Privacy Policy

KORE Privacy Policy.

Effective Date: 16 December 2025

Version: 1.3

KORE is committed to ensuring that our business, services, and internal processes comply with applicable data protection laws, including:

EU GDPR (EU 2016/679);

UK GDPR / Data Protection Act 2018;

Bulgarian Personal Data Protection Act (PDPA 2018, Закон за защита на личните данни).

This policy, together with our Master Service Agreement and any other documents referenced therein, explains how we collect, use, store, and protect personal data in accordance with applicable law.

By using KORE's services or website (www.korecs.net), you agree to the terms of this Privacy Policy.

1. Data Controller and Representative

For GDPR and Bulgarian law purposes, KORE EOOD (Company Registration: BG206195712), ul. "Chavdar voyvoda" 19, 7002, Ruse, Bulgaria, acts as the data controller.

The nominated representative for GDPR compliance is Stefan Yovchev.

2. Personal Data Collected

We collect personal data when you:

Register for a service; Subscribe to our services; Post material on our Site; Request further services.

Types of data include:

Name, company name, and contact details; Address; IP address; Payment information (credit/debit card details); Support ticket information; Transaction and order fulfilment details; Site usage data (traffic, weblogs, location).

Sensitive personal data (special category data under GDPR (EU 2016/679), Article 9) is not collected.

3. Purpose of Processing

Personal data is used to: Provide and manage the Services; Confirm identity and communications; Process payments and transactions; Respond to support requests; Notify about changes to services; Conduct internal reporting and system management; Comply with contractual, legal, or regulatory obligations.

Marketing communications are only sent with your consent. You may withdraw consent at any time.

4. IP Addresses and Cookies

Technical data, including IP address, browser type, and cookies, may be collected for system administration and security, statistical analysis, improving website functionality, and personalising user experience.

Cookies can be disabled via browser settings, but some site features may not function. Third-party advertisers may also use cookies, which are beyond our control.

5. Storage and Security

Personal data is stored on ISO27001-certified servers in any of our locations. No data is transferred outside the EEA, unless adequate safeguards are in place and subject to data residency and sovereignty as agreed between the Parties.

We implement appropriate technical and organisational measures, including encryption, access controls, regular penetration testing, and staff training on data protection.

6. Disclosure of Personal Data

We may share personal data with Kore group companies (subsidiaries, holding company), third parties during business transfers, authorities when legally required, and fraud prevention or credit risk management partners.

Disclosure is always subject to applicable UK, EU, and Bulgarian laws.

7. Legal Obligations

We may process or disclose data to comply with laws, prevent or detect fraud or crime, or engage debt collection where contractual obligations are not met.

8. Retention

Data is retained only as long as necessary. Order and billing records are kept for 7 years. Contact details are retained for the duration of the client relationship plus 7 years.

Retention considers data sensitivity, purpose, risk of unauthorised use, and legal obligations under UK, EU, and Bulgarian law.

9. Data Subject Rights

You may access your personal data, request correction, deletion or restriction, object to processing (including marketing), and withdraw consent at any time.

Requests may be sent to support@korecs.net or info@korecs.net.

10. Children’s Data

We do not knowingly collect personal data from children. Safeguards are applied if data is collected directly.

11. Security and Compliance

We ensure minimum necessary processing, fair and lawful handling, accurate records, secure storage and disposal, compliance with GDPR, UK GDPR, and PDPA, and annual reviews of our Business Management System.

KORE does not process Article 9 special category data or Article 10 criminal data and is not required to appoint a DPO.

12. Data Breach Notification

In the event of a personal data breach, we will notify affected individuals within 48 hours to support compliance with GDPR, UK GDPR, and PDPA.

13. Third-Party Links

External links may have independent privacy policies. KORE is not responsible for these policies.

14. Policy Updates

Changes to this policy will be posted on this page and, where appropriate, notified via email. Updates are effective 30 days after posting unless you notify us otherwise.

15. Contact

Questions or requests regarding this policy should be addressed to support@korecs.net.