We at Arbitration Bulgaria (Arbitration Bulgaria/we) are aware of our responsibility to you and everyone who use our website and internet resources, to provide you not only with quality information but also to protect your information in the course of our relationship.
With this Privacy Policy when Using the Website and the Internet Resources of Arbitration Bulgaria (the Policy), we would like to inform you about how we process and protect your personal data when you use the information services and resources available on our website http://www.arbitrationbulgaria.com/ (the Website) and on our corporate profiles in various social networks. Please read this Policy carefully to understand how we process your personal data in this context and what your rights in relation to this processing are.
This Policy also does not apply to the processing of personal data performed by various third parties to whose websites/platforms/applications, etc. you have been redirected from the Website. Such third parties should have their own privacy policies available on their websites/platforms/applications, etc., which we recommend that you read before using the respective service/resource.
I. Who are we?
We are Dimitrov, Petrov & Co. Law Firm (DPC), with partners Georgi Georgiev Dimitrov, Bogdan Kostadinov Petrov, Alexander Todorov Todorov, Metodi Petrov Baykushev, Hristo Ivanov Nihrizov, Zoya Nikolaeva Todorova, Boyana Asenova Milcheva, and Desislava Emilova Krasteva, entered in the Unified Register of Law Firms at the Supreme Judicial Council, registered with a court decision under company file 6082/2005 in the company registry of Sofia City Court, BULSTAT 131433772, VAT number BG 131433772, having its seat and registered address in Sofia, 28 Todor Alexandrov Blvd., floors 6 and 7, Bulgaria, with e-mail address: team@arbitrationbulgaria.com.
As a personal data controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (the Regulation/GDPR), we process your personal data in accordance with applicable law and the rules and principles set out in this Policy.
II. Persons whose data we process
In relation to the management and maintenance of our Website, the provision of information resources on it and on our corporate social media profiles, and the communication with anyone who comes into contact with us, we may process information about the following categories of individuals (Data Subjects/You):
- Visitors to the Website and users of information resources available on the Website;
- Persons who send us inquiries, requests, business proposals, signals, complaints or otherwise enter into correspondence with us regardless of the communication channel used (mail, e-mail, telephone, etc.);
- Third parties whose information is contained in inquiries, requests, business proposals, signals, complaints or other correspondence addressed to us, regardless of the communication channel used;
- Persons who have subscribed to receive certain communications sent by us (marketing messages, newsletters, etc.);
- Persons who interact with our corporate profiles/pages on various social networks.
III. Categories of personal data we process
- Data related to correspondence or other type of interaction you have with us
When you contact us with inquiries, requests, or other communication, incl. via the contact form on the Website, as well as when you interact with our corporate profile or page in various social networks or through another communication channel (mail, e-mail, telephone, etc.), we may process the following types of personal data relating to you:
a) Data related to correspondence/ communication with us via the Website contact form, by e-mail, telephone, at our contact address, etc.
When you contact us, we may process the following types of data relating to you: name and surname; telephone; e-mail address; postal address, city/town; occupation; institution/organisation you represent/ you are employed at; information on the way you have found about us and our services; unstructured information you provide in your message/ inquiry/; information about third parties contained in the messages/ inquiries/ requests you have sent us; information contained in subsequent correspondence/ communication; data related to the receipt of initial and subsequent correspondence with us, such as time log (date/time) and source (IP address) of the respective correspondence, the channel through which the correspondence was made, etc.; additional information collected or created in relation to the processing, status and final outcome of the relevant correspondence.
b) Data related to any interaction on your part with our corporate profile or page in various social networks
In order to promote our activity and the services we provide, we may maintain corporate profiles/ pages in various social networks (such as Facebook, Twitter, LinkedIn, Xing, etc.). When you interact with our corporate profiles/ pages in such social networks (e.g., by liking, sharing, or other forms of interaction with the content published by us – depending on the functionalities of the respective social network), we may receive information about you in accordance with your privacy settings in the respective social network, such as; names; username; information from your profile on the relevant social network (e.g., photo, gender, age or age range, language, country, list of friends, list of liked/ followed pages, etc.); other information you have given us access to and which the social network you use provides us with; information contained in and related to the initial and subsequent communication with us through the functionalities of the relevant social network.
The social networks referred to above are not maintained by us and the processing of personal data by them is not under our control. The persons maintaining the relevant social networks have different rules and procedures for the protection of your personal data, including the collection of information through tools such as cookies, therefore, we recommend that you carefully read their rules and policies.
c) Data related to receiving marketing messages, newsletters, etc. sent by us
When you subscribe to receive any type of communication/correspondence sent by us (e.g., marketing messages, newsletters, etc.), we will process the data provided by you in relation to this subscription. Such data may include: names; e-mail addresses; other data related to your occupation, profession, or interests (if applicable); your preferences regarding the frequency of receiving the relevant communication and its content, etc.
The specific types of data we may process in relation to sending such messages to you will always be clearly indicated in the relevant form through which you subscribe.
Newsletter subscription
Specifically, by filling in your email address in the relevant field in the “Subscribe to receive insights from us” section of our Website, you grant your consent to us to send you our newsletter to this email address. In this case, along with your email address information, we also keep information proving the fact that you have subscribed (log files – IP address and time at which the subscription statement was made). You can unsubscribe/terminate this subscription at any time via the relevant links in the messages we will send you or by contacting us.
- Data automatically collected or generated in relation to the use of the Website
Unless explicitly stated otherwise, access to the Website is free and no registration is required to use the information resources available on it. However, when you use the Website, certain information which is technologically necessary for its operation and which does not allow direct identification of the visitors, is automatically collected and processed. This information includes the following data: date and time of access to the Website; IP address from which the connection was made; server and system logs (to detect technical problems and/ or detect malicious activity); where applicable, logs for making legal statements (such as acknowledgment of having read a data protection policy, newsletter subscription, etc.).
- “Cookies” and similar technologies
In relation to the management and maintenance of the Website, we may use cookies and other similar technologies, e.g., web beacons (beacons/ web bugs/ pixel tags/ clear GIF technologies) to ensure its reliable and efficient operation. You can find out more about the different types of cookies we use, as well as about your options for managing cookies by reading our Cookies Policy (Cookies Policy) published on the Website and accessible from the footer of each of its web pages. The Cookie Policy constitutes an integral part of this Policy, unless expressly stated otherwise.
IV. Voluntary/mandatory nature of the provision of personal data
Where we ask you to provide us with your personal data, for example, through the contact form on the Website, we clearly indicate the mandatory or voluntary nature of the provision of personal data relating to you. Providing your data is entirely at your discretion, but your refusal to provide data marked as mandatory may result, as the case may be, in us not being able to contact you (e.g. if we do not have contact details to send a response to), to process and respond adequately to your inquiry, etc.
V. Purposes and legal grounds for processing personal data
We collect, store and process the information described in item III above for the purposes set out in this Policy and in our General Terms and Conditions for the Use of the Website, available [here]. Depending on the legal basis for processing, these purposes may be:
- Purposes necessary for compliance with legal obligations;
- Purposes related to steps taken by you before entering into a contract with you;
- Purposes related to our legitimate interests or of third parties;
- Purposes for which you have given your consent.
- The purposes for processing personal data related to compliance with legal obligations, include:
- Where applicable, carrying out activities to comply with legal obligations related to providing information to competent state and judicial authorities and to assisting inspections by competent authorities;
- Handling inquiries, requests, incl. for the exercise of rights, etc., which are addressed to us, incl. the preparation of responses thereto;
- Where applicable, documenting electronic statements addressed to us and related to compliance with our legal obligations, such as acknowledgement of having read the privacy policies, cookie policy etc.
For the purposes listed above, we may process some or all of the personal data referred to in item III, 1, 2 and 3 of this Policy.
- The purposes related to the steps you have taken before entering into a contract with you include:
- Initial review of inquiries for legal services and assistance and contacting you (in case you are acting as an individual) in relation to the opportunity to provide you with the services you need, as well as in relation to the manner of proceeding the communication under your inquiry. Where such an inquiry is made on behalf of an entity, the processing of the data included in or relating to that inquiry constitutes our legitimate interest, namely to provide our services, and in those cases we process that data on the basis of legitimate interest.
For the purposes listed above, we may process some or all of the personal data referred to in item III, 1 (a) and 2 of this Policy.
- The purposes for processing personal data related to our legitimate interest to maintain and improve the quality of information services and resources provided on the Website, include:
- Administering, managing, analyzing the effectiveness and quality control of the information services and resources available on the Website;
- Ensuring the normal functioning and use of the Website and the services and resources available on it;
- Performing activities for maintenance and administration of the Website, including, but not limited to, prevention of cyber-attacks and other malicious activities;
For the purposes listed above, we may process some or all of the personal data referred to in items III, 2 and 3 of this Policy.
- The purposes for processing personal data related to our legitimate interest to communicate with you, include:
- Providing an opportunity for correspondence/communication with us (incl. the opportunity for online inquiries for legal services and assistance) through various channels;
- Providing an opportunity for interactions and communication with us through our corporate profiles/ pages in various social networks;
- Timely processing and providing a response to the initially received correspondence, as well as to the subsequent one;
- Ensuring internal accountability, organising the work and distributing the correspondence to the relevant persons in charge at DPC.
For the purposes listed above, we may process some or all of the personal data referred to in item III, 1 (a), (b) and (c) of this Policy.
- The purposes for processing personal data related to our legitimate interest and/ or third parties for the exercise and protection of legal rights and interests, include:
- Exercise and protection of the legal rights and interests of DPC, incl. establishment, exercise or defence of legal claims, including in legal proceedings (e.g., by filing and defending against filed complaints, signals, etc. to the competent state and judicial authorities);
- Assisting in the exercise and protection of the legal rights and interests of third parties (DPC’s employees or attorneys, visitors to the Website, processing personal data etc.), including in legal proceedings;
- Carrying out activities for administration and servicing of correspondence containing complaints, signals, etc.
For the purposes listed above, we may process some or all of the personal data referred to in item III, 1, 2 and 3 of this Policy.
- The purposes for which personal data are processed on the basis of your consent include:
When we process your personal data on the basis of consent, the purposes for which we perform this processing are explicitly stated in the relevant forms by which you provide us with your consent for the respective processing (e.g., when subscribing to a newsletter, etc.).
We will only process personal data which you have provided to us in the relevant consent form and only for the purposes specified in this form.
VI. Categories of recipients of personal data
When we transfer your personal data to other persons, we do it in strict compliance with the terms of this Policy and our internal rules and policies, as well as in compliance with the requirements of the applicable personal data protection legislation. The categories of recipients we may transfer your personal data to, include:
- Our subcontractors – personal data processors whom we have assigned the performance of certain activities and who act on our behalf by providing their services (such as technical support of the Website, colocation services for the server and network equipment, etc.). We disclose the data which we provide to our subcontractors only to the extent necessary for the performance of the work assigned, while our subcontractors are obliged under a contract concluded with us to process such data strictly in accordance with our instructions and only for the purposes specified in the relevant contract.
- Our business partners and service providers – other personal data controllers (e.g. companies providing telecommunication, transportation or courier services, etc.), as well as persons whose cooperation is necessary for the purposes of implementing and protecting our legitimate interests or the legitimate interest of third parties (Website users, our employees and subcontractors or service providers, etc.). When dealing with such persons we require them to strictly comply with the applicable data protection laws and regulations.
- Competent state, municipal and judicial authorities, where necessary to comply with our legal obligation or to protect the rights or legitimate interests of DPC or the legitimate interest of third parties.
- In other case provided for by law.
VII. Transfer of personal data outside the European union (EU)/ European Economic Area (EEA)
When transferring data to third parties, incl. our business partners and service providers, it is possible that your personal data are transmitted to countries outside the EU/EEA which do not ensure the same level of protection as the one ensured by the applicable European legislation. In these cases, the transfer of data is based on a decision of the European Commission (EC) in accordance with applicable law regarding the adequate level of personal data protection or in the absence of such a decision, based on standard contractual clauses of the EU in accordance with the decisions of the EC. You can obtain a copy of these standard contractual clauses by making a request at the contact details specified in item I.
VIII. Storage period of personal data
We undertake to store your personal data only for as long as it is necessary to achieve the purposes of the processing.
- Storage of personal data for compliance with legal obligations
Personal data relating to and/or contained in documents/ information carriers for which there are storage periods prescribed by law, will be stored for the periods provided for in the applicable legislation, unless this Policy provides for a longer storage period for the relevant documents/ information carriers.
- Storage of personal data contained in correspondence/communication with us
In the absence of a storage period prescribed by law, the personal data contained in correspondence with us (including, but not limited to, inquiries, requests, complaints, applications, and signals (including free text) and any other communication with us), incl. information on the processing, status, and final outcome of this correspondence, will be stored for a period of up to 5 (five) years from the completion of the respective correspondence and the related relations.
3. Storage of server and system logs and logs for actions performed on the Website
We store server and system logs typically for a period of up to 1 (one) year.
Logs for statements of intent made on the Website, such as acknowledgment of having read this Policy when using the contact form with us, are stored for a period of up to 5 (five) years after the completion of the relevant communication with us.
Logs for activities carried out on the Website, such as giving consent, shall be stored for the periods specified in item 4 below.
4. Storage of personal data when processed on the basis of consent
When the processing of your personal data is based on consent which is not time-limited, we may continue to process your personal data for the purposes for which you have given us this consent until you withdraw it or until the final achievement of the purposes for which we process them. You may withdraw your consent at any time.
When the consent you have given us for the processing of your personal data is time-limited, we will process the relevant personal data only for the period for which you have given us such consent.
5. Storage of cookies
For detailed information on the storage periods of the various cookies and similar technologies we use, you can refer to our Cookie Policy, published on the Website.
If certain information and/or certain documents or information carriers are required by law or other regulation to be stored for a longer period than the ones specified in items 1-5 above, the longer period prescribed by law shall apply to storing such information.
In case of a legal dispute or proceedings requiring the retention of data, and/ or in the case of a request from a competent public authority, it is possible to retain the data for a period longer than the ones specified above until the final settlement of the dispute or conclusion of the proceedings before all instances and for a period of up to 5 (five) years after its conclusion.
The periods specified above may be amended if other requirements for retention of information are prescribed by the applicable legislation.
IX. Your rights
As a Data subject within the meaning of the Regulation, you have the following rights, which you can exercise by making a written request to us at the contact details specified in item I of this Policy in accordance with the requirements of the applicable law:
Right of information (Art.13 and Art. 14 GDPR) – You shall have the right to obtain information regarding the processing of your personal data by us. This Policy aims to inform you in detail about the processing of your personal data in relation to your use of the Website, as well as your communication with us.
Right of access (Art. 15 GDPR)-You shall have the right to obtain confirmation as to whether your personal data are being processed by us when using the Website, to obtain access to such data, as well as information regarding their processing and your rights in relation to this processing.
Right of rectification (Art. 16 GDPR) – You shall have the right to request rectification or completion of your personal data, if the data are inaccurate or incomplete.
Right of erasure (Art. 17 GDPR) – If the grounds/conditions in the Regulation provided for this are available, you shall have the right to request erasure of your personal data
Right of restriction of processing personal data (Art. 18 GDPR)-The applicable legislation provides for a possibility to restrict the processing of your personal data, if the grounds provided for this in the Regulation are available.
Right of notification of third parties (Art.19 GDPR)-Where applicable, you shall have the right to require from us to notify the third parties to whom your personal data have been disclosed, of any rectification, erasure, or restriction of the processing of your personal data, unless this proves impossible or involves a disproportionate effort on our part.
Right of data portability (Art. 20 GDPR)-You shall have the right to receive the personal data, concerning you and provided by you, in a structured, commonly used, and machine-readable format and to transmit those data to another controller without hindrance on our part. The right of data portability is applied when the following two conditions are met simultaneously:
– the processing is based on consent or contract; and
– the processing is carried out by automated means.
Where technically feasible, you shall have the right to have the personal data transmitted directly from us to another controller.
Right not to be subject to a decision, based solely on automated processing, including profiling (Art. 22 GDPR)-You shall have the right not to be subject to a decision, based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the grounds provided for in the applicable legislation for the protection of personal data are available and appropriate safeguards for protection of your rights, freedoms and legitimate interests are provided. For each specific case of automated processing, the Data subjects shall have the right to obtain meaningful information about the logic involved, the significance and the envisaged consequences of such processing for them, as well as on how to exercise their rights. We do not make automated decision-making when maintaining the Website and processing your data to achieve the purposes described in this Policy.
Right to withdraw consent for processing (Art. 7, Para 3 GDPR)-You shall have the right to withdraw your consent for personal data processing at any time when the processing of your data is carried out based on the consent given by you. Such withdrawal shall not affect the lawfulness of processing, based on consent before its withdrawal.
Right to object – You shall have the right at any time and on grounds relating to your particular situation to object to the processing of your data processed on the basis of legitimate interest.
In case such an objection is received, we shall consider your request and if it is reasonable, we will comply with it. If we believe there are compelling legal grounds for processing, or that it is necessary for the establishment, exercise, or defense legal claims, we will inform you of that.
Right to a complaint with a supervisory authority (Art. 77 GDPR)-You shall have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data relating to you infringes the applicable legislation on personal data protection. The Supervisory Authority in the Republic of Bulgaria is the Commission for personal data protection, with address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgariа.
X. Amendments to the Policy
Any future amendments to our Policy will be published on the Website. Where appropriate, we will notify you of any amendments to our Policy by other means in accordance with the Terms and Conditions for the Use of the Website. All amendments shall take immediate effect unless stated otherwise.
This Policy shall take effect as of 10 October 2021.