Privacy Policy

Thank you for visiting our website. The protection and confidentiality of your personal data is of particular importance for us.

With this policy, we aim to inform you about the processing of personal data that we collect from users and customers of our website (, hereinafter reffered to as “Mercatus” or “the website”.

Personal data covers all information related to an identified or identifiable individual. This includes information such as name, address, email, billing address or telephone number. Information that is not directly related to your identity, for example, the number of users on the website does not fall within this category.

Mercatus respects the privacy of all users of the Website. This Privacy Policy describes the ways and conditions under which Mercatus processes and uses your personal data. We recommend that you read this Privacy Policy to get more information about the processing and use of your personal data.
Governing law applicable to this Privacy Policy is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘General Data Protection Regulation’ or ‘GDPR’) and the Bulgarian law.

Who is responsible for the processing of your personal data?

The data controller (hereinafter referred to as “Mercatus”, “The Company” or “We”) in the sense of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

Mercatus Ltd., UIC 200873063, a limited liability company incorporated under the laws of Republic of Bulgaria.

Address: Sofia 1407, “Lozenets” district, 2 Plachkovitsa Str., fl. 4, ap. 23


How to contact us?

If you have any questions and / or requests related to your personal data that the Company processes, you can contact us at: Sofia 1407, “Lozenets” district, 2 Plachkovitsa Str., fl. 4, ap. 23.

You can contact our Data Protection Officer at the following email:

Mercatus respects the privacy of your personal information. The protection of your personal information throughout the entire process of processing personal data, as well as the security of all data processed by the Company, is an important issue for us. We process personally identifiable information collected during your visit to our web site in accordance with national and European law.

What is the nature of this Privacy Policy?

This Privacy Policy aims to provide you with comprehensive information in a clear and understandable language about what actions are taken with the personal data you provide to us, including:

  • What personal data do we process?
  • For what purposes do we process your personal data?
  • For how long do we keep the personal data you provide?
  • Whom we share your personal information with?
  • What are your rights regarding your personal data and how you can exercise them?
  • How we notify you of a change to our Privacy Policy?

With this Privacy Policy, Mercatus declares that it has implemented all technical and organizational measures to protect the personal data of individuals prescribed by law or regulation at national and European level.

What is “personal data”?

Any information and data by which an individual can be identified falls directly or indirectly under the definition of “personal data”.

For example, indirect identification is your mobile number. Direct identification is achieved when you provide a unique identifier such as passport number, etc.
“Special categories of personal data” means data revealing racial or ethnic origin, political views, religious or philosophical beliefs or membership of trade unions, as well as the processing of genetic data, biometric data for the sole purpose of identifying an individual, health data or data about the sexual life or sexual orientation of the individual.

What personal data about you do We process?

Categories of personal data Types of personal data
Information about you First name, last name
Contact details Email, mobile number
Cookies’ data Data collected by Cookies to identify your browser or device
Other data Other types of personal information, which you may provide by contacting us and/or making a request / inquiry


Mercatus does not collect any special categories of personal data as such are not required for the use of our website and / or for provision of our services. If sensitive categories of personal data are provided by you in the course of your communication with the Company or use of our web site, it will be deleted as soon as possible after the processing of such data is established.

What are our legal grounds for processing of personal data?

The processing of personal data includes the collection, storage, destruction, transfer, correction, updating, deletion and all other activities carried out with your personal data.

Mercatus processes personal data on the grounds of the performance of a contract with the customer (Article 6, paragraph 1, item “b” of the GDPR). We may also procees personal data after obtaining clear, free and unambiguous consent from you for the purposes of processing expressed through your voluntary registration or provision of data on the website (Article 6, paragraph 1, item “a” of the GDPR). Mercatus also processes data based on its legitimate interests (Article 6, paragraph 1, item “f” of the GDPR).

The consent you provide can always be withdrawn by contacting us or using the contact form available on our website.

For what purposes are we going to use your personal data?

The personal data provided by you shall be used for the following purposes, including but not limited to:

  • Provide an opportunity to use all the functionalities of the website;
  • Provide you with services and managing our contractual relationships;
  • Marketing activities, if the legal requirements for digital marketing are met;

Your personal data is not subject to automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR.

How long do we store your personal data?

Depending on the legal ground on which we process your personal data, the storage period of personal data may be different.

Your personal data is stored as long as we have valid legal grounds for processing it. After this period has expired and in case there is no legal ground to continue storing your personal data, your information shall be deleted.

Do we share your personal data with third parties?

Mercatus respects your privacy and keeps your data secured. Subject to statutory requirements or business needs, Mercatus may disclose your personal data to the following categories of recepients:


  • Service providers: When we use service providers related to client management systems, technical maintenance and provision of internal IT systems and operational support to our activities, Mercatus may disclose personal data to those service providers. Please be informed that such disclosure shall commence only in case there are legitimate grounds for doing so and only based on a written agreement ensuring that the receiver provides adequate levels of protection for the personal data;
  • State and municipal authorities: In the course of compliance with its legal obligations Mercatus may be obliged to disclose personal data of its customers to state or municipal authorities.

Mercatus does not transfer your personal data outside the European Union (“EU”) and the European Economic Area (“EEA”). Only in case one of our service providers uses servers located outside of the EU or the EЕA we may transfer your personal data outside of the said boundaries. However, in such cases Mercatus shall ensure that adequate measures for protecton of your personal data are in place and that the requirements of the GDPR are met.

What are your rights with respect to your personal data?

Subject to European law (GDPR), you have the following rights to your personal data processed by Mercatus:

  • Access your personal data that Mercatus processes and get a copy thereof;
  • In case of incompleteness or inaccuracy in the data that Mercatus processes, your personal data will be corrected (right to rectification);
  • Request the erasure of your personal data when the conditions are met. Such cases are if the purpose for which the data is collected is achieved, you have withdrawn your consent when the processing is based on consent and there is no other legal basis for processing, your data is being processed unlawfully processed, and others;
  • In the cases specified by the law, you may require that the processing of your personal data is restricted;
  • In the cases specified by the law, you may object to the processing of your personal data;
  • Exercise your data portability rights and request that your data be provided in a structured, commonly used and machine-readable format;
  • Withdraw your consent when processing your personal data is based on consent.

You can exercise any of the above rights by submitting a formal request to the following address: Sofia 1407, “Lozenets” district, 2 Plachkovitsa Str., fl. 4, ap. 23, or email: In order to exercise your rights, it is mandatory to establish the identity of the claimant when submitting a request for exercising your rights.

You also have the right to file a complaint with the Bulgarian Commission for Protection of personal Data ( when the relevant prerequisites are in place.

Updating this Privacy Policy

This policy may be updated periodically to reflect changes in personal data protection legislation and best practices. Mercatus undertakes to notify you of any significant changes to this privacy policy.