Personal Data Management Policy

 

Objective of the Personal Data Management Policy

Personal data collection related to the main activity of Balkantel Ltd.

In order to prepare an offer, draft a contract, contract implementation or in the context of other relationships, we, Balkantel Ltd. process personal data in order to provide the requested by the customers products and services and which Balkantel Ltd. manufactures and provides, both to fulfill all its obligations and to benefit from the rights as per the legislation.

 

Processing of personal data is carried out with the purpose of:

  • establishing the identity of the client during all stages of communication;
  • managing and executing client queries for products or services executing product and service contracts;
  • drawing up proposals for contract conclusion;
  • preparing and sending bills/invoices for products and/or services manufactured and provided by Balkantel Ltd.;
  • providing the necessary overall customer service as well as collecting the due amounts regarding the received products and services;
  • provision of technical maintenance in order to provide products and services of highest level of quality, as agreed;
  • any technical assistance in order to maintain the quality of the products and services of Balkantel Ltd.;
  • drafting proposals for contracts and conclusion of contracts, sending courier services with renegotiated information and draft contracts until achieving a contract;
  • notification about anything related to the products and services received by customers from Balkantel Ltd., sending various notifications, notification of problems, discrepancies, errors, or answering to requests, complaints, suggestions, etc. submitted by customers;
  • client history analysis and user profile design to determine the most appropriate offer from Balkantel Ltd.; and this account shall not be provided to third parties except in the performance of regulatory obligations as described below;
  • to identify and/or prevent unlawful or contradictory actions with established conditions for the products or services concerned;
  • assessment and measurement of the effectiveness of Balkantel Ltd., as well to offer an advertising content, adequate to the needs of customers;
  • research and analysis of customer demand for products or services based on anonymous or personalized information to identify major trends, improve customer understanding, and collaborate with third parties to provide new products or services for our customers;
  • processing by data processor when entering into a contract, assignment, reporting, acceptance, payment.

 

To meet regulatory obligations:

Balkantel Ltd. processes personal identification data, details for offer preparation, contracts, invoices, stock receipts, bills and other personal data in order to comply with obligations provided for in a regulatory act, such as:

  • obligations to provide information to state control bodies;
  • provision of information to the Commission for personal data protection in relation to obligations under the legislation on personal data protection, such as the Personal Data Protection Act, Regulation (EC) 2016/679 of 27 April 2016 and others;
  • obligations stipulated in the Accountancy Act and the Tax and Social Security Procedure Code and other related regulatory acts in relation to the keeping of correct and lawful accounting;
  • provision of information to the court and third parties, in court proceedings, in accordance with the requirements of procedural and substantive legal acts applicable to the proceedings;

 

After Client’s approval:

Balkantel Ltd. processes personal data only after prior consent. Consent is a separate ground for processing the personal data of the data subject and the purpose of the processing is specified therein and is not covered by the objectives listed in this policy. In the event that consent is given and until it is withdrawn or terminated in any contractual relationship:

  • Balkantel Ltd. prepares customer-friendly proposals on the products or services of Balkantel Ltd., and as well performs detailed customer data analyzes;
  • Suitable proposals for products or services from partners of Balkantel Ltd. are prepared for the customers, as the personal data processing is being part of this process.

 

Type of personal data processed by Balkantel Ltd.:

Main personal data includes names, gender and age group, address (permanent address).

  • full name, personal identification number or personal number of a foreigner, permanent address;
  • data related to electronic communications services;
  • data for the preparation of bids, contracts, invoices, receipts and other documents as well as proof of their reliability; data processed in electronic communications networks, e-mails, letters, information on troubleshooting requests, plaints, requests, complaints;
  • information about the type and content of an offer, a marketing study or proposal, a contractual relationship, and any other contract-related information, including call records;
  • other feedback received from customers;
  • personal contact details: contact address, phone number and contact information (email, phone number);
  • video recordings made with the purpose to improve the security of Balkantel;
  • marketing preference studies for the products or services we produce or provide;
  • credit or debit card information, bank account number or other bank and payment information related to payments made to Balkantel Ltd.;
  • customer ID, code, or other identifier created by Balkantel Ltd. for customer identification;
  • data provided through the company’s website or through mobile applications;
  • information about end-to-end electronic communications devices used, device type, used operating system, IP address when visiting our website;

