GENERAL TERMS AND CONDITIONS OF PERSONAL DATA PROTECTION
ONLINE PLATFORM “VIRTUAL CONGRESS VENUE”
BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE, Association (BAPES), UIC 115782273, part of the Institute for Rare Diseases (IRD) and as the owner of the online platform ” VIRTUAL CONGRESS VENUE ” organizational measures to protect your personal data from unauthorized use.
The subject of activity of the association is: cooperation with local and foreign organizations with related subject of activity, through which: exchanges experience in the field of education and science; exchanges specialized literature; promotes the achievements of Bulgarian science; attracts international experts for comprehensive assistance in the field of education and science, protection and upholding the rights and legitimate interests of the members of the Association, promoting the activities of the BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE and attracting public interest and support, achieving the goals specified in the Statute of Association, organizes and participates in public and scientific forums in the country and abroad on issues of education and science, interacts with public authorities, public organizations and related legal entities in the country and abroad; to be a member of international non-profit organizations with related goals and subject of activity, encourages the use of information and communication methods, creates and stimulates connections and mediates between academic, educational and research institutions and industrial (production), technological, development and commercial companies for providing access to knowledge and innovation, transfer of know-how, improvement and development of practical applications and accelerated implementation of scientific and didactic achievements in practice, provides full, partial, periodic or one-time scholarships to improve training and professional qualification of individuals, according to their goals and tasks. To actively search for and research, systematize, present and popularize the achievements and experience in the field of science and education. To register, describe and catalog the achievements, merits and role of scientists and educators at home and abroad.
With this Policy, the management of BAPES declares that it will make efforts to ensure the protection of personal data of individuals in connection with the processing of their personal data, in accordance with their fundamental rights and freedoms, and in particular – the right to protection of personal data. , in accordance with the requirements of ” Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data” (GDPR), as well as and the current legal norms for the Republic of Bulgaria – Personal Data Protection Act (PDPA) and its bylaws.
І. TERMS AND DEFINITIONS USED
Art. 1. For the purposes of this Policy:
- “Personal data” means any information relating to an identified natural person or identifiable person (data subject). The natural person may be identified, directly or indirectly, by an identifier such as name, identification number, location data, online identifier, by one or more characteristics specific to the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity of the individual. this individual.
- “Processing of personal data” means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmitting, distributing or otherwise making the data available, arranging or combining, restricting, deleting or destroying it.
- “Register of personal data” means any structured set of personal data accessed according to certain criteria, whether centralized, decentralized or distributed according to a functional or geographical feature.
- “Administrator” means the specific legal entity“ BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES), which independently or jointly with others determines the purposes and means for the processing of personal data.
- “Processor of personal data” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.
- “Recipient” means a natural or legal person, public authority, agency or any other body to which personal data are disclosed. However, public authorities which may receive data in the framework of a specific investigation in accordance with Union or Member State law shall not be considered as “recipients”.
- “User Content” means any text, file, image, website address or other material that the USER has on a BAPON Server, including, but not limited to, by posting comments and opinions on information resources located on the Website and / or content in your user profile, in order for them to be accessible through the respective Website for all other Users..
- “Website” is the designated place on the global Internet, accessible through its unified address (URL) via HTTP or HTTPS and containing files, programs, text, sound, picture, image, electronic links or other materials and resources.
- “Website” is a part of a Website, which may be composite or separate.
- “Link” is a link marked on a specific Internet page, which allows automated redirection to another Internet page, information resource or object through standardized protocols.
- “Information system” means a device or system of connected devices which or any of which is intended to store, send or receive electronic documents.
- “Server” means a device or system of connected devices on which or any of which is installed system software to perform tasks related to the storage, processing, reception or transmission of information.
- “IP address” is a unique identification number that associates a computer or other device, website or resource of the USER in a way that allows them to be located on the global Internet.
- RSS (Really Simple Syndication) – An XML language used to share and exchange information between websites through headlines or summaries of content and a link leading to the original source of information.
- “Malicious actions” are actions or omissions that violate Internet ethics or harm individuals connected to the Internet or associated networks, sending unsolicited mail (SPAM, JUNK MAIL), channel overflow (FLOOD), gaining access to resources with others rights and passwords, use of deficiencies in systems for one’s own benefit or information retrieval (HACK), carrying out actions that may qualify as industrial espionage or sabotage, damage or destruction of systems or information files (CRACK), sending “Trojan horses” or inducing the installation of viruses or remote control systems, disrupting the normal operation of other Internet users and associated networks, performing any actions that may qualify as a crime or administrative violation under Bulgarian law, or under another applicable law.
- “Cookies” are small text files that are loaded in the browser and stored on your end device. They are harmless and are used to keep the site easy to use. Some cookies remain stored on your device until you delete them. They allow us to recognize
ІІ. OBJECTIVES AND SCOPE OF THE POLICY
Art.2. With this Policy we adopt the main objectives of the Regulation (GDPR):
- To lay down the rules regarding the protection of individuals with regard to the processing of personal data, as well as the rules regarding the free movement of personal data.
