By using the Site you consent to the collection, processing, and disclosure of your personal information (where necessary and under strict security measures), as set out in this Policy. In case you do not agree to this, please refrain from using the Site.
The collection of personal data is limited to the necessary extent. Personal data is all data that can identify you directly or indirectly, e.g. name, postal address, e-mail, IP address, phone number. We have taken the required technical and operational precautions to protect your data from accidental or intentional manipulation, loss, destruction, or access by unauthorized persons. Our security procedures are regularly reviewed and adapted to the latest regulatory requirements and technological standards.
- the entity responsible for the processing of your data;
- the categories of personal data we process;
- the circumstances under which your information is processed;
- the goals and legal grounds for the processing;
- terms for safekeeping and security measures of the data;
- how to exercise your rights under the GDPR and PDPA;
- how and in what cases we share your data with third parties.
1. Responsible for data processing (Data Controller)
2. What information do we collect?
We may collect personal information when you use the Site or select our services, including online. In most cases, we require personal data for concluding a contract, carrying out activities from our portfolio or complying with a legal obligation. In most of our services, you provide us with the relevant information by choosing and agreeing to share information about yourself. Without this data, we would not be able to provide our services.
Depending on the services you benefit from, we may collect and process the following information about you:
- General data to individualize you, such as names, unique civil number or personal number of a foreigner, permanent address;
- Information related to the contracts concluded by HBS and their implementation;
- Contact details – contact address, phone number and email;
- Correspondence (on paper or in electronic media) in communication between us;
3. Purpose in the processing of personal data
We process the personal data we collect most often for the following purposes:
- For concluding or fulfilling a contract in connection with the services provided by HBS, including for establishing the identity of a client;
- For the preparation of offers, contracts and all other accompanying documents. If you use the inquiry form for inquiries, the information provided by you in the form, including contact details, is used to process the inquiry and is stored for further use if questions arise for follow-up;
- For compiling accounting documents such as invoices or invoices for used/provided services of HBS;
- Notices related to our services, including the newsletter. In case you fill in the webform to register for our newsletter, we use the data provided by you only to verify that you are the owner/holder of the specified email address and want to receive the newsletter to create a list of emails and we analyze the use of our newsletter.
- Data necessary for the fulfilment of our legal obligation, provided in the Accounting Act, the Tax-Insurance Procedure Code and other statutory acts in connection with the keeping of correct and lawful accounting; to provide information to state commissions and regulatory bodies; for the fulfilment of obligations in connection with the Consumer Protection Act; to provide information before a court or law enforcement agency.
- For direct marketing of our products and services.
4. Data sharing
HBS uses third parties in fulfilling its legal obligations. We do not provide personal data to third parties until we are sure that all technical and organizational measures have been taken to protect this data, and we strive to exercise strict control over the implementation of this goal.
Some of the recipients of personal data can be:
- courier companies, external consultants and specialists, law and accounting firms, banks, persons who on assignment maintain equipment, software and hardware used for personal data processing by the Studio, hosting companies, etc.
- NRA, NSSI, courts, prosecutor’s office and other bodies to which we are obliged to provide personal data under current legislation.
5. Collection of personal data when visiting the Site
When using the Site for information purposes only, i.e. if you do not otherwise provide us with personal information, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data which is technically necessary for us to display our website to you and to ensure its stability and security:
- IP address
- Date and time of the request
- Access status/HTTP status code
- Requesting website
- Browser, operating system, and interface.
The legal grounds for the processing of the above information is Art. 6, para1 “f”, GDPR. The purpose of collecting the data is to make it possible to serve the Site to you (by establishing a TCP/IP connection), to secure our servers, the technical administration of our infrastructure, as well as the optimization of our services. Only in the case of unauthorized access or attacks on our infrastructure your IP address will be analyzed.
No further information is required from you to access the Site.
6. Collection of personal data when contacting us
When you contact us via email, telephone, or other communication channels, the data you provide (e.g. your email address, your name, and your phone number) will be retained by us to answer your questions. These details enable us to give you more concrete information regarding your inquiry and to improve the processing of your request. This information is shared by you voluntarily and with your consent on the grounds of Art. 6, para 1 letter “a”, GDPR. You can revoke this consent at any time in the future. If this is the case, please contact us at email@example.com.
We delete the data collected in this context after the retention is no longer necessary or limit the processing if statutory retention obligations exist.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
7. Collection of personal data when signing up for our Newsletter
With your consent according to Art. 6, para 1 letter “a”, GDPR you can subscribe to our newsletter, with which we inform you about the latest news, exclusive content, and updates regarding the activity of HBS.
