Privacy Policy
Last updated: June 7, 2026
This policy describes how 3TDI Long Life collects, uses, stores and protects your personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Bulgarian data protection law.
01Data Controller Identity
Under GDPR Article 13, you have the right to know exactly who is responsible for processing your personal data.
- ●Trading name: 3TDI Long Life
- ●Proprietor: Zdravko Chiflishki
- ●Country: Bulgaria
- ●Data protection contact: [email protected]
- ●Phone: +359 886 251 930
- ●Website: https://3tdilonglife.com
02Personal Data We Collect
- ●Contact form data: full name, phone number, email address, vehicle make/model, engine code, message content.
- ●Registration / sign-in data: email address, public profile image and name — provided by Google when using Sign in with Google.
- ●Appointment booking data: appointment date and time, service type, vehicle details.
- ●Technical data: IP address, browser type, operating system, device identifier — collected automatically for site functionality and security.
- ●Usage data: pages visited, session duration, on-page actions — collected anonymously via Google Analytics (only with your consent).
03Purposes & Legal Basis
| Purpose | Data | Legal Basis |
|---|---|---|
| Responding to enquiries | Contact form data | Art. 6(1)(b) — performance of a contract |
| Appointment management | Booking & service data | Art. 6(1)(b) — performance of a contract |
| Authentication (login) | Google account data | Art. 6(1)(b) — performance of a contract |
| Website improvement | Analytics data | Art. 6(1)(a) — consent |
| Sending appointment reminders | Email, booking data | Art. 6(1)(b) — performance of a contract |
| Security & abuse prevention | IP address, technical data | Art. 6(1)(f) — legitimate interest |
04Retention Periods
- ●Contact form enquiries: 24 months from last correspondence.
- ●Appointment and service records: 5 years (Bulgarian Accountancy Act requirement for commercial transactions).
- ●User account data: until account deletion + 30 days.
- ●Server and technical logs: 30 days.
- ●Cookie consent records: 12 months.
- ●Analytics data (Google Analytics): 26 months (configured retention period in Google Analytics 4).
05Data Recipients & Processors
We never sell or rent your personal data. We share it only with the trusted processors listed below, all contractually bound to GDPR obligations.
| Recipient | Role | Location | Purpose |
|---|---|---|---|
| Zoho Corporation Pvt. Ltd. | Processor | EU (Netherlands) | Outbound SMTP email delivery |
| Google LLC | Processor | USA | Google Sign-In authentication |
| Google LLC | Processor | USA | Google Analytics 4 (anonymised) |
| Cloud hosting provider | Processor | EU | Website and database hosting |
| Competent authorities | Independent controllers | Bulgaria / EU | When legally required |
06International Data Transfers
- ●Your data may be transferred to Google LLC (USA) for Google Sign-In and Google Analytics services.
- ●Google LLC is certified under the EU–US Data Privacy Framework (DPF) and applies Standard Contractual Clauses (SCCs) pursuant to Commission Decision 2021/914.
- ●To request a copy of the applicable transfer safeguards, email us at [email protected].
07Sign in with Google — Additional Disclosure
- ●When you use Sign in with Google, we receive from Google: your email address, public profile picture and display name.
- ●This data is used solely to create and manage your account on this site.
- ●We do not receive access to your Google password, contacts or any other account content.
- ●Processing is governed by Google's Terms of Service and this Privacy Policy.
08Your Rights Under GDPR
To exercise any right: email [email protected]. We respond within 30 days (up to 90 days for complex cases, with notification). To file a complaint: Commission for Personal Data Protection (CPDP) — 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria, tel. +359 2 915 3518, website: www.cpdp.bg. You may also lodge a complaint with the supervisory authority in your EU member state of habitual residence.
- ●Right of access (Art. 15) — request a copy of the personal data we process about you.
- ●Right of rectification (Art. 16) — request correction of inaccurate or incomplete data.
- ●Right to erasure (Art. 17) — request deletion of your data, except where processing is legally required.
- ●Right to restriction of processing (Art. 18) — request temporary suspension of processing.
- ●Right to data portability (Art. 20) — receive your data in a machine-readable format.
- ●Right to object (Art. 21) — object to processing based on legitimate interest.
- ●Right to withdraw consent — at any time, without affecting the lawfulness of processing before withdrawal.
09Data Security
- ●All communications are encrypted in transit via HTTPS/TLS.
- ●Passwords are hashed with bcrypt and never stored in readable form.
- ●Access to personal data is restricted to authorised personnel on a need-to-know basis.
- ●Regular security updates and vulnerability monitoring are in place.
- ●In the event of a data breach, we will notify the CPDP within 72 hours and affected individuals without undue delay.
10Changes to This Policy
We reserve the right to update this policy. For material changes, we will publish the revised version on this page with a new date and notify registered users by email at least 14 days in advance.
Questions about this policy? Contact us at [email protected]