Loading page. Please wait.
Loading page. Please wait.
POLICY FOR SECURITY OF PERSONAL DATA OF NATURAL PERSONS
APPLICABILITY
Privacy is extremely important to us. This Policy for the security and protection of personal data (for short “Policy” ) covers the issues related to the personal data of natural persons, collected and processed by ECOFIN Consulting OOD , UIC 207531094 , with headquarters and address of management: Burgas, g .k. Izgrev bl. 32, entrance 4, represented by Yulia Yordanova (for short ” We”, “Administrator”, “Administrator of personal data”, ), through the website www.ecofin.bg , social networks, including and facebook company page , the linkedin company page (all referred to below for short as “Site”, “Website”, “Website”, “Sites” ), by electronic means (e-mail), telephone or by other means, at which a natural person (for short “Subject” ) voluntarily provides data to the company. The above-mentioned sites and profiles in social networks (all referred to as “site” ) are administered by ECOFIN Consulting OOD , and in this connection the same is the administrator of the personal data provided through them. When processing personal data, the personal data controller complies with all applicable personal data protection regulations, including but not limited to Regulation (EU) 2016/679 (“Regulation”) and the Personal Data Protection Act, because for for us, the security of the personal data of natural persons (inquirers, customers, suppliers, employees, others) is of primary importance. You can contact us either through the Site or by any other means set out below in this Policy, where you will find contact details for both us and our Data Protection Officer.
The policy contains information about individuals who provide the company with their personal data or data of third parties. The document describes in detail who processes the data (personal data administrator), whose data the administrator processes (categories of personal data subjects), what data of natural persons is processed, how the administrator collects, processes, uses and protects this data and what rights they have regarding the processing of personal data subjects according to Regulation (EU) 2016/679 – General Data Protection Regulation (known as General Regulation or GDPR). This policy is available on the above-mentioned websites, as well as at the address of the company. Any person who has provided data to the company on any occasion should familiarize himself with this Policy for the security and protection of personal data before providing the same.
Partners, employees and third parties who work with or for the company, and who have or may have access to personal data, will be expected to familiarize themselves with, understand and comply with this policy. No third party may have access to personal data held by the company without first having entered into a data confidentiality agreement, which imposes on the third party obligations no less burdensome than those undertaken by the company, and which entitles the same to carry out inspections of compliance with the obligations imposed by the agreement.
This policy also applies to all employees of the company, as well as to external suppliers of products and services with which it has concluded contracts. Any violation of the General Regulation will be considered as a violation of labor discipline, resp. such as non-fulfillment of contracts with partners, and in case there is an assumption of a crime committed, the matter will be submitted for examination in the shortest possible time to the relevant state authorities.
For visitors to the Site who do not send inquiries through the contact form, but only browse our website, the Cookie Policy adopted and published on the Site applies. You should also note that this Security Policy does not apply to legal entities (companies and non-profit legal entities).
DEFINITIONS
“Regulation” is the General Data Protection Regulation 2016/679 of 27 April 2016, referred to as GDPR. The purpose of this European legislation is to protect the “rights and freedoms” of individuals and to ensure that personal data is not processed without their knowledge and, where possible, with their consent.
” Personal Data ” is any information relating to a natural person (“subject”) that is identified or can be identified directly or indirectly by an identifier such as a name, identification number, location data, online identifier or by one or more signs , specific to the physical, physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person.
” Processing of personal data ” is any action or set of actions that may be performed in relation to personal data by automatic or other means, such as collection, recording, organization, storage, adaptation or modification, recovery, consultation, use, disclosure by transmitting, distributing, providing, updating or combining, blocking, deleting or destroying.
“Administrator” is any natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of this processing are determined by EU law or the law of a Member State, the controller or the special criteria for its determination may be established in Union law or in the law of a Member State.
“Data subject” is any living natural person who is the subject of the personal data stored by the Administrator.
“Consent of the data subject” is any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or a clear affirmative action, which expresses his consent to the personal data relating to him to be processed.
“Third party” – any natural or legal person, public body, agency or other body other than the data subject, the controller, the personal data processor and the persons who, under the direct supervision of the controller or the personal data processor, have the right to process the personal data ;
PRINCIPLES
When collecting and processing personal data, we are guided by the following principles: lawfulness, good faith, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality; accountability.