When processing personal data and the other described data for the purpose of providing products and services, for their payment, for the implementation of customer orders for products or services, and in order to fulfill our statutory obligations, such processing is mandatory for the performance of these objectives. Without this data, we could not provide the relevant services. In the event that we are not provided with the identification data we could not enter into a product or service contract;

 

Consent for personal data provision:

Data processing agreements provided by data subjects may be withdrawn at any time. Withdrawal of consent has no effect on the performance of contractual obligations of Balkantel Ltd., if this withdrawal does not concern the performance of agreed activities. In any case where the withdrawal of personal data will affect the performance of activities agreed between the data subject and Balkantel Ltd., the data subject shall be informed how far this will affect the agreed activities, even if this withdrawal may terminate the contracted activities for which the data subject shall be notified.

If the data subject withdraws his / her consent to the processing of personal data for any or all of the ways described above, Balkantel Ltd. will not use personal data and information for the purposes set out above. Withdrawal of consent does not affect the lawfulness of consent-based processing prior to its withdrawal.

Balkantel Ltd. has large portfolio of products and services available. When giving consent to data processing, this consent applies to all products and services that the customer uses.

Withdrawal of personal data when is related to the preparation of offers, conclusion of contracts, preparation of documents may lead to the impossibility to the performance of these actions. For any withdrawal of personal data, the data subject will be notified to what consequences it may lead, according to customer relationships with Balkantel Ltd.

In order to withdraw a given consent, it is necessary to notify Balkantel Ltd. by the publicly known contact details relating to the personal data management.

 

Grounds for collection, processing and storage of your personal data

The basis for the processing of personal data is Article 6, Paragraph 1 of Regulation (EU) 2016/679.

By adopting the general terms and conditions of this policy when submitting to the controller information, containing personal data or upon conclusion of a written contract between the data controller and the data subject, a contractual relationship is created on the grounds of which the controller processes personal data, namely: Article 6, Paragraph 1, b. (b) of the Regulation. The data for sending newsletters, newsletters, marketing information, etc. are processed on the basis of the explicit consent given by the data subject – Article 6, Paragraph 1, b. (a) of the Regulation.

Basis for the data processing: You have given explicit consent to the processing of your personal data for one or more specific purposes – Article 6, Paragraph 1, b. (a) of GDPR.

The controller shall not collect or process any personal data that pertains to the following:

  • disclose racial or ethnic origin;
  • disclose political, religious or philosophical beliefs, or membership in trade unions;
  • genetic and biometric data, data on sexual life or sexual orientation;
  • Data for persons under the age of 16 years, except with the explicit consent of their parents or legal representatives.

 

Basic terms in the personal data management policy

 

Electronically collected and processed data: data processed in an electronic communications network for the purpose of transmitting, distributing or exchanging electronic content, including data used to track and identify the source and destination of the communication, location data and device type generated in the context of the provision of electronic communications services, as well as date, time and type of communication.

Data analysis: detailed analysis is an analysis method that allows the processing of large volumes of data through statistical models and algorithms and others, which involve the use of network and personal data as well as the processes of aliasing and anonymizing them in order to retrieve information about trends and different statistical indicators.

Partner/s: these are companies with which Balkantel Ltd. has concluded partnership agreements and which provide various products and services.

 

Legitimate interest

Balkantel Ltd. uses personal data for identification, preparation of offers, invoices, bills, and any other documents related to our legitimate interest to conduct a basic analysis in order to tailor the products or services we offer to individual customer needs and to offer new products / services satisfying them.

 

Processing of anonymized data

In rare cases, Balkantel Ltd. processes personal data for static purposes, this means for analyzes where the results are only generalizing and therefore the data are anonymous – for example, in order to evaluate our market performance, our financial indicators, marketing information, etc. Identifying a specific person from this information is impossible.

 

Use of automated algorithms

For the processing of personal data, we use partially automated algorithms and methods to constantly improve our products and services in order to ensure our customers’ privacy at Balkantel Ltd., for adapting our products and services to customer needs in the best possible way or for calculating commercial and other discounts. This process is called profiling. Balkantel Ltd. uses partially automated algorithms to determine client rating by performing initial and / or ongoing client ratings. For these purposes, Balkantel Ltd. uses client master data. The processing algorithm aims to provide assessment of customer commercial and other discounts. This partial automated processing is performed using data analysis.

 

Personal data protection

To ensure adequate data protection for company employees and the personal data of their customers and partners, Balkantel Ltd. shall apply all necessary organizational and technical measures provided for in the Personal Data Protection Act, as well as best practices, etc.

The company has implemented structures on prevention of security abuses and breaches, as well has designated a data protection officer as well and a team for data protection, who support the processes on data protection and ensure the data security.

For the purpose of maximum security in the processing, transfer and storage of personal data, additional security mechanisms such as encryption, pseudonymisation, etc. can be used.

After the termination of the contract, as a rule in Balkantel Ltd., the use of personal data for the purposes of the contractual relationship is terminated, but the data are not erased, prior a two years expired period from the contract termination or of the final settlement of all financial obligations and expiration of  the statutory obligations for data storage such as obligations under the Electronic Communications Act, storage and provision of information for the purposes of detecting and investigating crimes, obligations (6 months), under the Accounting Act for the storage and processing of accounting data (11 years), the expiry of the statutory limitation periods (5 years) laid down in the Law on Obligations and Contracts, the obligation for information provision to the court, the competent governmental bodies and on other grounds,  provided for in the current legislation or the  laws concerning employment relationships (50 years).

In applying this policy, it is accounted that personal data will not be erased or anonymized if they are necessary for pending juridical proceedings, administrative proceedings or proceedings to deal with your complaint in front of us.

In some cases, personal data can be anonymized. Anonymisation is an alternative to data erasure. In the case of anonymisation, any personal identifiable elements/ elements allowing the identification of the data subject are irrevocably erased. There is not a legal obligation for the erasure of the anonymized data because they do not constitute personal data /the data anonymisation is performed by replacing the personal data by an anonymized identifier of the data subject – for example, replacement of the names by a numeric-alphanumeric identifier/.

 

Possibility of transfer of personal data to third parties

Balkantel Ltd. provides personal data to third parties in exceptional cases, the main purpose being to offer quality, fast and comprehensive service. We do not provide personal data to third parties before to be assured that all technical and organizational measures have been taken to protect these data and strict controls are in place to meet this goal. In this, Balkantel Ltd. remains responsible for the confidentiality and security of your data.

Balkantel Ltd. provides personal data to the following categories of receivers (personal data controllers):

Persons, data processors from the name of Balkantel Ltd.:

  • companies – credit agencies;
  • collecting and/or debt-collecting companies – debt collection agencies, credit agencies, guarantors or other means, servicing and collection of receivables;
  • postal operators with a view to sending items containing contracts, supplementary agreements and other documents and the need to certify the identity when they are served;
  • persons, assigned to maintain the equipment, software and hardware used for the personal data processing and needed to build the company’s network and for the performance of various services of accounting, payment of services and products, technical support, etc.;
  • persons providing service support to terminal devices, assisting Balkantel Ltd. in the sale of products and services and in customer service before and during the term of the contractual relationship;
  • installers – for installation or maintenance of devices on the territory or for Balkantel Ltd.;
  • persons hired by Balkantel Ltd. under a civil contract, assisting the processes of sale, logistics, delivery, etc.;
  • bodies, institutions and individuals to whom Balkantel Ltd. is obliged to provide personal data under current legislation;
  • competent bodies which by virtue of a legal act have the power to request the provision of information including personal data such as courts, prosecutor’s office, various regulatory bodies such as the Commission for consumer protection, the Communications Regulation Commission, the Commission for Personal Data Protection, bodies with powers to protect national security and public order;
  • providers of electronic authentication services where a document related to the provision of a product or service is signed with an electronic signature;
  • banks for issuing cards and servicing payments, including salaries, down payments and other fees and emoluments;
  • security companies holding a license to perform private security activities in connection with the provision of access and / or provision of the admission regime in the sites within the territory of Balkantel Ltd.;
  • persons providing services for organisation, storage, indexing and destruction of archives in paper and / or electronic form;
  • persons performing consultancy services in different areas.

