PERSONAL DATA PROTECTION POLICY
This Personal Data Protection Policy (sometimes just the Policy) governs the processing of personal data of visitors, users and registered interpreters (collectively the users) on the IDC application installed from the application website - … (the Website), the online software store developed by Google, Google Play, the Apple online store, App Store, according to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter just Regulation 2016/679).
The acceptance of this Policy is connected to the General Terms and Conditions of Use of the IDC application and acceptance of this Policy means you consent to such Terms and Conditions as well.
The provision of mandatory personal data is voluntary in view of using the IDC application available from the Website or accessing the content of the Website. Any refusal to provide the required personal data to use the service on our Website would mean a refusal to use the IDC application.
In certain cases the processing of personal data of users may take place on a different legal basis such as compliance with any legal obligations on our part; the necessity to perform an agreement, etc. In these cases your explicit consent to the processing of personal data may not be required.
In view of any possible changes in the field of personal data the Controller shall take the necessary steps to update this Policy in consideration of which users shall get themselves updated on any changes to this document on the IDC application website at regular intervals.
1. Personal Data Controller
INTERPRETERS DIRECT CONTACT OOD registered in the Commercial Register with Unique ID Code 205918548, having its registered office and place of business at 20 Felix Kanitz St., Sofia, Phone: +359887715639, E-mail: …, registered under the VAT Act with number BG205918548 (Personal Data Controller or just Controller).
The Controller shall determine the purposes and means of personal data processing.
Personal data processing is an activity that is carried out in relation to personal data, including storage, use, recording, organizing, adaptation, transmission, disclosure, combining, erasure, etc.
The Controller shall process personal data of users in accordance with the principles of lawfulness, fairness and transparency based on the conditions set out in this Policy.
2. Types of Personal Data Subjects, Categories of Data Processed, Purposes of Processing, Retention Period
The Controller subdivides data subjects into two categories - 1. Visitors and users of the Website and the Mobile Application, and 2. Registered interpreters. Depending on the data subject category this document specifies the relevant amount of data to be collected and processed for the specific purposes and grounds stated as well as its retention periods.
2.1. Data that can be automatically collected about all categories of persons mentioned above. In certain cases the following personal data categories are automatically collected and processed with respect to all users (unregistered visitors, users and registered interpreters):
- IP address. When you visit the Website our web server automatically recognizes and collects your IP address which is assigned by your Internet Service Provider and does not personally identify you;
- Summary information. The browser you use when you visit the Website (e.g., Google Chrome, Internet Explorer, Mozilla Firefox, etc.); the time you have spent on the Website and which pages on the Website you have visited;
2.2. Data that is collected according to user category.
2.2.1. Visitors and users.
A visitor is any person who loads the Website to their web browser or uses the mobile application.
Data categories that are processed: Location data provided by the visitor; Country/city data based on the IP address of the user device, an integral part of the information each website receives; Information about actions taken by the subject on the Website; Information about the type of browser/device used.
Purposes of processing: Providing basic and additional functions necessary for the proper and complete functioning of the Website.
Retention period: Any information about visitors (unregistered users) shall be temporarily retained until they have loaded the Website content to their devices.
2.2.2. Registered interpreters
A registered interpreter is any person aged over 18 who has registered on the Website and has successfully created an account as a result. With respect to these categories of persons the Controller expressly points out that the Controller does not provide transmission of information through the Website and that the Controller is not responsible for the content of the information retrieved initiating the transmission/retrieval of such information; the Controller does not choose the recipient of the information nor does he choose or change the information transmitted/retrieved.
Mandatory data that is collected about registered interpreters: In addition to the above mentioned personal data collected about all subject categories according to this Policy the Controller requires: Full name, a phone number and an e-mail address.
Optional data that is collected about registered users: professional qualification
Purposes of processing: Providing an information society service - IDC application that enables finding an approximate location without an option for directions (navigation) to an interpreter requested by a user with specification of the interpreter's contact details and the option to hire the interpreter to perform interpretation.
Retention period: Until a free-form request for deletion of a registered account is received from an interpreter to the following e-mail: … (an e-mail for this) as well as in the cases of unilateral removal of an account in the Website system by the Provider when the requirements described in the General Terms and Conditions (an integral part and applicable together with this Personal Data Protection Policy) are met.
Legal basis of processing: With respect to mandatory personal data - the General Terms and Conditions of Use of the IDC application (performance of an agreement with a data subject) and the legitimate interests of the Controller or third persons (in accordance with the above purposes and in pursuance of the national and supranational laws). With respect to optional personal data - the consent of the registered users (provided at their request).
In certain circumstances the Controller may use your personal data in view of protecting its rights and legitimate interests as well as the rights and legitimate interests of third persons, for example in case of a court or out-of-court dispute.
