Privacy Policy


Art. 1. (1) "Target Finance" OOD (hereinafter referred to as the "Company") is a limited liability company, registered in the Commercial Register at the Registration Agency with EIC 201660837, with its seat and management address in the Republic of Bulgaria, Sofia, Golash St. No. 14, 2nd floor, Apt. 10.

(2) The company is a personal data controller, processing personal data in connection with its activity and solely determining the purposes and means of their processing.

(3) This policy is an important document. We recommend that you read it carefully, print, and keep a copy for your reference. We will assume that you consent to the use of your personal information described in this policy unless you tell us otherwise. If you have any questions about how we collect, store, and use your personal information or would like a copy of the information we hold about you, please contact us by writing to the designated data protection officer at Sofia, ul. "Golash" No. 14, floor 2, apartment 10, or send us a message at

Art. 2. This privacy and cookie policy (the "Policy") provides information on the personal data that the Company processes and on the terms and conditions by which natural persons whose personal data are processed exercise their rights.

Art. 3. For the purposes of this Policy:

  • "personal data" means any information relating to an identified natural person or an identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier, or by one or more characteristics specific to the physical, the physiological, genetic, psychic, mental, economic, cultural, or social identity of that natural person;
  • "processing" means any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation, or modification, retrieval, consultation, use, disclosure by transmission, distribution, or other way in which the data is made available, arranged, or combined, restricted, deleted, or destroyed;
  • "restriction of processing" means marking stored personal data to limit their processing in the future;
  • "pseudonymization" means the processing of personal data in such a way that the personal data can no longer be associated with a specific data subject without the use of additional information, provided that it is stored separately and is subject to technical and organizational measures with the purpose of ensuring that the personal data are not linked to an identified natural person or an identifiable natural person;
  • "personal data register" means any structured set of personal data that is accessed according to certain criteria, regardless of whether it is centralized, decentralized, or distributed according to a functional or geographical principle;
  • "administrator" means a natural or legal person, public body, agency, or other structure that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of a country Member State, the controller or the special criteria for its designation may be established in Union law or in the law of a Member State;
  • "personal data processor" means a natural or legal person, public body, agency, or other structure that processes personal data on behalf of the controller;
  • "recipient" means a natural or legal person, public body, agency, or other structure to which the personal data are disclosed, regardless of whether it is a third party or not. At the same time, the public authorities that may receive personal data within the framework of a specific investigation in accordance with the law of the Union or the law of a Member State are not considered "recipients"; the processing of this data by the specified public authorities complies with the applicable data protection rules in accordance with the purposes of the processing;
  • "third party" means a natural or legal person, public body, agency, or other body other than the data subject, the controller, the personal data processor, and the persons who, under the direct supervision of the controller or the personal data processor, have the right to process the personal data;
  • "data subject consent" means any freely expressed, specific, informed, and unequivocal indication of the will of the data subject, by means of a statement or a clear affirmative action, which expresses his consent to the processing of personal data relating to him;
  • "breach of personal data security" means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data that is transmitted, stored, or otherwise processed;
  • "supervisory authority" means an independent public authority established by a Member State pursuant to Article 51 of the General Data Protection Regulation.

Art. 4. The principles related to the processing of personal data are:

  • principle of legality, good faith, and transparency of personal data processing - the collection of personal data must be within the scope of what is necessary. Information is collected in a legal and objective manner;
  • principle of reducing data to a minimum, as well as limitation of purposes and storage - personal data must not be used for purposes other than those for which they were collected, except with the consent of the person or in the cases expressly provided for by law. Personal data must be stored for a period no longer than is necessary for the purposes for which the personal data are processed;
  • principle of accuracy - personal data must be precise, accurate, complete, and up-to-date, insofar as this is necessary for the purposes for which they are processed;
  • principle of integrity and confidentiality - personal data must be processed in a way that guarantees an appropriate level of personal data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by applying appropriate technical or organizational measures.

Art. 5. Personal data of the customers-individuals of the Company's electronic store as well as through the direct trading platforms, are processed in the register "Counterparties" and in particular in a sub-register "Users under PPE" and "SFP Sellers" sub-register.


Art. 6. (1) The following categories of personal data are processed in the sub-register "Users under PPE":

  • name and surname;
  • e-mail (user's personal profile/account in any of the electronic platforms for direct trade listed above);
  • mailing address;
  • contact telephone number;
  • gender;
  • IP address - location
  • IBAN of the user - for the return of relevant amounts in case of complaints and/or cancellation of the contract.

(2) The data under para. 1, m.p. 1, 2, 3, 5 and 7 are processed for the purpose and on the basis of the performance of the distance contract concluded between the Company and the user and on the basis of the Accounting Act, the Consumer Protection Act, as well as for the purposes of concluding the same.

(3) The company does not have access to card data, as well as authentication data when paying with a credit or debit card or through an account, and does not register or store them