PRIVACY POLICY

Information about the Controller of Personal Data:

This website is operated by BlockDev PLC, a company registered under the laws of Bulgaria, with registry number 208043482. The registered address of the company is located at 9A, Pozitano Str., Sofia 1000, Bulgaria. You may contact us using the contact form on the website for inquiries related to the processing of your personal data or other requests.

Grounds and Purposes for Data Processing:

We are committed to processing personal data in accordance with the General Data Protection Regulation (GDPR) and other relevant privacy laws. The only personal data we process are those that you voluntarily provide to us when interacting with our services, such as when you complete our contact form, sign a contract, or use our services. This personal data typically includes, but is not limited to, your full name, email address, phone number, billing or shipping address, and any other details that you either choose or are required to share for the purposes of engaging with us.

We may also collect additional data depending on the nature of our interactions, including any preferences, feedback, or inquiries you may submit to us, as well as technical data related to the use of our website, such as IP addresses, browser types, and user interactions on the platform. All data collected will be processed in accordance with the purposes outlined in this Privacy Policy.

The processing of personal data is carried out under the legal basis of your explicit consent, which you provide by engaging with our forms or services. By sharing your personal data, you give us consent to process it for the specific purposes for which it was collected. You are not obligated to provide any personal data, and refusing to do so will not negatively impact your ability to access certain parts of our website or services, unless the data is required to fulfill specific contractual obligations.

We strive to ensure that any personal data we process is accurate, up to date, and used solely for the intended purposes. Should the purpose of processing change, we will inform you and, where necessary, seek your consent again before proceeding with any further processing of your personal data.

The personal data we process will only be used for the specific purpose outlined at the time of collection. This could include, for example, responding to your queries or offering tailored product/service recommendations. The legal grounds for processing your personal data is based on your explicit consent. By submitting your data, you are agreeing to its processing for the stated purpose.

We only process data where you have given clear consent, and you have the right to withdraw this consent at any time without affecting the legality of the processing carried out before its withdrawal. Refusing consent will not have any adverse consequences on your access to our services.

Provision of Data to Third Parties:

We do not share or disclose your personal data to third parties unless it is necessary to fulfill our contractual obligations or required by law. In such cases, we ensure that the third parties we engage with, if any, are also fully compliant with data protection laws.

In addition, we may share data with third-party service providers who are assisting us in managing our services. These third-party processors are required to ensure that they adhere to the same level of data protection and security standards as outlined in this privacy policy.

Withdrawal of Consent:

You have the right to withdraw your consent at any time. This can be done through our contact details provided on the website. Upon withdrawal of your consent, we will cease to use your personal data for the purposes you originally consented to, but this will not affect any processing carried out prior to your withdrawal.

In accordance with the General Data Protection Regulation (GDPR), you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on consent before its withdrawal. To withdraw your consent, you may contact us directly through the contact form on our website or use the direct contact information provided in this Privacy Policy. Once your request is received, we will provide you with a consent withdrawal form for you to complete and return.

Please note, however, that in certain circumstances, we may be unable to honor your request to withdraw consent. For example, if the personal data is necessary for the performance of a contract, compliance with a legal obligation, or for other legitimate interests as defined under the GDPR, we may continue processing your data, even after you have withdrawn your consent.

If we are unable to fulfill your withdrawal request, we will inform you of the reasons why, along with the legal grounds for continuing to process your data. We will take all reasonable steps to ensure that your personal data is handled appropriately and securely in accordance with applicable data protection laws

Data Retention:

In accordance with the General Data Protection Regulation (GDPR), your personal data will only be retained for as long as necessary to fulfill the specific purposes for which it was collected. The retention period will be determined by the nature of the data and the purpose of its collection.

In general, we will retain your personal data for a period of five (5) years from the date of its initial collection or until you request its deletion, whichever occurs first. This retention period allows us to fulfill any obligations arising from our contractual relationship with you or to address any ongoing legal, regulatory, or operational requirements.

After the retention period has passed, or upon receiving your request for deletion, we will securely delete or anonymize your personal data in accordance with GDPR guidelines. In some cases, where we are required to retain data for legal, contractual, or regulatory purposes, we may continue to store your personal data for longer periods.

Such legal grounds for retention may include but are not limited to, compliance with tax laws, audit requirements, or the establishment, exercise, or defense of legal claims. Once these obligations have been fulfilled, we will ensure that your personal data is securely erased or anonymized.

Data Subject Rights:

In line with the GDPR, you have the following rights regarding your personal data:

  1. Right to Information: You have the right to be informed about the collection and use of your personal data.
  2. Right of Access: You can request a copy of the personal data we hold about you.
  3. Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to have it corrected.
  4. Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data, subject to certain conditions.
  5. Right to Restrict Processing: You have the right to request the restriction of processing under certain circumstances, such as when you contest the accuracy of the data or object to its processing.
  6. Right to Data Portability: You can request that we provide your personal data to you in a structured, commonly used, and machine-readable format, and you may also transfer this data to another service provider if technically feasible.
  7. Right to Object: You can object to the processing of your personal data, including for direct marketing purposes.
  8. Right to Avoid Automated Decisions: You have the right not to be subject to automated decisions, including profiling, which significantly affects you.

To exercise these rights, please contact us directly using the details on our website.

Right of Portability:

You have the right to request a copy of your personal data in a structured, commonly used, and machine-readable format. Furthermore, if technically feasible, you have the right to request that we transmit this data directly to another data controller.

Right to Object:

You can object to the processing of your personal data. If you object to the processing of your personal data for direct marketing purposes, we will immediately stop processing your data for these purposes. For other objections, we will continue processing your data unless we can demonstrate that we have overriding legitimate grounds for continuing the processing, which take precedence over your interests, rights, and freedoms.

Complaint to the Supervisory Authority:

You have the right to lodge a complaint with the Bulgarian Commission for the Protection of Personal Data, or any other relevant supervisory authority, if you believe your personal data is being processed unlawfully. Additionally, you have the right to seek judicial remedies for any violations of your rights under data protection law.

Use of Artificial Intelligence (AI):

We may use Artificial Intelligence (AI) tools to analyze personal data for improving our services, offering personalized recommendations, or automating customer service. In such cases, the processing will be based on your explicit consent, and we will provide you with information on the purpose, logic, and consequences of the automated processing.

We are committed to ensuring that the use of AI respects your rights, and you have the ability to object to any automated decision-making, including profiling, that may significantly affect you.

Artificial intelligence (AI) technologies are employed to enhance the functionality of services, and as part of these operations, AI systems may process personal data. It is ensured that all data processing activities carried out by these AI systems fully comply with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

The personal data processed by AI systems will be used solely for the specific purposes outlined in the Privacy Policy and will not be used for any other purpose without explicit consent, where required by law. AI technologies are implemented with a strong commitment to ethical standards and legal requirements.

Forbidden Uses of AI:

In line with the GDPR, human rights protections, and international ethical standards, AI technologies will not be engaged in or support the following activities:

Discrimination: AI will not be used to classify individuals based on their social behavior or personality traits in ways that could lead to discrimination or violate fundamental rights.

Facial Recognition & Biometric Processing: AI will not be used for facial recognition or biometric data processing in real-time in public spaces, except in strictly defined cases, such as preventing serious crimes.

Manipulative Content: AI will not be used to create manipulative content, such as deepfakes, that could mislead or manipulate public opinion or individuals.

Mass Surveillance: AI will not engage in mass or uncontrolled surveillance of individuals or groups, violating the right to privacy.

Automated Decision-Making: AI will not be used for automated decisions that have significant consequences for individuals (e.g., denying social services or access to education) without appropriate human intervention.

Law Enforcement: AI will not be used in law enforcement in ways that could lead to discrimination or violate individuals' rights, such as crime prediction without sufficient evidence.

Healthcare: AI will not be used for diagnosis or treatment in healthcare without proper medical approval and adherence to ethical standards.

Education: AI applications will not be used in ways that could violate students' rights, such as automated grading without transparency or the right to appeal.

Risk Assessments: AI will not be used for risk assessments or premium determination without sufficient transparency or adherence to ethical standards.

Financial Sector: AI will not be used in the financial sector for market manipulation or algorithmic trading without proper regulation and oversight.

Regular evaluations and audits are conducted on the use and performance of AI technologies, including those utilized by clients and partners, to ensure compliance with ethical standards and legal obligations.

Data Security:

We implement a variety of technical and organizational measures to ensure the security and integrity of your personal data. These measures include, but are not limited to, encryption technologies, secure data storage practices, access controls, and regular security assessments. Our team regularly reviews and updates these procedures to address potential vulnerabilities and to maintain the highest standards of protection against unauthorized access, data breaches, and other security threats.

While we take all reasonable steps to safeguard your personal data, we acknowledge that no system is entirely invulnerable to breaches or attacks. Despite our efforts to maintain a secure environment, we cannot guarantee absolute security for personal data transmitted over the internet. We advise you to take appropriate precautions when using online services and accessing the internet to minimize any risks associated with data exposure.

Changes to This Privacy Policy:

We reserve the right to amend this Privacy Policy as necessary. Any changes will be posted on this page, and we encourage you to review it periodically. The revised policy will become effective immediately upon posting.

If the changes significantly affect your rights, we will inform you directly via email or through the website, providing you with the opportunity to consent to the updated policy.

Date 12/12/2024