Privacy Policy – C.X.O. Partners


C.X.O. Partners OOD., a company incorporated and registered under the laws of the Republic of Bulgaria, Unified Identification Code (UIC) 205264237, having its seat and business address at: 11 Georgi Benkovski str, Sofia 1000, Bulgaria, is the data controller of the personal data provided by you when you register to use our services. C.X.O Partners OOD conducts its activities in strict compliance with the requirements of the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of this data (General Data Protection Regulation), in order to ensure confidentiality and lawful processing of its clients personal data.

Your privacy is important to us and we are committed to protecting and respecting it. For that reason, we have adopted this Privacy Policy which explains what personal data C.X.O. Partners collects from you, through our direct interactions with you and through our services, how we use that data, and what rights you have according to the GDPR and how you can exercise those rights.

C.X.O. Partners own and manage a service office, coworking and event space, located on 127 G.S.Rakovski St, Sofia, offering flexible workspace solutions.

The official brand under which we operate and provide services is Entract 127. C.X.O. Once we collect your personal data for any of our services, we will include them in our centralized data base and will use them to provide you with up-to-date information on all of our services. You can always change your preferences and we will timely comply with your choices.

More information of the Bulgarian legislation concerning personal data protection is available on the website of the Commission for Personal Data Protection:


Any reference in this Privacy Policy to your ‘personal data’, means any information that we collect about you (such as name, age, address, date of birth, education, information on your employment, etc.) and based on which you can be identified. Generally, all of the information you provide us when registering for any of our services is personal data and we will protect it as such.

This Privacy Policy describes how we process your personal data. When we refer to the ‘processing’ of your personal data, we mean anything that we do with your data, including its collection, recording, organisation, structuring, storage, adaptation or alteration, use, disclosure erasure or destruction. We will always strictly observe the requirements of the applicable data protection laws when processing your personal data.

Information We Collect

C.X.O. Partners collects data to operate effectively and provide you the best experience with our services. You will provide some of this data directly, such as when you sign up for our email communication or send us an enquiry on our websites. We also collect the information in other various ways such as on social media channels or in-person communication.

We also obtain data from third parties. We protect data obtained from third parties according to the practices described in this Privacy Policy, plus any additional restrictions imposed by the source of the data. Such public data and data obtained via third parties may be relevant and used for the purposes indicated by C.X.O Partners in this privacy statement, to verify the accuracy of information in our records and to support the process for direct or indirect marketing campaigns.

These third-party sources vary over time, but have included:

  • Database providers from trusted sources;
  • Social networks when you grant permission to C.X.O. Partners to access your data;
  • Partners with which we offer co-branded services or engage in joint marketing activities;
  • Publicly-available sources such as open government databases or other data in the public domain.

You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary to provide you a service, you may not be able to use that service. Therefore, we will always inform you on the consequences of your refusal to provide us with your personal data.

The data we collect depends on the context of your interactions with C.X.O. Partners. The data we collect can include the following:

Name and contact data. We collect your first and last name, email address, postal address, phone number, and other similar contact data – to identify you and to contact you.

Demographic data. We collect data about you such as your date of birth, age, gender, country, citizenship and preferred language only upon your consent.

Company. We collect data about the company you represent.

Videos and pictures. Photographs or video recordings may be taken during our physical events. You will always be informed when entering any of our events if there is ongoing video recording on premises. We may use the visual or video captures of your person on our websites or promotional material for marketing purposes. Under no circumstances will we associate your personal information (such as your name) with your image.

Other information you may provide to us, such as in feedback forms or through the “Contact Us” feature on our Sites.

Information Collected by Automated Means

When you visit our websites, we may collect certain information by automated means, such as cookies, web beacons and web server logs. The information we may collect in this manner includes:

  • IP address;
  • unique device identifier;
  • browser characteristics;
  • device characteristics;
  • operating system;
  • language preferences;
  • referring URLs;
  • information on actions taken on our websites;
  • dates and times of visits to our sites and other usage statistics.

A “cookie” is a file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. A “web beacon,” also known as an Internet tag, pixel tag or clear GIF, links webpages to web servers and their cookies and is used to transmit information collected through cookies back to a web server. Through these automated collection methods, we may obtain “clickstream data,” which is a log of the links and other content on which a visitor clicks while browsing a website.

As the visitor clicks through the website, a record of the action may be collected and stored. We link certain data elements we have collected through automated means, such as your browser information, with other information we have obtained about you to let us know, for example, whether you have opened an email we sent to you. Your browser may tell you how to be notified when you receive certain types of cookies or how to restrict or disable certain types of cookies. Please note, however, that without cookies you may not be able to use all of the features of our websites. To the extent required by applicable law, we will obtain your consent before collecting personal information using cookies or similar automated means.

The providers of third-party apps, tools, widgets and plug-ins on our websites, such as social media sharing tools, also may use automated means to collect information regarding your interactions with these features. This information is collected directly by the providers of the features and is subject to the privacy policies or notices of these providers.

