Privacy Policy (GDPR)

Last updated: 22 January 2026

This Privacy Policy explains how Modak Ltd. (“Modak”, “we”, “us”) collects and processes personal data when you use our website and contact us, including via the RFQ / Contact form.

1) Who we are (Data Controller)

Data Controller: Modak Ltd.
Registered address: 6649 Kardzhali, Rezbartsi District, 5 Detelina St, Bulgaria
Company number (EIK): 108073033
VAT number: BG108073033
Email: info@modak.eu
Phone: +359 88 58 98 600

For privacy-related questions or requests, contact us at info@modak.eu.

2) What personal data we collect

We collect personal data that you choose to provide to us, typically through the RFQ/Contact form, email, phone, or WhatsApp.

This may include:

  • Identity & contact details: name, email address, phone number
  • Company details: company name, role/title, country (if provided)
  • Enquiry details: information you include in your message/RFQ (e.g., product type, quantities, target dates, specifications)
  • Technical data (limited): basic server logs (e.g., IP address, date/time of request, user-agent) for security and troubleshooting
  • Analytics data (GA4): online identifiers (e.g., cookie IDs), device/browser details, pages viewed, approximate location (derived from IP), and interaction events (subject to your cookie choices)

We do not run an online shop and we do not intentionally collect special category (sensitive) personal data. Please do not include sensitive personal information in your enquiry.

3) Why we process your data (purposes)

We process personal data for:

  • Responding to enquiries and RFQs
  • Preparing and communicating quotations and feasibility feedback
  • Communicating with you (email/phone/WhatsApp) about your request
  • Maintaining business records of communications and quotations
  • Operating, securing, and improving our website (including analytics, where permitted)

4) Legal basis (GDPR)

We process personal data under one or more of the following legal bases:

  • Legitimate interests (Art. 6(1)(f)): responding to B2B enquiries, maintaining business communications, and securing/improving the website
  • Steps prior to entering into a contract (Art. 6(1)(b)): when your RFQ requests information needed to potentially enter a supply relationship
  • Consent (Art. 6(1)(a)): where required for non-essential cookies/analytics or if you explicitly opt in to optional communications
  • Legal obligation (Art. 6(1)(c)): where required by law (e.g., accounting/tax obligations if a relationship is formed)

5) RFQ / Contact form (WPForms)

When you submit an RFQ/Contact form, your message and contact details are sent to us to respond to your enquiry. Depending on our settings, submissions may also be stored in the website database and/or sent by email to our inbox.

6) Who we share data with (recipients)

We do not sell your personal data.

We may share personal data only where necessary with:

  • Website hosting and IT providers (to operate and secure the website)
  • Form processing provider (WPForms) (to deliver and, if enabled, store RFQ/Contact submissions)
  • Analytics provider (Google Analytics 4 / GA4) to understand website usage and improve performance (subject to your cookie choices)
  • Email/communication providers used to exchange messages with you
  • Professional advisers (legal/accounting) where needed
  • Authorities where required by law

Where a provider acts as a processor, it processes data on our instructions and under appropriate contractual safeguards.

7) International transfers

Some providers (including Google Analytics 4) may process data outside the EU/EEA (including in the United States). Where this occurs, we use appropriate safeguards required by GDPR (such as Standard Contractual Clauses (SCCs) and/or other legally recognized transfer mechanisms, as applicable).

8) How long we keep your data (retention)

We keep personal data only as long as necessary for the purposes described:

  • RFQ/enquiry communications: typically up to 24 months after last contact
  • If a business relationship is established: data may be kept longer to meet contractual, legal, and accounting requirements
  • Security logs: kept for a limited period needed for security and troubleshooting
  • Analytics (GA4): retained according to our GA4 configuration and only as long as needed for analytics purposes

9) Cookies and analytics (GA4)

We use Google Analytics 4 (GA4) to measure and understand how visitors use our website (e.g., pages visited, approximate location, device and browser information, and interactions). This helps us improve the website and content.

  • Where required by law, we run analytics only after your consent via our cookie banner.
  • You can withdraw or change your cookie preferences at any time (see Cookies Policy at /cookies/).

10) Your rights (GDPR)

Subject to GDPR and applicable law, you have the right to:

  • Access your personal data
  • Rectify inaccurate/incomplete data
  • Request erasure
  • Restrict processing
  • Object to processing based on legitimate interests
  • Data portability (where applicable)
  • Withdraw consent at any time (where processing is based on consent)

To exercise your rights, contact info@modak.eu. We may need to verify your identity.

11) Security

We use reasonable technical and organizational measures to protect personal data. However, no system is completely secure.

12) Children

This website is intended for business users. We do not knowingly collect personal data from children.

13) Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date shows when changes were made.

14) Complaints

You have the right to lodge a complaint with your local supervisory authority. In Bulgaria, this is typically the Commission for Personal Data Protection (CPDP).