ENTITIES WHOSE DATA WE PROCESS
In the course of its activity, ECOFIN Consulting OOD, through its managers, employees, lawyers, proxies, concludes and executes contracts for consulting services, reviews job applications, answers inquiries, participates in events and initiatives, issues and receives invoices. In these cases, the company processes information about the following Data Subjects:
(a) natural persons, users of the site , without leaving any data (in this case we process data, but not personal);
(b) natural persons who sent inquiries, requests, initiatives, signals, or other correspondence to the company by phone call, e-mail, contact form on the website, message on social networks or in any other way;
(c) natural persons, information about which is contained in inquiries (including by calling), requests, requests, initiatives, signals, or other correspondence addressed to the company;
(d) natural persons with whom the company concludes contracts (civil, including commercial or labor);
(e) natural persons who are clients of the company and are party to a contract for consulting services;
PERSONAL AND SIMILAR DATA WE PROCESS
Depending on the reason for the processing of personal data, the type of this data may be different. The functionalities provided on the Site are not intended for storage and processing of special categories of data within the meaning of Art. 9 and Art. 10 of the Regulation (see Art. 9 and Art. 10 – of the Regulation here ) . We only require such personal data that we need to provide the activity/service requested by the company. In the course of using the website www.ecofin.bg by individuals, the company may also process other data that do not contain personal data, but relate to the subject, such as his IP address, data on his activity on the site, etc. similar.
Depending on the specific action, we collect the following data:
(a) when concluding a contract for consulting services and or when authorizing the company with a power of attorney:
(b) when submitting a job application (candidacy):
(c) when concluding contracts with partners, individuals and employees:
(d) when submitting an inquiry through the site, on-site, by email, by phone:
(e) when including the company’s Facebook page as well as data provided when publishing a comment, review, publication or message via social networks or other third parties :
In case you provide your personal data to the company, resp. of a partner, employee or other person in its composition, through Viber, Skype, Facebook or any other platform/social network, we inform you that these platforms/websites/social networks have their own privacy policies and that we do not accept any responsibility or liability for these rules insofar as their processing cannot be controlled by us. Therefore, we recommend that you check these policies before submitting your personal data to us through these websites/apps/platforms.
If you leave a post or comment on the www.ecofin.bg site , your IP address will be saved. This is for the safety of the website operator. Apart from that, due to the fact that sending comments, inquiries and other messages to the site, Facebook page/group or their administrators, constitutes sending an electronic statement, according to the Law on electronic document and electronic authentication services (“ZEDEUU”) OSA has an obligation to maintain logs of the fact of sending the statement for a period of 1 year. The log contains the date of the statement, name and email address of the sender, if entered.
If you provide us with personal information about someone else, you must do so only with that person’s authorization. You must inform him of how we collect, use, disclose and store personal information in accordance with this Privacy Policy for Individuals.
(f) in the course of carrying out our business:
In the course of performing our activities, we may receive a number of personal data concerning both you and third parties. This is necessary in view of the nature of the consulting services we provide. Therefore, when performing our services, we may need to process personal data, including:
(g) technical data collected in the course of using the site www.ecofin.bg :
In addition, we collect information from your computer, phone, tablet or other device you use. This information may include the following:
(g) Cookies – the use of cookies is necessary for the functioning of the Site. A Policy has been adopted in this regard for use on cookies ; read the Policy for more details about: the type of cookies we use, the term for their storage and use, etc.;.
