GDPR

We process your personal data on the following grounds:
● Conclusions between us and you in order to fulfill our obligations under it;
● Your explicit consent - the purpose is stated on a case-by-case basis;
● Subject to statutory duty
In the following paragraphs, you will find information about the processing of your personal information, depending on the reason we process it.
FOR IMPLEMENTING THE CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS
We process your personal data in order to perform the contractual and pre-contractual obligations and to use the rights under the contracts concluded with you.
 
Processing Goals:
● identifying yourself;
● managing and executing your application and executing a contract;
● preparing and sending an account / invoice for the services you use with us;
● Keeping correspondence in relation to order, query processing, problem reporting, and more.
● creating a profile;
 
Based on the agreement between you and us, we process information about the type and content of the contractual relationship as well as any other information related to the contractual relationship, including:
● personal contact information - contact address, email, phone number;
● identification data - full name, single citizen number or personal ID of a foreigner, permanent address;
● Data about the orders made through the profile;
● emails, letters, information about your troubleshooting requests, complaints, petitions, complaints;
● credit or debit card information, bank account number or other bank and payment information related to the payments made;
 
The processing of the personal data we provide is obligatory for us to be able to conclude the contract with you and execute it.
 
We provide your personal information to third parties, and our main purpose is to offer you quality, fast and comprehensive service.
We provide personal data to the following categories of recipients (personal data controllers):
● postal operators and courier companies;
● Persons performing consultancy services in different spheres.
 
The data collected on this basis will be erased 5 years after termination of the contractual relationship, whether due to expiration of the contract, termination or other grounds. The deadline is set by the 5-year limitation period for possible claims under the contract.
FOR THE IMPLEMENTATION OF LEGAL OBLIGATIONS
It is possible that the law provides for an obligation for us to process your personal data. In these cases, we are required to process such as:
● Obligations under the Law on Measures against Money Laundering;
● Obligations in connection with distance selling, off-premises sales provided for in the Consumer Protection Act;
● providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;
● Provision of information to the Commission for the protection of personal data in relation to obligations under the legislation on the protection of personal data;
● Obligations provided by the Accountancy Act and the Tax and Social Insurance Procedure Code and other related normative acts in relation to the keeping of lawful accounting;
● Providing information to the court and third parties, in the course of proceedings before a court, in accordance with the requirements of the normative acts applicable to the proceedings;
● Age authentication when shopping online.
 
The data collected according to an obligation in the law is deleted after the collection and storage obligation has been fulfilled or dropped. For example:
● under the Accounting Act for the storage and processing of accounting data (11 years),
● obligations to provide information to the court, competent state authorities, etc. grounds provided by current legislation (5 years).
 
Where we are required by law to do so, we may provide your personal data to the competent governmental authority, a natural or legal person.
AFTER YOU AGREE
We process your personal data on this basis only after your express, unambiguous and voluntary consent. We will not anticipate any unfavorable consequences for you if you refuse to process your personal data.
Consent is a separate ground for the processing of your personal data and the purpose of the processing is specified therein and is not covered by the objectives listed in this policy. If you give us the appropriate consent and until we withdraw or terminate any contractual relationship with you, we prepare appropriate product / service offers for you.
For this reason, we process only the data you have given us for our explicit consent. Specific data is determined for each individual case. Typically, the data includes:
● Email
● Phone;
● Address;
● Names;
For this reason, we can provide your data to marketing agencies and third parties.
 
Agreements submitted may be withdrawn at any time. Withdrawal of consent will not affect the performance of contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we will not use your personal information and information for the purposes set forth above.
 
The data collected on this basis is deleted at your request or 1 year after the initial collection.
PROCESSING OF ANONYMOUS DATA
We process your data for static purposes, this means for analyzes where the results are only generalized and therefore the data is anonymous. Identifying a specific person from this information is impossible.
How we protect your personal information
To ensure adequate data protection for the company and its customers, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.
For the sake of maximum security when processing, transferring and storing your data, we may use additional security mechanisms such as encryption, pseudonymisation, and more.
 
Consumer Rights
Each User of the site enjoys all rights to protection of personal data in accordance with Bulgarian and European Union law.
 
