Notification of privacy

Effective May 25, 2018

Dear users, it is important for you to know how we, from KARDBOX AD ("KARDBOX", "we", "us", "us") collect, store and use your personal data that you provide to us , or otherwise we have received and are related to you.

We are the creator of the free, mobile Cardbox application that provides access to the online Cardbox platform for electronic retention card storage for merchant sites (the "Application"). It is in your interest to take the time to familiarize yourself with this Privacy Notice ("Notification") and to review it periodically because at some point we can change it.

We have complied with this Notice with the General Data Protection Regulation (GDPR) 2016/679 ("the Regulation"), which is in force on 25 May 2018.

According to the Regulation and the Bulgarian Personal Data Protection Act ("LPDP"), you, as an individual and user (user) of the Application, are the subject of personal data. We are an administrator of your personal data that we process in order to provide you with the services of the Application. Our credentials and ways of contacting us are listed at the end of this document.

Нашите идентификационни данни и начините за връзка с нас са посочени в края на този документ.

WHAT PERSONAL DATA WE PROCESS?

When you install the Application on your mobile device and sign up to use the features of the Application or when you browse our information on our site or on our social networking pages, you provide us with certain information about yourself, which may include :

  • Your name and surname and mobile phone number - when signing up in the app so that we can know who you are and send you an SMS to activate the app; to ask our partners whether the scanned / introduced discount cards are valid so you can use them at their merchant sites via the app and whether you have a valid discount card for their sites so we can automatically add it to the app , without having to scan / input it; if you've been using the "ask card" feature from some of our partners, we'll issue it in an electronic version on their behalf and add it to the app so you can use it directly from your mobile device;
  • technical information about your device, date and duration of access, browser information, and the operating system you use in order to be able to provide you with the best possible service through our Application and to provide protection against cyber attacks and abuse of the Application and on our site;
  • bar code and / or number of your discount cards from different merchant sites that you provide by scanning the barcode of the camera cards on your mobile device or by entering the numbers you have (if you do not have a barcode) or which we automatically add in the Application after Refer to our partners or when you've used the "ask card" feature;
  • geolocation (location) of your mobile device if you have agreed to process this type of data to send you push notifications or promotional notices for promotions and discounts on products and services offered in shops located near you (about 500 meters away). We do not collect or use geolocation data if you have excluded this feature from the settings on your mobile device if you have not agreed to use that data for that purpose, or have subsequently withdrawn your consent by pressing a denial button in the app itself by setting up your mobile device or by emailing us.
  • information that you like or dislike information from your posts on our social networking pages and publicly shared information in your account
  • any other information that you voluntarily provide to us, including your email address, when making inquiries through our contact form on the Internet.

When processing your personal data in order to be able to activate and use the Application, this processing is required to meet these purposes. Without this data, you could not use the Application. In other cases, when collecting your personal information, we will let you know whether the data is necessary and what the consequences are if you refuse.

HOW WE RECEIVE AND USE YOUR PERSONAL DATA

Here are some more details about what we do with the information you provide us.

Firstly, we process your personal data on the following grounds:

  • in connection with performance of a Service Agreement that we conclude with you for the use of the Application under the General Terms and Conditions that you agree to when activating the Application; or
  • for the performance of our obligations that follow from a statutory act, for example in relation to obligations provided by law to provide information to judicial and other public authorities; or
  • our legitimate interest unless your advantage or your fundamental rights and freedoms predominate. Examples of our legitimate interest are improving the quality of the Application and our site; cyber-security of the app and our site, including protection against hacker attacks, security breaches, and malware;
  • Your explicitly informed consent in some cases, for example, to receive ad notifications and use geolocation on your device to send ad notifications based on its location or when you contact us through our online contact form. Your consent may be withdrawn at any time, and we will no longer process your data subject to the withdrawn consent.

We use your personal information for one or more of the following purposes:

  • Technical Management of the Application create and manage a User Profile containing information about your discount cards;
  • Providing the Application Usage Services: Providing you with the opportunity to install and activate the Application on your mobile device, to store your discount cards from various commercial sites in electronic form, to use the "Request Card" feature from our partner through the app, use discounts by displaying merchant cards directly from your mobile device, letting you know about automatically adding your discount cards, posting and sending you We have been notified of our partners' activities when you have requested this (through the so-called "fan maps" of celebrities that do not provide discounts, and with them you will receive up-to-date news about activity, participations, events, performances,
  • contact you when you ask us a question or notify you of important changes to our terms of service or our internal policies or data breaches;
  • We will send you promotional notices and discounts to our partners if you have given your consent, including notifications based on your location if you have agreed to use geolocation data for that purpose;
  • Perform our business in accordance with applicable laws, professional standards and rules, including by responding to requests from competent government bodies
  • and improve the services we provide to you, including for internal purposes such as audits, analyzes, and research to help us improve our business or monitor and analyze the trends and uses of the Application, improve the design and content of our site and the Application to best suit your preferences and the devices you use, and to protect the Application and our site from possible misuse, cyber attacks and security breaches;
  • in relation to legal claims as outlined in the section "How long do we store your personal data, as well as for purposes specified elsewhere in this Notice."

We will periodically update the above list in response to our business development and changing legal requirements. We will notify you if we would like or need to use your personal data for purposes and in a manner that is significantly different from what we have informed you and will, if necessary, seek your consent.

WHO SHOULD SHARE YOUR PERSONAL DATA

In performing our activity, we may need to share your personal information with any of the following:

  • our IT Professionals who support the Application and through which we provide you with the Application Services related to the electronic storage of your discount cards as well as our IT Service Providers who under our responsibility support our web sites, hardware and software and that provide us with cloud and server storage space;
  • Traders - our partners, which you can see in the Application (we show all our partners' shopping card templates by clicking the "add card" button) and ask them if you have a valid discount card from their site and whose discount cards are stored in the app or you have requested us to issue a discount card on their behalf using the "ask card" button in the app;
  • persons who, by virtue of a legislative act, have the power to request the provision of information, including personal data, such as courts, prosecutors, various regulatory bodies such as the Consumer Protection Commission, the Commission for Personal Data Protection, with powers to protect national security and public order;
  • our professional consultants, lawyers and auditors;

Also, please note that the Application and our site may contain links and links to other such webpages that are not owned and operated by us. We can not control or assume responsibility for the processing of personal data or the content of these other pages. We strongly recommend that you familiarize yourself with the privacy policies and information on each website that collects personal information. This Notice applies only to the personal information we collect for you through the Application or otherwise.

In any case, we enter into contracts in writing with the merchants we work with, requiring them to take the necessary measures to ensure the protection of your personal information. We will only provide our contractors with the information they need to provide us with the agreed services without allowing them to use your information for their own purposes. We will not provide your personal information to third parties to send unsolicited marketing communications to your phone number or email unless you have given the necessary consent. If you receive unsolicited commercial communications (SMS or emails) from the companies we work with, please let us know the contact details listed at the end of the document.

TRANSFER OF PERSONAL DATA OUTSIDE BULGARIA

We do not transfer your personal data to persons outside of Bulgaria, including persons in countries outside the European Economic Area or international organizations.

How much time do we keep your personal data

In principle, we store your personal data for as long as is necessary for the purposes of the processing for which the data were collected and for any other permissible and related purpose (usually up to 1 month after termination of your application in the Application or after we cease to maintain the Application, we will delete your personal data - names, phone, discount cards, and within 24 hours we will delete the location data you received on your device when you agreed to processing) or until the expiration of a legally defined time . We will not delete or anonymize your personal data if it is necessary for pending court or administrative proceedings relating to you or for proceedings to examine your complaint before us.

WHAT YOUR PERSONAL DATA ARE PROTECTED

We highly value your privacy and we take very seriously the privacy measures we have collected and keep.

We use a variety of physical, electronic and organizational measures appropriate to the sensitivity of the information we support to protect the personal data you provide us from unauthorized access, use or disclosure. For example, we have firewalls and anti-virus programs, access control tools, debt sharing, and so on. We have adopted policies and procedures for the protection of personal data. We require our suppliers and partners who have access to your personal data to use appropriate measures to ensure the protection and confidentiality of your personal information. Unfortunately, the transmission of information over the Internet or by telephone may not be entirely secure despite the measures we have taken. Therefore, please keep in mind that the transmission of your personal information via the Internet or by telephone is at your own risk.

WHAT RIGHT YOU HAVE

With respect to your personal data, you have certain rights with respect to us provided to you by the Regulation and other applicable legislation. Sometimes certain rights may arise and be exercised only on certain grounds for the processing of your personal data; your other rights are subject to certain limitations and exceptions under the law.

You have the following rights under the applicable law:

  • Right to access your personal information
  • Right to object to the processing of your personal information
  • The right to request correction of inaccurate personal data associated with you
  • The right to request the deletion of your personal data (the "right to be forgotten")
  • Right to request limitation of the processing of your personal information
  • The right to receive the personal data you have provided to us that concerns you and reuse them by transferring them to another administrator ("portability")
  • The right to appeal to the competent supervisory authority or to the court if your rights have been infringed or you have been harmed by the unlawful processing of your personal information.
  • When processing is based on your consent, you are entitled to withdraw your consent to processing your personal information at any time without prejudice to the lawfulness of the processing under your consent before it is revoked. You can withdraw your consent by writing to us (see our contact details in the "How to contact us" section below) or by using the opt-out options in our Application or by excluding Geolocation from your mobile device settings.

You have a right of access and you may request more detailed information about whether we process your personal data, what categories, for what purposes, to whom we disclose it, etc. If you have requested, we will provide you with access to your personal data that is being processed in the form of a copy thereof. The copy is free for you. If you request additional copies, we can set a reasonable fee to cover our administrative costs of preparing them. If you submitted the request electronically, we will, if possible, provide you with the information in a widely used electronic form, unless you have requested otherwise from us.

If we do not process your personal information, we will notify you. If we reject your request for a copy of the data, we will give you the reasons for this.

The exercise of your right of access should not adversely affect the rights or freedoms of others, including trade secrets or intellectual property, and in particular the copyright to protect the software. If we consider that there is reason to expect such a negative impact, we may reasonably restrict some of the information we provide to you so that it does not reach us.

If we handle a great deal of information about you, we may ask you to specify the information or processing activities that your request relates to. This will help us to get better and faster, and you will get the data you need.

If you have objected to the processing of your personal data based on our legitimate interest or the legitimate interest of a third party, we may continue processing despite your objection if we can prove that there are compelling legal grounds for the processing that have an advantage to your interests, rights and freedoms, or to the establishment, exercise or protection of legal claims.

You have the right to object at any time to the processing of your data for the purposes of direct marketing and we will cease processing it, we will no longer send you any ad notifications (notifications). You can opt out of ad notifications at any time through the options in the app or through your mobile device settings. When you want to correct your personal information, you may also want to notify third parties to whom it has been disclosed, except when this is impossible or is associated with excessive effort.

You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected or otherwise processed; when you withdraw your consent to the processing of your personal data and there is no other legal basis for the processing; when you object to processing based on legitimate interest and it does not take precedence over your rights, freedoms and interests; processing without a legal basis or deleting your personal data is our legal obligation as defined by the law of the Republic of Bulgaria or the European Union. Under current law, we have the right to continue processing despite your request for deletion in order to comply with our legal obligations under the law of the Republic of Bulgaria or the European Union that require the processing of your personal data or where necessary for the establishment, the protection of legal claims. You can delete your Discount Maps at any time using the Delete options in the app.

To exercise the right to limit the processing, the following conditions must be met:

  • You dispute the accuracy of personal data;
  • Processing is without a legal basis, but instead of deleting it, you require a limitation of its use;
  • We do not need more personal data for processing purposes, but you require them to identify, exercise or protect legal claims;
  • You have reproached against legitimate interest

When processing your personal information has been limited, we may still continue to process your personal data in two cases:

  • with your explicit consent or
  • for the establishment, exercise or protection of legal claims or for the protection of the rights of another individual or for important reasons of public interest to the Union or a Member State.

