For the purposes of its activities, Foundation “Projecta” processes personal data of natural persons („data subjects“) in strict accordance with Regulation (ЕU) 2016/679 (General Data Protection Regulation) (GDPR), the Personal Data Protection Act and the foundation’s Personal Data Protection Policy.

This Privacy Notice is applicable to you if:

  • you are a client or a potential client of the services offered by Foundation “Projecta”;
  • you are a job applicant;
  • you wish to register or have already registered on the Foundation's website,

and it is intended to explain to you how and why we process your personal data.

According to the General Data Protection Regulation personal data means any information relating to natural persons through which they can be directly or indirectly identified.

Processing of personal data is any operation or set of operations which is performed on personal data by automated or other means.


The personal data controller is a non-profit organization – Foundation “Projecta” registered in the Commercial Register under UIC 175166154, having its registered seat and address of management at 3000 Vratsa, 18 Ivanka Boteva Str. and correspondence address at Pomorie, 17 Tutkhon Str., e-mail:

Natural persons whose personal data are processed by the organization

In relation to the activities of the organization and this website, Foundation “Projecta” processes personal data about the following individuals:

  • Counterparts or potential counterparties of the organization and their employees;
  • Job applicants;
  • Registered or willing to register on the Foundation's website.

What kind of personal data do we process?

Based on the specific objectives and legal grounds Foundation “Projecta” processes all or some of the following personal data, individually or in combination:

  • identification data – three names, personal ID number or personal number of a foreigner/other identifier, address;
  • contact details – telephone, fax, e-mail;
  • financial information, including bank accounts;
  • other information and personal data necessary for performing the duties under the labour, social security and tax legislation.

Purposes of processing

The organization processes personal data for the following purposes:

  • In relation to the implementation of the project BG65AMNP001-2.005-0002 “Fighting together against prejudices and stereotypes - TCNs' employment and entrepreneurship”, financed under the “Asylum, Migration and Integration” Fund, in accordance with grant contract № 812108-27/27.05.2019, with Responsible Authority, in accordance with decision of the Council of Ministers № 657/08.31.2015 – “International Projects” Directorate, Ministry of Interior.
  • Provision of services related to exploring opportunities for development and participation in projects, funded by EU funds and other national and international donor programs; preparation of different application forms; preparation of “ready-to-submit” projects, incl. complete application and supporting documents required, according to the specific Guidelines and General conditions for financing of each institution.
  • Provision of services related to project management: monitoring of the implementation over project activities and work packages; technical and financial progress reporting; risk assessment analysis; implementation of Quality Management and Control Measures Plan; on-the-spot visits and inspections; assistance in communication with financing institutions, when is necessary to initiate contractual changes; financial management.
  • Providing legal advice services related to project cycle management; preparation of tender and public procurement procedures for selection of contractors, incl. Instructions, ToR, Technical Specifications and Evaluation Grids; preparation of functional analyses for the needs of different administrative structures in the public sector; preparation of Cost-benefit analyses; elaboration of complex of studies for beneficiaries' needs, incl. social, economic, market research and analyses, environmental and impact assessments; development of Project Implementation Manuals for beneficiaries, in accordance with the specific Guidelines and General conditions of each financing institution on management and monitoring of Grant Agreements.
  • Protection of the legitimate interests of the organization, including:
    • ensuring the proper functioning, maintenance and security of the foundation’s website and IT systems;
    • ensuring and protection of the rights and legitimate interests of the organization, including legal procedures.
  • To fulfil statutory obligations:
    • obligations under the Accountancy Act, the Tax and Social Insurance Procedure Code and other related statutory instruments, in relation to the execution of proper and lawful accounting;
    • execution of the orders of competent state or judicial authorities.

