Data privacy policy

PRIVACY POLICY OF www.planetarium-sm.org

With these privacy policy rules, we would like to inform you of the conditions under which your personal data obtained during or in connection with a visit to our site https://www.planetarium-sm.org/ or within the framework of any other type of interaction with us, are processed.

Municipal cultural and educational center "Planetarium with Astronomical Observatory" - Smolyan, hereinafter referred to as the Company, is the owner of this website https://www.planetarium-sm.org/

Within the framework of its activity, the Company processes personal data of natural persons according to the current Bulgarian and European legislation, therefore, insofar as it only determines the purposes and means of their processing, it has the status of a personal data controller.

The company has its headquarters and management address in Address: Smolyan 4700, Bulgaria Blvd. 20

You can send your applications, objections, demands, complaints and others in person or through a person expressly authorized by you in writing to the indicated address, as well as electronically, subject to compliance with the requirements of ZEDEP for the use of an electronic signature at the email address info@planetarium-sm .org to the attention of Tsvetelina Gencheva.

 

I. CONCEPTS:

For clarity of the present rules, we bring to your attention some basic definitions in the sense of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons in connection with the processing of personal data and on the free movement of such data and for the repeal of Directive 95/46/EC (General Data Protection Regulation; GDPR) concerning your personal data:

1.1. "personal data" means any information relating to an identified natural person or an identifiable natural person ("data subject"); an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more characteristics specific to the physical, the physiological, genetic, psychic, mental, economic, cultural or social identity of that natural person;

1.2. "processing" means any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or modification, retrieval, consultation, use, disclosure by transmission, distribution or other way in which the data is made available, arranged or combined, restricted, deleted or destroyed;

1.3. "personal data controller" means a natural or legal person, public body, agency or other structure that alone or jointly with others determines the purposes and means of processing personal data; where the purposes and means of this processing are determined by Union law or the law of a Member State, the controller or the special criteria for its determination may be established in Union law or in the law of a Member State;

1.4. "processor of personal data" means a natural or legal person, public body, agency or other structure that processes personal data on behalf of the controller;

1.5. "data subject consent" means any freely expressed, specific, informed and unequivocal indication of the will of the data subject, by means of a statement or clear affirmative action, which expresses his consent to the personal data relating to him being processed;

 

II. PRINCIPLES FOR PROCESSING PERSONAL DATA:

2.1. Legality - we process your personal data in full accordance with the law and for purposes that do not contradict current legal norms.

2.2. Good faith - we process your personal data to the extent that they are necessary only to provide a better experience with our online products and ensure our effective partnership with you;

2.3. Transparency - we do not process personal data in ways that we have not informed you about in these rules and/or expressly in other communications with you and we are open to answering during our normal business hours any questions about your personal data within a reasonable time ;

2.4. Purpose limitation – we only process your personal data for the reasons set out below in section III.

2.5. Minimizing data – we only process your personal data without which the purposes of their processing cannot be achieved;

2.6. Accuracy - we strive to maintain and update the personal data we process as you have provided them to us, corresponding to objective reality;

2.7. Limitation of storage – we store your personal data only to the extent and for as long as the purposes of their processing are fulfilled;

2.8. Integrity and confidentiality - we process your personal data in the manner and under the conditions according to which we received it, while observing strict confidentiality. We do not provide your data to other persons and we do not make them publicly available, except in the cases expressly provided by law or with your express consent.

 

III. BASIS FOR PROCESSING PERSONAL DATA:

Subject to the principles in section II, we process your personal data that we have received from you because:

3.1. you have given us your express, prior consent for this, for purposes for which we have informed you in advance or which you yourself have defined. For example, when we want to keep you up to date with our news, products and campaigns, we will need your consent to receive your email address to send this information to. In other cases where we consider that we have received your consent to process your personal data is for example when you have sent us a letter to the correspondence address or e-mail in which you have indicated personal data yourself because you have deemed it necessary. (Legal basis: Art. 6, par. 1, letter "a" of the GDPR).

In any case of consent received by you to process your personal data on this basis, you can withdraw this consent completely free of charge and at any time by using our contact form or by sending us a letter or message that makes it unequivocally clear, that you have withdrawn the given consent.

3.2. we need your personal data to conclude a contract with you and to ensure its performance. For example, in order to conclude an advertising contract, we will need at least your three names, social security number or other identifier, if applicable, address on an identity card, contact information (Legal basis: Art. 6, par. 1, letter " b" of GDPR);

3.3. legislation obliges us to collect certain personal data about you in fulfillment of our statutory obligations. For example, if you are our employee, in fulfillment of our duties as an employer, we should process additional information to ensure appropriate conditions according to the requirements of occupational medicine (Legal basis: Art. 6, par. 1, letter "c" of the GDPR);

3.4. we need your personal data to protect your vital interests or those of another natural person. For example, in the case of a wanted person or protection of the rights of third parties on the occasion of comments made by you within some of our materials (Legal basis: Art. 6, par. 1, letter "d" of the GDPR);

3.5. the processing of your personal data is necessary for us to perform a task of public interest or in the exercise of official powers granted to us by a public body (Legal basis: Art. 6, Par. 1, letter "e" of GDPR);

3.6. the processing of your personal data aims to protect our legitimate interest or that of other persons, insofar as these interests do not prevail over your fundamental rights and freedoms. An example of such processing is claims made against us by third parties in connection with your comments under our publications or protection of our rights before state and judicial authorities in connection with your contractual or non-contractual behavior that has resulted in damage to our rights and interests ( Legal basis: Article 6, paragraph 1, letter "f" of the GDPR).

