Privacy Policy

Last updated: 15 May 2026

This Privacy Policy describes how Total Cargo Inspection Ltd. processes personal data through its website, in communication with clients, partners, suppliers and other interested parties, as well as when receiving, processing and fulfilling inquiries, requests, orders and service contracts.

Total Cargo Inspection Ltd. provides independent inspection and survey services, including cargo inspection, quantity inspection and quality inspection services, sampling, laboratory testing through accredited laboratories, emergency findings, transport vehicle inspections, stevedore services, cargo securing, commodity and economic assessments, inventories and collateral management.

In the course of these activities, the company may process a limited amount of personal data where this is necessary for:

• communication with clients, partners and representatives of organizations;
• processing inquiries and requests;
• preparing offers and contracts;
• organizing and performing assigned services;
• preparing reports, protocols, certificates and expert opinions;
• accounting and administrative support;
• protecting legitimate interests;
• fulfilling legal obligations;
• maintaining the security and normal operation of the website.

This policy has been prepared in accordance with Regulation (EU) 2016/679, the General Data Protection Regulation, the Personal Data Protection Act and the applicable Bulgarian and European legislation.

1. Data Controller

The data controller is:

Total Cargo Inspection Ltd.
Unified Identification Code (UIC): 204821719
Registered office: 7000 Ruse, 4 Dragoman St., entrance 1, floor 2, apartment 7, Bulgaria
Correspondence address: 7000 Ruse, 1 Alexandrovska St., entrance B, floor 4, Bulgaria
Website: www.tci.bg
Contact email: survey@tci.bg
Telephone: +359 700 900 72

For any questions related to the processing of personal data, you may contact us at the email address or correspondence address listed above.

2. Scope of This Policy

This policy applies to the processing of personal data in connection with:

2.1. Use of the Website

This includes visiting the website pages, using contact forms, submitting inquiries, interacting with website functionalities and processing technical data through cookies, logs and external tools.

2.2. Business Communication

This includes communication by email, telephone, web forms or other channels in connection with inquiries, offers, services, contracts, partnerships, complaints or follow-up correspondence.

2.3. Assignment and Performance of Services

This includes the processing of data necessary for accepting service requests, organizing inspections, coordinating with clients and third parties, preparing documents and proving completed activities.

2.4. Administrative, Accounting and Legal Activities

This includes the processing of data for invoicing, payments, accounting, archiving, internal control, defense in disputes and compliance with legal obligations.

3. Personal Data We Process

Depending on the specific interaction with us, we may process the following categories of personal data.

3.1. Contact and Business Communication Data

We may process:

• first and last name;
• job title;
• company or organization;
• business email address;
• telephone number;
• correspondence address;
• content of messages, inquiries and replies;
• communication history.

These data are processed mainly when you contact us, submit an inquiry, request a service, participate in contractual communication or are designated as a contact person by an organization.

3.2. Data Related to Service Requests

When a service is assigned or discussed, we may process:

• data about the client;
• data about the client’s representative;
• data about an on-site contact person;
• instructions relating to the inspection or service;
• location of goods, warehouses, terminals, transport vehicles or other facilities;
• data about the date, time and place of service performance;
• information about related participants in the operation, such as a carrier, freight forwarder, warehouse operator, port operator, insurer, bank or another party.

3.3. Data Contained in Documents

In the course of our professional activities, we may process personal data contained in:

• requests and orders;
• contracts and annexes;
• offers;
• commercial correspondence;
• protocols;
• reports;
• certificates;
• expert opinions;
• invoices;
• payment documents;
• documents provided by clients, partners, subcontractors, laboratories, banks, insurers, institutions or other third parties.

3.4. Data Related to Performance and Proof of Services

We may process data necessary for:

• traceability of requests;
• proof of performed services;
• internal quality assurance;
• preparation of inspection materials;
• handling complaints;
• defense in disputes;
• insurance cases;
• judicial, arbitration, administrative or regulatory proceedings.

In certain cases, documents, photographic material or communication may contain names, job titles, signatures, contact details or other information about representatives of the parties involved.

3.5. Technical Data When Visiting the Website

When visiting the website, technical data may be processed, including:

• IP address;
• device type;
• browser;
• operating system;
• date and time of visit;
• pages visited;
• source of visit;
• approximate geographical location;
• user actions on the site;
• data from cookies and similar technologies;
• technical logs created by the hosting environment, web server and security systems.

3.6. Data from Website Forms

When you use a contact form, request form or another electronic field on the website, we may process:

• first and last name;
• company;
• email address;
• telephone number;
• selected service or inquiry topic;
• content of the message;
• attached files, if the form allows this;
• date and time of submission;
• IP address and technical data related to the security of the form.

3.7. Data Processed through External Tools and Plugins

The website uses or may use the following types of tools and services:

• Google Analytics;
• Google Search Console;
• CAPTCHA protection;
• hosting logs;
• WordPress plugins;
• contact and request forms;
• other external services necessary for the functioning, security, analysis and maintenance of the website.

These tools may process technical data, visitor behavior data, security data, submitted form data or other information depending on their specific function.

4. Data You Should Not Send Us

As a rule, we do not request or process special categories of personal data, such as:

• health data;
• data revealing racial or ethnic origin;
• political opinions;
• religious or philosophical beliefs;
• trade union membership;
• genetic or biometric data;
• data concerning sex life or sexual orientation.

Please do not send us such information through the website, by email or through other channels, unless it is strictly necessary for a specific case, legally justified and agreed in advance.

5. Sources of Personal Data

We receive personal data from the following sources.

5.1. Data Provided Directly by You

These are data you provide when you:

• complete a form on the website;
• send an email;
• submit an inquiry;
• request a service;
• participate in contractual or pre-contractual communication;
• send documents or additional information.

5.2. Data Provided by Your Organization

We may receive your data from the company or organization you represent when you are designated as:

• manager;
• employee;
• contact person;
• authorized representative;
• expert;
• representative of a client, supplier, carrier, warehouse operator, insurer, bank, institution or another party.

5.3. Data from Third Parties

In connection with a specific service, we may receive data from:

• clients;
• partners;
• subcontractors;
• accredited laboratories;
• logistics and transport operators;
• port and warehouse operators;
• banks and financial institutions;
• insurance companies;
• public authorities;
• judicial, customs, control or investigative authorities.

5.4. Data from Public Sources

We may use publicly available data where this is necessary for:

• identification of a legal entity;
• verification of representation;
• business communication;
• preparation of an offer or contract;
• fulfillment of a legal or contractual obligation.

6. Purposes of Processing

We process personal data for the following purposes.

6.1. Processing Inquiries and Communication

We use the data provided to:

• respond to your inquiry;
• provide information about our services;
• clarify the scope, deadlines, location and conditions of a service;
• prepare an offer;
• conduct follow-up correspondence;
• maintain normal business relations.

6.2. Accepting and Performing Requests

We process data necessary to:

• accepting a request;
• assess whether the service can be performed;
• organize an inspection or another inspection-related activity;
• coordinate with the client and third parties;
• secure access to facilities, goods, documents or transport vehicles;
• fulfill professional and contractual obligations.

6.3. Performing Inspection and Survey Services

Processing may be necessary for services such as:

• cargo inspection;
• quality inspection;
• quantity inspection;
• sampling;
• laboratory testing through accredited laboratories;
• emergency findings;
• claims handling;
• inspection of transport vehicles and cargo spaces;
• supervision during loading and unloading operations;
• stevedore services and cargo securing;
• commodity and economic assessments;
• residual value determination;
• inventories;
• inventory stock control;
• collateral management and monitoring.

6.4. Preparation of Documents, Reports and Certificates

We process personal data where this is necessary for preparing:

• protocols;
• certificates;
• inspection reports;
• expert opinions;
• photographic and video documentation;
• documents for clients, insurers, banks, judicial authorities, institutions or other interested parties.

6.5. Contractual, Accounting and Administrative Activities

We process data for:

• concluding and performing contracts;
• issuing invoices;
• processing payments;
• accounting;
• administering client and partner relationships;
• storing business documentation;
• complying with tax, accounting and other legal requirements.

6.6. Protection of Legitimate Interests

We may process data for:

• proving assigned and performed services;
• managing complaints;
• defense in commercial, insurance, judicial or administrative disputes;
• collection of receivables;
• internal control;
• risk management;
• prevention of misuse;
• protection of the rights and interests of the company, its clients and partners.

6.7. Website Maintenance, Security and Improvement

We process technical data for:

• normal operation of the website;
• protection against unauthorized access;
• protection against spam, misuse and automated attacks;
• diagnosis of technical issues;
• maintenance and updates of the WordPress system and plugins;
• analysis of traffic and user behavior;
• improvement of the website’s content, structure and functionality.

