Privacy Policy

Information about the data controller:

VLADISARA CONSULT EOOD is a company registered under the Commerce Act of the Republic of Bulgaria, UIC: 206760977, address: Ruse, 7000, 3 Momchil Voyvoda Street, email address: office@vladisaraconsult.com.

The grounds and purposes for which we use your personal data

We process your personal data on the following grounds:

• Concluded service contracts, including online consultation requests;
• Explicit consent from you (the purpose is indicated on a case-by-case basis);
• In cases of a legal obligation.

In the following paragraphs, you will find detailed information regarding the processing of your personal data, depending on the grounds on which we process it.

For the performance of a contract/request

We process your personal data to fulfil contractual and pre-contractual obligations and to exercise rights under the contracts concluded with you.

Purposes of processing:

1. Identity verification;
2. Providing the functionalities of our website;
3. Providing/performing the service you have requested;
4. Preparation and sending of invoices for the services you purchase from us;
5. Establishing and/or preventing unlawful actions or actions contrary to our terms.

 

Data we process on this basis:

Based on the contract concluded between us and you (including distance selling contracts for services), we process information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:

• Personal contact details – contact address, email, telephone number;
• Identification data – full name, personal identification number or foreigner’s personal number, address;
• Data on orders placed;
• Correspondence related to the service – emails, letters, information on your requests for issue resolution, complaints, applications, grievances, feedback we receive from you;
• Credit or debit card information, bank account number or other banking and payment information related to payments made;
• Other information such as:
• IP address when visiting our website;
• Demographic data;
• Social media profile data;
• Information from your activities on the site.

The processing of the specified personal data is mandatory for us to be able to conclude and perform the contract with you. In the absence of the aforementioned data, we would not be able to fulfil our contractual obligations.

We use Stripe as a payment method on our website, as well as for analytics and other business services. Stripe collects transaction and personal identification information, which it analyses and uses to manage and improve the services that it provides, including fraud detection. You can learn more about Stripe and read their privacy policy here.

To ensure that our website functions properly and to continuously improve the quality of the services offered, we use the following programs and web solutions, which may access your IP address and analyse your behaviour while on the website without identifying you as an individual: Google Analytics, various WordPress plugins, Google Webmaster Tools, Facebook, Google Plus. If you do not agree with these terms, it will not be possible to fully use our site, and we recommend that you do not continue using it in the future.

We provide personal data to third parties

We may provide your personal data to third parties, such as subcontractors, or, with your explicit consent, for the purposes of direct marketing.

When we delete data collected on this basis

Data collected on this basis will be deleted two years after the termination of the contractual relationship, whether due to the expiry of the contract term, termination or other grounds.

For the fulfilment of statutory obligations

In some cases, the law may require us to process your personal data. We are obligated to carry out processing in the following cases:

• Obligations under the Measures Against Money Laundering Act;
• Fulfilment of obligations related to distance selling and off-premises sales as outlined in the Consumer Protection Act;
• Providing information to the Commission for Consumer Protection or third parties as specified in the Consumer Protection Act;
• Providing information to the Commission for Personal Data Protection in connection with obligations provided for in the personal data protection legislation;
• Obligations under the Accounting Act and the Tax and Social Insurance Procedure Code and other related legislation, regarding lawful accounting maintenance;
• Providing information to the court and third parties during court proceedings, as required by applicable legislation;
• Age verification when shopping online.

 

When we delete personal data collected on this basis

We delete data collected in accordance with a statutory obligation after the obligation to collect and store it has been fulfilled or ceases to exist.

Following your consent

We process your personal data on this basis only after obtaining your explicit, unambiguous and voluntary consent. We will not foresee any adverse consequences for you if you refuse the processing of personal data.

Consent is a separate basis for processing your personal data, and the purpose of the processing is specified in the consent. It is not covered by the purposes listed in this policy. If you give us the appropriate consent, and until its withdrawal or the termination of any contractual relationships with you, we may prepare suitable product/service offers for you by conducting detailed analyses of your basic personal data.

Data we process on this basis:

On this basis, we may process personal data for the purposes of direct marketing, including data on website usage and social media profile data.

Provision of data to third parties

On this basis, we may provide your data to marketing agencies, Facebook, Google or similar entities.

Withdrawal of consent

You may withdraw any consent provided at any time. Withdrawal of consent does not affect the performance of contractual obligations. If you withdraw your consent for personal data processing for any or all of the purposes described above, we will no longer use your personal data and information for those purposes. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

To withdraw your consent, simply use our site or contact us using the provided contact details.

When we delete data collected on this basis

Data collected on this basis will be deleted upon your request or 12 months after its initial collection.

How we protect your personal data

To ensure adequate protection of both the company’s and its clients’ data, we implement all necessary organisational and technical measures as provided for in the Personal Data Protection Act.

The company has established rules to prevent abuse and security breaches, supporting the processes that safeguard and ensure the security of your data.

For maximum security in the processing, transfer and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymisation etc.

Users’ rights

Every User of the site enjoys all rights to personal data protection under Bulgarian law and European Union law.

The User can exercise their rights by sending a message to our email.

Every User has the right to:

• Awareness (regarding the processing of their personal data by the controller);
• Access to their own personal data;
• Rectification (of inaccurate data);
• Erasure of personal data (the right ‘to be forgotten’);
• Restriction of processing by the controller or processor;
• Data portability between different controllers;
• Objection to the processing of their personal data;
• The data subject also has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning the data subject or similarly significantly affects them;
• Judicial or administrative protection in the event that the data subject’s rights have been violated.

 

 The User may request the erasure of their personal data if one of the following conditions is met:

• The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
• The User withdraws the consent on which the processing is based, and there are no other legal grounds for processing;
• The User objects to the processing, and there are no overriding legitimate grounds for the processing;
• The personal data has been unlawfully processed;
• The personal data must be erased to comply with a legal obligation under EU law or the law of a Member State to which the controller is subject;
• The personal data has been collected in relation to the offer of information society services to children, and consent was given by the holder of parental responsibility over the child.

 

The User has the right to restrict the processing of their personal data by the controller when:

• They contest the accuracy of the personal data. In this case, the restriction of processing is for a period that enables the controller to verify the accuracy of the personal data;
• The processing is unlawful, but the User does not want the personal data to be erased and requests the restriction of its use instead;
• The controller no longer needs the personal data for the purposes of the processing, but the User requires it for the establishment, exercise or defence of legal claims;
• The User objects to the processing, pending verification of whether the controller’s legitimate grounds override the User’s interests.

 

Right to data portability

The data subject has the right to receive their personal data, which they have provided to a controller, in a structured, commonly used and machine-readable format. They also have the right to transfer this data to another controller without hindrance from the controller to whom the personal data was provided. This applies in cases where the processing is based on consent or a contractual obligation, and carried out by automated means. When exercising their right to data portability, the data subject has the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right to object

Users have the right to object to the controller regarding the processing of their personal data. The personal data controller is obligated to cease processing unless they can demonstrate compelling legal grounds for the processing that override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. In the case of objection to the processing of personal data for direct marketing purposes, the processing must be terminated immediately.

Complaint to the supervisory authority

Every User has the right to lodge a complaint against the unlawful processing of their personal data with the Commission for Personal Data Protection or the competent court.