PRIVACY POLICY «ONE REAL ESTATE»

1. General Provisions

1.1. This Privacy Policy (hereinafter referred to as the "Policy") defines the procedure and conditions for processing and protecting the personal data of individuals (hereinafter referred to as the "Users", "you") when you visit and use the https://www.one-bg-realestate.com/ website (hereinafter referred to as the "Site" or "Agency"), as well as when interacting with us through other communication channels (telephone, email, social networks, etc.).

1.2. The Agency complies with all applicable regulations of the national legislation of Bulgaria, international laws and regulations of the European Union (including the General Data Protection Regulation - GDPR) in terms of processing and protecting personal data.

1.3. Your use of the Site means that you have read and agree to the provisions of this Policy. If you do not agree with any of the provisions described herein, we ask you to immediately stop using the Site.

2. Operator and contacts

2.1. Personal data operator (Controller)

The operator (controller) of personal data is «One Real Estate»

3. Collection and use of personal data

3.1. Data that you provide voluntarily

• Contact information: first name, last name, phone number, email address, postal address, etc., which you indicate when filling out forms on the Site (request for feedback, request for consultation, etc.) or when contacting the Agency in other ways.

• Other information: information that you voluntarily provide during correspondence by email or via instant messengers, as well as during telephone conversations.

3.2. Automatically collected technical data

• Data about your device: device type, operating system version, browser type and version, system language, etc.

• Log file data: IP address, date and time of visit, URL of the requested page, cookies and other technical information transmitted by your browser.

• Cookies and similar technologies: for more details, see Section 8 “Cookies and similar technologies”.

3.3. Data from third parties

In some cases, the Agency may receive additional data about you from public and/or commercially available sources (e.g. from social networks, registers or databases), but only if there are legal grounds for doing so and in accordance with the principles of the GDPR.

4. Purposes and legal grounds for data processing

4.1. Purposes of processing

1. Provision of services: selection and implementation of real estate transactions, consulting, document preparation and other operations related to the activities of the Agency.

2. Feedback: responses to inquiries, feedback on real estate issues, and provision of additional information requested by you.

3. Marketing: distribution of informational and advertising materials, invitations to events (only upon receipt of your consent, if required by law).

4. Improving the operation of the Site: analysis of User behavior, optimization of the Site and its functionality, improvement of the quality and convenience of services.

5. Security: preventing fraud, cyber attacks, unauthorized access or other unlawful acts.

6. Compliance with laws and regulations: fulfilling obligations under Bulgarian and EU law (including accounting and tax records, requests from government authorities, etc.).

4.2. Legal basis for processing

1. Performance of a contract: processing data necessary for the conclusion and/or performance of a contract or pre-contractual obligations towards you.

2. Consent: where your explicit consent is required (e.g. when subscribing to a newsletter or using certain types of cookies).

3. Legitimate interest: to improve our services, ensure security and protect rights. We take into account the balance of interests: if you believe that our interests violate your rights, you can object to such processing (see the section "User Rights").

4. Legal obligations: to comply with local and international legal requirements (including financial reporting and anti-money laundering obligations).

5. Data storage conditions and periods

5.1. We store personal data only for the period necessary to achieve the processing purposes or for the period established by applicable laws.

5.2. After achieving the processing purposes (or expiration of the mandatory storage period), the data will be deleted or anonymized (unless there is another legal basis for continuing the processing).

6. Transfer and disclosure of data to third parties

6.1. Partners and contractors

We may transfer personal data to third parties (e.g. hosting providers, IT contractors, legal consultants, advertising agencies, partner real estate agencies, etc.) solely for the purposes specified above. In all cases, we conclude agreements (Data Processing Agreements) with such third parties containing data protection obligations in accordance with the GDPR and other applicable regulations.

6.2. Government bodies

Where there are legal grounds and an official request, the Agency is obliged to provide personal data to the competent authorities of Bulgaria, the EU or other countries (e.g. law enforcement agencies, tax authorities, etc.).

6.3. Cross-border data transfer

If personal data is required to be transferred outside the European Economic Area (EEA), we ensure that an adequate level of data protection is ensured in accordance with the provisions of Chapter V of the GDPR (e.g. through the use of Standard Contractual Clauses (SCC) or other mechanisms approved by the European Commission).

