1.1. MINDROMEDA Ltd., entered in the Commercial Register at the Registry Agency with UIC 206452021, with seat and registered address: 3 Okolovrasten put Blv., Manastirski livadi, Vitosha District, city of Sofia, 1618, Bulgaria, hereinafter referred to as the Company, is the administrator of personal data and is responsible for compliance with the provisions of the General Data Protection Regulation 2016/679.
2. PURPOSES FOR PROCESSING PERSONAL DATA
2.1. The Company, as a Processor of Personal data, processes only the necessary personal data of the Users – Natural persons for the following purposes:
To register on the platform and provide the relevant services:
· Name and Surname;
· E-mail address;
· Password (encrypted);
· Data for conducted consultations;
· IP address.
To make a payment through the platform:
• debit / credit card number;
• debit / credit card validity date;
• CVC code (Card Validation code) – Three-digit card recognition code, printed in a left-slanted font;
• name of the cardholder;
• other data, according to the conditions for making payments via PayPal, available on www.paypal.com when the payment is made via PayPal;
• other data, according to the conditions for making payments through Revolut, available at https://www.revolut.com when the payment is made through Revolut.
For direct marketing:
• Name and Surname;
• E-mail address.
2.2. Direct marketing is done only to people who have not objected to it. When a natural person is subject to direct marketing by the Company, he has the right to object to it, as a result of which he will not receive more messages for marketing purposes, until the moment he does not wish to do so. The objection against the direct marketing conducted by e-mail is carried out by clicking on the link for refusal to receive advertising messages. The link is always in a visible place and understandable what it is for.
3.1. In order to make the visits of the Users of the platform as functional as possible, the Company uses the so-called “cookies”. “Cookies” are small text files that are stored on the User’s hard drive. They allow the website to function properly, to recognize the User’s device and to store some information about the User’s preferences or past actions (login, etc.), which are stored for a certain period of time so as not to require that certain information (user account login details) to be re-entered.
3.2. Each User of the site can disable cookies through the settings of his browser, with the exception of cookies, without which the platform cannot function.
3.3. The platform uses the following cookies:
• Cookies, which allow you to use the main functionalities of the site and maintain your identification at all times;
• Cookies for google analytics, which are used to track the visits and behavior of visitors to the Platform;
• Customizable cookies that allow you to visit websites in a personalized way according to your previous visits, purchases, etc. They allow you to find the right services for you faster;
4. SOCIAL NETWORKS
4.2. You can prevent the collection of data by using cookies, as well as their processing in the following ways:
• Google Analytics
• Facebook Pixel Ads
5. RECIPIENTS AND CATEGORIES OF RECIPIENTS
5.1. In connection with the implementation of the purposes set out above, the Company provides personal data of natural persons to the following recipients:
• National Revenue Agency – in connection with inspections and audits;
• Other state and municipal bodies and / or institutions – in connection with legal obligations to them or in connection with legal requests from them for information that contains personal data;
• Specialists registered on the site in connection with the fulfillment of Company’s obligations for the services provided by it (e.g. reserved hours for consultation).
6. CONTACT DATA OF THE COMPANY
6.1. Any User who has questions or ambiguities regarding the processing of his personal data or wishes to exercise any of his rights, can contact us:
• email: email@example.com
• phone: +359876266206
• address: 3 Okolovrasten put Blv., Manastirski livadi, Vitosha District, city of Sofia, 1618, Bulgaria,
7. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA
7.1. Compliance with the provisions of the Regulation
The Company’s policy is to ensure compliance with the provisions of the Regulation.
7.2. Personal data is collected and processed lawfully and in good faith
The company collects and processes personal data lawfully, in good faith and in accordance with the principles and rights of natural persons in connection with the processing of their personal data.
7.3. Personal data is processed transparently
The company provides transparency in the communication of the collected and processed personal data as the information about it is in a short, transparent, understandable and easily accessible form, and clear and unambiguous formulations are used.
