STELECOM SOLUTIONS SPLL
PRIVACY POLICY
PRIVACY POLICY
Taking care of the protection of your privacy and personal data, including your right to access information, STELECOM SOLUTIONS SPLL (hereinafter – STELECOM and/or “we”/”us”), in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council (27.04.2016) on the protection of natural persons with regard to the processing of personal data and the free movement of such data, hereinafter – the Regulation, and other requirements specified in the legal regulatory enactments of the European Union and Republic of Bulgaria, has developed a Privacy Policy. The purpose of this Privacy Policy is to provide you with information on how we process Personal Data in an easily understandable, clear and simple language, in order to help you understand how and for what purposes we process Personal Data, and to acquaint you with your rights and obligations.
1. General provisions
1.1. When processing Personal Data, we ensure the confidentiality of your Personal Data and implement appropriate technical and organisational measures to protect your Personal Data from unauthorised access, unlawful processing or disclosure, accidental loss, modification or destruction.
1.2. This Privacy Policy applies to any natural person (data subject) whose Personal Data we process. For matters relating to employment relationships, we provide additional information separately.
1.3. This Privacy Policy does not apply to data processing activities performed by other merchants, including if you visit another merchant's website or use their service. In such cases, we recommend you to get acquainted with the Personal Data security guarantees provided by the respective merchant.
1.4. We first invite you to familiarise yourself with the terms used in this Privacy Policy:
1.4.1. You – you as a natural person whose Personal Data we process.
1.4.2. Personal Data – any information that relates or could relate to you as an identified or identifiable natural person ("data subject").
1.4.3. Consent – your free, unequivocal statement of intent by which you consent to the processing of your Personal Data for a specific purpose.
1.4.4. Processing – any activities we perform with your Personal Data, such as data collection, registration, disclosure, adaptation or modification, storage, alteration, granting of access, etc.
1.4.5. Services – any kind of services and goods that we offer and provide remotely or in person.
1.4.6. Anonymised data – information that is no longer applicable to you, as all personally identifiable elements are excluded from the Personal Data set.
1.4.7. Profiling – the use of your Personal Data for the automated processing of Personal Data, which takes the form of the use of your Personal Data for the purpose of assessing certain personal aspects relating to you.
1.4.8. Data State Inspectorate – an institution that supervises the application of the Regulation in the Republic of Bulgaria.
2. Who performs the processing of your Personal Data?
The controller of your Personal Data processing is the STELECOM SOLUTIONS SPLL, registration No.203799757, legal address: Bulgaria, Burgas, Graf Ignatiev 17, phone: +359 56 940 301, e-mail: info@stelecom.bg.
3. How and what Personal Data do we process?
3.1. The information we obtain about you depends on the product or Service you have applied for or used, including where and how you use the Services we provide and how you have communicated with us.
3.2. We may receive your Personal Data in a number of ways, including:
- When you or your authorised person submit them to us – for instance, when applying for products and Services, concluding a contract, using our Services, submitting an application, request, etc. to us, visiting our customer service centre, contacting us by mail, via e-mail, by phone, subscribing to newsletters, providing us with information about payments made, participating in surveys, etc.
- Data is created using the Services or network provided by us – for instance, when you make calls, send SMS, visit applications, etc.
When visiting our website, cookies may be used, which we inform you about when you are visiting the website. Details of cookies are provided in Section 9 of this Privacy Policy.
- Data can be requested and received from other sources, such as public or private institutions, publicly available registers (credit information and debtors' databases) or third parties.
3.3. We divide the types of Personal Data we mostly collect and process into the following categories:
- Your basic data – these are your identifying data, for example, name, surname, personal identification code, information specified in the identity document (document number, date of issue). Information for contacting you, address of residence, address for receiving correspondence, telephone number, e-mail address, payments, information contained therein, credit history and debt collection data, data of the Service etc.
- Data of your transmitted content – content transmitted by you within certain services, including voice, SMS content, etc.
- Traffic data (electronic communications metadata) – these are data that we process in order to transmit information via the electronic communications network or to prepare invoices to you and register payments, except for the content of the transmitted information, and which allow you to be identified as a data subject.
