Category: Bulgaria

Kinstellar has advised Total Specific Solutions on its entry into the Bulgarian market through the acquisition of AS Systems. Sabev & Partners advised the sellers.

Total Specific Solutions is a vertical market software group.

AS Systems is a Bulgarian software company with ERP solutions for medium and large manufacturing and trading companies as well as pharmacies and pharmacy associations.

According to Kinstellar, “the acquisition helps TSS strengthen its foothold in the CEE region, especially in the healthcare sector. As a global provider of IT business solutions, TSS consists of independent business units that deliver products and services to their specific vertical market segments.”

The Kinstellar team included Partner Nina Tsifudina, Managing Associate Georgi Kanev, Senior Associate Denitsa Kuzeva, and Associate Yasen Toshev.

The Sabev & Partners team included Managing Partner George Sabev and Partner Boryana Boteva.

Eversheds Sutherland Bulgarian member Tsvetkova Bebov & Partners, working alongside Freshfields Bruckhaus Deringer, has advised Villeroy & Boch on the acquisition of Bulgarian Ideal Standard- Vidima AD, part of the Ideal Standard Group. White & Case and Boyanov & Co reportedly advised the sellers.

The transaction remains contingent on regulatory approval.

Ideal Standard is a multinational supplier of bathroom products. The company employs more than 7,000 people in 11 production sites in Europe and the Middle East. 

According to Tsvetkova Bebov & Partners, “this transaction is the largest one in Villeroy & Boch’s 275-year-old history, with a purchase price based on a company valuation of around EUR 600 million.”

The Tsvetkova Bebov & Partners team included Managing Partner Irina Tsvetkova, Partner Victoria Tzonkova, Counsel Petar Takov, Managing Associate Philip Kiossev, Senior Associate Victoria Marincheva, and Associate Margarita Zhivkova.

We are a law firm that is dedicated to recovering assets for victims of financial crime when the assets or scammers are located in Bulgaria. Nowadays, a growing number of people become victims of a sophisticated ongoing criminal fraud scheme involving an unknown number of organised participants from different countries. The fraudsters aim to deceive the victims to transfer significant amounts of money to the fraudster’s bank accounts in Bulgaria. Then, the scammers usually move the received sum to a bank account in a country outside the European Union.  However, these transfers are in breach of Bulgarian and international anti-money laundering law.

As an example of such scam, one of our clients, a very big company, became a victim of the fraud described above. Our client was deceived to transfer substantial amounts of money to the scammer’s bank account in Bulgaria. The fraudsters represented themselves as a partner with whom our client had a long-term business relationship. However, our client wrote the real name of its partner and the fraudster’s bank account in the payment order. In just a few days, after our client understood about the scam, it requested from its bank to cancel the transfer. Despite the rapid reaction from its bank, the payee’s bank did not block the funds or return them to our client. Instead, the payee’s bank allowed significant amounts of money to be transferred from the scammer’s account to third parties.

Can a bank be held liable in such cases for the damages suffered by the victim representing the amount of money that could not be recovered? 

The payee’s bank, as a payment service provider, is obliged to comply with the Bulgarian and European laws, including but not limited to: Regulation (EU) 2015/847 of the European Parliament and of the Council of 20 May 2015 on information accompanying transfers of funds, Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, Law on Measures against Money Laundering, etc. 

According to Bulgarian law, everyone is obliged to remedy the damage it has wrongfully caused to another. One who has assigned any work to another person shall be liable for any damage caused by him/ her in relation to the performance of that work. Such liability has a warranty function. It does not arise from the fault of the person who assigned the work, but occurs when the person charged to carry out a particular work causes a damage in connection with the performance of the work assigned to him. 

