I. GENERAL PROVISIONS.
(1) For the purpose of carrying out its activities, in accordance with the General Terms and Conditions published on the website https://.victima.net/ (“Website”) hereinafter referred to (“Terms and Conditions“) “Flexible Bit” Ltd, UIC 204040752, with registered office and registered address in the Republic of Bulgaria, p.k. 1505, Sofia, ul. 15, app. 13, represented by Mladen Todorov Dryankov, as its manager, (hereinafter referred to as “Flexible Bit” or “the Company“) processes data of natural persons (“Data Subjects” / “You” / “You”)in accordance with this Policy.
(2) In processing personal data, Flexible Bit complies with all applicable to its activities regulations on the protection of personal data, including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Art.2. This Policy uses the following definitions of terms derived from Article 4 of the Regulation:
- “Regulations.” – General Data Protection Regulation 2016/679 of 27 April 2016, replaces Data Protection Directive 95/46/EC. It has direct effect and implies an amendment of the Member States’ data protection legislation. Its purpose is to protect the “rights and freedoms” of individuals and to ensure that personal data is not processed without their knowledge and, where possible, that it is processed with their consent.
- “ Personal data ” – may be any information that can be linked to an identified natural person or to a natural person who could be identified, directly or indirectly, by the use of one or more specific attributes or identifiers linked to that natural person. In terms of the nature of the information, the term ‘personal data’ includes any type of statement about a person. It includes ‘objective’ information and ‘subjective’ information, opinions or assessments. With regard to the form or medium in which such information is contained, the term ‘personal data’ includes information in any form, whether alphabetic, digital, graphic, photographic or acoustic. For example, it includes information stored on paper as well as information stored in computer memory
- Special (sensitive) categories of personal data ” are a special category of personal data personal data because of the specific nature of the information they reveal about the individual. In particular, this information discloses racial or ethnic origin, religious and philosophical beliefs, political opinions, membership of trade unions (or professional) organisations, data concerning the health of the natural person, biometric data for the sole purpose of identifying a natural person.
- “ Administrator ” is Flexible Bit, which determines the purposes and means of processing personal data
- “ Processor ” – may be any natural or legal person, public authority or body that processes personal data on behalf of and under the express written authority of Flexible Bit. The personal data processor is always a person who is external to the Company’s structure and is not in an employment relationship with the Company. Employees of the Company are not processors of personal data.
The Company may also act as a Data Processor, in which case the latter shall process the relevant personal data in accordance with a written contract entered into with the Controller, its documented instructions and the Company’s legal obligations.
- “ Processing of personal data ” means any operation or set of operations which is performed upon personal data, such as collection, recording, organisation, structuring, storage, alteration, use, disclosure by transmission and access, alignment, erasure or destruction. In practice, any activity involving the use of personal data in some form may constitute processing of personal data.
- “ Data Subject ” – any living natural person who is the subject of the personal data stored by the Controller.
III. CATEGORIES OF DATA SUBJECTS.
Art.3. In connection with its activities, the Company processes information about the following Data Subjects:
- Website Visitors;
- Persons who have made enquiries (including by calling), requests, signals, complaints or other correspondence to the Company;
- Individuals whose information is contained in enquiries (including by call), requests, signals, complaints or other correspondence addressed to the Company.
IV. PERSONAL DATA PROCESSED.
Art.4. Flexible Bit will process your personal data:
- Provided in connection with use of the Flexible Bit Website;
- Provided in connection with correspondence, complaints and signals, namely:
- User communication details provided when contacting Flexible Bit, via e-mail and/or telephone;
- The website may store information about the visit (date, time and IP address)
V. PURPOSES AND MANNER OF PROCESSING.
Art.5. Flexible Bit collects, uses and processes the information described above for the following purposes:
(1) To protect and enforce the legitimate interests of Flexible Bit. These are purposes related to the legitimate interests of Flexible Bit and/or third parties such as other users, companies, etc. These purposes include:
- Ensuring the proper functioning and use of the Website by you and other users, maintaining and administering services, resolving disputes, identifying and preventing malicious activity.
