PRIVACY POLICY

I. GENERAL TERMS

Аrt.1.(1) “BULGARIAN ENTREPRENEURS AND STARTUP COMMUNITY ASSOCIATION, UIC 177239971, having its seat and registered address at Sofia city, PO 1407, “Lozenets” district, Cherni Vrah” blvd., № 47А, 5th floor, apt. Puzl Coworking, (“Besco”/”Association”/”Us”), processes Personal Data of natural persons (“Data Subjects”/”You”) in accordance with this Policy.

(2) When processing Personal Data, Besco complies with all applicable to its activities Personal Data protection legislation, including the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data.

II. DEFINITIONS

Art.2. In this Policy, the following definitions of the terms, deriving from Art. 4 of the Regulation, are used:

  1. “Regulation” – General Data Protection Regulation of 27 April 2016, repealing Directive 95/46/EC on the protection of Personal Data. It has direct effect and implies an amendment to the legislation of the member states in the field of Personal Data protection. Its purpose is to protect the “rights and freedoms” of natural persons and to guarantee that their Personal Data is not being processed without their knowledge, and where possible, processing is subject to their consent.
  2. Personal Data” – can be any information that may be related to a natural person who is identified, or a natural person who might be identified, directly or indirectly, through the use of one or more specific features or identifiers associated with that natural person. From the point of view of the nature of the information, the term "Personal Data" includes any kind of statement concerning a person. This entails "objective" information and "subjective" information, opinions or assessments. With regards to the form or medium in which this information is contained, the term "Personal Data" includes information in any form, whether alphabetical, digital, graphic, photographic or acoustic. For example, it includes information stored on paper as well as information stored in computer memory.
  3. "Special (sensitive) categories of Personal Data" means a particular type of Personal Data due to the specific nature of the information it discloses about the natural person. In particular, this information reveals racial or ethnic origin, religious and philosophical beliefs, political views, membership in trade union (or professional) organizations, data concerning the health of the individual, biometric data for the sole purpose of identifying the natural person.
  4. "Personal Data Controller" means Besco, which determines the purposes and means of the processing of Personal Data of natural persons.
  5. "Personal Data Processor" may be any natural or legal person, public authority or body that processes Personal Data on behalf of and on the express written assignment of Besco. The processor of Personal Data is always a person who is external to the structure of the Association and is not in an employment relationship with the Association. The employees of the Association are not processors of Personal Data. The Association may also act as a Personal Data Processor. In such cases, the Association processes the relevant Personal Data, pursuant to a written contract with a Personal Data Controller, his documented instructions and in compliance with the Association’s statutory obligations.
  6. "Processing of Personal Data" means any operation or set of operations carried out with Personal Data, such as the collection, recording, organization, structuring, storage, modification, use, disclosure by transmission and access, arrangement, erasure or destruction. In practice, any activity involving the use of Personal Data in some form may involve the processing of Personal Data.
  7. Data Subject”– any living natural person, who is subject to Personal Data stored by the Controller.

III. CATEGORIES OF DATA SUBJECTS

Art.3. In connection with the activity it undertakes, the Association processes data regarding the following Data Subjects:

  1. Natural persons, visitors of the Website;
  2. Legal representatives of applicants for membership in the Association; 
  3. Legal representatives of members of the Association;
  4. Sponsors and donors of the Association;
  5. Natural persons subscribed to the newsletter of the Website;
  6. Natural persons, who have sent inquiries (incl. by phone), requests, signals, complaints to or other correspondence with Besco;
  7. Natural persons, whose data is contained in inquiries (incl. by phone), requests, signals, complains to or other correspondence with Besco.
  8. Other categories of natural persons, whose Personal Data is processed in the course of the activity carried out by the Association.

IV. PERSONAL DATA PROCESSED  

Art.4. (1)  Besco processes the following Personal Data:

1. Mandatory data, which are provided when filling-out the electronic membership in Besco application form, as follows:

  • name and surname of the legal representative of the legal entity and another representative – applicant for membership, respectively member of the Association;
  • email and phone number of the legal representative of the legal entity and another representative – applicant for membership, respectively member of the Association;

2. Additional data, which is provided when filling out the electronic membership in Besco application form, as follows:

  • Name and surname of the founders of the respective legal entity – applicant for membership, respectively member of the Association;
  • Profile in the social network LinkedIn of the founders of the respective legal entity – applicant for membership, respectively member of the Association;

3. Name, middle name, surname, PIN, address and bank account of the sponsors of the Association;

4. Name, middle name, surname, PIN, address of the donor of the Association

5. Е-mail address of users subscribed to the newsletter of the Website;

6. Data provided in relation to a correspondence, complaints and signals, namely: data concerning customer or user communication, provided in the feedback form on the Website (name, e-mail address), including Personal Data provided over phone calls with Besco or sent with standard mail or e-mail;

7. The Website can store data concerning visits to the Website (date, time).

V. PURPOSES AND LEGAL GROUNDS OF PROCESSING

Art.5. Besco collects, uses and processes the information described above for the following purposes and pleas:

(1) The purposes for which the processing of personal data is based on the execution of a contract or taking of steps prior to entering into a contract:

  1. Acceptance of candidates for membership in the Association and their selection, as well as the establishment, action, and termination of membership relationships within the Association. BESCO has the right to contact you via the email address and telephone number provided for questions related to your membership application, your membership, updates and other relevant communications. This includes but is not limited to inquiries, notices and messages. Any changes to your contact information must be reported to BESCO immediately.
  2. Drafting contracts with third parties - for the purpose of contract signing, BESCO must have certain personal data (name, personal identification number), data for identity documents, and contact information. BESCO may request additional information depending on the nature of the services subject to the contract, such as a bank account number.
  3. Execution of the concluded contract - assistance in fulfilling the rights and obligations under the concluded contract.

 (2) Purposes for processing personal data based on legal obligation:

  1. BESCO processes personal data of representatives of Association members for the purpose of informing you about various circumstances related to your rights and obligations as members of the Association, the protection of your data, information about the activities of the Association, compliance with the law and internal acts of the Association, and the convening and holding of General Meetings.
  2. Fulfillment of legal obligations for the retention or provision of information upon receipt of corresponding orders from competent state or judicial authorities.
  3. Providing the opportunity for the exercise of the supervisory powers of competent state authorities.

For these purposes, it may be necessary to process part or all of the categories mentioned above.

 (3) Purposes for processing personal data based on the legitimate interests of the Administrator:

  1. Receipt and processing of received signals, complaints, requests, and other correspondence. This includes resolving submitted complaints, signals, disputes, inquiries, requests, or other questions received through communication to us, via the website, through calls to BESCO, or through regular or electronic mail. We store and process this information, as well as the results of this processing.
  2. Exercise and protection of the rights and legitimate interests of BESCO, including through legal means, and providing assistance in the exercise and protection of the rights and legitimate interests of other users of the website and/or affected third parties.
  3. For statistical purposes, including analyzing the performance of website applications and their use by users.
  4. Analyzing and categorizing information related to industry trends, market research, improving our services, adapting our support, and better understanding the needs of our users, clients, and stakeholders.
  5. Administrator's marketing purposes related to product and service offerings; sending information about organizing events, products, services, gifts, and other activities (e.g., through newsletters, telemarketing).
  6. Detection and resolution of technical or functional issues, development and improvement of the website. Ensuring the normal functioning and use of the website by members and other users, support and service management, resolution of disputes, and identification and prevention of malicious actions. Logs related to security, technical support, development, etc., may be used for:
  • Ensuring reliable functioning and identifying technical issues.
  • Ensuring security and detecting malicious actions.
  • Developing and improving the website.
  • Measuring website traffic and usability.
  • Logs required by law.

These purposes may require processing of all or some of the categories mentioned above.

VI. COOKIES

Art.6. The Website needs cookies to function properly. You can find detailed description of the cookies used by us and their purpose in the Cookie Policy published on the Website.

VII. RETENTION PERIOD

Art.7. Besco stores Your Personal Data for a period necessary to achieve the purposes for which it was collected. Upon achieving the relevant purpose, Your Personal Data shall be immediately destroyed, unless Besco is obliged to Process it for a longer period pursuant to applicable legislation.

Art.8. Personal Data, collected in relation to a Website registration, respectively with regard to the contract between us, shall be Processed until you request to have Your profile deleted. In this event we shall destroy the collected Personal Data, unless we are obliged to Process it for a longer period pursuant to applicable legislation, including when protecting the Association’s legitimate interests (including limitation periods pursuant to applicable legislation that governs filing claims and others.)

Art.9. In certain circumstances Besco has the right to anonymize Your Personal Data for research, statistical or other purposes, in which event the Association may use this data for an indeterminate period of time without having to additionally notify You.

Art.10. In the event that Besco no longer requires Your Personal Data, the latter shall be deleted or anonymized, so that all details which lead to Your identification shall be removed.

Art.11 In the event a dispute or legal proceedings have arisen, requiring the retention of Personal Data and/or upon request by a competent state authority, it is possible to retain the Personal Data for a longer period than the one specified, until resolution of the dispute or completion of the legal proceedings at all judicial levels. The specified period is subject to change if an alternative retention obligation is determined pursuant to the current legislation.

VIII. THIRD PARTIES.

Art.12. Your Personal Data may be provided to third parties only in the following events:

  1. when this is provided for in the legislation;
  2. when duly requested by a competent state or judicial authority;
  3. when we have received Your explicit consent; 
  4. when necessary for the protection of the rights and legitimate interests of Besco and/or other users. 

Art.13. In the events of Art.12, p1, Besco implements contractual arrangements and mechanism for data security, aiming to protection Your Personal Data, as well as to comply with the data protection, privacy and security standards.

Art.14. Personal Data, stored by Besco, may be transferred to:

  1. Other companies, part of Besco’s network, where this is necessary for administrative purposes and allowing us to deliver professional services to our customers (example, when providing services incorporating consulting by other companies, part of our network, located in different countries).
  2. Third parties and/or organizations, which supply us with applications and/or functionalities; IT services and services related to Personal Data Processing.
  3. Third parties who assist us with the provision and management of our internal IT systems. For example, provider of information technologies, providers of cloud services, identity management, hosting and website management, data analysis, data archiving, security and storage services. The servers that power up and facilitate this cloud infrastructure are located in protected data centers around the globe and Personal Data can be stored in any of them;
  4. Third parties/organizations, who assist us with service or information delivery in alternative means;
  5. Auditors and other professional consultants;
  6. Law enforcement authorities, other state and regulatory agencies and other third parties as required by and in compliance with the applicable legislation;

Art.15. With regards to Personal Data regulated by EU legislation, please bear in mind that cross-border transfers might include countries outside of the European Economic Area (EEA) and countries, which have no laws to provide for specific Personal Data Protection. We have taken all necessary steps to guarantee that all Personal Data has the necessary protection and that all transfers of Personal Data outside of EEA are conducted lawfully. When transferring Personal Data outside the EEA in a country which is not classified by the European Commission as providing adequate level of Personal Data protection, such transfers take place in accordance with an agreement, complying with the requirements of EU for Personal Data transfers outside the EEA – for example, the approved by the European Commission Standard Contractual Clauses (SCCs). You can find more about those clauses here.

IX. DATA SUBJECT RIGHTS.

Art.16. The Regulation envisages the following rights:

  • Right to be informed.

This Policy is intended to inform You in detail about the Processing of Your Personal Data in connection with the Services provided.

  • Right to Access. 

You have the right to receive a confirmation whether Your Personal Data is being Processed, access to such data and information regarding their Processing and Your respective rights. The right to access can be exercised at any time.

  • Right to rectification. 

You have the right to rectify Your Personal Data in the event it is incomplete or inaccurate.

You can exercise the right to rectify Your Personal Data at any time through a request to Besco.

  • Right to deletion. 

You have the right to request the deletion of Personal Data, except in cases where there is a substantial basis and/or legal obligation for its Processing.

Data can be deleted upon expiry of the specified period. Meanwhile, the data can be provided in due course only to the competent state authorities in exercise of their control powers or to a court of competency in the case of court proceedings which the court has a standing for. In the event a dispute or legal proceedings have arisen, requiring the retention of Personal Data and/or upon request by a competent state authority, it is possible to retain the Personal Data for a period longer than the one specified, until resolution of the dispute or completion of the legal proceedings at all levels.

  • Right to restriction of processing. 

The Regulation provides for the possibility of restricting the Processing of Your Personal Data, provided that the statutory grounds required to exercise this right are present.

  • Right to inform third parties. 

Where applicable, You have the right to request from the Controller of Your Personal Data to inform relevant third parties, whom the Controller has shared Your Personal Data with, about any rectification, deletion or restriction of Processing of Your Personal Data.

It is important to note that Besco is not an intermediary in the relationship between You and third parties.

  • Right to data portability

You have the right to obtain Your Personal Data in a structured, commonly used and machine readable format, and have the right to transmit this data to another Controller at Your own discretion.

  • Automated decision-making.

You have the right not to be subject to automated decision making, including profiling, which produces legal effects for Your or in a similar fashion significantly affects You, unless the grounds provided for in the applicable Personal Data Protection legislation and appropriate safeguards for Your rights, freedoms and legitimate interests are present.

The Website does not utilize technologies falling in this category.

  • Right to withdraw consent.

You have the right, at any time, to withdraw Your consent from the Processing of Personal Data, which is on the grounds of Your consent. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. 

For Services like the subscription to email advertisements, where the subscription is on the grounds of Your will (consent), an option to terminate the subscription at any time (withdrawal of consent) is given.

  • Right to object.

You have the right to object to the Processing of Your Personal Data which is based on the grounds of public interests, exercise of official authority or legitimate interest.

In the event of such objection, Besco shall process Your request and if found reasonable, we will fulfill it. Should we consider that there are convincing statutory grounds for such Processing or it is necessary for the establishment, exercise or defense of legal claims, we shall inform You of such development.

  • Right to lodge a complaint.

You have the right to lodge a complaint with the supervisory authority or a judicial authority, if you consider that Processing of Your Personal Data violates the applicable Personal Data protection legislation. The supervisory authority of Republic of Bulgaria is the Commission for Personal Data Protection, with address: Sofia 1592, 2 Prof. Tsvetan Lazarov blvd.

X. DATA ACCURACY.

Art.17. Besco does not bear any responsibility for the accuracy of Your Personal Data, does not conduct checks in this regard, and does not guarantee the true identity of the natural persons who have provided the data. In all events of doubt on your behalf, of established fraud and/or misuse, we kindly ask you to inform us immediately. You are obliged, when providing any information on the Website, not to violate the rights of third parties in relation to the protection of their Personal Data or other rights.

The Privacy Policy is drafted in two identical copies, in Bulgarian and English, and if there is a difference between the Bulgarian and English text, the Bulgarian text will be will prevail.

This Policy is last updated on 01.12.2023