Privacy Policy

1. Who we are

This Privacy Policy applies to information collected by Direct Connect LTD OOD ("we", "us", "our"), a Bulgarian limited liability company registered under UIC 208762339, incorporated on 3 April 2026.

Our registered office is at Osmi Primorski Polk 128, fl. 3, ap. 81, 9002 Varna, Bulgaria. Our operations are based in Sofia.

For all data-protection matters, you can reach us at privacy@directconnect.work.

2. What information we collect

Depending on how you interact with us, we may collect the following categories of personal data:

If you contact us through our website

• Your name and email address
• The category you select (business, candidate, or other enquiry)
• The contents of your message
• Technical information about your visit (IP address, browser type, pages viewed)

If you apply for a job with us

• Your CV, cover letter, and any other documents you choose to share
• Contact details (name, email, phone, address)
• Education and employment history
• Right-to-work documentation (where legally required)
• Information shared during interviews and assessments
• Optional information you choose to share (LinkedIn profile, references)

If you are or become a client

• Business contact details for you and your colleagues
• Information necessary to deliver our services to you (which may include personal data about your end customers, processed on your behalf)
• Billing and payment information
• Records of our communications and the services we've provided

If you are an end customer of one of our clients

When we handle calls, emails, or other contact on behalf of our clients, we process your personal data as a data processor on behalf of our client (the data controller). The client's own privacy policy governs how your data is used. We're contractually bound to process it only on their instructions and to protect it with appropriate security measures.

3. Why we collect it

We use personal data only for clearly defined purposes:

• To respond to your enquiry when you contact us through the website
• To consider you for employment when you apply for a position
• To deliver our services to clients and manage the business relationship
• To meet our legal and tax obligations as a Bulgarian company
• To protect our website and systems from fraud or abuse
• To improve our services by analysing how the website is used (in aggregated, non-identifying form)

We do not use your personal data for automated decision-making or profiling that has a legal or similarly significant effect on you.

4. Our legal basis

Under the EU General Data Protection Regulation (GDPR), we must have a valid legal basis for processing personal data. We rely on the following bases, depending on the situation:

• Consent — when you fill in our contact form, send us your CV, or subscribe to a mailing list
• Performance of a contract — when you become a client, or when we engage you as an employee or contractor
• Legitimate interest — for activities like responding to a business enquiry, securing our website, or maintaining ordinary business records, where the impact on your privacy is limited and you would reasonably expect us to use your data this way
• Legal obligation — when we're required by Bulgarian or EU law to keep certain records (for example, employment records, tax records, or commercial invoices)

5. Who we share it with

We do not sell, rent, or trade your personal data. We share it only with the following categories of recipients, and only where necessary:

• Service providers who help us run the business — for example, our website host, email provider, payroll service, accountant, and IT support. Each is contractually bound to protect your data.
• Our clients, where you've applied for a role that involves working on a specific client's account, or where you are an end customer of a client we serve
• Public authorities, where we're legally required to disclose information (for example, in response to a court order or tax investigation)
• Professional advisors such as lawyers, auditors, and insurers, under duties of confidentiality

Some of our service providers may be based outside the European Economic Area. Where this is the case, we ensure appropriate safeguards are in place — typically the European Commission's Standard Contractual Clauses — to protect your data.

6. How long we keep it

We keep personal data only as long as we need it for the purposes set out above, or as required by law:

• Website enquiries: up to 12 months after our last contact with you, unless our relationship continues
• Job applications: up to 12 months after the application is closed, so we can consider you for future roles. We'll delete it sooner on request.
• Employee records: for the duration of employment and for as long as required by Bulgarian labour and tax law afterward (typically up to 50 years for pension records, 10 years for accounting records)
• Client records: for the duration of the contract and for up to 10 years afterward to meet accounting, tax, and legal obligations
• End-customer data processed for clients: per the data-processing agreement with each client

7. Your rights under GDPR

Under the GDPR you have the following rights, which you can exercise at any time by contacting us:

• Right of access — to know what data we hold about you and to receive a copy
• Right to rectification — to correct inaccurate or incomplete data
• Right to erasure ("right to be forgotten") — to ask us to delete your data, where there is no overriding legal reason for us to keep it
• Right to restriction — to ask us to stop using your data temporarily while a concern is resolved
• Right to data portability — to receive your data in a structured, machine-readable format and transfer it to another provider
• Right to object — to processing based on our legitimate interests
• Right to withdraw consent — at any time, where our processing is based on consent
• Right to lodge a complaint — with the Bulgarian Commission for Personal Data Protection (cpdp.bg) or the data protection authority in your EU country of residence

To exercise any of these rights, please email privacy@directconnect.work. We'll respond within one month, or explain why we need longer.

8. How we protect your data

We use industry-standard technical and organisational measures to protect personal data, including:

• Encrypted connections (HTTPS) for all data transmitted to and from our website
• Access controls — only employees who need data to do their job can access it
• Secure passwords, multi-factor authentication, and regular access reviews
• Staff training on data protection and confidentiality
• Confidentiality clauses in every employment contract
• Secure deletion procedures when data is no longer needed

No system is perfectly secure, but we treat protecting your data as a core responsibility. If a personal data breach occurs that's likely to risk your rights or freedoms, we'll notify you and the relevant authority without undue delay.

9. Cookies and tracking

Our website uses a small number of cookies — see our Cookie Policy for full details. You can refuse non-essential cookies via your browser settings or our cookie banner.

10. Changes to this policy

We may update this Privacy Policy from time to time — for example, when we launch new services or when the law changes. We'll post the updated version on this page and update the "Last updated" date at the top. If the changes are material, we'll let you know directly (by email or a prominent notice on the site) where we can.

11. How to contact us

For any privacy or data-protection matter:

• Email: privacy@directconnect.work
• Post: Direct Connect LTD OOD, Osmi Primorski Polk 128, fl. 3, ap. 81, 9002 Varna, Bulgaria

You also have the right to complain to the supervisory authority in Bulgaria — the Commission for Personal Data Protection — at cpdp.bg — or to your local data protection authority if you live elsewhere in the EU.