Information about the personal data administrator:
„Clean Labs” ltd. is a legal entity, registered with the Bulgarian Commercial Registry under the unique identifying number 204818185, having its headquarters and management address in Sofia, j.k. Beli brezi, 38 Haidushka gora str., phone: +359876258535; e-mail: contact@cleanlabs.bg.
Legal basis and purpose for processing your personal data
We are processing your personal data based on the following grounds:
The following paragraphs contain detailed information on the ways we process your personal data based on these grounds.
FOR THE EXECUTION OF A CONTRACT OR IN THE CONTEXT OF PRE-CONTRACTUAL RELATIONS:
We process your personal data in order to perform contractual and pre-contractual obligations and to use our rights under the entered contracts with you.
The purpose of the processing is as follows:
Data we process based on these grounds:
Based on the contract concluded between Clean Labs Ltd. and you, we process data about the type and content of the contractual relationship, as well as any other information, in respect to the contractual relationship, including:
The processing of the above-listed data is necessary for us in order to enter into a contract with you and to execute this contract. Without being provided with the above data, we wouldn’t be able to perform our contractual obligations.
We provide personal data to third parties
We provide your data to third parties, and our primary purpose is to offer you quality, fast and comprehensive service. We do not provide your data to third parties before making sure that all technical and organizational measures are taken to protect these data and we aim at carrying out strict controls to meet this goal. In this case we remain responsible for the confidentiality and security of your data. We provide personal data to the following categories of recipients (personal data administrators):
When do we delete the data collected on these grounds
The data collected on these grounds is deleted 5 years after termination of the contractual relationship, whether due to the expiration of the contract, revocation or other reason. This term is set by the 5-year limitation period for contract claims.
FOR THE IMPLEMENTATION OF LEGAL OBLIGATIONS
It is possible that the law provides an obligation for us to process your personal data. In these cases, we are required to process data such as:
When do we delete personal data collected on these grounds
The data collected in accordance with a legal obligation is deleted once the collection and storage obligation has been fulfilled or dropped. For example:
Providing data to third parties
When we are required to do so by law, we may provide your personal data to the competent governmental authority, to an individual or a legal entity.
WITH YOUR CONSENT
We process your personal data on these grounds only after an explicit, unambiguous, and voluntary consent on your part. We will stipulate no unfavorable consequences to you in case you decline personal data processing. The consent is a separate permission to process your personal data and the purpose of the processing is specified therein, and it is not covered by the aims listed in this policy. If you provide the respective consent and until its withdrawal or until the termination of any and all contractual relationships with you, we will prepare product/service offers which are suitable for you.
Data we process on these grounds:
On these grounds we process only the data for which you have given us your explicit consent. The particular data are specified for every individual case. Usually these are an e-mail address and a name.
Consent withdrawal
The granted consent may be withdrawn at any time. The consent withdrawal has no impact on the fulfillment of contractual obligations. If you withdraw your consent for the personal data processing for any or all ways described above, we will not use your personal data and information for the purposes listed above. The consent withdrawal does not affect the lawfulness of the processing based on a granted consent prior to its withdrawal. In order to withdraw the granted consent, you only need to use our website or simply use our contact information.
When do we delete personal data collected on these grounds
We delete the data collected on these grounds upon a request from your or 12 months after the initial collection of the data.
COLLECTION AND PROCESSING OF PERSONAL DATA WHEN VISITING OUR WEBSITE
When visiting and using our website for information purposes only, without registering or otherwise providing us with information, we only collect the personal data that your browser transmits to our server. These data are necessary for us so we can technically display our website to you and to guarantee stability and security.
We transfer the collected data to the relevant internal departments for processing or to external service providers, contractors (e.g. hosting providers, content management system) in accordance with the purposes required (for displaying the website and setting up its content).
The log files are deleted within 24 months.
WEB ANALYTICS
Google Analytics
This website uses Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics uses a specific form of cookie, which is stored on your computer and enables an analysis of your use of our website. This information about the way you use this website, generated by the cookie, is transmitted to a Google server in the USA and is stored there.
We would like to point out that Google Analytics has been expanded on this website to include a code, which ensures anonymized recording of IP addresses (the so-called IP masking). Due to the IP anonymization on this website, your IP address is shortened by Google within the territory of the EU and the Treaty States of the European Economic Area. Only in exceptional cases the full IP address is transmitted to the Google server in the USA and is shortened there. Google has submitted itself to the EU-US Privacy Shield, (https://www.privacyshield.gov/EU-US-Framework).
Google uses this information on our behalf to analyze your use of this website in order to compile reports on website activities and provide additional services related to website and internet use. Google may also transfer this information to third parties as required by law or if said third parties process these data on behalf of Google. The IP address transmitted by your browser in the context of Google Analytics is not merged with other Google data.
You can prevent the storage of cookies by making the proper setting using your browser software. In addition, you can prevent Google from recording the data related to your use of the website generated by the cookie (including your IP address) and from processing this data by downloading and installing the browser plugin available at https://tools.google.com/dlpage/gaoptout?hl=en.
Third party information: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. Google Analytics Terms of Service: https://www.google.com/analytics/terms/gb.html, General overview on Google Analytics security and privacy principles: https://support.google.com/analytics/answer/6004245?hl=en, as well as Google’s privacy policy: https://policies.google.com/privacy?hl=en.
Cookie lifetime: up to 24 months (this applies only to cookies which have been set by this website).
Maximum storage period of data: up to 24 months.
PROCESSING ANONYMISED DATA
We process your data for statistical purposes, i.e. for analyses for which the results are only summarised and thus the data are anonymous.
The identification of a specific individual using this information is impossible.
Your data may also be anonymised. The anonymisation represents an alternative to the deletion of the data. Under anonymisation all personal and identifiable element(s) enabling user identification will be irreversibly deleted. There is no normative obligation for the deletion of anonymised data since they do not represent personal data.
Why and how do we use automated algorithms
For the processing of your personal data we use partially automated algorithms and methods in order to keep improving our products and services constantly so we can adapt our products and services to your needs in the best possible way. The process is called profiling.
How do we protect your personal data
In order to ensure adequate protection of company’s data and of our clients’ data, we implement all necessary organizational and technical measures set out by the Law for Personal Data Protection.
The company has set rules for prevention of misuse and security breaches. For maximum security of your data processing, transmission and storage, we may use additional protection mechanisms, such as encryption, pseudonymisation, and others.
Personal data we received from third parties
We do not receive data for you from social networks.
User rights
Every website user has all personal data protection rights as per the Bulgarian legislation and the laws of the European Union.
The users can exercise their rights through the contact form or by sending us an e-mail.
Every user has the right to:
The user can request deletion if one of the following conditions is met:
The user has the right to restrict the processing of their personal data by the administrator when:
Right to portability
The data subject is entitled to receive the personal data which concern them and which they have provided to the administrator in a structured, commonly used and machine-readable format, and has the right to transfer these data to another administrator, without hindrance from the administrator to whom the personal data were provided when the processing is based on consent or on a contractual obligation, and the processing is carried out in an automated manner. When exercising the right to portability, the data subject is entitled to receive a direct transfer of the personal data from one administrator to another when this is technically feasible.
Right to objection
The users have the right to object to their personal data processing by the administrator. The data administrator is obliged to terminate the processing unless compelling legal grounds for the processing exists and are proven, which override the interests, rights, and freedoms of the data subject, or for the purpose of establishment, exercise, or defense of legal claims. In the event of objection to the processing of personal data for the purposes of direct marketing, the processing shall be terminated immediately.
Complaint to the supervising authority
Every user has the right to lodge a complaint against unlawful processing of their personal data with the Commission of Personal Data Protection or with the competent court.
Record-keeping
We keep a register of the processing activities for which we are responsible. This register contains the entire information as set out below: