Privacy Policy


Last updated: November 04, 2023

Subject: This Privacy Policy (“Policy”) describes how we process personal data in connection with the use of our website (“Website”).

Definitions: The terms “personal data,” “processing,” “controller,” “processor,” “third country,” “international organization,” “data subject,” “representative,” and “Member State” (and their derivatives) used in this Policy have the meanings given in the General Data Protection Regulation (EU) 2016/679 (“GDPR”).


The controller of personal data under this Policy and administrator of the Website is the Association “FUND FOR WILD FLORA AND FAUNA”, registered in the Commercial Register and the Register of Non-Profit Legal Entities at the Registry Agency with UIC 101523620, with headquarters and management address in Blagoevgrad, 49 Ivan Mihaylov Street, floor 3, office 327 (“FWFF,” “we,” “us”). If you have any questions regarding this Policy, you can contact us by email at, by mail at our management address, or by phone at 0878777684 on business days from 09:00 to 18:00.


2.1. FWFF processes the following categories of personal data:

– Data and information that you provide to us when contacting or interacting with us on various matters, inquiries, communications, including by phone, through forms on the Website, by email, on social media (e.g., via a Facebook profile), or otherwise. This may specifically include name, surname, email, phone number, social media profile, and more. When you engage with us on social media platforms such as Facebook, our profiles there may be public, and your interaction or posting of information on them may be public. Please note that we do not control or take responsibility for the use of your social media profile, and the use of such media is governed by the policies of the respective platforms.

– Data you provide when donating funds or otherwise supporting our causes and FWFF’s activities. Such data may include names, phone numbers, email addresses, addresses, bank account information, and payment data. When making a payment to us, the Website may redirect you to a third-party payment application, such as PayPal, a bank, or others. We will only use the services of approved payment processors, but payments through their applications are governed by their respective policies, which we encourage you to review separately.

– Data you provide when subscribing to our newsletter, including names and email addresses.

– Information about your device and online identifiers, such as IP address, device used, location, device software, and data from “cookies” (see our Cookie Policy).

2.2. We usually collect data directly from you. In rare cases, we may receive data about you from third parties, such as a payment institution or a close associate.

2.3. In some cases, providing personal data is necessary to provide a specific service (for example, to receive a newsletter, you need to provide us with an email address). In these cases, if you do not provide the necessary data, you will not be able to receive the corresponding service.

2.4. Your responsibilities:

– When you provide us with data, including personal data, you declare and warrant that the same is true and accurate, that you have the right to provide us with such data for the purposes stated in this Policy, and that this does not infringe the rights of third parties, including the right to privacy, the right to personal freedom, the right to personal data protection, copyright or related rights, intellectual property rights, and others.

– When you provide personal data or contact us, you declare and warrant that you are at least 18 years old.

– You agree not to use the Website inappropriately and unlawfully, including, but not limited to, introducing viruses or other materials that are harmful or technologically damaging, attempting to make changes to the Website, attacking the Website through a system crash attack or actions that affect the operation of the Website’s server. Violating this provision may constitute a criminal offense, and FWFF, among other things, may report such actions to the relevant authorities.

– The Website and its content, including, but not limited to, design, text, graphics, logos, images, clips, software, trademarks, databases, personal data, and others, are protected by copyright and/or intellectual or industrial property rights and are the property of FWFF or our respective partners or providers. They are intended solely for personal and non-commercial use, and their use for various purposes, including commercial purposes, without our prior written consent is prohibited.

– Third-party websites and external links: For your convenience, the Website may contain advertisements or links to other websites or services operated by entities other than us, such as Facebook. This Policy does not apply to, and we are not responsible for the processing of personal data by such third parties. We advise you, if you choose to visit or use any of these third-party websites or services, to review their privacy policies, which will differ from our Policy.


3.1. The primary purpose of collecting and processing your personal data is to achieve the full functionality of the Website for the purposes of the association, including communication, information dissemination, promotion of causes, donation collection, and processing of signals and materials.

3.2. We may also use your personal data for the following specific purposes:

– To send you news and updates, including information about changes to our policies.

– To comply with or fulfil our obligations arising from laws, regulations, acts of executive or judicial authorities, such as for accounting, control and reporting purposes, audits, and tax purposes.

– To exercise our rights or protect your, our, third parties’, or public legal interests, such as detecting, investigating, and preventing theft, crimes, fraud, misuse of the Website, and other offenses, exercising rights under contracts to which we are a party, and similar purposes.

– For statistics and analyses performed for improvements and changes to our services, procedures, policies, the Website, and its functionalities (including information collected from your web browser or application, such as IP address, operating system, browser type, visit details, location, etc.). This information is used in a statistical form without individualizing specific persons.


4.1. In cases where you contact us for communication or wish to support us through a donation or other assistance, the processing of your data is based on the conclusion and performance of a contract or the provision of a service to which you are a party.

4.2. For other purposes and in specific cases, we may rely on other legal bases for processing your data, as follows:

– You have given consent for the processing.

– Processing is necessary for compliance with a legal obligation, such as accounting reporting and control, tax purposes, etc.

– For the performance of a task carried out in the public interest, provided there are legal grounds for it.

– Processing is necessary for the purposes of our or a third party’s legitimate interests, such as achieving the goals of the association, preventing and investigating abuses, violations, fraud, or crimes, and improving and making changes to the Website, its functionalities, and policies.


Your personal data may be disclosed to the following categories of recipients:

– Our service providers, such as accounting companies that serve us, companies from which we have licensed specialized software products, such as communication or other software, and other similar service providers.

