Our integrated policy for the protection and privacy of personal data

  1. Home
  2. Our integrated policy for the protection and privacy of personal data

Our integrated policy for the protection and privacy of personal data

Hi all you who have interest in GDPR,
We - EPC, fully respect the privacy of our users and have taken all the necessary steps to ensure the highest level of data protection for our clients. We strictly follow all applicable legal requirements including that of GDPR.

EPC processes and stores personal data of its subscribers. This Privacy Policy explains how we use, disclose, and safeguard personal information. This policy also explains your choices about how we use information about you. Your choices include how you can object to certain uses of information about you and how you can access and update certain information about you. If you do not agree with this policy, please do not access or use our Services or interact with any other aspect of our business. We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Revised” date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on the Site, and you waive the right to receive specific notice of each such change or modification. You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Site after the date such revised.

The processing of personal data of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the EPC. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

If you have any questions or comments about the Policy, your Personal Data, our use and disclosure practices, or your consent choices feel free to contact me by e-mail.

Best regards,
DPO

The company European Projects Consulting Ltd., incorporated under Bulgarian law, registration number with the Bulgarian Commercial Register 202896888 (hereinafter “EPC” or “we”) operates an internet portal that can be accessed at http://epc.bg/ (hereinafter www.epc.bg).

With this Privacy Statement, EPC wishes to explain to you which data are processed, and how they are processed, when you visit www.epc.bg, consult with our chat system for communication or use one of the other functions of www.epc.bg. In doing so, we also fulfil our information obligation pursuant to Art. 13 and 14 of the EU General Data Protection Regulation (GDPR).

Definitions

The data protection declaration of the EPC is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

Client is a customer of EPC.

Client Data are personal data, reports, addresses, and other files, folders or documents in electronic form that a User of the Service stores within the Service.

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

Pseudonymization is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

Public area is the area of the Site that can be accessed both by Users and Visitors, without needing to log in.

Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Restricted area is the area of the Site that can be accessed only by Users, and where access requires logging in.

Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

User is an employee, freelancer, or representative of a Client, who primarily uses the restricted areas of the Site for the purpose of accessing the Service in such capacity.

Visitor is an individual other than a User, who uses the public area, but has no access to the restricted areas of the Site or Service.

Responsible party and contact details of the Data Protection Officer

Responsible from a data protection standpoint for the data processing that takes place at www.epc.bg is

European Projects Consulting Ltd.
45, Graf Ignatiev Str., 1st floor
1000, Sofia
Bulgaria
Data Protection Officer – Antony Stanchev

While we operate the platform www.epc.bg, we as a data controller, may disclose data to companies within our corporate group, who operate as processors. In those cases, EPC remains the only company to determine the purpose of data processing.

Personal data

The GDPR defines personal data as 'any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

a. General use of the www.epc.bg

Even without using the services our website provides, every webserver automatically records visits to its websites. When you visit our website, our host's webserver records the following information for the purpose of maintaining the system security

  • Your IP address
  • The date and time of your visit
  • The URL
  • The content you access and
  • The information transmitted.

This information remains anonymous for us. It is impossible to associate it with you.

b. Personalization

Mandatory information

You can use our chat bot service with www.epc.bg

By doing so you can decide what information about yourself you wish to disclose to us. There are, however, some mandatory data that you do have to provide to us for the purposes of the provision of our service. Those data are: full name and contact information (e.g. e-mail address and phone number).

Voluntary information

You can also provide certain other information at your discretion. This differs depending on the specifics regarding your project and it aims to help us provide a tailor made solution to your problems.

Purpose of data processing

EPC gathers and processes the data to make to improve the quality of the services we provide. The main goal of EPC is to provide consulting services with high added value.

Legal foundation for the processing of data

If you disclose to us your data through the operational chat bot, we process those data on the basis of the user agreement reached with you pursuant to Art. 6 subs. 1 lit. b) GDPR, in order to be able to make the function of www.epc.bg that you request available to you. If you give us your data as a guest in order to use a function of www.epc.bg, the legal basis is Art. 6 subs. 1 lit. f) GDPR. Our justified interest is the purpose pursued, namely of offering you the function you desire.