Тhe bank, through its employees, should fulfil its obligations for each money transfer especially in case of a suspicion of fraud, money laundering and/ or terrorist financing, namely:

• the bank has to pay attention to the information written in the payment order and in case of some mismatch it should undertake the respective actions following the Bulgarian and European laws;
• the bank should implement effective procedures to detect that substantial information on the payee (its real name) is missing as well as procedures for verification of the name and the IBAN;  
• the bank should implement effective risk-based procedures for determining whether to execute, reject or suspend a transfer of funds lacking the required complete payer and payee information and for taking the appropriate follow-up action. Where the payment service provider of the payee becomes aware, when receiving transfers of funds, that some information is missing or incomplete it shall reject the transfer or ask for the required information on the payer and the payee before or after crediting the payee’s payment account or making the funds available to the payee, on a risk-sensitive basis;

We consider that the banks have to execute their obligations very carefully especially in case of a suspicion of money laundering and/ or terrorist financing and if they do not, they should be liable for nonfulfillment of the respective Bulgarian and European laws.  Should the payee’s bank treat the transfer of our client with the required attention considering the signs for fraud and imposed AML measures, it should have undertaken the respective actions and prevent the damages to our client.

We believe that claiming responsibility of the bank of the payee may create precedent in Bulgaria as there are not such court cases.

By Plamena Banabakova, Attorney-At-Law, Mikov & Attorneys

Former Goodwin Procter Partner Sava Savov has joined Kinstellar as a Partner to support the firm’s international transactional offering and work with the executive team on various strategic initiatives.

Savov is a corporate and private equity specialist with almost two decades of professional experience. Prior to joining Kinstellar, Savov spent two and a half years as a Partner with Goodwin Procter in London, almost five years as a Partner with Sidley Austin, a combined seven years with Kirkland & Ellis as a Partner, and two and a half years as a Vice President at Oaktree Capital Management.

“We are thrilled to welcome Sava to Kinstellar,” Managing Partner Patrik Bolf commented. “He is an exciting addition to our leadership team. His extensive experience, acumen, and strategic thinking make him a valuable addition and a great fit to our firm.”

“I am honored and excited to embark on this new journey with Kinstellar,” Savov added. “Their commitment to excellence, innovation, and growth aligns perfectly with my own values. I look forward to contributing my experience and passion to the fantastic team here and, together, we will write the next chapter of success.”

CMS has advised Enka on its EUR 8.4 million acquisition of a 40-megawatt photovoltaic project through the acquisition of the Town Up 8 company. Savova & Co reportedly advised the sellers.

Enka is an engineering and construction firm headquartered in Istanbul. According to CMS, Enka is the largest construction company in Turkiye and has ranked among the ENR’s Top International Contractors since 1981.

The CMS team included Managing Partner Kostadin Sirleshtov, Counsel Borislava Piperkova, Senior Associates Elena Yotova-Yordanova and Vaska Solakova, Associates Yavor Danailov and Viktoriya Dimitrova, Junior Associate Lyubomira Tanchovska, and Trainees Niya Ivanova and Boris Kirov.

Djingov Gouginski Kyutchukov & Velichkov has advised Provitech Solutions on its new lease agreement for office premises located on the top floor of the Sofia Tower.

Provitech Solutions deals in financial technology products, business intelligence solutions, complex web and mobile applications, high-load systems, third-party integration, and big data analytics among others.

The DGKV team was led by Senior Associate Peter Angov.

Under the current legislation, mediation as an alternative method of dispute resolution is voluntary. The amendments adopted in the State Gazette, No. 11 of 2023, which enter into force on 1 July 2024, introduced two categories of obligatory mediation in civil and commercial court proceedings:

• Obligatory court mediation in cases explicitly listed in the Civil Procedural Code (CPC);
• Obligatory mediation at the discretion of the court.

The new rules for obligatory mediation enter into force on 1 July 2024.

1. Obligatory mediation in court cases explicitly listed in the CPC.

The court shall oblige the parties to participate in a mediation procedure in case of pending court proceedings with a subject explicitly listed in Article 140a, paragraph 1 of the CPC.  Mediation is mandatory in the following types of cases:

• apportionment of the use of a co-owned thing under the Ownership Act;
• monetary receivables arising from co-ownership under the Ownership Act;
• partition proceedings under the Ownership Act;
• certain cases under the Condominium Ownership Management Act;
• full payment of the share value upon termination of the participation in a limited liability company under the Commerce Act;
• liability of a managing director or controller of a limited liability company for damages caused to the company under the Commerce Act;

In the abovementioned cases, the court does not make its own assessment of whether the cases are appropriate for mediation, but the court is bound by the nature of the claims.  The court shall check only for the negative preconditions under Art. 140a, para. 4, items 1-6 CPC, which set out the general exceptions in which a mediation procedure cannot be carried out (e.g. the defendant admits the claim, the state is a party to the case, there is convincing evidence of violence committed by one party of the other, etc.).

