Privacy policy

This privacy policy describes the way that CFO Insights Ltd., with UIC 206299682 with head office located at Mladost 1A, building 560, entr. A, ap. 701, Sofia manages your personal data and information. 

As a private company using the website (hereinafter referred to as “website”), CFO Insights Ltd strives to constantly improve the trust of the clients and protect their data as well as regularly inform them about the taken security measures.

CFO Insights Ltd. undertakes the matter of data protection very seriously and strives to meet all the requirements of the Personal Data Protection Act, Regulation (EU) 2016/679 and all other applicable regulations.

We will process any personal information relating to you in the manner set forth in this Privacy Policy. By accepting our Privacy Policy, you declare that you are aware of it and the use of your personal information as described in this Privacy Policy. In case you do not agree with the terms of our Privacy Policy, please do not use the website and do not provide us with your personal data.

Who are we

When this Policy mentions CFO Insights Ltd, "we", "our" or "us", it refers to CFO Insights Ltd., with UIC 206299682 with head office located at Mladost 1A, building 560, entr. A, ap. 701, Sofia. We determine the purposes for which your personal data is used by us and the ways in which it is processed, acting as a “personal data controller” within the meaning of Regulation (EU) 2016/679 and the Personal Data Protection Act.


If you have any concerns or you would like to receive information regarding the way we process your personal data, you can contact us at or by mail at this address: Mladost 1A, building 560, entr. A, ap. 701, Sofia

Data Protection

Your personal data is not only protected by the dedication and high standards of CFO Insights Ltd, it is also protected by law. By law, we may only process your personal data if we have a legal ground to do so, and that legal ground may be one or more of the following:

  • To fulfill the contract concluded between us and you
  • If we have a legal obligation;
  • If you have given your consent for processing;
  • If it is in our legitimate interest;
  • If it is in the public interest;
  • If it is in your vital interest;

What is legitimate interest

In cases specified by law, we may process your personal data based on our legitimate interest (s). There is a legitimate interest in cases where we process your personal data for commercial or business reasons. In this processing of your personal data, it remains protected and we must not process it in a way that would be unfair to you or your interests.

If the legal ground for processing your personal data is legitimate interest, we will inform you exactly what our legitimate interests are and will provide you with the opportunity to make inquiries or objections, if you have any.

How long we store your personal data

We store your personal data for the minimum necessary period and to achieve the objectives set out in this Policy, unless we are required by law or have the right to store it for a longer period.

According to the applicable legislation, we are obliged to apply the following deadlines for storage of your personal data: 

  • 5 years for the purposes of protecting the legal interests of the Controller in court or administrative disputes with users of the website.
  • Personal data and copies of documents stored on the basis of LMML are stored for a period of 5 years, and the starting point should be determined according to the rules of Art. 67 LMML.

Please note that we are not allowed to delete this information before the expiry of the above deadlines, even if we receive a request from you to that effect. In such a case we will be violating the law.

Types of personal data we process

Personal data when visiting the Site

When visiting the Company's website without using the contact form, the only personal data that is collected are: IP address; the page through which the client is redirected to; the viewed subpages and the time the client has spent on the website - depending on the selected cookie settings installed on the website.

When visiting the website of the Company, the client has the opportunity to fill in and send an inquiry form. The purpose of this operation is to send information from the user to the Controller in connection with a desire to receive a particular service and / or purchase product (s). Sending an inquiry is not a mandatory step for using the website and it is available without filling out personal data. In case the client sends an inquiry by filling in the contact form, the personal data collected by the Controller are two names and an email address.

Personal data processed for the purposes of analysis, statistics, advertising, processing of inquiries and complaints

When you contact us through one of our communication channels - by phone or email - we will process this personal data that you choose to share with us in connection with the specific occasion on which you contact us.

We process your personal data, such as orders, inquiries, etc. in order to analyze, statistics and improve the quality of our services, testing and increasing your satisfaction.

Please note that if you choose not to provide your personal information, this may prevent us from fulfilling our legal obligations, contracts or being able to provide our services to you. Accordingly, failure to provide us with your personal information may mean that we are unable to provide you with our products or services.