Each User is entitled to:
● Awareness (in connection with the processing of his or her personal data by the administrator);
● Access to your own personal data;
● Correction (if data is inaccurate)
● Delete personal information (right to be forgotten);
● Limitation of processing by the administrator or the processor of personal data;
● Portability of personal data between individual administrators;
● Objection to the processing of his or her personal data;
● The data subject may also not be the subject of a decision based solely on automated processing involving profiling that produces legal consequences for the data subject or similarly affects him or her significantly;
● Right to judicial or administrative redress if the rights of the data subject have been violated.
 
The user may request deletion if one of the following conditions is true:
● Personal data is no longer needed for the purposes for which it was collected or otherwise processed;
● The user withdraws his / her consent on which the processing of the data is based and no other legal basis for the processing;
● The data user opposes the processing and there are no legitimate grounds for processing that have an advantage;
● Personal data has been tampered with;
● Personal data must be deleted to comply with a legal obligation under Union law or the law of a Member State that applies to the administrator;
● Personal data has been gathered in connection with the provision of information society services to children, and consent is given by parental responsibility for the child.
 
The user is entitled to restrict the processing of his personal data by the controller when:
● Restrictions on the accuracy of personal data. In this case, the limitation of the processing is for a period that allows the controller to verify the accuracy of the personal data;
● Processing is improper, but the User does not wish to delete the personal data, but instead requires a limitation of their use;
● The administrator no longer requires personal data for the purposes of processing, but the User requires them to identify, exercise or protect legal claims;
● Opposes the processing pending verification that the legitimate grounds of the administrator have an advantage over the User's interests.
     
Right of portability.
The data subject has the right to receive the personal data that concerns him and which he has provided to an administrator in a structured, widely used and machine readable format and has the right to transfer that data to another administrator without hindrance by the administrator to whom the personal data is provided when the processing is based on consent or a contractual obligation and the processing is done in an automated manner. When exercising its right to data portability, the data subject is also entitled to receive a direct transfer of personal data from one administrator to another when technically feasible.
 
Right of objection.
Users have the right to object to the controller against the processing of their personal data. The Personal Data Administrator is required to discontinue the processing unless he can prove that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject or for the establishment, exercise or protection of legal claims.
REGISTER OF THE ACTIVITIES OF THE PERSONNEL DOCUMENT ADMINISTRATOR
 
1. Purposes for the processing of personal data
The administrator processes personal data for the following purposes:
● For the needs of providing the services offered by the company as well as for the execution of the contracts concluded with the company by the company;
● Selection and recruitment of employees in employment contracts as well as selection of contractors under civil contracts;
● To fulfill its obligations under the Accountancy Act;
● To fulfill its obligations under the laws governing the labor and social security obligations of the company as employer and insurer;
● For direct marketing
 
2. Description of categories of subjects and categories of personal data
The administrator processes personal data of the following categories of subjects:
● Clients
○ Name;
○ Email Address;
○ Contact phone;
○ Traffic data;
○ Where applicable:
■ ID card details;
■ PIN or other identification number;
■ Address
■ Data about participation in commercial companies; non-profit legal entities and other legal entities.
 
The personal data of customers are kept within 5 years from the time of entering into a contract with the client, and they are deleted.
 
● Users
○ Name;
○ Email Address;
○ Phone;
○ Traffic data
 
User data is kept for a maximum of 2 years and then deleted.
 
● Candidates for work and employees
○ Name;
○ Email;
○ Phone;
○ Age;
○ Work experience;
○ Health data for administering hospital sheets and other documents relevant to employment relationships.
 
Data for job applicants are deleted within 1 year of their collection. Data for employees and contractors of a civil contract is kept for a period of 3 years from the termination of the relationship with the entity.
 
3. Recipient categories to which data may be disclosed
The Administrator may disclose personal data to third parties in the following hypotheses:
● Attorneys enrolled in accordance with the Attorney Law - for the purposes of executing contracts with clients;
● To state and municipal authorities, when the Law imposes this or for the needs of executing contracts with clients;
● Advertisers - Digital data service providers submit data based on automated bikeshift processing. Only traffic data is provided;
● Providers of information services used by the controller performing the processing of personal data.
 
4. Technical and organizational measures
The administrator shall apply the following measures ensuring the security of the processing of personal data:
● pseudonymization and encryption of personal data
Applies to traffic data and user data for direct marketing purposes.
● Ability to promptly restore availability and access to personal data in the event of a physical or technical incident;
 
Personal data collected by the Administrator is processed electronically by personal data processors using servers with the ability to recover deleted information - "backup"