1. What is the purpose of the Avenue?
We accept this avenue in order to provide all the necessary information to representatives of individuals and legal entities using our services (hereinafter: Users), in a brief, transparent, understandable and easily accessible form, in clear and understandable terms, as well as to help users in implementing them rights in accordance with paragraph 4.
Our informational obligations are based on Regulations (EU) of 2016/679 of the European Parliament and the Council in force from May 25, 2018. Article 12 Decree CXII 2011 (hereinafter: GDPR) On the right to information self-determination and freedom of information. (hereinafter: informed) and section CVIII 2001 on some issues of electronic commerce services and services related to information society.
Prospectus was prepared taking into account GDPR, InfoTV., As well as other legal acts regarding the processing of individual data. Legislative acts are listed in Appendix 1 to the emission prospectus, and the most important terms are described in Appendix 2.
When developing and applying this prospectus, we acted in accordance with the conclusions of the recommendation to the National Authority for the Protection of Data and Freedom of Information on Protective Data Protection and Article 5 GDPR, in particular the principle of accountability in Article 5 (2).
We also follow the practice of the European Union regarding the protection of personal data; Accordingly, we will include the content of the guidelines of the transparency of the Working Group of the European Commission 29 in our Data Management Practice.
2. Data Controller Data
Title: Tamno and Svetlo ltd
Address: 8000 Burgas ul. Vasil Levski 54.
Name and Position of the Authorized Representative: Oksana Eugel - Director
EEC / Peak 204258345
3. Some data management processes
In this section, we describe in detail the appropriate circumstances for each data controller, which GDPR and other sectoral laws expect from all data controllers.
3.1. Contact Dance Management
You can contact us through our website for any purpose. Details of the appropriate data management are shown below.
3.1.1. Purpose of personal data processed and data management
Personal data: The purpose of data management:
• Name: User Identification
• Email address: to communicate with the user
• Phone number: for communication with the user
3.1.2. Legal basis for data management
The data user gives voluntary consent to the processing of its personal data for one or more specific goals (telephone call, sending email) 3.1.1. (Article 6 (1) (a) GDPR).
If user data is used for purposes other than the initial data collection, we will inform the user about it and obtain it / its preliminary, explicit consent or provide it / her the ability to prohibit use (see Section 9.2).
3.1.3. Duration management duration
Provided personal data will be processed until the consent is withdrawn. The user may revoke his consent at any time. Recalling consent does not affect the legality of data processing before revocation.
3.1.4. Data Management Method
3.2. Data Management related to user registration
To create a user account on our website, you can register using the Facebook, LinkedIn or Google account, or entering a separate email address and password. Details of the appropriate data management are shown below:
3.2.1. Purpose of personal data processed and data management
Personal data and purpose of data management:
• Picture of the user profile (required) - user identification
• Username (required) - user ID
• User email address (required) - Contact User
• Written Introduction (Optional) - user identification, user habits
• address of the personal page of the user (optional) - user identification
• Password (be sure to change at any time) - perform technical operations
• User's phone number (required) - Contact
• User address (required when paying by credit card) - billing
• User birth date (required) - user identification
• User ID (required for authentication) - user identification
3.2.2. Legal basis for data management
Legislative data management; In accordance with Article 6 (1) (C) and (2) GDPR, Info TV. Section 5 (1) b)
Considering that the user is obliged to take the general provisions and conditions available on the website before creating a user account, thereby establishing contractual relations between the parties, the processing of personal data required during registration is necessary to fulfill predictive steps Article 1 (1) (b).
Optional Personal Data (Image
Profile, biography, personal page address, gender, phone number, personal preferences) are processed only with the consent of the user. You can give your consent by writing your personal data in your profile. You can withdraw your consent by removing the personal data provided or, if it is technically impossible, sending us a request by email or by phone. Recalling consent does not affect the legality of data processing to obtaining consent (Article 6 (1) (A) GDPR).
3.2.3. Duration management duration
Not yet deleted upon request of the user.
