Privacy Policy

Valid as of 25.05.2018

Findilao Ltd (hereinafter referred to as “we”, “us”, “our”, “Findilao” or “the Company”), registered as a Data Controller with the Bulgarian Commission for Personal Data Protection (Data Controller ID: 435974), is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data that we collect, and process depends on the product or service requested and agreed in each case.

The present privacy policy:

  • provides an overview of how the Company collects, processes and uses your personal data and informs you about your rights under the local data protection law and the EU General Data Protection Regulation (‘GDPR’),
  • is directed to natural persons who are either current or potential customers of Findilao, or are authorised representatives/agents or beneficial owners of legal entities or of natural persons which/who are current or potential customers of Findilao,
  • is directed to natural persons who had such a business relationship with the Company in the past,
  • contains information about when we share your personal data with other members of the JFD Group and other third parties (for example, our service providers, licensors or suppliers).

Through this privacy policy, your data may be called either “personal data” or “personal information”. We may also sometimes collectively refer to handling, collecting, protecting and storing your personal data or any such action as “processing” such personal data.

For the purposes of this statement, personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address and other online identifiers (IP address and email).

To fully understand the terms that will govern your use of our “e-Services,” you will need to read the full Privacy Policy and Cookie Policy.

Findilao is part of the JFD Group. Each entity of the JFD Group has its own separate privacy statement. Such entities maintain their own websites that may be linked to our website. If you are interested in learning about how such entities process your personal data, please refer to their corresponding privacy statements which may be found on their websites. In some cases, personal data will be shared to and processed amongst other companies of the JFD Group.


When you register an account with the Company, you must do it through our website and the account registration form. At that point you are requested to agree with the terms listed in the given Privacy Policy. You confirm acceptance of these terms by ticking the box on the account registration form. If you do not choose to tick the box, then it is considered that you are not giving your consent and the Company cannot collect and process your data neither provide any additional services to you.

If you have given us your specific consent for processing (other than for the reasons set out below) then the lawfulness of such processing is based on that consent. You also consent when the Company is transferring your personal information outside the European Economic Area where this is necessary for the Company to fulfil its contractual obligations to you. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.

We are furthermore obligated to collect such personal data not only for the commencement and execution of a business relationship with you but also for the performance of our contractual, regulatory, statutory and legal obligations.

Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorised representative/agent or beneficial owner of a legal entity.


The Company must receive or collect your information to create your account with us and set you as a client of the Company. Further we collect data to operate, provide, improve, understand, customise and support our services in relation to your account as well as to properly identify and communicate with you in any other relevant occasion. We also have the right and the duty by its area of activity to check the accuracy of the client data contained in the databases by periodically asking you to update and/or correct or confirm the accuracy of the client data provided. We ask, collect from our clients and process, in regard with their use of the Findilao member portal and/or services, the personal data information below:

  • Contact Data: When you sign up for a Findilao Account and make a purchase, we require certain information such as your name, email address and billing address. When you contact us via the online channels provided on our website, we also may require (based on the context) your telephone number, preferred time for calling you and your time zone.
  • Tax Data: we collect information such as country of your billing address and tax identification number
  • Any other data needed from the Company to perform its due diligence obligations and any other statutory, regulatory, legal obligations, i.e. your IP address.

We may also collect and process personal data which we lawfully obtain not only from you but also from other entities within the JFD Group or other third parties, e.g. public authorities, companies that introduce you to us, companies that process card payments and publicly available sources which we lawfully obtain, and we are permitted to process.

You accept and consent that all PayPal transactions undertaken are subject to the PayPal Privacy Policy.

You use and contact us via this website and provide any personal details requested at your own discretion.


As mentioned earlier we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Bulgarian data protection law for one or more of the following reasons:

3.1 For the performance of a contract

We process personal data to offer you our e-Services based on contracts with you (the Terms and Conditions) but also to be able to complete our acceptance procedure to enter into a business relationship with you or other prospective customers. The extent of processing personal data depends on whether the customer is a natural or legal entity and to the requirements for each service.

As a customer of Findilao, you may receive regular product and/or account notifications from us by e-mail. We deliver these notifications as a part of the e-Service you bought, regardless of whether you have subscribed to a newsletter or not. In this way, we want to provide you with essential information about your subscriptions and account functionality. If you no longer want to receive such notifications from us, you can object to this at any time. A message sent to the contact details mentioned in point 13 of this Privacy Policy is sufficient.

