← Back to Torexis.com
This Privacy Policy explains how Torexis collects, uses, and protects personal data in accordance with Regulation (EU) 2016/679 (the General Data Protection Regulation — GDPR) and applicable Bulgarian and EU data-protection law. Last updated: 12 June 2026.
The data controller for all personal data processed through this website and its contact form is:
Torexis Ltd
Registered in Bulgaria (EU)
Registered address: Sofia, Bulgaria
Email: hello@torexis.com
Website: www.torexis.com
Where the terms “we”, “us” or “our” appear in this policy, they refer to Torexis Ltd as the data controller.
Torexis processes only limited categories of personal data (business contact information submitted voluntarily via a single contact form) and does not, as a core activity, carry out large-scale systematic monitoring of individuals or process special-category data. Accordingly, the appointment of a formal Data Protection Officer is not mandatory under GDPR Article 37 for our current processing activities.
All data-protection enquiries, subject-access requests, and complaints should be directed to:
Data Protection Contact — Torexis Ltd
Email: privacy@torexis.com
(Alternative: hello@torexis.com)
We will respond to all data-protection requests within 30 days of receipt, in line with Article 12 GDPR.
We collect personal data only when you voluntarily submit our contact form. No tracking pixels, third-party analytics, or passive data-collection mechanisms are currently active.
| Field | Data Type | Purpose | Mandatory |
|---|---|---|---|
| Full name | Personal identifier | Addressing you in our response | Yes |
| Work email address | Contact data | Sending our reply | Yes |
| Company / organisation | Professional data | Assessing engagement eligibility | Yes |
| Role / title | Professional data | Routing to correct team member | No |
| Topic of interest | Business data | Routing enquiry to relevant expertise | Yes |
| Message / challenge description | Free-text content | Understanding your specific requirement | Yes |
We do not collect special-category data (Art. 9 GDPR), criminal conviction data (Art. 10 GDPR), or data relating to minors. We do not use automated profiling or automated decision-making with legal or similarly significant effects (Art. 22 GDPR).
All processing of personal data submitted via the contact form is based on one or more of the following lawful bases under Article 6 GDPR:
We do not sell, rent, or exchange personal data with third parties for marketing purposes. We do not build automated profiles or serve targeted advertising.
| Processing Context | Retention Period | Basis |
|---|---|---|
| Enquiry with no resulting engagement | 24 months from last contact | Legitimate interest |
| Enquiry resulting in a POC or contract | 7 years from contract end | Legal obligation (Bulgarian commercial law, Art. 6(1)(c) GDPR) |
| Consent-based marketing communications | Until consent is withdrawn | Consent (Art. 6(1)(a) GDPR) |
| Email correspondence | 3 years from last communication | Legitimate interest |
Data is securely deleted or anonymised at the end of the applicable retention period. You may request earlier deletion at any time (see Section 8).
This website currently uses no third-party analytics, advertising, or tracking cookies. Any session-level technical cookies are strictly necessary for the operation of the page and do not transmit personal data to external services.
If we introduce analytics or tracking tools in the future, we will update this policy and, where required by ePrivacy law, seek your consent before placing any non-essential cookies.
As a data subject under the GDPR, you have the following rights. To exercise any of them, email privacy@torexis.com. We will respond within 30 days and will not charge a fee for reasonable requests.
Torexis is headquartered in the EU (Bulgaria) and operates on a sovereign, on-premises or EU-cloud-first architecture. Personal data submitted via the contact form is processed and stored within the EEA by default.
Where we use third-party processors located outside the EEA (e.g., email delivery infrastructure), we ensure transfers are made subject to appropriate safeguards under Article 46 GDPR, including:
A list of current sub-processors and their locations is available on request via privacy@torexis.com.
We may share personal data with the following categories of trusted processors acting strictly on our instructions under data-processing agreements compliant with Article 28 GDPR:
We do not disclose personal data to government authorities except where required by binding legal obligation or court order. We will notify you of any such disclosure where legally permitted to do so.
We implement technical and organisational measures appropriate to the risk, consistent with our position as a platform providing sovereignty and compliance architecture to regulated industries:
In the event of a personal data breach presenting a risk to your rights and freedoms, we will notify the Bulgarian Commission for Personal Data Protection (CPDP) within 72 hours of becoming aware, and affected individuals without undue delay, in accordance with Articles 33–34 GDPR.
If you believe we have processed your personal data in violation of the GDPR, you have the right to lodge a complaint with the competent supervisory authority. As Torexis is established in Bulgaria, our lead supervisory authority is:
Commission for Personal Data Protection (CPDP)
2 Prof. Tsvetan Lazarov Blvd, Sofia 1592, Bulgaria
Phone: +359 2 915 3519
Email: kzld@cpdp.bg
Website: www.cpdp.bg
We would appreciate the opportunity to address your concern directly before a supervisory authority complaint is filed. Please contact us first at privacy@torexis.com.
We may update this Privacy Policy from time to time to reflect changes in our processing activities or regulatory guidance. The date at the top of this policy indicates when it was last revised. Material changes affecting existing data subjects will be communicated by email or via a prominent notice on this page.
Continued use of this website after a policy update constitutes acknowledgement of the revised policy.