GROUNDS AND PURPOSES FOR DATA PROCESSING
The company collects and processes personal data in the course of its activity, including in connection with the provision of information services, and the grounds and purposes for processing personal data can be summarized in the following ways:
a/ Fulfillment of contractual obligations, in case the company has concluded a contract or has taken steps at the request of the data subject before concluding a contract. Pursuant to Art. 6, par. 1 of the Regulation) we process personal data also when carrying out pre-contractual relations (job applications, offers for goods/services, inquiries made) initiated by us or the data subject and for the fulfillment of contractual obligations that have already arisen between the company and the data subject (contracts for legal protection and assistance, contracts for services, employment contracts, contracts for goods, etc.);
b/ Compliance with certain statutory obligations by the company – sometimes the processing is necessary to comply with a legal obligation that applies to the controller – art. 6, tpar. 1, letter “c” of the Regulation – payment processing and prevention of fraudulent transactions, fulfillment of requests from data subjects, legal keeping of the company’s accounting;
c/ For the purposes of the legitimate interest of the company and other users of services provided by OSA – art. 6, item par. 1, letter “f” of the Regulation – the legitimate interest pursues goals related to the legitimate interests of the OSA and/or third parties. These goals include:
d/ Consent from the data subject for the use of this data for one or more purposes – Art. 6, par. 1, letter “a” of the Regulation. Consent is given in writing or by filling in a form that requires personal data. Consent is a freely expressed, specific and informed statement by which the natural person agrees to his personal data being collected and processed – Your data can be processed based on your express consent , and the processing in this case is specific and in the extent and scope , provided for in the relevant agreement. Usually, we require such consent from you when we wish to process your personal data, without a legal obligation or legitimate interest for OSA, as well as before any of the grounds mentioned above in sub-points “a” – “c” are present. Most often, we require such consent when we want to offer you information about new events, initiatives, etc. activities etc.
All personal data processing activities by the company are directly related to the purposes for which it was created, namely protection of the rights of individuals – subjects of personal data, as well as legal entities.
At this time, we do not use personal data for advertising purposes, nor do we provide personal data to other parties (personal data processors) for advertising purposes. We do not send advertising messages or use personal data for marketing purposes.
OUR DATA PROCESSING ACTIVITIES STORAGE PERIOD OF YOUR PERSONAL DATA
When storing data, the company applies the general principle of storing data in a minimum volume and for a period not longer than necessary to achieve the company’s goals, provide services and fulfill contracts, ensure their security and reliability and the requirements of the law . We will retain your personal information for the period necessary to fulfill the purposes set out in this “Privacy Policy”, unless otherwise required by law or based on our legitimate interest. and let’s borrow it for a longer period. After achieving the purposes of processing your personal data, we destroy them.
According to the type of data and the purposes for which it is deleted, there is a specific erasure policy, with the expiration of which the information is deleted permanently.
| Data type |
Storage period Basis for processing |
Clarifications |
| Personal data from concluded contracts for consulting services, as well as data from invoices issued or received by the company, payment documents (orders, bank statement), reports of the company under contract and other accounting, reporting and payment documents |
Storage period For the period in which the rights and obligations of the parties to the legal relationship under which the accounting, reporting or payment document was issued are available, up to 5 years from the termination of the legal relationship; Certain data are also stored for a longer legally defined period than the above, as they represent accounting information – data from transactions, invoicing data – between 5 and 11 years , and for a limited category of data (from payrolls) – 50 years Reason Fulfilling legal obligations and protecting the legitimate interests of the company |
The data identifies the entity as a party to a contract and proves what has been done by or to the entity (client, consultant, supplier, employee, etc.); the same are stored in order to ensure your rights, resp. fulfillment of the company’s legal obligations as a taxable person; According to Art. 38 of the Tax and Social Security Procedure Code (SPC), accounting and commercial information, as well as all other information and documents relevant to taxation and mandatory social security contributions, are stored by the obligated person in accordance with the procedure established in the Law on the National Archive Fund, in the following terms : payroll – 50 years; accounting registers and financial statements – 10 years; documents for tax and insurance control – 5 years after the expiration of the limitation period for repayment of the public obligation to which they are related; all other carriers – 5 years. According to Art. 38, para. 2 of the Code of Civil Procedure after the expiration of the term for their storage, the carriers of information under para. 1 (paper or technical), which are not subject to transfer to the National Archive Fund, may be destroyed. |
| Personal data from correspondence, alerts, requests, initiatives |
Storage period Data from correspondence, signals, requests, initiatives are stored for a period of up to 5 /five/ years on the basis of the Law on Obligations and Contracts (limitation periods for making claims); Reason Protection of the legitimate interests of the company |