3.2.4. Data Management Method
We would like to inform users that in case of registration with the Facebook, LinkedIn or Google account, the profile image belonging to the user account will be recorded in the user profile. If the user wants to register with these accounts, he / she can delete its profile image at any time.
3.2.5. Providing personal data
Due to the fact that it is impossible to register, not knowing the mandatory personal data presented in this section, the provision of such personal data is a condition for the conclusion of the contract.
3.3. Data management related to partner registration
On our site you can register to create an affiliate (entrepreneurial) account. Details of the appropriate data management are shown below:
3.3.1. Purpose of personal data processed and data management
• Personal data - the purpose of data management
• Name of a self-employed partner (required) - Partner Identification
• the tax number of a self-employed partner (required) - partner identification
• Picture of a self-employed partner profile (required) - Partner Identification
• Copy of IP ID (required) - Partner Identification
• Acquaintance with a self-employed partner (optional) - definition of a partner, familiarity with his habits
• Email address (required) - communication with partner, sending system messages
• Password (required, can be changed at any time) - perform technical operations
• Contact phone number (required) - Answers to technical issues related to the use of the site by phone or contact your phone's partner during the error investigation.
• Photo of an individual business partner or contact person of a legal entity partner (required) - identification of the partner's contact person
• Users Reviews - Record Reviews of Service Quality
3.3.2. Legal basis for data management
Legislative data management; In accordance with Article 6 (1) (C) and (2) GDPR, Info TV. Section 5 (1) b) as for mandatory personal data, then in the case of an individual entrepreneur, the legal basis for data processing is the execution of a contract, the parties of which are the data controller and an individual entrepreneur (Article 6 (1) (b)) GDPR).
Personal data of an individual entrepreneur who can be provided if desired (avatar, biography, personal preferences) are processed only on the basis of your consent. You can accept the partner's consent by writing personal data in your profile. You can withdraw your consent by removing the personal data provided or, if it is technically impossible, sending us a request by email or by phone. Recalling consent does not affect the legality of data processing to obtaining consent (Article 6 (1) (A) GDPR).
If the partner is a legal entity, the legal basis for processing the aforementioned personal data of the contact person is the legal interest of the data controller and partner (Article 6 (1) (F) GDPR). In the legitimate interest of both parties, to establish effective business communication while using the website, to fully use functions that complement the website of the website, and provide each other information about any significant circumstances affecting the contract between the partner. and data controller. Violation of the contact person's right partner to information self-determination cannot be established, since its work or contractual obligation is to facilitate communication between the parties and provide its personal data for this purpose.
3.3.3. Duration management duration
Before deleting compulsory personal data on the partner's request, deleting optional personal data, also when deleting on request or feedback consent.
3.3.4. Data Management Method
3.3.5. Providing personal data
Due to the fact that it is impossible to register, not knowing the mandatory personal data presented in this section, the provision of such personal data is a condition for the conclusion of the contract.
3.4. Management of data accounts
After payment of services, which our partners can use for a specific fee, we design an accounting document in accordance with the C law from
2000 on accounting (hereinafter - the law). Details of the appropriate data management are shown below.
3.4.1. Purpose of personal data processed and data management
• Personal data - the purpose of data management
• Name of IP - Accounting Accounting Service (Economic Event)
• Registered office of an individual entrepreneur (Postal Code, City, Street Name, House number together) - Support for the provision of services (Economic Event)
• PI tax number - confirming the registration of the provision of the service (economic event)
3.4.2. Legal basis for data management
Legislative data management (in accordance with Article 6 (1) (C) GDPR). Section 5 (1) B) and Law No. Article 166 (1) - (3)).
3.4.3. Duration management duration
Within 8 years after the issuance of the accounting document in accordance with section 166 (6) of the Law, section 169 (1) of the Law
3.4.4. Data Management Method
The document is issued in electronic form - 1/2018 according to the rules of digital archiving. (Vi. 29.) Declaration ITM - we save it in such a way that the method used to ensure the production of all these documents without delay, its constant readability and eliminated the possibility of subsequent change.