To the extent allowed by the existing applicable technologies and to ensure the highest possible quality of all our services in line with the Terms and Conditions and Cookie Policy, we may also use your personal data:

  • To personalize your experience and deliver the type of content and product offerings in which you are most interested
  • To improve our website to better serve you
  • To better respond to your customer service requests
  • To follow up with you after correspondence (live chat, email or phone inquiries)

3.2 For identity verification purposes

The Company needs to perform its due diligence measures before entering a client relationship in order to prevent actions, such as subscription fraud, and also to perform other duties imposed by law. Therefore, we collect from our clients’ identity and location verification information (such as name, IP address, tax identification number, billing address,) or another authentication information (when applicable). Further to this, the Company can use third parties which carry out identity checks on its behalf.

3.3 For compliance with a legal obligation

There are several legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements. There are also various supervisory authorities whose laws and regulations we are subject to. Such obligations and requirements impose on us necessary personal data processing activities for identity verification, compliance with court orders, tax law or other reporting obligations. These include, amongst others, transaction reporting requirements.

3.4 For the purposes of safeguarding legitimate interests

We process personal data to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:

  • Initiating court proceedings and preparing our defence in litigation procedures,
  • Means and processes we undertake to support the Company’s IT and system security, preventing potential crime, asset security, admittance controls and anti-trespassing measures,
  • Measures to manage business and for further developing products and services,
  • Transactions processing
  • Sharing your personal data within the JFD Group for updating/verifying your personal data in accordance with the relevant e-Services
  • The transfer, assignment (whether outright or as security for obligations) and/or sale to one or more persons and/or charge and/or encumbrance over, any or all of the Company’s benefits, rights, title or interest under any agreement between the customer and the Company.

3.5 For Marketing Purposes

The Company may use client data, such as location, usage or transactions history to deliver any news, analysis, research, reports, campaigns and training opportunities that may interest the client, to their registered email address. You always have the right to change your option if you no longer wish to receive such communications.

For sending you email newsletters in which we regularly provide you with news about our portals, products and services as well as useful tips, appointments and promotions, we use the so-called ‘double opt-in’ procedure, i.e. we will only send you a newsletter by e-mail if you have previously explicitly confirmed to us that we should activate the newsletter service. We will then send you a notification e-mail with a link for you to confirm that you wish to receive our newsletter. If you no longer wish to receive newsletters from us later, you can object to them at any time. A message sent to the contact details mentioned in point 13 of this Privacy Policy is sufficient. Of course, you will also find in every newsletter an unsubscribe link.

3.6 Other specific purposes

Only if having your explicit consent collected via an opt-in functionality, we may use the contact information we collect from you for the following specific purposes:

  • To administer a contest, promotion, survey or other site feature
  • To enable you to rate and review our services or products


During the performance of our contractual and statutory obligations, your personal data may be provided to various departments within the Company but also to other companies of the JFD Group. Various service providers and suppliers may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with the Company by which they observe confidentiality and data protection according to the data protection law and GDPR.

It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent.

Under the circumstances referred to above, recipients of personal data may be:

  • Supervisory and other regulatory and public authorities, notary offices, tax authorities, criminal prosecution authorities as much as a statutory obligation exists.;
  • Credit and financial institutions such as banks, payment systems and processors, institutions participating in the trade execution and execution venues (for example regulated markets, multilateral trading facilities, trade repositories and other local or foreign brokers)
  • External legal consultants authorised by the Company
  • Financial and business advisors authorised by the Company
  • Auditors and accountants authorised by the Company
  • Marketing and advertising agencies
  • Fraud prevention agencies
  • File storage companies, archiving and/or records management companies, cloud storage companies
  • External authorised processors for processing client data
  • Debt collectors subject to bankruptcy or insolvency claims
  • Potential or actual purchasers and/or transferees and/or assignees and/or charges of any of the Company’s benefits, rights, title or interest under any agreement between the customer and the Company, and their professional advisers, service providers, suppliers and financiers
  • Other companies of the JFD Group
  • Affiliate partners of the Company

We may also contractually engage companies for statistical purposes to improve the firm’s marketing and business analytics. As a result, some or all your personal data may be shared on an anonymous (personally non-identifiable) and aggregated basis only.


We may process your personal data to inform you about products, services and offers that may be of interest to you. The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal aspects to provide you with targeted marketing information on products.

We can only use your personal data to promote our products and services to you if we have your explicit consent to do so – by clicking on the tick box during the account registration form – or in certain cases, if we consider that it is in our legitimate interest to do so.

