Personal Data Protection Policy

Effective as from 21.05.2018

Mandatory information on individuals’ data protection rights

Information about the company that processes your data

Name: BGService OOD
Main office and registered address: 87, Alexander Malinov Blvd., Sixth floor, Office 19
VAT number: BG130884821
Phone: +35924627000/7001/7002/7003/7004
E-mail: info (at) n-zoom.com
Website: n-zoom.com

Information on the competent data protection supervisory authority

Name:
Personal Data Protection Commission
Main office and registered address: Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd.
Mailing address: Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd.
Telephone: 02 915 3 518
Website: www.cpdp.bg

BGService” OOD (hereinafter referred to as the “Controller” or the “Company”) operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 01 October 2015 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. This information intends to inform you about all aspects of the processing of your personal data by the Company and the rights you have in relation to this processing.

Grounds for collecting, processing and storing your personal data

Article 1. The controller collects and processes your personal data in connection with the use of the website https://n-zoom.com, , conclusion of contracts with the company on the basis of Art. 6, paragraph 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:

  • Your express consent as a client;
  • Performance of the Administrator’s obligations under concluded contracts;
  • Compliance with a legal obligation applicable to the Administrator;
  • For the purposes of the legitimate interests of the Controller or a third party.

Purposes and principles of collecting, processing and storing your personal data

Article 2. 1) We collect and process the personal data you provide to us in connection with your use of the https://n-zoom.com website and entering into a contract with the company, including for the following purposes:

  • Organising consultations;
  • Individualizing a party to a contract;
  • Accounting purposes;
  • Protection of information security;
  • Ensuring the performance of the service contract.

(2) We comply with the following principles when processing your personal data:

  • legality, fairness and transparency;
  • limitation of the purposes of processing;
  • relevance to the purposes of the processing and minimisation of the data collected;
  • data accuracy and timeliness;
  • limitation of storage to achieve the objectives;
  • integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.

(3) When processing and storing personal data, the Controller may process and store personal data in order to protect the following legitimate interests:

  • performance of its obligations to the National Revenue Agency, the Ministry of the Interior and other state and municipal authorities.

What types of personal data our company collects, processes and stores

Article 3. The company performs the following operations with the personal data provided by you for the following purposes:

  • Conclusion and execution of a commercial transaction with a customer or partner – the purpose of this operation is the conclusion and execution of a contract with a commercial partner or customer and its administration. Given the limited scope of the personal data collected and the fact that some of it is collected from publicly available sources, conducting an impact assessment is not necessary.
  • Arranging a consultation – the purpose of this operation is to provide contact details in order to arrange the desired consultation. Given the limited scope of the personal data collected, conducting an impact assessment is not necessary.

Article 4. (1) The controller shall process the following categories of personal data and information for the following purposes and on the following grounds:

Consultation request details (name, phone, e-mail)

Purpose for which the data is collected:
Receiving the user’s contacts for the purpose of feedback to arrange a consultation.Grounds for processing your personal data – Your data for sending the newsletter is processed on the basis of your explicit consent – Art. 6, para. 1(a) of GDPR.

Your data for issuing an invoice to an individual (ID number)

Purpose for which the data is collected:
Invoicing for services rendered.Grounds for processing your personal data – Art. 6, para. 1(b) of GDPR.

(2) The controller shall not collect or process personal data relating to the following:

  • racial or ethnic origin;
  • political, religious or philosophical beliefs, or membership of trade unions;
  • genetic and biometric data, health data or data on sex life or sexual orientation.

(3) Personal data are collected by the Controller from the persons to whom they relate.

4) The Company shall not carry out automated decision-making using data.

Storage period of your personal data

Article 5. (1) The controller shall store your personal data for a period no longer than the withdrawal of consent to processing. The controller shall take reasonable care to erase and destroy all your data without undue delay or to anonymise it (i.e. to put it in a form that does not reveal your identity).

2) The Controller shall keep your personal data provided in connection with a request for consultation for a period of 5 years for the purpose of protecting the legal interests of the Controller in legal or administrative disputes, and the accounting documents shall be kept for the relevant statutory period.

(3) The Controller shall notify you in the event that the data retention period needs to be extended in order to comply with a legal obligation or in view of the legitimate interests of the Controller or otherwise.

Article 6. The Controller stores the personal data of the legal representatives of its business partners for the period of performance of the contract, to comply with the legitimate interests and legal obligations of the Controller, and this period may exceed the term of the concluded contract.

Transfer of your personal data for processing

Article 7. (1) The controller may, at its own discretion, transfer some or all of your personal data to processors for the performance of the processing purposes to which you have consented, subject to the requirements of Regulation (EU) 2016/679 (GDPR).

