Legal

Privacy Policy

Last updated: March 2025

1. Who we are and how to contact us

DMG Web LTD (“dmgweb”, “we”, “us”, “our”) is a limited liability company registered in Bulgaria under VAT number BG200650929. Our registered address is ul. Krastio Sarafov 27, fl. 1, ap. 3, Sofia 1164, Bulgaria.

We are the Data Controller for personal data collected through this website. For all privacy-related enquiries, contact our Data Protection contact at: contact@dmg-web.net.

As a cybersecurity services provider, we apply the same security standards to your personal data that we recommend to our clients. Data protection is not a compliance checkbox for us — it is a professional obligation.

2. What data we collect and why

2.1 Contact form submissions

When you submit our contact form we collect: your name, work email address, company name (optional), phone number (optional), the service you are enquiring about, and the content of your message.

Purpose: To respond to your enquiry and, if we enter a business relationship, to manage that relationship.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) — responding to unsolicited business enquiries is a legitimate interest of both parties.
Retention: 24 months from submission date, or until you request deletion.

2.2 Server and security logs

Our servers automatically record standard technical logs: IP address, browser type, operating system, pages visited, and timestamps. These logs exist for security monitoring, incident response, and performance optimisation.

Purpose: Security monitoring and incident response. As a cybersecurity company, we have a legitimate and professional obligation to monitor for threats.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR).
Retention: 90 days, then automatically purged.

2.3 Cookies and local storage

We use the minimum number of cookies necessary to operate the website. See Section 6 for full details.

3. How we use your data

We use your personal data only for the purposes stated at collection. Specifically:

  • To respond to your contact form submission
  • To send you the document you requested (if applicable)
  • To manage our business relationship if you become a client
  • To monitor and protect the security of our systems

We do not use your data for: marketing without explicit consent, profiling, automated decision-making, or selling to third parties.

4. Who we share your data with

We share your data only with the sub-processors necessary to deliver our services:

  • Resend (email delivery) — used to send you confirmation emails after contact form submission. Resend processes data in the EU. Resend Privacy Policy →
  • Supabase (database) — used to store contact form submissions securely. Data is stored in EU-West region. Supabase Privacy Policy →
  • Vercel (website hosting) — our website is hosted on Vercel's global edge network. Vercel Privacy Policy →
  • Cloudflare Turnstile (bot protection) — used on the contact form to prevent automated abuse. Turnstile is privacy-first and does not use tracking cookies or build advertising profiles. Cloudflare Privacy Policy →

All sub-processors are bound by data processing agreements. No data is transferred outside the EU/EEA without adequate safeguards.

5. Your rights under GDPR

You have the following rights regarding your personal data:

  • Right of access — request a copy of the data we hold about you
  • Right to rectification — request correction of inaccurate data
  • Right to erasure — request deletion of your data (“right to be forgotten”)
  • Right to restrict processing — request that we limit how we use your data
  • Right to data portability — receive your data in a structured, machine-readable format
  • Right to object — object to processing based on legitimate interest
  • Right to withdraw consent — where processing is based on consent, withdraw it at any time

To exercise any of these rights, email contact@dmg-web.net. We will respond within 30 days. You also have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) at cpdp.bg.

6. Cookies

We are committed to minimal cookie usage. Here is a complete list of what we use:

dmgweb_cookie_consentNecessary

Stores your cookie preferences so we do not ask again · Duration: 12 months · Provider: dmg-web.net

cf_clearance / cf_chl_*Security

Cloudflare Turnstile bot protection on the contact form. No ad tracking. · Duration: Session · Provider: Cloudflare

We do not use advertising cookies, social media tracking pixels, or any third-party analytics that build user profiles.

7. Security

As a cybersecurity services provider, we implement the controls we recommend to clients:

  • All data in transit is encrypted via TLS 1.2+
  • All data at rest is encrypted using AES-256
  • Access to personal data is restricted to personnel who need it to perform their role
  • Contact form submissions are protected by Cloudflare Turnstile to prevent automated abuse
  • Our infrastructure is monitored continuously for security incidents
  • We conduct regular security reviews of our sub-processors

In the unlikely event of a data breach affecting your personal data, we will notify the CPDP within 72 hours and affected individuals without undue delay, as required by GDPR Article 33 and 34.

8. Changes to this policy

We may update this policy to reflect changes in our practices or legal requirements. We will update the “Last updated” date at the top. For significant changes, we will display a notice on the website. Continued use of the website after changes constitutes acceptance of the updated policy.

9. Contact us

For any questions about this privacy policy or to exercise your rights: contact@dmg-web.net
DMG Web LTD · ul. Krastio Sarafov 27, fl. 1, ap. 3, Sofia 1164, Bulgaria