Also, we store your IP addresses and the time of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify a possible misuse of your data.
The only mandatory information for sending the newsletter is your email address. After your confirmation, we will save your data to send you the newsletter. The legal basis is Art. 6, para 1 “a”, GDPR. We will retain your e-mail address until you unsubscribe from the newsletter.
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter email, which sends a notification to firstname.lastname@example.org.
The placement of cookies on your computer can be prevented through the relevant settings of your Internet browser. Previously set cookies can also be deleted through the settings of your browser. We advise you that preventing the placement of cookies on your computer can mean that not all functionalities of the Site are available and/or are limited.
9. Use of automated algorithms
HBS does not use any means for automated decision making in its activity.
10. Data Security
HBS takes all the necessary measures to protect your data from accidental or intentional manipulation, loss, destruction, use, change or disclosure or access by an unauthorized person. We also take additional measures to control access, physical protection and reliable practices for collecting, keeping and processing information.
We apply appropriate technical measures such as encryption, pseudonymization and anonymization of the collected personal data where necessary.
Our security procedures are regularly reviewed and adapted to the latest regulatory requirements and technological standards.
Your data is stored only on secure servers, accessible only by a few authorized employees. When you use a form on our website to send us data, this transmission is only performed via an encrypted TLS connection.
11. Limitation within the processing and storage of data
We keep all the information we have gathered for you and destroy it in the statutory deadlines, and if there are not such – within the deadlines set by us, and after the final settlement of all our financial relations. We do not keep data indefinitely.
Part of the deadlines are:
- 5 years after the expiry of the statutory deadlines for putting forward any claims as per the Bulgarian Obligations and Contracts Act;
- 10 years under the Accountancy Act for the storage and processing of accounting data;
- 5 years for the liabilities to provide information to the courts, competent state bodies, and any other grounds provided for in the existing legislation;
- 5 years from providing your consent to obtaining direct marketing messages by HBS.
12. Data transmission
We do not transfer your data to any third parties or countries unless we are legally obliged to do so, or the transfer of data is necessary for the performance of a contractual obligation, or you have explicitly consented to the transfer of your data.
Where a transfer of data is required, the transfer, storage and processing of data to third countries is secured with modern technical means. HBS shall not transfer data outside the EEA without compliance with the respective legal requirements and shall introduce appropriate safeguards to maintain the confidentiality of the information.
As far as external service providers may come into contact with your data, we ensure that these comply with Art. 28, GDPR within the scope of order processing. The respective service provider is responsible for the content of external services. Within reason, we verify the compliance of the external services with the respective legal requirements.
13. Your rights
According to GDPR, you have the following rights concerning the data relating to you:
13.1 General rights
You have a right to information, rectification, deletion, restriction of processing, objection to processing, and data transferability. If processing is based on your consent, you have the right to withdraw this consent at any time with an immediate effect for the future.
13.2 Rights concerning data processing according to the legitimate interest
According to Art. 21 para 1, GDPR, you have the right to object at any time for reasons arising from your particular situation to the processing of your data under Art. 6, para 1 “e”, GDPR (data processing in the public interest) or Article 6 para 1 letter f, GDPR (data processing to safeguard a legitimate interest). This also applies to profiling based on this provision. In the event of your objection, we will no longer process your data unless we can prove compelling grounds for processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise or defend legal claims.
13.3 Rights concerning direct marketing
If based on your consent we process your data for direct marketing purposes, you have the right under Art. 21 para 2, GDPR to object at any time to the processing of your data for such advertising by withdrawing this consent. This also applies to profiling insofar as it is associated with such direct marketing.
In the event of your objection/withdrawal of consent to the processing for direct marketing purposes, we will no longer process your data for these purposes.
13.4 Right of appeal to a supervisory authority
You also have the right to complain to a data protection supervisory authority regarding our processing of your data. If you consider that the processing of data relating to you infringes GDPR, you have the right to file a complaint with the supervisory authority in the country of your habitual residence, place of work, or place of the alleged infringement.
The supervisory authority that is responsible for monitoring the application of GDPR in Bulgaria (where Human Business Studio as a data controller resides) is the Commission for Personal Data Protection, with contact details as follows:
2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, www.cpdp.bg.
This Policy can be amended over time at HBS discretion. Such changes will come into force immediately after their disclosure at a suitable place on the Site.
Regular browsing of our Site guarantees you that you will always be aware of the current version of the policy.
If you have questions about your privacy, you can contact HBS on the following contacts: