Welcome to https://ipconsulting.eu
The website, which was created for the benefit and by order of “IP Consulting” OOD, with VAT: 130947757, with headquarters and management address in the city of Sofia, p.c. 1164, Mitropolit Kiril Vidinski Street No. 6-8, entrance 8, floor 2, office 2, contact phone:
+ 359(2) 816 20 60.
BY USING THIS WEBSITE, YOU AGREE TO THE TERMS REGARDING THE COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY.
PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THIS WEBSITE AND IF YOU HAVE ANY QUESTIONS REGARDING THIS PRIVACY POLICY, PLEASE
CONTACT US AT OFFICE@IPCONSULTING.EU OR +359 (2) 816 20 60. IF YOU DO NOT AGREE WITH ANY OF THE TERMS CONTAINED IN THIS PRIVACY POLICY, YOU MUST NOT USE THIS WEBSITE.
ADMINISTRATOR OF PERSONAL DATA
“IP Consulting” OOD (hereinafter referred to as “Administrator”) is a limited liability company, with VAT: 130947757, with its headquarters and management address in the city of Sofia, p.c. 1164, Mitropolit Kiril Vidinski Street No. 6-8, entrance 8, floor 2, office 2, contact phone: + 359(2) 816 20 60 and website: https://ipconsulting.eu.
SUPERVISOR:
Commission for the Protection of Personal Data Address: Sofia, p.k. 1592, 2 Prof. Tsvetan Lazarov Blvd
Contact details: 02/915 35 18; 02/915 35 15; 02/915 3519; kzld@cpdp.bg, www.cpdp.bg
I. PURPOSES AND SCOPE OF THE PRIVACY POLICY
1.1 The administrator understands the considerations of the visitors of this website regarding the protection of personal data and is committed to protecting their personal data by applying all standards for the protection of personal data according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 year on the protection of natural persons in relation to the processing of personal data and on the free movement of such data and on the repeal of Directive 95/46/EC. With this Privacy Policy, the Administrator respects the inviolability of the personality of natural persons and makes all necessary efforts to protect the personal data of natural persons against illegal processing by applying technical and organizational measures to protect personal data, which measures are fully in line with modern technological achievements and provide a level of protection that corresponds to the risks associated with the processing and the nature of the data to be protected.
1.2 With this Privacy Policy and in compliance with the requirements of Regulation (EU) 2016/679, the Administrator provides information regarding:
– the purposes and scope of the privacy policy;
– personal data collected and processed by the Administrator;
– the purposes of personal data processing;
– period of storage of personal data;
– mandatory and voluntary nature of providing personal data;
– processing of personal data;
– protection of personal data;
– the recipients or categories of recipients to whom the data may be disclosed;
– rights of natural persons;
– order for exercising the rights;
– right to object;
– buttons, tools and content from other companies;
– changes to the privacy policy.
II. DEFINITIONS
2.1 In the sense of Regulation (EU) 2016/679 and this policy, the specified terms have the following meaning:
Personal Data means any information relating to an identified natural person or an identifiable natural person (“data subject”); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, the physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person.
Processing of personal data means any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission , distribution or other way in which the data is made available, arranged or combined, restricted, deleted or destroyed.
Restriction of processing means marking stored personal data in order to limit their processing in the future.
Profiling means any form of automated processing of personal data, consisting in the use of personal data to assess certain personal aspects related to a natural person, and more specifically to analyze or predict aspects related to the performance of professional duties of that an individual, their economic status, health, personal preferences, interests, reliability, behavior, location or movement.
Administrator means a natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of this processing are determined by Union law or the law of a Member State, the controller or the special criteria for its determination may be established in Union law or in the law of a Member State.
Personal data processor means a natural or legal person, public body, agency or other structure that processes personal data on behalf of the controller.
Recipient means a natural or legal person, public body, agency or other structure to which personal data is disclosed, whether or not it is a third party. At the same time, public authorities that may receive personal data within the framework of a specific investigation in accordance with Union law or the law of a Member State are not considered “recipients”; the processing of this data by the specified public authorities complies with the applicable data protection rules in accordance with the purposes of the processing.
Third party means a natural or legal person, public body, agency or other body other than the data subject, the controller, the personal data processor and the persons who, under the direct supervision of the controller or the personal data processor, have the right to process the personal data.
Consent of the data subject means any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or a clear affirmative action, which expresses his consent to the personal data relating to him to be processed.
Personal data breach means a security breach that results in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data that is transmitted, stored or otherwise processed.
III. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA
DATA
3.1 The administrator follows the following principles when processing personal data for natural persons, namely:
Personal data is processed lawfully, in good faith and in a transparent manner with respect to the data subject (“lawfulness, good faith and transparency”);
Personal data are collected for specific, explicitly stated and legitimate purposes and are not further processed in a manner incompatible with these purposes;
Personal data is relevant, relevant and limited to what is necessary in relation to the purposes for which it is processed (“data minimization”);
Personal data are accurate and, if necessary, kept up-to-date (“accuracy”);
Personal data is stored in a form that allows the identification of the data subject for a period no longer than is necessary for the purposes for which the personal data is processed (“storage limitation”);
Personal data are processed in a way that ensures an appropriate level of personal data security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, by applying appropriate technical or organizational measures (“integrity and confidentiality”).
IV. PERSONAL DATA COLLECTED AND PROCESSED BY THE ADMINISTRATOR
A. Processing of special categories of personal data (“sensitive data”)
4.1 The administrator does not collect or process special categories of personal data, such as: personal data revealing racial or ethnic origin, political views, religious or philosophical beliefs or membership in trade unions, genetic data, biometric data for the sole purpose of identifying a natural person , data on the state of health or data on the sex life or sexual orientation of the natural person. Individuals should not provide such sensitive data to the Administrator. In the event that the natural person intentionally provides sensitive data to the Administrator, the Administrator undertakes to delete them immediately.
B. Personal data collected directly from individuals
Personal data collected directly from individuals when individuals contact the Administrator by telephone
5.1 Individuals provide personal data to the Administrator when they contact the Administrator by telephone. The telephone number for contacting the Administrator is specified in the Administrator’s identification data in this Privacy Policy and in the “Contacts” menu or in the bottom part of the website, where the Administrator’s contact information is provided. When the person contacts the Administrator by telephone, the Administrator collects and processes only the name and telephone number of the individual, and in some cases the e-mail address of the individual. This data is processed for the purposes of communication with the individual. The processing of these personal data is necessary for actions preceding the conclusion of a contract and undertaken at the request of the individual, namely providing more information about the services offered by the Administrator in connection with the possible conclusion of a contract with the individual.
The administrator uses the services of a telephone service provider, which provider is located in the Republic of Bulgaria.
Personal data collected directly from individuals when individuals contact the Administrator through the contact form on the site to contact the Administrator
5.2 Individuals provide personal data to the Administrator when they contact the Administrator by sending a message using the contact form on the Administrator’s website located in the “Intellectual Property Consultations” menu. When the person sends a message to the Administrator using the contact form, the Administrator collects and processes the name of the natural person, the e-mail address, the domain address of a website (optional field), as well as the rest of the information that the person provides in the sent message such as an address. This data is processed for the purposes of communication with the individual and record keeping. The processing of these personal data is necessary for actions preceding the conclusion of a contract and undertaken at the request of the individual, namely providing more information about the services offered by the Administrator in connection with the possible conclusion of a contract with the individual.
Personal data collected directly from individuals when individuals contact the Administrator by e-mail
5.3 Individuals provide personal data to the Administrator when they contact the Administrator by e-mail. The Administrator’s e-mail address is specified in the Administrator’s identification data in this Privacy Policy and in the “Contacts” menu or in the bottom part of the website, where the Administrator’s contact information is provided. When the person sends an email to the Administrator, the administrator collects and processes the e-mail address, as well as the other information that the person provides in the sent e-mail, such as: name, telephone number, address. This data is processed for the purposes of communication with the individual and record keeping. The processing of these personal data is necessary for actions preceding the conclusion of a contract and undertaken at the request of the individual, namely providing more information about the services offered by the Administrator in connection with the possible conclusion of a contract with the individual.
C. Personal data of individuals provided by third parties
6.1 The administrator normally does not receive personal data about individuals from third parties. However, in some cases, if the Administrator has reasonable grounds to suspect that a natural person is infringing intellectual property rights and other similar cases, then the Administrator has the right to obtain personal data of the suspected person from public records, such as: register, the Register of Registered Trade Marks maintained by the European Union Office for Intellectual Property and the like. This data may be collected and processed for the purpose of filing an infringement claim against the infringer. The processing of personal data collected from a public register is necessary for the purposes of the legitimate interests of the Administrator, which legitimate interests are filing a claim for a committed violation against the offender, and also on a legal basis
D. Data Collected Automatically
7.1 When visiting the website, the Administrator may automatically collect the following data, namely:
Internet Protocol (IP) address of the device from which the individual accesses the Platform (usually used to identify the country or city from which the individual accesses the Platform);
Type of device from which the natural person accesses the platform (for example, computer, mobile phone, tablet, etc.);
Type of operating system;
Browser type;
The specific actions that the individual takes, including the pages visited, the frequency and duration of website visits; Date and time of visits. The collection and processing of these personal data is necessary to realize the legitimate interests of the Administrator, which legitimate interests are facilitating the use of the website and improving the functionality of the website.
