1. GENERAL INFORMATION

1.1. This privacy policy provides you with details of how we collect and process your personal data. This Privacy Policy is subject to applicable legislation, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”.

1.2. We, KARASTOYANOV, DOBRENOVA AND ASSOCIATES LAW OFFICE, registered in the BULSTAT register to the Registry Agency of the Republic of Bulgaria, with BULSTAT: 175161488, having its registered address at fl. 2, 3 Han Krum Str., city of Sofia, Republic of Bulgaria (“the Law firm”, “we” or “us”) are the data controller and we are responsible for your personal data.

In some limited cases, we may be in the role of a data processor.

If you have any questions about the present Policy or your personal data, please contact us.

Our contact details:

Address: fl. 2, 3 Han Krum Str., city of Sofia, Republic of Bulgaria.

Email: office@lawyers-bg.net.

1.3. Your responsibilities

Read this Privacy Policy and check it regularly.

If you are our customer or are working for our customer, please also check the contracts between us and related information: they may contain further details on how we collect and process your data.

Pay attention also to additional information and conditions for which we inform you during the different stages of our interaction.

If you provide us with personal information about other people, or if others give us your information, we will only use that information for the specific reason for which it was provided to us. If you provide us with information about third parties, you shall have a legal basis for this, and you shall also inform the third parties about the way we will process their data. By submitting information about third parties, you confirm that you have the right to authorize us to process it.

By providing us with your data, you declare and warrant to us that you are over 18 years of age.

It is very important that the information we hold about you is accurate and up to date. Please inform us in case there are changes or you notice mistakes in it. Send us an e-mail for this at office@lawyers-bg.net or update your data by yourself where you have already entered them.

II. WHAT DATA ABOUT YOU DO WE PROCESS, FOR WHAT PURPOSES AND ON WHAT LEGAL BASES?

Personal data means any information capable of identifying an individual, and any further information related to such person. It does not include anonymised data. We process personal data for certain purposes and on respective legal bases, depending on your role in the relationship with us.

2.1. When you are a visitor or user on our website https://lawyers-bg.net/

A) Automatically collected information: You can get access to the website without entering personal data. However, in this case, certain information is also automatically processed, such as Log Files /files for events/ (when you visit the website, our web server stores the IP address, date and time of your visit), Cookies.

B) Social Plugins or buttons Facebook, Instagram, Twitter, LinkedIn or others. Using them is upon your discretion. These buttons represent a link to third-party websites that, through cookies, collect and process personal data according to their policies. We are not responsible for them but, in view of your awareness and rights, we ask you to become aware of them.

We have put these plug-ins in order to make our website more functional for visitors, as well as to make our activity and services popular, if you voluntarily share our content on the respective websites. We accept this as our legitimate interest. Here you can find more information about used social plug-ins.

C) References/links to other websites.

This website may include links to websites, plug-ins and applications of third parties. Clicking on these links or activating these links may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we recommend you to read the privacy statement on any website you visit. Putting these references on our website is based on our legitimate interest for developing our activity, as well as on the respective legitimate interest of the third parties.

D) Personal data you provide us with via the website.

When you use our contact form (if there is such) or another service by us on the website, we process the personal data for the purpose for which you provide them to us, i.e. according to the particular function and your request. It is in our legitimate interest to respond to your request. The mandatory fields we have placed (for example, in the contact form, if there is such on the website) are the minimum information that we have deemed that is necessary to us. Please do not provide us with personal information about you that is not necessary for the respective purpose. We also process the information that is created in relation to our interaction, for example, the messages’ content.

Sometimes we process your data on the so-called pre-contractual basis. We apply this basis in all cases where you request to conclude a contract with us and we process your necessary data for that purpose. In other cases, there may be a contract between us and the processing of your personal data through the website may be in connection with the performance of our contractual obligation. If you are applying for a job with us, please refer to item 2.9. below.

We may process the following categories of personal data about you:

Communication Data that includes any communication that you send to us whether that be through the contact form (if there is such), through email, text, social media messaging, social media posting or any other communication that you send us. We process this data for the purposes of communicating with you, for record keeping and for the establishment, exercise or defence of legal claims. Our legal basis for this processing is our legitimate interests which in this case are to reply to communications sent to us, to keep records and/or to establish, exercise or defend legal claims.

Customer Data that includes data relating to any business transactions between us such as your name, title, billing address, delivery address, email address, phone number, contact details, your position at your company, working address, payment related information. We process this data to administer and support the business transactions between us and to keep record on them. Our legal basis for this processing is the performance of a contract between you and us and/or taking steps at your request to enter into such a contract.

User Data that includes data about how you use our website and any online services together with any data that you post for publication on our website (if there is a possibility for this) or through other online services. We process this data to operate our website and ensure relevant content is provided to you, to ensure the security of our website, to maintain back-ups of our website and/or databases and to enable publication (if such an option is available) and administration of our website, other online services and business. Our legal basis for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business.

Technical Data that may include data about your use of our website and online services such as your IP address, your login data, details about your browser, length of visit to pages on our website, page views and navigation paths, details about the number of times you use our website, time zone settings and other technology on the devices you use to access our website. The source of this data may be from an analytics tracking system. We process this data to analyse your use of our website and other online services, to administer and protect our business and website, to deliver relevant website content (incl. possible advertisements to you) and to understand the effectiveness of our advertising (if there is such). Our legal basis for this processing is our legitimate interests which in this case are to enable us to properly administer our website and our business and to grow our business and to decide our marketing strategy.

Marketing Data that includes data about your preferences in receiving marketing from us and third parties and your communication preferences. We process this data to enable you to deliver your meaningful content to us, inform you on our innovations, to deliver relevant website content and possible advertisements to you and measure or understand the effectiveness of this advertising. Our legal basis for this processing is our legitimate interests which in this case are to study how customers use our products/services, to develop them, to grow our business and to decide our marketing strategy.

Data related to Measures Against Money Laundering Act that includes identity data, data about transactions, sources of funds, politically exposed status and/or other data as provided in applicable law. The purpose of processing such data is to comply with our legal obligations. Our lawful ground legal basis for this processing is for the compliance with legal obligations applicable to us.

F) In accordance with the above the legal bases we may use to process your data are as follows:

– processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6, para 1, letter (b) of the GDPR);

– processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 6, para 1, letter (c) of the GDPR);

– processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (Art. 6, para 1, letter (f) of the GDPR). If this legal basis is used, the description of the specific legitimate interests is the same as the description of the purposes of the data processing.

– the data subject’s consent to the processing of his or her personal data for one or more specific purposes (Art. 6, para 1, letter (a) of the GDPR).

G) Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

2.2. If you are a visitor in our office:

In this case, we will ask you to present yourself and provide us with basic information about you /your names, the organization for which you work for or which is represented by you/, we will also mark the day you visited us, sometimes the specific time of the visit, as well as information about the individuals you met and potentially – the communication between you. We will use this information in view of our legitimate interest for controlling the access to our office and the security, as well as in order to account and control internally the activities in the Law firm.

2.3. If you are a participant in our event (conference, presentation, cocktail, charity campaign, etc.):

We will collect the necessary information for your involvement and participation. In some cases, we may request information about your preferences to make the event more enjoyable or useful for you. In some cases, events can be captured with video or photo cameras, and we may use respective recordings or photos, as well as information about your participation to advertise our event in the media, on our website, in a presentation, etc. If this concerns you, you may inform us beforehand that you do not want us to publish information about you or your image. You also may subsequently object to such use. We will assess whether to comply with your wish/objection under the previous two sentences.

We may also keep basic information about you in order to contact you sometimes and send you information about our other similar events. We may also ask you for feedback on how you evaluate our event. You are always entitled to object to this way of using your data.

2.5. If you ‘follow us’ on social networks.

If you ‘liked’ our profile in a social network or you ‘follow’ it, according to the practices of the respective networks, you may see messages, advertisements, and/or materials published by us on our page. If you make an inquiry before us through the respective page or, for example, you comment our publication, we may use the capabilities of the same network to respond to you, and if you have asked us to contact you by using another manner of communication /for example, by giving us your phone number/, we will try to comply with your wish in view of our legitimate interest to respond to your inquiry, for example.

2.7. If you are our business contact:

This means that you are our client, partner or supplier or you represent an organization, which is our client, partner or supplier, or you are an employee of such organization. In order to maintain our business relations with the organization, we will often need information about you, for example: your names, phone, email, business card data, information about your position in the respective organization. We may also process the following information: correspondence in writing/electronic correspondence or other correspondence with you; data contained in documentation, related to our relationship with the organization, e.g. your signatures, description of your behaviour, your statements, etc.; any other information we need in connection with our business relations with the organization which is represented by you or in which you are an employee.

We may also collect data under the Measures Against Money Laundering Act, including if you are an ultimate beneficial owner (UBO) of an organization which is our client and/or if you represent or are related otherwise to an organization that is our client and/or if you represent or are related otherwise to an organization that has direct/indirect control over an organization that is our client.

2.8. If you are our potential business contact:

This means that you are our potential client, partner or supplier or you represent an organization, which is our potential client, partner or supplier, or you are an employee of such organization. We may have your information from a professional public register, from a mutual business contact, who has recommended you, you may have given us your business card or contacts at an event or meeting. In those cases, we will make an assessment as to what purpose and on what basis we may use your contact details. We will take into account the context in which this happened, as well as your reasonable expectations about the personal data’s use by us. If we consider that we have a legitimate interest to contact you in order to request an offer from you, to offer a partnership, or to offer you our service, you will always have the right to object to such use of your data (if you do it, we will assess whether we shall comply with your objection). In some cases, it may be necessary that we ask for your consent, as you will always have the right to refuse to give it.

We may also collect data under the Measures Against Money Laundering Act, including if you are an ultimate beneficial owner (UBO) of an organization which may become our client and/or if you represent or are related otherwise to an organization that may become our client and/or if you represent or are related otherwise to an organization that has direct/indirect control over an organization that may become client.

2.9. If you apply for a job with us:

This means that you have expressed your desire to enter into a labour or other type of contract with us by applying for a particular position or by sending us a CV and/or motivation letter, in order to contact you if there is an appropriate free position. In order to take steps for considering your application, we will review information you have sent. When we consider that you are inappropriate, we will delete your personal information within a reasonable timе. If we consider that you are suitable for our organization but is not currently open to you, we will retain your personal data on our legitimate interest in choosing and hiring persons who have shown interest in us for the period which is in accordance with applicable law.

Please do not provide us with any information that is not necessary in order to apply to us.

III. HOW WE COLLECT YOUR PERSONAL DATA. OTHER INFORMATION THAT YOU SHOULD KNOW

1.1. We may collect data about you by you providing the data directly to us – for example by filling in forms on our website (if there are such) or by sending us emails. We may automatically collect certain data from you as you use our website by using cookies and similar technologies. Please check our Cookie Policy for more details about this.

1.2. Other sources of data (e.g. identification data and/or contact data):

We may receive data from third parties such as the organization you work for or people who work for it, our client/partner or people who work for it, analytics providers such as Google, networks such as LinkedIn and Facebook, such as search information providers such as Google, providers of technical, payment and delivery services. We may also receive data from publicly availably sources such as Commercial Register and other public registers.

Sometimes we combine information collected through the website with another that we receive from you through different channels of communication (for example, by email, phone) or from other sources – public sources such as the Commercial Register or third parties – professional user accounts, our partners with whom you also interact in connection with your relationship with us, for example, when you have requested a service the provision of which is related to a third party. When we combine this information, we do not use it for a different purpose for which we have not informed you.

2. Are you obliged to provide us your data and what would happen if you do not provide it:

In most cases, you are not obliged to provide us with your personal data. There are cases in which the provision of some of your personal data is a statutory requirement and/or a contractual requirement and/or a requirement necessary to enter into a contract, as in such cases we may inform you for this. If you do not provide us with your personal data, it is possible that we are not able to enter into or perform a contract or fulfil any of our other purposes for processing your data.

If you don’t provide us with the requested data, we may have to cancel a service you have requested but if we do, we will notify you.

3. We will only use your personal data for a purpose it was collected for or a reasonably compatible purpose if necessary and admissible by law. In any case if we need to use your details for an unrelated new purpose we will let you know and explain the legal basis for processing.

We may process your personal data without your knowledge or consent where this is required or permitted by law.

4. Lack of automated decision making, including profiling:

We do not carry out automated decision making or any type of automated profiling.

V. RECIPIENTS OF PERSONAL DATA

We may have to share your personal data with the parties set out below:

• Persons who work in or for the Law firm or other attorneys-at-law – for the purposes of providing legal services, for complying with legal obligations and for monitoring/administering the activity of the Law firm.

• Service providers such as IT and system administration services, entities providing translation services, notaries, banks, accountants and insurers.

• public and municipal authorities – according to the applicable law.

• persons/entities from the corporate group of the organization you work for or otherwise related to that organization.

VI. INTERNATIONAL TRANSFERS

In most cases we do not transfer your personal data outside the European Economic Area (EEA). Such transfer is possible if:

– the data is transferred to respective persons/entities from the corporate group of the organization you work for or otherwise related to that organization or

– you have instructed us to transfer the data to a respective person/entity or

– it is in the best interest of you or the organization you work for the data to be transferred to the respective person/entity.

If data is transferred outside the EEA in most cases we will rely on an adequacy decision of the European Commission. In some cases we may transfer the data on the basis of your consent. In the cases where we transfer the data upon an instruction of an organization (e.g. one that you work for), you should ask it for the measures taken in this regard in accordance with Chapter V of the GDPR.

We do not intend to transfer your data to an international organization.

VIII. RETENTION PERIODS

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

When deciding what the correct time is to keep the data for we look at the applicable legal provisions, the data’s amount, nature and sensitivity, potential risk of harm from unauthorised use or disclosure, the processing purposes and if these can be achieved by other means.

The law requires to keep some data for a certain time period – e.g. under tax/accounting legislation, measures against money laundering legislation, attorney-at-law legislation, labour legislation, legislation on personal data protection regarding candidates for labour contracts.

IX. YOUR RIGHTS

According to the legislation, you have certain rights, including (but not limited to) the right to:

Also, you have the right to object in the following cases:

– You have the right at any time to object to the processing of personal data concerning you when we process them for the purposes of direct marketing, including in cases of profiling related to direct marketing. When you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

– Where personal data are processed for scientific or historical research purposes or statistical purposes, you, on grounds relating to your particular situation, shall have the right to object to processing of personal data concerning you, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

– the accuracy of the personal data is contested by you, as the restriction of processing shall be applied for a period enabling us to verify the accuracy of the personal data;

– the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;

– we no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;

– you have objected to processing pursuant to Article 21, para 1 of the GDPR pending the verification whether our legitimate grounds override yours.

The aforementioned rights may be asserted against us, e.g. by providing notice to us via the contact details specified in item 1.2. of the present Policy.

X. RIGHT TO LODGE A COMPLAINT

If you are not content with any aspect of how we collect and use your data, you have the right to lodge a complaint to the relevant supervisory authority. In the Republic of Bulgaria this is the Commission for Personal Data Protection. Its contact details are the following: address – city of Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., GPS coordinates – N 42.668839 E 23.377495, tel. +3592/91-53-555, e-mail – kzld@cpdp.bg, website – www.cpdp.bg.

XI. AMENDMENTS OF THIS PRIVACY POLICY

This Policy may change over time and be updated from time to time.