3. Access to your personal data and its protection
We provide access to your personal data to:
- Our employees under an employment agreement or persons hired on the basis of a civil agreement engaged in the work on the Website;
- Persons providing hosting services (servers) to our Website and other technical services for the maintenance of our systems (including their employees and subcontractors), for which purpose we have concluded an agreement with a data processor required by the applicable regulations;
- Professional consultants (lawyers, accountants, etc.), to the extent this is necessary for the fulfillment and protection of our rights and legitimate interests;
- Government authorities upon request on their part in relation to the exercise of their public powers conferred to them by the Bulgarian laws as well as in taking actions to protect our rights and legitimate interests.
To ensure the security of our Website the personal data you provide to us is protected by the SSL (Secure Socket Layer) technology, a method of encrypting personal data. The password you provide upon your registration on our Website is encrypted to ensure protection against unauthorized access to your personal data.
In addition to the above the Controller applies appropriate technical and organizational measures among which: the sustainability of the Website system; the ability to promptly restore the availability and access to personal data in case of a physical or technical accident; the opportunity to train its employees by registering them in a personal data protection course.
In certain cases even if the use of your personal information has ceased as a result of deleting your account by the Controller we may retain an archive of your personal data to the extent this is necessary to protect our rights and legitimate interests for a period until the expiry of any limitation periods provided for in the applicable laws. Generally, these periods amount to 5 years, however, in certain circumstances they may be shorter or longer.
4. Rights of persons falling into all categories of data subjects
Right of access. You have the right to ask us to confirm whether we are processing your personal data and, where that is the case, to obtain this data as well as any additional information;
Right to rectification. If you find out that your personal data we are processing is incomplete or inaccurate you may request that it is rectified or supplemented.
Right to erasure (right to be "forgotten"). You may request us to erase all personal data concerning you.
Right to restriction of processing. In certain circumstances, such as if you doubt the accuracy of your personal data or have objected to our legitimate purpose of processing your personal data, you may want to restrict the processing of your personal data whereby the active use of your personal data shall cease, but without having it permanently erased/destroyed.
Right to data portability. When we process your personal data on the basis of your consent or on a contractual basis and the processing of your personal data is carried out by automated means you have the right to receive the personal data you have provided us in a structured, commonly used and machine-readable format as well as transmit it to another controller or request us to transmit it to another controller.
Right to object. In certain circumstances such as if you doubt our legitimate interest to process your personal data you may object to processing of your personal data on grounds related to your particular situation against such processing in case we carry out this activity on the grounds of legitimate interest or in the performance of a task in public interest.
You may exercise the above-mentioned rights by submitting a request satisfying the requirements of the Personal Data Protection Act. More information about the content and conditions under which you may exercise these rights can be found in the applicable laws in the field of personal data protection. If necessary you may also contact the Controller for assistance.
The contact details of the Personal Data Controller are: Phone: +359887715639, E-mail: …
If you believe we are violating your rights regarding the protection of your personal data you have the right to file a complaint to the competent supervisory authority in the Republic of Bulgaria, the Commission for Personal Data Protection, or to the court.
Any matters not covered by this Personal Data Protection Policy shall be governed by Regulation 2016/679, the Personal Data Protection Act as well as any other relevant regulations.
Cookies are small amounts of information that а web server sends to а web browser enabling the server to collect feedback from the browser. They are stored on your terminal device (such as a computer, laptop, tablet or smartphone). Usually, their purpose is to be able to identify your device and its behavior when visiting our Website. Cookies also make your website browsing experience safer and faster by remembering and sending information about your preferences such as your registration data and language.
The legal basis on which cookies are collected is the provision of the said information society service, the IDC application.
The retention period for cookies on your end device is temporary while you are logged in your account and are deleted the moment you log out of your account. For Website visitors the retention period is until closing the browser used for visiting the Website.
If you do not want to accept cookies and also if you want to remove cookies you can adjust the settings of the browser you are using. You know when and whether your browser receives cookies as it informs you upon your first visit. This enables you to accept or decline session cookies.
Your browser may be set to decline cookies. To find out how to do this visit http://www.allaboutcookies.org/ or the Microsoft Cookie Guide https://support.microsoft.com/en-us/help/260971/description-of-cookies.
You may choose to remove cookies through the options of the browser you are using but you should take into account that this is likely to affect your interaction with the IDC application.
We use the following categories of session cookies, among which for example:
1. Cookies ensuring the system functions properly - these cookies include the session ID as well as some other elements necessary for the proper functioning of the system. They implement functions such as login/logout, user account access, direct the browser on the type of communication protocol as well as prevent attempts of abuse, session hijacking, etc. These cookies are necessary and without them the Website cannot function;
2. Statistics - these cookies function in conjunction with Google Analytics. These cookies track user behavior and other statistical features. If you would like to learn more about them you can find a description of the elements used here: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage#gajs;
3. Personalization and user friendliness - these are cookies that save the last search, preferred interface language (even without login), functions like "Remember me", etc.