|Information about the Company, which process and collect your Personal data – ADMINISTRATOR||
„GUTS AND BRAINS DDB“ OOD
Address: 95 Hristo Botev Blvd.,
Sofia – 1303, Bulgaria
|Information about the SUPERVISORY AUTHORITY||
COMMISSION FOR PERSONAL DATA PROTECTION
Address: 2 Prof. Tsvetan Lazarov Blvd.,
Sofia – 1592, Bulgaria
Telephone: +359 2 9153518
The protection of personal data and the protection of our customers’ personal and financial information are particularly important to us.
Therefore, we process your information exclusively based on the applicable legislation, specifically the General Regulation (EU) 2016/679 (known as GDPR), the Personal Data Protection Act (PDPA), and the Electronic Commerce Act (ECA).
With this Data Privacy Notice (Notice), we inform you about the most important aspects of the processing of your data by “Guts and Brains DDB” OOD (for short “We” or “The Company”).
This Notice contains information about the processing of your personal data obtained when using our website, as well as about the rights you have concerning this processing. With it, we also inform you about the terms and legal grounds to collect, process, store, use, destroy and protect your personal information, insofar as by providing your data, you give us your express consent to do so.
- Basis for collecting, processing, and storing your personal data
1.1. “Guts and Brains DDB” OOD, in the capacity of Administrator, collects and processes your personal data in the event of any of the following scenarios:
(a) when you contact us about a service, we may provide it to you;
(b) when you contact us, in connection with making an offer or in connection with entering into a contract;
(c) when you submit a job application;
(d) to fulfill legitimate objectives of the Administrator or a third party;
(e) upon receiving your express consent to receive our newsletter – The Newsletter.
- Purposes and principles in the collection, processing, and storage of your personal data
2.1. The purposes for which we collect and process your personal data, in connection with the use of the Website: https://gutsandbrainsddb.bg/, are the following:
(1) Protection of information security;
(2) Improving the performance and functionality of the site;
(3) Individualization of a party to a legal relationship;
(4) Carrying out communication – feedback on received inquiries, questions, messages, etc.;
(5) Organizing games, raffles, advertising campaigns, events, etc. similar;
(6) Obtaining consent to send our newsletter – The Newsletter;
(7) Accounting purposes;
(8) Performance of a contract or commitment;
(9) Statistical purposes;
(10) Fulfillment of legal commitments to the National Revenue Agency, the Ministry of Internal Affairs, and other state or municipal administrations;
(11) Defence of the Company against wrongful claims.
2.2. The principles we follow when collecting and processing your personal data:
(1) Accuracy and timeliness of data;
(2) Lawfulness, fairness, and transparency;
(3) Limitation of processing purposes to the minimum necessary;
(4) Limiting the time for their storage to the legally regulated and minimally necessary;
(5) Ensuring an appropriate technological level of data protection and security;
(6) Relevance of the type and amount of data to the purposes of the processing.
III. Types of Personal Data We Collect, Process, and Store
- When you contact us, in connection with establishing contact and carrying out pre-contractual relations or in the event of an inquiry – making an offer or proposal, organizing a meeting, we collect: two names, telephone, and e-mail, the representative authority of a legal representative or proxy.
- When you contact us, in connection with entering into a contract:
(a) The processing of the data is necessary to identify the legal representative of the Legal Entity or the Natural Person – client/partner/supplier, to make contact with him, and also to fulfill the contract.
(b) the data we collect in this connection are names of legal representative/proxy, phone and e-mail for contact, power of attorney data (in case of authorization), and for a counterparty Natural person: names, social security number, personal identification number card, date of issue, address, telephone and e-mail for contact.
3.3. When you submit documents for a job application:
(a) The processing of the data is necessary to make contact with the applicant and to make a selection among multiple applicants.
(b) the data we collect are full name, work experience, and experience, education and qualifications, phone and e-mail for contact, profile on social networks, and the data specified by you in your resume.
3.4. For the fulfillment of legitimate purposes of the Administrator or a third party:
(a) to improve the service and localization of the interface, market research, and collecting statistical information, we will process your IP address.
(b) The collection and processing of this data are necessary to ensure the technical functioning of the site.
