Last Updated: October 5, 2025
The protection of your personal data is a matter of great importance to us. This Privacy Policy informs you in a detailed and transparent manner about the type, scope, and purpose of the processing of personal data within our online offering and the associated services (collectively, the "Services"), fully complying with the EU General Data Protection Regulation (GDPR) and the Bulgarian Personal Data Protection Act.
I. Controller and Contact Information
The Controller responsible for data processing is Guste Ltd. OOD, operating as CLWD. The legal address of the Controller is 38 Petar Parchevich Street, Sofia 1000, Bulgaria (BG204857576). For all questions regarding data protection and to exercise your rights, you can contact us directly via email at info@exegroup.bg.
II. General Principles and Legal Basis
We process your personal data strictly based on the principles of lawfulness, fairness, and transparency. We only process your data when a legal basis permits it. The primary legal grounds for our processing activities are: Art. 6(1) lit. b (where processing is necessary for the Performance of a Contract with you or necessary for pre-contractual steps); Art. 6(1) lit. a (where you have given your Explicit Consent); and Art. 6(1) lit. f (where processing is necessary for our Legitimate Interests).
III. Categories of Personal Data and Processing Activities
We process various categories of data to provide our services and ensure their security.
A. Data You Provide to Us (Direct Input):
When you register for the Services, we collect Registration Data (Name, Email, Phone, Password Hash) to establish and manage your user account and fulfill our contractual obligations. This processing is based on the Performance of a Contract (Art. 6(1) lit. b GDPR). Your personal account data is retained for the entire duration of your active membership. If you choose to upload Profile Content (such as location, images, videos, and messages), we process this to enable the core functionality of the Services and facilitate interaction, which is also based on Contract Performance. Any content you voluntarily disclose in public sections (forums or public profiles) becomes publicly available. If you contact us (e.g., for support or event bookings), we process your Correspondence Data to respond to your request and provide efficient customer service, based on either Performance of a Contract or our Legitimate Interest in efficient communication.
B. Marketing Communications:
We may send you promotional offers related to products or services similar to those you have previously used. This is based on our Legitimate Interest (Art. 6(1) lit. f GDPR) in direct marketing, against which you have the unconditional right to object at any time. If we send you promotional offers on behalf of other businesses, we do so exclusively based on your separate and explicit consent (Art. 6(1) lit. a GDPR). We may also track confirmations of message openings to measure and improve the relevance and effectiveness of our communication, which is based on our Legitimate Interest in optimizing our marketing efforts.
C. Automatically Collected Server Data:
When you access our website, our servers automatically record Server Log Data, including your IP address, browser information, and time of access. The primary purpose of this processing is to ensure the security, stability, and technical operation of our offering and to detect and prevent malicious attacks. This is based on our Legitimate Interest (Art. 6(1) lit. f GDPR). Server Log Data is generally stored for a maximum of seven days.
IV. Cookies and Tracking Technologie
This section outlines our use of cookies, which are small text files transferred to your device, and other tracking technologies (like pixels) that function similarly to collect and store information about your usage behavior.
A. Categories and Legal Grounds:
We classify the cookies we use into the following categories:
Strictly Necessary/Essential Cookies: These are essential for the basic functionality of the website (e.g., maintaining your login session or remembering your cookie preferences). Processing these is based on our Legitimate Interest (Art. 6(1) lit. f GDPR) in providing a functional website.
Functional, Performance, and Marketing Cookies: These non-essential cookies are used for features like remembering your preferences, analyzing site performance (e.g., page views, error rates), and delivering targeted advertisements relevant to your interests. The processing of data from all non-essential cookies is based exclusively on your explicit consent (Art. 6(1) lit. a GDPR).
B. Consent Management:
We utilize a Consent Management Platform (CMP) to give you full control over non-essential cookies. When you visit our website, the CMP will prompt you to provide your free, informed, specific, and unambiguous consent to the setting of these cookies. You have the right to withdraw your consent at any time with effect for the future via the settings provided in our CMP. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. A detailed list of all specific cookies used (including their provider, purpose, and storage duration) can be accessed directly within the CMP interface.
For the legally responsible cookie policy, please refer to: Framer Cookie Policy
V. Disclosure and International Data Transfers
Data Disclosure and Recipients
We will never rent or sell your personally identifiable information. We share your data only in the following specific circumstances:
Data Processors (Agents): We engage external companies (e.g., hosting, software providers) to perform tasks strictly on our behalf. These parties are bound by Data Processing Agreements (Art. 28 GDPR) and are not permitted to use your data for their own purposes.
Advertisers/Partners: We may share aggregated, anonymized, or pseudonymized information with advertising partners for targeting and optimization purposes, based on our Legitimate Interest in operating the Services.
Legal Obligations and Business Transfers: We reserve the right to disclose data to authorities, courts, or during a business transfer (e.g., merger or acquisition) when legally required or necessary to protect our rights and property.
International Data Transfers (Non-EU/EEA)
If your personal data is transferred to countries outside the European Economic Area ("Third Countries") due to the use of global IT services, we ensure that an adequate level of data protection is maintained by implementing appropriate safeguards (Art. 46 GDPR). This primarily involves implementing Standard Contractual Clauses (SCCs) adopted by the European Commission, combined with any necessary supplementary technical and organizational measures to ensure equivalent protection. Information on the specific recipients and guarantees will be provided upon request.
VI. Data Retention and Children's Privacy
We store your personal data only for as long as necessary to fulfill the purposes for which it was collected. Your account data is retained for the duration of your active membership. After Account Deletion, we may retain certain data for up to one year to comply with statutory retention and reporting obligations. Longer retention periods only apply where strictly mandated by law (e.g., tax or commercial laws).
Our Services are explicitly not directed at individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we learn that we have collected personal data from a child under 18 without parental consent, we will delete that information immediately. If you believe this has occurred, please contact us at info@exegroup.bg.
VII. Your Data Protection Rights
Under the GDPR, you have comprehensive rights regarding the processing of your personal data. You can exercise any of these rights by contacting us at info@exegroup.bg. These rights include:
The Right of Access (Art. 15) to obtain confirmation and information about your processed data.email address
The Right to Rectification (Art. 16) of inaccurate or incomplete data.
The Right to Erasure (Art. 17) of your data ("right to be forgotten").
The Right to Restriction of Processing (Art. 18).
The Right to Data Portability (Art. 20).
The Right to Object (Art. 21) to processing based on legitimate interests (e.g., direct marketing).
The Right to Withdraw Consent (Art. 7) at any time with future effect.
You also have the Right to lodge a complaint (Art. 77) with the supervisory authority in your place of residence or the place of the alleged infringement. The competent supervisory authority for Guste Ltd. OOD in Bulgaria is the Commission for Personal Data Protection (CPDP), located at Sofia 1592, Blvd. "Prof. Tsvetan Lazarov" No. 2, Bulgaria.
VIII. Changes to this Privacy Policy
We reserve the right to amend this Privacy Policy from time to time. Any material changes that affect your rights or the legal basis of processing will be communicated to you, and your consent will be sought where required by law. We encourage you to review this policy periodically.