 

Cookies

In its Website and related sites, together with the above personal data, Balkantel Ltd. uses cookies to form commercial and other similar offers to the site visitors in a convenient way. The HTTP cookie, called in general “cookie”, is a packet of information sent from a web server to an Internet browser, and then returned by the browser each time it has access to that server. “Cookies” may contain any information selected by the server and are used to support the status of HTTP transactions that are otherwise “without state”. Typically, they are used to authenticate a registered site user as part of the login process or initial site / site registration, and the user does not need to re-enter a username and password at any subsequent access to the site / sites. Other cookies uses may be to maintain a “shopping cart” for selected goods” for purchasing from a site / sites during one session, to personalize the site / sites (display different pages for different users), and to track access of individual users to a site). Some cookies remain stored on the user end device until they are deleted. They enable Balkantel Ltd. to recognize the user browser again on the next visit. If you do not wish to do so, you can set up your browser to be informed about cookies and allow them to be used only in individual cases. Disabling cookies may limit the functionality of our web page.

 

Web analytics

The website/sites of Balkantel Ltd. use the service Google Analytics* – web analytics service of Google LLC, Mountain View, CA 94043 USA (“Google”). Google Analytics uses cookies. The collected information through Google Analytics’ cookie about the way that users use the website / sites is generally referred to Google’s IT infrastructure in USA and is stored there. The data processing is performed on the basis of the legal provisions of § 96, para.3 of the Telecommunications Act of Austria, as well as of Art.6, para.1, (a) (prior consent) and/or (f) (legitimate interest) of the Regulation. Within the meaning of the Regulation (legitimate interest), the task of Balkantel Ltd. consists in the improvement of the commercial proposals and the web presentation of the site/sites of Balkantel. The users’ data (IP address) used by these Google Analytics’ “cookies” are pseudonymised. In this process is erased the last octet (the last three digits) of your IP address. Consequently, it is possible to be made only rough localization, thus allowing the personal data of the users of Balkantel Ltd. site (s) to be protected under the requirements of the Regulation.

In the event that the users of the Balkantel Ltd. ‘site (s) want to prevent Google from analyzing the data, the following settings should be performed:

 

Google Conversion Tracking

Google Conversion Tracking allows us and Google to recognize that someone has clicked on our Google ad and then has been redirected to our site. However, we cannot see which other web pages you have loaded. The information gathered through Google Conversion Tracking is solely for the purpose of compiling statistics on the success and use of our AdWords advertising campaigns. However, we do not collect or receive information allowing users to be personally identified.

It is possible that the site / sites of Balkantel Ltd. contain links redirecting to the web page of other sites. These links serve as an online presentation of the newsletter, but also provide an opportunity to stop receiving it and do not participate in the process of managing personal data.

 

Encryption

We take technical and organizational security precautions to protect your data from unwanted intrusions and access to the greatest possible extent. Along with securing our information infrastructure, cryptographic methods are used in all sections. To prevent your personal data from being misused from third-party, the information you have provided is transferred and verified in encrypted form using the SSL (Secure Socket Layer) protocol. You can recognize this in your browser’s progress bar on the padlock symbol, which is locked and the Internet address starts with https.

Modern sites use different systems to analyze and improve the delivery of goods and services to users, and it is not possible to describe them in detail. If you have any concerns about the information that is collected from our site, we recommend that you use the Incognito browser option of Google Chrome or Private Browsing of Firefox.