2) The controller shall notify you if it intends to transfer some or all of your personal data to third countries or international organisations.

Your rights in the collection, processing and storage of your personal data

Withdrawal of consent to the processing of your personal data

Article 8. (1) If you do not wish all or part of your personal data to continue to be processed by the Company for any or all of the processing purposes, you may withdraw your consent to processing at any time by sending a free text request to the following email address: info@n-zoom.com

2) The controller may ask you to verify your identity and identity with the data subject.

Right of access
Article. 9. (1) You have the right to request and obtain confirmation from the Controller as to whether personal data relating to you is being processed.

(2) You have the right to access the data relating to you as well as the information concerning the collection, processing and storage of your personal data.

(3) The controller shall provide you, upon request, with a copy of the processed personal data relating to you in electronic or other appropriate form

(4) Providing access to the data is free of charge, but the Controller reserves the right to charge an administrative fee in case of repetition or excessive requests.

Right to correction or completion

Article 10. You may correct or complete inaccurate or incomplete personal data by making a request to the Controller. Right to erasure (“being forgotten”)

Article 11. (1) You have the right to ask the Controller to delete some or all of the personal data relating to you, and the Controller has the obligation to delete them without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
  • you withdraw your consent on which the processing is based and there is no other legal basis for the processing;
  • you object to the processing of personal data relating to you, including for direct marketing purposes, and there are no legitimate grounds for the processing that override;
  • personal data have been unlawfully processed;
  • personal data must be erased in order to comply with a legal obligation under EU or Member State law to which the Controller is subject;
  • personal data have been collected in connection with the provision of information society services.

(2) The controller is not obliged to erase the personal data if it stores and processes them:

  • to exercise the right to freedom of expression and the right to information;
  • to comply with a legal obligation requiring processing under EU or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
  • for public health reasons;
  • for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
  • for the establishment, exercise or defence of legal claims.

(3) In the event that you exercise your right to be forgotten, the Company will delete all of your data except for the following information:

information necessary to certify that your right to be forgotten has been exercised.

((4) To exercise your right to be forgotten, you need to submit a request to the following email address: info@n-zoom.com

(5) The controller may ask you to verify your identity and identity with the data subject.

(6) The controller shall not delete the data which it has a legal obligation to store, including for the purpose of defending legal claims made against it or proving its rights.

Right to restriction

Article 12. You have the right to require the Controller to restrict the processing of data relating to you where:

  • you challenge the accuracy of the personal data, for a period that allows the Controller to verify the accuracy of the personal data;
  • the processing is unlawful, but you do not wish the personal data to be erased, but only for its use to be restricted;
  • The controller no longer needs the personal data for processing purposes, but you require it for the establishment, exercise or defence of legal claims;
  • You have objected to processing pending verification whether the legitimate grounds of the Administrator override your interests.

Right to portability

Article 13. (1) You may at any time retrieve the data stored and processed about you in connection with the use of the services of BGService by email request.
(2) You may request the Controller to directly transfer your personal data to a controller designated by you, where this is technically feasible.

Right to information

Article 14. You may request the Controller to inform you of any recipients to whom the personal data for which rectification, erasure or restriction of processing has been requested has been disclosed. The controller may refuse to provide this information if it would be impossible or would require a disproportionate effort.

Right to object

Article 15. You may object at any time to the processing of personal data concerning you by the Controller, including if it is processed for profiling or direct marketing purposes.

Your rights in the event of data breach

Article 16. (1) If the Controller identifies a breach of the security of your personal data that may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the breach as well as of the measures taken or to be taken.

(2) The controller is not obliged to notify you if they:

  • have taken appropriate technical and organisational measures to protect the data affected by the security breach;
  • have subsequently taken measures to ensure that the infringement will not result in a high risk to your rights;
  • notification would require a disproportionate effort.

Persons to whom your personal data is provided

Article 17. For the purposes of processing your personal data and providing the service in its full functionality and in view of your interests, the Controller may provide the data to the following data processors: KGS Consult Ltd. (Accounting services). These processors comply with all legality and security requirements when processing and storing your personal data.

Article 18. The controller does not transfer your data to third countries.

Article 19. In the event of a breach of your rights under the above or applicable data protection legislation, you have the right to lodge a complaint with the Data Protection Commission as follows:

Name: КPersonal Data Protection Commission
Main office and registered address: Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd.
Mailing address: Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd.
Telephone: 02 915 3 518
Website: www.cpdp.bg

Article 20. You may exercise all your rights regarding the protection of your personal data by making your requests in any form that contains a statement to that effect and identifies you as the data holder.

Article 21. If the consent relates to a transfer, the Controller shall describe the possible risks for the transfer of the data to third countries in the absence of an adequate protection solution and appropriate safeguards.