- Location data (electronic communications metadata) – these are data that we process in the electronic communications network or that we process when you use electronic communications services and that indicate the location of the terminal you are using, including the location of the terminal you are using (address), access point address, GPS, Wi-Fi, etc.
4. For what purposes and on what basis do we process Personal Data?
4.1. Before we start processing your Personal Data, we always evaluate the purposes for which the Personal Data will need to be processed in advance.
4.2. For the security of personal data, we prefer the processing of Anonymised Data to avoid re-identification. However, the nature of the Service, cooperation or event provided often necessitates the processing of identifiable Personal Data.
4.3. We process Personal Data on the basis of your consent, our legitimate (lawful) interests, including in order to fulfil a legal obligation applicable to us (to comply with regulative normative enactments) or to fulfil a contract to which you are a party, or to take action at your request before the conclusion of a contract.
4.4. When starting a cooperation or to provide you with the Service as an existing customer, we can make automated individual decisions regarding you. As part of such automated individual decision-making, Profiling may be carried out, which might take the form of the processing of your Personal Data in order, for instance, to assess whether the relevant product or Service is suitable for your wishes and/or needs, including to assess risks and provide you with consultation in respect of the Services.
4.5. We also make automated individual decisions, including Profiling, regarding your ability to meet payment obligations, creditworthiness assessments and direct marketing, so that not to encumber you with, for instance, with sending you an inapplicable offer, but to automatically forecast the most suitable and appropriate offers for your needs instead by analysing the various types of information available to us.
4.6. We perform automated individual decision-making only on the basis of your consent or agreement (transaction). In some cases, we also make an automated individual decision on the basis of our legitimate interests, if permitted by the relevant regulatory enactments. However, you have the right to ask us to terminate such processing of your data by withdrawing your consent, or if we carry out Profiling based on our legitimate interests – to object to the processing of your data for such purpose.
4.7. We process your Personal Data only for specific and necessary purposes, based on certain legal bases, including our legitimate interests, such as:
- For the purposes of concluding, amending the contract, fulfilling the obligations of the contract, providing/installing of the Service, your identification – we perform data processing on the basis of the law and the contract (transaction).
- For the purposes of administration of the settlements, accounting/financial and tax management – we process data on the basis of law and the contract (transaction).
- For the purposes of solving and processing of questions, objections, etc submitted by you – we perform data processing on the basis of law and the contract (transaction).
- For the purposes of controlling the quality of the Services provided to you and finding out your opinion – we process data on the basis of law and the contract (transaction).
- For the purposes of debt collection – we process data on the basis of law, contract (transaction) and legitimate interests.
- For the purposes of fraud prevention and/or creditworthiness assessment, credit monitoring (credit risk assessment before the sale of a product, Service and/or contract execution) – we process data on the basis of law, contract (transaction), legitimate interests and your consent.
- For the purposes of management of our offers and those of our cooperation partners, for the advertising and distribution of the Services or for commercial purposes – we process data on the basis of legitimate interests and your consent.
- For our organisational management purposes – we process data on the basis of law and legitimate interests.
- For the purposes of determination of statistics and analytics, correlations and trends of processes, services, information systems and network data in order to develop and improve them, to ensure your satisfaction and loyalty – we process data on the basis of a legitimate interests.
5. How do we protect Personal Data?
We guarantee the confidentiality and security of your Personal Data by taking appropriate technical and organisational measures, ensuring the physical and environmental security of Personal Data, restricting access rights to Personal Data, transmitting Personal Data in encrypted form, ensuring protection of computer network, personal devices, data backup, etc. protection measures, thus also ensuring the protection of Personal Data against unauthorised access, use or disclosure.
