Website Privacy policy

1. Introduction

This Policy applies to the following companiesthe company: Mazars OOD (hereinafter collectively “Mazars”).

Mazars is committed to protecting the personal information collected when you use our website and other services. This Website Privacy Policy pertains to Mazars website and sets out Mazars’ commitment in protecting Personal Data and how that commitment is implemented regarding the collection, use, transfer and retention of Personal Data. This policy applies when the scope and the means of processing are defined by Mazars, thus acting as a data controller.

2. Personal Data Collection

Mazars has designed a standard website contact form to initiate communication with any interested individual. This form is used for any inquiries or requests and it directs them to the appropriate department or staff member. In certain circumstances, our website may be used by job applicants, in which case you should refer the data subject to the Privacy Notice. Additionally, we provide Mazars phone numbers for a more direct contact if required.

In order to handle and respond to your inquiries and requests we might collect and store your full name, email, phone and any other information you might provide to us. This information is strictly used to adequately respond to your inquiries or requests and will not be disclosed to third parties others than those mentioned in this policy or where disclosure is required or permitted by law.

For processing to be lawful under the General Data Protection Regulation (GDPR), we identify a lawful basis before we can process your personal data. In this case, the legal basis for the data processing effected by us is the granting of your explicit consent to the processing.

Mazars is committed not to retain personal data for a longer period than it is necessary regarding the reasons that the personal data was obtained and we will make sure we will delete it securely. For additional information on retention and deletion periods, please refer to Our Contact Details section below.

3. Transfer of Personal Data

Mazars may disclose Personal Data collected to our suppliers or subcontractors insofar as reasonably necessary for dealing with your inquiries or requests. Such transfers will be protected by appropriate safeguards (e.g. appropriate contractual clauses, data processing contracts, intra-group disclosures of personal data, etc.). In addition, we may disclose Personal Data where such disclosure is necessary for compliance with a legal obligation to which we are subject.

4. Rights of Data Subjects

In this section Mazars addresses the rights deriving from Regulation (EU) 2016/679 and how these rights can be accessed from the Data Subjects. For any further clarifications please refer to Our Contact Details section below.

4.1. Individual’s Right of Access or Rectification

Mazars assumes that Personal Data collected directly from the individual will be accurate and complete. Individuals can access and update their own Personal Data using the Data Subject Request Form.

For a copy, please contact us at

4.2. Individual’s Right to Erasure

The data subject may request that any information held on them is deleted or removed, and any third parties who process or use that data must also comply with the request. An erasure request can only be refused if an exemption applies. The Right to Erasure can be requested using the Data Subject Request Form.

For a copy, please contact us at

Mazars is obligated to erase personal data where one of the following applies:

  • personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • the data subject withdraws consent and no other legal basis for processing exists;
  • the data subject objects to the processing carried out on the grounds of the Data Controller’s legitimate interests and there are no other overriding legitimate grounds for the processing;
  • the personal data has been unlawfully processed.

If the request to erase Personal Data has been received, identity has been confirmed, the request meets one of the above requirements and there is no legal contrary reason for processing, Mazars must delete the relevant data in its entirety. The request shall be recorded in the Data Subject Request Log.

If Mazars cannot actually delete personal data, Mazars will ensure that:

  • is not able, or will not attempt, to use the personal data to inform any decision in respect of any individual or in a manner that affects the individual in any way;
  • does not give any other organization access to the personal data;
  • protects the personal data with appropriate technical and organizational security; and commits to permanent deletion of the information if, or when, this becomes possible.

4.3. Individual’s Right to Restrict Processing

The data subject has the right to obtain from the controller restriction of processing using the Data Subject Request Form.

For a copy, please contact us at

4.4. Individual’s Right to Object

Individuals have the right to object at any time to processing of their personal data using the Data Subject Request Form.

For a copy, please contact us at

4.5. Individual’s Right to Data Portability

Upon request and provided that the relevant requirements stipulated in Article 20 of GDPR are met, a data subject should have the right to receive a copy of their Personal Data in a structured format using the Data Subject Request Form.