V. COOKIES
8.1 Individuals can obtain more information about how the Administrator uses cookies by reading the Cookie Policy.
VI. PURPOSES FOR WHICH PERSONAL DATA IS PROCESSED
9.1 The Administrator collects and processes the personal data of the natural persons, which are provided directly by them only for the following purposes, namely: for the purpose of providing services that the Administrator offers and identifying the natural persons (future and current customers);
– to make contact with the individual via e-mail, so that the Administrator can respond to the inquiry received by the individual;
– for the performance of obligations under a contract to which the natural person to whom the data relates is a party, as well as for actions preceding the conclusion of a contract and undertaken at his request;
– to fulfill a legally established obligation of the Personal Data Administrator, in accordance with the applicable law;
– accounting purposes;
– statistical purposes.
9.2 The administrator collects and processes the personal data of natural persons, which have been collected automatically for the following purposes, namely:
– improving the efficiency and functionality of the website;
– preparation of anonymous statistical data on the way the website has been used;
– to provide better service;
– to administer the website;
– adaptation of the website to the preferences of individuals.
9.3 The administrator has no right to use the personal data of individuals for purposes other than the purposes specified in this section of this Personal Data Protection Policy.
VII. STORAGE PERIOD OF PERSONAL DATA
10.1 Inquiries and correspondence by e-mail: The Administrator stores personal data and received e-mail messages for a period necessary to respond to the received message and to satisfy the request of the individual, as well as for a period of one year after the Administrator has responded to the received message.
10.2 Personal data of persons who have made an inquiry using the contact form on the website, namely:
– for persons who did not become clients of the Administrator within one month of sending the request: personal data are stored for a period of three months after sending the request;
– for persons who have become clients of the Administrator: personal data are stored for a period of 10 years after the execution of the service assigned by the client to the Administrator.
10.3 Personal data of persons who have made an inquiry by telephone, namely:
– for persons who have not become clients of the Administrator within one month of making the inquiry by telephone: personal data are stored for a period of three months;
– for persons who have become clients of the Administrator: personal data are stored for a period of 10 years after the execution of the service assigned by the client to the Administrator.
B. Criteria for determining the period for which personal data will be stored
10.4 In other cases not specified above, the Administrator will store the personal data of the natural person for no more than necessary, bearing in mind the following criteria, namely:
– whether the Administrator undertakes to comply with a legal obligation to continue processing the personal data of the natural person;
– the purpose of storing the personal data both now and in the future;
– whether a contract has been concluded between the Administrator and the individual and the Administrator is obliged to continue processing personal data in order to fulfill the obligations under the contract; – purposes for using personal data now and in the future; – whether it is necessary to make contact with the natural person in the future;
– whether the Administrator has a legal basis to continue processing the personal data of the individual;
– any other legitimate reasons, such as the nature of the relationship with the individual.
VIII. MANDATORY AND VOLUNTARY NATURE OF PROVIDING PERSONAL DATA
11.1 The personal data that are required to be provided by individuals are in accordance with the services offered by the Administrator and are mandatory. The provision of personal data by individuals is voluntary. In case the provision of personal data is refused:
– The Administrator will not be able to provide the service desired by the individual or information about the service offered by the Administrator
– The administrator will not be able to receive the email from the user if the latter does not fill in the necessary information in the contact form.
IX. PROCESSING OF PERSONAL DATA
12.1 The administrator processes the personal data of natural persons through a set of actions that can be performed by automatic or non-automatic means.
12.2 The Administrator processes the personal data of individuals independently or by assigning data processors on behalf of the Administrator, who are accounting service providers, hosting service providers, providing website traffic analysis services.
X. PROTECTION OF PERSONAL DATA
13.1 The administrator takes the necessary technical and organizational measures to protect personal data from accidental or illegal destruction, or from accidental loss, from unauthorized access, modification or distribution, as well as from other illegal forms of processing, namely:
– all personal information that the individual provides to the Administrator is stored on secure and reliable servers and folders;
– when exercising the right of access by the natural person, the Administrator verifies the identity of the natural person before providing him with the requested information.
13.2 In case you wish to receive detailed information about the technical and organizational measures, please do not hesitate to contact us at + 359 (2) 816 20 60 or at office@ipconsulting.eu.
XI. RECIPIENTS TO WHOM PERSONAL DATA MAY BE DISCLOSED
14.1 The administrator has the right to disclose the processed personal data to the following categories of persons, namely:
– to the natural persons to whom the data refer;
– to persons, if provided for in a legal act, for example state bodies;
– to persons processing personal data who provide services for the benefit of the Administrator’s business activities, such as providers of accounting services, providers of hosting services, and these persons are bound by an obligation to observe confidentiality, and also these persons have provided sufficient guarantees for the application of appropriate technical and organizational measures in such a way that the processing takes place in accordance with the requirements of the Regulation and ensures the protection of the rights of natural persons.
14.2 The administrator does not sell personal data provided by the individual to third parties.
XII. RIGHTS OF NATURAL PERSONS.
Right of access.
15.1 The natural person has the right to receive from the Administrator confirmation as to whether personal data related to him/her are being processed and, if so, to access the data – the relevant categories of personal data.
Right to rectification
15.2 The individual has the right to request the Administrator to correct inaccurate personal data relating to him without undue delay. Considering the purposes of the processing, the natural person has the right to have incomplete personal data completed, including by adding a declaration.
Right to erasure (right to be forgotten)
15.3 The natural person has the right to request from the Administrator the deletion of the personal data related to him without undue delay, and the Administrator has the obligation to delete the personal data without undue delay when any of the grounds specified in Article 17 of Regulation 2016/679 are applicable.
Right to restriction of processing
15.4 The natural person has the right to demand from the Administrator a limitation of processing when one of the conditions specified in Article 18 of Regulation 2016/679 applies. When processing is restricted, such data are processed, with the exception of their storage, only with the consent of the individual or for the establishment, exercise or defense of legal claims or for the protection of the rights of another individual or for important reasons of public interest for the Union or a Member State. When the natural person has requested restriction of processing, the Administrator informs him before canceling the restriction of processing.
Right to data portability
15.5 The natural person has the right to receive the personal data concerning him and which he has provided to an administrator in a structured, widely used and machine-readable format, where the processing is based on consent in compliance or a contractual obligation and the processing is carried out in automated way.
Right to object
15.6 The natural person has the right, at any time and on grounds related to his particular situation, to object to the processing of personal data concerning him. Pursuant to Art. 21, paragraph 4 of Regulation 2016/679, the natural person is expressly notified of the existence of the right to object, which is presented in a clear manner and separately from any other information. To fulfill this obligation, more information about the right to object can be found in the section below entitled “Right to object”.
Right to withdraw consent
15.7 The natural person has the right to withdraw the consent given by him at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal. An individual may withdraw their consent in the manner set forth in Section XIV of this Privacy Policy or by selecting the “unsubscribe” option when receiving a newsletter.
Profiling rights
15.8 The natural person has the right not to be subject to a decision based solely on automated processing, including profiling, which gives rise to legal consequences for the data subject or similarly significantly affects the data subject.
Right to be notified of a breach of personal data security
15.9 When the breach of personal data security is likely to create a high risk for the rights and freedoms of individuals, the individual must be notified without undue delay of the breach of personal data security.
Right to judicial and administrative protection Right to file a complaint with a supervisory authority
15.10 The natural person has the right to lodge a complaint with a supervisory authority, in particular in the Member State of habitual residence, place of work or place of the alleged violation, if the natural person considers that the processing of personal data concerning him violates the provisions of The regulation.
Right to an effective judicial remedy against a supervisory authority
15.11 Every natural and legal person has the right to effective judicial protection against a binding decision of a supervisory authority concerning him. Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.
Right to effective judicial protection against a controller or processor of personal data
15.12 Without prejudice to any available administrative or non-judicial remedies, including the right to lodge a complaint with a supervisory authority, an individual has the right to an effective judicial remedy where they consider that their rights under the Regulation have been infringed as a result of processing of his personal data that is not in accordance with the Regulation. Proceedings against an administrator or processor of personal data shall be instituted before the courts of the Member State in which the Administrator or processor of personal data has its place of establishment.
Right to compensation for damages suffered
15.13 Any person who has suffered material or non-material damages as a result of a violation of the Regulation has the right to receive compensation from the Administrator or the processor of personal data for the damages caused. Legal proceedings in connection with the exercise of the right to compensation shall be instituted before the courts of the Member State in which the Administrator or personal data processor has its place of establishment.
XIII. ORDER FOR EXERCISE OF RIGHTS
16.1 Individuals exercise their right to withdraw consent, the right of access, the right to deletion, correction, the right to limit processing, the right to data portability, the right to object and the right to profiling, by submitting a written request to the Administrator (or by mail to the address specified in the Administrator’s identification above in this privacy policy or by sending an email), which should contain the following information:
name, address and other identification data of the relevant natural person;
description of the request;
signature, date of submission of request and e-mail address.
16.2 The request is made personally by the individual. The administrator files the requests submitted by individuals in a separate register.
16.3 After the natural person exercises his right of access to personal data concerning him, the Administrator verifies the identity of the natural person before responding to the request. This is necessary to minimize the risk of unauthorized data access and identity theft. In the event that the Administrator cannot identify the individual from the collected personal data, then the Administrator has the right to request a copy of documents that identify the individual (such as an identity card, driver’s license, other documents that contain personal data that may identify the natural person).
16.4 The administrator examines the request and provides the individual with information about the actions taken in relation to the request within two months of receiving the request. If necessary, this period can be extended by another month, taking into account the complexity and number of requests.
16.5 The administrator informs the individual of any such extension within one month of receiving the request, indicating the reasons for the delay. When the individual submits a request by electronic means, if possible, the information shall be provided by electronic means, unless the individual has requested otherwise.
16.6 If the Administrator does not take action on the individual’s request, the Administrator shall notify the person without delay and at the latest within one month of receiving the request of the reasons for not taking action and of the possibility of submitting a complaint to a supervisory authority and seeking protection judicially.
16.7 The administrator undertakes to communicate any rectification, deletion or restriction of processing to any recipient to whom the personal data has been disclosed, unless this is impossible or requires a disproportionately large effort. The administrator informs the individual about these recipients if the individual so requests.
XIV. RIGHT OF OBJECTION
17.1 The natural person has the right, at any time and on grounds related to his particular situation, to object to the processing of personal data concerning him. Pursuant to Art. 21, paragraph 4 of Regulation 2016/679, the natural person is expressly notified of the existence of the right to object, which is presented in a clear manner and separately from any other information. To fulfill this obligation, more information about the right to object will be provided in this section of this privacy policy.
17.2 The natural person has the right, at any time and on grounds related to his particular situation, to object to the processing of personal data concerning him, in cases where the processing is necessary for the performance of a task of public interest or in the exercise of official powers that have been granted to the Administrator or the processing is necessary for the purposes of the legitimate interests of the Administrator or a third party, except when the interests or fundamental rights and freedoms of the natural person that require the protection of personal data take precedence over such interests -especially when the individual is a child. The administrator undertakes to stop the processing of personal data, unless he proves that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of the natural person, or for the establishment, exercise or defense of legal claims. Individuals exercise their right to object by submitting a written request to the Administrator by mail at the address specified in the Administrator’s identification above in this privacy policy or by sending an email.
17.3 Where personal data are processed for the purposes of direct marketing, the natural person has the right at any time to object to the processing of personal data concerning him for this type of marketing, which includes profiling in so far as it is related to direct marketing. When the natural person objects to processing for the purposes of direct marketing, the processing of personal data for these purposes is terminated. Individuals exercise their right to expression by submitting a written request to the Administrator by mail at the address indicated in the Administrator’s identification above in this privacy policy or by sending an email indicating that he does not wish to receive advertising communications.
XV. LINKS, TOOLS AND CONTENT FROM OTHER COMPANIES
18.1 The website contains buttons, tools or content that link to services of other companies, such as the “Google Plus” button, the “Linkedin” button and others. All sites of such companies that can be accessed through this website are independent and the Administrator does not assume any responsibility for damages and losses resulting from the use of these sites. Individuals use these sites at their own risk and are advised to consult the relevant Privacy Policy of the respective company for more information.
XVI. CHANGES TO PRIVACY POLICY
19.1 This Privacy Policy may be updated at any time in the future. When this happens, the changed policy will be posted on this website with a new “Last Modified” date at the top of this Privacy Policy and will be effective from the date of posting. Therefore, it is recommended that you periodically check this Privacy Policy to ensure that you are aware of any changes. By using the website after the updated Privacy Policy is posted, you will be deemed to agree to the changes.
XVII. CONTACTS
20.1 In case you have any further questions regarding this Privacy Policy, please do not hesitate to contact:
+ 359 (2) 816 20 60 or at office@ipconsulting.eu.