3.4.5. Providing personal data
Due to the fact that we cannot issue an accounting document without the knowledge of the personal data mentioned in this section, the provision of personal data is based on the law.
3.5. Management of complaints data
To answer users' questions and explore possible complaints, you can contact us according to our contact information.
3.5.1. Purpose of personal data processed and data management
• Personal data - the purpose of data management
• Name - user identification
• Email address - to provide contact and information to the user regarding the subject of a complaint or question
• Phone number - Provision of contact and information to the user with respect to the subject of the complaint or question
3.5.2. Legal basis for data management
Legislative data management; In accordance with Article 6 (1) (C) and (2) GDPR, Info TV. Section 5 (1) (b) and the Consumer Protection Act of 1997.
3.5.3. Duration management duration
3.5.4. Data Management Method
4. User rights
It is important for us that data management complies with the requirements of justice, legality and transparency. Therefore, we briefly present the right to each of the stakeholders in this section, and then explain them in more detail in Appendix 3 to the emission prospectus.
Our user can request free information on the details of the processing of its / its personal data, as well as in cases provided by law, request their correction, removing, locking or restricting their processing, and may also argue against the processing of such data. Information requests in this section can be addressed to our user according to our contact information in Section 2.
4.1 The right to access
Our users can receive reviews from us about processing their personal data and have access to these personal data and the details of their processing.
4.2. Right to correfer
Upon request of our user, we will fix inaccurate personal data without an unjustified delay, and we have the right to demand addition of incomplete personal data, in particular, through an additional application.
4.3. Right cancellation
Upon request of our user, we delete personal data related to it, if we do not need to process them, or withdraw its consent, or object to data processing, or their processing is illegal.
4.4. Right to forget
On our request, we will try to notify all data controllers who had or could familiarize themselves with the data of our user who could be disclosed.
4.5. Right to limit the management of data
Upon request of our user, we limit the data processing if the accuracy of personal data is disputed, or data processing is illegal, or our user objects to data processing, or if we no longer need personal data.
4.6. The right to porteance of data
Our user can receive personal data from it in structured, widely used, computer-readable format or forward them to another data controller.
4.7. Right to protest
Our user has the right to argue at any time for reasons associated with his / her situation, against the processing of his / her personal data on the basis of legitimate interest (see section 3.3.2). In this case, personal data cannot be processed later, if it is not proved that processing is justified by weighty legal reasons that have priority over interests, rights and freedoms of the user or who are associated with shipment, execution or protection of judicial claims. In the case of protest, as a rule, personal
The data can no longer be processed for this purpose.
4.8. Responding to requests
The application will be considered as soon as possible after its filing, but no later than within 30 days - in the case of a protest - 15 days - and the decision will be made on the merits about which the applicant will be informed in writing. If we do not fulfill the request of our user, we will specify the actual and legal reasons for the deviation of the request.
Protection of personal data is important to us, and at the same time we respect the right of users to self-determination of information, so we try to respond to all requests correctly and on time. In this regard, we ask respected users to contact us - to file a complaint - to resolve any disputes peacefully before using any official or judicial decision.
5. Our application procedure
5.1. Notify recipients
We will always notify the recipients who have been transferred to user data, about fixing restrictions, deleting or processing data, if it is not impossible or will require disproportionate efforts. Upon request, we will provide information about these recipients.
5.2. Method and term for providing information
We will provide information on the measures taken in connection with requests relating to clause 4 in electronic form for a maximum of one month from the date of receipt of the request, if the user does not require another. If necessary, this period can be extended for another two months, taking into account the complexity of the application and the number of applications. We will inform the user to extend the deadline with the reasons for one month from the date of receipt of the request.
Oral information can be provided at the request of the user, provided that it will confirm his identity in a different way.
If we do not act in accordance with the request, we will inform the user about the reasons for this for a maximum of one month from the date of receipt, as well as that it may file a complaint with the CRD and take advantage of his right to trial. Appeal (section 4.9).