6.8. Business Information and Follow-up Communication

Where there is an applicable legal basis, we may send information related to:

• our services;
• professional materials;
• updates;
• changes to terms;
• follow-up communication based on previous contact, inquiry or commercial interaction.

The recipient may object at any time to receiving such communication where applicable.

7. Legal Bases for Processing

We process personal data on one or more of the following legal bases.

7.1. Performance of a Contract or Pre-contractual Steps

This basis applies where processing is necessary for:

• responding to an inquiry;
• preparing an offer;
• accepting a request;
• concluding or performing a contract;
• providing an assigned service;
• preparing a report, certificate or another document.

7.2. Legal Obligation

This basis applies to:

• accounting;
• tax reporting;
• retention of invoices and accounting documents;
• fulfillment of obligations toward public authorities;
• provision of information where there is a legal basis.

7.3. Legitimate Interest

This basis applies where processing is necessary for:

• normal business communication with representatives of legal entities;
• proving assigned and performed services;
• defense against claims and disputes;
• risk management;
• internal control;
• protection of the website and information systems;
• prevention of misuse;
• maintenance of professional and commercial relations.

7.4. Consent

Consent can be used as a legal basis for:

• certain types of cookies;
• analytics or marketing tools, where required;
• subscription to informational messages, if such functionality is provided;
• other cases where the law requires prior consent.

Where processing is based on consent, you have the right to withdraw it at any time, without affecting the lawfulness of processing carried out before the withdrawal.

7.5. Establishment, Exercise or Defense of Legal Claims

This basis applies where processing is necessary in connection with:

• complaints;
• insurance cases;
• judicial or arbitration proceedings;
• administrative proceedings;
• collection of receivables;
• protection of rights and legitimate interests.

8. Cookies and Similar Technologies

The website uses cookies and similar technologies for normal operation, protection, analysis and improvement of user experience.

8.1. What Cookies Are

Cookies are small files stored on the user’s device when visiting a website. They allow the website to function properly, remember certain settings, provide protection and collect statistical information about website use.

8.2. Types of Cookies That May Be Used

8.2.1. Strictly Necessary Cookies

These cookies are required for the basic operation of the website. They may be used for:

• loading pages;
• website security;
• protection of forms;
• session management;
• prevention of misuse;
• technical stability.

These cookies usually cannot be disabled through the website systems, as the website may not function properly without them.

8.2.2. Functional Cookies

These cookies allow the website to remember certain user preferences, such as:

• language version;
• interface settings;
• previous choices made by the user.

8.2.3. Analytics Cookies

These cookies are used to analyze traffic and user behavior. They may help us understand:

• which pages are visited most often;
• how long users spend on the website;
• where visits come from;
• which parts of the website need improvement;
• whether the website works correctly across different devices and browsers.

8.2.4. Marketing Cookies

Marketing cookies may be used only if relevant tools have been implemented and where there is an applicable legal basis. They may be used to measure the effectiveness of communication campaigns or to display more relevant content.

8.3. Tools and Technologies Used

The website uses the following tools and technologies:

Google Analytics

Google Analytics is used to analyze website traffic and user behavior. It may process data such as:

• pages visited;
• session duration;
• approximate location;
• device and browser;
• source of visit;
• interactions with content.

These data are used for statistical analysis and improvement of the website’s content and structure.

Google Search Console

Google Search Console is used to monitor the technical condition of the website in Google search results. The tool provides aggregated data about:

• page indexing;
• technical errors;
• search visibility;
• search queries;
• impressions and clicks;
• security or accessibility issues.

The data are used for technical maintenance, optimization and improvement of the website’s discoverability.

CAPTCHA protection

The website uses CAPTCHA or a similar technology to protect forms against spam, automated requests and misuse. When such protection is used, the following may be processed:

• IP address;
• technical data about the device and browser;
• user behavior in relation to the form;
• other signals necessary to distinguish between a real user and automated activity.

Hosting Logs

The hosting environment and web server may automatically create technical logs. These may contain:

• IP address;
• date and time of the request;
• visited URL;
• server response code;
• browser type;
• operating system;
• error information;
• data necessary for security and diagnostics.

These logs are used for technical maintenance, security, prevention of misuse and diagnosis of problems.

WordPress plugins

The website is based on WordPress and uses plugins for functionality, security, optimization, forms, analytics or other purposes. Depending on the specific function, individual plugins may process:

• technical data;
• form data;
• security data;
• error information;
• data necessary for the normal operation of the website.

Contact and Request Forms

When you send a message through a website form, we process the data you enter in order to review and handle the inquiry. Forms may also collect technical data for protection against spam and misuse.

8.4. Managing Cookies

You can manage cookies by:

• browser settings;
• the available consent banner or consent panel, if active on the website;
• deleting cookies already stored on your device;
• restricting or blocking certain categories of cookies.

Please note that blocking some cookies may affect the normal operation of the website.

9. Recipients of Personal Data

We disclose personal data only where this is necessary, lawful and proportionate to the specific purpose.

9.1. Internal Access

Access to personal data may be granted to:

• managers;
• employees;
• authorized representatives;
• persons involved in the performance of a specific service;
• persons engaged in administration, accounting, communication, quality assurance or technical support.

Access is granted only to the extent necessary for the performance of the relevant functions.

9.2. External Providers and Data Processors

We may provide data to external providers, including:

• hosting providers;
• IT providers;
• email service providers;
• website maintenance providers;
• security system providers;
• analytical tool providers;
• accountants;
• auditors;
• legal consultants;
• other professional consultants.

Appropriate contractual, technical and organizational data protection measures are applied with these parties where applicable.

9.3. Partners and Subcontractors in the Performance of Services

In connection with a specific assigned service, data may be provided to:

• accredited laboratories;
• subcontractors;
• partner inspection organizations;
• transport operators;
• freight forwarders;
• warehouse operators;
• port operators;
• insurers;
• banks and financial institutions;
• other parties involved in the specific operation.

Disclosure is made only where necessary for the performance of the service, coordination of activities or protection of the parties’ interests.

9.4. Public Authorities and Institutions

We may provide personal data to:

• courts;
• customs authorities;
• investigative authorities;
• regulatory authorities;
• tax authorities;
• other competent state or municipal authorities.

This is done only where there is a legal basis, official request or necessity to protect rights and legitimate interests.

9.5. No Sale of Personal Data

We do not sell personal data to third parties.

10. International Data Transfers

As a rule, personal data are processed within the European Union or the European Economic Area.

In certain cases, data may be transferred outside the EU/EEA, for example where:

• the service has an international character;
• interaction with a client, partner, laboratory or institution outside the EU/EEA is necessary;
• a technology provider is used whose systems or subcontractors are located outside the EU/EEA;
• tools of international providers, such as Google, are used.

Where such a transfer takes place, we apply appropriate safeguards under GDPR, including:

• an adequacy decision of the European Commission;
• standard contractual clauses;
• contractual, technical and organizational measures;
• other applicable mechanisms provided for in the legislation.

11. Retention Periods

We retain personal data only for the period necessary for the purposes for which they were collected, unless the law requires or permits a longer period.

11.1. Inquiry Data

Data from inquiries that do not lead to a contract or assignment of a service may be retained for up to 12 months after the end of communication, unless there is a reason for longer retention.

11.2. Contractual and Business Documentation

Contracts, requests, offers, reports, certificates, protocols, expert opinions and related correspondence are retained for the period necessary for:

• proving performance;
• defense against complaints;
• defense in legal disputes;
• fulfillment of contractual obligations;
• compliance with legal requirements;
• internal control and archiving.

11.3. Accounting and Tax Documents

Invoices, payment documents and other accounting documents are retained in accordance with applicable statutory periods.

11.4. Data Related to Complaints, Disputes and Insurance Cases

Data related to complaints, insurance events, judicial, arbitration, administrative or other disputes may be retained until the final resolution of the case and the expiry of applicable limitation periods.

11.5. Technical Logs

Technical logs of the website and hosting environment are retained for a reasonable period necessary for:

• security;
• diagnostics;
• prevention of misuse;
• analysis of technical problems;
• protection of systems.

11.6. Data Processed on the Basis of Consent

Where data are processed on the basis of consent, they are retained until:

• withdrawal of consent;
• expiry of the defined retention period;
• the purpose for which they were collected no longer exists.

12. Confidentiality and Security

Total Cargo Inspection Ltd. treats the information received with professional care and confidentiality.

12.1. Organizational Measures

We apply organizational measures such as:

• limiting access to personal data only to persons for whom this is necessary;
• internal rules for handling information;
• confidentiality clauses with partners and subcontractors, where applicable;
• control over access to documents and communication;
• archiving and document management;
• internal control and traceability.

12.2. Technical Measures

We apply technical measures such as:

• website protection;
• protection of forms through CAPTCHA or similar solutions;
• hosting security measures;
• technical logs for detecting misuse;
• updating the WordPress system and plugins;
• restricting unauthorized access;
• backups, where applicable;
• other measures appropriate to the nature of the processed data and the risk.