- To protect the fundamental rights and freedoms of individuals, in particular their right to protection of personal data;
- The free movement of personal data within the European Union should not be restricted or prohibited for reasons related to the protection of individuals with regard to the processing of personal data.
Art.3. The personal data protection policy of the BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE (BAPES) aims to:
- To comply with the applicable legislation regarding the protection of personal data and to follow the established good practices;
- To prescribe the mechanisms for keeping and maintaining the accounting registers, to determine the appropriate level of personal data protection, to envisage technical and organizational measures for personal data protection;
- To determine the responsibilities and obligations of the persons processing personal data and the persons who have access to personal data and work under the guidance of the controller;
- To inform individuals for the purposes of personal data processing, recipients or categories of recipients to whom the data may be disclosed, the mandatory or voluntary nature of the provision of data, information on the rights of individuals in relation to their personal data.
Art.4. The scope of the Policy follows the material and territorial scope of the Regulation (GDPR):
- The policy applies to the processing of personal data in whole or in part by automatic means, as well as the processing by other means (electronic, paper or other media).
- The policy applies to the processing of personal data in the context of the activities of the BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE (BAPES) at the place of establishment of the Administrator (Republic of Bulgaria), regardless of whether the processing takes place in the European Union or not.
- The policy does not apply to the processing of personal data of an individual in the context of a purely personal or household activity.
III. OBLIGATIONS OF THE PERSONAL DATA ADMINISTRATOR – “BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES)
Art.5. The duties of the controller of personal data include:
- Adoption of internal rules and instructions for personal data processing;
- Maintaining registers of personal data processing activities;
- Risk assessment based on: the nature, scope, context and purposes of treatment; the possible risks to the rights and freedoms of individuals and their likelihood and severity; the consequences for the rights and freedoms of individuals;
- Impact assessment (where there is a likelihood of a high risk to the rights and freedoms of individuals); periodic updating of the impact assessment;
- Determining the appropriate level of protection;
- Prescribing and implementing specific measures for personal data protection, according to the specifics of the kept registers and the determined level of protection.
As an administrator, the BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE (BAPES) introduces the necessary technical and organizational measures for personal data protection to ensure an adequate level of protection, which corresponds to the nature of the processed personal data and the impact of breaches of protection them.
- Carrying out control over the observance of the requirements for protection and undertaking measures for elimination of the violations in case of violation of their protection;
- Notifying the supervisory authorities about breaches of personal data security, and informing the data subjects about such breaches;
- Assisting in the implementation of the control functions of the Commission for Personal Data Protection.
- Achieving compliance with the requirements of the Regulation (GDPR) – accountability.
IV. PROCESSING OF PERSONAL DATA IN THE BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE (BAPES)
Art.6. When processing personal data, we apply the principles of the Regulation (GDPR):
- Legality, good faith and transparency;
- Personal data is collected and processed for specific, explicit and legitimate purposes (“Limitation of purposes”)
- Data are processed that are relevant and limited to what is necessary in relation to the objectives (“Minimizing data”)
- Accuracy and, if necessary, keeping the data up to date. Ensure timely deletion or correction, taking into account the purposes for which the data are processed (“accuracy”)
- Storage of data for a period not longer than necessary for the purposes (“storage restriction”)
- Processing in a way that ensures an appropriate level of security of personal data, including against unauthorized or unlawful processing and against accidental loss, destruction or damage, applying appropriate technical or organizational measures (“integrity” and “confidentiality”)
Art.7. BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE (BAPES), as a Data Controller, performs the following:
- the type of personal data that will be processed;
- the purposes for which this data will be processed;
- the means of processing them and the corresponding levels of protection.
Processes categories of personal data, structured in separate registers, in accordance with Article 30 of the Regulation (GDPR), Bulgarian legal norms and this Policy. Personal data of employees of the BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE (BAPES), users, contractors, suppliers, partners and others are processed.
Art.8. The grounds for collecting personal data in the “BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES) are:
- With the consent of the data subject. In this case, the subject gives clear and explicit consent to the processing of personal data for one or more specific purposes. Consent is valid when it is freely given, given for a specific purpose of processing, informed and unambiguous;
- When there is an agreed requirement;
- When there is a legal requirement or legal obligation of the administrator;
- Where processing is necessary to protect the vital interests of the data subject or another individual;
- When performing a task of public interest or exercising official powers granted to the administrator;
- For the purposes of the legitimate interests of the controller or of a third party, where they take precedence over the interests or fundamental rights of the data subject.
Art.9. (1) “BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES) processes personal data provided by the natural persons to whom the data relate, in connection with the participation of the persons in the organized events held on the online platform “VIRTUERAL COUNTY”. .
When the personal data related to a data subject are collected by the data subject (in the cases under para 1), at the moment of receiving the data the Administrator shall provide to the data subject the following information:
- Data that identifies the Administrator and contact details;
- The purposes of the processing and the legal basis for the processing of personal data;
- The legal interests of the Administrator or a third party, when this is the basis for processing;
- Recipients of personal data, if any;
- Additional information necessary for the fair and transparent processing, such as: retention period of personal data, information on the data subject’s rights regarding access to rectification, deletion, restriction of processing, right of data portability, right of appeal.
Art.10. (1) “BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES) may also process personal data, which have not been received by the natural person to whom they refer, but have been provided by a third party in connection with a normative or contractual requirement.
(2) The conditions for provision of information described in para 1 shall not be applied when and to the extent that the data subject already has the information or the provision of the information turns out to be impossible or requires disproportionately large efforts.
Art.11. (1) “BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES) processes personal data of natural persons in connection with:
- Users of the online platform “VIRTUAL CONGRESS VENUE”;
- Lecturers on the online platform “VIRTUAL CONGRESS VENUE”;
- Patients who have expressed interest and registered on the online platform “VIRTUAL CONGRESS VENUE”;
- Doctors who have expressed interest and registered on the online platform “VIRTUAL CONGRESS VENUE”;
- Sponsors and investors in the online platform “VIRTUAL CONGRESS VENUE”;
- Persons in connection with the preparation, conclusion, amendment and conclusion of contracts for performance, subcontracting, supplies and services;
- Recruitment, conclusion of employment and civil contracts;
In case of a legal basis for the processing of personal data, the provisions of the Commercial Act, the Obligations and Contracts Act, the Accounting Act, the Personal Data Protection Act, Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 shall apply. d. on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) and other applicable laws, regulations and regulations.
Art.12. The categories of personal data that are processed in the “BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES) are differentiated by the specific activity, legal norm or purpose, such as the categories are:
- Ordinary” personal data
- Names, address, place of birth, location, data from an identity document, citizenship, telephone, e-mail, IP address – applicable by the Administrator;
- Data on education, qualification, legal capacity, position held and job function performed, work activity – experience and professional biography – applicable by the Administrator;
- PIN (Unified Civil Number) – applicable by the Administrator;
- UIN for medical professionals
- Faculty number for a student
2. “Special” (sensitive) personal data
- Data revealing racial or ethnic origin, political views, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data on sexual life or sexual orientation – mostly not applicable by the Administrator. The possible processing of these data takes place with the explicit consent of the data subject and under the conditions of Article 9 of the Regulation (GDPR);
- Health data – applicable by the Administrator in connection with the correct targeting for participation in a specific event available on the online platform “VIRTUAL CONGRESS VENUE“, as well as for statistical purposes to clarify the interest in a particular topic of the subject, given his professional interest , personal interest or simply need for information;
Art.13. BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE (BAPES) processes personal data independently or by assigning a personal data processor, determining the purposes and scope of obligations assigned by the controller of the personal data processor, in the presence of relevant legal grounds, according to of the LPPD and the Regulation (GDPR).
- The administrator of the BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE (BAPES) uses only personal data processors that provide sufficient guarantees for the implementation of appropriate technical and organizational measures in such a way that the processing takes place in accordance with this Policy (GDPR). and more precisely the conditions in Article 28 and to ensure protection of the rights of data subjects.
- The processing by the personal data processor is regulated by a contract, which is obligatory for the personal data processor towards the Administrator, and which regulates the subject and term of the processing, the nature and purpose of the processing, the type of personal data, the categories of data subjects and the obligations and rights of the Administrator.
V. PURPOSE OF THE PROCESSING OF PERSONAL DATA
Art.14. The purpose of personal data processing is to uniquely identify individuals, current and future users, speakers, contractors and other persons who use, maintain and invest / sponsor in the online platform “VIRTUAL CONGRESS VENUE”
- The purposes of personal data processing in the “BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES) are most often determined by the implementation of statutory obligations of the Administrator, arising from the specific requirements of the legislation.
- The administrator of the “BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES) processes personal data of individuals for the purposes (mainly but not exhaustively) specified below:
- Identification and exchange of information for the purposes of the online platform “VIRTUAL CONGRESS VENUE”;
- Preparation, conclusion, implementation and termination of contractual relations related to the activities of the association;
- For the purposes of preventive and occupational medicine, to assess the working capacity of the employee;
- For insurance purposes related to the protection of the health and life of the employees, as well as for the protection of the property, own or entrusted to the Administrator;
- For keeping accounts, for processing payments, for financial purposes related to relations with banks and other institutions;
- For information and communication with employees, contractors, customers, contractors, suppliers, partners, etc. under.
- The processing of personal data in BAPES, except in the cases when it is necessary for fulfillment of a normatively established obligation of the Administrator, is admissible also when the natural person to whom the data refers has given his explicit consent or the processing is necessary for fulfillment of obligations under contract. , to which the natural person is a party or a representative of a party, as well as for actions prior to the conclusion of a contract and taken at the request of the person.
- Where the processing of data is for purposes which require the consent of the data subject, the controller should be able to demonstrate that the subject has given his consent freely, informedly, for the purposes of processing and to what extent he gives it. In the case of a declaration of consent drawn up in advance by the Administrator, it must be in an understandable and easily accessible form, in clear and simple language and must not contain unfair terms.
VI. VI. DISCLOSURE OF PERSONAL DATA
Art.15. BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE (BAPES), as a Personal Data Administrator, has the right to disclose the processed personal data to the following categories of persons:
- The natural persons to whom the data relate;
- Persons for whom the right of access is provided for in a normative act or an established regulatory requirement;
- Persons for whom the right derives by virtue of a contract.
Art.16. The processed personal data of clients, users, lecturers, contractors and lecturers of BAPES, as well as persons related to them, may be provided to other controllers of personal data or processors of personal data, in connection with the performance of specific tasks and contractual obligations. instruction and on behalf of BAPES, by providing sufficient guarantees that the processing is carried out in accordance with the requirements of the Regulation (GDPR) and ensures the protection of the rights of data subjects.
VII. SECURITY AND PROTECTION OF PERSONAL DATA
Art.17. The controller of personal data “BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES) provides security in the processing, access and exchange of personal data through:
- Selection of appropriate technical and organizational measures to ensure the appropriate level of security of personal data protection, taking into account the achievements of technical progress, scope, context and purposes of processing, as well as risks of varying probability and severity for the rights and freedoms of individuals ;
- Ability to ensure confidentiality, integrity and availability, and sustainability of personal data processing.
- Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- Application of pseudonymization and encryption of personal data, when necessary;
- Regular inspection, assessment and evaluation of the effectiveness of technical and organizational measures, in order to ensure the security of processing.
Art.18. In assessing the appropriate level of security, account shall be taken of the risks associated with the processing of personal data, in particular the risks associated with accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data.
Art.19. The level of protection is a set of technical and organizational measures.
1. The levels of protection are directly related to the level of impact, as follows:
- Low level of protection – in case of low impact (when the illegal processing of personal data would endanger the inviolability of the person and the private life of an individual or a group of individuals);
- Medium level of protection – at medium impact (when the improper processing of personal data could create a risk of affecting interests revealing racial or ethnic origin, political, religious or philosophical beliefs, membership in political parties or organizations, trade unions, health status, the sexual life or human genome of an individual or group of individuals);
- High level of protection – in case of high impact (when the illegal processing of personal data could lead to significant damage or identity theft of a large group of individuals or persons holding senior government positions, or permanent injuries or death of an individual );
- Extremely high level of protection – in case of extremely high impact (when the improper processing of personal data could lead to significant damage or identity theft of a particularly large group of individuals or permanent damage or death of a large group of individuals).
2. The levels of protection in the “BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES), in relation to the reciprocal levels of impact, are determined mainly according to the health condition of the consumers.
Art. 20. The types of personal data protection are:
1. Physical protection – is a system of technical and organizational measures to prevent unauthorized access to buildings, premises and facilities in which personal data are processed;
- Basic organizational measures for physical protection – determination of the premises in which personal data are processed and the premises in which the elements of the communication and information processing systems are located, organization of physical access (low level); identification of controlled access areas (intermediate level);
- Basic technical measures for physical protection – locks, cabinets, equipment of the premises, fire extinguishers (low level); metal frames, areas with controlled access, security or security system, means of perimeter protection (high level);
2.Personal protection – is a system of organizational measures against individuals who process personal data at the direction of the controller;
- Basic measures for personal protection – knowledge of the regulations for personal data protection, knowledge of the dangers of data processing, consent to undertake an obligation not to disseminate personal data (low level); sharing critical information between staff – identifiers, passwords for access, training, training of staff to respond to events that threaten data security (intermediate level);
- Personal protection measures guarantee access to personal data only to persons whose official duties require such access. The persons sign a declaration for non-disclosure of personal data to which they have access.
3. Documentary protection – is a system of organizational measures in the processing of personal data on paper;
Basic measures for documentary protection – determination of the registers that will be maintained on paper, regulation of the access to the registers, the conditions for personal data processing, determination of storage terms and procedures for destruction (low level); control of access to registers, rules for reproduction and distribution (intermediate level); processing inspection and control procedures (high level).
4. Protection of automated information systems and / or networks – is a system of technical and organizational measures for protection against illegal forms of personal data processing;
Main measures – identification and authentication, registry management, external links, virus protection, recovery copies / backups, media, personal protection, deadlines for storage of personal data and procedures for destruction / deletion / deletion of media (low level); telecommunications and remote access, maintenance / operation, physical environment / environment (intermediate level); policy, manuals and standard operating procedures, defining roles and responsibilities, session controls, monitoring, contingency planning, staff training to respond to data security threats (high level).
5.Cryptographic protection – is a system of technical and organizational measures that are applied in order to protect personal data from unauthorized access during transmission, distribution or provision.
Basic measures – standard cryptographic capabilities of operating systems, database systems, communication equipment (intermediate level); cryptographic key distribution and management systems, electronic signature (high level).
Art.21. To ensure the security and protection of personal data, the controller shall take measures to ensure that the processor and any natural person acting under the direction of the controller process such data only on the instructions of the controller, by providing sufficient guarantees, that the processing takes place in accordance with the requirements of the Regulation (GDPR) and ensures the protection of the rights of data subjects.
Art.22. In case of violation of the security of personal data, the Administrator without undue delay and when this is feasible notifies the competent supervisory authority – the Commission for Personal Data Protection. The notification is in accordance with Article 33 of the Regulation (GDPR).
VIII. TERMS OF STORAGE OF PERSONAL DATA
Art.23. Documents and information containing personal data, commercial and accounting information, taxation documents, compulsory social security contributions, official files and other company documents containing personal data shall be stored by the Administrator within the following terms:
Payroll and service files of employees – 50 years;
2. Personal data of job candidates who have not been appointed – one month after the end of the competition for the position;
3. Accounting registers, tax documents and financial statements – 10 years;
4. Personal data contained in performance contracts – 10 years from the termination of the contract;
5. In all other cases – 5 years, unless otherwise provided by law or contract.
Art.24. After the expiration of the term for storage of personal data, the data carriers (paper or technical), which are not subject to transfer to an archival fund, may be destroyed.
IX. RIGHTS OF INDIVIDUALS
Art.25. The Administrator of the “BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE” (BAPES) undertakes to take the necessary measures for transparent information, communication and conditions for the exercise of the data subject’s rights in order to ensure the observance of the fundamental rights of the data subjects. Regulation (GDPR):
- 1. Right to information;
- Right of access to personal data;
- Right of correction – the data subject has the right to request correction without undue delay of inaccurate personal data related to him;
- Right of erasure (“right to be forgotten”) – in the presence of the grounds specified in the GDPR (for example, if personal data are no longer necessary for the purposes of processing, or if it is suspected that personal data have been processed illegally), the data subject has the right to request and receive the deletion of personal data related to him;
- Right to restrict processing – in the presence of the grounds specified in the GDPR (for example in case of doubt about the accuracy of personal data or in case of objection to the purposes of personal data processing), the data subject has the right to request restriction of personal data processing until a solution is found;
- Right to object to the processing – the data subject has the right at any time and on grounds related to his specific situation to object to the processing of his personal data, and the data controller terminates this processing, unless it is proved that there are convincing legal grounds which take precedence over the interests and rights of the data subject.
- Right to data portability from one controller to another controller;
- Right to limit automated decision making, including profiling;
- Right to lodge a complaint with a supervisory authority.
Art.25. Individuals exercise their rights by submitting a written application to the Personal Data Administrator.
- The application shall be submitted in person by the data subject or by a person expressly authorized by him, unless otherwise provided by a special law;
- The application may also be submitted electronically in accordance with the relevant legal procedure, with an electronic signature;
- The application shall contain at least the following information:
- Name, address and other data for identification of the natural person;
- oDescription of the request;
- Preferred form of communication and action in relation to the rights of the subject;
- Signature, date of submission and address for correspondence.
Art.26. In case of death of a natural person, his rights are exercised by his heirs, and a notarized certificate of heirs is attached to the application.
Art.27. The administrator accepts the application and decides on it.
1. The term for consideration of the application and ruling on it is 14 days from the day of submitting the request, respectively 30 days, when more time is needed to collect the requested data, in view of possible difficulties in the activity of the company of the Administrator.
2. The administrator prepares a written response and communicates it to the applicant – personally against a signature or by mail with a return receipt, taking into account the preferred form of communication by the applicant.
3. When the data do not exist or their provision is prohibited by law, the applicant is denied access.
4. In case the Administrator does not respond to the request for access to personal data within the prescribed time limits or the applicant is not satisfied with the response received, he has the right to exercise his right of defense.
X. JOINT ADMINISTRATORS
Art.28. Under Article 26 of the Regulation (GDPR), when two or more administrators jointly determine the purposes and means of processing, they are joint administrators.
Art.29. The joint controllers shall, by mutual agreement, define in a transparent manner their respective responsibilities for the implementation of the obligations under the Regulation (GDPR), in particular as regards the exercise of the data subject’s rights and their respective information obligations.
The agreement between the two companies shall duly reflect the respective roles and relationships of the joint controllers vis-à-vis data subjects. The essential features of the arrangement are available to the data subject.
Notwithstanding the agreement, the data subject may exercise his rights under the Regulation (GDPR) against any of the controllers.
Art. 30. This Policy is valid both for BAPES and for companies – sponsors / investors, in their capacity of joint administrators, by virtue of an agreement between them.