5.3. The control
In exceptional cases, if we have reasonable doubts about the identity of an individual who submitted the application, we ask you to provide additional information necessary to confirm your personality. This measure is necessary to ensure the confidentiality of data processing, as defined in Article 5 (1) (F) GDPR, that is, to prevent unauthorized access to personal data.
5.4. Costs for information and actions
The information provided on requests belonging to paragraph 4 and the measures taken on their basis is provided free of charge.
If the user's request is clearly unreasonable or, in particular, due to its recurring nature, excessive, we charge a reasonable fee or refuse to operate on request, taking into account the administrative costs for providing requested information or information or the adoption of the requested action.
6. Potential personal data recipients, data handlers
We, as well as our internal employees, have the right to access personal data. At this point
We list the recipients whose services we use within the Website Work.
6.1. In connection with the work of the site
• A hosting provider as a data handler has the right to access personal data provided during the use of the site.
• Name: DigitalOCean, LLC
• Contacts: www.digitalcean.com
6.2. In the context of social network interfaces
On our website there are also several social network interfaces (for example, Facebook, Linkedin, Twitter, Google+, Instagram, YouTube); Thus, for example, if the user "loves" our site on Facebook or "subscribes" to us on Twitter, we learn about all personal information related to its profile and publicly available. Relevant information on data management arising from these pages can be found in the relevant data management policy of this service provider.
7. Data security
We and data processors have the right to get acquainted with the personal data of the user in the amount necessary for the tasks relating to their work. We accept all security measures, technical and organizational measures guaranteeing data security.
7.1. Organizational measures
We provide access to our IT systems with personal rights. The principle of "necessary and sufficient rights" applies to the distribution of access, that is, all employees can use our IT systems and services only to the extent that it is necessary to fulfill their responsibilities, with relevant rights and for the desired period of time. Access to IT systems and services should be provided only to a person, which is not limited to security reasons or other reasons (for example, due to conflict of interests) and which has professional knowledge, knowledgeMi in the field of business and information security necessary for safe use.
We agree with the rules of strict confidentiality in a written statement, and we must act in accordance with these confidentiality rules during our activities.
7.2. Technical measures
We store data - with the exception of data that is stored by our data handlers - on our own devices in the data center. IT devices stored by data are stored in a separate, separate closed server room protected by a multi-stage access control system to be controlled by authorization.
We protect our internal network using a multi-level firewall. In all cases, the hardware firewall (boundar protection device) is located on the input points to the applicable public networks. Data is stored with redundancy, that is, in several places to protect them from destruction, loss, damage and illegal destruction due to the IT device failure.
We protect our internal networks from external attacks with a multi-level, active, integrated protection against malicious code (for example, virus protection). We implement the necessary external access to the IT managers managed by us and databases through an encrypted data connection (VPN).
We do our best to ensure that our IT instruments and software constantly correspond to generally accepted technological solutions in the market.
In the process of development, we develop systems in which you can use logging to monitor and track the operations performed, as well as to detect incidents such as unauthorized access.
Our server is located on a separate dedicated hosting provider, protected and closed.
On our site we use the HTTPS protocol.
8. Cookie files
In order for our website to work properly, in some cases we place small data files on the user's computer device, like most modern websites.
8.1. What is cookie?
A cookie is a small text file that the website hosts on a user's computer device (including mobile phones). As a result, the website can "memorize" user settings (for example, used language, font size, display, etc.), so you do not need to drop them every time you visit our website.
8.2. List of cookies used on the site:
• Cookie NEVE - QJOB_BACKED
• Cookie duration - user session data in Becland
• Cookie type type - session
• Using cookies - no
These cookies can be deleted or blocked, but in this case the website may not work correctly.
8.3. Google Analytics
1. Website uses Google Analytics, web analytics service provided by Google, Inc. ("Google"). Google Analytics uses the so-called cookie files that are text files located on your computer to help the Web site to analyze how users use the site.
2. Information created by the cookie about the website you use is usually stored on the Google server in the USA. By activating the anonymity of the IP address on the website, Google reduces the IP address of the user in the European Union Member States or other States Parties to the European Economic Space Agreement.
