Privacy Policy

PERSONAL DATA PROTECTION POLICY

This Personal Data Protection Policy of Sofia Event Centre LTD is based on the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).
Sofia Event Centre LTD is a personal data controller within the meaning of Regulation (EU) 2016/679 and the Personal Data Protection Act.

Data Controller Details:

Name: Sofia Event Centre LTD
ID number (EIK)/BULSTAT: 202 149 308       
Seat and registered office:
1700 Sofia, 9 Simeonovsko Shousse Blvd.

Contact details:
Е-mail: gdpr@seg.live
Phone: (+359 2) 866 94 40, 866 94 51

Introduction

The protection of natural persons in relation to the processing of personal data is a fundamental right. The principles of, and rules on the protection of natural persons with regard to the processing of their personal data should respect their fundamental rights and freedoms, in particular their right to the protection of personal data.
The aim of Regulation (EU) 2016/679 is to ensure the protection of natural persons’ data and to harmonize regulations on their processing in all EU Member States.
Personal data protection is of particular significance for both the personal data controller and the subjects whose personal data are subject to processing.


Sofia Event Centre LTD processes personal information in accordance with the General Data Protection Regulation / Regulation (EU) 2016/679. In our capacity as personal data controller we process personal data to the extent they are necessary for the purposes for which we collect them. We have implemented technical and organisational measures necessary for the protection of personal data provided to us.
Principles we respect in personal data processing:
‘Lawfulness, fairness and transparency’ – We process your data lawfully, fairly and in a transparent manner.
Where data processing is not based on law or contractual arrangements, it is necessary that the data subject has previously given his or her consent to the processing of his or her personal data for one or more specific purposes.
Processing is lawful when it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
‘Data minimisation’ – We collect only data that are adequate, relevant and limited to what is necessary in relation to the purposes for which we process them.
‘Purpose limitation’ – We collect your data only for specified, explicit and legitimate purposes and do not process them further in a manner that is incompatible with those purposes.
‘Accuracy’ – We keep data accurate and up to date.
‘Storage limitation’ – We keep personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which we process the personal data.
‘Integrity and confidentiality’ – We process your personal data in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful access. We have implemented appropriate technical or organisational measures against accidental loss, destruction or damage.
‘Accountability’ – We are responsible for, and are able to demonstrate, compliance with the principles in personal data processing.
Consent
Where personal data processing is not required by law or is not part of a contractual arrangement, the data subject’s explicit consent is required.
Where the data subject’s consent is given in a written declaration regarding also other issues, the request for consent is provided in such a manner as to be clearly distinct from the other issues in an intelligible and easily accessible form, using clear and plain language.
In cases where we require special categories of personal data, we will always specify the reasons as to why and how such information will be used.

Withdrawal of consent

You may withdraw your consent at any time. Withdrawal of consent is as easy as giving such consent.
It is sufficient to contact us using the contact details provided.
Upon the receipt of your request, we will discontinue data processing for the purpose or purposes for which we have initially required your consent, unless we have other legal grounds to continue processing, in which case we will promptly inform you.

Purposes of processing

We collect and process personal data for the following purposes:

  • processing data of customers and suppliers who are natural persons;
  • compliance with a contract or within pre-contractual arrangements;
  • marketing purposes, only where explicit consent is given;
  • information security;
  • compliance with contracts to which we are party;
  • sending information communications, and inclusion in any type of advertising by the company;
  • related to our business activities.

Categories of natural persons

We process personal data for the following categories of natural persons:

  • customers who are natural persons.

Types of personal data we process

On this website we process no personal data related to the economic identity of data subjects. Pictures of events related to contractual arrangements and regarding their implementation may be published.

In case you choose to visit our website and use services provided through it, you will not be required to provide personal data, such as name, address, personal identification number, phone number, e-mail.

Special categories of personal data (‘sensitive data’)

We process no data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning a natural person’s sex life or sexual orientation.

We process special categories of personal data in the following cases:

  • We may process sensitive data when this is required for the defence of a lawsuit or for the protection of interests of a natural person or another person who is unable to give a valid consent.


Sources we use to collect personal data

We receive data from the data subject or a publicly accessible source.
Where the data are not from the data subject, we inform him or her of the source.

Cookies

In addition to the information you provide in various forms, we inform you that this website uses ‘cookies’.
‘Cookies’ are small pieces of information stored on the user’s computer or mobile device. They allow to ‘remember’ user’s activities or preferences while browsing. Most browsers support cookies. Users may set their browsers so that no cookies to be stored or cookies to be erased at a certain time.
We use cookies to:

  • Remember user’s preferences.
  • Cookies may also be used for online behavioural targeted advertising to show advertisements related to an item that the user has already sought.

Using cookies helps us track the usage of our website and analyse how user-friendly it is – Google Analytics cookies. These cookies give us no information about your personal data. They show us which pages on our website you visited, whether you used a mobile or desktop device, and other anonymous data. For Google Analytics we also use anonymization of IP addresses.

We use Facebook Pixel to collect statistical information about the usage of our website that we need to make market surveys. Data so collected are anonymous for us, i.e. we receive no information about the users’ identity.
As such data are collected and processed by Facebook, we provide a link to the Facebook Privacy and Data Protection Policy and the products, features and tools offered by Facebook:
https://www.facebook.com/about/privacy.

Your access to social networks, such as Facebook, Google+, YouTube, Instagram and others, requires a separate registration and acceptance of such websites’ general terms and conditions. Sofia Event Centre LTD is not responsible for the protection of your personal data when you accept those general terms and conditions. Please take your time to read them in detail.

Thank you for your trust and we assure you of our compliance with the requirements in processing natural persons’ personal data and their protection, and with the rules for free movement of personal data.

Categories of personal data recipients

Sofia Event Centre LTD does not transfer any or all personal data processed after your visit on this website.

Period of personal data storage

We store your personal data for no longer than is necessary for the purposes for which we process such data.
After the expiry of this period, we erase and destroy all your data without undue delay.
Sofia Event Centre LTD stores personal data that it is required to keep by virtue of the applicable law for the appropriate period that may be longer than the period of the purposes for which we process such data.

Data security

We have implemented appropriate technical and organisational measures to prevent accidental loss or unauthorised access, alteration or transfer of personal data. We have deployed and maintain Personal Data Protection System. Authorised employees only process personal data on our instructions and subject to their duty of confidentiality. In case of data security breach we will immediately follow the procedures provided in the Personal Data Protection System. We will notify the personal data breach to the supervisory authority and the data subjects without undue delay and, where feasible, not later than 72 hours after having become aware of it.

Rights of personal data subjects

At your request, we will provide you with any information regarding the data processing in a concise, transparent, easy to understand and easily accessible form, using clear and plain language.

You have the following rights as regards the processing and storage of your personal data:

  • Right of information and access
  • Right to data rectification
  • Right to data erasure
  • Right to restriction of data processing
  • Right to data portability
  • Right to object
  • Right to lodge a complaint with the supervisory authority


In case of infringement of your rights, in accordance with the personal data protection laws, you have the right to lodge a complaint with the supervisory authority:

Commission for Personal Data Protection (CPDP)

Seat and registered office:
1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd.
Contact details:
Phone: 02 915 3 518
Email: kzld@government.bg, kzld@cpdp.bg
Website: www.cpdp.bg

Amendment to the Personal Data Protection Policy

Sofia Event Centre LTD may amend this Policy at any time. Any amendments will be immediately communicated to the persons concerned.

 
Approved by: Kaloyan Todorov