Privacy Policy

UMT AD Privacy Policy

This Privacy Policy describes the practices of UMT AD, UIC 205970609, with registered office and management address at 65 Rozova Dolina St., Kazanlak 6100 (“we”, “the Company”, or “the Controller”) concerning the personal data we collect from or about you when you use our website.

The Controller carries out its activities in accordance with the Bulgarian Personal Data Protection Act (“PDPA”) and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (“GDPR” or “the Regulation”).

1. What Personal Data Do We Process?

The Company processes the following categories of personal data as a data controller:

  • Communication Information:

    • Full name

    • Telephone number

    • Email address

  • Technical Information:

    • IP address

    • Browser type

    • Device type

    • Operating system

The Company does not process special categories of personal data.

2. How Do We Collect Personal Data?

We collect personal data:

  • When you communicate with us through the contact form or special tools on our website www.umt.bg (“the website”);

  • When you visit, use, or interact with the website.

In some cases, we may collect information from third parties or public sources.

Our website collects data in log files, including your IP address, browser type, operating system, visit date, and visited pages.

Our website uses cookies. Cookies are small files containing information that a website sends to the visitor’s browser. The browser stores this information as a text file on the user’s device. Cookies help improve the website’s functionality for you. More information about cookie usage can be found in our Cookie Policy, available at the following address: www……

3. For What Purposes Do We Process Personal Data?

The Company processes your personal data for the following purposes:

  • To establish contact with you, provide requested information, and assistance;

  • To perform activities related to the initiation, execution, modification, and termination of the relationship between the Company and you;

  • To offer and promote our products;

  • To comply with legal obligations;

  • To ensure our legitimate interests, such as protecting against potential disputes;

  • To prevent fraud, illegal activities, or misuse of our products, and to protect the security of our systems.

4. What Is the Legal Basis for Processing Personal Data?

Personal data is collected, processed, and used based on several grounds:

  • For entering into pre-contractual relations (handling inquiries, providing offers) and performing a contract;

  • To comply with the Company’s legal obligations;

  • For the legitimate interests of the Company (e.g., preventing, detecting, and investigating fraud or illegal behavior; asserting or defending legal claims);

  • With freely given consent, when required by applicable law.

5. Who Do We Share Personal Data With?

The Company may share personal data with the following entities according to the stated processing purposes:

  • Consultants – accountants, auditors, lawyers, insurers, bankers, and other external professional advisors;

  • Suppliers – entities providing products and services to the Company;

  • Public authorities – entities that regulate or have jurisdiction over the Company, such as regulatory, tax, financial, law enforcement, judicial, administrative, and other government authorities;

  • Counterparties and other entities in connection with transformation, joint ventures, sales, transfer, or other disposal of assets or business.

These entities may be located in other countries. Before providing data, we will take the necessary steps to ensure that your personal data receives adequate protection as required by PDPA and the Regulation.

Currently, personal data collected is processed within Bulgaria and the European Economic Area (EEA) and is not transferred to third countries outside the EEA. Any transfer of personal data from the EEA to third countries outside the EEA will be based on an adequacy decision or regulated by standard contractual clauses as required by applicable legislation.

6. How Are Personal Data Protected?

The Company implements appropriate organizational, physical, and technical measures to protect personal data against unauthorized access, unlawful use, loss, alteration, disclosure, damage, destruction, and copying. The Company periodically reassesses the measures in place to ensure the ongoing security of personal data.

Note: Transmission of personal data and other information over the internet or by email is not entirely secure, and there is a risk that such data may be accessed and used by individuals other than the intended recipients.

7. How Long Do We Retain Personal Data?

The Company retains personal data only for as long as necessary to fulfill the purposes for which they were collected:

  • We store your personal data while we maintain an ongoing relationship with you.

  • We retain your personal data as long as necessary to fulfill our legal and contractual obligations. For example, accounting and tax information containing personal data is kept for a period of 10 years, starting from January 1 of the reporting period following the period to which it relates.

  • We retain your personal data as long as necessary to protect our legitimate interests. For instance, in the case of legal proceedings, personal data are retained for the duration of the proceedings and the execution of the court decision.

  • When your personal data are collected and processed based on your consent, we will process your data only while your consent is in effect.

8. What Are Your Rights Regarding Personal Data Protection?

You have the following legal rights regarding your personal data:

  • Access to your personal data and information on their processing:

    • You have the right to obtain confirmation from the Company as to whether your personal data are being processed. This includes the right to access your personal data, to receive a free copy of the data (except in cases of excessive and repetitive requests), and to be provided with a description of the main information related to the processing of your personal data.

  • Erasure of your personal data from our databases (“right to be forgotten”):

    • You have the right to request the deletion of your personal data without undue delay when one of the following applies:

      • Personal data are no longer needed for the purposes for which they were collected or otherwise processed.

      • You withdraw your consent on which the processing is based, and there is no other legal basis for the processing.

      • You object to the processing as described below, and there are no overriding legitimate grounds for the processing.

      • Personal data have been unlawfully processed.

      • Personal data must be deleted to comply with a legal obligation under EU or member state law applicable to the Controller.

      • Personal data were collected in connection with offering information society services to children, with consent given by the holder of parental responsibility.

  • Right to Rectification:

    • You have the right to correct or request the Company to correct inaccurate, incomplete, or outdated personal data concerning you without undue delay.

  • Right to Data Portability:

    • This right includes the ability to:

      • Receive your personal data in a structured, commonly used, and machine-readable format.

      • Transfer your personal data to another controller when processing is based on consent or contractual obligation and carried out by automated means.

      • Have your personal data transferred directly to another controller, if technically feasible.

  • Right to Restrict Processing:

    • You have the right to request the Company to restrict the processing of your personal data in the following cases:

      • When you dispute the accuracy of the personal data, allowing time for the Company to verify their accuracy.

      • When processing is unlawful, but you oppose erasure and instead request restriction of use.

      • When the Company no longer needs the personal data for processing, but you require them to establish, exercise, or defend legal claims.

      • When you object to processing and are awaiting verification of whether the legitimate grounds of the Company override your interests.

  • Right to Withdraw Consent:

    • When processing your personal data is based on your consent, you have the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

  • Right to Object:

    • You have the right to object at any time to the processing of personal data concerning you. The Company will stop processing your personal data unless it demonstrates compelling legitimate grounds for the processing that override your interests, rights, and freedoms or for the establishment, exercise, or defense of legal claims.

You may exercise the above rights by sending a written communication to the Company.

9. How to File a Complaint with the Data Protection Authority?

If you believe your rights have been violated, you have the right to file a complaint regarding the processing of your personal data with the competent supervisory authority, which is:

Commission for Personal Data Protection
Address: 2 Prof. Tsvetan Lazarov St., Sofia 1592
Phone: +359 2 915 3519 | Fax: +359 2 915 3525
Email: kzld@cpdp.bg | Website: www.cpdp.bg

10. Changes to the Privacy Policy

We may update this Privacy Policy periodically. When we do, we will post the updated version and the effective date on our website, unless applicable law requires a different type of notification.

Scroll
Linkedin
© UMT