12.3. Confidentiality in Professional Services

Information received in the performance of inspection, survey, expert assessment or other professional services is used only for the purposes of the relevant service, unless:

• the client has consented otherwise;
• this is necessary for the performance of the contract;
• this is required by law;
• this is necessary to protect rights and legitimate interests.

13. Rights of Data Subjects

Under the applicable legislation, you have the following rights regarding your personal data.

13.1. Right of Access

You have the right to obtain confirmation as to whether we process your personal data and, where this is the case, to obtain access to those data and information about their processing.

13.2. Right to Rectification

You have the right to request the rectification of inaccurate or incomplete personal data.

13.3. Right to Erasure

You have the right to request the erasure of personal data where there are legal grounds for this, for example where the data are no longer necessary for the purposes for which they were collected.

13.4. Right to Restriction of Processing

You have the right to request restriction of processing in the cases provided by law, for example where you contest the accuracy of the data or object to the processing.

13.5. Right to Object

You have the right to object to processing based on legitimate interest, including processing for the purposes of business communication, where applicable.

13.6. Right to Data Portability

Where processing is based on consent or contract and is carried out by automated means, you have the right to receive the data in a structured, commonly used and machine-readable format.

13.7. Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw it at any time.

Withdrawal does not affect the lawfulness of processing carried out before the withdrawal.

13.8. Right Not to Be Subject to a Fully Automated Decision

You have the right not to be subject to a decision based solely on automated processing, including profiling, where such decision produces legal effects concerning you or similarly significantly affects you.

14. How to Exercise Your Rights

You may exercise your rights by submitting a written request to:

Total Cargo Inspection Ltd.
Correspondence address: 7000 Ruse, 1 Alexandrovska St., entrance B, floor 4, Bulgaria
Email: survey@tci.bg
Telephone: +359 700 900 72

14.1. Identification of the Applicant

We may request additional information where necessary to confirm your identity and protect your personal data from unauthorized access.

14.2. Response Period

We will review your request within the time limits provided by the applicable legislation. Where the request is complex or multiple requests have been received, the period may be extended in accordance with GDPR.

14.3. Limitations

In certain cases, we may not be able to fully satisfy your request, for example where retention of the data is necessary for:

• compliance with a legal obligation;
• proof of a performed service;
• defense against legal claims;
• accounting and tax requirements;
• protection of the rights and legitimate interests of the company or third parties.

In such cases, we will inform you of the reasons, insofar as the law allows.

15. Right to Lodge a Complaint

If you believe that the processing of your personal data violates the applicable legislation, you have the right to lodge a complaint with the competent supervisory authority.

For the Republic of Bulgaria, the supervisory authority is:

Commission for Personal Data Protection
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
Website: www.cpdp.bg

We recommend that you first contact us at survey@tci.bg so that we can review the matter and assist in a timely manner.

16. Automated Decision-Making and Profiling

We do not use personal data for automated decision-making that produces legal effects concerning you or similarly significantly affects you.

Analytics tools such as Google Analytics may provide statistical information about the behavior of website visitors, but this information is not used to make individual automated decisions concerning a specific natural person.

17. Links to External Websites

The website may contain links to external websites, such as:

• partners;
• certification bodies;
• laboratories;
• institutions;
• professional organizations;
• other relevant sources.

We are not responsible for the content, security or privacy policies of external websites that are not managed by Total Cargo Inspection Ltd.

We recommend that you review the privacy policies of the relevant external websites before providing them with personal data.

18. Personal Data of Children

The services and website of Total Cargo Inspection Ltd. are intended for business clients, organizations, institutions and professional participants in commercial and logistics processes.

We do not knowingly collect personal data from children through the website. If we establish that we have received such data without an applicable legal basis, we will take steps to delete them.

19. Updates to the Policy

We may update this Privacy Policy in case of changes in:

• applicable legislation;
• the company's activities;
• the technologies used;
• the structure and functionalities of the website;
• the cookies, plugins or external services used;
• the way we process personal data.

The current version of the policy will be published on this page, indicating the date of the latest update.

20. Contact Details

For questions regarding this Privacy Policy or the way we process personal data, you may contact us at:

Total Cargo Inspection Ltd.
Unified Identification Code (UIC): 204821719
Correspondence address: 7000 Ruse, 1 Alexandrovska St., entrance B, floor 4, Bulgaria
Email: survey@tci.bg
Telephone: +359 700 900 72