Privacy notice

Information about the Company, which processes your personal data:

Legal name

PROOF LTD.

UIN/BULSTAT

203955697

Seat and registered office

No 9, Dunav Str, Oborishte district, Sofia, Bulgaria

Address of correspondence

No 9, Dunav Str, Oborishte district, Sofia, Bulgaria

Telephone number

+359 888 726 681

E-mail

sayhello@proof.bg

 

Website

proof.bg

 

Information about the Personal Data Protection Officer:

Legal name

PROOF LTD.

Address of correspondence

No 9, Dunav Str, Oborishte district, Sofia, Bulgaria

Telephone number

+359 888 726 681

E-mail

sayhello@proof.bg

 

Information about the Supervisory authority:

Legal name

Commission for personal data protection

Seat and registered office

2 Prof. “Tsvetan Lazarov” Blvd., Sofia 1592, Bulgaria

Address of correspondence

2 Prof. “Tsvetan Lazarov” Blvd., Sofia 1592, Bulgaria

Telephone number

02 915 3 518

Website

www.cpdp.bg

 

The basis for the collection, processing and storage of your personal data

Art. 1. Proof Ltd collects and processes your personal data in connection with the use of the website https://agencyproof.com/, as well as your application for work with us and conclusion of contracts with the company on the basis of Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular under the following:

  • Obtained explicit consent from you;
  • Fulfilling the Data Controller's obligations under a contract with you or taking steps to conclude one;
  • Compliance with a legal obligation that applies to the Data Controller;
  • Processing is necessary for the purposes of the legitimate interests pursued by the Company or by a third party;
  • Taking steps at your request to enter into a contract if you are a job applicant.

 

Objectives and principles in the course of collection, processing and storage of your personal data

Art. 2. (1) We collect and process the personal data which you provide us in relation to the use of the website https://agencyproof.com/, processing inquiries sent through the website, as well as providing all the functionalities of the website, your application for employment with us and entering into contracts with the company, including for the following purposes:

  • individualization of a party to the contract;;
  • accounting purposes;
  • statistical purposes;
  • protection of information security;
  • implementation of communication and answers to inquiries;
  • selection of job candidates;
  • use of the company's website;
  • ensuring the performance of the contract for the provision of the relevant service;
  • certifying the quality of the person requesting access to certain information.

(2) The Company adheres to the following Principles in the course of processing of your personal data:

  • lawfulness, fairness and transparency;
  • purpose limitation of the processing personal data;
  • proportionality with the processing purposes and data minimisation;
  • accuracy and relevance of the data;
  • storage limitation in accordance with purpose achievement;
  • integrity and confidentiality of the processing and ensuring an adequate level of security of the personal data.

(3) In the course of processing and storage of personal data, the Controller is entitled to process and store the personal data for the purposes of performing its legal obligations and protecting the following legitimate interests:

  • to perform its obligations towards state and municipal bodies and perform its obligations under the applicable legislation and regulations;
  • protection against claims against the Company.

 

What type of data do we collect, process and store

Art. 3. The Company carries out the following operations with the personal data you provide for the following purposes:

  • Organizing and conducting an online campaign for a client - the purpose of the operation is to establish contact with the participant by email for the purposes of the campaign; identification of the data subject as a participant in the event; Providing the opportunity to participate in the online campaign through its functionalities – games, raffles and others; Making an inquiry or request from the individual for the use of products or services and providing feedback to him on this occasion. In its relations with its customers, the Company processes data in its capacity as a processor of the data assigned to it for processing by the customers. This also applies in the case of campaigns, landing pages, marketing activities, games, sites, Facebook groups and pages and others. In this case, the Company takes preliminary actions to ensure that your personal data is processed lawfully and according to GDPR requirements and complies with the express instructions of the customer (the data controller) in the processing. After completion of the relevant activity, the Company transfers the data to the customer (the Data Controller) and deletes them in its database.
  • Conclusion and performance of a contract with a commercial partner - the purpose of this operation is the conclusion and execution of a contract with a commercial partner and its administration. In some cases, the purpose of the operation may be the protection of the legitimate interests of the company in the course of performing the contract. Due to the limited scope of the collected personal data and the fact that some of the personal data is collected from publicly available sources, an impact assessment is not necessary for this operation.
  • Conclusion and performance of a contract with a client - the purpose of this operation is the conclusion and execution of a contract with a client and its administration. In some cases, the purpose of the operation may be the protection of the legitimate interests of the company in the course of performing the contract. Due to the limited scope of the collected personal data and the fact that some of the personal data is collected from publicly available sources, an impact assessment is not necessary for this operation.
  • Conclusion and performance of an employment or a civil contract - the purpose of this operation is to conduct a selection for the appointment of employees or persons on a civil contract, the conclusion of the contract and its administration and implementation by the company.