Further, you have the option to choose whether you wish to receive marketing related emails (company news, information about campaigns, the company’s newsletter, product newsletters, etc.) to your provided email address by clicking the relevant tick box in a relevant online form.

You have the right to object at any time to the processing of your personal data for marketing purposes or unsubscribe to the provision of marketing related emails by the Company, by clicking on the respective “Unsubscribe” link in the email received or contacting at any time our customer support department at the contact details mentioned in point 13.


The Company will keep your personal data for as long as a business relationship exists with you, either as an individual or in respect of our dealings with a legal entity you are authorised to represent or are beneficial owner. Once the business relationship with you has ended, we must keep your data for a maximum period of five years to meet our regulatory and legal requirements.

If reasonably necessary or required to meet other legal, contractual or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep for additional three years some of your information as required, even after the above-mentioned period.

When we no longer need personal data, we securely delete or destroy it.


You have the following rights in terms of your personal data we hold about you:

  1. Receive access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  2. Request rectification/correction of the personal data we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected. We may request additional information and documentation required to validate the need for the requested change of data.
  3. Request erasure of your personal information. You can ask us to erase your personal data, exercising your right “to be forgotten”, where there is no good reason for us continuing to process it. This request to erase your personal data will result in the closure of your account and termination of the client relationship. However, the Company is required to maintain the client’s personal data to comply with its legal and regulatory requirements, as well as in accordance with internal compliance requirements in relation to the maintenance of records. We shall preserve data for at least five years following the termination of the client relationship, unless other terms for the preservation of data or documents are prescribed by law.
  4. Object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. If you lodge an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for such processing which override your interests, rights and freedoms or processing is required for the establishment, exercise or defence of legal claims.
  5. You also have the right to object to your personal data being processed for direct marketing purposes. This also includes profiling in as much as it is related to direct marketing. If you object to processing for direct marketing purposes, then we shall stop the processing of your personal data for such purposes.
  6. Request to receive a copy of the personal data concerning you in a format that is structured and commonly used and transmit such data to other organisations. You also have the right to have your personal data transmitted directly by ourselves to other organisations you will name (“right to data portability”).

In order to exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us through the ways mentioned in point 13.


In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), to enter into or perform a contract with you for data assessments (including on payment transactions) which are carried out in the context of combating fraud. An account may be detected as being used in a way that is unusual for you or your business. These measures may also serve to protect you. You will always be notified of the results from such automated decisions or profiling and the actions you may undertake in this regard.


As a general rule, the client data is processed within the European Union/European Economic Area (EU/EEA), but in some cases it is transferred to and processed in countries outside the EU/EEA. When you give us your personal data, you agree to us doing this. This exception applies to transfer of client data when it is required by law, e.g. reporting obligation under tax law and other tax treaties.

Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.

Upon request, the client may receive further details on client data transfers to countries outside the EU/EEA.


We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.

Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorised access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.

Transmission of information via regular email exchange is not always completely secure. The Company however exercises all possible actions to protect clients’ personal data, yet it cannot guarantee the security of client data that is transmitted via email; any transmission is at the clients’ own risk. Once the Company has received the client information it will use procedures and security features to prevent unauthorised access.

When you send the Company a message via email or any online messaging feature available, you disclose some personal data, like your name or email address. Such data will be used to respond to your query and verify your identity. Emails are stored on our standard internal contact systems which are secure and cannot be accessed by unauthorised external parties.


If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by sending an email to You also have the right to complain to the Bulgarian Commission for Personal Data Protection. Instructions as to how to submit a complaint can be found on its website:


The Company reserves the right to modify or amend this Privacy Statement unilaterally at any time in accordance with this provision.

If any changes are made to this privacy statement, we shall notify you accordingly. The revision date shown on at the end of this page will also be amended. We do however encourage you to review this privacy statement occasionally so as to always be informed about how we are processing and protecting your personal information.


For any questions you may have or if you want more details about how we use your personal information, you can contact us via the means specified below:

  • Address: Findilao Ltd, 54 Osmi Primorski Polk Blvd, Central Point, 6th fl., Varna 9002, Bulgaria
  • Telephone: +359-2-4374119
  • Email:


Our website uses small files known as cookies to enhance its functionality and improve your experience. Through such cookies we have enabled and use Google Analytics Advertising Features that are not available through standard Google Analytics implementation and include:

  • Remarketing with Google Analytics
  • Google Analytics Demographics and Interest Reporting
  • Integrated services that require Google Analytics to collect data via advertising cookies and anonymous identifiers
  • Google Display Network Impression Reporting

To find out more about how we use cookies please see our Cookie Policy