XI. RIGHTS AND OBLIGATIONS OF THE USER
Art.31 The text of this policy is available on the Internet on a website with address https://vcv.raredis.org/en/privacy-policy/ and in this way allows all users to get acquainted with its content. With each use of the information services and resources of the Website, including by opening a website from the Website, as well as by filling in the registration form, the user makes an electronic statement declaring that he is aware of this policy and his powers as a user, agrees with it and undertakes to comply with the established rules. When using the Website by registered users by checking in the field “I accept the general conditions of the site” and pressing the virtual button “Registration”, the Registered User makes an electronic statement within the meaning of the Electronic Document and Electronic Certification Services Act, declaring that is familiar with the present policy and the conditions for use of the Website, accepts them and undertakes to observe them. By recording it on an appropriate medium in the server through a generally accepted standard for conversion in a technical way that makes it possible to reproduce it, the electronic statement acquires the quality of an electronic document within the meaning of the cited law. BAPES may store in log files on its server the IP address of the Registered User, as well as any other information necessary to identify the Registered User and reproduce his electronic statement of acceptance of the General Terms, in case of a legal dispute.
Art. 32 The User undertakes when using the lectures, conferences, trainings and other events and information and services provided and organized by BAPES and the sponsors on the Website not to distribute or make available in any way to third parties. – information, data, text, sound, files, software, music, video, photographs, graphics, audio, commentary, and any other material or electronic links to such information that are available:
- contrary to the Bulgarian legislation, the applicable foreign laws, the present General Terms and Conditions, the Internet ethics, the rules of morals and good manners;
- containing violence, agitation for violence, humiliation of human dignity, threat to life and bodily integrity of man;
- o damaging the good name of another or calling for a forcible change of the constitutional order, a crime, violence against the person or incitement to racial, national, ethnic or religious hatred;
- insulting a religion or containing religious agitation;
- promoting discrimination based on sex, race, education, age and religion or preaching a fascist, racist or other undemocratic ideology, including inciting to commit terrorist activities;
- with pornographic, sexually explicit or any other content that endangers the normal mental development of minors or violates the norms of morality and good manners;
- which do not correspond to the thematic focus of the Website or specific material published on it to which they refer;
- representing a trade or official secret or other confidential information;
- infringing any property or non-property rights or legitimate interests of third parties, including materials that are subject to an intellectual property right of third parties, except with the consent of the right holder;
- which are unauthorized advertising materials, junk mail, spam, “chain letters”, redirected by alias subdomains, “pyramid schemes” or other forms of attracting customers;
- containing information about foreign passwords or access rights without the consent of their holder, as well as software for access to such passwords or rights;
- containing personal data within the meaning of Regulation (EU) 2016/679 and the applicable Bulgarian legislation (LPPD, bylaws on the implementation of LPPD, etc.), which would lead to the identification of third parties – data subjects without explicit consent to the relevant data subjects, including consent to the public disclosure of such data;
- containing computer viruses or other computer codes, files or programs designed to interrupt, disrupt or restrict the operation of computer software, hardware or telecommunications equipment;
- The user also declares that he knows and voluntarily provides his informed consent, BAPES to make videos and sound recordings of conferences, video chats and other events on the Website in which the user has voluntarily joined with his webcam and microphone, giving consent. and he is aware that the footage and / or photos of which we appear to be published on the BAPES Website and to be available in the archive for past events available to other users.
Art. 33 The user is obliged when using the services provided by BAPES and participation in the organized conferences, lectures and others available on the platform:
- to observe the Bulgarian legislation, the applicable foreign laws, the present General Terms and Conditions, the Internet ethics, the rules of morals and good manners;
- not to violate other people’s property or non-property rights and interests, such as property rights, intellectual property rights, the right to protection of personal data, etc .;
- to notify BAPES immediately of any case of committed or discovered violation when using the provided services;
- not to impersonate another person or a representative of a legal entity or a group of people who are not authorized to represent, or otherwise mislead third parties about their identity or belonging to a certain group of people;
- not to perform Malicious actions / “Malicious actions” are actions or inactions that violate Internet ethics or cause harm to persons connected to the Internet or associated networks, sending spam (SPAM, JUNK MAIL), gaining access to resources with foreign rights and passwords, use of deficiencies in systems for personal gain or information retrieval (HACK), committing acts that may qualify as industrial espionage or sabotage, damaging or destroying systems or information files (CRACK), sending of “Trojan horses” or causing the installation of viruses or remote control systems, disrupting the normal operation of other Internet users and associated networks, performing any actions that may qualify as a crime or administrative violation under Bulgarian law or under other applicable law.
- not to use methods leading to forced loading of content unwanted by Internet users (pop-ups, blind links, etc.).
XII. RIGHTS AND OBLIGATIONS OF BAPES
Art. 34 BAPES is obliged to take due care to provide an opportunity to the USER for normal use of the Services.