For a copy, please contact us at

These requests should be processed within one month, provided there is no undue burden and it does not compromise the privacy of other individuals. A data subject may also request that their data is transferred directly to another system. This must be done for free.

If Mazars cannot respond fully to the request within 30 days, the DPO/ responsible individual shall nevertheless provide the following information to the Data Subject, or their authorized legal representative within the specified time:

  • An acknowledgement of receipt of the request.
  • Any information located to date.
  • Details of any requested information or modifications which will not be provided to the Data Subject, the reason(s) for the refusal, and any procedures available for appealing the decision.
  • An estimated date by which any remaining responses will be provided.
  • An estimate of any costs to be paid by the Data Subject (e.g. where the request is excessive in nature).
  • The name and contact information of the contact person.

5. Amendments

Should Mazars elect to change this Privacy Policy we will post the changes here. Where required by law, will we obtain your consent to make these changes.

6. Our Contact Details

If you need any further information and/ or you have any questions about our Privacy Policy, please contact us at

If you believe that processing of your data by us violates applicable law, you may file a complaint with the supervising authority. Contact details for all EU supervisors can be found here.

Job Applicant Privacy Notice


The present notice contains information in accordance with article 13 of the General Data Protection Regulation (Regulation EU 2016/679 – GDPR), regarding the processing of your personal data. For any queries or assistance please refer to our Data Protection Officer named here below.

Identity of the Data Controller

Data Controller is Mazars OOD, 2 Tsar Osvoboditel Boulevard, Bnp Paribas Office Building, 1000 Sofia, Bulgaria –, tel: +359 28780002. The Data Controller takes all necessary organizational and technical measures to secure your personal data and protect your rights in line with the GDPR.

Contact Details of the Data Protection Officer (DPO)

The Data Controller has appointed a Data Protection Officer with the responsibilities and duties described in the GDPR, who can be contacted through

What Information do we collect about you?

We collect personal data and keep them in electronic or hardcopy records and we use a combination of working practices and technology to ensure that your information is kept confidential and secure. Records which we hold about you include among others the following information:

  • Details about you such as name/surname date of birth, family status, address, telephone number, contact details, photos etc.
  • CV’s details such as application forms and references, education, working experience, correspondence with or about you.
  • Degrees, diplomas.

Why do we collect this Information?

We use your personal data for the following purposes:

  • Managing your job application
  • Advising you on job opportunities within the Mazars.
  • Informing or updating you about news, events, activities and services relating to Mazars.
  • Contacting you with surveys conducted by Mazars Bulgaria or Mazars Group’s partners

The collection of your personal data is required for purposes of evaluating your job application and maintaining appropriate records with a view of future collaboration. In case you refuse to grant your consent to the processing of your personal data, as required below, we will not be able to use your personal data and to examine your job application or other communications that you may address to us. The processing of your personal data does not include automated decision – making or profiling, as referred to in article 22 (1) and (4) of the GDPR.

Who might we share your Information with?

We apply strict security rules regarding the processing of personal data and third parties’ access to our records and files. We only share your data when this is necessary to conduct our business or to discharge an obligation imposed by law.

We may share your information with:

  • companies within the Mazars Group for purposes of utilizing your job application.
  • our service providers (including their sub-contractors) or third parties which process information on our behalf.

 What is our Legal basis for Processing your Personal Data?

For processing to be lawful under the GDPR, we identify a lawful basis before we can process your personal data. In this case, the legal basis for the data processing effected by us is the grant of your explicit consent to the processing.

How long will your Information be Held?

Our data retention policy dictates that any personal data should not be kept for no longer than reasonably necessary. For more information on this topic please refer to our Data Retention Policy.

What are your rights?

Unless subject to an exemption, you have the following rights with respect to your personal data:

  • The right to request from us access to and rectification or erasure of your personal data
  • The right to restrict processing, object to processing as well as in certain circumstances the right to data portability
  • The right to withdraw your consent to the processing at any time
  • The right to lodge a complaint with the Data Protection Authority

How to make a Complaint

If you are not confident with the way in which your personal data has been processed, you may in the first instance contact the Data Protection Officer using the contact details above.

Contact Us

Any requests or objections should be made in writing to