Privacy Policy

PRIVACY POLICY (GDPR) – photospott.com

Last updated: 21.01.2026 г.

1. Data Controller

The data controller within the meaning of Regulation (EU) 2016/679 (GDPR) is:

“WEBTRIXIA” EOOD

  • UIC: 207419451

  • Address: гр.Ардино, ул.Мусала №11

  • E-mail: info@photospott.com

  • Phone number: +359 87 744 2493

2. What data we process

Depending on how you use the Site, we may process:

  • Registration data: name/nickname, email, phone (if required), password (stored in hashed form), profile settings.

  • Reservation and service data: selected service, date/time, status, notes, history of used services, communication related to the reservation.

  • Payment data: We generally do not store full card details; payments may be processed by a payment service provider, who acts as an independent controller/processor (depending on the case). We receive the payment status/reference.

  • Technical data: IP address, device/browser identifiers, logs, cookies, and similar technologies.

  • Correspondence data: if you contact us via email/contact form.

3. Purposes and legal grounds

We process personal data for the following purposes:

  1. Account creation and management – (Art. 6(1)(b) GDPR – performance of a contract / pre-contractual steps).

  2. Reservations and service delivery – (Art. 6(1)(b) GDPR).

  3. Payments, accounting, and invoicing – (Art. 6(1)(c) GDPR – legal obligation; and/or Art. 6(1)(b)).

  4. Support, security, and prevention of abuse – (Art. 6(1)(f) GDPR – legitimate interest).

  5. Marketing messages (if any) – (as a rule, Art. 6(1)(a) GDPR – consent; or Art. 6(1)(f) under a permitted “soft opt-in”, where applicable under the law).

  6. Analytics and improvement of the Site – (consent for analytics/marketing cookies, where applicable, or legitimate interest for strictly necessary technical data).

4. Data recipients (third parties)

We may share data with:

  • Hosting/infrastructure providers – for operating the Site.

  • Email/messaging provider – for confirmations and notifications.

  • Payment providers – for processing payments (we receive the status/reference).

  • Accountants/consultants – where required by law.

  • Public authorities – when required by law.

If you use specific services (e.g., Google Analytics, Meta Pixel, Stripe, etc.), add them here by name.

5. Retention periods

We store the data:

  • for the period necessary to provide the services and manage the account;

  • for accounting/tax retention periods under Bulgarian legislation (for documents related to payments/invoices);

  • logs and technical data – for a reasonable period for security and diagnostics [e.g., 6–12 months], unless a longer period is necessary in case of an incident/dispute.

6. Data subject rights

You have the right to:

  • access to the data;

  • rectification;

  • erasure (“right to be forgotten”), where applicable;

  • restriction of processing;

  • data portability;

  • objection where processing is based on legitimate interest;

  • withdrawal of consent (without affecting the lawfulness of processing before the withdrawal).

You can exercise your rights by: info@photospott.com.

7. Complaint

You have the right to file a complaint with the Commission for Personal Data Protection (CPDP), if you believe your rights have been violated.

8. Security

We implement technical and organizational security measures (access control, encryption in transit via HTTPS, logging, etc.). However, no system is 100% secure.

9. International transfers

If some providers are located outside the EEA, the transfer is carried out subject to appropriate safeguards (e.g., Standard Contractual Clauses), where applicable.

10. Contact

info@photospott.com | +359 87 744 2493