Art. 35 BAPES does not have the obligation and the objective opportunity to control the way in which the USER uses the provided Services, and is not responsible for the User content, as well as for the activity of the USER in connection with the use of the Services. BAPES has no obligation to monitor the information stored on its Servers or made available when providing the Services, nor to seek facts and circumstances indicating the commission of illegal activity by USERS through the use of the Services.
Art. 36 In accordance with the requirements of the current Bulgarian legislation BAPES stores personal data, information materials and resources located by the USER on a Server and has the right to provide them to the competent state authorities in cases where this is necessary to preserve the rights, legitimate interests and the security of BAPES or of third parties, as well as in the cases when the same are required by the respective state bodies in due order.
Art. 37 BAPES has the right to place on each of the pages of the Websites, including in the user profile, Electronic links, advertising banners and other advertising forms for goods and services offered by BAPES or third parties, as well as Electronic links and advertising banners indicating to websites outside the control of BAPES.
Art. 38 BAPES has the right to send unsolicited commercial messages to the USER, in order to offer information and advertisements about their own or offered by other companies goods and / or services, to make inquiries on various issues, to conduct surveys and other . To the extent that we use your data for the purposes of direct marketing – providing non-targeted banner, video and other advertising, we do so to pursue our legitimate interests, as an organizer of virtual congresses on various topics, such interests include the fact that the platform of BAPES there are sponsoring companies, which through this advertising can make a profit without harming the interests of the data subjects users in the platform.
Art.39 BAPES has the right (but not the obligation) to install on the computers of the Registered User cookies – small text files that are saved by the Website through the Internet server on the hard drive of the Registered User and allow for recovery of information. for the Registered User, identifying him and for tracking his actions. The cookies installed by BAPES are used in order to optimize and ensure full and quality use of the functionality of the Website owned by BAPES, including to increase security, recognize user preferences, analyze data, display personalized content, advertise goods and services that are of interest to the User, saving settings, monitoring, use of analysis methods, etc., in order to meet the widest possible range of user needs and requirements. Cookies may also be installed by third parties in order to advertise products and services that are of interest to the User during his visit to the Website.
Users may refuse to store and / or access cookies of their choice by changing their browser settings. Users should be aware that by restricting their cookies, BAPES may be deprived of the opportunity to provide in full all the functionalities of the respective Website owned by them. Notwithstanding the above, the Users agree that certain types of cookies are mandatory for the proper functioning of the respective Website and do not have the opportunity to refuse their storage and / or access to them, except by terminating the use of the Services. Cookies can constitute personal data, therefore they will be treated in accordance with the rules for processing personal data by BAPES. Cookies can be classified as “session” (temporary) or permanent. Session cookies are placed in your browser when you log in to a website and remain on it while the browser is open. They remain valid until the browser is closed.
Persistent cookies are placed on your computer when you log in to the website and are valid until a certain point or until you delete them manually from your browser, whichever comes first.
Cookies will be set by the domain of our site or by third-party domains on our behalf. The cookies set by BAPES in the domain of our site are called “cookies of the visited domain”. Cookies set by third party domains or set on or through our third party domain are called “third party cookies”. Cookies usually do not contain personal information. However, they can be used in combination with other information for identification purposes. In case you need additional information about cookies in general, please visit www.allaboutcookies.org.
|Type of cookies||
How do they work?
Do they collect my personal data and do they identify me?
These cookies are essential for the proper functioning of our site, they allow you to navigate the site and use its functions. Examples include memorizing previous actions (such as written text) when you return to a page from the same session.
These cookies do not identify you as an individual. If you do not accept these cookies, this may affect the performance of the site or parts of the site.
These cookies help us understand how visitors interact with our site by providing us with information about places visited, time spent on the site, and any problems encountered, such as error messages. This helps us improve the performance of the site.
We may use the information we hold about you to show you relevant and “targeted advertising” through sites of other companies, such as Google and Facebook.
These cookies do not identify you as an individual. All data are collected and summarized anonymously.
These cookies allow our site to remember your choices (such as your username, language or region in which
you are located) in order to provide a more personalized online operation of the site. They can also allow visitors to watch videos, play games and engage in social tools such as blogs, chats and forums.
The information collected by these cookies may include personal information disclosed by you, such as
your username or your profile photo. We will always maintain transparency regarding the information we collect, what we do with it and with whom we share it.
Failure to accept these cookies may affect the performance and functionality of the site and may restrict access to its content.
Art. 40 The provision of electronic links to other Internet pages and resources and advertising banners on the Website, for sale of goods and provision of services by BAPES, the sponsors of the platform and third parties, including using the methods of analysis for the purposes of targeted advertising, which constitutes profiling within the meaning of the General Data Protection Regulation (Regulation 2016/679). When providing the Services, BAPES reserves the right to draw the attention of the Registered User or to attach to the text of his message and on the Website electronic links and advertising banners pointing to websites owned by BAPES or others outside the control of BAPES, including under the conditions of analysis. The user agrees to the use of electronic links and advertising banners, including the use of methods of analysis.
