„PROFOCUS“ Ltd. is a company, registered as a personal data controller and holds a Personal Data Controller Certificate
In accordance with section 5.5. from the General Terms and Conditions published on the site (www.homdy.bg ), we collect and process your personal data on the following grounds:
● Proper provision of our services and information in the context of pre-contractual relationships
● Correct fulfilment of the Company’s obligations under the contract concluded with you
● Your explicit consent as a Customer – the purpose is stated on a case-by-case base
● Under a statutory obligation
1. Processing of your personal data for the provision of services and information in the context of pre-contractual relations and / or performance of a contract:
1.1. Purpose of processing:
● Management and execution of the concluded contract
● Processing information about your property
● Prepare and send an invoice for the services you use
● Providing the necessary complete services, as well as collecting the due amounts for the services used
● Keeping correspondence related to the services we provide, processing requests, providing information about the profitability of your property, reporting problems and more
1.2. Types of information we collect:
● Identification information – names, EGN or Personal Identification number of the foreigner, permanent address
● Contact information – contact address, email, phone number, profile in social media (publicly available information from your Facebook, Instagram accounts)
● Information about your property – for example a notary deed
● Bank account or other bank and payment information in relation to made payments
2. Processing of your personal data for the fulfillment of regulatory obligations:
2.1. The law may provide an obligation for us to process your personal data. In these cases, we are obliged to carry out the processing, such as:
● Obligations under the Law on Measures against Money Laundering;
● Providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;
● Providing information to the Personal Data Protection Commission regarding the obligations laid down in the personal data protection regulations;
● Obligations provided for in the Accounting Act and the Tax and Social Insurance Procedure Code and other related normative acts in connection with the keeping of lawful accounting;
● Providing information to the court and third parties, in the course of proceedings before a court, in accordance with the requirements of the applicable legislation;
2.2. When do we delete personal data collected on this basis:
We delete the data collected in accordance with a statutory obligation after the collection and storage obligation has been fulfilled or dropped. For example:
● According to the Law on Accounting for Storage and Processing of Accounting Data (11 years)
● Obligations to provide information to the court, competent state authorities and other grounds provided for in current legislation (5 years)
2.3. Provision of data to third parties
Where an obligation is provided for by law, it is possible for us to provide your personal data to the competent state authority, natural or legal person.
3. Following your consent:
3.1. We process your personal data on this basis only with your explicit, unambiguous and voluntary consent. We will not anticipate any adverse effect on you if you refuse to process your personal data.
3.2. Consent is a separate basis for the processing of your personal data and the purpose of the processing is specified therein and is not covered by the purposes listed in this policy. If you give us your appropriate consent and until its withdrawal or termination of any contractual relations with you, we prepare suitable product/service proposals for you.
3.3. For this reason, we only process data for which you have given us your explicit consent. Specific data are determined on a case-by-case basis. Usually the data include:
● Phone number;
3.4. Provision of data to third parties
For this reason, we may share your information with marketing agencies and third parties.
4. Withdrawal of consent:
The provided consent may be withdrawn at any time. If you withdraw your consent to the processing of personal data for any or all of the ways described above, we will not use your personal data and information for the purposes set out above.
5. ANONYMIZED DATA PROCESSING
We process your data for static purposes, that is, for analyzes where the results are only aggregate and therefore the data are anonymous. It is impossible to identify a specific person from this information.
6. How we protect your personal information
In order to ensure adequate protection of the data of the company and its clients, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.
For maximum security in the processing, transmission and storage of your data, we may use additional security mechanisms such as encryption, alias, etc.
7. User’s Rights:
● Right of information (regarding the processing of personal data by the controller).
● Right of access: you have the right to request and obtain from the controller confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the information;
● Right to rectification: you have the right to obtain from the controller the rectification of inaccurate personal data concerning you.
● Right to erasure (right „to be forgotten“): you have the right to obtain from the controller the erasure of personal data concerning you in the following cases:
– your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
– when you withdraw your consent on which the processing is based and where there is no other legal ground for the processing.
● Right to restriction of processing: you have the right to obtain from the controller restriction of processing where one of the following applies:
– you contest the accuracy of the personal data for a period enabling the controller to verify the accuracy of the personal data;
– the processing is improper, but you oppose the erasure of the personal data and request the restriction of their use instead;
– the controller no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
● Right to data portability: The data subject has the right to receive the personal data that concerns him or her which he has provided to the administrator in a structured, widely used and machine-readable format and has the right to transfer this data to another administrator without hindrance by the controller to whom the personal data are provided when processing is based on consent or contractual obligation and processing is carried out in an automated manner. When exercising its right to data portability, the data subject shall also be entitled to receive the personal data directly from one controller to another, where technically feasible.
● Right to object: In certain circumstances, such as if you have doubts about our legitimate interest in processing your personal data, you have the right to object to such processing for reasons related to your particular situation.
● Right of defense and right of reimbursement for damages: You have the right to lodge an administrative complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes GDPR. This supervisory authority in Bulgaria is the Commission for personal data protection.