Legal grounds of processing

The organization processes personal data only in the presence of any of the alternative legal grounds under the GDPR, and in particular:

  • Performance of a contract, including pre-contractual relations before its signing;
  • Legal obligations applicable to the organization;
  • The legitimate interests of the organization, insofar as they have priority over the interests or fundamental rights and freedoms of the data subjects;
  • In some cases, we process personal data only with the prior consent of the data subject. Consent is a separate basis for the processing of your personal data, and the processing goal is specified therein and is not covered by the purposes listed in this Privacy Notice. The consent already granted may be withdrawn by the data subject at any time in the same manner as it was granted.

Possible consequences of failure to provide personal data

In case the person wishing to register on the Foundation's website does not provide the necessary personal data, the registration will not be possible.

If the client does not provide the required information, including the necessary personal data, the organization cannot enter into a contract with that client and cannot render the service requested.

To whom is the personal data transmitted or disclosed?

The personal data of the clients of the organization are provided to:

  • National Revenue Agency, National Insurance Institute and other public bodies for the purposes of the contract;
  • Competent authorities which by virtue of a legal act have the power to request from Foundation “Projecta” the provision of information, including personal data - court, supervisory / regulatory authorities, authorities with the protection of national security and public order;
  • Other competent public authorities in fulfilment of an obligation provided for in a legal act;
  • Counterparts for the purpose of contract performance;
  • Personal data processing in order to maintain the organization's IT systems, delivery of services, security and more. In these cases, the relationship between the organization and the processor shall be governed by a contract or other legal act providing for appropriate measures to ensure the security of the personal data.

Term of personal data storage

The storage period of personal data depends on the processing purposes for which they are collected.

The personal data processed by a legal obligation from Foundation "Projecta" shall be stored until the expiry of the period specified in the relevant legal act or by-laws.

Personal data of the organization’s clients are kept for a period of five years from the completion of the contract in accordance with the general limitation period under the Obligations and Contracts Act.

The personal data contained in the accounting documents shall be kept within the terms of Art. 12 of the Accountancy Act, and Art. 38 of the Tax and Social Insurance Procedure Code, respectively.

The personal data of job applicants will be deleted or destroyed within 30 days of completing the selection procedure of the candidates, unless explicitly given by the applicant consent to their storage for a longer period.

Personal data collected by consent are processed until the consent is withdrawn or until dropping out the need for processing.

Security of personal data

The organization applies all appropriate technical and organizational measures to ensure the security of personal data, including taking explicit confidentiality obligation by the employees.

Rights of the data subjects

Any natural person whose data are processed by the organization has the following rights:

  • the right to access his/her personal data, including receiving a copy thereof;
  • the right to rectification or completion of inaccurate personal data;
  • the right to erasure of personal data processed without a legal basis;
  • the right to restriction of processing – in case of a legal dispute between the organization and the person until its resolution or the establishment, exercise or protection of legal claims;
  • the right to object – at any time and on grounds relating to the particular situation of the person, provided that there are no compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or legal claims;
  • the right to portability - only if the personal data are processed automatically on the basis of consent or contract;
  • the right not to be subject to a fully automated solution involving profiling, which has a legal impact on the data subject or significantly affects it.

Pursuant to the Personal Data Protection Act, the above rights may be exercised by submitting a written application in the office of Foundation “Projecta” – Pomorie, 17 Tutkhon Str. An application may also be made electronically in accordance with the Electronic Document and Electronic Certification Services Act. The application is made personally by the data subject or by an explicitly authorized person. The organization shall decide upon the request of the data subject within 30 days of its submission.

Where the data subject’s requests for the exercise of the rights referred to above are manifestly unfounded or excessive, the organization may impose a fee or refuse to act on the request.

Protection of the rights of data subjects

In accordance with the Personal Data Protection Act and Regulation (EU) 2016/679, any individual who considers his/her right to protection of personal data violated, may file a complaint with the Commission for Protection of Personal Data at: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd. and Internet page:

Updates and changes to the Privacy Statement

In order to apply the relevant protection measures and to comply with current legislation, we will regularly update this Privacy Notice. If the changes made by us are substantial, we may post a notice about such changes in our website or let you know otherwise.

By using this website you agree with our privacy policy.