Privacy Policy

This Privacy Policy explains how we collect and process your data in our capacity as Administrator. 1. WHO ARE WE AND HOW TO FIND US? We, the BULGARIAN ASSOCIATION OF SOFTWARE COMPANIES /BASSCOM/, are the Administrator regarding your personal data and are responsible for them. If you have any questions about how we process your personal data, please contact us. Contact details: ASSOCIATION "BULGARIAN ASSOCIATION OF SOFTWARE COMPANIES /BASSCOM/", EIK 130886020, represented by Krum Hadjigeorgiev, with correspondence address: Sofia, 7 Boycho Voivoda Street, 4th floor, 02/489 97 43. You can contact us at the above addresses as well as by e-mail: office@basscom.org. We have appointed Maya Marinova as the person in charge of personal data protection. BASSCOM carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data. That is why we protect your data by applying all appropriate technical and organizational means at our disposal to prevent unauthorized access, unauthorized or malicious use, loss or premature deletion of information. BULGARIAN ASSOCIATION OF SOFTWARE COMPANIES /BASSCOM/ respects your privacy. BASSCOM collects, stores, uses and processes personal data only to the extent that this is necessary for carrying out its activities in compliance with the applicable legal requirements. YOUR RESPONSIBILITIES • If you are in a contractual relationship with us, please check the related terms and/or policies: they may contain further details about how we collect and process your data. • Please also pay attention to additional information and conditions that we introduce you to at various stages of our interaction. • By providing us with data, you declare to us that you are over 18 /eighteen/ years old. It is very important that the information we have about you is correct and up-to-date. Please inform us of any changes or if you notice any errors. 2. WHAT YOUR DATA WE PROCESS, FOR WHAT PURPOSE AND FOR WHAT BASIS? We observe the following principles when processing your personal data: • your personal data are not used for purposes other than those for which they were collected, except with your consent and in the cases expressly provided for by law. • personal data is stored only as long as is necessary for the fulfillment of these purposes; • personal data are precise, accurate, complete and up-to-date, insofar as this is necessary for the purposes for which they are used; • personal data is protected by security measures corresponding to the specified "Impact Level". We process personal data for specific purposes and on relevant legal grounds, depending on your role with us. 2.1. When you are a visitor or user of our website: http://www.basscom.org/ A) Automatically collected information: You may access the website without entering personal data. But even in this case, certain information is automatically processed, such as cookies and analysis of the website through Google Analytics. 1. Cookies To make our website as user-friendly as possible, we use so-called "cookies", like many other website operators. "Cookies" are small text files that are stored in your browser. Most cookies we use are session cookies. They are automatically deleted at the end of your visit. However, we also use permanent cookies. They serve to improve user targeting. You can set your browser to inform you about the creation of cookies so that their use is completely transparent to you. In general, you can also refuse to accept cookies through your browser settings. However, this may mean that you may not be able to use all of the website's features. 2. Website analysis via Google Analytics. In order to continuously improve our website, we use Google Analytics, a web analysis service of Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA ("Google"). Google Analytics uses "cookies", which are stored on your computer and enable an analysis of the use of the website. The information generated by the cookies about your use of this website is usually sent to a Google server in Europe (or in a member state of the European Economic Area) to anonymize the IP address, so that all personal characteristics are excluded. Only after it has been anonymized is the abbreviated IP address transferred to a Google server in the USA and stored there. Only in exceptional cases is it necessary to transfer and store the full IP address on a Google server in the USA. This website uses Google Analytics with an extension for the anonymous collection of IP addresses (so-called IP masking). On our behalf, Google will use the collected information to evaluate the use of the website, B) Social plugins or buttons LinkedIn or others. Their use is at your discretion. These buttons represent a link to third-party sites that, using cookies, collect and process personal data according to their own policies. We are not responsible for them, but in view of your awareness and rights, we ask you to familiarize yourself with them. We have placed these plugins to make our website more functional for visitors, and to promote our business and services if you voluntarily share our content on the relevant sites. We accept this as our legitimate interest. C) Links to other sites. Our site may link to other sites. If you choose to follow these links, please read the privacy policies of the respective sites in detail to understand how your information will be processed by the third parties. D) Sometimes we also process your data on a pre-contractual basis. We apply this basis in all cases in which you request to conclude a contract with us and we process your necessary data for this purpose. In other cases, there may be a concluded contract between us and the processing of your personal data through the website is in connection with the fulfillment of our contractual obligation. If you are applying for a job with us, please familiarize yourself with item 2.9. below. E) Sensitive data about you /special categories of personal data/. We do not collect such data about you. Special categories of data, or "sensitive data", are those revealing racial or ethnic origin, political views, religious or philosophical beliefs or trade union membership, genetic data, biometric data for the sole purpose of identifying an individual, health data condition, sex life or sexual orientation. Please do not provide us with such data. Providing such data, as well as other personal data that is not necessary for the relevant purpose of our interaction with you, exposes your rights to unnecessary risk. 2.2. If you are a visitor to our office: In this case we will ask you to introduce yourself and provide us with basic information about you /your names, organization you work for or represent/, we can also reflect the day you visited us. 2.3. If you are a participant in our event: We will collect the necessary information for your inclusion and participation. Sometimes we may ask for information about your preferences to make the event more enjoyable or useful for you. In some cases, events may be recorded by cameras or cameras and we may use relevant recordings or photographs, as well as information about your participation, to promote our event in the media, on our website, in a presentation or otherwise, incl. when the filming or filming is necessary for the execution of a project. If this bothers you, you can inform us in advance that you do not want us to publish information about you or your image. We may also ask you for feedback on how you rate our event. You always have the right to object to this way of using your data, as described below in relation to your rights. We collect and process the personal data you provide us also for the needs of project reports. 2.4. If you are a representative or employee of a member of the Association. We usually process the following information for the representatives or employees /designated as a contact or authorized on a certain occasion/ of our members: Basic information: names, social security number, e-mail, telephone, position held and place of work; Other information about members: information about your activity as a member /for example, participation in our events, your suggestions, the correspondence we have with you, how you voted at our General Meetings and other meetings and others/. On the occasion of the Association's participation in various projects related to its subject of activity and the Association's goals, we may share information about our members /mainly Basic Information/ with the persons responsible for our participation in the project, for example state and municipal authorities , Ministries, non-profit associations. In these cases, we refer to our legitimate interest in carrying out our object of activity, as well as the purposes for which the Association was established. We will not inform you explicitly and in advance of every case in which we will transmit such information, but you can always contact us for reference. 2.4.1. If you are a member of our governing body. In these cases, in addition to information about our members, we also process information about your activities and your statements as members of a governing body. 2.5. If you "follow" us on social networks. If you have "liked" our profile on a social network or "followed" it, according to the practices of the respective networks, you will see messages or materials published by us on our page. 2.6. If you are a contact person of our partner, supplier, co-contractor: This means that you represent an organization - our partner, supplier, co-contractor or are its employee. In order to maintain our business relationship with the organization, we will often need information about you, for example: Your names, telephone, email, business card, information about your position in the relevant organization. We will also process the following information: written/electronic or other correspondence with you; data contained in documentation relating to our relationship with the organization, for example your signatures, description of your conduct, your statements, etc.; any other information we need in connection with the business relationship with the organization. 2.7. For what other purposes may we use your personal data? We have described the most typical purposes for their processing above, but you should also consider the following purposes: - for administration of our activity, including reporting and analysis in the association itself - our legitimate interest; - prevention of fraud and other illegal and criminal activities - our legitimate interest; - to establish and defend legal claims - our legitimate interest; - to fulfill our obligations under a contract to which you are not a party - our legitimate interest; - to analyze the effectiveness of our services and activities and their improvement - our legitimate interest. - to fulfill our obligations under a contract to which you are a party; - to fulfill our obligations applicable by law, for example accounting, tax and other obligations; 2.8. On what legal basis do we process your data? 2.8.1. Our legal obligation These are the cases in which the processing of your personal data is necessary to comply with our legal obligation. 2.8.2. Our legitimate interest When we define our legal basis as a "legitimate interest", we first assess what it is and whether the processing of your data is necessary to achieve it. We also assess whether your interests, fundamental rights and freedoms do not take precedence over it. Regardless of our discretion, you always have the right to object to processing based on legitimate interests, as described below in item 9.1.4. 2.8.3. Pre-contractual or contractual basis When we need to take necessary steps, at your request, to conclude a contract between us or to fulfill a contract already concluded between us. In these cases, we will take care to process only your information necessary for the purpose. 2.8.4. Your agreement It is a freely expressed, specific, informed and unambiguous indication of your will, by means of a statement or a clear affirmative action, which expresses consent to the processing of your personal data for a specific purpose. If we have to process your "sensitive data" on the basis of your consent, the same should also be explicitly given. In item 9.1.7. you will find out how you can withdraw your consent at any time. Note that consent is a different legal basis than those described above. For example, signing a contract between us is not equivalent to giving consent. If you have concerns or doubts about what exactly is the applicable basis for a specific purpose of processing your data, you can always contact us. 3. CAN YOU NOT PROVIDE YOUR PERSONAL DATA? You are obliged to provide us with your personal data in the event that such a contractual or legal obligation exists. If in such cases you do not provide us with this data upon request, we may not be able to enter into or perform the contract or realize any of the other purposes. In any case, we will notify you of this. 4. WHO DO WE SHARE YOUR PERSONAL DATA WITH? We may need to share your personal data with the parties listed below: 4.1. With members and partners, co-contractors of the association - on the basis of our legitimate interest in carrying out our activities. 4.2. Service providers - processing personal data. These can be hosting companies, IT service providers, system administration, couriers. We conclude contracts with them that guarantee the security of your data. 4.3. Other personal data controllers who provide us with relevant services – banks, auditors, lawyers, professional consultants and insurers, event organizers and others – when this is necessary for our legitimate interest to provide us with a particular service. 4.4. Public authorities that require us to declare processing activities. 5. INTERNATIONAL DATA TRANSFER Your personal data is usually processed within the European Union or the European Economic Area and is not transferred to other countries ("third countries"). 6. SECURITY OF INFORMATION We have implemented security measures to prevent the accidental loss, use, alteration, disclosure or access of your personal data without authorization. We also provide access to your personal data only to those employees and partners who have a specific business need to access such data. 7. DATA STORAGE PERIOD We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of complying with legal, accounting, tax or reporting requirements. When deciding on the exact period of data retention, we take into account its volume, nature and sensitivity, the potential risk of harm from unauthorized use or disclosure, the purposes of processing and whether they can be achieved by other means and legal requirements. For tax purposes, we are required by law to retain basic information about our customers (including contact data, identity, financial data and transaction data) for ten years /plus current/ after the end of the relevant relationship. In many cases, we will comply with the statute of limitations under applicable law, for example, for bringing certain claims, which is in our legitimate interest. In all cases, we take measures to restrict access to personal data at appropriate stages, in view of the ongoing processing of the data and the relevant purposes. In some circumstances, we may anonymize your personal data for statistical or other purposes, in which case we may use this information for an unlimited period of time without further notice to you. 8. YOUR RIGHTS 8.1. In certain circumstances, by law, you have the right to: 8.1.1. request access to your personal information (commonly referred to as a "data subject access request"). This gives you the opportunity to obtain a copy of the personal information we hold about you and to check whether we are processing it lawfully. 8.1.2. request correction of the personal information we hold about you. This allows you to correct and update incomplete or inaccurate information we hold about you. 8.1.3. request deletion of your personal information. This gives you the opportunity to ask us to delete or remove personal information where there is no good reason for us to continue processing it. You have the right to ask us to delete or remove your personal information also where you have exercised your right to object to processing (see below). 8.1.4. objections to the processing of your personal data when we base the processing on our legitimate interest (or that of a third party) and there are grounds related to your particular situation. In addition, you have the right to object when we process your personal information for direct marketing purposes, including in cases of profiling. 8.1.5. request the restriction of the processing of your personal information. This allows you to ask us to stop processing personal information about you, for example if you want us to establish the accuracy or basis for processing it. 8.1.6. request the transfer of your personal information to another party /right of portability/. 8.1.7. withdraw your consent - in case we process personal data on the basis of your consent or express consent, you have the right to withdraw your consent at any time, without prejudice to the lawfulness of the processing based on consent, before it be withdrawn. You can see more about these rights also on the website of the Commission for Personal Data Protection: https://www.cpdp.bg/?p=element&aid=1045. 8.2. Exercising Your Rights. If you wish to exercise any of the rights specified above or receive more information about it, please send us an email to the address: office@basscom.org or send us a letter to our correspondence address: Sofia, ul. "Boicho Voivoda" No. 7, fl. 4, phone: 02/489 97 43. You will not pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is repetitive or excessive, or we may refuse to fulfill your request in these circumstances. We may need to ask you for specific information to help us verify your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure that ensures that personal data is not disclosed to a person who does not have the right to receive it. We may also contact you to request additional information regarding your request to expedite a response. We try to respond to all legitimate requests within one month. Sometimes it may take us more than a month, in which case we will let you know. 9. YOUR RIGHT TO COMPLAINT TO A SUPERVISORY AUTHORITY If you are not satisfied with any aspects of how we collect and use your data, you have the right to lodge a complaint with the relevant competent Supervisory Authority. The Commission for the Protection of Personal Data is the Supervisory Authority of the Republic of Bulgaria, defined by the Law on the Protection of Personal Data as follows: Address: Sofia 1592, Blvd. "Prof. Tsvetan Lazarov” No. 2, GPS coordinates: N 42.668839 E 23.377495. Center for information and contacts - tel. 02/91-53-518. Email: kzld@cpdp.bg. Website: www.cpdp.bg. We would appreciate it if you would contact us first, in case of a complaint, so that we can try to help you. 10. MODIFICATION OF THIS POLICY We have the right to change and update this Policy. We will post such changes on our website: http://www.basscom.org/. Last update: 12.07.2024

The site uses necessary cookies in order to maintain its functioning. If you agree to the use of additional analytic cookies by clicking the "Accept" button, you will allow us to improve the performance of the site and the services we offer.