Conclusion of the impact assessment: Based on the impact assessment carried out, the operation "Conclusion and performance of an employment or civil contract" is permissible to carry out and provides sufficient guarantees to protect the rights and legitimate interests of the data subjects in accordance with the requirements of the GDPR.

  • Processing of inquiries sent through the website contact form and data – the purpose of this operation is to establish contact with the inquirer by email for the purpose of identifying the data subject as the inquirer and sending a reply to the inquiry. Given the limited scope of personal data collected, the Personal Data Protection Officer considers that it is not necessary to carry out an impact assessment of the operation.

 

Art. 4. (1) The Data Controller processes the following categories personal data and information for the following purposes and on the following grounds:

  • Data usually collected and processed by Proof Ltd. on behalf of its clients when conducting online campaigns: names/designation of the client, e-mail, social network profile, address, telephone)
  • Purpose for which the data is collected: The purposes of processing are determined by the data administrator - a client of Proof Ltd.;
  • Grounds for processing your personal data - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract - Art. 6, para. 1, letter (b) GDPR;
  • IP address data - Improving service security and interface localization, statistical and marketing research;
  • Purpose for which the data is collected: The company processes personal data for IP address of an individual, visitor of the website, for the purpose of improving the security of the service and identification of the user as a person using the services from Bulgaria or another country.
  • Grounds for data processing: The IP address is collected without it being possible to identify a specific individual, ie. the data is collected in an anonymized form on the ground of realization of the legitimate interests of the Data Collector - art. 6, para. 1, letter (f) of the GDPR.
  • The collection of this data is necessary for the technical functioning of the site.
  • Personal data for sending a response to an inquiry sent through the forms on the company's website: (names, e-mail address)
  • Purpose for which the data is collected: 1) Identification of the inquirer and 2) Making contact with the inquirer through the forms on the website and sending a response to the inquiry.
  • Grounds for processing your personal data - Your personal data for making inquiries for digital marketing services and other inquiries are processed on the basis of taking steps to conclude a contract or to perform a contract - Art. 6, para. 1, letter (b) GDPR, as well as for the purposes of the legitimate interests of the Data Collector - Art. 6, para. 1, p. (f) the GDPR, namely contacting the inquirer.
  • Personal data of candidates for job/internships: (for the selection of job candidates we process names, telephone number, email address, social media profile and personal data that you have sent us in your CV and cover letter);
  • Purpose for which the data is collected: 1) Individualization of the candidate; 2) Communication with the candidate 3) Selection of candidates.
  • Grounds for processing your personal data - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract - Art. 6, para. 1, letter (b) GDPR.
  • Data for concluding a contract with a partner / client - natural person: (names, personal identification number, address, telephone number, e-mail address)
  • Purpose for which the data is collected: 1) Identification of the person as a partner / client, 2) Communication and 3) Execution of the contract.
  • Grounds for processing your personal data - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract - Art. 6, para. 1, letter (b) GDPR.

(2) Data collected for legal entities represented by you (e.g. name, registered office and address of management, etc.) do not constitute personal data within the meaning of the GDPR.

(3) The Data Controller does not collect or process personal data related to the following:

  • revealing racial or ethnic origin;
  • disclosing political, religious or philosophical beliefs, or trade union membership;

genetic and biometric data, health data or data on sexual life or sexual orientation.

(4) Personal data is collected by the Data Collector from the persons to whom it relates.

(5) The Company does not perform automated data decision making.

(6) The company does not collect and process data for persons under 14 years of age, except with the express consent of their parents or legal representatives.

 

Duration of personal data storage

Art. 5. (1) Proof Ltd. stores your personal data as a candidate for job/internship for period no longer than 6 months from the moment of completion of recruitment and selection procedures of employees / interns. After the expiration of the term, Proof Ltd makes all reasonable efforts to delete and destroy all of your personal data without undue delay or to make them anonymize (ie to make them in a form that does not reveal your identity), unless you give your explicit consent your personal data to continue to be stored and processed in the future.

(2) In case that the unapproved candidate for job/internship has provided original or notarized copies of documents certifying physical and mental fitness, qualification degree, professional experience or other circumstance, the Company returns these documents to the candidate within 6 months from the end of the selection.

(3) Proof Ltd. stores the personal data of the legal representatives of the legal entities - parties to a contract or the natural persons-partners or customers under a contract with the company indefinitely, for the purposes of protecting the legitimate interest of Proof Ltd. and fulfilling its legal obligations to state bodies and institutions.

(4) Proof Ltd. processes your personal data provided through the website of the Company until the express withdrawal of the given consent by the individual.

(5) The Data Controller processes your personal data provided on the legal ground of consent, until the explicit withdrawal of this consent.

(6) The Data Controller informs you in case that the period for the storage of personal data is necessary to be extended in regard to performing legal obligation or in regard to legitimate interests of the Company or other.

(7) The Data Controller stores the personal data that it is necessary to keep under the applicable law for the relevant period.

 

Transmission of your personal data for processing

Art. 6. (1) The Data Controller is allowed on its own discretion to transmit part or all of your personal data to personal data processors for performing the purposes of processing which you have agreed, in compliance with the requirements of Regulation (EU) 2016/679 (GDPR).

(2) The Data Controller informs you in case of intention to transmit part or all of your personal data to third countries or international organizations.

 

Your rights in the course of collection, processing and storage of your personal data

 

Withdrawal of consent for the processing of your personal data

Art. 7. (1) If you do not wish all or part of your personal data, which are processed on the ground of given consent to continue to be processed by Proof Ltd.  for specific or all purposes of processing, you may at any time withdraw your consent to processing by sending request in free text to us or through functionality provided by us in Appendix № 1.

(2) The Data Controller could request you to certify your identity with the data subject by requesting from you to present identification document on-the-spot.

(3) Withdrawal of consent does not affect the validity of the processing of personal data provided by you until the withdrawal of consent.

(4) The Data Controller may continue to process some or all of your data if there is a legal obligation to do so or for the purpose of protecting its legitimate interests.

(5) You can at any time withdraw your consent to the processing of your personal data for direct marketing purposes.

 

Right of access

Art. 8. (1) You have the right to request and receive confirmation from the Data Controller whether personal data related to you are processed.

(2) You have the right to access data related to you, as well as information related to the collection, processing and storage of your personal data.

(3) The Data Controller provides you with a copy of the processed personal data related to you, in electronic or other appropriate form, upon request.

(4) Providing access to data is free of charge, but the Data Controller reserves the right to impose an administrative fee in case of repetitive or excessive requests.

 

Right to correct or complete

Art. 9. You have the right to demand the Data Controller:

  • to rectify inaccurate or incomplete information concerning you directly;
  • to complete inaccurate or incomplete information concerning you directly.

 

Right to erasure (“Right to be forgotten“)

Art. 10. (1) You have the right to request the Data Controller to erase all or part of your personal data, and the Data Controller has the obligation to erase such data without undue delay, when one of the following grounds applies:

  • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You have withdrawn your consent on which the processing is based and where there is no other ground for processing;
  • You have objected to the processing of personal data, relating to you, including for the purposes of the direct marketing, and there are no legal grounds for the processing, which have advantage;
  • The personal data have been unlawfully processed;
  • Personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject
  • The personal data have been collected in relation to the offer of information society services.

(2) The Data Controller is not obliged to erase the personal data, if he collects and process them:

  • For exercising the right of freedom of speech and the right of information;
  • For compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • For reasons of public interest in the area of public health;
  • For archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
  • For the establishment, exercise or protection against legal claims.

(3) In case of an exercised right “to be forgotten”, the Company shall erase all your personal data, except for:

  • Information which is necessary to certify that your right “to be forgotten” has been exercised;
  • Technical information for the functioning of the website which cannot be connected to your personality;

(4) To exercise your right to be forgotten, you need to send request in free text or on the completed form in Annex № 2 by e-mail.

(5) The Data Collector may ask you to verify your identity with the identity of the data subject ((including by sending a confirmation from the e-mail address provided by the visitor, presentation of an identification document on the spot or any other means appropriate under the circumstances at the discretion of the Data Collector).

(6) Once we have verified the identity of the person making the request and the person to whom the data relates in accordance with the steps above, and if there are grounds for doing so, we will delete all data we process about you in accordance with para. 3.

