Nomado Innovations

Privacy Policy

Last updated: February, 2026

1. Data Controller

Nomado Innovations EOOD ("Nomado", "we", "us") is the data controller for personal data processed through this website and related services. Registered in Bulgaria with EIC/UIC 208543861, seat and management in Sofia, Bulgaria.

We process personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable Bulgarian data protection law.

2. Data We Collect

Depending on your interaction with us, we process:

  • Contact data: name, email, company, and inquiry details.
  • Account data:registration and authentication/session information.
  • Project data:customer briefs, responses, and uploaded files.
  • Recruitment data:CV/resume, cover letter, and application details.
  • Technical data: IP address, browser/device information, and usage events.

3. How We Use Your Data

  • To respond to inquiries and service requests.
  • To provide and secure user accounts and platform access.
  • To deliver project, brief, and recruitment workflows.
  • To maintain platform security and prevent abuse.
  • To improve website performance and service quality.
  • To comply with legal obligations and enforce legal rights.

We do not sell personal data and do not share personal data with third parties for their own direct marketing purposes.

4. Legal Basis for Processing

We process personal data under GDPR Article 6(1), relying on one or more of the following legal bases:

  • Contract performance (Art. 6(1)(b)) for service delivery and pre-contract steps.
  • Legitimate interests (Art. 6(1)(f)) for security, service improvement, and operations.
  • Legal obligation (Art. 6(1)(c)) for legal and regulatory compliance.
  • Consent (Art. 6(1)(a)) where required for specific optional processing.

Where consent is used, it may be withdrawn at any time without affecting the lawfulness of processing before withdrawal.

5. Data Sharing and Processors

We may share personal data with:

  • Authorized Nomado personnel on a need-to-know basis.
  • Service providers acting as processors (e.g., hosting, technical infrastructure, communication services).
  • Public authorities, advisers, or courts where legally required or necessary to protect legal rights.

Where providers process data on our behalf, we apply data processing agreements and appropriate safeguards.

6. International Data Transfers

If personal data is transferred outside the European Economic Area (EEA), we use GDPR-compliant safeguards such as adequacy decisions and/or Standard Contractual Clauses (SCCs), with additional measures where required.

7. Data Retention

We retain personal data only as long as necessary for the stated purposes, including legal and accounting obligations.

  • Contact inquiries: generally up to 24 months after the latest relevant communication.
  • Account/project data: while the relationship is active, and for the period required by law or legitimate operational needs.
  • Recruitment data: generally up to 12 months unless lawfully required otherwise or specifically agreed.

8. Cookies and Local Storage

We use essential cookies and local storage for security, authentication/session management, and core functionality (such as interface preferences). Browser settings can be used to manage cookies; disabling essential cookies may affect functionality.

9. Your Rights Under GDPR

You may have the right to:

  • Access your personal data (Art. 15).
  • Rectify inaccurate/incomplete data (Art. 16).
  • Request erasure in certain circumstances (Art. 17).
  • Restrict processing in certain circumstances (Art. 18).
  • Data portability where applicable (Art. 20).
  • Object to processing based on legitimate interests (Art. 21).
  • Withdraw consent where consent is the legal basis.

You may also lodge a complaint with a competent supervisory authority, including the Commission for Personal Data Protection (Bulgaria).

10. Children's Privacy

Our services are not directed to children under 16. If you believe a child has provided personal data to us, contact us so we can take appropriate action.

11. Security Measures

We apply appropriate technical and organizational measures to protect personal data, including access controls, encryption in transit, authentication safeguards, and operational monitoring.

12. Automated Decision-Making

We do not make decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects for individuals.

13. Changes to This Policy

We may update this policy to reflect legal, technical, or operational changes. Material updates will be published here with an updated date.

14. Contact and Data Protection Requests

For privacy questions or to exercise your rights, contact:

Nomado Innovations EOOD

EIC/UIC: 208543861

Sofia 1407, Bulgaria

Privacy contact: support@inomado.com

General contact: support@inomado.com

We aim to respond to verified privacy requests within one month, as required by GDPR.