PERSONAL DATA PROTECTION POLICY
The present Personal Data Protection Policy has been prepared by Ficosota Ltd., UIC 837055835 (hereafter referred to as “Ficosota” and/or “We”/ in compliance with its obligations under Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) of the European parliament and of the Council of 27 April 2016 and the Personal Data Protection Act.
This policy is informative only and aims at providing clarification about what kind of personal data is collected by Ficosota, what is the purpose, legal grounds, manner of processing and storing, and also when it is necessary to disclose personal data to a third party. This policy provides as well information regarding the rights, which the data subjects have in relation with the processing of their personal data and the implementation of technical and organizational measures for their protection.
Information about us:
Controller of the collected and processed personal data is: Ficosota Ltd., UIC: 837055835.
|Seat and registered address||Shumen 9700, 48 Madara Blvd.|
Information about our Data protection officer:
Ficosota applies higher care with regards to the storing and processing of personal data and therefore the company has appointed a Data protection officer, who will be a contact person on matters that relate to processing of Your personal data, including that relate to exercising of Your legal rights.
|Contact data||Sofia, 102 Bulgaria Blvd|
Ficosota collects and processes Your personal data while carrying out its commercial activities, as well as in compliance with various legally established obligations. In this respect, a personal data could be, but not limited to, data:
- Of natural persons, processed in relation to conclusion and execution of contracts, including legal representatives of other trade partner-companies and customers.
- Of persons, which participate in promotional campaigns and games, including in Facebook and Instagram or through partners – marketing agencies.
- Of persons for purposes of direct marketing;
- Of persons, participating in surveys, carried out by Ficosota;
- Of visitors of our offices, etc..
Collected and processed personal data, legal grounds and purpose of the processing
It is possible that we collect Your personal data, when You participate our games, researches, promotion and marketing campaigns, and also when You use our website. Most of the times we process Your personal data based on Your unambiguous and specific consent. And sometimes we request Your personal data for the purposes of concluding a contract, in compliance with a legal obligation or to protect our legal interest. If we don’t have this data we will not be able, lacking Your identification, to allow You to participate in most of our campaigns, including to send You a prize, as well as to provide You our relevant services. In any event, we process solely and only the minimum information needed for the execution of the specific objective.
We may collect and process Your personal data, as follows:
|Categories of personal data||Purpose of the processing||Legal basis for processing (applies alternatively, in correspondence with the respective category and purpose of the processing)|
||Notifications in connection with our products and services.
Data may be used for:
|Processing is needed in compliance with our legal obligation|
|Initiation and conducting of court proceedings.
|Processing is required for the purposes of preservation of our legal interests as controller.|
||For the purposes of:
|Processing is performed on the basis of Your freely expressed, specific, informed, and unambiguous consent.|
||Answering to Your inquiries via the contact form.
Answering to Your requests for information and/or claims.
|Processing is required for the purposes of preservation of our legal interests as controller.|
Sharing of Your information:
Ficosota does not share personal data with third parties unless it is guaranteed that all technical, organizational, and legal measures have been taken (by signing of an agreements) for protecting of this data. We are strictly monitoring the compliance when following this purpose. In this respect, we may use third parties’ assistance towards certain contractual activities. Some of these third parties (service providers) could be: law and accounting firms, auditors, courier, carriers, contractors or suppliers with public authorities, as well as other natural persons or legal entities – e.g. software and/or hardware solutions providers and or infrastructure, external consultants in relation with establishment or realization of rights, based on legal obligations or with a view to its legitimate interest, as the case may be.
Sometimes provision of personal data is mandatory, so that we are able to comply with our legal obligations and as so we provide information to: public and municipality bodies, ministries, National Revenue Agency, National Social Security Institute, The Commission on Protection of Competition, Commission for Consumer Protection, and other regulatory bodies and commissions.
We do not use automated decision-making means.
Safety of the data, which You commit to us is very important to us. Therefore, we protect Your data through applying all appropriate technical and organizational measures we have at our disposal so that we do not allow any unauthorized access, unauthorized or abuse, loss or premature deletion of information.