(7) The Data Controller does not erase the personal data which it has a legal obligation to store or which is necessary for proving its legitimate rights against claims against the Company.

 

Right to restriction of processing

Art. 11. You have right to request the Controller to restrict the processing of the personal data, concerning you, when:

  • The accuracy of the personal data is contested by you, for a period, which allows the Data Controller to check the accuracy of the data;
  • The processing is unlawful, but you oppose the erasure of personal data, and request only for the restriction of their usage;
  • The Data Controller no longer needs the personal data for the purposes of the processing, but you require them for establishment, exercise or defence of legal claims;
  • You have objected to processing pending the verification whether the legitimate grounds of the Data Controller override those of yours.

(2) The Data Controller may request that you verify your identity and identity with the data subject.

(3) In case of exercising your right to restriction, the Company will limit the processing of your data, unless there is a legal basis to continue processing them in their entirety.

 

Right to data portability

Art. 12. (1) In case you have given your consent for the processing of your personal data or the processing is necessary for the performance of the contract with the Data Controller, or in case your data is processed in an automated manner, you can, after identification before the Data Controller:

  • ask the Data Controller to provide you with your personal data in a readable format and transmit it to another Data Controller;
  • ask the Data Controller directly to transmit your personal data to another controller designated by you, when this is technically possible.

(2) You can exercise your right to data portability by submitting a written text or filling in the form in Appendix № 3 by sending an email.

(3) The Data Controller may request that you verify your identity and identity with the data subject.

 

Right to receive information

Art. 13. You have the right to require from the Controller to inform you about all recipients, to whom your personal data, for which has been required rectification, erasure or restriction of processing, have been disclosed. The Controller is allowed to refuse to provide this information if this is impossible or involves disproportionate effort.

 

Right to object

Art. 14. You can object at any time to the processing of personal data by the Data Controller, which relate to you and are processed on the basis of the performance of a task of public interest or for the purposes of legitimate interest.

(2) You can object at any time to the processing of personal data for the purposes of profiling or direct marketing.

(3) You can exercise your right to object by sending a written request to the Company or through the corresponding technical functionality provided, and the Data Controller may ask you to identify yourself as the person to whom the data for which the objection to processing is made.

 

Your rights in case of personal data breach

Art. 15. (1) When the Data Controller detects personal data breach, which is likely to result in a high risk to your rights and freedoms, the Data Controller communicates the personal data breach to you without undue delay, as well as the measures taken or proposed to be taken by the Company.

(2) The Data Controller is not obliged to inform you if:

  • The Data Controller has implemented appropriate technical and organizational protection measures, and those measures were applied to the personal data affected by the personal data breach;
  • The Data Controller has taken subsequent measures which ensure that the high risk to your rights is no longer likely to materialize;
  • It would involve disproportionate effort..

 

Persons to whom your personal data is provided

Art. 16. (1) For the purposes of processing your personal data and fulfilling the contract, as well as to provide the service in its full functionality and in view of your interests, Proof Ltd. may provide your data to third parties processing personal data who comply with all requirements for legality and security in the processing and storage of your personal data. You can get more detailed information about the processors of personal data by contacting us on the contact details provided.

(2) The specified data processors and Controllers comply with all requirements for legality and security in the processing and storage of your personal data and the Company enters into contracts with data processors to guarantee their obligations to protect your personal data.

Art. 17. The Controller does not transfer your data in third countries.

Art. 18. In the event of a breach of your rights under the above or applicable data protection law, you have the right to lodge a complaint with the Data Protection Commission as follows:

Legal name

Commission of personal data protection

Seat and registered office

2 Prof. Tsvetan Lazarov Blvd., 1592, Sofia, Bulgaria

Address of correspondence

2 Prof. Tsvetan Lazarov Blvd., 1592, Sofia, Bulgaria

Telephone number

02 915 3 518

Webpage

www.cpdp.bg

 

Art. 19. You could exercise all your rights related to the protection of your personal data through the forms attached to this privacy notice. Of course, these forms are optional and you could submit your requests in any form that contains a statement to that effect and identifies you as the data subject.

Art. 20. If there is consent for transfer, the Data Controller describes the possible risks for the transfer to third countries in case of lack of decision of an adequate level of protection and appropriate means of protection.

This Privacy notice is adopted on 01.03.2023