 

Information about the data controller:

Balkantel Ltd. is a commercial company, duly registered in accordance with the requirements of the Bulgarian legislation, with headquarters and address for correspondence: 68 Bratya Bukston Blvd., 1618 Sofia, Bulgaria, Balkantel Building, Phone: +359 2 8500430, e-mail: mail@balkantel.net

Information on the competent supervisory authority:

Name: Commission for personal data protection.

Headquarters and address for correspondence: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592.

Phone: (+359-2) 915 3 518

Web page: www.cpdp.bg

 

Personal data subjects’ rights in relation to the processing of personal data

Right to access to information

The data subjects shall have the right to request:

  • The data subject shall have the right to obtain information as to whether or not personal data are being processed, information about the purposes of the processing, about the categories of data concerned and about the recipients or categories of recipient to whom the personal data have been disclosed;
  • Notification in a structured, comprehensible form containing the personal data of the data subjects being processed as well as any available information about their source;
  • information about the logic of any automated processing of personal data relating to you, at least in the case of automated decision-making /for example when creating a client profile or preparing marketing information/.

 

Right to rectification:

In case that Balkantel Ltd. processes incomplete or inaccurate/erroneous data, the data subject shall have the right at any time to request:

  • to obtain erasure, rectification or blocking of personal data the processing of which does not meet the requirements of the law;
  • to require third parties to whom personal information has been disclosed to be notified of any erasure, rectification or blocking, except where this is impracticable or involves inappropriate effort.

 

Right to objection:

At any time, data subjects shall be entitled to:

  • object to the processing of personal data where there is a legitimate reason for doing so and where the objection is justified, the personal data of the data subject concerned can no longer be processed;
  • object against the processing of personal data for marketing purposes.

 

Right to restriction of processing:

The data subject shall have the right to obtain restriction of processing where one of the following applies:

  • the data subject contests the accuracy of the data, for the period within which the personal data verification is performed;
  • the processing of the personal data is without legal basis and until then the data subjects may request restriction of processing;
  • when data subjects have objected to processing pending the verification whether the grounds of Balkantel Ltd. are legitimate.

 

Right to data portability*:

The data subject shall have the right to receive the personal data concerning him or her, which they have provided to Balkantel Ltd. in a structured, commonly used and machine-readable format, if:

  • the processing is based on consent pursuant to the declaration of consent, that may be withdrawn or on any other contractual obligation;

 

Right to lodge a complaint:

In the event that a data subject considers that Balkantel Ltd. violates the applicable regulations, he may contact Balkantel Ltd. to clarify the issue. However, data subjects have the right to lodge a complaint with the Commission for Personal Data Protection.

All requests for access to information or for rectification shall be submitted either personally or by an explicitly authorized, by the data subject person, by a notarized power of attorney. An application may also be submitted electronically, in accordance with the Electronic Document and Electronic Signature Act.

All requests for access to information or for correction shall be submitted either personally or by a person expressly authorized by the person subject to the personal data, by a notarized power of attorney. An application may also be made electronically, in accordance with the Electronic Document and Electronic Signature Act. Balkantel Ltd. shall pronounce on a duly filed request within a period of 30 /thirty/ days of its submission. For an objectively needed longer period – in order to collect all the requested data and if the request seriously hinders Balkantel Ltd., this period may be extended to no more than 90 /ninety/ days from the submission of the application. By the decision of Balkantel Ltd. is granted or denied access and/or requested by the applicant information, but the decision will always be motivated.

For the abovementioned activities contact at e-mail address mail@balkantel.net is applicable. In the event, that a data subject considers that the processing performed by Balkantel Ltd. violates  the current legislation on  data protection or the right of personal data protection, there exist also the possibility to lodge a complaint with the competent supervisory authority /Commission for Personal Data Protection/.

 

Updates and changes to the Policy on personal data protection

In order to apply current protection measures and to comply with the current legislation, Balkantel Ltd. assumes the responsibility for updating this Policy on personal data protection in the event of a change in the legislation or circumstances that it concerns.

 

This Policy on personal data protection has been updated for the last time on May 30th, 2018.