3.5. With your express consent to receive our newsletter – The Newsletter:
(a) The processing of the data is necessary for the sending of the newsletter to the relevant person who has given his consent to receive it.
(b) the data we collect in this connection name, e-mail address.
3.6. Regarding data of participants in an event organized by the Company:
(a) to register for participation, conduct the event itself, and obtain the result thereof, we will collect the following data: names, e-mail addresses, and telephone.
- Data We DO NOT Collect
4.1. We do not collect your personal data related to political views, religious or philosophical beliefs; data that reveals racial or ethnic origin; genetic or biometric data, data on health status, data on sex life or sexual orientation, membership in trade union organizations (except for establishing employment legal relations).
4.2. We also do not perform automated decision-making on personal data.
4.3. The company does not collect or process data of children under 16 without the express consent of their legal representatives/parents.
- Storage period
5.1. Data related to the conclusion of a contract is stored for 5 years, counted from the termination of the contractual relationship. It is possible to store the data for a longer period, in case of a legal dispute between the parties. Data in accounting and tax documents are stored for 11 years.
5.2. Data related to job applications are stored for no more than 6 months, starting from the date of termination of the candidate selection procedure. After this period, your data is destroyed and deleted, unless you have expressed your express wish for your data to be stored by us for a longer period.
5.3. We process your data based on a given consent for this, until the express withdrawal of this consent.
- Your rights to the collection, processing, and storage of your personal data
6.1. You can withdraw your consent to the processing of your personal data, part or all, for part of the purposes or all purposes, by sending an application in free text to the address of the Administrator. In this regard, the Administrator may ask you to verify your identity on the spot. Withdrawing your consent does not affect the validity of data processing up to that point. The administrator may continue to process part or all of the data if this is required by the legal regulations referred to in section V;
6.2. You have the right to access the data, as well as confirmation from the administrator whether your personal data is being processed. The provision of the data is free of charge, but in case of excessiveness or repetition, the Administrator may require the payment of a fee for this;
6.3. You have the right to correct inaccurate data or delete the data – “The right to be forgotten”. The right to be forgotten may be exercised by you if your personal data are no longer necessary for the purposes for which they were collected; when you withdraw your consent to data processing; when you have objected to the processing; when your data is processed unlawfully; when your data must be deleted, to comply with a legal obligation under Union or Member State law that applies to the Administrator or when your personal data was collected in connection with the provision of information society services;
6.4. You have the right to limit the processing of your data when you dispute the accuracy of the data (for a period to allow the Administrator to verify the accuracy of the data); the processing is illegal, but you do not want your personal data to be deleted, but only to have their use restricted; The administrator no longer needs the personal data for the processing, but you require them for the establishment, exercise or defense of your legal claims or when you have objected to the processing pending verification;
6.5. You have the right to receive your personal data in a structured, widely used, and machine-readable format, as well as the right to transfer it to another controller;
6.6. You have the right to object to the processing of your personal data at any time. In this case, the Administrator terminates the processing of the data, unless there are legal grounds for their processing.
VII. Processing of the data by a third party
7.1. The administrator may, at his discretion, entrust the processing of your personal data in compliance with the requirements of the General Regulation (EU) 2016/679.
7.2. If the Administrator intends to transfer part or all of your personal data to a third party, in a third country, or an international organization, we will notify you in advance.
7.3. The administrator does not transfer your data to third countries.
VIII. Your rights in the event of an infringement
8.1. In the event of a breach of the security of your personal data, which may create a high risk for your rights and freedoms, the Administrator will notify you without undue delay of the breach, as well as of the measures that have been taken or are about to be taken.
8.2. Notification is not required if the Administrator (1) has taken appropriate technical and organizational measures to protect your data, (2) has taken measures that ensure that the breach will not result in a high risk to your rights, or (3) notification would require a disproportionate effort.
- General provisions
9.1. This Privacy Notice was adopted on August 1, 2022.
9.2. The Company may change or supplement this Notice, following the requirements of the law.
9.3. The administrator will organize a reference to this Notice through a link on its site, and will also provide access to it in another appropriate way for any person who wishes to familiarize himself/herself with it before or after providing his/her personal data, to become familiar with its contents.