6. To whom we transfer Personal Data?
6.1. Depending on the specific purpose, in certain cases we transfer your Personal Data to the following recipients:
6.1.1. Cooperation partners with whom we have concluded cooperation agreements. We work with third parties to help us to ensure our operation, deliver, improve, analyse, customise and support our services, and to ensure our organisational and management processes. For example, the exchange of personal data with business partners may involve:
- provision of services (partners providing information system development, maintenance and servicing services, face-to-face and distance sales vendors, equipment installers and equipment repairers, website, mobile application developers and maintainers, etc.),
- provision of payments (e-invoicing service providers, banks, etc.),
- sending and delivery of correspondence (cooperation partners providing invoice printouts, parcel delivery services, including mail, courier mail, etc.),
- provision of security and safety (partners who ensure the safety and security of our employees, visitors and property, and partners who help us ensure the security and protection of our information systems and infrastructure, including against fraud, unauthorised access and other unlawful conduct),
- performance of service quality control (cooperation partners conducting customer satisfaction surveys, etc.),
- performance of marketing activities (partners who send out various types of offers and other types of announcements, carry out customer attraction marketing activities, including promotions, lotteries, competitions),
- provision of organisational management (auditors, auditors, legal service providers, financial consultants or other processors of Personal Data that we engage in the management of organisational, financial management and accounting processes).
6.1.2. Debt collection companies or institutions (debt collectors (including debt collectors under assigned rights)), courts, out-of-court dispute resolution institutions, bankruptcy or insolvency administrators, bailiffs, etc.).
6.1.3. Supervisory authorities (Public Utilities Commission, Consumer Rights Protection Centre, Data State Inspectorate, rescue services, pre-trial investigation institutions and other institutions and institutions in accordance with the requirements of regulatory enactments).
6.1.4. Third parties (legal entities other than data subjects, controllers or processors).
6.2. We may transfer your Personal Data to another person – a person related to us, a successor in title of rights and liabilities, a new owner – in connection with the sale, merger, acquisition, restructuring or sale of property, transfer of service to another person, etc.
6.3. As part of the processing of Personal Data, access to Personal Data is restricted to our authorised employees and those of our partners who require it for the performance of their duties and who process Personal Data only in accordance with the purposes and on the grounds of Personal Data processing, in accordance with the regulatory enactments respective to the Personal Data Protection and the technical and organisational requirements for the processing of Personal Data specified in our internal regulations.
7. Do we transfer your Personal Data outside the EU/EEA?
Personal Data is normally processed in the European Union / European Economic Area (EU / EEA), but in some cases it may be transferred and processed in non-EU / EEA countries. The transfer and processing of Personal Data outside the EU / EEA may take place if it has a legal basis, namely, to fulfil a legal obligation, to conclude or perform a contract, or in accordance with your consent, and if appropriate safety measures have been enforced.
8. How long do we store data?
We retain Personal Data for as long as necessary in order to achieve the purposes set forth in this Privacy Policy, unless longer retention of Personal Data is required or permitted by applicable regulatory enactments. The retention period depends on the purposes for which the data is processed and the criteria we use to evaluate the retention period of your Personal Data, for instance, the retention period may be based on contract, our legitimate interests or applicable regulatory enactments (e.g., on accounting, statute of limitations, civil law, etc.).
9. How we use cookies?
9.1. In order to improve the functionality of our website and to make it easier to use, to obtain information about website traffic statistics and to improve marketing communication, cookies may be used on our website – these are small files that the browser saves on your computer every time you visit the website, to the extent specified in your computer's browser settings. You can get more detailed information about cookies on our website stelecom.bg.
9.2. Unless otherwise provided by regulatory enactments, you have the right to refuse further processing of your data at any time, but in that case, especially if the data is technically relevant, there is a possibility that we will not be able to provide you with this Service to the same extent as before.
10. What are your rights and obligations?
10.1. By submitting a written request to us we grant you the right to: withdraw your consent to the processing of your Personal Data at any time, access your Personal Data, amend your Personal Data, delete your Personal Data, restrict the processing of your Personal Data, transfer your Personal Data, object to your Personal Data processing, including Profiling, to withdraw from the automated individual decision-making.
10.2. You have the right to contact us or the Data State Inspectorate regarding data processing issues. We will review and provide you with an answer and information regarding this Privacy Policy, the purposes and grounds for the processing of Personal Data, and applicable regulatory enactments on data protection. You have the right to file a complaint with the Data State Inspectorate.
10.3. How to submit a request?
You can submit your request in the following ways:
- in person, upon arrival at our customer service centre, presenting an identity document (passport or identity card), where you will be provided with all the necessary information related to the submission of your request, including answers to unclear questions,
- by e-mail, signing the request with a secure electronic signature,
- by regular mail, sending an application signed with a personal signature.
Upon receipt of your request, we will evaluate it and, if necessary, ask you to clarify the scope of the request, the information and the processing operations to which the request relates, as well as to explain the justification and nature of the request.
10.4. How long will it take to process your request?
We will respond to your request without undue delay no later than one month from the receipt of your request. If necessary, taking into account the scope of your request, we have the right to extend the deadline for execution of the request by two months. In this case, we will inform you of the reasons for the extension and delay within one month of receiving the request.
10.5. How will we provide information in respect to your request?
We will provide you with information on your requests in person upon arrival at our customer service centre, in the form of an encrypted e-mail, taking into account, as far as possible, the preferred type of receipt of answers to your requests indicated by you. By choosing to receive information about yourself remotely, for example by post, e-mail, to another recipient, etc., you shall take responsibility for the security of the chosen method of receipt.
10.6. Will you have to pay for the processing of the request?
The processing of your request is provided free of charge. However, if we find that your requests are recurring on a regular basis, are manifestly unreasonable or excessive, we may, depending on the administrative costs of providing the information or communication or performing the requested action (including staff resources), request you to a reasonable fee for processing your request or we will refuse to comply with your request by notifying you in advance thereof.
10.7. What important information should be taken into account when exercising the rights of the data subject?
- You should take into consideration that in the event of modification, erasure, restriction, termination or transferability of Personal Data, the partial or total suspension of services/processes is possible. If you exercise your data subject's rights, this does not mean that we will stop processing your Personal Data completely. In this case, however, we will have the right to process your Personal Data, for example, to exercise or defend legal rights and interests, to bring claims, the rights of another natural or legal person.
- By withdrawing your consent to the processing of Personal Data for the respective purpose, we will no longer process your Personal Data. However, if you withdraw any of your consents, you must take into account that the processing of data related to that consent will no longer be provided and you may no longer have access to the previous level of options. Withdrawal of consent will not affect the lawfulness of the processing of your Personal Data prior to the withdrawal of consent.
10.8. What are your responsibilities as a data subject?
- It is important to us that we have true and up-to-date information about your Personal Data. If there have been any changes in your Personal Data, as well as if you have established that we process inaccurate or incomplete Personal Data, we ask you to inform us within a reasonable time of the need to make corrections in the respective data. In this case, we have the right to require you to provide supporting documents.
- Within the framework of communication and cooperation, we may ask you to provide additional identifying information, if such is required so that we can verify that the communication or cooperation takes place directly with you as a data subject and that you are the person who submitted and signed the request. If you do not provide us with the additional information requested or if we have any doubts about the identity of the requesting entity, then in this case we may postpone the processing of your request until we are fully convinced of your identity.
- You are obliged to get acquainted with this Privacy Policy before commencing the cooperation with us, as well as to introduce it to everyone who is related to you and whose interests may be affected in the processes of Personal Data processing. We expect that the data you provide will not affect the interests of other persons, but if the data is directly related to another person, we expect you to inform us on such without delay. In cases where you have the opportunity to provide access or share services provided by us with another person, you shall be responsible for informing these other persons about the processing of the data and the obligations arising therefrom.
11. How to contact us?
In case of questions related to the processing of your Personal Data, we invite you to contact us by writing an e-mail to info@stelecom.bg, calling +359 56 940 301 or visiting our customer service centre, where you will be provided with all the necessary information. You may request the exercise of your rights in accordance with Clause 10 of this Privacy Policy.
12. How will we provide up-to-date information on the processing of Personal Data?
In order for you to always have up-to-date information about the processing of your Personal Data, we will ensure the review and updating of this Privacy Policy in accordance with the requirements of regulatory enactments. Therefore, we invite you to regularly get acquainted with the current version of the Privacy Policy on our website stelecom.bg or in the customer service centre. If we make changes to the Privacy Policy, we will inform you about it with a notice on our website stelecom.bg. In case of significant changes, we will inform you using other communication channels as well.
1. General provisions
1.1. When processing Personal Data, we ensure the confidentiality of your Personal Data and implement appropriate technical and organisational measures to protect your Personal Data from unauthorised access, unlawful processing or disclosure, accidental loss, modification or destruction.
1.2. This Privacy Policy applies to any natural person (data subject) whose Personal Data we process. For matters relating to employment relationships, we provide additional information separately.
1.3. This Privacy Policy does not apply to data processing activities performed by other merchants, including if you visit another merchant's website or use their service. In such cases, we recommend you to get acquainted with the Personal Data security guarantees provided by the respective merchant.
1.4. We first invite you to familiarise yourself with the terms used in this Privacy Policy:
1.4.1. You – you as a natural person whose Personal Data we process.
1.4.2. Personal Data – any information that relates or could relate to you as an identified or identifiable natural person ("data subject").
1.4.3. Consent – your free, unequivocal statement of intent by which you consent to the processing of your Personal Data for a specific purpose.
1.4.4. Processing – any activities we perform with your Personal Data, such as data collection, registration, disclosure, adaptation or modification, storage, alteration, granting of access, etc.
1.4.5. Services – any kind of services and goods that we offer and provide remotely or in person.
1.4.6. Anonymised data – information that is no longer applicable to you, as all personally identifiable elements are excluded from the Personal Data set.
1.4.7. Profiling – the use of your Personal Data for the automated processing of Personal Data, which takes the form of the use of your Personal Data for the purpose of assessing certain personal aspects relating to you.
1.4.8. Data State Inspectorate – an institution that supervises the application of the Regulation in the Republic of Bulgaria.
2. Who performs the processing of your Personal Data?
The controller of your Personal Data processing is the STELECOM SOLUTIONS SPLL, registration No.203799757, legal address: Bulgaria, Burgas, Graf Ignatiev 17, phone: +359 56 940 301, e-mail: info@stelecom.bg.
3. How and what Personal Data do we process?
3.1. The information we obtain about you depends on the product or Service you have applied for or used, including where and how you use the Services we provide and how you have communicated with us.
3.2. We may receive your Personal Data in a number of ways, including:
- When you or your authorised person submit them to us – for instance, when applying for products and Services, concluding a contract, using our Services, submitting an application, request, etc. to us, visiting our customer service centre, contacting us by mail, via e-mail, by phone, subscribing to newsletters, providing us with information about payments made, participating in surveys, etc.
- Data is created using the Services or network provided by us – for instance, when you make calls, send SMS, visit applications, etc.
When visiting our website, cookies may be used, which we inform you about when you are visiting the website. Details of cookies are provided in Section 9 of this Privacy Policy.
- Data can be requested and received from other sources, such as public or private institutions, publicly available registers (credit information and debtors' databases) or third parties.
3.3. We divide the types of Personal Data we mostly collect and process into the following categories:
- Your basic data – these are your identifying data, for example, name, surname, personal identification code, information specified in the identity document (document number, date of issue). Information for contacting you, address of residence, address for receiving correspondence, telephone number, e-mail address, payments, information contained therein, credit history and debt collection data, data of the Service etc.
- Data of your transmitted content – content transmitted by you within certain services, including voice, SMS content, etc.
- Traffic data (electronic communications metadata) – these are data that we process in order to transmit information via the electronic communications network or to prepare invoices to you and register payments, except for the content of the transmitted information, and which allow you to be identified as a data subject.
- Location data (electronic communications metadata) – these are data that we process in the electronic communications network or that we process when you use electronic communications services and that indicate the location of the terminal you are using, including the location of the terminal you are using (address), access point address, GPS, Wi-Fi, etc.
4. For what purposes and on what basis do we process Personal Data?
4.1. Before we start processing your Personal Data, we always evaluate the purposes for which the Personal Data will need to be processed in advance.
4.2. For the security of personal data, we prefer the processing of Anonymised Data to avoid re-identification. However, the nature of the Service, cooperation or event provided often necessitates the processing of identifiable Personal Data.
4.3. We process Personal Data on the basis of your consent, our legitimate (lawful) interests, including in order to fulfil a legal obligation applicable to us (to comply with regulative normative enactments) or to fulfil a contract to which you are a party, or to take action at your request before the conclusion of a contract.
4.4. When starting a cooperation or to provide you with the Service as an existing customer, we can make automated individual decisions regarding you. As part of such automated individual decision-making, Profiling may be carried out, which might take the form of the processing of your Personal Data in order, for instance, to assess whether the relevant product or Service is suitable for your wishes and/or needs, including to assess risks and provide you with consultation in respect of the Services.
4.5. We also make automated individual decisions, including Profiling, regarding your ability to meet payment obligations, creditworthiness assessments and direct marketing, so that not to encumber you with, for instance, with sending you an inapplicable offer, but to automatically forecast the most suitable and appropriate offers for your needs instead by analysing the various types of information available to us.
4.6. We perform automated individual decision-making only on the basis of your consent or agreement (transaction). In some cases, we also make an automated individual decision on the basis of our legitimate interests, if permitted by the relevant regulatory enactments. However, you have the right to ask us to terminate such processing of your data by withdrawing your consent, or if we carry out Profiling based on our legitimate interests – to object to the processing of your data for such purpose.
4.7. We process your Personal Data only for specific and necessary purposes, based on certain legal bases, including our legitimate interests, such as:
- For the purposes of concluding, amending the contract, fulfilling the obligations of the contract, providing/installing of the Service, your identification – we perform data processing on the basis of the law and the contract (transaction).
- For the purposes of administration of the settlements, accounting/financial and tax management – we process data on the basis of law and the contract (transaction).
- For the purposes of solving and processing of questions, objections, etc submitted by you – we perform data processing on the basis of law and the contract (transaction).
- For the purposes of controlling the quality of the Services provided to you and finding out your opinion – we process data on the basis of law and the contract (transaction).
- For the purposes of debt collection – we process data on the basis of law, contract (transaction) and legitimate interests.
- For the purposes of fraud prevention and/or creditworthiness assessment, credit monitoring (credit risk assessment before the sale of a product, Service and/or contract execution) – we process data on the basis of law, contract (transaction), legitimate interests and your consent.
- For the purposes of management of our offers and those of our cooperation partners, for the advertising and distribution of the Services or for commercial purposes – we process data on the basis of legitimate interests and your consent.
- For our organisational management purposes – we process data on the basis of law and legitimate interests.
- For the purposes of determination of statistics and analytics, correlations and trends of processes, services, information systems and network data in order to develop and improve them, to ensure your satisfaction and loyalty – we process data on the basis of a legitimate interests.
5. How do we protect Personal Data?
We guarantee the confidentiality and security of your Personal Data by taking appropriate technical and organisational measures, ensuring the physical and environmental security of Personal Data, restricting access rights to Personal Data, transmitting Personal Data in encrypted form, ensuring protection of computer network, personal devices, data backup, etc. protection measures, thus also ensuring the protection of Personal Data against unauthorised access, use or disclosure.
6. To whom we transfer Personal Data?
6.1. Depending on the specific purpose, in certain cases we transfer your Personal Data to the following recipients:
6.1.1. Cooperation partners with whom we have concluded cooperation agreements. We work with third parties to help us to ensure our operation, deliver, improve, analyse, customise and support our services, and to ensure our organisational and management processes. For example, the exchange of personal data with business partners may involve:
- provision of services (partners providing information system development, maintenance and servicing services, face-to-face and distance sales vendors, equipment installers and equipment repairers, website, mobile application developers and maintainers, etc.),
- provision of payments (e-invoicing service providers, banks, etc.),
- sending and delivery of correspondence (cooperation partners providing invoice printouts, parcel delivery services, including mail, courier mail, etc.),
- provision of security and safety (partners who ensure the safety and security of our employees, visitors and property, and partners who help us ensure the security and protection of our information systems and infrastructure, including against fraud, unauthorised access and other unlawful conduct),
- performance of service quality control (cooperation partners conducting customer satisfaction surveys, etc.),
- performance of marketing activities (partners who send out various types of offers and other types of announcements, carry out customer attraction marketing activities, including promotions, lotteries, competitions),
- provision of organisational management (auditors, auditors, legal service providers, financial consultants or other processors of Personal Data that we engage in the management of organisational, financial management and accounting processes).
6.1.2. Debt collection companies or institutions (debt collectors (including debt collectors under assigned rights)), courts, out-of-court dispute resolution institutions, bankruptcy or insolvency administrators, bailiffs, etc.).
6.1.3. Supervisory authorities (Public Utilities Commission, Consumer Rights Protection Centre, Data State Inspectorate, rescue services, pre-trial investigation institutions and other institutions and institutions in accordance with the requirements of regulatory enactments).
6.1.4. Third parties (legal entities other than data subjects, controllers or processors).
6.2. We may transfer your Personal Data to another person – a person related to us, a successor in title of rights and liabilities, a new owner – in connection with the sale, merger, acquisition, restructuring or sale of property, transfer of service to another person, etc.
6.3. As part of the processing of Personal Data, access to Personal Data is restricted to our authorised employees and those of our partners who require it for the performance of their duties and who process Personal Data only in accordance with the purposes and on the grounds of Personal Data processing, in accordance with the regulatory enactments respective to the Personal Data Protection and the technical and organisational requirements for the processing of Personal Data specified in our internal regulations.
7. Do we transfer your Personal Data outside the EU/EEA?
Personal Data is normally processed in the European Union / European Economic Area (EU / EEA), but in some cases it may be transferred and processed in non-EU / EEA countries. The transfer and processing of Personal Data outside the EU / EEA may take place if it has a legal basis, namely, to fulfil a legal obligation, to conclude or perform a contract, or in accordance with your consent, and if appropriate safety measures have been enforced.
8. How long do we store data?
We retain Personal Data for as long as necessary in order to achieve the purposes set forth in this Privacy Policy, unless longer retention of Personal Data is required or permitted by applicable regulatory enactments. The retention period depends on the purposes for which the data is processed and the criteria we use to evaluate the retention period of your Personal Data, for instance, the retention period may be based on contract, our legitimate interests or applicable regulatory enactments (e.g., on accounting, statute of limitations, civil law, etc.).
9. How we use cookies?
9.1. In order to improve the functionality of our website and to make it easier to use, to obtain information about website traffic statistics and to improve marketing communication, cookies may be used on our website – these are small files that the browser saves on your computer every time you visit the website, to the extent specified in your computer's browser settings. You can get more detailed information about cookies on our website stelecom.bg.
9.2. Unless otherwise provided by regulatory enactments, you have the right to refuse further processing of your data at any time, but in that case, especially if the data is technically relevant, there is a possibility that we will not be able to provide you with this Service to the same extent as before.
10. What are your rights and obligations?
10.1. By submitting a written request to us we grant you the right to: withdraw your consent to the processing of your Personal Data at any time, access your Personal Data, amend your Personal Data, delete your Personal Data, restrict the processing of your Personal Data, transfer your Personal Data, object to your Personal Data processing, including Profiling, to withdraw from the automated individual decision-making.
10.2. You have the right to contact us or the Data State Inspectorate regarding data processing issues. We will review and provide you with an answer and information regarding this Privacy Policy, the purposes and grounds for the processing of Personal Data, and applicable regulatory enactments on data protection. You have the right to file a complaint with the Data State Inspectorate.
10.3. How to submit a request?
You can submit your request in the following ways:
- in person, upon arrival at our customer service centre, presenting an identity document (passport or identity card), where you will be provided with all the necessary information related to the submission of your request, including answers to unclear questions,
- by e-mail, signing the request with a secure electronic signature,
- by regular mail, sending an application signed with a personal signature.
Upon receipt of your request, we will evaluate it and, if necessary, ask you to clarify the scope of the request, the information and the processing operations to which the request relates, as well as to explain the justification and nature of the request.
10.4. How long will it take to process your request?
We will respond to your request without undue delay no later than one month from the receipt of your request. If necessary, taking into account the scope of your request, we have the right to extend the deadline for execution of the request by two months. In this case, we will inform you of the reasons for the extension and delay within one month of receiving the request.
10.5. How will we provide information in respect to your request?
We will provide you with information on your requests in person upon arrival at our customer service centre, in the form of an encrypted e-mail, taking into account, as far as possible, the preferred type of receipt of answers to your requests indicated by you. By choosing to receive information about yourself remotely, for example by post, e-mail, to another recipient, etc., you shall take responsibility for the security of the chosen method of receipt.
10.6. Will you have to pay for the processing of the request?
The processing of your request is provided free of charge. However, if we find that your requests are recurring on a regular basis, are manifestly unreasonable or excessive, we may, depending on the administrative costs of providing the information or communication or performing the requested action (including staff resources), request you to a reasonable fee for processing your request or we will refuse to comply with your request by notifying you in advance thereof.
10.7. What important information should be taken into account when exercising the rights of the data subject?
- You should take into consideration that in the event of modification, erasure, restriction, termination or transferability of Personal Data, the partial or total suspension of services/processes is possible. If you exercise your data subject's rights, this does not mean that we will stop processing your Personal Data completely. In this case, however, we will have the right to process your Personal Data, for example, to exercise or defend legal rights and interests, to bring claims, the rights of another natural or legal person.
- By withdrawing your consent to the processing of Personal Data for the respective purpose, we will no longer process your Personal Data. However, if you withdraw any of your consents, you must take into account that the processing of data related to that consent will no longer be provided and you may no longer have access to the previous level of options. Withdrawal of consent will not affect the lawfulness of the processing of your Personal Data prior to the withdrawal of consent.
10.8. What are your responsibilities as a data subject?
- It is important to us that we have true and up-to-date information about your Personal Data. If there have been any changes in your Personal Data, as well as if you have established that we process inaccurate or incomplete Personal Data, we ask you to inform us within a reasonable time of the need to make corrections in the respective data. In this case, we have the right to require you to provide supporting documents.
- Within the framework of communication and cooperation, we may ask you to provide additional identifying information, if such is required so that we can verify that the communication or cooperation takes place directly with you as a data subject and that you are the person who submitted and signed the request. If you do not provide us with the additional information requested or if we have any doubts about the identity of the requesting entity, then in this case we may postpone the processing of your request until we are fully convinced of your identity.
- You are obliged to get acquainted with this Privacy Policy before commencing the cooperation with us, as well as to introduce it to everyone who is related to you and whose interests may be affected in the processes of Personal Data processing. We expect that the data you provide will not affect the interests of other persons, but if the data is directly related to another person, we expect you to inform us on such without delay. In cases where you have the opportunity to provide access or share services provided by us with another person, you shall be responsible for informing these other persons about the processing of the data and the obligations arising therefrom.
11. How to contact us?
In case of questions related to the processing of your Personal Data, we invite you to contact us by writing an e-mail to info@stelecom.bg, calling +359 56 940 301 or visiting our customer service centre, where you will be provided with all the necessary information. You may request the exercise of your rights in accordance with Clause 10 of this Privacy Policy.
12. How will we provide up-to-date information on the processing of Personal Data?
In order for you to always have up-to-date information about the processing of your Personal Data, we will ensure the review and updating of this Privacy Policy in accordance with the requirements of regulatory enactments. Therefore, we invite you to regularly get acquainted with the current version of the Privacy Policy on our website stelecom.bg or in the customer service centre. If we make changes to the Privacy Policy, we will inform you about it with a notice on our website stelecom.bg. In case of significant changes, we will inform you using other communication channels as well.