Privacy Policy

Last updated: March 31, 2026

Zen IT Solutions EOOD ("Zen IT", "we", "our", or "us"), headquartered in Ruse, Bulgaria, is committed to protecting the privacy of individuals who interact with our website and use our software products — ZenFMS, ZenTrack, and ZenDispatch. This Privacy Policy explains what data we collect, why we collect it, how we use it, and the rights you have over your data.

As a company incorporated in Bulgaria and operating within the European Union, we process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and applicable Bulgarian data protection law.

1. Data We Collect

1.1 Contact Form Submissions

When you submit an inquiry or demo request via our website's contact form, we collect your name, email address, organisation name, phone number (if provided), and the content of your message. This information is used solely to respond to your enquiry and, where appropriate, to schedule a product demonstration.

1.2 Usage Analytics

We collect anonymised or pseudonymised analytics data about how visitors interact with our website — including pages viewed, session duration, referring URLs, and browser/device type. This data does not identify you personally and is used to improve our website's content and performance.

1.3 Cookies

Our website uses cookies and similar tracking technologies. These include:

  • Strictly necessary cookies — required for core website functionality and cannot be disabled.
  • Analytics cookies — used to understand aggregate visitor behaviour. You may opt out of these via your browser settings or our cookie preferences banner.
  • Preference cookies — used to remember settings such as language or display preferences.

1.4 Operational Data in Our Products

Our products — ZenFMS, ZenTrack, and ZenDispatch — are designed for emergency services organisations and may process sensitive operational data, including vehicle telematics, GPS location data, personnel dispatch records, incident logs, and communications metadata. This data is processed on behalf of our clients (data controllers) under the terms of our Data Processing Agreements (DPAs). Zen IT acts as a data processor for such information and processes it only as instructed by our clients.

2. How We Use Your Data

We use the personal data we collect for the following purposes:

  • Responding to contact form enquiries and scheduling product demonstrations.
  • Sending follow-up communications related to your enquiry, where you have provided consent or where we have a legitimate interest in doing so.
  • Improving our website, products, and services based on aggregated analytics.
  • Complying with legal obligations under Bulgarian and EU law.
  • Administering contractual relationships with clients and partners.

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

3. Legal Basis for Processing

Under the GDPR, we rely on the following legal bases:

  • Consent (Article 6(1)(a)) — for non-essential cookies and optional marketing communications.
  • Contract performance (Article 6(1)(b)) — for processing data necessary to fulfil a contract or pre-contractual steps at your request.
  • Legitimate interests (Article 6(1)(f)) — for website analytics and follow-up communications related to business enquiries, where these interests are not overridden by your rights.
  • Legal obligation (Article 6(1)(c)) — where processing is required to comply with applicable law.

4. Data Storage and Security

Personal data is stored on secure servers located within the European Economic Area (EEA). We implement appropriate technical and organisational measures to protect your data against unauthorised access, loss, destruction, or alteration. These measures include:

  • Encryption of data in transit (TLS) and at rest.
  • Role-based access controls limiting data access to authorised personnel only.
  • Regular security assessments and penetration testing of our production infrastructure.
  • Incident response procedures aligned with GDPR breach notification requirements (72-hour notification to the supervisory authority).

Given that our products handle sensitive operational data for emergency services — including real-time location, dispatch records, and incident data — we apply heightened security controls for client environments. All client data processing is governed by a Data Processing Agreement (DPA) that includes Standard Contractual Clauses where applicable.

5. Third-Party Services

We may share data with carefully selected third-party service providers who assist us in operating our website and delivering our services. These include:

  • Cloud infrastructure providers — for hosting and storage within the EEA.
  • Email delivery services — for transactional and enquiry response emails.
  • Analytics providers — for aggregated, anonymised website usage data.

All third-party processors are bound by data processing agreements that require them to process data only as instructed and to maintain appropriate security measures. We do not transfer personal data outside the EEA without ensuring appropriate safeguards are in place.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected:

  • Contact form data — retained for up to 24 months after the last interaction, or until you request deletion.
  • Website analytics — aggregated data is retained indefinitely; any pseudonymous session data is purged after 26 months.
  • Client and contract data — retained for the duration of the contract plus 7 years to meet Bulgarian and EU legal obligations.
  • Operational data processed on behalf of clients — retained per the terms of the applicable DPA; clients determine retention periods for their own data.

7. Your Rights Under GDPR

If you are located in the EU/EEA, you have the following rights with respect to your personal data:

  • Right of access — you may request a copy of the personal data we hold about you.
  • Right to rectification — you may request that inaccurate or incomplete data be corrected.
  • Right to erasure ("right to be forgotten") — you may request deletion of your data where there is no overriding legal basis for continued processing.
  • Right to data portability — you may request your data in a structured, machine-readable format where technically feasible.
  • Right to restriction of processing — you may request that we limit how we use your data in certain circumstances.
  • Right to object — you may object to processing based on legitimate interests or direct marketing.
  • Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at office@zitsolutions.eu. We will respond within 30 days. You also have the right to lodge a complaint with the Bulgarian data protection supervisory authority, CPDP (Commission for Personal Data Protection), at www.cpdp.bg.

8. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. When we make material changes, we will update the "Last updated" date at the top of this page. We encourage you to review this policy periodically. Continued use of our website after changes constitutes acceptance of the updated policy.

9. Contact Us

For any privacy-related questions, data subject requests, or concerns, please contact our Data Protection point of contact:

Zen IT Solutions EOOD

str. Kolednitsa 2, et. 1
7000 Ruse, Bulgaria

Email: office@zitsolutions.eu