Ficosota undertakes every measure for protection of Your personal data of occasional loss and unauthorized access, misuse, alteration or disclosure. We have policies and procedures, which are intended to prevent information loss, misuse, and unauthorized disclosure. Apart from this we provide additional measures for data safety, including access control, strict physical protection and reliable practices for collection, storing, and processing of the information. Some of the applicable measures are:
- Protection of the collected personal data from unauthorized misuse and sees to their processing;
- Maintenance of secure computer systems which process personal data. We apply adequate control measures for distribution and data management;
- We adopt strict policies and procedures, applicable to our personnel towards minimizing the risks from processing of personal data;
- Ficosota employees are informed with the applicable rules and have been trained to process personal data with the utmost applicable care and with a view to the best practices.
- In conducting its business, Ficosota works with established organizations only and avoids companies which may be found dangerous for the safety of the personal data stored;
- Adoption of good practices at implementation and administration of security systems and follows technological developments regarding possible company data security risks;
- Observation of the safety of the computer system and the personal data, which it contains, including possible breach to some personal data by company employees;
- Granting only access to those personal data files, that are necessary for the respective employee to do his job.
On the other hand, we implement technical measures, such as encryption, pseudonymisation and anonymization of the collected personal data, where possible.
When do we delete Your personal data?
Ficosota destroys the collected and processed personal data following a particular order and within the legally set terms (e.g. in Accountancy Act), and where there are no such terms, within the terms set by us in the Storage Limitation Policy and only after settling all our relationships and after limitation periods had elapsed. Personal data is stored no longer than needed for the specific purposes gathered.
In cases of anonymization, limitation terms do not apply, because we cannot identify You.
Transfer of personal data between countries
Ficosota does not, in its everyday business, transfer personal data out of the European Union. In certain situations, we may transfer Your personal data outside the European Union, but only if an adequate level of protection or appropriate guarantees and legal grounds have been provided.
Your rights towards personal data
You have the right of information, access and to receive copy of Your personal data that has been processed by Ficosota. Should You believe that certain information that is at Ficosota’s disposal is incorrect or incomplete, You may demand rectification of Your personal data.
In addition, You have the right:
- Of an objection against processing of Your personal data;
- To demand erasure/deletion of Your personal data, when the legal basis for the processing has ceased to exist;
- To demand restrictions regarding the processing of Your personal data; and/or
- To withdraw Your consent, where Ficosota is processing Your personal data on the grounds of a consent (if such withdrawal shall not affect the lawfulness of the processing, done before the withdrawal);
- Of complaint to the supervisory authority – Commission for Personal Data Protection (CPDP) (Sofia 1592, 2 Prof. Cvetan Lazarov Blvd. or cpdp.bg).
Ficosota shall grant all requests, withdrawals or objections, in compliance with the applicable regulations for protection of personal data, but these regulations aren’t always absolute: they are not always applicable and it is possible that there are some exceptions. It is necessary for You to verify Your identity, when requested and/or to provide additional information, which may help for the better understanding of Your application.
In case of reexercising of your right of access to information or a copy of the data in machine-readable format, Ficosota may impose a reasonable fee, based on the administrative costs necessary to provide them.
How do You exercise them?
Each one of the legally set rights can be exercised via request for exercising of the respective right. Data subjects may submit their requests for exercising of their rights as follows:
- Via the following e-mail: firstname.lastname@example.org.
- Personally to this address: Shumen 9700, 48 Madara Blvd.
The request for exercising of personal data rights should contain the following information:
- Personal identification – names and PIN;
- Sender’s contact data – address, phone number, e-mail address;
- Request – statement of request.
Ficosota provides information about the actions, that have been taken with regards to the accomplishment of the request for exercising of Your rights within two-months period, in compliance with art.53 of Personal Data Protection Act.
When necessary this period could be extended with another month, taking into consideration the complexity and number of requests from a particular person. Ficosota informs the person of any such extension within a month as of the request receipt, and specifies the reasons of the delay. The information, provided to the data subject, and any communication and actions referring to exercising of the rights of the data subject shall be pay-free (save for cases of abuse of the rights granted).
We may request the provision of additional information, necessary for confirmation of Your identification, when there are certain apprehensions regarding the identity of the natural person, which files the request. When exercising Your rights through a proxy, a notarized power of attorney shall also be presented.
Ficosota shall not be bound to grant a request in case it is unable to perform identification of the data subject.
Where the request has been filed via electronic means, if possible, the information shall be also provided via electronic means, unless otherwise specified expressly.
Personal data protection policy update
The present policy may be sometimes amended by Ficosota. Last update performed on Sept. 27, 2019. Any future amendments or supplements to this Policy will be duly announced.