Personal data protection policy of Law Firm Karakoleva – Leshteva & Partners
- Below you can find brief information about:
- The Provider,
- The competent supervisory authority,
- The legal basis on which we process personal data,
- The purposes for which we use the personal data,
- Principles of personal data processing,
- What personal data we collect,
- Period of storage of personal data,
- Access to and transmission of personal data, and
- The rights and guarantees that the GDPR provides to data subjects.
II. PROVIDER INFORMATION
1. Name: Law Firm Karakoleva-Leshteva and Partners, UIC 176909326
2. Headquarters and registered address: 12, Macedonia Blvd. No., ground floor, Sofia
3. Tel.: +359 2 954 1209, e-mail: email@example.com
4. Entry in public registers: Sofia Bar Association
III. INFORMATION REGARDING THE COMPETENT SUPERVISORY AUTHORITY
1. Name: Commission for the Protection of Personal Data of the Republic of Bulgaria
2. Address: 2, Prof. Tsvetan Lazarov Blvd., 1592 Sofia
3. Phone: 02 915 3 518
4. E-mail: firstname.lastname@example.org
5. Website: https://www.cpdp.bg/
IV. GROUNDS FOR COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
We process (including, but not limited to: collecting and storing) your personal data solely in connection with our activity and in accordance with the requirements of applicable legislation, including the Personal Data Protection Act of the Republic of Bulgaria and the General Data Protection Regulation. We process your personal data based on at least one of the following grounds:
Consent of the User for the processing of personal data;
The processing of personal data is necessary for the fulfillment of contractual obligations of the Provider to the User;
The processing of personal data is necessary to take steps at the request of the User before concluding a contract;
The processing of personal data is necessary to comply with legal obligations of the Provider;
The processing of personal data is necessary for the purposes of the legitimate interests of the Provider to carry out its activity.
V. PURPOSES FOR COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
We collect, process and store personal data of the Users in connection with the implementation of the services provided by us and communication in connection with the use of the Website, as well as for the following purposes:
Communication and identification when executing a service contract and a sales contract (including when executing a respective contract);
Communication, identification, processing and execution of inquiries made, orders made, requests, reservations, purchases of goods or services (including preparation for the conclusion of a contract, acceptance of orders, dispatch of goods, solving problems related to cancellation of orders, reservations , return of purchased goods, refund of paid sums and others);
Fulfillment of tax and other legal obligations;
Accounting purposes in connection with the use of our services;
Protection of our legitimate interests in connection with the fulfillment of our obligations to state and municipal bodies (for example: National Revenue Agency, Ministry of Internal Affairs);
Protection of our legitimate interests in connection with the storage of information for the purpose of protection against legal or tax claims and for the purpose of improving the presentation of the Website;
Protection of the information security of the Website;
Statistical information about the use of the Website;
Provision of advertising content according to the interests of the User;
If a data subject refuses to provide us with some or all of the personal data that is necessary for the relevant purpose stated above, we may not be able to provide the relevant service (for example, to fulfill a contract entered into with the relevant User) or to fulfill the relevant legal requirements (for example to enable the data subject to exercise his/her rights under the GDPR).
VI. PRINCIPLES OF COLLECTION, PROCESSING AND STORAGE OF PERSONAL DATA
When collecting, processing and storing your personal data we observe the following principles:
Legality, good faith and transparency;
Limitation of processing purposes;
Limiting the storage period in order to achieve the purposes for which the data is processed;
minimizing the data that is processed;
Accuracy and timeliness of data;
Integrity and confidentiality in data processing and ensuring an appropriate level of personal data security.