How We Use the Information We Collect

We use the data we collect from you to operate our business and provide you the services you enquire about. We use your data to improve our products and personalise your experience by providing you the best-fit product based on your preferences so that you gain the highest added value from our services. We may also use the data to communicate with you, for example, informing you service information or to send you promotional communication.

Providing and improving our services: We use data to provide and improve the services we offer and perform essential business operations.

We use data also to perform data analytics.

Product Improvement. We use data to continually improve our services. For example, we use your feedback forms to add features to our services, to change them according to your experience or to offer you new services under our existing or new brands.

Communication. We use data we collect to communicate with you and personalize our communication with you. For example, we may contact you by phone or email to get more information about your enquiry and send you personalized offer.

Additionally, you can sign up for email subscriptions and choose whether you wish to receive promotional communications from Entract 127. We will only send such marketing communication to the extent we consider it could be useful for you based on your preferences shared with C.X.O Partners. You can at any time object to receiving such promotional communication by using the unsubscribe button/link in your email or by contacting us.

In addition, we use information collected through cookies, web beacons, pixels, web server logs and other automated means for purposes such as (i) customizing our users’ use of our websites; (ii) delivering content tailored to our users’ interests and the manner in which our users use our websites; and (iii) managing our website and other aspects of our business. To the extent required by applicable law, we will obtain your consent before collecting information using cookies or similar automated means.

We also use third-party analytics services on our websites, such as those of Google Analytics. The analytics providers that administer these services use technologies such as cookies, web server logs and web beacons to help us analyse your use of our websites. The information collected through these means (including IP address) may be disclosed to these analytics providers and other relevant third parties who use the information, for example, to evaluate use of the websites. To learn more about these analytics services and how it collects data, please visit the following site: To review how to opt-out, please visit the following sites and any sites contained in the country-specific addenda:

Google Analytics:

Consent: We process your personal data based on your explicit consent which you provide by sending us an enquiry from the contact form or when subscribing to our mailing list. You can withdraw your consent at any time through the contact information incorporated in the section “How to Contact Us” at the end of this Privacy Policy, or where relevant, by following the unsubscribe link in any marketing communication you receive from us. If you do choose to withdraw your consent, this will not mean that our processing of your personal data before you withdrew your consent was unlawful. If you choose to withdraw your consent for the processing of your personal data for the delivery of our services, we will no longer be able to cooperate with you.

Legitimate interests: We also process your personal data based on our legitimate interests:

  • when we video record the physical events organized by us so that we can use the photographs or the video recordings in order to promote our future events. We will never associate your visuals with the other personal information we have on you. Yet, you may object at any time against us processing your personal data for marketing purposes by contacting us through the contact information incorporated in the section “How to Contact Us”.

Legal obligations: Your personal data is also in certain situations processed in order for C.X.O. Partners to comply with its legal obligations according to the applicable legislation, court rulings, or decisions taken by the authorities.

Information We Share

We do not disclose personal information we collect about you, except as described in this Privacy Policy or in separate notices provided in connection with activities.

  • We share your personal data with your consent or to provide the services you have requested from us or you have authorised us to deliver. For example, we share your information with third parties when you tell us to do so, such as when you request additional services, provided by third parties. In such cases, the third parties that receive your personal data become data controllers on their own account and are responsible for their compliance with the applicable data protection laws when processing your personal data. If you have any objections to the way such third parties process your personal data, we encourage you to directly contact them.
  • We share personal data with vendors or agents working on our behalf for the purposes described in this Privacy Policy. For example, companies we have hired to provide customer service support or assistance in protecting and securing our systems and services may need access to personal data to provide these functions. In such cases, these companies must abide by our data privacy and security requirements and are not allowed to use personal data they receive from us for any other purpose. We have also concluded data protection agreements in order to ensure adequate level of protection of your personal data.
  • We may also disclose personal data as part of a corporate transaction such as a merger or sale of assets. We also reserve the right to transfer personal information we have about you in the event we sell or transfer all or a portion of our business or assets (including in the event of a re- organisation, dissolution, or liquidation).
  • In addition, we may disclose information about you (i) if we are required to do so by law or legal process; (ii) to law enforcement authorities or other government officials based on a lawful disclosure request; and (iii) when we believe disclosure is necessary or appropriate to prevent physical harm or financial loss, or in connection with an investigation of suspected or actual fraudulent or illegal activity.
  • When your personal data is transferred to third countries (outside the European Union), we make sure that there is an adequacy decision adopted by the European Commission. If there is no such decision applicable, we will always conclude with the data recipient a data protection agreement that ensures adequate level of protection of your personal data, including by incorporating the Standard contractual clauses issued by the European Commission.
  • Personal data controllers to whom C.X.O Partners OOD may transfer personal data also include: o The CPDP (Commission for Personal Data Protection) o The CCP (Commission for Consumer Protection)

Your Rights and Choices

Under data protection law, you have rights we need to make you aware of. Below we have provided a list of the rights you can exercise at any time by contacting us. Contact information can be found at the end of this Privacy Policy in the section “How to Contact Us”.

