Information about the data controller:
“Softaware” Ltd. is a company registered in the Commercial Register of the Registry Agency with UIC 206609469, registered office and registered address. Sofia; Slatina district, g.k. Hristo Smirnenski, bl. 19, entr. A, app. 20,
“Softaware” Ltd. acts through the website www.softaware.io, hereinafter referred to as the “Site”
Contact details: Telephone number: +359 88 238 91 78; e-mail address: email@example.com
In the following paragraphs you will find detailed information about the processing of your personal data depending on the basis on which we process it.
What is personal data? Personal data is any information or set of information that identifies you or could be used to identify you (together with other information you provide on the contact form).
The processing of personal data includes the collection, storage, transmission, correction, updating, erasure, destruction and any other action that is performed on your personal data.
Reasons and purposes for which we use your personal data We process your personal data on the following grounds:
- Direct Marketing;
- performance of our contractual obligations to Users
In the following paragraphs you will find detailed information about the processing of your personal data depending on the grounds on which we process it.
1. FOR THE PERFORMANCE OF A CONTRACT OR IN THE CONTEXT OF A PRE-CONTRACTUAL RELATIONSHIP We process your personal data in order to perform our contractual and pre-contractual obligations and to exercise our rights under contracts entered into with you.
Purposes of processing:
- to establish your identity;
- managing and fulfilling your request and the performance of a concluded contract;
- preparation of a contract proposal;
- preparing and sending you a bill/invoice for the services you use with us;
- to provide you with the comprehensive service you require, and to collect any amounts due for services used;
- retaining correspondence relating to orders placed, processing requests, reporting problems, etc.
- notification of anything relating to the services you use with us;
- customer history analysis;
- identify and/or prevent unlawful acts or acts contrary to our terms and conditions for the relevant services;
Data we process on this basis: On the basis of the contract concluded between us and you, we process information about the type and content of the contractual relationship as well as any other information related to the contractual relationship, including:
- personal contact details – email address, telephone number;
- details of enquiries made;
- correspondence relating to the overall service – emails, letters, information about your troubleshooting requests, complaints, requests, complaints, feedback we receive from you;
- credit or debit card information, bank account number or other banking and payment information in relation to payments made;
other information such as:
- Customer number, code or other identifier created for identification;
- IP address when visiting our website;
- Demographic data
- Social media account details
- Information from your actions on the website
The processing of the above personal data is mandatory for us to be able to conclude the contract with you and perform it. Without you providing us with the aforementioned data, we would not be able to fulfil our contractual obligations.
We provide personal data to third parties We provide your personal data to third parties as our main aim is to offer you a quality, fast and comprehensive service. We do not provide your personal data to third parties before we are satisfied that all technical and organisational measures have been taken to protect that data and we aim to implement strict controls to fulfil this purpose. In this case, we remain responsible for the confidentiality and security of your data.
We provide personal data to the following categories of recipients (data controllers):
- Persons who, on assignment, maintain equipment, software and hardware used to process personal data and necessary for the company’s activities
- persons providing consultancy services in various fields.
When we delete data collected on this basis We delete the data collected on this basis 2 years after the termination of the contractual relationship, whether due to expiry of the contract, termination or any other reason.
2. AFTER YOUR CONSENT We process your personal data on this basis only after your explicit, unambiguous and voluntary consent. We do not foresee any adverse consequences for you if you refuse the processing of your personal data.
Consent is a separate basis for processing your personal data and the purpose of the processing is set out in it, and is not overlapped with the purposes listed in this policy. If you give us the relevant consent and until you withdraw it or terminate any contractual relationship with you, we make product/service suggestions that are appropriate for you by carrying out detailed analyses of your basic personal data;
Detailed analytics is a method of performing analysis that enables the processing of large volumes of data through statistical models and algorithms and others that involve the use of personal data, as well as processes of pseudonymizing and anonymizing the same, in order to extract information about trends and various statistical indicators.
Data we process on this basis: We only process data on this basis for which you have given us your explicit consent. The specific data is determined on a case-by-case basis. Typically, this data is an email and phone number.
Provision of data to third parties On this basis we may provide your data to marketing agencies, Facebook, Google, LinkedIn or similar.
Withdrawal of consent Consents given can be withdrawn at any time. Withdrawal of consent does not affect the performance of contractual obligations. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we will not use your personal data and information for the purposes set out above. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to withdrawal.
To withdraw consent you need only use our website or simply our contact details.
When we delete data collected on this basis We delete data collected on this basis at your request or 12 months after it was originally collected.
PROCESSING OF ANONYMISED DATA We process your data for static purposes, that is, for analyses in which the results are only aggregated and the data are therefore anonymous. It is impossible to identify a specific person from this information.
Your data may also be anonymised. Anonymisation is an alternative to data deletion. In the case of anonymisation, all personally identifiable elements/elements that allow you to be identified are irreversibly deleted. There is no legal obligation to erase anonymised data as it does not constitute personal data.
Why and how we use automated algorithms For the processing of your personal data we use partially automated algorithms and methods in order to continuously improve our products and services to adapt our products and services to your needs in the best possible way. This process is called profiling.
How we protect your personal data To ensure adequate protection of the data of the company and its customers, we apply all necessary organizational and technical measures provided for in the Data Protection Act.
The company has established rules to prevent misuse and security breaches, which supports the processes of protecting and securing your data.
In order to maximize the security of the processing, transmission and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.
User Rights Each User of the website enjoys all the rights for the protection of personal data under Bulgarian and European Union law.
Users can exercise their rights by using the contact form or by sending a message to our email.
Each User has the right to:
- Information (in relation to the processing of his personal data by the controller);
- Access to their own personal data;
- Rectification (if the data is inaccurate);
- Erasure of personal data (right to be forgotten);
- Restriction of processing by the controller or processor;
- Portability of personal data between controllers;
- Objection to the processing of his or her personal data;
- The data subject shall also have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her;
- The right to a judicial or administrative remedy where the data subject’s rights have been violated.
The user may request erasure if one of the following conditions applies:
- The personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
- The user withdraws the consent on which the processing is based and there is no other legal basis for the processing;
- The data user objects to the processing and there are no legitimate grounds for the processing which override;
- The personal data has been unlawfully processed;
- The personal data must be erased in order to comply with a legal obligation under Union or Member State law to which the controller is subject;
- The personal data have been collected in connection with the provision of information society services to children and consent has been given by the person having parental responsibility for the child.
The user has the right to restrict the processing of his or her personal data by the controller where:
- Challenge the accuracy of the personal data. In this case, the restriction of processing is for a period that allows the controller to verify the accuracy of the personal data;
- The processing is unlawful, but the User does not wish the personal data to be erased, but requests instead the restriction of its use;
- The controller no longer needs the personal data for the purposes of the processing, but the User requires it for the establishment, exercise or defence of legal claims;
- Objects to processing pending verification that the controller’s legitimate grounds override the interests of the User.
Right of portability The data subject shall have the right to obtain the personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format and shall have the right to transfer those data to another controller without hindrance from the controller to whom the personal data have been provided, where the processing is based on consent or a contractual obligation and the processing is carried out by automated means. When exercising his or her right to data portability, the data subject shall also have the right to obtain a direct transfer of the personal data from one controller to another where this is technically feasible.
Right to object Users have the right to object to the controller to the processing of their personal data. The data controller shall be obliged to terminate the processing unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims. If you object to the processing of personal data for direct marketing purposes, the processing shall cease immediately.
Request to the supervisory authority Every User has the right to lodge a complaint against unlawful processing of his/her personal data with the Data Protection Commission or the competent court.