As of May 25th, 2018, Regulation (EU) 679/2016 (General Data Protection Regulation – GDPR) – of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) is in force.

Sofia (Metropolitan) Municipality) is personal data controller within the meaning of Art. 4, § 7 of Regulation (EU) 679/2016 and collects, processes and keeps personal data in accordance with this Regulation and the Personal Data Protection Act.

Information about the personal data controller

Name: Sofia (Metropolitan) Municipality
Registered office and address of management: 33 Moskovska St. 1000 Sofia
Address for correspondence: 33 Moskovska St. 1000 Sofia
Telephone: 0700 17 310, 02 9377 303
Web site:

Contact information of our Data Protection Officer

Name: Vasil Simeonov
Address for correspondence: 33 Moskovska St. 1000 Sofia
Telephone: 02 9377 400
Web site:

Purposes of the processing for which the personal data are intended

The administrative services we offer require processing and storage of personal data which are minimized. These data are necessary for the respective service to be processed and performed according to the legislation of the Republic of Bulgaria and the European Union. Sofia (Metropolitan) Municipality collects personal data for specified and legitimate purposes and the personal data are not processed in a manner that is incompatible with those purposes.

Legal grounds for processing

Sofia (Metropolitan) Municipality collects, processes and keeps your personal data on the grounds of statutory obligations and/or tasks carried out in the public interest, and in accordance with Art. 6,  § 1 of Regulation (EU) 679/2016.

Periods for storing personal data

The variety of services provided by Sofia (Metropolitan) Municipality requires different data storage periods on paper/electronic media, while the criteria are set by the Bulgarian law and to the other storage periods the “List of types of documents with storage periods of Sofia (Metropolitan) Municipality” applies.

Sofia (Metropolitan) Municipality stores personal data in accordance of the applicable law and in accordance with the prescribed period.

Recipients or categories of recipients of the personal data

The categories of recipients of personal data to which Sofia (Metropolitan) Municipality provides data:

  • Public bodies (National Revenue Agency, National Social Security Institute, Ministry of Interior, court bodies, control bodies, local self-government bodies, etc.);
  •  Processor of personal data (natural or legal person who processes personal data on behalf of Sofia (Metropolitan) Municipality on the grounds of instructions or a contract).


Sofia (Metropolitan) Municipality does not collect or process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data or data concerning a natural person's sex life or sexual orientation.

Rights of data subjects

"Data subject” within the meaning of Regulation 679/2016 is any natural person who is identified or identifiable. The data subject has the rights to:

  • Information about the specific parameters of their personal data processed by the controller (Art. 13 and Art. 14 of GDPR)
  • Right to information – right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data (Art. 15 of GDPR)
  • Right to rectification (Art. 16 of GDPR)
  • Right “to be forgotten” (Art. 17 of GDPR)
  • Restriction of the processing when the accuracy of the personal data is contested or processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead (Art. 18 of GDPR)
  • Right to portability – to receive form the controller your personal data "in a structured, commonly used and machine-readable format" and to transmit data in that format to another controller by the data subject or directly by the controller (Art. 20 of GDPR)
  • Objection to the processing of personal data (Art. 21 of GDPR)
  • The data subject has the right not to be subject to a decision based solely on automated processing, including profiling (Art. 22 of GDPR).

You can exercise your rights under Articles 15-22 of Regulation 679/2016 before Sofia (Metropolitan) Municipality by means of a written application to the registry at: Sofia, 33 Moskovska St. in person or by an explicitly authorized person with power of attorney, unless a special law provides otherwise.

You can also submit an application electronically in the form of an electronic document signed with a qualified electronic signature.

If the application is submitted by an authorized person, a power of proxy is also required.

When submitting an application for the exercise of rights under Regulation 679/2016 to Sofia (Metropolitan) Municipality, you will be asked to identify yourself by providing an identity document, electronic signature or other means of identification.

The personal data provided with the applications are used only for the purposes of exercising the claimed rights. Sofia (Metropolitan) Municipality does not provide this information to third parties.

Lodging an appeal

If you think that the procession of personal data elated to you infringes your rights you have the right to lodge a complaint at the Personal Data Protection Commission.

Name: Personal Data Protection Commission
Registered office and address of management: 2 Tsvetan Lazarov Blvd., 1592 Sofia
Address for correspondence: 2 Tsvetan Lazarov Blvd., 1592 Sofia
Web site: