privacy policy

Last update: 2023.07.22

This Privacy Policy has been prepared and is based on the current Bulgarian legislation in the field of personal data protection and Regulation (GDPR) 2016/679 of the Lower Parliament and the Council and aims to clarify how and why BULGARIAN EDUCATIONAL CYBERNETICS AD, EIK 207326463 processes and protects your personal data in the process of using the “bulgarian.academy” website (hereinafter referred to as the site for brevity). 

The privacy policy applies to your personal data if you are an individual or a representative of a legal entity that is our customer. It will explain to you what personal information we process when providing our services, for what purposes we use it, and your rights as a subject of personal data.

PRINCIPLES

When collecting and processing personal data, we are guided by the following principles: legality; good faith; transparency; limitation of processing purposes; minimizing the data collected; accuracy and timeliness; restriction of storage to fulfill the objectives; processing privacy and security.

WHO PROCESSES AND IS RESPONSIBLE FOR YOUR PERSONAL DATA?

The administrator of your personal data is: “BULGARIAN EDUCATIONAL CYBERNETICS” AD, the commercial company registered in the Commercial Register at the Registration Agency with EIK 207326463, which collects, processes and stores your personal data under the terms of this Credibility Policy, mandatory company rules, and standard contractual clauses, according to Implementing Decision (EU) 2021/915 of the European Commission of June 4, 2021.

You can contact us at the city of Shumen, 10 Aldemirovtsi St., 3rd floor, phone: 0877 766 821; 0877 766 891, e-mail address: [email protected].
Компетентен контролен орган по защита на личните данни: Комисия за защита на личните данни, седалище и адрес на управление: гр. София 1592, бул. „Проф. Цветан Лазаров” 2, адрес за кореспонденция: гр. София 1592, бул. „Проф. Цветан Лазаров” 2, телефон: 02/ 915 3 518, интернет страница: www.cpdp.bg.

LEGAL DEFINITIONS

The GDPR contains a total of 26 legal definitions and it is not practical to fit them all into this policy. However, the more key concepts would find a place and are therefore presented below:

“Personal data” – any information relating to an identified natural person or an identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, the physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person;

“Processing” – any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or another way in which the data is made available, arranged or combined, restricted, deleted or destroyed;

“Administrator of personal data” – a natural or legal person, public body, agency, or other structure that alone or jointly with others determines the purposes and means of processing personal data; when the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the special criteria for its determination may be established in Union law or in the law of a Member State.

“Personal data processor” – a natural or legal person, public body, agency, or other structure that processes personal data on behalf of the controller;

“Third-party” – natural or legal person, public body, agency
or other body other than the data subject, the controller, the personal data processor, and the persons who, under the direct supervision of the controller or the personal data processor, have the right to process the personal data.

“Consent of the data subject” – any freely expressed, specific, informed, and unequivocal indication of the will of the data subject, using a statement or a clear affirmative action, which expresses his consent for the personal data related to him to be processed.

“Personal Data Security Breach” – a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that is transmitted, stored, or otherwise processed.

“Profiling” – any form of automated processing of personal data, consisting in the use of personal data to evaluate certain personal aspects related to a natural person, such as his economic status, health, personal preferences, interests, reliability, behavior, location or movement

“Pseudonymization” – processing of personal data in such a way that the personal data can no longer be linked to a specific data subject without the use of additional information, provided that it is stored separately and subject to technical and organizational measures to ensure that the personal data is not linked to an identified natural person or to an identifiable natural person.

“Register of personal data” – the set of data that is maintained and stored by the administrator, regardless of their physical medium.

PERSONAL INFORMATION TO BE COLLECTED

Depending on the specific goals, “BULGARIAN EDUCATIONAL CYBERNETICS” AD processes the data indicated below alone or in combination.

Processing of personal data that is provided directly by you when you order a certain product or service through the online request form or make an inquiry by phone or through the contact form on the “bulgarian.academy” website:

Personal data to identify a user (name, email, phone number)
ZIP code
Address
Country
Facebook profile
Skype profile
Profile picture /avatar/

We do not knowingly collect personal information from persons under the age of 18.

WAYS YOUR PERSONAL DATA IS COLLECTED

The collection and processing of your personal data is carried out in several ways: registration on the website; placing an order;
by recording the courses and training offered; completing a customer survey; giving feedback on a website page; sending messages via chat platforms or by email; as well as when using or browsing the website through your browser's cookies.

