Legal Documents for a Company in Bulgaria
Legal Documents for a Company in Bulgaria β Complete Guide
Why GDPR Policies Are Mandatory
Since May 25, 2018, Regulation (EU) 2016/679 (GDPR) requires every person or organization processing the personal data of EU citizens to have documented policies and procedures. Violations carry sanctions of up to 20 million euros or 4% of global annual turnover. The supervisory authority in Bulgaria is the Commission for Personal Data Protection (ΠΠΠΠ) β www.cpdp.bg.
Data subjects have the right to file a complaint directly with the Commission under Art. 77 of the GDPR if they believe the processing of their personal data violates the regulation. Every company is required to provide information about this right in its privacy policy.
Every website, mobile application, or online store with users from the EU is required to publish:
- Privacy policy β what data you collect and how you process it
- Cookie policy β types of cookies, duration, and whether consent is required
- Notice under Art. 13/14 of the GDPR β when collecting data directly
Terms of Service β the Legal Foundation of Your Business
Terms of Service (Terms & Conditions) regulate the contractual relationship between the service provider and the user. Without them:
- You have no legal basis for limiting liability
- You cannot invoke force majeure clauses
- Users can claim unlimited liability
Non-Disclosure Agreement (NDA)
An NDA (Non-Disclosure Agreement) is signed before:
- negotiations with potential partners or investors
- engaging contractors with access to internal data
- pilot projects with clients
In Bulgaria, it is governed by the Obligations and Contracts Act (ΠΠΠ). Notarial certification is not mandatory.
Service Agreement
A standard B2B service agreement covers:
- subject and scope of the service
- deadlines and milestones
- price, payment method, and schedule
- intellectual property rights over the results
- liability and penalties
- termination and cancellation
Data Processing Agreement (DPA)
When you hire a cloud services provider, email marketing platform, CRM, or any other service involving personal data, you must sign a Data Processing Agreement (DPA) under Art. 28 of the GDPR. The absence of one is an independent violation of the regulation.
All guides
- How to Register a Company in Bulgaria (2026 Guide)
- EOOD vs OOD in Bulgaria β Which to Choose?
- Company Registration Costs in Bulgaria (2026)
- VAT Registration in Bulgaria β When & How
- Corporate Tax in Bulgaria β 10% Flat Rate Guide
- How to Register an EOOD in Bulgaria β Full Guide
- How to Register an OOD in Bulgaria β Full Guide
- Check & Reserve a Company Name in Bulgaria
- Documents for Company Registration in Bulgaria
- Signing Documents for Company Registration β QES, Specimen, Firmify
- Signing Help β Evrotrust, PDF, B-Trust
- Sign PDF with QES Outside Firmify β Adobe Reader, Steps
- Signing with Evrotrust in Firmify β Steps
- B-Trust, Smart Card, and BISS for Signing
- How to Open a Company Bank Account in Bulgaria
- Annual Financial Report (AFR) in Bulgaria β Filing & Deadlines
- Company Registration & Maintenance Costs in Bulgaria
- Online Company Registration in Bulgaria
- Dissolving an EOOD/OOD in Bulgaria β Procedure & Timeline
- Share Transfer in EOOD/OOD β Procedure & Documents
- Company Amendments in the Commercial Register (A15)
- GDPR Policy & Legal Documents for Your Business
- Employment Contract & HR Documents in Bulgaria
- How to Find an Accountant or Lawyer for Your Company in Bulgaria
- Firmify Partner Program β How to Earn
- Business Documents β Quotes, Proforma Invoices, Contracts
- Do I Need a Lawyer to Register a Company in Bulgaria?
- How Long Does Company Registration Take in Bulgaria?
- What to Do After Receiving Your EIK?
- Do I Need a Notary for Company Registration?
- EOOD vs Freelance in Bulgaria β Which Is More Profitable?
- Manager Social Insurance for EOOD β Types & Obligations