Privacy Policy

Last updated: 28.12.2025

This Privacy Policy aims to inform you how "Ninja Card" ltd processes personal data through the website https://www.ninjacardsnfc.com/, and what your rights are.

Data Controller:
"Ninja Card" ltd UIC: 208374055 Republic of Bulgaria The company is not required to appoint a Data Protection Officer pursuant to Art. 37 of Regulation (EU) 2016/679 (GDPR).
Categories of Personal Data:
- Full name
- Email address
- Phone number
- Social media links
- Office address (if applicable)
- Profile photo and/or cover image
- Photo or logo for NFC business card
- Potential client data submitted via forms
- Technical data (IP address, device, access logs)
Legal Basis for Processing:
Personal data is processed on the basis of Art. 6(1) GDPR: consent (point a), performance of a contract (point b), and legitimate interests of the Company (point f).
Purposes and Legal Bases for Processing:
- Responding to inquiries – performance of a contract or legitimate interest
- Order fulfillment – performance of a contract
- Sending newsletters – explicit consent
- Platform security – legitimate interest
Data Retention:
Data submitted via contact forms is retained for up to 12 months. Customer data is retained in accordance with accounting and tax legislation. Data used for marketing purposes is retained until consent is withdrawn.
Data Recipients:
Personal data may be shared only with technical and logistical partners (e.g. hosting providers and courier companies), to the extent necessary for providing the service. Data is not shared with third parties for marketing purposes.
Your Rights:
- Right of access
- Right to rectification
- Right to erasure ("right to be forgotten")
- Right to data portability
- Right to withdraw consent at any time
- Right to object to processing
- Right to lodge a complaint with the CPDP (www.cpdp.bg)
Contact:
For questions regarding this Privacy Policy or the processing of your personal data, please contact us at: ninjacardnfc@gmail.com