 

IV. PERIOD OF PROCESSING AND STORAGE:

We store your personal data for the reasons specified in section III for the maximum periods permitted by law, depending on the specific case and the type of data to which it relates. Unless a longer or shorter storage period is provided for in a regulatory act, we store your personal data for a period not longer than 5 years according to the general statute of limitations under the Obligations and Contracts Act.

In some cases, legislation requires longer storage periods, such as accounting regulations. In other cases, for example when submitting documents for applying for a job with us, the legislation provides for a maximum period of 6 months for the storage and processing of the received personal data on submitted applications.

In cases of legal disputes, we store your data for up to 5 years after their conclusion.

 

V. YOUR RIGHTS:

5.1. At any time, you can request information and assistance regarding your personal data processed by us through the contact information indicated above and request your preferred method of receiving it. We will respond to you no later than one month after receiving the corresponding request on your part in the way you stated, as far as this is possible. Depending on the specific type of request, we may need additional information to verify your identity, which we will notify you of in due course.

5.2. At any time, you have the right to ask us to confirm whether we are processing your personal data and, if so, to provide you with information about:

a) the purposes of processing;

b) relevant categories of personal data;

c) the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organizations;

d) when possible, the intended period for which the personal data will be stored, and if this is impossible, the criteria used to determine this period;

e) the existence of your right to require us to correct or delete personal data or to limit the processing of personal data relating to you, or to object to such processing;

f) your right to appeal to a supervisory authority, which for Bulgaria is the Commission for the Protection of Personal Data and its contact details are specified in section X;

g) when the personal data are not provided by you, any available information about their source;

h) whether there is automated decision-making, including profiling, together with material information about the logic used, as well as the meaning and intended consequences for you of this processing.

5.3. At any time, you may ask us to correct, without undue delay, your personal data that is inaccurate and/or incomplete.

5.4. We guarantee your right to request that we delete your personal data without undue delay insofar as:

a) the personal data are no longer necessary for the purposes for which they were collected or otherwise processed;

b) you have withdrawn your consent on which the data processing is based and there is no other legal basis for the processing;

c) object to the processing at any time and on grounds related to your particular situation insofar as it is necessary for the performance of a task in the public interest or in the exercise of official powers granted to us or the processing is necessary for the purposes of our legitimate interests or to a third party, except when your interests or fundamental rights and freedoms that require the protection of personal data take precedence over such interests, in particular when you are a child.

A necessary condition for honoring your request in this case is that there are no overriding legal grounds for the processing of your data, or that you have objected to the processing of your data for direct marketing purposes;

d) the personal data were processed unlawfully;

e) the personal data must be deleted in order to comply with a legal obligation under the law of the European Union or the law of a Member State that applies to us;

f) the personal data were collected in connection with the provision of information society services to persons under 16 years of age.

5.5. You have the right to ask us to restrict the processing of your personal data to the extent that:

a) dispute the accuracy of the personal data, for a reasonable period of time that allows us to verify the accuracy of the personal data;

b) the processing is unlawful, but you do not want your personal data to be deleted, but instead want to restrict its use;

c) we no longer need the personal data for the purposes of processing, but you need them for the establishment, exercise or defense of legal claims;

d) you have objected to the processing according to article 5.4., letter c) pending verification of whether our legal grounds take precedence over your interests.

5.6. We have a legal obligation to notify you in any case of correction or deletion or restriction of the processing of your personal data.

5.7. You have the right to receive your personal data in a structured, widely used and machine-readable format and to request that we transfer that data to another controller insofar as this does not prevent us, provided that we have received your personal data on the basis of your consent to processing or for the performance of contractual obligations and we process this data in an automated manner.

5.8. You can object at any time and on grounds related to your particular situation to the processing of your personal data, insofar as the processing is necessary for the performance of a task in the public interest or in the exercise of official powers granted to us or the processing is necessary for the purposes our legitimate interests or those of a third party, except where your interests or fundamental rights and freedoms that require the protection of personal data take precedence over such interests, in particular when you are a child, including profiling. In this case, we will stop processing your personal data, unless there are compelling legal grounds for the processing that take precedence over your interests, rights and freedoms, or are related to the establishment, exercise or defense of legal claims.

5.9. You have the right at any time to object to the processing of your personal data for direct marketing purposes, and the processing is terminated from the moment of receipt of your objection.