– Payment service providers for the purpose of identifying and processing payments.

– Individuals to whom we are obligated to disclose data according to applicable laws, acts of executive or judicial authorities, or in judicial proceedings, or in connection with the investigation of illegal activities, or in case of suspicion of such activities, or upon a lawful request from state, governmental, or regulatory authorities.

– Third parties when we have a legitimate belief that such disclosure is necessary to prevent death or harm, financial loss, or in connection with the detection, investigation, and prevention of theft, crimes, fraud, abuse, infringement of rights, and other offenses.

– Third parties in the event of reorganization, merger, acquisition, sale, joint venture, transfer, or other restructuring related to the conduct of our business.

– Publicly – when you connect with us on social media, such as Facebook, our profiles there may be public, and your interaction or posting of information on them may be public. This also depends on the settings of your profile, and we do not control or take responsibility for it.


6.1. In cases where, for the conduct of our activities, it becomes necessary to transfer personal data to jurisdictions outside the European Union, which have different data protection laws, we will do so only based on: a) a decision of the European Commission regarding the adequacy of the level of protection in that country (Article 46 of GDPR) or another approved mechanism; or b) appropriate safeguards as provided in Article 46 of GDPR, including relying on the Standard Contractual Clauses for data processors according to models and standards approved by the European Commission; or c) binding corporate rules approved by the competent supervisory authority (Article 47 of GDPR).

6.2. In other cases, we may rely on and seek your consent for such transfers to third countries, in which case we will inform you in detail about the transfer and the measures taken in connection with it, including technical and organizational measures for the protection of personal data.


7.1. Right to withdraw consent. When we process your personal data based on your consent, you have the right to withdraw it at any time. This will not affect the lawfulness of processing before the consent is withdrawn. You can exercise this right at no additional cost to you in one of the following ways:

– Send us an email at with a clear statement that you are withdrawing your consent.

– Call us at 0878777684 during working hours (09:00 to 18:00 on business days).

– Send a letter to our registered address as indicated in this Policy.

– Use the contact form on the Website.

In case you withdraw your consent for the processing of your personal data, we will delete them from our systems to the extent provided by law and within a reasonable timeframe.

7.2. Right of access to data – at any time, you can request information about your personal data that we store. In some cases, this will be only the personal data recorded by you in your profile.

7.3. Right to rectification – request correction of your personal data if it is inaccurate. If you have a profile on the Website, you can edit your personal data from there.

7.4. Right to erasure of data – the “right to be forgotten”. You should be aware that this is not an absolute right and applies in accordance with the law. For example, you have the right to request the deletion of your personal data if they are no longer necessary for the purposes for which they were collected or processed in another way, provided that there is no legal obligation on our part that requires further processing (for example, some of your data continue to be processed for accounting reporting and control purposes in accordance with accounting legislation). In all cases, we will respect any reasonable and lawful request for the deletion of personal data.

7.5. Right to restriction of processing under applicable law.

7.6. Right to data portability – in certain legal scenarios, you may request to receive or transfer to a third party a copy of your data in a structured, commonly used, and machine-readable format (this only applies to automatically processed data provided by you processed on the basis of your consent or a contract concluded with you).

7.7. Right to object. This includes your right to object at any time to the processing of your personal data based on:

– the performance of a task carried out in the public interest or the exercise of official authority vested in us; or

– our legitimate interests or those of a third party.

In such cases, we will cease processing unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject, or for the establishment, exercise, or defense of legal claims.

7.8. If you are located in the European Union, you also have the right to lodge a complaint with a supervisory authority, more specifically in the Member State of your habitual residence, place of work, or the place of the alleged infringement. The supervisory authority for personal data protection in Bulgaria is the Commission for Personal Data Protection, which can be reached at

7.9. You can exercise the above-mentioned rights in accordance with applicable law and specifically with the provisions of the GDPR. To exercise your rights against us, you can contact us at at any time. In these cases, we may need to confirm your identity or contact you regarding your request.


8.1. We will retain personal data for as long as necessary for the respective processing purposes and for the fulfilment of our legal obligations.

8.2. In particular, we will retain personal data:

– Data for accounting and control purposes – in accordance with the legally established accounting and control rules (usually for a period of 5 years after the completion of the economic operation). Data processed in connection with other legally established obligations will be retained until the expiration of the respective obligation.

– With your consent for processing – until you withdraw your consent.

– You may stop communicating with us on social media at any time and using the tools of the respective social media, for example, if you have liked our Facebook page, you can unlike it, etc.

8.3. Personal data processed for other purposes will be processed and stored as necessary and in accordance with data protection laws and applicable standards.

8.4. To avoid doubt, we may generate and store generalized statistical reports and materials that do not contain personal data and from which a specific individual cannot be identified. This Policy does not apply to them as they do not contain personal data.


9.1. The association does not intend to use software for automated processing of personal data when making decisions related to such processing. In the event that such use is required in the future, we will inform users of the Website about it, and we will not base our decisions solely on such software or similar processing, always incorporating a human factor.

9.2. You always have the right to object to any decision that significantly affects you and is made solely by a computer, software, or other automated process, if such a decision exists.


10.1. We may make changes to this Privacy Policy, and any changes will be published on the Website and may be specifically communicated to you via email or other means. In case we process your personal data based on your consent, and the changes affect the processing in connection with it, we will inform you about the changes and request your consent for them.

This policy was approved on November 4, 2023.