Art. 41 BAPES has the right, but not the obligation, at its discretion and without issuing a warning to temporarily suspend or restrict the User’s access to the Services, as well as to suspend access to and / or remove User Content when it contradicts the requirements provided in these General Terms and Conditions, including in case of non-compliance by the USER with the requirement of the described rules.
XIII. INTELLECTUAL PROPERTY
Art. 42 The intellectual property rights over all elements of the content of the Websites, including design, software programs, databases, text, drawings, graphics, sketches and other information or elements, are subject to copyright within the meaning of the Copyright Act and its related rights and / or the Trademarks and Geographical Indications Act and are owned by BAPES and / or the designated person, who has transferred the right to use BAPES and provided the relevant materials for publication, and may not be used in violation of applicable law.
Art.43 The right of access of the User to the materials and resources of the Website does not include the right to use, record, store, change, adapt, publicly distribute, copy or reproduce information, materials and resources, as well as to use objects of intellectual property. , unless it is insignificant information intended for personal use, provided that the legitimate interests of the authors or other holders of intellectual property rights are not unduly prejudiced and that the copying or reproduction is carried out for non-commercial purposes. Notwithstanding the above, the User has no right to remove the trademark and other intellectual property rights from the materials available to him, regardless of whether the holder of the respective rights is BAPES, its partner, customer, other User of the Website or a third party.
Art.44 It is permitted to use a title and / or a paragraph of text from any of the Websites in the volume and type provided to the respective section of the respective Website, provided that this does not cause harm to BAPES and / or its partners. and their services, with a clear textual indication of the name of BAPES and indication of an Electronic link to the respective Website of BAPES and / or its partners, on which is published all the material from which the texts are copied. The manner of opening the Electronic Link should not mislead the User regarding BAPES and / or its partners and their services. The information obtained may not be directly or indirectly modified, distributed or / or reproduced as derived products. BAPES and / or its partners reserve the right to suspend the submission of information at any time without prior notice.
Art.45 Any use, reproduction, distribution, change, public display and others of part or all of the content of any of the Websites, except the above hypotheses, is prohibited and prosecuted in accordance with the law, unless there is explicit consent of BAPES and / or its partners for the respective type of use.
Art. 46 The User undertakes not to circumvent, damage or otherwise disrupt the normal operation of technical or software applications placed by BAPES on the Website in order to prevent or limit the use of the content of the Websites in violation of these rules.
Art. 47 With the placement of any information material, resource, image, comment or other content of the Website, the User grants to BAPES the right to use, record, store, reproduce, distribute publicly for the needs of and in connection with the provision of services, subject of these terms and conditions. The user declares that he is the holder of copyright or other intellectual property rights, or has the right to use the relevant material in the manner specified in this point, having acquired this right on a legal, contractual or other legal basis, and that the disposal of this content on the pages of the Websites and its use in accordance with these terms does not infringe the rights of third parties.
Art. 48 The Registered User is solely responsible for the legality of the User Content, which he publishes or makes available through the use of the Services, as well as for his actions for its publication and for the consequences of this publication.
Art.49 In case the User considers that his intellectual property rights have been violated by another user and wishes to send a signal for established infringement of intellectual property rights related to User content located in any of the Websites, he should send notification of the address or e-mail for contacts specified on the Website. The notification of the alleged infringement must be in writing and have at least the following content:
- Signature of the person or duly authorized representative of the person – holder of the right, which is alleged to have been violated;
- Power of attorney, in case the notification is submitted through a proxy;
- Specific indication of the User Content, which is alleged to be in violation (in case of alleged infringement in respect of several materials – an exhaustive list of all materials), as well as indication of an exact URL allowing identification of the User Content;
- Information sufficient for BAPES to be able to contact the notifier, such as full names, address, telephone and e-mail address;
- Declaration of the person who submitted the notification that he conscientiously believes that the use of the User Content in the described manner is not allowed by the holder of intellectual property rights, his representatives and agents or by law;
- A statement that the information in the notification is correct and that the person submitting it acts as the holder of the alleged infringement or his duly represented representative and evidence of ownership.
- BAPES at its discretion, takes appropriate action, bearing no responsibility in the presence of infringed copyright by a user, speaker, sponsor or third party.
Art. 50 In case the User considers that the access to user content published by him is unreasonably restricted, he should send a written notification to BAPES, and, BAPES at its discretion takes action in case the notification is justified.
Through this Policy we declare that we will apply in good faith and responsibly Regulation (EU) 2016/679 (GDPR), taking into account the specific characteristics of the processed data and the specific needs of the company, applying protection measures to ensure the security, integrity and confidentiality of personal data .
The General Terms and Conditions and the policy were approved by the manager of the BULGARIAN ASSOCIATION FOR PROMOTION OF EDUCATION AND SCIENCE (BAPES) on 01.07.2020 and come into force from the same date until the subsequent amendment.