You should keep in mind that the exercise of your rights under this section is not absolute and may be denied to you if, under the conditions provided by law, exercising them would create a risk for:

  1. national security;
  2. the defense;
  3. public order and security;
  4. the prevention, investigation, detection or prosecution of crimes or the enforcement of penalties, including the prevention of and prevention of threats to public order and security;
  5. other important purposes of broad public interest and in particular important economic or financial interest, including monetary, budgetary and tax matters, public health and social security;
  6. the protection of the independence of the judiciary and judicial proceedings;
  7. the prevention, investigation, detection and prosecution of violations of ethical codes in the regulated professions;
  8. Your protection or the rights and freedoms of others;
  9. enforcement of civil claims.

To exercise your rights under this section, you must send us a written request at the above address or email address.

 

VI. THE PERSONAL DATA WE PROCESS:

6.1. Identification data: the three names, uniform civil number or personal number of a foreigner, permanent address - we mainly process these data when entering into contractual relations with you;

6.2. Other data:

  • information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including media plans, e-mail, letters, information about your requests for troubleshooting, complaints, requests, complaints; feedback we receive from you;
  • personal contact details - contact address, telephone number and contact information (email, telephone number);
  • preferences for the services we provide to you;
  • IP address when visiting our website;
  • profile data in social networks, data provided when participating in games, raffles and/or other seasonal or promotional campaigns organized by us, including through social networks;
  • activity data – data that is processed on the network to account for user preferences.

We may process information about you from other legal sources in order to provide you with quality services. Such sources are information from our partners (in case you have consented) or publicly available information.

This information includes:

  • contact details for you;
  • publicly available information such as information contained in public registers, media publications, information made public by authorities.
  • In all cases where we have not received personal data personally from you, when making contact with you, we inform you from where and what personal data we process.

In all cases where we have not received personal data personally from you, when making contact with you, we inform you from where and what personal data we process.

 

VII. SECURITY OF YOUR DATA:

To ensure adequate protection of your data, we apply all organizational and technical measures at our disposal, given the level of technical progress and the assessment of the risks of affecting their security.

In order to prevent accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data transferred, stored or otherwise processed, we have taken measures such as encryption, pseudonymisation, established procedures for regular testing, assessment and evaluation of the effectiveness of technical and organizational measures. We implement mechanisms to promptly restore the availability and access to personal data in the event of a physical or technical incident, etc.

Despite the measures taken, if the security of your data is nevertheless violated, which constitutes a high risk for your rights and freedoms, we will inform you about this, as well as about the measures taken by us, as soon as possible.

 

VIII. COOKIES:

Cookies are small text files that a website can save on your computer or mobile device when you visit a page or site. A cookie will help the site or other sites recognize your device the next time you visit it.

Cookies perform many different functions. For example, they help us analyze how well our sites are performing, show you ads we believe are relevant to your interests, or allow us to recommend content we think you'll find interesting.

The cookies we use are anonymous and do not contain any personal data.

More about cookies, as well as ways to refuse the use of cookies on your device, can be found in our Cookie Policy.

 

IX. DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES:

We only disclose your personal data to:

9.1. government bodies, institutions and persons to whom we are obliged to provide personal data by virtue of law;

9.2. persons who by assignment maintain equipment, software and hardware used to process personal data, employees of the Company, lawyers, accountants or other persons who by assignment or by virtue of law have access to your personal data processed by us. All of these individuals have concluded confidentiality agreements with us and have accepted our internal security rules for processing personal data;

9.3. our partners who work on behalf of the Company on a contractual basis and help us provide you with our services and with whom we have agreements to preserve the confidentiality of information and protect personal data.

9.4. We use service providers to process personal data for some purposes, such as measuring and tracking user behavior on our sites, sending email messages, sharing content

9.4. We use service providers in the processing of personal data for some purposes, such as measuring and tracking user behavior on our sites, sending email messages, sharing content from users, logging in with a social network profile, etc. These companies are (non-exhaustively):

9.4. We use service providers in the processing of personal data for some purposes, such as measuring and tracking user behavior on our sites, sending email messages, sharing content from users, logging in with a social network profile, etc. These companies are (non-exhaustively):

  • Google (with Google Analytics, Google Tag Manager, DoubleClick for Publishers, AdX, AdSense, AdWords, Google Plus): https://privacy.google.com
  • YouTube: https://support.google.com/youtube/answer/2801895?hl=en-GB
  • Twitter widgets: https://twitter.com/en/privacy


X. COMPETENT AUTHORITIES FOR THE PROTECTION OF PERSONAL DATA:

For a complaint, you have the right to contact the Commission for the Protection of Personal Data, which is located in Sofia, 1592, Prof. Tsvetan Lazarov Blvd. No. 2, phone: +3592/91-53-518, e-mail: kzld@cpdp.bg ,

The deadline for submitting a complaint to the Commission is 6 months from learning of the violation, but no later than two years from its commission.

The current content of this privacy policy is posted on each of our sites and reflects any changes we have made to them.