Privacy Policy and Personal Data Processing
This Privacy Policy is drafted in accordance with EU Regulation 2016/679 (GDPR) and the legislation of the Republic of Bulgaria on personal data protection. We process your data responsibly, transparently, and lawfully.
1. General Provisions
1.1. This Privacy Policy (hereinafter - "Policy") defines the procedure for collecting, storing, using, and protecting the personal data of users (hereinafter - "User", "You") of the website nexthomeglobal.com (hereinafter - "Site"), operated by Next Home Global EOOD (hereinafter - "Operator", "We", "Company").
1.2. The Operator acts in accordance with Regulation (EU) 2016/679 of 27 April 2016 (General Data Protection Regulation, GDPR), the Law of the Republic of Bulgaria on the Protection of Personal Data, and other applicable regulatory acts of the European Union and the Republic of Bulgaria.
1.3. Use of the Site constitutes unconditional acceptance by the User of this Policy and the terms of personal data processing. In case of disagreement, the User must cease using the Site.
1.4. This Policy applies exclusively to the Site. The Operator does not control and is not responsible for third-party websites that the User may access via links on the Site.
2. Data Controller Information
For all matters related to the processing of personal data, you may contact us using the details above.
3. What Personal Data We Collect
We collect and process the following categories of personal data:
We do not collect: special categories of data (race, ethnic origin, political opinions, religion, health status, biometric data), except where expressly required by law.
4. Legal Basis for Processing (Art. 6 GDPR)
In accordance with the GDPR, we process personal data on the following legal bases:
5.1. Data is collected on a purely voluntary basis - the User provides it by filling out feedback forms, sending messages via messengers (WhatsApp, Telegram, Viber), or by phone call.
6. Purposes of Personal Data Processing
7. Data Retention Periods and Deletion
7.1. Personal data is stored for the period necessary to achieve the purposes of processing, or until the User withdraws consent:
7.2. Upon expiry of the retention periods, data is automatically deleted or fully anonymised. The User has the right to request early deletion of their data at any time (right to be forgotten, Art. 17 GDPR).
8. Use of Cookies and Similar Technologies
8.1. The Site uses cookies - small text files placed on the User's device to improve site performance.
8.2. Types of cookies we use:
8.3. Upon first visit to the Site, the User is shown a cookie consent banner with the ability to select categories. Necessary cookies are activated automatically, others — only after consent.
8.4. The User can change cookie settings at any time via the control panel on the Site or in the browser settings.
9. Your Rights Under the GDPR (Arts. 15-22)
As a data subject, you have the following rights:
9.1. To exercise any of the above rights, please contact us at [email protected] or by phone at +359 889 577 225. We will respond within 30 calendar days of receiving the request.
9.2. If you believe that the processing of your data violates the GDPR, you have the right to lodge a complaint with the Commission for Personal Data Protection of the Republic of Bulgaria (CPDP): www.cpdp.bg, Sofia, 2 Prof. Tsvetan Lazarov Blvd.
10. Disclosure of Personal Data to Third Parties
10.1. We do not sell and do not transfer your personal data to third parties for marketing purposes without your explicit consent.
10.2. Data may be disclosed to the following categories of recipients only to the extent necessary to fulfil the processing purposes:
10.3. All data recipients are bound by confidentiality and must ensure a level of protection corresponding to GDPR requirements. When transferring data outside the EEA, we use EU Standard Contractual Clauses (SCC) or transfer data to countries with an adequate level of protection.
11. Personal Data Security Measures
We apply a comprehensive set of organisational and technical measures to protect your data:
12. International Data Transfers
12.1. The majority of data is processed within the European Economic Area (EEA) - servers are located in Bulgaria (EU Member).
12.2. Some services (Google Analytics, Facebook, Telegram, WhatsApp) may process data on servers in the USA. In such cases, we ensure data protection through:
13. Automated Decision-Making and Profiling
13.1. We do not use automated decision-making, including profiling, that produces legal effects concerning you or similarly significantly affects you (Art. 22 GDPR).
13.2. We may use automated tools to analyse site behaviour (Google Analytics), but this data is anonymised and not used for individual service provision decisions.
14. Data Concerning Minors
The Site and services are intended for persons aged 18 and over. We do not knowingly collect or process personal data of minors. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us — we will promptly delete such data.
15. Changes to the Privacy Policy
15.1. We reserve the right to update this Policy in connection with changes in legislation or data processing practices. The updated version takes effect from the moment it is posted on the Site.
15.2. We notify Users of significant changes by posting a prominent notice on the Site or sending an email (to newsletter subscribers).
15.3. Last updated: 18 June 2026.
16. Contact Information and Exercise of Rights
To exercise your rights, ask questions, or file complaints:
Request processing time - up to 30 calendar days. In complex cases, the period may be extended by a further 2 months with notification to the User.