored / archived but not processed. If the administrator refuses to restrict your personal data, the administrator should do this explicitly and only in writing, explaining the legitimate reason for such denial. In this case the data subject has the right to file a compliant before the Commision for protection of personal data;

- to request the personal data to be erased without delay on any of the following grounds: personal data is no longer necessary for the purposes for which it was collected; when the data subject has withdrawn his consent; when the data subject has objected to the processing when the processing is unlawful; where personal data must be erased in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller; when personal data were collected in connection with the provision of information society services.

The administrator may refuse to delete the personal data for the following reasons: A) exercising the right to freedom of expression and the right to information; (B) compliance with a legal obligation on the part of the controller or for the performance of a task of public interest or in the exercise of official authority conferred on the controller; (C) for reasons of public interest in the field of public health; (D) for purposes of archiving in the public interest, for scientific or historical research or for statistical purposes, insofar as erasure is likely to make it impossible or seriously obstructing the attainment of the purposes of such processing; or for the establishment, exercise or protection of legal claims;

- the right to appeal against the processing of the personal data to the competent supervisory authority - Data Protection Commission, address: Sofia 1592, "Prof. Tzvetan Lazarov "№ 2 (

Execution of the rights:

In order to exercise his rights the data subject could send the request on the emails of the lawyers ( Е-мейл адресът e защитен от спам ботове. ; Е-мейл адресът e защитен от спам ботове. ; Е-мейл адресът e защитен от спам ботове. ) or on the address of the lawyers: Sofia, St. Sofia 8 Str., office 507. The request must be in writing, with free consent and must consist the name of the data subject and/or other personal details as well as and the information which could help the administrator to find the requested data. The subject  could also require from the administrator a template of request. The administrator will answer to the subject’s request within the deadline specified by the GDPR for each separate right.