This Personal Data Processing Agreement (the "Agreement") is entered into between the data controller ("Controller") and the data processor ("Processor") in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.


1.1. "Personal Data" means any information relating to an identified or identifiable natural person.

1.2. "Data Controller" means the entity that determines the purposes and means of the Personal Data processing.

1.3. "Data Processor" means the entity that processes Personal Data on behalf of the Data Controller.

Subject Matter

2.1. The Controller engages the Processor to process Personal Data for the purposes and under the terms specified in this Agreement.

2.2. The Personal Data to be processed by the Processor may include, but is not limited to, names, contact details, and other information voluntarily provided by the data subjects.

Obligations of the Processor

3.1. The Processor shall process Personal Data only on documented instructions from the Controlle, unless required by applicable law.

3.2. The Processor shall ensure that its personnel authorized to process Personal Data have committed themselves to confidentiality.

3.3. The Processor shall implement appropriate technical and organizational measures to ensure the security of Personal Data.

3.4. The Processor shall assist the Controller in fulfilling its obligations regarding data subjects' rights, data breach notifications, and data protection impact assessments.

3.5. The Processor shall promptly inform the Controller if it receives any request or inquiry from a data subject regarding the processing of their Personal Data.


4.1. The Processor shall not engage any sub-processors without the prior written consent of the Controller.

4.2. If the Processor engages a sub-processor, it shall impose data protection obligations on the sub-processor that are substantially similar to those set out in this Agreement.

Data Security

5.1. The Processor shall implement appropriate technical and organizational measures to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

5.2. The Processor shall promptly notify the Controller in the event of any unauthorized access, use, or disclosure of Personal Data.

Data Transfers

6.1. The Processor shall not transfer Personal Data to any third country or international organization without the prior written consent of the Controlle, unless authorized by applicable data protection laws.

6.2. If Personal Data is transferred to a third country or international organization with the consent of the Controller, the Processor shall ensure appropriate safeguards are in place.

Term and Termination

7.1. This Agreement shall remain in effect until the completion of the data processing activities or until terminated by either party.

7.2. Upon termination, the Processor shall return or securely dispose of all Personal Data, unless otherwise required by applicable law.

Governing Law and Jurisdiction

8.1. This Agreement shall be governed by and construed in accordance with the laws of [Bulgaria].

8.2. Any disputes arising out of or in connection with this Agreement shall be subject to the exclusive jurisdiction of the courts of [Bulgaria].

By accepting this Agreement, the Controller and the Processor acknowledge their understanding and agreement to comply with the obligations set forth herein.