I. PHAZZA as a personal data controller
“PHAZZA” EOOD (PHAZZA) is duly registered as personal data controller with middle level of personal data protection according to Ordinance № 1/30.01.2013 on the minimum level of technical and organizational measures and the admissible type of personal data protection with identification number […] to the Register of data controllers the Bulgarian Commission for personal data protection. The information about the registers maintained by PHAZZA (including their name; categories of individuals for which personal data is collected; level of protection and others) is public and available on the website of the Commission.
II. Scope of the Policy and the activity performed by PHAZZA as a controller of personal data
This Policy represents summarized information about the storage, use, and ensuring the security of the Visitors’ and Users’ personal data and of third parties represented by them, acquired by visiting PHAZZA’s Interface and using its functionalities, as well as by use of the relevant services provided by PHAZZA.
PHAZZA respects all Visitors’ and Users’ rights of personal data inviolability and protection and PHAZZA undertakes not to use the data without their consent, except in the cases exhaustively listed in this Policy and the LPPD. For the purposes of the current Policy PHAZZA adopts the definition for “personal data” under LPPD, namely: personal data is any information relating to an individual, who is identified or identifiable, directly or indirectly, by the reference to an identification number or to one or more specific features.
In its capacity of a personal data collector, PHAZZA collects, processes, stores and transfers Visitors’ and Users’ personal data information in the manner described in this Policy. The personal data collected by PHAZZA may include: names, birth dates, addresses, domicile, location, e-mails, phones, passport data, profiles on other internet websites, customer habits, interests, behaviour and others, as this list is non-exhaustive, but only indicative.
The Visitors and the Users shall be informed that PHAZZA under no circumstances may demand, collect, process, store or transfer information, containing personal data which (i) reveal racial or ethnic origin; (ii) reveal political, religious or philosophical convictions, membership in political parties or organizations, associations having religious, philosophical, political or trade-union goals; or (iii) refer to health, sexual life or the human genome. The Visitors and the Users shall not disclose and publish similar information while using any PHAZZA’s Interface or services, as the eventual disclosure of such information by Visitors and Users may not incur PHAZZA’s liability.
III. Collection and processing of personal data by PHAZZA
The personal data of the Visitors and the Users is usually collected and processed by PHAZZA in the process of performing some of the following specific actions and activities:
Visiting a website, which is a property of PHAZZA and/or maintained or administered by PHAZZA;
The information collected by PHAZZA upon visiting such websites, excluding the information collected through cookies, includes non-exhaustively the following data: IP-address of the particular Visitor or User, website access date; information on the manner of use of the relevant service; information about the browser and the operating system; referring URL, etc.
Use through the Interface of each and every service provided by PHAZZA;
The information, collected by PHAZZA in the process of using PHAZZA’s Interface for services, includes the unique device ID number, the operating system, etc.
Filling out surveys;
Filling of surveys by Visitors and Users is fully voluntarily as the information collected is solely for the purposes of monitoring and improving the performance of the relevant websites; for improving the Users’ and the Visitors’ customer support; for improving the quality of the services provided by PHAZZA, etc.
Performing any other Users’ action or activity related to the use of the services provided by PHAZZA.
At any moment before, during or after the rendering of the relevant service by PHAZZA, the latter shall be entitled to demand from the Users to identify and validate the credibility of every personal data provided by them.
IV. Purpose of the use of personal data by PHAZZA
Duly collected and processed Visitors’ and Users’ personal data may be used by PHAZZA for any/some of the below purposes:
Provision of information about the services offered by PHAZZA current services offers;
PHAZZA shall be entitled to provide information for offers placed on PHAZZA’s Interface by personalizing these in accordance with the Visitors and the Users customer behaviour.
Identification of a Visitor or a User using the Interface and/or services of PHAZZA;
PHAZZA shall be entitled to use the personal data collected for the Visitors and the Users in relation with a following identification of the latter upon use of an Interface of PHAZZA and for protection of their PHAZZA’s profile from unauthorized access or unauthorized use of PHAZZA’s services.
Future developments, innovative development and improvement of separate functionalities and services offered by PHAZZA;
PHAZZA shall be entitled to use the data collected for the Visitors and the Users for the purposes of improving the functionality of PHAZZA’s Interface, as well as for the purposes of improving the services offered by PHAZZA.
Marketing and market research on the behaviour and the creation of user profiles of the Visitors and the Users using the Interface or services provided by PHAZZA;
The targeting of Users is performed on basis of statistical analysis on their personal activities and profiles created, or other data, collected in the process of using the services provided PHAZZA. The information from the profile and the activities of the Users are being used primarily for the purposes of better understanding, analysis and forecasting of their preferences and interests. It may be combined with other information about the Users for the purposes of personalization, offering of other products and services and provision of more suitable advertising content on basis of the profile of a particular User.
PHAZZA shall be entitled to publish third parties’ advertisement on its Interface.
Statistical purposes and analysis;
PHAZZA shall be entitled to process the information collected from the Visitors and the Users for statistical purposes and for preparation of subsequent analysis for its own needs.
Protection of PHAZZA, PHAZZA’s partners and any other affected third party from any and all illegal actions taken by the Users and the Visitors;
In particular cases, in which PHAZZA considers in good faith that a disclosure of information is necessary in order to protect, execute or safeguard the legal rights and security of PHAZZA or of PHAZZA’s partners or any other affected third party, PHAZZA shall be entitled to disclose such information about the Visitors and the Users subject to compliance with the regulations of the Law for Protection of Personal Data.
Sending unwanted commercial messages.
PHAZZA may at its own discretion send unwanted commercial messages to Users in order to inform them about occurred events that are important to them. PHAZZA declares, that it will not misuse sending such messages, as the information they contain may mainly, but not exhaustively include: instructions for using the services provided by PHAZZA, guarantees on the security of the Users, system messages, etc. The Users hereby grant their consent to PHAZZA to receive such unwanted commercial messages in accordance with the Electronic Commerce Act.
The abovementioned purposes for using personal data are not exhaustive and PHAZZA shall be entitled to unilaterally amend these at any time subject to its compliance with the applicable legislation.
The Users agree that upon deactivation of a profile of a User in connection with PHAZZA’s service used by the former, PHAZZA shall be entitled to save the information for this User on its databases, even after the profile of the respective person is no longer active, for a specific period of time according to the applicable legislation that is sufficient for the provision of this information upon due request. The information may only be used for resolving legal disputes, prevention of fraud, protection of PHAZZA or other Visitors and Users from unauthorized actions, limitation of damages or for the purposes of compliance with the applicable legislation and PHAZZA’s internal security policies.
V. Disclosure of personal data
In certain cases, upon observation of the legal rules and regulations and in order to protect PHAZZA’s or third parties’ interests, PHAZZA shall be entitled to disclose information about the Visitors and the Users, where such disclosure is required for purposes of:
• assuring the protection, exercise or preservation of the legal rights, the privacy, the security or the property of PHAZZA, its employees, contracting parties or of other Visitors and Users or members of the society;
• assuring protection against fraud or for risk management purposes;
• compliance by PHAZZA with legal requirements;
• executing requests from competent administrative authorities, performed in accordance with the applicable legislation;
The Visitors and the Users shall be aware of the fact that the provision of statistical data by PHAZZA to third parties is only done in aggregated form. The manner of procession and the volume in which the data is provided to third parties do not allow the identity of the respective Visitors or Users to be revealed and do not threaten their security. PHAZZA acts upon the will of a loyal service provider to the Internet community and does not provide any processed data to third parties in case that the volume of this data is small enough and may lead to а disclosure of the digital identity of a current Visitor or User. In case that PHAZZA provides individual data for a Visitor or a User to third parties, this is a subject to the explicit consent of the respective visitor or User.
The Users are informed and agree that while using some of the functionalities of the services provided by PHAZZA, part of their profile data may be accessed by the Users, to whose subscription and/or profile the service is used.
VI. Rights of the Visitors and Users
Right of information and access to the personal data collected from the Visitors and the Users
The Visitors and the Users are entitled to receive from PHAZZA’s full, exhaustive and current information on the collection, the processing, the storage and the transfer of information about their personal data and the data of the persons, which they represent in connection with PHAZZA’s activity. PHAZZA provides the requested information in accordance with the procedure, the established terms and by adhering to the provisions of the Law for Protection of Personal Data.
Right of rectification, refusal or withdrawal of consent for disclosure of information constituting personal data
The Visitors and the Users, whose personal data is collected, processed, stored and transferred, shall at any time be entitled to object to PHAZZA against the abovementioned actions with their personal data (as well as to demand its deletion, correction or blocking), provided that the respective actions do not meet the requirements of the Law for Protection of Personal Data, as well as to require from PHAZZA to notify third parties, to whom the relevant personal data has been disclosed, about such correction or deletion of specific personal data except for the cases where such notification is not possible or would required is proportionate efforts.
The Users shall have the opportunity to rectify some of the data on their profile by using the relevant functionalities for user data management available in the respective PHAZZA’s Interface...
The Visitors and the Users shall be informed and agree that in case they cancel their consent or refuse to provide information, which represents personal data, PHAZZA shall be entitled to limit their access to PHAZZA’s Interfaces, respectively to deny the specific Visitor or User access to services offered by PHAZZA.
Right of objection to personal data processing of the Visitors and the Users for direct marketing purposes and disclosure of, or use of personal data by third parties for direct marketing purposes
The Visitors and the Users shall be informed that PHAZZA does not disclose their personal data to third parties in order to perform direct marketing, as well as they agree with the provision of information to third parties, which does not lay an opportunity for direct contact and identification of the personality of particular Users.
The Visitors and the Users shall be entitled to object to the processing of their personal data by PHAZZA for direct marketing purposes, regardless if such direct marketing is performed by PHAZZA for its own purposes or on behalf of and for the purposes of third parties, by sending an e-mail to [...]. In case of Visitors’ or Users’ objections, PHAZZA shall be entitled to limit the access to PHAZZA’s Interface, respectively to deny the spesific Visitor or User access to services provided by PHAZZA.
Notwithstanding the above, the Visitors and the Users shall be informed that the use of personal data on behalf of third parties for direct marketing purposes will neither result in identification of the particular individual, nor will include revealing of his/her names, telephone numbers, e-mail addresses, etc.
VII. Security and protection of the Visitors’ and Users’ personal data stored
PHAZZA in its capacity as personal data controller sets the safe storage and protection of personal data as one of its main priorities. The personal data and information provided by the Visitors and the Users are protected by virtue of the applicable legislation, as PHAZZA takes due care, using appropriate technical, administrative and operational standards for preventing unauthorized access to or misuse of the personal data stored. PHAZZA guarantees a high level of personal data protection pursuant to Ordinance№ 1/30.01.2013 on the minimum level of technical and organizational measures and the admissible type of personal data protection, as it declares its intention for strict compliance with all regulations and measures for storage and protection of personal data in accordance with the Law for Protection of Personal Data, the applicable secondary legislative acts and the international standards for information security. PHAZZA stores the personal data collected on the territory of Republic of Bulgaria.
As a part of the security and protection measures of Visitors’ and Users’ personal data, PHAZZA has established strict rules for access to personal data and has provided for proper measures for physical, personal, documental, cryptographic protection, protection of the informational systems and rules for prevention of losses, damages and unauthorized access to personal data.
VIII. Amendment of the Policy
The Visitors and the Users agree that PHAZZA has the right to unilaterally amend, add or remove provisions of this Policy at any time, as it shall be deemed that the most current and valid revision of the of Policy is the latest published on the PHAZZA’s specific Website. All amendments shall enter into force immediately after being published on the Website, without a need for explicit notification by PHAZZA with that regard.
IX. General terms
The current Policy is revised in full compliance with the requirements of the applicable Bulgarian and European legislation and is fully consistent with the provisions of Directive 2002/58 EC of the European parliament and the Council, as well us with Directive 2009/136 EC of the European parliament and the Council, regulating the processing of personal data and the protection of privacy in the electronic communications sector.
For any other matters not settled by this Policy the relevant provisions of the acting Bulgarian legislation shall be applied. Applicable to disputes, between Visitors and Users and PHAZZA will be the regulations of the Bulgarian legislation, as in absence of a mutual agreement between the parties, the dispute shall be referred to the competent Bulgarian court with local jurisdiction in the city of Sofia.
Certification Service Provider (CSP) - an organization that helps the creation, maintenance and management of digital identities of users and which enables the identification and sharing of digital identity over other providers of digital services;
LPPD – The Bulgarian Law for Protection of Personal Data;
PHAZZA’s Interface – – an interface, property of PHAZZA with address […];
Partner – every person, who is in a contractual relationship with PHAZZA and who cooperates with PHAZZA in the rendering of the Services.
User – an individual or legal entity, which has an active PHAZZA’s Profile and has obtained all rights and obligations for using services rendered by PHAZZA’s.
Visitor – an individual, who has accessed an Interface of PHAZZA’s on its behalf, or on behalf and as a representative of a third person. Visitor can also be every User, who has not identified itself with its PHAZZA’s profile.
Service - any added value provided to contracting parties by providing access to professional skills, information, software and technical resources by PHAZZA, which may be used on the basis of an agreement for a subscription in the form of accepted Terms and Conditions and/ or by conclusion of a contract;
PHAZZA – “PHAZZA” LTD, entered in the Commercial register with the Registry Agency under UIC 204142604, with registered seat and address of management: Sofia, 54, “G.M.Dimitrov” blvd., fl. 4, office 301, Bulgaria, registered as a personal data controller […] to the Register of data controllers, maintained by the Bulgarian Commission for personal data protection, tel. […], e-mail: […];
PHAZZA Profile - a unified profile of a User, securing access to the Services rendered by PHAZZA, subject to the User’s compliance with all requirement applicable to the respective Service.
Published on 09.08.2017
Effective from 10.08.2017