Privacy Policy Policy

NO BLINK Ltd. is a limited liability company, registered in the Commercial register and the NGO Register with UIC 203921225 and VAT № BG203921225, with headquarters Sofia, Durvenica, bl. 16, Tel: +359888192411, E-mail: office@noblink.group Website: noblink.group.

Commission for Personal Data Protection (CPDP), Sofia, Prof. Tsvetan Lazarov Str. №2, Phone number: 02/91-53-519, E-mail: kzld@government.bg, kzld@cpdp.bg, Website: www.cpdp.bg

The Administrator collects and processes your personal data in connection with the use of the website noblink.group in order to answer your inquiries and/or conclude contracts with the Company, pursuant to Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR), and in particular on the following grounds:

• Explicit consent received from you;
• To take action at your request before concluding a contract with the Administrator;
• Compliance with a legal obligation that applies to the Administrator;
• For the purposes of the legitimate interests of the Administrator or a third party.

In case a contract is concluded with the Company, the Administrator collects and processes your personal data in connection with the concluded contract on the following grounds:

• Fulfillment of the Administrator’s obligations under a contract with you;
• Compliance with a legal obligation that applies to the Administrator;
• For the purposes of the legitimate interests of the Administrator or a third party.

We collect and process the personal data you provide to us in connection with the use of the website noblink.group, including for the following purposes:

• contacting the Client and sending information to him;
• sending responses to your questions regarding NO BLINK Ltd.’s services;
• statistical purposes.

Types of personal data collected, processed and stored by the Administrator

The Administrator processes the following categories of personal data and information for the following purposes and on the following grounds:

• Your personal data (e-mail address, name, etc.)

Purposes for which the data is collected: 1) Establishing contact with the user and sending information to him.

Grounds for processing your personal data
Your data for receiving emails is processed with your explicit consent – Art. 6, para. 1, p. (a) GDPR and in order to take steps at your request to enter into a contract- Art. 6, para. 1, p. (b) GDPR.

In case of concluding a written contract, a contractual relationship is created between the Administrator and you, on the basis of which we process your personal data – Art. 6, para. 1, p. (b) GDPR.

Personal data is collected by the Administrator from the people to whom it relates. The Administrator does not perform automated data decision-making. The Company does not collect data on people under 18 years of age. When processing and storing personal data, the Administrator may process and store personal data in order to fulfill his obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal authorities.

Term of storage of your personal data

The Administrator stores the collected data for a period not longer than necessary for the purposes for which the personal data is processed. In case of received inquiry and no contract concluded afterward, the Administrator stores the collected data up to 12 months from its initial collection. It is deleted at your request or within the period specified in the previous sentence.

The Administrator stores the personal data of the legal representatives of its business partners for the term of the contract and 5 years afterward, for observance of the legitimate interests and legal obligations of the Administrator.

In case of a concluded contract, the Administrator stores your personal data, for the term of the contract and 5 years afterward, for the purpose of fulfilling obligations laid down by law – e.g. accounting documents shall be stored for the relevant statutory period; for protecting the legal interests of the Administrator in court or administrative disputes with clients; we might need your personal data to prove compliance with the statutory requirements before the relevant control authorities, etc.

The Administrator notifies you in case the data retention period needs to be extended in order to fulfill a regulatory obligation or in view of the legitimate interests of the Administrator or other.

Transfer of your personal data for processing
The Administrator may transfer some or all of your personal data to personal data processors for the fulfillment of the processing purposes with which you have agreed, subject to the requirements of Regulation (EU) 2016/679 (GDPR).

The Administrator does not transfer your data to third countries. The Administrator notifies you in case he intends to transfer part or all of your personal data to third countries or international organizations.

Withdrawal of consent for processing purposes
If you do not want all or part of your personal data to continue to be processed by the Company for specific or all purposes of the processing, you can, at any time, withdraw your consent to processing by filling out the form on our website or by submitting a request in free text via email.

The administrator may ask you to verify your identity and the identity of the data subject.

You may withdraw your consent to the processing of your personal data for the purposes of direct marketing at any time.

The withdrawal of the consent does not affect the legality of the processing of personal data, which the Administrator has performed so far.

Right to access your data
You have the right to request and receive confirmation from the Administrator whether personal data related to you is being processed.

You have the right to receive access to data related to you, as well as information related to the collection, processing and storage of your personal data. Upon request, the Administrator provides you with a copy of the processed personal data related to you in electronic or other appropriate form. Providing access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of recurrence or excessive requests.

Right for data rectification
You may correct or complete inaccurate or incomplete personal information, related to you, by making a request to the Administrator.

Right to personal data, related to you, to be deleted (“Forget me” request)
You have the right to request from the Administrator to delete part or all of the personal data, related to you, and the Administrator has the obligation to delete it without undue delay, when there is any of the following reasons:

• the personal data is no longer needed for the purposes for which it was collected or processed otherwise;
• you withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
• you object to the processing of personal data, related to you, including for the purposes of direct marketing, and there are no legal grounds for the processing to take precedence;
• the personal data has been processed illegally;
• the personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the Administrator;
• the personal data has been collected in connection with providing services to the information society.

The Administrator is not obliged to delete personal data if it is stored and processed:

• to exercise the right of freedom of expression and the right of information;
• to comply with a legal obligation, which requires processing and is provided in EU law or the law of a Member State, applicable to the Administrator, or for the performance of a task in the public interest, or in exercising of official powers, granted to him;
• for reasons of public interest in the field of public health;
• for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
• for establishing, exercising or defending legal claims.

The right to delete is exercised by submitting a request via email and identifying himself as the account holder. After verifying the identity of the person submitting the application, the Administrator deletes all data that he processes about the Client, except for his email and address and technical information about the operation of the website, which cannot be associated in any way with the Client’s identity.

If there is a request placed by you that is being processed, the earliest time you can ask to be “forgotten” is when the request is successfully completed.

The administrator does not delete the data that he has a legal obligation to store, including for protection in connection with court claims against him or proof of his rights.

Right to limit data processing
You have the right to ask the Administrator to restrict the processing of data related to you when:

• you challenge the accuracy of personal data for a period that allows the Administrator to verify the accuracy of personal data;
• the processing is illegal, but you do not want the personal data to be deleted, only its use to be restricted;
• the Administrator no longer needs the personal data for the purposes of the processing, but you require it for establishing, exercising or protecting your legal claims;
• you have objected to the processing and there is a pending verification that the legal grounds of the Administrator take precedence over your interests.

In case of exercising your right to limit data processing, the Company will stop processing your data, but will not remove the publications you have made in the online store.

Right to transfer data
If you have given your consent for the processing of your personal data or the processing is necessary for the performance of the contract with the Administrator, or if your data is processed in an automated manner, you may, after identifying yourself to the Administrator:

• ask the Administrator to provide you with your personal data in a readable format and to transfer it to another Administrator;
• ask the Administrator to directly transfer your personal data to an administrator, specified by you, when this is technically possible.

Right to receive information
You may ask the Administrator to inform you about all recipients to whom the personal data, which was requested to be corrected, deleted or restricted of processing, has been disclosed. The Administrator may refuse to provide this information if this would be impossible or would require a disproportionate effort.

Right to complain
You can object to the processing of personal data by the Administrator at any time.

Your rights in the event of a breach of security, when your personal data is concerned
If the Administrator finds a breach of security, when your personal data is concerned, and which may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the breach, as well as of the measures that have been taken or are to be taken.

The Administrator is not obliged to notify you if:

• he has taken appropriate technical and organizational protection measures with regard to the data affected by the security breach;
• he has taken steps afterward to ensure that the breach does not pose a high risk to your rights;
• notifying you would require a disproportionate effort.

The Administrator does not provide your personal data to third parties. We may need to provide access to your personal data to a limited extent to a third party – the team that provides us with software support for the website, for the purposes of its operation. In these cases, we ensure that the third parties we engage apply the same high standards for the protection of your personal data.

In the event of a breach of your rights under the stated above or applicable data protection legislation, you have the right to file a complaint with the Data Protection Commission.

You can exercise all your rights regarding the protection of your personal data through the forms attached to this policy. Of course, these forms are optional and you can submit your requests in any form that contains a statement about your request and identifies you as the data holder.