ИЗПBY USING THIS WEBSITE, YOU AGREE WITH CONDITIONS CONCERNING COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL DATA IN ACCORDANCE WITH THESE CONDITIONS
ADMINISTRATOR OF PERSONAL DATA
Users during the registration process. Disclosure is possible only in cases where the information is required by state authorities or officials authorized by law to request and collect information containing personal data and in compliance with the statutory procedure.
Personal Data Protection Commission
Address: Sofia, 1592, Prof. Tsvetan Lazarov ”2
II. PURPOSES AND SCOPE OF THE CONFIDENTIAL POLICY
- personal data collected and processed by the provider;
- the purposes of the processing of personal data;
- storage period of personal data;
- the mandatory and voluntary nature of the provision of personal data;
- processing of personal data;
- protection of personal data;
- the recipients or categories of recipients to whom the data may be disclosed;
- individuals’ rights;
- exercise of rights;
- right of objection;
- buttons, tools and content from other companies;
2.1For the purposes of Regulation (EU) 2016/679 and of this Policy, the following terms shall have the following meanings:
- Personal data means any information relating to an identified or identifiable natural person (“data subject”); identifiable natural person is an identifiable person, directly or indirectly, in particular by an identifier such as a name, identification number, location data, online identifier, or by one or more physical-specific attributes, the physical, genetic, mental, mental, economic, cultural or social identity of that individual.
- Processing of personal data means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as the collection, recording, organizing, structuring, storing, adapting or changing, extracting, consulting, using, disclosing by transmission , dissemination, or otherwise making the data accessible, arranging or combining, limiting, deleting, or destroying it
- Restriction of processing means the marking of stored personal data in order to limit their processing in the future.
- Profiling means any form of automated processing of personal data, which involves the use of personal data to evaluate certain personal aspects related to an individual, and in particular to analyze or predict aspects related to the fulfillment of the professional obligations of that person. An individual, his or her economic status, health, personal preferences, interests, reliability, behavior, location or movement.
- “Administrator” means an individual or legal person, public authority, agency or other entity that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for determining it may be laid down in Union law or in a Member State law.
- Personal data processor means an individual or legal person, public authority, agency or other entity that processes personal data on behalf of the controller.
- Recipient means an individual or legal person, public authority, agency or other entity to whom personal data are disclosed, whether third party or not. At the same time, public authorities which may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered as ‘recipients’; the processing of such data by the designated public authorities complies with the applicable data protection rules for the purposes of processing.
- Third party means a individual or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct control of the controller or the processor, have the right to process the personal data.
- Consent of the data subject means any freely expressed, specific, informed and unambiguous indication of the data subject’s will, by means of a statement or clearly affirmative action, expressing his / her consent to the processing of personal data related to him / her.
- Personal data breach means a breach of security that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or processed in any other way.
IV. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
3.1 The controller adheres to the following principles when processing personal data about individuals, namely:
- Personal data are processed lawfully, in good faith and in a transparent manner with respect to the data subject (“legality, integrity and transparency”);
- Personal data are collected for specific, explicit and legitimate purposes and are not further processed in a manner incompatible with those purposes;
- Personal data are relevant, relevant, and limited to what is necessary for the purposes for which they are processed (“minimizing data”);
- Personal data are accurate and, where necessary, kept up-to-date (“accuracy”);
- Personal data are stored in a form that allows the data subject to be identified for a period no longer than is necessary for the purposes for which the personal data are processed (“retention limit”);
- Personal data are processed in a manner that guarantees an adequate level of personal data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or corruption, by applying appropriate technical or organizational measures (“integrity and confidentiality”).
V. PERSONAL DATA COLLECTED AND PROCESSED BY THE ADMINISTRATOR
A. Processing of special categories of personal data (“sensitive data”)
А. Обработка на специални категории лични данни („чувствителни данни“)
4.1 The controller does not collect or store specific categories of personal data, such as: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs, or union membership, genetic data, biometrics for the sole purpose of identifying an individual , health status, or sexual life or sexual orientation data of the individual. Individuals should not provide such sensitive data to the Administrator. In case the individual deliberately provides sensitive data to the Administrator, the Administrator shall immediately delete them.
B. Personal data collected directly from individuals
Personal data collected directly from individuals when individuals contact the Administrator by telephone
- to pursue the Admin’s legitimate interests, which legitimate interests are to send a response to the received messages, as well as to retain the received messages.
- for actions prior to the conclusion of the contract and undertaken at the request of the individual, namely providing more information offered by the Administrator services in connection with the possible conclusion of the contract with the individual.
C. Personal data of individuals provided by third parties
6.1 The controller does not normally receive personal data about individuals from third parties. However, in some cases, if the Administrator has reasonable grounds to suspect that an individual violates intellectual property rights and other similar cases, then the Administrator is entitled to obtain the suspect’s personal data from public registers, such as: the register, the register for registered trademarks kept by the Patent Office of the Republic of Bulgaria and the like. This data may be collected and processed in order to bring an infringement claim against the offender. The processing of personal data collected from a public register is necessary for the purposes of the legitimate interests of the Administrator, which legitimate interests are a claim for a violation against the offender, as well as on a legal basis.
D. Data collected automatically
7.1 When visiting the Website, the Administrator automatically collects the following information, namely:
- Internet Protocol (IP) address of the device from which the individual accesses the platform (typically used to determine the country or city from which the individual accesses the platform);
- The type of device from which the individual accesses the platform (eg computer, mobile phone, tablet, etc.);
- Type of operating system;
- Browser type;
- The specific actions that the individual takes, including the pages visited, the frequency and duration of visits to the website;
- Date and time of visits.
7.2 When using the collected information, the Administrator does not profile individuals.
VII. PURPOSES FOR WHICH PERSONAL DATA IS PROCESSED
9.1 The controller collects and processes the personal data of individuals, which are provided directly by them for the following purposes only, namely:
- in order to provide the services offered by the Administrator and to identify individuals (future and current clients);
- contacting the individual via e-mail so that the Administrator can respond to the request from the individual;
- for performance of obligations under a contract to which the data subject is a party, as well as for actions prior to the conclusion of a contract and undertaken at his request;
- to fulfill the statutory obligation of the Data Controller, in accordance with the applicable law;
- accounting purposes;
- statistical purposes.
9.2 The controller collects and processes the personal data of individuals, which are automatically collected for the following purposes, namely:
- improving the efficiency and functionality of the website;
- producing anonymous statistics on how the website was used.
VIII. DURATION OF PERSONAL DATA
10.1 Personal data of persons who made a request using the contact form of the website: The Administrator shall store the personal data of the persons who made a request using the contact form of the website for a period of:
- for persons who have not become clients of the Administrator within one month of sending the request: personal data is stored for a period of three months after sending the request.
- for persons who became clients of the Administrator: personal data is stored for 10 years after the execution of the service assigned by the client to the Administrator.
10.2 Personal data of persons who made a request by telephone: The Administrator shall store the personal data of persons who made a request by telephone for a period of:
IX. BINDING AND VOLUNTARY NATURE OF SUBMISSION OF PERSONAL DATA
11.1 The personal data required to be provided by individuals are consistent with the services provided by the Administrator and are mandatory. The provision of personal data by individuals is voluntary. In case of refusal to provide personal data:
- The Administrator will not be able to provide the physical service or information desired by the Administrator;
- The administrator will not be able to receive the email from the user if the user does not fill in the required information in the contact form.
X. PROCESSING OF PERSONAL DATA
12.1 The controller processes personal data of individuals through a set of actions that can be performed by automatic or non-automatic means.
12.2 The Administrator processes the personal data of individuals independently or by assigning a processor on behalf of the Administrator, who is the accounting officer of the company, which is based in the Republic of Bulgaria.
XI. PROTECTION OF PERSONAL DATA
13.1 The controller shall take the necessary technical and organizational measures to protect personal data against accidental or unlawful destruction or accidental loss, unauthorized access, alteration or distribution, as well as from other unlawful forms of processing, namely:
- all personal information provided by the individual to the Administrator is stored on secure and reliable servers and folders;
- in exercising the right of access by the individual, the Administrator verifies the identity of the individual before providing him with the requested information.
13.2 Comprehensive information on the technical and organizational measures taken by the controller is available in the Instruction on the mechanism of processing of personal data and their protection in the maintained registers containing personal data with the Administrator. Should you wish to receive detailed information on technical and organizational measures, please do not hesitate to contact us on 00359 89 223 040 or by making an inquiry using the contact form on this site.
XII. RECIPIENTS TO WHICH PERSONAL DATA MAY BE DISCLOSED
14.1 The controller has the right to disclose the personal data processed to the following categories of persons, namely:
- to data subjects;
- to persons, if provided for in a normative act, for example state bodies (NRA, Patent Office, Commercial Register, etc.);
- to data processors who provide services for the benefit of the Provider’s business activities, such as the Accountant to the Administrator and courier organizations, and those persons are bound by the obligation of confidentiality and also provide sufficient safeguards for implementation appropriate technical and organizational measures in such a way that the processing proceeds in accordance with the requirements of the Regulation and ensures the protection of the rights of individuals.
14.2 The Provider does not sell personal data provided by an individual to third parties.
XIII. RIGHTS OF INDIVIDUALS
RIGHTS OF INDIVIDUALS
Right of access
15.1 An individual has the right to receive from the Administrator confirmation that personal data related to him/her are processed and, if so, to have access to the data – the relevant categories of personal data.
Right of correction
15.2 The individual has the right to ask the Administrator to correct without undue delay inaccurate personal data related to him. Considering the purposes of processing, the individual has the right to complete incomplete personal data, including by adding a declaration.
Right to be deleted (right to be “forgotten”)
15.3 An individual has the right to request from the Administrator the deletion of personal data related to him without undue delay, and the Administrator has the obligation to delete without undue delay the personal data when any of the grounds specified in Article 17 of Regulation 2016/679 apply.
Right to restrict processing
15.4 The individual has the right to request from the Administrator a restriction of processing when one of the conditions specified in Article 18 of Regulation 2016/679 applies. Where a restriction on processing is carried out, such data shall be processed, with the exception of their storage, only with the consent of the individual or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural person or for important grounds of public interest. for the Union or a Member State. When an individual has requested a restriction on processing, the Administrator shall inform the individual prior to the cancellation of the restriction on processing.
Data portability right
15.5 An individual has the right to receive personal data concerning him which he has provided to the controller in a structured, widely used and machine-readable format, where processing is based on consent or a contractual obligation and processing is carried out under automated way.
Right to object
15.6 An individual has the right, at any time and on grounds relating to his or her particular situation, to object to the processing of personal data relating to him / her. According to Article 21 (4) of Regulation 2016/679, the individual is explicitly informed of the existence of the right of objection, which shall be presented in a clear manner and separately from any other information. For the fulfillment of this obligation, more information on the right of objection can be found in the section entitled ‘Right of Objection’ below.
15.7 The individual has the right not to be the subject of a decision based solely on automated processing involving profiling, which has legal consequences for the data subject or similarly significantly affects it.
Right to be informed about personal data breach
15.8 Where a breach of personal data security is likely to create a high risk to the rights and freedoms of individuals, the individual must be notified without undue delay of the breach of personal data security.
Right to a judicial and administrative remedy
Right to lodge a complaint with a supervisory authority
15.9 An individual may file a complaint with a supervisory authority, in particular in the Member State of habitual residence, place of work or place of alleged infringement, if the natural person considers that the processing of personal data concerning him violates the provisions of Of the Regulation.
The right to effective judicial protection against a supervisory authority
15.10 Every individual and legal person has the right to an effective judicial remedy against a binding decision of a supervisory authority relating thereto. Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.
Q: The right to effective judicial protection against an administrator or processor
15.11 Without prejudice to any administrative or non-judicial remedies available, including the right to lodge a complaint with a supervisory authority, an individual has the right to an effective judicial remedy where he considers that his rights under the Regulation have been infringed as a result of processing of his personal data which is not in accordance with the Regulation. Proceedings against a controller or processor shall be brought before the courts of the Member State where the controller or processor is established.
Right to compensation for damages
15.12 Any person who has suffered pecuniary or non-pecuniary damage as a result of a breach of the Regulation shall be entitled to receive compensation from the Administrator or the processor for the personal injury suffered. Legal proceedings concerning the exercise of the right to compensation shall be brought before the courts of the Member State in which the controller or the processor processes the place of establishment.
XIV. PROCEDURE FOR THE EXERCISE OF RIGHTS
- name, address and other identifying information of the individual concerned;
- a description of the request;
- signature, date of submission of the request and e-mail address.
16.2 The request is made personally by the individual. The administrator records the requests submitted by individuals in a separate register.
16.3 After the individual has exercised his right of access to personal data relating to him, the Administrator verifies the identity of the individual before responding to the request. This is necessary to minimize the risk of data misuse and identity theft. In case the Administrator cannot identify the individual from the collected personal data, then the Administrator has the right to request a copy of the documents identifying the individual (such as ID card, driving license, other documents containing personal data which may identify the individual).
16.4 The Administrator shall consider the request and provide the individual with information on the actions taken in connection with the request within one month of receipt of the request. If necessary, this period may be extended by another two months, taking into account the complexity and number of requests.
16.5 The Administrator shall inform the individual of any such extension within one month of receipt of the request, indicating the reasons for the delay. Where the individual submits a request by electronic means, the information shall, where possible, be provided by electronic means, unless otherwise requested by the individual.
16.6 If the Administrator does not take action on the request of the individual, the Administrator shall notify the person without delay and within one month at the latest within one month of receiving the request for reasons for not taking action and for the possibility of filing a complaint with the supervisory authority and seeking protection. judicially.
16.7 The controller is obliged to report any correction, deletion or restriction of processing to any recipient to whom the personal data have been disclosed, unless this is impossible or requires a disproportionate effort. The administrator shall inform the individual of these recipients if the person so requests.
XV. RIGHT OF OBJECTION
XVI. LINKS, TOOLS AND CONTENTS FROM OTHER COMPANIES
XVII. CHANGES IN CONFIDENTIAL POLICY