TYPES OF DATA, PURPOSES, AND LEGAL BASIS FOR PROCESSING

TYPES OF DATA

1.1 Personal data provided by you, through express consent: names, telephone, and e-mail address. Consent is given in writing or when creating an account/filling in a form that requires personal data.

1.2 Data collected upon payment made to BULGARIAN EDUCATIONAL CYBERNETICS AD.

1.3 Data collected for delivery: name, address
and the telephone number of the customer.

1.4 IP address data when visiting our site. This data is collected to improve and ensure security, as well as for statistical purposes and research.

1.5 When connecting to your Facebook or Google account or other third-party services (where such functionality is available), we also receive the information from those accounts (eg friends or contacts). The information we receive from these services depends on the settings and privacy statements, so each person should check what they are.

1.6 Data about your name and email may be used in the process of providing various services, including sending commercial messages and direct marketing, in case you have given additional consent.

PURPOSES FOR THE PROCESSING OF PERSONAL DATA

In fulfillment of its legal obligations and depending on the specific goals, “BULGARIAN EDUCATIONAL CYBERNETICS” AD processes the data indicated below, individually or in combination with each other for the following purposes:

2.1 issuing an accounting document;

2.2 carrying out tax-insurance control by the relevant competent authorities;
2.3 provision of information to the Commission for the Protection of Personal Data in connection with obligations provided for in the legal framework for the protection of personal data – Personal Data Protection Act, Regulation (EU) 2016/679 of April 27, 2016, etc. ;
2.4 obligations provided for in the Accounting Act and the Tax-Insurance Procedure Code and other related legal acts, in connection with keeping correct and lawful accounting;

2.5 provision of information about the customer and purchases made by him and/or services used by him upon inquiry/request/verification by a competent authority;

2.6 technical assistance to create an account/s and recover a forgotten password to access our website;

2.7 presenting information and suggestions for special offers on goods and services offered that we think you may like by sending an email, a text message in a mobile/web application, or by making a telephone call;

2.8 user identification when registering on the website and/or placing an order for the offered goods and services;

2.9 updating your personal data or information in relation to goods and services provided;

2.10 carrying out direct marketing by sending offers, invitations, and information about goods and services, after your express consent, through electronic communication channels (such as e-mail, SMS, email, etc.), marketing activities, conducted through the use of the website (for example advertising spots) by “bulgarian.academy”.

The administrator processes the data collected automatically during your visit to the website for the following purposes: Statistical purposes about the way the website has been used in order to improve its performance. Which amounts to producing analyzes where the results are only generalizable and therefore the data is anonymous. Identification of a specific person from this information is impossible.

The administrator will not process personal data for purposes other than those specified.

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

“BULGARIAN EDUCATIONAL CYBERNETICS” AD has the right, after assessment, to provide information to other persons processing personal data for the fulfillment of the purposes for processing and in compliance with the requirements of the Regulation.

To execute a concluded contract or for another reason, a situation may arise where you entrust us with processing data to a third party. In such a case, we will act as the processor of the personal data.

DATA SECURITY

To prevent unauthorized access, maintain data accuracy, and ensure proper use of data, we implement reasonable and adequate physical, IT, and organizational security measures for the effective protection of all personal data we process. The information you provide through the online platforms will subsequently be transmitted in an encrypted form, and the SSL (Secure Socket Layer) protocol is used to prevent the misuse of data by third parties. You can identify this by the fact that a closed padlock symbol appears in your browser's status bar and the URL begins with “https”.

In order to improve the measures presented in this Privacy Policy, we will make every effort to ensure the correctness, completeness, currency, and compliance of the data for the intended use, and any changes will be described in the updated version and entered effective after notification to website users via email messages.

BULGARIAN EDUCATIONAL CYBERNETICS JSC will periodically test and review the effectiveness of data protection measures against risks of loss, inaccurate use, unauthorized access, disclosure, modification, or unauthorized deletion/destruction.

The scope of the organizational measures taken by our organization and guaranteeing the security of the processing of your personal data include the fact that to comply with the rules of the GDPR and realize their importance, a training procedure is implemented for our own employees and to the persons authorized by the Administrator and employees of the same. If personal data is transferred from the Administrator to authorized persons of the same or to employees, this is carried out under legal security conditions meeting the necessary guarantees.

