Notes about the personal data protection policy
This personal data protection policy reflects the current status of personal data which is processed by you.
In order to comply with the requirements of the new Regulation, you should:
This Policy is adjusted to your relationship with your customers. The most important condition to comply with the requirements of the Regulation is to фе aware about the personal data coming in and out of your company, and to tailor the processes on the site.
A good personal data protection policy is a prerequisite for complying with the requirements of the Regulation, but the existence of such a policy does not guarantee an absolute compliance.
Personal data protection policy
Information about the personal data controller:
“CITY DESIGN DEVELOPMENT” Ltd. is an entity, registered in the Commercial Register of the Registry Agency with UIC 131284973, with headquarters and business address: 1680 Sofia, 88 Bulgaria blvd., Phone number: 02808303; e-mail: info@lightfactor.bg.
Grounds and purposes for which we use your personal information
We process your personal data on the following grounds:
In the following paragraphs, you will find detailed information about the processing of your personal data, depending on the reason we process it.
FOR EXECUTION OF CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS
We process your personal data in order to perform the contractual and pre-contractual obligations and to use the rights under the contracts concluded with you.
Processing Goals:
Data we process on this ground:
Based on the agreement between you and us, we process information about the type and content of the contractual relationship as well as any other information related to the contractual relationship, including:
The processing of the abovementioned personal data is obligatory for us in order to be able to conclude the contract with you and execute it. Without providing us with this information, we would not be able to fulfill our contractual obligations.
We provide third parties with personal data
We provide your personal information to third parties, and our main purpose is to offer you quality, fast and comprehensive service. We do not provide third parties with your personal data before making sure that all technical and organizational measures are taken to protect this data by striving to carry out strict control to meet this goal. In this case, we remain responsible for the confidentiality and security of your data.
We provide the following categories of recipients (personal data controllers) with personal data:
When do we delete the data collected on this basis?
The data collected on this basis will be erased 2 years after termination of the contractual relationship, whether due to expiration of the contract, termination or other grounds.
FOR THE EXECUTION OF LEGAL OBLIGATIONS
It is possible that we are obliged by the law to process your personal data. In these cases, we are required to do so. Examples for this obligations are:
When do we delete personal data collected on this basis?
The data collected according to an obligation under the law is deleted after the collection and storage obligation has been fulfilled or dropped. For example:
Provision of 3rd parties with personal data
When we are required to do so by law, we may give your personal data to the competent governmental authority, a natural or legal person.
AFTER YOUR EXPLICIT CONSENT
We process your personal data on this ground only after your expressly, unambiguously and voluntarily agree. We will not provide any unfavorable consequences for you if you refuse to agree your personal data to be processed.
Consent is a separate ground for the processing of your personal data and the purpose of the processing is specified therein and is not covered by the objectives listed in this policy. If you give us the appropriate consent and until we withdraw or terminate any contractual relationship with you, we prepare appropriate product / service suggestions for you by performing detailed analyzes of your basic personal data;
Advanced analytics is a method of performing an analysis that allows the processing of large volumes of data through statistical models and algorithms and others that involve the use of personal data as well as the processes of aliasing and anonymizing them to retrieve information about trends and different statistical indicators.
Data we process on this ground:
On this ground, we process only the data you have given us our explicit consent for. Specific data is determined for each individual case. Typically, this data is an email and a name.
Provision of data to third parties
We do not provide third parties with our personal data.
Withdrawal of consent
Consent submitted may be withdrawn at any time. Withdrawal of consent will not affect the performance of contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we will not use your personal information and information for the purposes set forth above. Withdrawal of consent does not affect the lawfulness of consent-based processing prior to its withdrawal.
To withdraw your consent, you only need to use our site or simply contact us.
When do we delete the data collected on this basis?
The data collected on this basis is deleted at your request or 12 months after its initial collection.
PROCESSING OF ANONYMOUS DATA
We process your data for static purposes, this means for analyzes where the results are only generalized and therefore the data is anonymous. Identifying a specific person from this information is impossible.
Your data can also be anonymized. Anonymisation is an alternative to data deletion. In anonymization, any personal identifiable elements / elements that allow you to identify yourself are irrevocably deleted. Anonymized data is not legally obligatory for deletion because it does not constitute personal data.
Why and how we use automated algorithms
For the processing of your personal data, we use partially automated algorithms and methods to continually improve our products and services to adapt our products and services to your needs in the best possible way. This process is called profiling.
How we protect your personal information
To ensure adequate data protection for the company and its customers, we apply all necessary organizational and technical measures provided in the Personal Data Protection Act.
For the sake of maximum security when processing, transferring and storing your data, we may use additional security mechanisms such as encryption, pseudonymisation, and more.
Personal data we have received from third parties
We do not get data from third parties.
Consumer Rights
Each user of the site has all rights to protection of personal data in accordance with Bulgarian and European Union legislation.
The user can exercise their rights through the contact form or by sending a message to our email.
Each User is entitled to:
The user may request deletion if one of the following conditions is true:
The customer is entitled to restrict the processing of his personal data by the controller when:
Right of portability.
The data subject has the right to receive the personal data that concerns him and which he has provided to an controller in a structured, widely used and machine readable format and has the right to transfer this data to another controller without hindrance by the controller to whom the personal data is provided when the processing is based on consent or a contractual obligation and the processing is done in an automated manner. When exercising its right to data portability, the data subject is also entitled to receive a direct transfer of personal data from one controller to another when technically feasible.
Right of objection.
Users have the right to object to the controller against the processing of their personal data. The Personal Data Administrator is required to discontinue the processing unless he can prove that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject or for the establishment, exercise or protection of legal claims. In case of objection to the processing of personal data for the purposes of direct marketing, the processing should be terminated immediately.
Appeal to the supervisory authority
Each User has the right to file a complaint against the unlawful processing of his personal data with the Personal Data Protection Commission or the competent court.
Keeping a registry
We keep a Register of the processing activities for which we respond. This Register contains all of the following information: