As a private foundation using the website www.em-pact.eu (hereinafter referred to as “website”), EMPACT strives to constantly improve the trust of the clients and protect their data as well as regularly inform them about the taken security measures.
EMPACT undertakes the matter of data protection very seriously and strives to meet all the requirements of the Personal Data Protection Act, Regulation (EU) 2016/679 and all other applicable regulations.
Who are we
When this Policy mentions EMPACT, "we", "our" or "us", it refers to Empact Foundation, with UIC 205750004 with head office located at ul. Iskar 4, Soho house, 1000, Sofia. We determine the purposes for which your personal data is used by us and the ways in which it is processed, acting as a “personal data controller” within the meaning of Regulation (EU) 2016/679 and the Personal Data Protection Act.
If you have any concerns or you would like to receive information regarding the way we process your personal data, you can contact us at email@example.com or by mail at this address: ul. Serdika 20, fl. 1, 1000, Sofia.
Your personal data is not only protected by the dedication and high standards of EMPACT, it is also protected by law. By law, we may only process your personal data if we have a legal ground to do so, and that legal ground may be one or more of the following:
- To fulfill the contract concluded between us and you
- If we have a legal obligation;
- If you have given your consent for processing;
- If it is in our legitimate interest;
- If it is in the public interest;
- If it is in your vital interest;
What is legitimate interest
In cases specified by law, we may process your personal data based on our legitimate interest (s). There is a legitimate interest in cases where we process your personal data for commercial or business reasons. In this processing of your personal data, it remains protected and we must not process it in a way that would be unfair to you or your interests.
If the legal ground for processing your personal data is legitimate interest, we will inform you exactly what our legitimate interests are and will provide you with the opportunity to make inquiries or objections, if you have any.
How long we store your personal data
We store your personal data for the minimum necessary period and to achieve the objectives set out in this Policy, unless we are required by law or have the right to store it for a longer period.
According to the applicable legislation, we are obliged to apply the following deadlines for storage of your personal data:
- 5 years for the purposes of protecting the legal interests of the Controller in court or administrative disputes with users of the website.
- Personal data and copies of documents stored on the basis of LMML are stored for a period of 5 years, and the starting point should be determined according to the rules of Art. 67 LMML.
Please note that we are not allowed to delete this information before the expiry of the above deadlines, even if we receive a request from you to that effect. In such a case we will be violating the law.
Types of personal data we process
Personal data when visiting the Site
When visiting the Foundation's website without using the contact form, the only personal data that is collected are: IP address; the page through which the client is redirected to www.em-pact.eu; the viewed subpages and the time the client has spent on the website - depending on the selected cookie settings installed on the website.
When visiting the website of the Foundation, the client has the opportunity to fill in and send an inquiry form. The purpose of this operation is to send information from the user to the Controller in connection with a desire to receive a particular service and / or purchase product (s). Sending an inquiry is not a mandatory step for using the website and it is available without filling out personal data. In case the client sends an inquiry by filling in the contact form, the personal data collected by the Controller are two names and an email address.
Personal data processed for the purposes of analysis, statistics, advertising, processing of inquiries and complaints
When you contact us through one of our communication channels - by phone or email - we will process this personal data that you choose to share with us in connection with the specific occasion on which you contact us.
We process your personal data, such as orders, inquiries, etc. in order to analyze, statistics and improve the quality of our services, testing and increasing your satisfaction.
Please note that if you choose not to provide your personal information, this may prevent us from fulfilling our legal obligations, contracts or being able to provide our services to you. Accordingly, failure to provide us with your personal information may mean that we are unable to provide you with our products or services.
The purposes for which this personal data is collected and the legal grounds are:
- preparation and execution of a contract between the client and the Foundation
- management of the relations and legal relations of the Foundation with its business partners, clients and their representatives in their capacity of clients, potential clients - on the basis of legitimate interest and in order to maintain customer satisfaction and attract clients;
- for the purpose of protection of legal rights and interests of the Foundation in connection with the provided services, products, use of the website managed by it or protection against legal claims of third parties;
- improving the quality of the services offered by the Foundation, adapting them to the needs of the clients;
- fulfillment of the legal obligations of the Foundation under LMML and LMFT, when such are provided;
- in the event that we have received your explicit consent or the settings you have made on your cookies indicate your consent, we will process your personal data for marketing purposes, which include: preparing and conducting advertising campaigns on social networks, through display of advertising and banner advertising on sites related to the interests and user behavior of the client (visits, time spent, search for content by keywords), through PR articles and materials published on partner sites (for indirect or direct marketing), games and other promotional events.
Automated processing of personal data
When providing services through the website, we do not apply mechanisms and algorithms for automated processing of your personal data and decision-making entirely without human intervention within the meaning of Art. 22 of Regulation (EU) 2016/679.
Disclosure of personal information. Categories of recipients
We provide various of the above data to government agencies in order to fulfill legal obligations, as well as to our trusted partners (insofar as this is necessary for the services we use, such as technical support services on our website, courier services for sending documents or others to you, etc.), which we have made sure to comply with the highest standards for information security and confidentiality. We have a contractual relationship with all these companies, which ensures that the personal data processed is only strictly necessary to provide us with these services.
Data transfer outside the EEA
We will only transfer your personal data outside the EEA if:
- You have given us explicit permission; or
- This is necessary so that we can establish or fulfill the contract you have entered into with us; or
- To fulfill a legal obligation.
If we transfer your personal data outside the EEA, within our corporation or our business partners, we will take steps to ensure the same standards of protection as those in the EEA, relying on one of the following:
- The country receiving your personal data is recognized by the European Commission as offering the same level of protection as the EEA. You can find more information on the European Commission's Justice website.
- We will use contracts that require the recipient to provide the same standards for the protection of your personal data as the EEA.
- If data is transferred to the US and the recipient is registered with Privacy Shield. Privacy Shield is a system that ensures the protection of Personal Data at a level approved by the EU. You can find more information about Privacy Shield on the Justice of the European Commission website.
In some cases we may be forced to disclose your personal data to a third party and we may have restrictions on the control and manner in which this data is protected by that third party, but even if such an event occurs we have taken all possible and required by law measures to protect your personal data.
Your rights over your personal data
We will assist you if you decide to exercise your rights over your personal data, which includes:
- Withdrawal of your consent for data processing in a situation in which we have requested it from you, although this will not cancel previous processing that took place when we had your consent;
- Filing a complaint to the relevant competent data protection authorities.
- Access to your personal data registered or processed by you (within our systems);
- Correction of personal data that is incorrect or already invalid;
- Deletion of personal data that we process;
- Limiting the processing of your personal data under certain circumstances and conditions;
- A request to provide you or another company of your choice with certain aspects of your personal data, often referred to as a “portability right”.
- The opportunity to disagree or protest against data processing when we do so for our legitimate interests;
- The opportunity to challenge a decision taken entirely through automated processing, to express your point of view and request that the decision be reviewed by a person.
For more information about these rights, you can contact us at firstname.lastname@example.org
If you refuse to accept the changes to this policy, or for any other reason do not accept the changes within the time period provided and communicated to you, we may be unable to provide some or all of our products and services.
How do we protect your personal data
The processing of your personal data by us is only in accordance with the above objectives, grounds and deadlines. We provide access to the data only to a limited number of people who are pre-trained and instructed how to work with them.
Our servers are located entirely on the territory of Switzerland. According to a Resolution of the European Commission 2000/518/EO for protection of personal data, Switzerland provides adequate level or protection of personal data. We use high level methods for data protection, thereby assuring the online security of our clients and of our company from potential manipulation by third parties.
We follow these principles when processing your personal data:
- legality, good faith and transparency;
- limiting the purposes of processing;
- relevance to the purposes of processing and minimizing the data collected;
- accuracy and timeliness of the data;
- limitation of storage in order to achieve the objectives;
- integrity and confidentiality of the processing and ensuring an appropriate level of security of personal data.