Skip to content
Duel

GDPR — Data Protection

Last updated: 27 April 2026

Data Controller

Duel EOOD, EIK 103715306, VAT BG103715306, registered office: 2 Tsanko Dyustabanov Str., 9000 Varna, Bulgaria.

Data Protection Officer (DPO)

office@duelbg.com

Processing principles

We process your personal data in accordance with the General Data Protection Regulation (GDPR — Regulation (EU) 2016/679) and the Bulgarian Personal Data Protection Act, under the following principles:

  • Lawfulness, fairness and transparency

  • Purpose limitation — data collected for specific, explicit and legitimate purposes

  • Data minimization

  • Accuracy

  • Storage limitation

  • Integrity and confidentiality

Your rights

Right to be informed

You have the right to know what data we store about you, for what purposes, and for how long.

Right of access

You have the right to obtain a copy of the data we store about you.

Right to rectification

If the data is inaccurate, you have the right to correct it.

Right to erasure ("right to be forgotten")

You can request deletion of all your personal data. Exception: data we are legally obliged to keep (e.g., invoices — 10 years).

Right to restriction of processing

You can request temporary suspension of processing while data accuracy is verified.

Right to data portability

You can receive your data in a structured, commonly used, and machine-readable format.

Right to object

You can object to processing based on legitimate interest or for direct marketing.

Right to lodge a complaint

You can file a complaint with the Commission for Personal Data Protection (CPDP):

  • Address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia

  • Phone: +359 2 / 915 3 518

  • Email: kzld@cpdp.bg

How to exercise your rights

Send an email to office@duelbg.com with a description of your request and proof of identity (to prevent abuse). We respond within 30 days.

Retention period

Data typePeriodBasisOrders and invoices10 yearsBulgarian Accounting Act, Art. 12Site registrationUntil account deletionConsentMarketing consentsUntil withdrawalConsentSecurity logs12 monthsLegitimate interest

Data transfers outside the EU

Our data is stored on servers within the EU. We do not transfer personal data outside the EU, except:

  • PostHog — Cloud EU (Frankfurt) — data remains in EU

Security measures

  • HTTPS encryption on all connections

  • Passwords stored as bcrypt hashes

  • Regular database backups

  • Controlled database access

  • No storage of bank card data

Have questions? Contact us at office@duelbg.com

Contact Us