In order to resolve submitted complaints, signals, disputes, inquiries, requests or other questions addressed in communication to Us, received through electronic forms on the Site, by sending by regular or e-mail, by telephone or otherwise, We store and process this information, as well as the result of this processing. Given the statute of limitations according to Bulgarian legislation for the purpose of resolving disputes, this information is stored for a period of up to 5 /five/ years. |
| Log certifying the sending of a comment, review, inquiry or other statement on the site www. ecofin.bg contains sender, recipient, date and time of the statement |
Storage period For a period of 1 /one/ to 5 years. Reason Fulfilling legal obligations and protecting the legitimate interests of the company |
Due to the fact that the sending of a comment, feedback, query, other statement constitutes sending an electronic statement by you to the OSA according to ZEDEUU, the company is obliged to maintain a log of the fact of sending the statement for a period of 1 /one/ year. The legitimate interest of the company allows us, in certain cases, to extend the storage period of this data up to 5 years from the date of the statement. |
|
Quick searches do not contain personal data |
Storage period Up to 6 /six/ months if you use this functionality without registration Reason Consent of the subject and protection of the legitimate interests of the company |
This option allows you to repeat your searches instead of entering them each time. Quick links are stored to repeat the last 10 searches . You can change the setting from the browser you are using. |
|
Settings and System Logs do not contain personal data, may contain information such as: date and time, IP address, URL, browser version and device information |
Storage period Until you delete them. In case they are stored in a biscuit – between 6 /six/ and 12 /twelve/ months from the last use Reason Subject Consent. Fulfilling legal obligations and protecting the legitimate interests of the company |
This category includes settings such as language selection, etc. similar. You are in control of the settings and can change them through your browser. Server logs, logs of security protection devices (Web Application Firewalls), etc. devices falling into this category. These logs are necessary to identify technical issues and/or detect malicious activity. |
| Cookies |
Storage period Between 6 and 12 months – depending on the type of cookie and your browser settings Basis Consent of the subject and protection of the legitimate interests of the company |
For a description of the cookies used, see the “Cookie Policy” document |
|
Exceptions to the retention period rules Please note that we will not delete or anonymize your personal data if it is necessary in connection with the fulfillment of legal requirements that the Company must fulfill. Deletion will be carried out after the need for the data ceases, and it is not excluded that this will be after the expiration of the periods indicated above. You may always request that we delete certain information or close your account, and we will respond to that request by retaining certain information, even after the account is closed, when applicable law or legitimate company interests require it. If we are legally required to, or if reasonably necessary to comply with regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms, we may also retain some of your personal information for a limited period of time, even after you have deleted Your profile. In any case, you will be duly informed by us. In order to ensure the reliability of the services and to protect against data loss for technical reasons, the Site applies a data redundancy policy. The maximum period for updating (deleting data) from all backups is 30 days. |
DO WE SHARE YOUR PERSONAL DATA WITH THIRD PARTIES
The company does not provide your personal data to third parties, unless there is a legal basis for this – an obligation under law or contract, a legitimate or vital interest, your consent. We try to minimize the personal data that we disclose, as this is always directly related and necessary to achieve the specified purpose. We do not sell, rent or otherwise disclose your personal information to third parties for their marketing and advertising purposes without your express consent. We guarantee that access to your data by third- party private legal entities takes place in accordance with the legal provisions in the field of data protection and information confidentiality, based on contracts concluded with them.
We may also disclose your personal data when we are subject to a legal obligation . In certain cases, the company is obliged to disclose your data to public authorities such as the police, prosecutor’s office, court, in connection with the prevention or detection of crimes. This also includes sharing information with other companies and organizations for fraud protection purposes. You should be aware that if we are asked by the police or any other regulatory or government authority investigating suspected illegal activities to provide your personal information or other information we obtain about you, we are entitled to do so after we are satisfied that the validity of the state authorities’ request. When we receive money from you or have paid money to you, we may be required by revenue authorities to provide transaction data containing certain data, including personal data. In this regard, the OCA may provide your data to the revenue authorities. The company’s legal obligation as a data administrator, managing and internet pages (sites) is to protect the security of the networks and the data processed by the company. In this regard, we implement a number of measures, the implementation of which may require the processing of your data by IT companies taking care of the security of the computers and computer networks maintained by the company.
Our legitimate interest justifies in certain cases the provision of personal data to third parties. Such would be the situation in the case of proceedings initiated before the Commission for the Protection of Personal Data, the bodies of the bar or other persons and bodies of the state authority. A legitimate interest also exists for us when we engage other companies and individuals to carry out certain tasks on our behalf, supplementing our services and activities, within the framework of data processing contracts.
TO WHICH COUNTRIES WE TRANSFER YOUR PERSONAL DATA
We currently store and process your personal data in Bulgaria.
However, it is possible that some of your personal data may be transferred to entities located in the European Union or outside it, including countries for which the European Commission has not recognized an adequate level of personal data protection.
We will always take steps to ensure that any international transfer of personal data is carefully managed to protect your rights and interests. Data transfers to service providers and other third parties will always be protected by contractual obligations and, where appropriate, by other safeguards such as standard contractual clauses issued by the European Commission or certification schemes such as Privacy Shield of personal data transferred from the EU to the United States of America.
You can contact us at any time using the contact details provided at the end of the Policy to find out which countries we transfer your data to and what safeguards we apply in relation to these data transfers.
YOUR RIGHTS REGARDING YOUR PERSONAL DATA
According to the General Data Protection Regulation, you have the following rights:
Right to information
This Policy aims to inform you in detail about the processing of your personal data in connection with the processing of your personal data. When there is a risk of a breach of the security of your personal data, the administrator is obliged to notify you of the nature of the breach and what measures have been taken to remedy it, as well as whether the supervisory authority has been notified of the breach. Also, the data subject may request information regarding all recipients to whom the personal data for which correction, erasure or restriction of processing is requested has been disclosed.
Right of access
You have the right to receive confirmation as to whether your personal data is being processed, access to it and information about how it is being processed and your rights in this regard. As a subject of personal data, you have the right to request confirmation of whether your personal data is being processed and, if so, to access your data and the following information: for what purpose data is processed, what personal data, data recipients, processing period . Access requests must be made in writing/electronically and addressed to the administrator. In this case, we provide a copy of the processed personal data in electronic or other appropriate form.
Right to rectification
You have the right to correct and supplement your personal data if they are incomplete or inaccurate. You can obtain information about what data we process about you to ensure its completeness and accuracy by making a request to us. As a personal data subject, you have the right to request the correction or completion of your personal data that is inaccurate/out-of-date or incomplete. For this purpose, you must submit a separate request. Your request will be answered by the administrator in writing to the email address you provided.
Right to erasure (right to be forgotten) and account closure
As a subject of personal data, you have the right to “be forgotten”, i.e. to request that your personal data be deleted without undue delay i.e. the controller to delete your personal data from all systems and records where it is stored, including notifying any third parties/processors of personal data to whom it has provided the data.
In order to ensure the reliability of the services and to protect against data loss for technical reasons, the Site applies a data redundancy policy. The maximum period for updating (deleting data) from all backups is 30 days.
A deletion request can be submitted on the grounds provided for in the Regulation, incl. in the presence of any of the following grounds:
– the personal data are no longer necessary for the purposes for which they were collected;
– when you have withdrawn your consent;
– when you have objected to the processing of personal data and there are no overriding legal grounds for the processing;
– when the processing is illegal;
– when the personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State that applies to the controller;
– when the personal data were collected in connection with the provision of information society services.
Please note that we may refuse to delete part or all of the personal data in cases where there is a substantial basis and/or legal obligation for their processing. You will be informed about this in due course. The administrator may refuse to delete the personal data on the grounds specified in the Regulation – when the processing of the specific data is for the purpose of:
– to exercise the right to freedom of expression and the right to information;
– to comply with a legal obligation that requires processing provided for in EU law or Member State law that applies to the Administrator or for the performance of a task in the public interest or in the exercise of official powers granted to him;
– for reasons of public interest in the field of public health;
– for the purposes of archiving in the public interest, for scientific or historical research or for statistical purposes;
– for the establishment, exercise or defense of legal claims;
Right to restriction in relation to data processing
The General Data Protection Regulation provides for the possibility to restrict the processing of your personal data if there are grounds for this provided for in it. The limitation is allowed in the following cases:
– when you consider that your personal data is not accurate, in which case the limitation is for a period necessary for the administrator to verify the accuracy;
– when the processing of your personal data is illegal, but you do not want them to be deleted, but you only want to limit their use;
– when the administrator no longer needs your personal data for the purposes of processing, but you, as the data subject, require them for the establishment, exercise or defense of legal claims;
– when you have objected to the processing pending verification of whether the controller’s legitimate grounds prevail over your interests.
Right to notify third parties
If applicable, you have the right to request the Administrator of your personal data to notify the third parties, when he has provided your data, regarding the correction, deletion or restriction of the processing of your personal data.
Right to data portability
You have the right to receive the personal data concerning you that you have provided in a structured, widely used and machine-readable format and have the right to transfer this data to another controller without hindrance from us, in case the processing is based on consent or contractual obligation or the processing is carried out in an automated manner. When exercising the right to data portability, the data subject has the right to obtain a direct transfer of the personal data from one administrator to another, when this is technically feasible.
Important: The responsibility for the storage of data exported from the Site, as well as for all the consequences of providing them to other administrators, is entirely yours.
Right not to be subject to a decision based solely on automated processing
You have the right not to be subject to such automated processing, including profiling, which gives rise to legal consequences for you or similarly affects you to a significant extent, unless there are grounds for this provided for in the applicable personal data protection legislation and provided for adequate guarantees to protect your rights, freedoms and legitimate interests.
Right to withdraw consent
You have the right, at any time, to withdraw the consent you have given in connection with the processing of personal data based on your prior consent. Such withdrawal does not affect the lawfulness of the processing based on the consent given until the time of its withdrawal. In the case of services such as the subscription to e-mail announcements , for which the subscription is made on the basis of your wish (consent), the possibility of unsubscribing at any time (withdrawal of consent) is provided. In the event of withdrawal of consent, we have the right to request that the identity of the applicant be verified in order to establish the identity with the person to whom the data relates.
Right to object
You have the right to object to data processed on the basis of legitimate interest. In the event of such an objection, We will consider Your request and, if justified, We will comply with it. If we believe that there are compelling legal grounds for the processing or that it is necessary for the establishment, exercise or defense of legal claims, we will inform you of this. The company will motivate itself whether it accepts the objection, resp. why it continues to process the personal data if it rejects the objection.
Right of appeal to a supervisory authority
You have the right to lodge a complaint against our company (data controller) with the supervisory authority if you consider that the processing of personal data concerning you violates the applicable legislation on the protection of personal data. The supervisory authority in the Republic of Bulgaria is the Commission for the Protection of Personal Data with address: Sofia 1592, “Prof. Tsvetan Lazarov” No. 2, e-mail [email protected] , website: www.cpdp.bg , phone: 02 915 3 518.
HOW YOU CAN EXERCISE YOUR RIGHTS. PRONUNCIATION DEADLINES
You can exercise these rights free of charge at any time , by email or with a request sent to the addresses indicated in the contact form on the Site or at the end of this Security Policy, and you can address your requests both to the company and directly to the Data Protection Officer. Requests are made in a manner that allows the identity of the requester to be identified. With respect to some rights, technical means of exercising them may be applicable, for example an unsubscribe button. In all cases, the administrator should respond to the request or rule on the exercised right to the address provided in the request, including an electronic one, within one month of its receipt.
In the event that you exercise these rights manifestly unreasonably or excessively, in particular due to their repetition, we reserve the right to impose a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the requested action, or to refuse to take action on the request. We will inform you of our fees, if applicable, before ruling on your claim.
ACCURACY OF INFORMATION
We are not responsible for the accuracy of the data you provide, we do not carry out checks in this sense (such are carried out only in certain cases) and we do not guarantee the actual identity of the individuals who provided the data. In all cases of doubt on your part, of established fraud and/or abuse, please notify us immediately. You undertake, when providing any information on the Site, not to violate the rights of other persons in connection with the protection of their personal data or their other rights.
GENERAL INFORMATION ABOUT THE POLICY
This Personal Data Policy may be changed or supplemented due to changes in the applicable Bulgarian or European legislation, at the initiative of OSA or a competent authority.
The Company will inform subjects of amendments or additions to this Personal Data Policy by publishing the updated Personal Data Policy on our website.
