1. What is personal data?
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1.1. What is data processing?
“Data processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1.2. What is a data controller?
“Data controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
1.3. What is a data subject?
“Data subject” means an individual (physical person) whose personal data is processed in the course of the use of the Services, provided by the Company, entering into a relationship with the Company or any has provided personal data to the Company in any other manner whatsoever.
2. Who is the data controller?
To the extent that personal data is being ..........., shall act in the capacity of a controller within the meaning of the GDPR.
3. How can a data subject contact us?
Data subjects may contact us in one of the following ways:
4. Purposes and legal grounds for data processing
The purposes for which such personal data may be collected are for proper functioning of our Website and provision of the relevant services, provided through the said Website. The exact purpose of each process is described in details in our privacy notice, which shall be made available to the data subjects. The legal basis for the processing may vary, depending on the functionalities, which a data subject uses on our websites, which may include:
Please note that we may collect personal data, which the data subject has voluntarily provided to us via our contact form. The purpose of such data processing will be to provide the respective data subject with the desired feedback in order to settle the respective issue or to provide the relevant clarification.
6. Types of data
To the extent that personal data is being collected, such data will may include:
Usernames, addresses (to the extent provided), emails, other contact details, payment information, as well as data related to the functioning of the cookies on our website – please refer to our cookies policy
5. Third parties’ links
6. Transfer of data outside the European Union and/or European Economic Area
We do not plan to transfer or store any of the personal data collected outside the European Union or European Economic Area.
If for some reason data has to be transferred outside the European Union, we shall ensure in advance that at least the prerequisites of Chapter V of the GDPR are in place and all applicable conditions/requirements have been met.
7. Retention periods
The collected personal data will be retained for the period, required for the provision of the respective service or for a longer period in case we: (i) need to comply with our legal obligation; or (ii) To observe our legitimate interest- which shall be described in detail in our privacy notice. Data may be deleted upon withdrawal of consent unsubscribing by the respective data subject.
The retention period for the data, collected through our contact form will vary, depending on the development of the business relationship and until fulfillment of the purposes, for which the respective data has been collected and/or we comply with our legal obligations.
8. Data subjects’ rights with regards to personal data processing
Data subjects shall have the following rights with regards to processing their personal data:
(i) Right of access by the data subject – this right is governed by art. 15 of Regulation 2016/679 (GDPR);
(ii) Right to rectification - this right is governed by art. 16 of GDPR;
(iii) Right to erasure (‘right to be forgotten’) - this right is governed by art. 17 of GDPR;
(iv) Right to restriction of processing - this right is governed by art. 18 of GDPR;
(v) Right to data portability - this right is governed by art. 20 of GDPR;
(v) Right to object and automated individual decision-making – as per articles 21 and 22 of the GDPR.
8.1. If we have collected and processed personal Information with data subject’s consent, then the said data subject can withdraw the consent at any time. Withdrawing consent will not affect the lawfulness of any processing we conducted prior to the withdrawal, nor will it affect the processing of personal information conducted in reliance on lawful processing grounds other than consent.
8.2. The data subjects may exercise their rights by contacting us through the contact details provided herein and/or in the privacy notice or by visiting our offices. Please note that we may request some additional identification in order to ensure that the respective data subject is entitled to exercise the respective right(s).
8.3. Data subjects are entitled to lodge a complaint with a supervisory authority. The supervisory authority for lawful personal data processing in Republic of Bulgaria is the Bulgarian Commission for Personal Data Protection (www.cpdp.bg). Without implying any obligation to do so, the Company would like to kindly encourage data subjects to discuss and try to resolve in good faith any issue, which may have arisen with regards to data processing.
9. We have implemented appropriate safeguards to ensure that any and all collected personal data is properly protected for the entire retention period including but not limited to encryption of connectivity and information stored, limited physical access to servers and other data carriers, data leakage protection, etc.