Privacy Policy

The data controller is TSARKOV STUDIO (Todor Tsarkov), based in Burgas, Bulgaria. Contact: todor_tsarkov@yahoo.com, +359 897 713 064.

For inquiries related to the processing of your personal data, please write directly to this email with the subject line "GDPR request".

Contact data from the inquiry form: name, email, phone number, event date, location, short project description.

Contractual data: full name, billing address, company registration or VAT number (corporate clients only), bank details for payment.

Photographic material: images captured during a session or event, which will include your likeness and that of your guests.

Technical site data: IP address (for abuse protection), browser language. We do not use Google Analytics, Facebook Pixel or similar tracking technologies.

Performance of a contract (Art. 6(1)(b) GDPR) — so we can deliver the shoot and final materials.

Legal obligation (Art. 6(1)(c) GDPR) — accounting and tax records required by Bulgarian law.

Legitimate interest (Art. 6(1)(f) GDPR) — protecting the site from abuse and unauthorised access.

Consent (Art. 6(1)(a) GDPR) — for publishing photos in the studio's portfolio and on social media. This consent is explicit and can be withdrawn at any time.

Inquiries that do not lead to a contract are deleted within 12 months.

Contractual and accounting data are kept for 10 years after the contract closes, as required by Bulgarian accounting and tax law.

Photographic files are kept for up to 5 years after delivery, unless the client explicitly requests a shorter period. RAW archives may be kept longer if the client pays for storage.

We do not sell or rent your personal data.

Data processors (Art. 28 GDPR): Vercel Inc. (site hosting, EU servers), Pixieset Inc. (online galleries for final photos), our accounting partner (bookkeeping and tax filing).

We have a data processing agreement with each of them, ensuring the level of protection required by GDPR.

In specific cases we may engage a second photographer or videographer — they receive access only to material relevant to their role and are contractually bound to the same standards.

Under GDPR you have the following rights: access to your personal data (Art. 15), rectification (Art. 16), erasure ("right to be forgotten", Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), withdrawal of consent.

To exercise any of these, write to todor_tsarkov@yahoo.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Bulgarian Commission for Personal Data Protection (CPDP) at: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, www.cpdp.bg.

Weddings, birthdays and family sessions often involve minors. For photographs of people under 16 we require explicit written consent from a parent or legal guardian.

We do not publish recognisable photos of children in the public portfolio without prior permission.

We may update this policy from time to time. The last-updated date is shown at the top of the page. For material changes, we notify active clients by email.