Is the generated policy legally sufficient?

It's a solid, GDPR-aligned starting point covering the standard cases — but it is not legal advice. For specific situations (health data, minors, large-scale profiling) have a lawyer review it.

Do I also need a cookie consent banner?

If you use any non-essential cookies (analytics, marketing) — yes, the policy describes them but a consent banner must actually block them until consent. We implement compliant banners as part of our website builds.

Privacy & cookie policy generator.

Q: Bulgarian or English?

Both — the text generates in the language you're browsing in. Switch the site language and regenerate to get the other version; many sites publish both.

A GDPR-aligned policy for your website in two minutes — Bulgarian or English.

Company name

Company ID (EIK)Contact email

Website URLRegistered address

Your configuration is stored anonymously to improve this free tool.

⚠ This generated text is a GDPR-aligned starting point, not legal advice. Have a lawyer review it for your specific case.

Privacy Policy

1. Data controller

This privacy policy describes how [Company] ("we") processes personal data through the website [website].

For any privacy-related questions, contact us at [email].

2. What data we collect

We collect the following categories of data: contact form data (name, email, message content); technical data (IP address, browser type, pages visited) collected automatically.

3. Purposes and legal bases

We process data to: respond to inquiries and perform contracts (Art. 6(1)(b) GDPR); comply with legal obligations, including accounting (Art. 6(1)(c)); pursue our legitimate interest in security and site improvement (Art. 6(1)(f)); and, where applicable, based on your consent (Art. 6(1)(a)), which you may withdraw at any time.

4. Recipients

Data may be shared with processors acting on our behalf: our hosting provider; a web analytics provider (e.g. Google Analytics). Data processing agreements under Art. 28 GDPR are in place with all processors.

5. Transfers outside the EU/EEA

Some of our providers process data outside the EU/EEA. Such transfers are based on adequacy decisions or the European Commission's Standard Contractual Clauses.

6. Retention

We keep data only as long as necessary for the purposes it was collected for: inquiries — up to 12 months after the conversation ends; accounting documents — for statutory periods; newsletter data — until you unsubscribe; technical logs — up to 12 months.

7. Your rights

You have the right to access, rectify, erase, restrict processing, data portability and objection, and the right to withdraw consent. To exercise your rights, write to [email]. You may also lodge a complaint with your supervisory authority.

8. Security

We apply appropriate technical and organizational measures, including encrypted connections (HTTPS), access controls and data minimization.

9. Changes

We may update this policy when our activities or the law change. The current version is always published at [website]. Last updated: 2026-06-08.

⁄⁄ Frequently asked

It's a solid, GDPR-aligned starting point covering the standard cases — but it is not legal advice. For specific situations (health data, minors, large-scale profiling) have a lawyer review it.

Need the website behind the policy?

We build fast, GDPR-compliant websites with cookie consent done right — and the policy pages wired in from day one.

See website development→