  • Right to access: you can ask us at any time what information we hold about you and how we process it. You can ask us for copies of your personal information. We will provide you the information free of charge unless your requests are repeating in a short period of time in which cases, we will impose a reasonable fee;
  • Right to rectification: you can ask us to correct your personal data if you think it is inaccurate. You can ask us to complete your information if you think it is incomplete;
  • Right to erasure: you can ask us to delete your personal data under certain circumstances, for example, if you consider that there is no good reason for us to continue to process it. Please be aware that we may refuse to delete your data if the retention periods for the respective personal data have not yet lapsed.
  • Right to withdraw your consent: You may at any time withdraw your consent to process your data.
  • Right to restriction of processing: You have the right to ask us to stop using your information for a period of time in certain circumstances for instance if you believe we are not doing so lawfully.
  • Right not to be subject to decision based solely on automated processing: you have the right not be subject to solely automated decision making. We will always inform you if the automated decision making of your personal data leads to us reaching decisions that may affect your legal rights or have similar effect on you. In such cases you will have the right to request human interference in the decision-making process.
  • Right to data portability: You have the right to ask that we transfer the information you gave us to another data controller or give it to you. The right only applies if we are processing information based on your consent or for the performance and conclusion of a contract and the processing is automated.
  • Right to object: you can object to us processing your personal data if the processing forms part of our public tasks, or is in our legitimate interests, including profiling, unless we do not demonstrate overriding legitimate grounds. You can always object if the processing is for direct marketing purposes.

If your request places C.X.O. Partners in breach of the applicable legislation, we may refuse to fulfil it.

We have one month to respond to your request. We may sometimes need to extend this term by two additional months if your request is very complexed or we are overwhelmed by the number of the requests we have received. We will timely let you know if an extension will apply.

Data Transfers

We transfer the personal information we collect about you to countries outside of the country in which the information originally was collected. Those countries may not have the same data protection laws as the country in which you initially provided the information. When we transfer your information to other countries, we will protect that information as described in this Privacy Policy in section “Information We Share” above.

If you are located in the European Economic Area (“EEA”) or Switzerland, we will comply with applicable legal requirements providing adequate protection for the transfer of personal information to recipients in countries outside of the EEA or Switzerland.

Intra-group international data transfers will be subject to legally binding intragroup agreements which provide enforceable rights for data subjects.

Our Retention of Personal Data

We retain personal data for as long as necessary to provide the services you have requested, or for other essential purposes such as complying with our legal obligations, resolving disputes, and enforcing our agreements.

The general duration of personal data and document retention of clients/prospect-clients, transactions and deals is five (5) years after closing the deal and terminating the relationship with the client

If you have given consent to the processing of your personal data, C.X.O. Partners will process your personal data for the specific purpose, until you withdraw your consent.

When the need to process your personal data no longer applies and the set retention periods expire, we will erase your personal data in a secure manner.

How We Protect Personal Information

We maintain administrative, technical, and physical safeguards designed to protect the personal information you provide against accidental, unlawful or unauthorised destruction, loss, alteration, access, disclosure or use.

Your personal data is stored on servers of C.X.O. Partners., where they are protected by all modern and fit for the purposes standard hardware and software means of protection – fire walls, anti-virus programs, data encrypting etc. We update and test our security technology on an ongoing basis.

To enhance privacy, we have built in technological and procedural safeguards designed to prevent certain data combinations. For example, photographs or video recordings of our physical events will not be connected to your personal data.

C.X.O. Partners. ensures that access to your personal information is only granted to employees who need to process it in order to fulfil their work assignments, and that they abide by confidentiality in accordance with the applicable policies and procedures of C.X.O Partners. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

Supervision and compliance

If you are dissatisfied with the way we have used your information or if you believe that your information was processed contrary to the applicable data protection rules and regulations, you can contact us.

You can also lodge a complaint to the competent supervisory data protection authority in the country where you reside, the country where you work or the country where you were situated when the alleged breach of your rights has occurred. The competent authority in Bulgaria where we are seated is the Commission for Personal Data Protection (

How to Contact Us If you have any questions or comments about this Privacy Policy, would like to exercise your rights or would like us to update information we have about you or your preferences, please contacts us at:

Address: 127 G.S.Rakovski St 1000 Sofia, Bulgaria Email: [email protected]

Updates to this Privacy Policy

We regularly review and, if appropriate, update this Privacy Policy from time to time as our services and use of personal data evolve. If we want to make use of your personal data in a way that we have not previously identified, we will contact you to provide information about this and, if necessary, ask for your consent.

We will update the version number and date of this document each time it is changed.