3. The full IP address will be transferred to the Google server in the United States and is truncated only in exceptional cases. From our Google name will use this information to assess how the user used the website, and to provide us with reports relating to the website's activity, as well as to provide additional services related to the use of the website and the Internet.
4. Google Analytics does not coordinate the IP address transmitted by the user's browser, with other Google data. The user can prevent the cookie file storage by correctly configuring its browser, however, keep in mind that in this case not all functions of this website can be fully available. You can also disable Google to collect and process your information on using the website you (including your IP address) using cookies, downloading and installing the browser connected module available on the following link. https://tools.google.com/dlpage/gaoptout?hl=h
8.4. How are cookies processed?
Cookies can be deleted (detailed information: www.allaboutcookies.org) or blocked by most browsers today. However, in this case, when using our website, certain settings will need to reconfigure each time, and some services may not work.
Detailed information about the removal and blocking of cookies can be found at www.allaboutcookies.org (on An
Gliysky) and in the browser used by the user, following the following links:
• Fire Fox.
• Google Chrome
• Microsoft Internet Explorer 11
• Microsoft Internet Explorer 10
• Microsoft Internet Explorer 9
• Microsoft Internet Explorer 8
• Safari 9.
• Safari 8.
• Safari 6/7
9. Other provisions.
9.1. Activation data collection
We can collect user activity data that cannot be combined with other data provided by the user during registration, or with data generated when using other websites or services.
9.2. Data Management for Different Goals
If we intend to use the provided data for purposes other than the goal of the initial data collection, we will inform users about it and get their pre-explicit consent or provide them with the ability to prohibit use.
9.3. Responsibility Register
We are taking into account the data management actions carried out under our responsibility (recording of data management actions) in accordance with Article 30 GDPR.
9.4. Privacy incident
Data protection incident is a security disorder that leads to random or illegal destruction, loss, change, unauthorized disclosure or unauthorized access to personal data processed. In the case of an incident with data protection, we must act in accordance with Articles 33 and 34 GDPR. We register data protection incidents, indicating the facts associated with the data protection incident, its consequences and measures taken to eliminate them.
• We have the right at any time unilaterally amend this prospectus.
• Date of entry into force: 13.03.2021
• Webtech Group KFT.
• Data controller
Attachment 1; Relevant legislation
In preparing Avenue, the data controller took into account the appropriate applicable legislation and the most important international recommendations, in particular the following:
• Regulations (EU) No. 2016/679 of the European Parliament and the Council of April 27, 2016 on the protection of individuals regarding the processing of personal data and the free movement of such data and cancellation of Directive 95/46 / EC (GDPR);
Appendix 2; Concepts related to personal data processing
• Data controller: legal entity that defines targets and personal data processing tools;
• Data Management means any operation or set of operations with personal data or data files, both automated and non-automated, such as collecting, recording, organization, segmentation, storage, conversion, or change, extraction, view, use, transmission, transmission , distribution or other provision in the form of packages, harmonization or association, restrictions, removal or destruction;
• Data transfer: data provision of a certain third party;
• Data erasing: make data unrecognizable in such a way that they cannot be restored;
• Data designation: data identification in order to distinguish them;
• Data management restrictions: labeling preserved personal data in order to limit their processing in the future;
• Data destruction: full physical destruction of the data carrier;
• Data handler: legal entity that processes personal data on behalf of the data controller;
• Recipient: any physical or legal person, public authority, agency or any other body that is revealed personal data, whether it is third person or not;
• Cookie: a small data packet (text file) sent by the web server and posted on a user's computer for a certain period of time, which, depending on its character, can be supplemented by the server with new visits, i.e. if the browser returns earlier The saved cookie, the cookie file provider has a connection between the current visit to the user and the previous, but only with respect to their own content;
• Subject of data / user: identified or identifiable individual; Identifies an individual, which is directly or indirectly, in particular, by reference to the identifier, such as name, number, location, network identifier, or one or more factors belonging to physical, physiological, genetic, mental, economic, cultural or social identity identifiable individual;
• The third party means any physical or legal person, the state body, agency or any other body that is not a data entity, the controller, handlers or persons who are authorized to process personal data under direct control of the controller or processor. ;
• "The consent of the data entity" means a voluntary, concrete, well-informed and clear statement of the will of the data entity, indicating the statement or unequivocal
The evidence of the consent that he or it gives consent to the processing of personal data. in relation to him or her;
• IP address: in all networks in which the TCP / IP communication is communicated, server machines have an IP address, that is, an identification number that allows you to identify the data of the machine through the network. It is known that each computer connected to the network has an IP address by which it can be identified.
