The Be Free LTD, registration number 205748672, a limited liability company incorporated and existing under the laws of Bulgaria, with legal address - Bulgaria, Sofia, 1000, Vazrajdane district, 25, Bratya Miladinovi Str., fl. 3, app. 6. (the Company, as Data Controller), within its business activity on the Online Platform (the Online Platform) receives from its users – individuals (the Client, or Data subject) and use certain personal data about them.
All personal data provided by the Client to the Company is processing under the Data protection policy.
Data protection policy (the Policy) has been developed by the Company in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (the GDPR).
Contact details of the Company are available on the Company`s website: www.gig-os.com (the Website).
Contact details of the coordinator on personal data protection issues: firstname.lastname@example.org.
The Company ensures, within the framework of applicable law (GDPR, national law), the confidentiality of personal data and has implemented appropriate technical and organisational measures to protect personal data from unauthorized access, accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, personal data transmitted, stored or otherwise processed.
The Company may use data processors for processing personal data. In such cases, the Company takes needed steps to ensure that such data processors process personal data under the instructions of the Company and in compliance with applicable law (GDPR, national law) and requires adequate security measures.
The Policy applies if the Client uses, has used or has expressed an intention to use or is in other way related to any of the services or goods provided by the Company, including to the relationship with the Client established before this Policy entered into force.
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the Client.
Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
Personal data shall be accurate and, where necessary, kept up to date.
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Personal data shall be processed in a manner that ensures appropriate security of the Personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures.
Personal data shall be processed in accordance with the rights of Data subjects under the GDPR.
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of the Client in relation to the processing of personal data. In the absence of the above stated in this clause, a transfer of personal data to a third country or an international organisation shall take place only under the conditions defined by the GDPR as derogation for specific situations.
Personal data may be collected from the Client and from the Client’s use of the services. Personal data categories which the Company primarily, but not only, collects and processes are:
All data processed by the Company will be done on the following lawful ground and purposes:
contractual basis for the conclusion and performance of a contract (identification of the Client; delivery of products and provision of services; client support service; handling and processing of the objections, complaints; billing administration etc.);
consent basis – in case of the improvement of services, developing new products and services; advertising of services or commercial purposes; the Client loyalty increasing, satisfaction measurements etc.;
legitimate interests - in order to protect the Client's and/or the Company`s interest; to provide evidence relating to the contracts and their performance (recordings, submitted documents and other information); prevent, limit and investigate dishonest or unlawful use of the services and products provided by the Company; conduct commercial activity.
The processing of personal data for the purpose of providing information to public authorities and subjects of operational activities is carried out on the basis of the fulfilment of the obligations defined by the law, in cases and to the extent established by external regulations.
Where the Company intends to further process the personal data for a purpose other than that for which the personal data were collected, the Company shall provide the Client prior to that further processing with information on that other purpose and with any relevant further information.
Profiling means any form of automated processing of personal data, through the use of personal data for the purpose of assessing certain Client related personal aspects, in particular to analyse or predict aspects in relation to the Client's personal preferences, interests, behaviour and location.
The Company can apply automated decision - making regarding to the Client. The Client will be informed about such activities of the Company separately in accordance with regulatory enactments.
Automated decision - making that creates legal consequences for the Client may only be made in the course of the conclusion or execution of the agreement between the Company and the Client, or on the basis of the Client's consent.
Personal data is shared with other recipients, such as:
Personal data will be processed no longer than necessary.
The retention period may be based on agreement with the Client, the legitimate interest of the Company or applicable law (such as laws related to bookkeeping, statute of limitations, civil law, etc.). After the circumstances specified herein are terminated, the Client's personal data is deleted.
Data subject has rights regarding his/her personal data processing. Such rights are in general to:
The Client may submit a request for the exercise of his or her rights regarding the processing of personal data, including information on possible personal data protection breaches:
Upon receiving the Client's request for the exercise of its rights, the Company verifies the Client's identity, evaluates the request and executes it in accordance with regulatory enactments.
The Company shall respond to the Client's request in writing or by other means, including, if necessary, in electronic form (by e-mail or by sending it to the Client Account) taking into account, as far as possible, the manner in which the Client is provided with the response. When requested by the Client, the information may be provided orally, provided that the identity of the Client is proven.
The Company shall provide information on action taken on a request to the Client without undue delay and in any event within one month of receipt of the request. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. The Company shall inform the Client of any such extension within one month of receipt of the request, together with the reasons for the delay.
If the Company does not take action on the request of the Client, the Company shall inform the Client without delay and at the latest within one month of receipt of the request of the reasons for not taking action and on the possibility of lodging a complaint with a supervisory authority and seeking a judicial remedy.
The Policy is available on the Website.
The Company is entitled to unilaterally amend the Policy at any time, in compliance with the applicable law, by notifying the Client of any amendments via the Website.