7. Rights of Users

In accordance with the applicable Bulgarian legislation and the GDPR (as well as other international standards), you have the following rights:

1. Right of access

You can request a copy of your personal data and additional information about its processing.

2. Right of correction

You have the right to request that inaccurate/incomplete data be corrected or supplemented.

3. Right to erasure (to be forgotten)

You may request that your personal data be erased if they are no longer necessary for the purposes for which they were collected, or if you withdraw consent (where consent was the sole basis for processing), or if the processing was unlawful.

4. Right to restriction of processing

You may request that the processing of your data be temporarily restricted if, for example, you contest the accuracy of the data or the lawfulness of the processing.

5. Right to data portability

You have the right to receive your data in a structured, commonly used and machine-readable format and (if technically feasible) to transmit them to another controller without hindrance from the Agency.

6. Right to object

You may object to data processing based on legitimate interest. In this case, we must cease processing unless we demonstrate compelling legitimate grounds that outweigh your interests, rights and freedoms.

7. Right to withdraw consent

If the processing is based on your consent, you can withdraw this consent at any time (without retroactive effect for processing that has already taken place).

8. Right to lodge a complaint

You have the right to lodge a complaint with the competent data protection authorities (in Bulgaria, this is the Commission for Personal Data Protection - KZLD, and, if necessary, with any other relevant EU supervisory authority).

To exercise these rights or if you have any questions about data processing, you can contact us at the contacts specified in Section 2.

8. Cookies and similar technologies

8.1. What are cookies

Cookies are small text files that are stored on your device when you visit the Site. They can be used to ensure the correct functioning of the Site, remember user settings and collect analytical information.

8.2. Types of cookies

1. Essential: required for the Site to function; without them, some functions may not be available.

2. Functional: save your settings (e.g. interface language).

3. Statistical/analytical: help understand how Users interact with the Site in order to improve its structure and content.

4. Marketing: used to display relevant advertising and measure the effectiveness of advertising campaigns (only with your consent, if required by law).

8.3. Cookie management

You can configure your browser at any time to limit or completely disable the use of cookies. However, in this case, some of the Site's functions may not work correctly.

8.4. Consent to use cookies

When you first visit the Site, you may see a banner or pop-up notification that the Site uses cookies. By continuing to use the Site, you confirm that you have read the terms of the Cookie Policy. In some cases, we may ask for your explicit consent (opt-in) to install certain types of cookies.

9. Security measures

9.1. We take appropriate technical and organizational measures to protect personal data from unauthorized or unauthorized access, loss, destruction or modification. Examples of such measures include:

• use of secure data transfer protocols (HTTPS/SSL);

• systems for protection against unauthorized access (firewalls, antiviruses);

• control of employee and partner access to the database;

• regular analysis and testing of security systems.

9.2. Despite all the measures we take, no method of transmitting data over the Internet or method of electronic storage is 100% secure. If you have reason to believe that your work with the Site is no longer secure (for example, you have noticed a security system failure or suspicious activity), please contact us immediately.

10. Policy towards children

10.1. The Site is not intended for use by persons under 18 years of age without the consent of parents or guardians. The Agency does not knowingly collect data

ies about minors.

10.2. If you become aware that a child has provided the Agency with their personal data without the consent of their parents or guardians, please inform us so that we can take steps to remove such data.

11. Links to Third-Party Sites

11.1. The Site may contain links to third-party resources (websites, applications, social networks). We do not control and are not responsible for the privacy policy, content and security of such sites.

11.2. We recommend that you familiarize yourself with the privacy policies of third-party resources before using them.

12. Changes and additions to the Policy

12.1. We reserve the right to periodically make changes and additions to this Policy. The date of the last update is indicated at the beginning of the document.

12.2. If we make significant changes to the way we process data, we will take reasonable steps to notify Users (for example, by posting a notice on the Site or sending an email if we have your contact information).

12.3. Continued use of the Site after the changes have been posted is considered acceptance of the new version of the Policy.

​

If you continue to use the Site, it means that you have read and agree to this Privacy Policy.