• Personal data: any information about the data subject.;
• Protest: a statement of a data subject, objecting to handling it or its personal data and requires stopping processing or deleting processed data.
Appendix 3; Data Subject Rights
The user has the right to access the personal data being processed by its / its request sent for one of our contact data. Within this, the user will be informed about the following:
• Are your personal data processed;
• data management objectives;
• categories of relevant personal data;
• recipients or categories of recipients who transferred personal data;
• the estimated duration of storage of personal data;
• Information about data sources.
The user can also request the provision of copies of personal data that are subject to data management. In this case, personal data will be provided in structured, widely used, computer-readable format (PDF / XML) or in the print version on paper. Request a copy is free.
Based on the request sent through our contact details, the user has the right to demand the correction of inaccurate personal data processed by us, and incomplete data supplements. If we do not have the information necessary to clarify or add incorrect information, we can request the presentation of these additional data and check their accuracy. As long as the data is specified or supplemented - in the absence of additional information, we limit the processing of relevant personal data, and the operations performed with them, with the exception of storage, will be temporarily suspended.
Based on the request sent through our contact details, the user has the right to demand the removal of the personal data being processed if any of the following conditions exists:
• We no longer need these data;
• We have concerns about the legality of our data processing.
If we define the obligation to remove personal data being processed by us, we will stop processing data and destroy previously processed personal data. In addition, the obligation to delete personal data may be based on the recall of the consent, the realization of the right to protest and legal obligations.
Data Management Restrictions
Based on the request sent through our contact details, the user has the right to demand restricting the processing of personal data being processed in the following cases:
• concerned about the legality of processing personal data that we process and calls for a limitation instead of deleting data;
• We no longer need data, but the user requests them to feed, ensure compliance or protection of lawsuits.
We automatically limit the processing of personal data in case the user challenges the accuracy of personal data or if the user uses the right to objection. In this case, the restriction is applied for a period that allows you to check the accuracy of personal data or, in case of objection, establish whether there are conditions for continuing processing.
During the restriction period, no data management operations can be executed with labeled personal data, only data can be saved. In the case of data processing restrictions, personal data can be processed only in the following cases:
• with the consent of the data entity;
• presentation, settling or protection of lawsuits;
• protection of the rights of another individual or legal entity;
• Important public interest.
Users will be notified in advance about the cancellation of the restriction.
Based on the request sent through our contact details, the user has the right to request the provision of personal data processed by us regarding its / it in order to further use them specified by the user. In addition, the user can request the transfer of our personal data to another data control assigned to them.
This right is limited to only the personal data provided by the user and processed to fulfill its contract. There is no possibility of transferring other data. Personal data is provided to the user on a paper basis in structured, widely used, computer-readable format (PDF / XML) and in its printed version.
We informThe user of the user that the use of this right does not lead to automatic removal of personal data from our systems. In addition, the user has the right to contact or maintain communication with us again after data transfer.
Based on the request sent through our contact details, the user may, at any time, argue against the processing of its personal data in accordance with section 3.3.2 of this Prospect. For the purposes set out in paragraphs in this case, we check whether data processing is justified by weighty legal reasons that have priority over interests, rights and freedoms of the user or who are associated with the feed, execution or protection of lawsuits. If we find that such reasons exist, we will continue the processing of your personal data. Otherwise, personal data will no longer be processed.