If a third party enters your data with us, we process your personal data on the basis of a justified interest, Art. 6 subs. 1 lit. f) GDPR.

The legal basis for receiving news and information by e-mail is Art. 6 subs. 1 lit. f) in conjunction with Art. 95 GDPR. Our justified interest lies in informing you about our products.

Recipients of the data

Within our company, the departments that have access to your data are those that are responsible for processing the applicable information.

No information is transmitted to third-party countries, unless it is required to execute your orders, prescribed by law or if you have given us your consent to do so.

Storage duration

We store your personal data as long as you utilize our services. If you decide to terminate out cooperation, we also delete your personal data. This does not apply, however, to your name and the links to the projects you participated in. Here we still have the justified interest stated in item II. 3. above. What is more, your participation in a project is a fact from the social sphere environment. By publishing this information, we are exercising our right of free speech, so as a rule we are not obliged to delete the information pursuant to Art. 17 subs. 3 GDPR. If you have special individual reasons for the deletion, please send us a message to the addresses cited here, and we will consider your reasons when we decide whether to delete the data or not.

If we no longer store the data for the above reasons, you remain in our system for a further 24 months for technical reasons in the form of backups. The data are then, however, no longer processed for any other purposes and then deleted entirely after the end of the 24-month period at the latest.

Rights of the data subject

The GDPR guarantees you certain rights that you can assert vis-à-vis us as long as the statutory prerequisites for doing so are fulfilled.

  • Art. 15 GDPR - The data subject's right to information: You have the right to demand confirmation of whether personal data pertaining to you have been processed, and if so, what data were processed and what the circumstances of the data processing were.
  • Art. 16 GDPR - Right to rectification: You have the right to demand from us the immediate rectification of incorrect personal data pertaining to you. In doing so, you also have the right, taking into account the purpose of the processing, to demand that incomplete personal data be completed - also by means of an additional declaration.
  • Art. 17 GDPR - Right to erasure: You have the right to demand from us that personal data pertaining to you be deleted immediately. Please note the exception to this described in item II. 4 above.
  • Art. 18 GDPR - Right to restriction of processing: You have the right to demand from us that the processing be restricted.
  • Art. 20 GDPR - Right to data portability: You have the right in the case of processing based on consent or for the fulfilment of an agreement, to receive the personal data concerning you in a structured, commonly used and machine-readable format and to transmit those data to another responsible party without hindrance from us, or to have the data transmitted directly to the other responsible party, in as much as this is technically possible.
  • Art. 21 GDPR - Right to object: You have the right to object at any time, for reasons relating to your particular situation, to personal data pertaining to you being processed on the basis of a justified interest on our part or which is required for a responsibility in the public interest or which is conducted to exercise official authority.

    If you do lodge such a complaint, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or if the processing serves to assert, exercise or defend against legal claims. If we process your personal data for direct marketing purposes, you have the right to object at any time to such processing. If you do so, we will cease to process your personal data for these purposes.
  • Art. 77 GDPR in conjunction with § 19 BDSG - Right to lodge a complaint with a supervisory authority: You have the right to lodge a complaint with a supervisory authority at any time, in particular in the member state of your habitual residence, place of work or the place of the alleged infringement, if you are of the opinion that the processing of the personal data relating to you is unlawful.

Revoking your consent

If you have given us your consent, you have the right to revoke that consent at any time. In such case, all data processing we have performed up to the time of your revocation remains lawful. For this purpose you can send an e-mail to office@epc.bg If you state in this e-mail that you no longer wish to receive e-mails from us, we will cease to send notifications to that e-mail address in the future.

Obligation to make data available

You are not obliged contractually or by law to provide us with personal data. However, without your data, we are not able to offer you our services.

Automated individual decision-making, including profiling

We do not use automated decision-making with any legal effect or restriction for you.

If you have questions or comments

We take all conceivable precautions to protect the security of your data. We welcome your questions and comments regarding data protection. Just send us an e-mail to office@epc.bg

03/01/2024