Updated 28 March 2023
If you have any questions or requests, please contact us at: Sofia, 1000, Sredets District, 1 Hristo Belchev Street, ap. 1, 1st floor, phone: +359887742780, email: firstname.lastname@example.org.
Data protection officer: Nedko Krastev, phone: +359887742780, email: email@example.com.
WHO WE ARE
The Company, providing you services through this Website is “365 Company” OOD, a limited liability company, incorporated and existing under the Laws of the Republic of Bulgaria, registered with the Commercial Register and the Register of Non-Profit Legal Entities at the Registry Agency in the Republic of Bulgaria under Unified Identity Code 205339138, having its seat and registered office at Sofia, 1000, Sredets District, 1 Hristo Belchev Street, ap. 1, 1st floor, represented by Nedko Todorov Krastev, in the capacity as Managing Director.
PERSONAL DATA WE COLLECT AND HOW WE USE IT
Personal data is data that describes and is linkable to someone as a person.
We collect personal data in order to provide the services to our Users. We don’t sell or otherwise distribute your personal data. We may share it with our selected service providers only when it is vital for the provision of our services as explicitly described below.
We may process your personal data for the following purposes:
- Full name and email address - these are necessary for the identification of the User, the registration of a User Account in the Platform available on our Website and the use of our Services. In case the registration in the Platform is made by logging in with the User’s accounts in social networks - Facebook, Google or LinkedIn, we will also collect the profile picture of the User from his/her social network account;
- Telephone number, place, company/school, role, biography, personal information from public profile/website if provided - this information may be processed in case the User chooses to add it in its User Account and in order to provide him/her with better experience when using our Services.
- Company, Credit/Debit card number, Cardholder Name, Validity, PayPal address - this information is necessary for the purchase of our subscription plans, settlement of the contractual relationship between the parties and execution of the contract and in order for the User to have access to and use all courses topics, materials and services provided on the Platform.
- Personal identification number, ID card/Passport data, address - these are necessary for the issuance of invoices if the User wishes to receive an invoice for the amounts paid, settlement of financial transactions and accounting matters.
When we receive an inquiry by a person through our contact forms, we will use the contact information (name and email address) and other information provided by him / her to contact and provide the assistance he/she needs.
Data processing activities, listed above, are necessary for the performance of the contracts with our Users and for the provision of our Services. We shall not be using your contacts to promote third party products or services.
METHOD OF COLLECTION
Each User provides personally the Personal data, entered or uploaded to the Website.
Users are not allowed to enter third party personal data, including sign up a third party using their email address, without due authorization by such third party. We do not monitor or control the content, entered or uploaded by User. It is the User’s responsibility to provide and guarantee that the processing of personal data activities performed by the User with our Website are compliant with the requirements of the GDPR and other applicable personal data protection legislation.
We take appropriate technical and organisational measures to protect your personal data against loss or other forms of unlawful processing. We make sure that personal data is only accessible by only those who need access to do their job, and that they are properly trained and authorised. Our staff is required to conduct themselves in a manner consistent with the company’s guidelines regarding confidentiality, ethics, and appropriate usage of data. Staff is required to execute a confidentiality agreement and are provided with proper training in online privacy and security.
SUB-PROCESSORS AND PROCESSING OUT OF EU
Based on the above we may store and process User Data out of the EU, including in the United States of America, where some of our Sub-processors are based. After the Court of Justice of the EU abolished the EU-US Privacy Shield in July 2020, the USA are regarded as a third party not ensuring an adequate level of protection. Any transfer of personal data outside the European Economic Area is done by us only under strict compliance with the GDPR. We ensure the third-party recipients in non-adequate countries conclude the EU standard contractual clauses (EU SCC) with us or follow appropriate safeguards pursuant to art. 46 GDPR.
We use as Sub-processors and User personal data may be transferred to the providers of the following services:
- Email service (Infusionsoft);
- Payment gateway (PayPal);
- Payment gateway and Merchant of records (FastSpring);
- Teachable (LMS provider).
INFORMATION WE SHARE
We do not share personal information with companies, organizations and individuals unless one of the following circumstances applies:
- With your consent - we will share personal information with companies, organizations or individuals - employers, when we have your explicit consent to do so;
- For making some services possible – to third party sub-processors, as described above;
- For legal reasons - we will share personal information with companies, organizations or individuals, if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of ours, our Users or the public as required or permitted by law.
We may share non-personally identifiable information publicly and with our partners.
We provide Services to and allow our Website to be used only by persons aged 18 and over. If aged under 18, please ask for the assistance of a person aged at least 18 in order to use our Services.
If we obtain actual knowledge that we have collected personal data from a person under the age of 18, we will promptly delete it, unless we are legally obligated to retain such data.
Please, contact us, if you believe that we have mistakenly or unintentionally collected information from a person under the age of 18.
In principle, we process data while the User has an active Account with us or while using our Services and 5 years after the deletion of the Account - in order to prevent the loss of data valuable to the User, in respect of claims or queries by the User, to resolve any legal and out-of-court disputes, recovery of claims and compliance with applicable law, including the requirements of applicable tax and other legislation.
The term of storing your data if you contacted us through our contact forms but did not use our Services is 6 months in order to facilitate communication and assist you in all matters.
You have the right to request a copy of your personal data at any time, to check the accuracy of the stored information, to correct or update this information, to ask for your personal information to be deleted if there are grounds for doing so, as described below. You also have the right to complain when your privacy rights have been violated. Below is a detailed description of your rights as a personal data subject:
- You have the right to request a confirmation if personal data relating to you are being processed and to request a copy of your personal data as well as the information relating to the collection, processing and storage of your personal data.
- You have the right to request your personal data to be deleted if there are any of the following grounds:
- personal data are no longer necessary for the purposes for which they have been collected;
- where you have objected against the processing when the processing is unlawful;
- where data is processed on your consent and you withdraw that consent;
- where personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller.
- You may be denied to delete your personal data for the following reasons:
- exercising of the right to freedom of expression and the right to information;
- to comply with our legal obligation or to carry out a task of public interest or in the exercise of the official authority that has been granted to us;
- for reasons of public interest in the field of public health;
- for the establishment, exercising or protection of legal claims.
- You have the right to request your personal data to be corrected if it is inaccurate or to be supplemented if it is incomplete.
- You have the right to request to restrict the processing of your personal data if applicable and there is a reason to do so, for example:
- you dispute the accuracy of personal data for a period that allows us to verify the accuracy of personal data;
- the processing is illegal, but you do not want personal data to be deleted but only to be limited;
- we do not need any more personal data for the purposes of processing, but you require them to identify, exercise or protect your legal claims;
- you have objected against the treatment pending verification that our legitimate grounds have an advantage over your interests.
- You have the right to request to receive personal data that concern you and which you have provided in a structured, widely used and machine readable format, and you have the right to transfer this data to another administrator when the processing is based on consent or on contractual obligation and the processing is done in an automated manner.
- You have the right to make an objection against the processing of your personal data before the Data Protection Officer if there are reasons to do so.
You can address all requests to the Data Protection Officer. In order to be able to provide you with full assistance, please provide us with accurate information about you and specify your request. It is possible that, in the exercise of your rights, we may ask for additional information to establish your identity.
Please keep in mind that when your requests are clearly unreasonable or excessive, in particular because of their repeatability, we can:
- charge a fee, taking into account the administrative costs of providing information or communication or undertaking the requested activities, or
- refuse to take actions on the request.
We will make reasonable efforts to respect your request within 30 days of receiving your application. If necessary, this term may be extended by a further two months, taking into account the complexity and the number of requests.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems). Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.
If you file a privacy-related complaint, we will collect your name and/or company name, name of a complaint-related person, email, and country location and details that gave rise to your complaint. We will use the information you provide to investigate your complaint and to send you an answer once your complaint is reviewed.
If you think we have infringed your privacy rights, you can lodge a complaint with the supervisory authority of Bulgaria, which is the Commission for personal data protection. More information can be found at: cpdp.bg.
You can also lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s).