It is recommended that you periodically check the most current version of this Privacy Policy on the company’s website.
HOW WE PROTECT YOUR RIGHTS
SECURITY MEASURES
In order to ensure the best possible protection of the data processed by the company and concerning its customers, members, suppliers, visitors to the site and other persons, We implement all necessary organizational and technical measures provided for in the General Regulation on data protection and the Law for the protection of personal data, as well as the best practices of international standards. We apply the appropriate and necessary level of protection and to this end we have developed effective physical, electronic and administrative procedures to protect the data we collect from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to transmitted, stored or otherwise processed personal data.
We store your data on secure servers using the latest encryption algorithms and guarantee the storage of backup copies.
The company has adopted the necessary rules and procedures related to the lawful processing of your personal data, incl. An action plan in the event of a data security breach, has established structures to prevent abuse and security breaches, and has designated a Data Protection Officer who supports the processes of lawful processing, protection and ensuring the security of your data.
We have taken numerous technical, legal and organizational measures to protect the personal data of each individual. In order to avoid unregulated access, we are about to implement encryption in some areas. Also, where necessary, we will take steps to use SSL protocols to prevent the possibility of data misuse by third parties. We do not share data with third parties, except in cases where this follows from our legal obligation or right. It is possible to use the services of third parties who are processors of personal data for the aforementioned processing purposes. These persons will process the personal data on our behalf and are obliged to comply with the current regulations for the protection of personal data. These persons are carefully selected by us and have access only to data that they need to provide the services they are engaged in and within the framework of the consent expressed to us. In the event that such persons are outside the EU and do not meet the necessary requirements of the Regulation, based on its statutory status, we will ensure the protection of personal data through contractual or other legal instruments. Also, it is possible that the personal data may be provided to state or municipal authorities that carry out different types of control within the framework of the law.
Access to your personal data is permitted only to those members of the company, employees, service providers or persons related to them on the basis of the need for information for official purposes or who need it for the performance of their official rights and obligations. All members, suppliers and employees with access to personal data are required to be trained and accept the relevant contractual clauses/declarations/rules to comply with organizational and technical access measures before being granted access to information of any kind .
It is a principle in our structure that all members, employees, suppliers are responsible for ensuring the security of the storage of the data for which they are responsible and which we process, and that the data is stored securely and is not disclosed in any circumstances of third parties, unless we have granted such rights to that third party by entering into a confidentiality agreement/clause. In this regard, all personal data is available only to those who need it, and access can only be granted in accordance with established access control rules. All personal data is treated with the utmost security and stored:
Personal data is deleted or destroyed only in accordance with internal data storage and destruction procedures.
For maximum security during processing, transfer and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, back up technology for backup copies.
When you post to forums, chat rooms or social networking services, the personal information you share is visible to other users and may be read, collected or used by them. In these cases, you are responsible for the personal information you choose to provide.
Despite the measures we implement to protect your personal data, we are aware that in general the transmission of information over the Internet or other public networks is not completely secure, and there is a risk that the data can be viewed and used by unauthorized third parties. We cannot accept responsibility for these vulnerabilities of systems that are not under our control. In the event of a data leak containing personal data, we ensure that we will comply with all applicable notification norms in such cases.
COOKIE POLICY
As an integral part of this Policy for the security of personal data of natural persons, ECOFIN Consulting Ltd. has also adopted a Policy for the use of “cookies”, published and available both on the Site and on our Facebook page.
CONTACT WITH US
You can send questions and requests related to the exercise of your rights to the protection of your personal data to ECOFIN Consulting OOD , using the form for contact , available on the Site or by means of one of the specified forms for contacting the company or the Data Protection Officer:
ECOFIN Consulting OOD
Contact phone: +359 895 131 773
Email address: info@ecofin. bg
Address: Burgas, g.k. Izgrev, bl. 32, entrance 4, fl. 2, apartment 5
DATA PROTECTION OFFICER
Responsible person for data protection is Yulia Yordanova
Correspondence address: Burgas, g.k. Izgrev, bl. 32, entrance 4, fl. 2, apartment 5
Email address: [email protected]
Contact phone: +359 895 131 773
EN 
BG