The purposes for which this personal data is collected and the legal grounds are:

  • preparation and execution of a contract between the client and the Company
  • management of the relations and legal relations of the Company with its business partners, clients and their representatives in their capacity of clients, potential clients - on the basis of legitimate interest and in order to maintain customer satisfaction and attract clients;
  • for the purpose of protection of legal rights and interests of the Company in connection with the provided services, products, use of the website managed by it or protection against legal claims of third parties;
  • improving the quality of the services offered by the Company, adapting them to the needs of the clients;
  • fulfillment of the legal obligations of the Company under LMML and LMFT, when such are provided;
  • in the event that we have received your explicit consent or the settings you have made on your cookies indicate your consent, we will process your personal data for marketing purposes, which include: preparing and conducting advertising campaigns on social networks, through display of advertising and banner advertising on sites related to the interests and user behavior of the client (visits, time spent, search for content by keywords), through PR articles and materials published on partner sites (for indirect or direct marketing), games and other promotional events.


Automated processing of personal data

When providing services through the website, we do not apply mechanisms and algorithms for automated processing of your personal data and decision-making entirely without human intervention within the meaning of Art. 22 of Regulation (EU) 2016/679.

Disclosure of personal information. Categories of recipients

We provide various of the above data to government agencies in order to fulfill legal obligations, as well as to our trusted partners (insofar as this is necessary for the services we use, such as technical support services on our website, courier services for sending documents or others to you, etc.), which we have made sure to comply with the highest standards for information security and confidentiality. We have a contractual relationship with all these companies, which ensures that the personal data processed is only strictly necessary to provide us with these services.

Data transfer outside the EEA

We will only transfer your personal data outside the EEA if:

  • You have given us explicit permission; or
  • This is necessary so that we can establish or fulfill the contract you have entered into with us; or
  • To fulfill a legal obligation.

If we transfer your personal data outside the EEA, within our corporation or our business partners, we will take steps to ensure the same standards of protection as those in the EEA, relying on one of the following:

  • The country receiving your personal data is recognized by the European Commission as offering the same level of protection as the EEA. You can find more information on the European Commission's Justice website.
  • We will use contracts that require the recipient to provide the same standards for the protection of your personal data as the EEA.
  • If data is transferred to the US and the recipient is registered with Privacy Shield. Privacy Shield is a system that ensures the protection of Personal Data at a level approved by the EU. You can find more information about Privacy Shield on the Justice of the European Commission website.

In some cases we may be forced to disclose your personal data to a third party and we may have restrictions on the control and manner in which this data is protected by that third party, but even if such an event occurs we have taken all possible and required by law measures to protect your personal data.

Use of Cookies 

For details on how we use cookies, see our Cookie Policy.

Your rights over your personal data

We will assist you if you decide to exercise your rights over your personal data, which includes: 

  • Withdrawal of your consent for data processing in a situation in which we have requested it from you, although this will not cancel previous processing that took place when we had your consent; 
  • Filing a complaint to the relevant competent data protection authorities. 
  • Access to your personal data registered or processed by you (within our systems); 
  • Correction of personal data that is incorrect or already invalid; 
  • Deletion of personal data that we process; 
  • Limiting the processing of your personal data under certain circumstances and conditions; 
  • A request to provide you or another company of your choice with certain aspects of your personal data, often referred to as a “portability right”.
  • The opportunity to disagree or protest against data processing when we do so for our legitimate interests; 
  • The opportunity to challenge a decision taken entirely through automated processing, to express your point of view and request that the decision be reviewed by a person. 

For more information about these rights, you can contact us at

Changes to the current Privacy Policy

This privacy policy is subject to change if there are changes in legislation or activities related to the work of CFO Insights so we recommend that you review it from time to time. If significant changes are made to this Privacy Policy, we will take the necessary steps to inform you in a timely manner, through a notice on the Site or other approved methods of communication.

If you refuse to accept the changes to this policy, or for any other reason do not accept the changes within the time period provided and communicated to you, we may be unable to provide some or all of our products and services.

How do we protect your personal data 

The processing of your personal data by us is only in accordance with the above objectives, grounds and deadlines. We provide access to the data only to a limited number of people who are pre-trained and instructed how to work with them. 

Our servers are located entirely on the territory of Switzerland. According to a Resolution of the European Commission 2000/518/EO for protection of personal data, Switzerland provides adequate level or protection of personal data. We use high level methods for data protection, thereby assuring the online security of our clients and of our company from potential manipulation by third parties. 

We follow these principles when processing your personal data:

  • legality, good faith and transparency;
  • limiting the purposes of processing;
  • relevance to the purposes of processing and minimizing the data collected;
  • accuracy and timeliness of the data;
  • limitation of storage in order to achieve the objectives;
  • integrity and confidentiality of the processing and ensuring an appropriate level of security of personal data.


Information on the competent data protection supervisory authority 

Title: Commission for Personal Data Protection 

Headquarters and address of management: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2

Address for correspondence: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov ”№ 2 

Phone: 02 915 3 518