The portability law exists and can only be exercised when the following two conditions are met: (1) it is an automated processing (ie this right does not apply to the processing of data in the form of paper files ) and (2) in addition to automated processing, your personal data is processed on the basis of (a) your consent, or (b) of a treaty to which you are a party or to take steps upon your request prior to the conclusion of a contract . You have the right to receive your personal data in a structured, widely used and machine-readable format or to request a direct transfer of your personal data to another administrator when technically feasible.

You should know that when you exercise the right of portability, this does not result in the deletion of your data from our systems. You will be able to continue to use our services even after the data portability operation. Data portability also does not affect the original retention period that refers to transmitted data. You may exercise your remaining rights as listed in the legislation and listed here while we continue to process the data.

If you believe that we are violating the applicable legal framework, please contact us to clarify the issue. Of course, you are also entitled to file a complaint immediately with a European Union supervisor where you live, work, or where the alleged violation of your rights has occurred. The Supervisory Authority for Personal Data Protection in Bulgaria is the Personal Data Protection Commission, Sofia, Code 1592, Tsvetan Lazarov Blvd. You can seek protection of your rights and by court order.

WHAT IT IS IMPORTANT TO KNOW IN THE EXERCISE OF YOUR RIGHTS

How do I claim my rights? In order to exercise your rights under the Regulation, you may email us or send us a letter by mail or courier of the contact details listed below.

Applications in connection with the exercise of your rights are in principle submitted in person or by an expressly authorized person. When there are regulatory procedural rules in relation to the exercise of your rights (in the Regulation, the Personal Data Protection Act and other acts), these should also be met.

In what form will we respond? In the form in which our inquiry was made - written in paper or in electronic form. When you request by electronic means, information will be provided to you in widely used electronic form, unless you have requested otherwise.

How long will you get an answer? Within one month of receiving your request, we will provide you with information about the actions we have taken on it. If necessary, this period may be extended by a further two months, taking into account the complexity and the number of requests. If such an extension is necessary, we will notify you within one month of submitting your request, explaining to you why this extension is required.

Doubts about your identity. When we have reasonable concerns about the identity of the individual submitting the request to us, we may request the provision of additional information necessary to verify the identity of the data subject. If we do not receive such information and we are not able to identify the data subject, we may refuse to take action on the basis of a request made to us to exercise any of the rights specified in this Notice.

When a citizen makes requests to us that are manifestly unfounded or excessive, in particular because of their repeatability, we may either: (a) impose a reasonable charge, taking into account the administrative costs of providing the information or communicating or undertaking of the requested action, or b) refuse to take action on the request.

PERSONAL INFORMATION OF CHILDREN

It is very important for us to protect the privacy of children and we are especially careful in communicating with children. We do not collect personal data of children under the age of 18 and in all cases we comply with the requirements of the law. If you have not reached the specified age, you are allowed to access web pages and our Application only with the consent of your parents or guardians.

We ask parents to regularly monitor and control the activity of their children on the Internet. If you are a parent and have concerns about the collection or use of personal information about your child, please contact us through the contact details listed in the How to contact us section.

HOW WE INFORM YOU FOR CHANGES IN THE CONTENT OF THIS NOTIFICATION

We will periodically update the information in this Notification in response to our business development and changing legal requirements. We will notify you if we would like or need to use your personal information for purposes and in a manner significantly different from what we have informed you and if necessary, we will seek your consent.

We will notify you of any substantive changes in this document through our webpage, through the Application and, if possible, in another appropriate manner, so that you are always informed of changes to your personal data, how we use it and under what circumstances we share them with others. You may be asked to read and accept these changes before continuing access to our Web site and the Application.

HOW TO CONTACT US

The data administrator is KARDBOX AD, UIC 204390133, with registered office and address in Sofia 1303, Vazrazhdane district, 84-85 Alexander Stamboliyski Blvd., 5th floor, ap. office 23.

Please address any questions, comments or requests regarding this Privacy Notice in writing to the specified address or to email: info@cardbox.bg or by phone 02 826 0000.