Data protection

General information on the processing of personal data by the Coface

The Coface Companies, in relation with their business activity, process personal data within the meaning of Article 4(1) of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter “GDPR”). The data are processed for purposes arising from legitimate interests pursued by the Coface Companies, in connection with their insurance, business information and debt collection activities. For this purpose, the Coface Companies may process the following personal data:
  • data of individuals pursuing a business activity,
  • data of individuals representing economic operators, disclosed in public registers;
  • data of individuals being contact persons of enterprises, in connection with their professional function.

Who is the controller of personal data?

Depending on the purpose for which we process the data, the personal data controller will be one or more of the companies of the Coface Group in Bulgaria:
  • Coface Bulgaria
hereinafter referred to as “Coface Bulgaria”.
Address: All companies have their registered offices at 42 Petar Parchevich str., 1000, Sofia, Bulgaria.
Email: cofacebg.data-protection@coface.com

Why do we process personal data / what is the purpose of data processing?

Coface Bulgaria processes personal data for the following purposes:
  • the conclusion and execution of  contracts with customers and counterparties;
  • the assessment of credibility of economic operators, including the elaboration of reports and sharing such reports with our customers; to that end, Coface Bulgaria shall process personal data of individuals pursuing business activity and natural persons representing economic operators, whose data are disclosed in the public registers. The data originate (a) from public registers such as the Commercial register and (b) directly from the enterprises concerned;
  • credit insurance  – for that purpose, Coface Bulgaria processes personal data of our customers’ debtors. The data are provided by our customers.
  • fulfillment of legal obligation such as anti-money laundering and counteracting financing of terrorism, in connection with obligations under the Austrian Anti-Money Laundering and Countering Financing of Terrorism law, e.g.  Financial Markets Anti-Money Laundering Act and other legal provisions which impose on Coface the obligation to register or report certain events and to process personal data for that purpose
  • marketing purposes

What personal data do we process and where do they come from?

Coface Bulgaria process the following personal data:
  • registration and identification details of individuals pursuing business activity originating directly from entrepreneurs or public registers, which are collected by us in connection with our insurance, factoring or debt collection activities;
  • financial data of enterprises, originating directly from enterprises or from contractors of these enterprises, collected by us in connection with our insurance, information or debt collection activities. The financial data may include credit rating and economic viability indicators, calculated automatically on the basis of other information held by us on the economic entity concerned;
  • the contact details of the enterprises and their employees, originating directly from those persons or from contractors of these enterprises, collected by us in connection with our insurance, factoring or recovery activities;
  • data of individuals representing economic operators, disclosed in the public registers;

Does automated decision-making take place, including profiling?

Be informed that the personal data of entrepreneurs included in the Coface economic information system are subject to automated assessment (profiling) for the purposes related to the assessment of the payment risk in accordance with Art. 22 of GDPR. Data processing is carried out for the purposes arising from the legitimate interests of the Coface Companies and data recipients. Any person whose data are processed in such way has the right to object to such processing.

Who are the personal data recipients?

The personal data for which is the Coface Bulgaria are the controller may be made available to:
  • our customers, in the form of reports, for legitimate purposes of those entities related to the verification of business contractors;
  • other companies from the Coface Group, including Coface Bulgaria and foreign companies, for legitimate purposes related to the flow of data within the group of entrepreneurs.

What is the period of the personal data processing?

Coface will retain Personal Data for as long as required or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time Coface have an ongoing relationship with our client and provide the Services; (ii) whether there is a legal obligation to which Coface are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Data subjects rights and means of their execution

All persons whose data are processed by Coface Bulgaria (Data subjects) have the right to request access to their personal data, the right to rectification, erasure or restriction of processing of such data, the right to object to the processing (in cases justified in GDPR) and the right to lodge a complaint with the supervisory authority. Persons whose personal data are processed in marketing purpose has right to object.
Where the processing is based on given consent to the processing of your personal data for one or more specific purposes, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Contact details with regard to the personal data processing

All matters relating to the processing of personal data by Coface Bulgaria should be addressed to:
By Email:  cofacebg.data-protection@coface.com
Identification of requesting person
When providing any information containing personal data, Coface Bulgaria may only provide such information to the data subject (or its legal representative). Therefore Coface Bulgaria may require to provide information and documents to sufficiently identify data subject before sending him/her such information.

Често задавани въпроси за GDPR

The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
On this page you’ll find answers to commonly asked questions, relevant documentation, links to useful external resources, and contact details should you need additional information on the GDPR.

What is the GDPR?

The GDPR will replace the current EU Data Protection Directive 95/46/EC and will be directly applicable in all EU and EEA Member States as of 25 May 2018.

The GDPR will significantly change the EU data protection regulatory landscape, setting stricter requirements, reaching more companies, and imposing potentially higher penalties.  For example, companies must:

  • Implement programmatic measures to ensure and actively demonstrate compliance
  • Implement appropriate technical and organisational measures to protect the rights of individuals when designing a processing system and processing data
  • Conduct data protection impact assessments of high risk processing activities
  • Implement privacy by design and by default
  • Implement data breach notification

Downloads & contact


Coface Privacy Notice (May 2018):
Coface Privacy Notice will be available shortly for download


European Commission:
EU General Data Protection Regulation (full text):


if you have additional queries on GDPR implementation, you can:
  • reach out to your Coface Client Relationship Manager; or
  • contact Coface Central Europe Holding AG by email at: dataprotection-austria@coface.com; or
  • write to Coface Central Europe Holding AG, Marxergasse 4c, 1030 Vienna, Austria; or
  • contact Coface Data Privacy Office by email at: Coface_dpo@coface.com; or
  • write to Data Protection Office / Group Compliance, 1 Place Costes et Bellonte - 92270 Bois-Colombes - FRANCE
  • Bulgarian
  • English