2. Mediation at the discretion of the court.

Apart from the cases under item 1 above, the court has the discretion, if it considers appropriate, to oblige the parties to participate in a mediation procedure in the following type of cases:

• pecuniary or non-pecuniary claim arising from a contract, tort or delict, unjust enrichment, or managing the affairs of another person without due authority where the cost of action does not exceed BGN 25,000;
• existence, termination, annulment, or rescission of a contract or for the conclusion of a final contract where the cost of action does not exceed BGN 25,000;
• remuneration or compensation arising from an employment relationship, as well as for pronouncing a dismissal wrongful and for revoking such dismissal and for reinstatement to the previous work;
• protection of membership rights in a commercial company under Art. 71 of the Commercial Act, or for revocation of a decision of the general meeting of the company, or revocation of a decision of the bodies of the cooperative or of NGOs;
• protection of intellectual property rights;
• ownership and other rights in rem over property or for trespass;
• disputes concerning the exercise of parental rights, personal relations with the child, residence of the child and its maintenance, personal relations with the grandparents;
• maintenance;
• divorce;

In the abovementioned cases, the court shall make an assessment of whether the dispute is appropriate for mediation, taking into account the sample criteria set out in the law. The criteria are related to the relations between the parties, the undisputable facts on which the right claimed by the plaintiff is based, respectively the objections or counterclaims of the defendant, etc.

3. The procedure of mediation.

During any stage of the court proceedings after the expiry of the time limit for a response to the statement of claim and prior to the conclusion of the trial, the court shall oblige (in the cases under item 1 above) or may oblige (in the cases under item 2 above) the parties to participate in a first mediation meeting. The parties are obliged to participate in a procedure of mediation only once in the proceedings.  The mediation procedure shall be conducted within a time limit specified by the court, which shall not exceed two months. By mutual consent of the parties, the procedure may continue after that period simultaneously with the examination of the case, or the proceedings may be suspended by mutual consent of the parties. The procedure shall take place in a court mediation centre at the relevant court.

The parties are obliged to participate in good faith in the first meeting of the mediation procedure with a total duration of one to three hours, and the mediator may also schedule separate meetings with the parties.  The mediator provides the court with information on the outcome of the mediation procedure and the participation of the parties in it.

4. Who can be a mediator in an obligatory mediation procedure?

The mediator in an obligatory mediation procedure may only be a person with legal education who meets the general requirements for a mediator and has undergone an additional selection and specialized training.  The Supreme Judicial Council must issue аn ordinance in relation to the requirements and control over the activities of mediators.  The mediator shall be appointed by mutual agreement of the parties or by the court centre. The mediation centers of the district courts shall keep lists of mediators.

5. Agreement in a procedure of mediation

An agreement, reached in a mediation procedure, shall be concluded in writing. Depending on the content of the agreement reached by the parties, the court proceedings shall be terminated or the court shall approve the agreement as a court settlement within seven days after the submission of the application to the court. If no agreement has been reached or the approved settlement refers only to part of the dispute, the court shall proceed with the examination of the whole case or respectively with the examination of the remaining part of the case.

6. Benefits of mediation.

The costs of an obligatory mediation procedure held for a total duration of one to three hours shall be paid from the court’s budget.  If a party, after being obliged by the court, refuses to participate in a mediation procedure and loses the case, that party shall be liable for the costs of the mediation procedure. In cases where a first meeting in a mediation procedure has not been held due to a refusal of both parties, the costs of the mediation process shall be paid by them equally, regardless of the outcome of the case.

In the cases where the settlement results from an agreement concluded in a mediation process or where the proceedings have been terminated due to a withdrawal or abandonment of the claim as a result of any such agreement, 75% of the paid state fee must be refunded to the plaintiff.

By Kina Chuturkova, Partner, and Lilia Surgucheva, Associate, Boyanov & Co

CMS has advised Hellenic Petroleum Group subsidiary EKO Bulgaria in the EUR 51 million public procurement process organized by the Bulgarian Ministry of Finance for the delivery of fuel needed by the administration entities under its executive purview.

According to CMS, “the tender process resulted in the parties entering into a EUR 51 million framework agreement, which encompasses the delivery of fuel to meet the operational requirements of all state administration entities under the executive purview of the Ministry.”

EKO Bulgaria entered the Bulgarian market in July 2002 as part of the Hellenic Petroleum Group, an industrial and commercial corporation in Greece and a player in the energy sector in Southeast Europe. EKO Bulgaria operates a chain of 95 petrol stations in the country.

EKO Bulgaria will fulfill its contractual obligations by issuing cashless payment cards to the Ministry of Finance and its associated executive authorities, the firm reported. “The specific quantities procured during the framework agreement’s implementation period will be contingent on the current needs of the respective administrations, in accordance with their budgetary constraints.”

The CMS team included Managing Partner Kostadin Sirleshtov and Associate Diyan Georgiev.

The European Court of Justice (CJEU) likely anticipated a wave of GDPR-related referrals. Few such matters receive as much attention from the public and lawyers as questions on GDPR damages.

Earlier this year, the CJEU decided in a landmark case C-300/21 that an award of non-material damages in accordance with Art 82 GDPR requires an infringement of the GDPR, damage suffered by the data subject, and a causal link between the unlawful processing and the damage (see also EU: CJEU lowers threshold for GDPR damages).

Up next is the case of a data subject worried about possible, but by no means certain or probable, future events after a hacker attack.

Four years ago…

The Bulgarian National Revenue Agency Natsionalna agentsia za prihodite (“NAP”) informed Bulgarian and foreign nationals via the media of an unauthorised access to its information system. The NAP was hacked and various tax and social security information was published online. The incident affected the personal data of 6,074,140 data subjects, including 4,104,786 Bulgarian citizens and foreign nationals, and 1,959,598 deceased individuals. Plaintiffs across Bulgaria saw an opportunity and claimed compensation of non-material damages due to alleged harm suffered.

The lower Bulgarian Court Administatibven sad Sofia-grad dismissed a specific claim arguing that the NAP failed to implement the necessary technical and organisational measures required by the GDPR, which led to the security leak causing worry and fears. The plaintiff claimed compensation of non-material damages in the amount of BGN 1,000 (approx. EUR 511). The main grounds for dismissal of the claim in the first-instance decision were that

• being hacked was not sufficient to presume that the necessary technical and organisational measures were not appropriate;
• the plaintiff bears the burden of proof that appropriate technical and organisational measures were not implemented by the NAP or were implemented inappropriately, so that this contributed to the unauthorised access and disclosure of the personal data;
• the emotional discomfort caused by the news of the unauthorised access to the NAP’s files does not constitute actual damage within the meaning of the law;
• the public disclosure of the unauthorised access to the NAP’s database has not affected the plaintiff’s life, self-esteem, self-worth, work, relationships with loved ones or health;
• the emotional discomfort experienced by the plaintiff is not a result of the NAP’s behaviour.

Upon the applicant’s appeal, the Supreme Administrative Court, Varhofen administrativen sad, referred several questions to the CJEU. Among others, the Bulgarian Court asked the CJEU whether

• being hacked is sufficient to presume that the necessary technical and organisational measures were not appropriate;
• the controller bears the burden of proof that appropriate technical and organisational measures were implemented;
• a hacking attack exempts entities from liability; and
• worries, fears and anxieties suffered with regard to a possible misuse of personal data in the future may constitute non-material damage.

Being hacked does not automatically equate to a violation of the GDPR’s obligations

Unsurprisingly, in the opinion of Advocate General Giovanni Pitruzzella, it would be illogical to assume that the EU legislator intended to impose obligations on the controller, making it impossible to demonstrate that the controller had correctly fulfilled its obligations under the GDPR. Therefore, a data breach alone does not show that the controller had failed to implement appropriate technical and organisational measures. Nevertheless, the burden of proving the appropriateness of the measures implemented and assessed by national courts lies not with the data subject, which must show harm suffered, causation and an infringement of the GDPR, but the controller. The admissible methods of proof and inquiry, such as expert reports, are subject to national procedural law.

Money, money, money – is worrying about the future enough?

When it comes to damages, Advocate General Pitruzzella believes that a hacker attack does not automatically exempt a controller from liability. Thankfully, in his view the GDPR does not provide for strict liability, where the element of fault is entirely disregarded. Rather, a controller could provide exonerating evidence and, to this end, must demonstrate that it was not responsible for the breach caused. The Advocate General is clear that it should not simply suffice that a third party was able to access the data subject’s personal data without authorisation. In practice, this would mean that a controller would have to prove that it was not acting negligently and facilitated the hacker attack by not having appropriate data security measures in place.

With respect to non-material damages, which are becoming quite popular across Europe, the Advocate General predictably opted for a broad interpretation – also see C-300/21 EU: CJEU lowers threshold for GDPR damages for the CJEU’s judgment subsequent to Advocate General Pitruzella’s Opinion. Nonetheless, the Advocate General explains that a plaintiff’s subjective perception, changeable and dependent on character and personal elements, will not be decisive, but actual inconvenience to the data subject’s physical and psychological sphere or its relationships will be required, i.e. actual and emotional damage. The national courts would then assess and verify the actual and emotional damage case by case.

What now?

The Advocate General’s opinion is not binding for the CJEU. Notably, the CJEU has deviated from Advocate General Manuel Campos Sánchez-Bordona’s Opinion on the question of whether a threshold of seriousness is required to award compensation for non-material damages for GDPR infringements (C-300/21). The opinion has been criticised for placing the burden of proof of appropriate technical and organisational measures having been implemented on the controller. It remains to be seen what the CJEU will make of it.

Nevertheless, potential defendants faced with non-material damages claims do not need to panic. We shall see whether judges will be convinced by plaintiffs’ arguments that they are worried about possible future implications because personal data has been compromised. Copy & paste claims might fail, however, and a plaintiff willingly sharing data for raffles, ad-free surfing or numerous online shops might struggle to explain in court why they are more worried about contact data being accessed by a hacker and not by the 30 or 50 online shops around the world – also in non-Member States – that they are registered with.

It is definitely a good time to double-check the implementation of appropriate technical and organisational measures. From a pre-litigation perspective, it is highly recommended to record any checks, protocols and updates to data security, correspondence with and suitability of privacy officers and engagement of third parties. In the worst-case scenario, this information may prove to be essential evidence in court proceedings, also to rely on the exemption from liability.

One EUR 500 claim may not seem like much at first glance, but the Collective Redress Directive could be a gamechanger. So far, the Directive has not been implemented in every Member State (see Class Action Info Corner). Neither Austria, a country where data protection disputes have been going strong in recent years, nor Bulgaria have implemented the Directive yet. Once implemented, however, it could easily become a tool for so-called Qualified Entities to confront companies with high-value claims on behalf of consumers.

By Sara Khalil, Counsel, and Marin Demirev, Counsel, Schoenherr

Djingov Gouginski Kyutchukov & Velichkov has successfully represented the Bulgarian Employers Association for Innovative Technologies before the country’s Supreme Administrative Court in a dispute for its recognition as a nationally representative employers’ organization against the Bulgarian government.

According to DGKV, it all started with a Decision of the Council of Ministers of the Republic of Bulgaria refusing to recognize BRAIT’s status. Then the Sofia City Administrative Court, “as a court of first instance, handed down a decision by virtue of which BRAIT’s [challenge] was upheld in its entirety. The competent court repealed the Decision of the Council of Ministers and ordered a new Decision to be issued by the Council of Ministers in accordance with the grounds of the court’s decision.”

The decision of the Sofia City Administrative Court was then appealed by the Council of Ministers and the Minister of Labour and Social Policy, the firm reported. “The Supreme Administrative Court rendered a decision which rejected the cassation appeals and entirely confirmed the decision of the Sofia City Administrative Court.”

DGKV’s team was led by Partner Anton Krustev and included Associates Dimitar Tabakov, Neli Urumova, and Krasimir Avramov.