7.4. Personal data is collected and processed only for certain purposes
The company processes personal data of natural persons only in the following cases:
1. the processing is necessary for observance of a legal obligation of the Company;
2. the processing is necessary for execution of a contract (including an appointment) with the Company, to which a natural person is a party, or for undertaking steps at the request of a natural person before concluding a contract, when his / her identification is required;
3. a natural person has given his / her unambiguous consent for an understandable and transparently defined purpose on the part of the Company, for which the processing of his / her personal data is required;
4. the processing is necessary in order to protect vital interests of the natural person, whose personal data is processed or of another natural person;
5. the processing is necessary for the purposes of the legitimate interests of the Company or of a third party, according to the provisions of the Regulation;
6. the other cases provided for in the Regulation.
7.5. Personal data unnecessary for the activity are not collected and processed
The company does not collect or process personal data of natural persons that exceed its legal obligations or its business needs.
7.6. Collected personal data are processed for other purposes only with the consent of the natural persons
In all cases when it is necessary for the collected and processed personal data of natural persons to be used for purposes other than the original, the Company notifies the concerned natural persons, seeks their consent and proceeds to process their personal data for other purposes only after their explicit consent was given.
7.7. The minimum necessary personal data is collected for processing
The company collects and processes only the minimum necessary personal data of natural persons that:
1. is required by law;
2. is necessary for performance of a contract;
3. is necessary for fulfillment of the purposes for which the data is collected.
7.8. The processed personal data is accurate and up-to-date
The company ensures that the processing of personal data of natural persons is carried out with maximum accuracy and, if possible, always up to date.
7.9. Personal data is processed by the minimum required number of persons
The company ensures the access and processing of personal data of natural persons to be performed by the minimum necessary number of persons (operators) who have the necessary competence for their processing and the necessary commitment for their protection.
7.10. Personal data is stored for the minimum necessary time
The company stores personal data for the minimum necessary time:
1. required by law;
2. it is necessary to fulfill a contract (including an appointment) and the responsibility under it;
3. it is necessary to fulfill the purpose for which the data has been collected and processed; or
4. upon request by the natural person for their deletion,
after which they are destroyed without undue delay.
In all cases, the Company ensures that at least once a year a review of the collected and processed personal data is made and those of them that fall into any of the above hypotheses are deleted without undue delay.
8. RULES FOR PROCESSING PERSONAL DATA
8.1. Personal data is processed with the necessary levels and protection measures
The company provides the necessary levels of physical, organizational and technological protection in order to:
1. the nature, scope, context and purpose of the processed personal data;
2. the probability, the levels of impact and the severity of the risk for the rights and freedoms of the natural persons, in case of violation of the security of the processed personal data;
3. its financial and organizational capabilities.
The company also provides all necessary measures for timely recovery of collected and processed personal data in case of their loss as a result of accidental, malicious or force majeure events.
8.2. Personal data is processed with controlled and traceable access
The company provides the necessary and appropriate technical, organizational and technological measures for controlled and traceable access to personal data of natural persons.
8.3. Personal data is processed with the necessary reporting to comply with the Regulation
The company provides the necessary records and registers to be able to prove that the provisions of the Regulation have been complied with.
8.4. Respect of the rights of natural persons whose personal data is processed
The company ensures respect of the rights of natural persons whose personal data is collected and processed, which includes:
1. right to be informed about personal data processing;
2. right of access to personal data – what data is available;
3. right to correction of inaccurate personal data;
4. right to delete personal data – the right to be “forgotten”;
5. right to limit the processed personal data;
6. right to be informed about actions as a result of a request for correction, deletion or restriction of the processing of personal data;
7. right to data portability;
8. right to object to the processing of personal data;
9. right not to be subject to automatic decision-making, including profiling.
9. COMPETENT SUPERVISORY AUTHORITY
9.1. The Commission for Personal Data Protection (CPDP) is the independent state body that performs the protection of natural persons in the processing of their personal data and in the implementation of access to such data, as well as the control of compliance with the Personal Data Protection Act on the territory of the Republic of Bulgaria.
9.2. In case of suspicion that your rights related to the protection of your personal data have been violated, you can report to the CPDP to:
• Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592 , Bulgaria
• E-mail: firstname.lastname@example.org
• Website: www.cpdp.bg
• Phone: 02 / 91-53-518