GDPR
Privacy Policy
Last updated: March 2026
Slingshot Bulgaria ("we", "us", "our") operates the website www.slingshot-bg.com (the "Website"). This Privacy Policy explains how we collect, use, store, and protect your personal data in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation — "GDPR") and applicable Bulgarian data protection legislation.
1. Data Controller
Bars Watersports EOOD - Zahari Zograf 55A Street, Sofia 1415 , Bulgaria; Email: info@slingshot-bg.com Phone: +359 888 505640
For any privacy-related inquiries, you may contact us at the email address above.
2. What Personal Data We Collect
We collect personal data only when you voluntarily provide it or when it is automatically generated through your use of the Website.
Data you provide directly:
Newsletter subscription: email address
Contact form / inquiry cart: name, email address, phone number (if provided), and the content of your message or product inquiry
B2B inquiries: company name, contact person name, email, phone number, and message content
Data collected automatically:
Technical data: IP address, browser type and version, operating system, device type, referring URL, pages visited, date and time of access
Cookies and similar technologies: see Section 7 below
We do not process payment card data on our Website. No online payments are processed through slingshot-bg.com.
3. Purposes and Legal Basis for Processing
Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
Responding to your inquiries and product requests | Art. 6(1)(b) — performance of a contract or pre-contractual measures |
Sending newsletter and marketing emails | Art. 6(1)(a) — your consent |
Website functionality and security | Art. 6(1)(f) — our legitimate interest in maintaining a secure and functional website |
Analytics and website improvement | Art. 6(1)(f) — our legitimate interest in understanding how visitors use the Website |
Compliance with legal obligations | Art. 6(1)(c) — legal obligation |
4. Data Retention
Inquiry and contact data: retained for up to 2 years after the last interaction, or longer if required to fulfil a contractual or legal obligation.
Newsletter subscriber data: retained until you withdraw your consent (unsubscribe).
Technical/analytics data: retained for up to 26 months.
5. Data Sharing and Transfers
We do not sell your personal data. We may share your data with the following categories of recipients, solely to the extent necessary for the purposes described above:
Hosting and infrastructure providers (e.g., Railway, Cloudflare) — servers may be located outside the EEA. Where applicable, transfers are protected by Standard Contractual Clauses (SCCs) or an adequacy decision of the European Commission.
Email service providers — for sending newsletters and transactional emails.
Analytics providers — for aggregated, anonymised usage statistics.
Legal and regulatory authorities — when required by law.
6. Your Rights Under GDPR
As a data subject, you have the following rights:
Right of access (Art. 15) — request a copy of the personal data we hold about you.
Right to rectification (Art. 16) — request correction of inaccurate or incomplete data.
Right to erasure (Art. 17) — request deletion of your personal data ("right to be forgotten").
Right to restriction of processing (Art. 18) — request that we limit the processing of your data.
Right to data portability (Art. 20) — receive your data in a structured, commonly used, machine-readable format.
Right to object (Art. 21) — object to processing based on legitimate interests or direct marketing.
Right to withdraw consent — at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, contact us at info@slingshot-bg.com. We will respond within 30 days.
You also have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP) of the Republic of Bulgaria:
Website: www.cpdp.bg
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria