The information provided by clients in connection with my activity as a lawyer is subject to a special regime and enhanced protection.

Pursuant to Art. 33 of the Bar Act, attorney papers, files, electronic documents, computer equipment and other carriers of information are inviolable and may not be subject to inspection, copying, verification or seizure; the correspondence between a lawyer and his clients, irrespective of the manner it is maintained, including electronically, may not be subject to inspection, verification or seizure and may not be used as evidence.

Art. 45 of the Bar Act explicitly provides that a lawyer is under the obligation of keeping the secrets of his clients without limitation in time.

Notwithstanding and in addition to such enhanced protection, in my practice I strictly adhere to the requirements of the General Data Protection Regulation (“GPDR”). That is why I provide here below information about the way I process your personal data, in particular in the context of using the Website and its Services (see also the Terms of Use which this Privacy Notice is an integral part of).

Personal Data

When you visit the Website you do not provide any of your personal data and, respectively, such will not be subject to processing. If you decide to provide such personal data (by using the Electronic Services section or other similar functionality), Attorney Sotirov will process as a controller your personal data.

The Website does not require, nor provides any possibility for registration of its Users and, respectively, no personal data is collected in connection with such registration. Personal data may be provided and, respectively, collected and processed through the web forms enabling the use of the Services: Questions and Answers, Electronic Services, newsletter, sending a message. The provision of personal data is voluntary but it is a necessary condition for the use of the respective Services; filling in fields marked with * is required.

Cookies might be used upon submission of the respective web forms or using the Website in another way – such cookies will be used solely for the proper functioning of the Website and not for collecting and processing personal data (insofar as it is possible that the system of the Website automatically records the IP addresses of the respective Users upon submission of the web forms, a special module has been installed – IP Anonymize – for all such data to be periodically and automatically deleted and thus not stored on the server in any form whatsoever).

The only cookies of third parties being used on the Website are those of StatCounter – for analytics (statistics) purposes only, without any personal data being collected (only summary and anonymous information about the usage of the Website by its Users). The Website does not use cookies of third parties for advertising purposes.

Through the settings of your browser you could quickly and easily turn off the use of cookies, as well as delete already used ones. To refuse the StatCounter cookies you could also use this link.

Legal Basis for the Processing

Personal data will be processed on the grounds of Art. 6, par. 1, letter (a) or letter (b) of the GDPR (depending on the particular situation), namely: the data subject has given consent to the processing of his or her personal data for one or more specific purposes; processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

The Administrator may also process your data when necessary for compliance with a legal obligation or when any of the other grounds under Art. 6, par. 1 of the GDPR is applicable.

Purposes of the Processing

Your personal data will be processed for the following purposes:

Data being provided upon submission of the Electronic Services web form will be used for the purposes of processing the received requests and where contractual relations occur – for the purposes of the due provision of the respective legal services and performance of the related obligations.

Data being provided upon submission of the web form in the Questions and Answers section of the Website will be used for the purposes of enabling Users to take part in public discussion of the respective legal topics (articles) and in particular: for posting questions (comments) to the Website and being notified with regard to such questions (e.g., in confirmation of the successful sending of their question or upon moving the latter to a more appropriate in terms of relevance article and to a different address, respectively).

Data being provided upon submission of the web form for subscribing to the newsletter will be used for the purposes of delivering the latter to the electronic (email) addresses of the respective Users (who have explicitly agreed to that by sending the subscription web form). The newsletter will be also delivered to the Users who have subscribed through selecting the respective option upon sending another of the web forms.

Data being provided upon submission of the contact web form will be used for the purposes of establishing contact in connection with the messages sent and replying to the respective inquiries.

Recipients of Personal Data

Your personal data will not be disclosed to third parties, unless where required by virtue of imperative legal provisions and/or needed for the performance of contractual obligations, including for the provision of requested services (for example, personal data being provided upon sending a request for registration of an LLC will be included in the respective documents and provided to the Registry Agency for the purposes of the registration being carried out).

The content of the questions (comments) posted in the Questions and Answers section of the Website is publicly accessible (except for the email addresses) and Users alone decide what information and data to indicate and provide – posting and thus making available to the public of personal data or other confidential information is at their own risk and responsibility.

Insofar as the data is to be stored in the system of the Website, the hosting provider company will act as a processor of personal data within the meaning of the GDPR. The provider of cloud eMail services to be used for sending out the newsletter will also act in such capacity. As already explained here above, no personal data is collected and processed through StatCounter and, respectively, the service provider should not be considered processor within the meaning of the GDPR – nevertheless, StatCounter is included in the list below in order to ensure the provision of more complete and useful information.

The Administrator uses only the services of providers (processors, partners) with good reputation, who operate on instructions from the Administrator on the basis of contractual agreements. Among the providers, without the list being exhaustive, are:




Some of the partners may transfer data outside the EU/EEA where a decision for adequacy of the level of protection is available – for example, the EU-U.S. Privacy Shield. For more information, please refer to the privacy notices of the aforementioned partners.

No personal (identifying) data or other confidential information about the Users is revealed through the Online Status Check web form – the latter contains only brief reference information on the current status of the requests sent by the Users.

Period for Storage

Storage of personal data lasts as long as grounds for such storage exist. For example, when subscribing to the newsletter Users will provide certain information and will give their consent for its processing – upon withdrawal of such consent data will be erased without undue delay.

When by virtue of an imperative legal provision the Administrator is required to retain your personal data for a longer period or where the data is needed for the Administrator to exercise or defend against legal claims, the Administrator will retain your personal data by the end of the respective storage period or until settlement of the respective claims.

Your Rights

You have the following rights under the GDPR:

to withdraw your consent at any time (where the processing is based on a given consent);

to object to processing of personal data (where the processing is based on a legitimate interest or for the purposes of direct marketing);

to request access to, rectification and erasure of your personal data;

to request restriction of the processing;

to data portability (when the legal prerequisites are available);

to file a complaint with the Commission for Personal Data Protection (Sofia 1592, 2 “Prof. Tsvetan Lazarov” Blvd., 02 91 53 555,

Information about the Administrator

Attorney Deyan Sotirov – member of the Sofia Bar Association, Personal No. 1300498210; address of the law office: Bulgaria, Sofia 1000, 5 Triaditsa Str., entrance B, floor 3, Office 313; telephone: +359 (0) 2 944 05 57; mobile/Viber: +359 (0) 899 45 03 43; email:

This Privacy Notice has been published on 25.05.2018.