VII. PERSONAL DATA
We collect the following categories of Users’ personal data for the following purposes and on the following grounds:
Your personal data (name and surname, telephone number and email address), as well as other data that you voluntarily provide to us, for the purposes of processing your inquiries, providing service offers and providing services on our part, if expressed by you desire, including communication with you in this regard, and based on taking steps at your request for the possible conclusion of a contract, performance of a contract to which you are a party or consent to processing provided by you;
Your individualizing data (name and surname, telephone number and email address) and information related to payment and selected payment methods for the purposes of issuing and sending accounting/tax documents (invoices) in connection with the services you use, including communication with you in this regard, and on the basis of taking steps at your request for the possible conclusion of a contract, performance of a contract to which you are a party or fulfillment of our legal obligation;
Your personal data (first and last name, telephone number and email address), information related to a delivery address (only in cases where you have indicated that you want delivery to a specific address and not to a courier office or when picking up from a store) and information related to payment and selected payment methods for the purposes of paying for orders placed, reservations and/or goods or services purchased, including issuing and sending accounting/tax documents (invoices) in connection with account registration, the orders placed by you , reservations, purchased goods or services, and on the basis of taking steps at your request for the possible conclusion of a contract and/or performance of a contract to which you are a party;
Your IP address, browser settings and preferred language, pages visited, as well as actions performed for the purpose of sending push notifications, if you have expressed a desire to receive them;
Your IP address, the pages visited, for the purposes of protecting information security;
Other data that may be necessary in certain cases or related to the provision of services to Users by us, including the ones necessary to fulfill contractual obligations (for example, date of birth, signature, social security number) or other data that Users voluntarily decide to share with us, and on the basis of performance of a contract to which you are a party, consent to processing provided by you or compliance with our legal obligation.
We do not make decisions based solely on automatic data processing, including profiling.
We usually receive the personal data directly from the personal data subject. However, it is not excluded that we also receive personal data from other persons, such as: other employees, in the company in which the relevant subject of personal data works, as well as from publicly available sources such as the Commercial Register and the register of non-profit legal entities at the Registry Agency to the Ministry of Justice of the Republic of Bulgaria.
VIII. STORAGE PERIOD OF PERSONAL DATA
We store the Users’ personal data for a period not longer than is necessary to fulfill the relevant purpose of processing or the legally established period, when applicable. For example:
Personal data provided by you when filling out the contact form will be stored until the request is fulfilled or the inquiry in connection with which you contacted us is satisfied, as well as for a maximum of one year after that for statistics and marketing analyses;
Personal data of our customers, processed in connection with contracts concluded between us and the relevant User, will be stored for a period no longer than ten years, starting from January 1 of the year following the one in which the contract is reported for tax purposes;
Personal data of our customers, processed in connection with the issuance of tax documents (invoices) will be stored for a period not longer than ten years, starting from January 1 of the year following the year in which the document is reported for tax purposes;
Personal data of our partners/providers, processed in connection with contracts concluded between us and the relevant partner/provider, will be stored for a period not longer than ten years, starting from January 1 of the year following the one in which the contract is reported for tax purposes;
Personal data of participants in recruitment and selection procedures will be stored for a period not longer than six months, starting from the moment of final completion of the recruitment/selection procedure in which the relevant personal data subject participates, respectively after expiry of the period for appeal of the respective procedure, unless the personal data subject in question has consented to the storage of his/her personal data for a longer period, in which case the personal data subject has the right at any time and without giving reasons to withdraw his/her consent.
The storage period depends, inter alia, on the duration of the legal relationship between us and the respective User, as well as on the purposes for which the personal data is processed. Where there is indication(s) of potential legal claim(s) or liability, these terms will be extended accordingly. When the processing is based on the consent of the User (for example: in the case of personal data provided by third parties for direct marketing), we store this personal data until we have a valid consent for its processing.
After the expiry of the above periods, we take the necessary care to delete and/or destroy your relevant personal data without undue delay.
IX. ACCESS TO PERSONAL DATA AND TRANSFER OF PERSONAL DATA TO THIRD PARTIES
In principle, the personal data of the Users that we process are accessible to our employees, representatives and partners who need them to fulfill legal obligations and/or to fulfill contractual obligations (for example: provision of a given service under a contract with a User ). In this regard, it is possible, at our own discretion and in compliance with the requirements of the GDPR, to transfer all or part of your personal data to third parties such as accountants, professional consultants, including lawyers (for the purposes of financial, accounting and administrative service of our activity), cloud platforms for data processing/storage (for the purposes of the organizational service of our activity, for example: storing and processing the contracts with the Users of cloud platforms for the purpose of greater security), companies providing postal services (for the purposes of the organizational service of our activity, for example: sending contracts on paper to the Users), IT service providers, system administration, marketing services (for the purpose of providing a more reliable and high-quality operation of the Website and more secure data processing), service providers for storing foreign information (i.e. hosting companies) (for the purpose of fulfilling contracts with Users).
Based on applicable law or at the request of public authorities, all or part of your personal data may also be accessible to public authorities.
We do not intend to transfer your personal data to countries outside the European Economic Community or to international organizations.
X. RIGHTS OF DATA SUBJECTS
At any time while we are processing your personal data, and subject to the limitations set out in applicable legislation, you, the data subject, have the following rights:
Right of access – you have the right to request information about whether we are processing your personal data, as well as to obtain access to and a copy of such personal data of yours; in the event that you request more than one copy of such personal data of yours, you may be liable to pay an appropriate fee for each additional copy;
Right to rectification/correction – you have the right to request that your personal data be rectified if you believe that it is inaccurate or incomplete. We will make such rectifications/corrections without undue delay;
Right to deletion/to be forgotten – in certain circumstances (for example: the relevant personal data are no longer necessary for the purposes for which they were collected; you have withdrawn your consent to the processing of certain of your personal data for which there is no other legal basis for processing) you may request that your personal data that we process be deleted from our records/our database without undue delay. In certain cases, we may refuse to delete such personal data od yours (for example: the processing of the personal data is necessary to comply with a certain legal obligation or to establish, exercise or defend legal claims);
Right to restriction of processing – when certain conditions are present (for example: the processing of certain of your personal data is unlawful, but you do not want this data to be deleted), you have the right to request a restriction of the way in which your personal data is processed;
Right to portability – where your personal data is provided to us by you and is processed in an automated way, you have the right to request that your personal data be transmitted to you in a structured, widely used and machine-readable format, as well as to be transferred to another controller of personal data, if technically feasible;
Right to object – you have the right, at any time, to object to the processing of your personal data for certain purposes, in which case we will stop using the personal data for the specific purpose, unless we have overriding legitimate grounds for doing so (for example: you have the right, at any time, to object to the processing of your personal data for direct marketing purposes, in which case we will stop processing your personal data for these purposes without undue delay);
Right to object to automated processing, including profiling – you have the right not to be the subject of a decision based solely on automated processing of your personal data, including profiling, and you also have all the rights that accrue to you in the event that you are subject to the legal consequences of such processing;
Right to withdraw your consent to processing – in case we process your personal data on the basis of consent provided, at any moment, you have the right to withdraw your consent. Withdrawal will not affect the lawfulness of processing based on consent prior to its withdrawal.
In the event that, at the request of a User, we delete his/her personal data from our database, we will only retain the information that may be necessary to protect our legitimate interests or for public authorities.
You have the right to request that we inform you about all recipients to whom the personal data for which correction, erasure or restriction of processing is requested has been disclosed. We may refuse to provide this information if this would be impossible or would require a disproportionate effort.
In the event that we are required to transfer personal data to another controller, to correct or delete personal data, to restrict the processing of personal data or to terminate such processing, to provide information about the recipients to whom the personal data has been provided, for which rectification, erasure or restriction of processing is requested, or to provide access to personal data, and in the case of concerns regarding the identity of the User making the respective request, we may first request additional information to confirm the identity of the data subject in question .
In the event that in the processing of your personal data there is a third party to whom all or part of your personal data is transferred (as set out in Part IX above), all the above requests will be forwarded to that third party.
The exercise of the above-mentioned rights is free of charge for the Users, except when the requests made are clearly unfounded or excessive. In such event, we may either charge a reasonable fee to fulfill the request or refuse to act on the request.
Users can exercise the above rights by contacting us by email at email@example.com
XI. COMPLAINT TO SUPERVISORY AUTHORITY
In the event that you consider that your personal data is not being processed lawfully or that any of your rights related to the protection of personal data has been violated, you have the right to lodge a complaint with the competent supervisory authority for the protection of personal data referred to in Part III above of the Personal Data Protection Policy. You also have the right to seek legal protection of your rights.
In the event that the website contains links to other websites, we recommend that you carefully familiarize yourself with the personal data protection/privacy policies of these other websites, because when you visit these pages, your personal data may be processed by the websites in question, which processing is not covered by the Personal Data Protection Policy.
We reserve the right to change the from the Personal Data Protection Policy at our discretion as and when we see fit.