If we, as an Administrator, cooperate with another administrator in the processing of personal data, we ensure a legal and transparent conclusion of an agreement on the processing of personal data, the content of which explains in detail the disclosure of personal data to the other administrator, and all this is done under conditions that guarantee the protection of the processing of your personal data.

We store your data on our own server purchased from Plesk, which is protected by multiple proven methods, and the CloudFlare company is responsible for data transfer, the latter does not have direct access to your personal data but only transfers it through encryption. CloudFlare Processing of Your Personal Data Agreement: https://www.cloudflare.com/cloudflare-customer-dpa/. Agreement for processing your personal data through Plesk: https://central.plesk.com/legal/privacy-policy/.

PERIOD OF PROCESSING

The duration of storage of your personal data depends on the processing purposes for which they were collected:

Personal data processed for the purpose of purchases and requested services are stored and processed as long as there is a need for them in order to achieve the goals or to fulfill the last service requested by you, as well as 5 years after that in view of the legitimate interests of the administrator. If a regulatory act determines a longer term for data storage, we store them following the established term.

Personal data processed to issue accounting/financial documents for the implementation of tax and insurance control, such as but not limited to invoices, debit and credit notices, are stored for at least 5 years after the expiry of the limitation period for repayment of the public claim unless the applicable legislation does not provide for a longer term.

YOUR RIGHTS

Right of access

As a data subject, you have the right to access the data and the following information:

1.1 the purposes of the processing;

1.2 relevant categories of personal data;

1.3 the recipients or categories of recipients to whom your personal data has been or will be disclosed.

For this purpose, you can contact us at the email address: [email protected].

The right to withdraw consent

If you have given your consent to the use of the data on legal grounds with your consent, you can withdraw it at any time without stating your reasons. For this purpose, it is enough to send an email to [email protected]. This will not affect the processing of your data up to this point, which will remain a legal and valid process.

Right to rectification

You have the right to ask the administrator to correct inaccurate personal data relating to you. Considering the purposes of the processing, you have the right to request that incomplete personal data be completed, including by adding a declaration.

The right to erasure

You have the right to obtain from “BULGARIAN EDUCATIONAL CYBERNETICS” AD the deletion of your data, which can be exercised under certain circumstances provided for by the applicable legislation, including:

the situation where the personal data are no longer necessary in relation to the purposes of the processing;
the situation where the data subject objects to the processing and there are no other legitimate interests that appear to prevail concerning the processing;
the situation in which personal data has been processed unlawfully.

The deletion of your personal data can be done at any time, upon request, by using the methods already indicated or by using our general contact details for each project/service/product. Normally, your data is deleted immediately, but no later than one month after claiming such a right. If the deletion contradicts the obligations for the storage of data established by law, contract, or regulations, respectively for commercial reasons or for other reasons provided for by law, instead of deletion, your data can only be blocked. If this is the case with your customer account, you will receive a notification from us in this regard. After deleting your data, it is no longer possible to receive information.

The right to object

You have the right to object to the processing of data under the conditions and in the cases provided by the applicable legislation (situations that include for
example processing of data for direct marketing purposes), at any time and without stating your reasons. In addition, we inform you that by refusing all data processing processes, it is possible that the performance of the contract, in terms of the services used and the development of client programs, may be limited or no longer possible, thus we ask you before sending such requests carefully analyze them.

Right to appeal

As a subject of personal data, you have the right, in the event of a violation of your rights, to refer the Commission for the Protection of Personal Data, in the capacity of the National Authority for the Supervision of the Processing of Personal Data, within 6 months of becoming aware of the violation, but no later of two years from its execution.

DATA PROTECTION ISSUES

Questions related to all data processing can be addressed to us at any time at the address: Shumen
City “Aldemirovtsi” Str. № 10, floor 3, on phones: 0877 766 821; 0877 766 891 or by e-mail: [email protected].

This Privacy Policy may be updated and supplemented without notice, in the event of an update of legislation or a change in our policy for the processing of personal data. The new update will be effective from the date of the last change indicated at the top of the Privacy Policy. Using the website after the update is posted means you agree to the changes made.207326463