Privacy Policy

The data controller is Treasure Digital ("we", "us"). Privacy enquiries: office@treasure-sec.com.

This policy describes how we process data when you visit treasuredigital.bg, use contact or audit forms, or communicate with us for business purposes.

Data you provide voluntarily: name, email, phone (if provided), message content, website URL (audit requests), selected service.

Technical data: IP address, browser type, device, referrer, pages visited — via cookies and analytics (see Cookie Policy) when you have given consent.

Responding to enquiries and quotes — pre-contractual steps or legitimate interest (GDPR Art. 6(1)(b) and (f)).

Site improvement and marketing — only with consent for analytics/marketing cookies (Art. 6(1)(a)).

Legal compliance — accounting and contract data when you become a client.

Form enquiries: up to 24 months after last contact, unless you become a client or request earlier deletion.

Contract and financial records: as required by Bulgarian law (typically 5–10 years).

We use processors for hosting (Vercel), email (Resend), analytics (Google — with consent) and CMS (Sanity). GDPR agreements are in place.

We do not sell personal data. Disclosure only when legally required or with your explicit consent.

You have the right to access, rectify, erase, restrict, port and object to processing, and to withdraw consent at any time.

Complaint to the Bulgarian Commission for Personal Data Protection (CPDP): www.cpdp.bg.

Requests: office@treasure-sec.com — we respond within 30 days.

We apply technical and organisational measures: HTTPS, limited access, data minimisation. No online method is 100% secure; we make reasonable efforts to protect your data.