- Identifying and resolving technical or functionality issues, developing and improving the Application and Website.
- Communicating with you, including electronically.
- Receiving and processing signals, complaints, requests and other correspondence;
- Exercise and protect the rights and legitimate interests of Flexible Bit, including in court, and assist in exercising and protecting the rights and legitimate interests of other users of the App and Website and/or affected third parties.
For these purposes, it may be necessary to process some or all of the above categories.
(2) Purposes for which you have given your explicit consent. Your data may be processed on the basis of your explicit consent, in which case the processing shall be specific and to the extent and scope provided for in the relevant consent.
(3) For the fulfilment of Flexible Bit’s legal obligations, which include the fulfilment of statutory obligations to preserve or provide information upon receipt of an appropriate order from competent state or judicial authorities, in enabling the exercise of the control powers of the competent state authorities, in fulfilling Flexible Bit’s legal obligations to notify you of various circumstances relating to your rights, the Services provided or the protection of your data, etc. For these purposes, it may be necessary to process some or all of the above categories.
(4) For statistical purposes such as analysing the performance of the Website and to understand how visitors use it.
(6) Logs related to security, technical support, development, etc. may be used on the Website for the following purposes:
- To ensure reliable operation and identify technical problems;
- To ensure security and detect malicious activity;
- To develop and improve the Website;
- To measure traffic and usability of the App and Website;
- Logos required by law.
Server logs, security logs (Web Application Firewalls) and other devices that fall into this category. These logs are necessary for detecting technical problems, detecting malicious activities, etc. for the purposes mentioned above. They shall be kept for a period of up to 1 (one) year. Logos may contain the following information: date and time, IP address, URL, browser and device information.
Art.6. The services of Flexible Bit and the functionalities provided on the Website are not intended for the storage and processing of special categories of personal data within the meaning of Articles 9 and 10 of the Regulation.
Art.7. Flexible Bit does not collect or process personal data of children 16 years of age or younger, except with the consent of a parent in accordance with applicable local law. If we learn that a child’s personal data has been accidentally collected, we will promptly delete the data in question.
VI. STORAGE PERIOD
Art.8. Flexible Bit stores your personal data for the periods necessary to achieve the purposes for which it was collected. Once the relevant purposes have been achieved, your personal data will be destroyed immediately, except in cases where Flexible Bit is required by law to process it for a longer period of time.
(2) After the expiration of the aforementioned period, we will destroy the collected personal data, except in cases where the Company is required by law to process it for a longer period of time, including in cases of protection of a legitimate interest of Flexible Bit (including statutes of limitations, under applicable law for bringing certain claims, etc.).
Art.10. In certain circumstances Flexible Bit has the right to anonymise your personal data for research, statistical or other purposes, in which case the Company may use this information indefinitely without further notice to you.
Art.11. In the event that Flexible Bit has no need for your data, it will be deleted or anonymised, removing any details that identify you. In the absence of legal grounds for processing your personal data and in the event that you withdraw your consent to the processing of the same, Flexible Bit will delete your personal data within a reasonable period.
Art.12. Where we process your personal data on the basis of your consent, including but not limited to for marketing purposes, it will be processed and stored until we receive a request from you to delete it.
Art.13. In the event of a legal dispute or proceeding requiring the retention of data and/or a request from a competent government authority, it is possible to retain data for longer than the specified periods until the final conclusion of the dispute or proceeding before all instances. These time limits are subject to change in the event that a different retention requirement is established under applicable law.
VII. THIRD PARTIES.
Art.14. Your personal data may be provided to third parties in the following cases:
- where provided by law;
- if duly requested to do so by a competent governmental or judicial authority;
- where we have received your explicit consent to do so;
- where necessary to protect the rights and legitimate interests of Flexible Bit and/or other users.
Art.15. In the case of Article 14, Flexible Bit puts in place contractual agreements and security mechanisms in order to both protect your personal data and comply with current data protection, privacy and security standards.
Art.16. Personal data held by Flexible Bit may be accessed by and/or transferred to:
- Companies within the Flexible Bit group.
- Third parties and/or organisations that provide us with applications and/or functionalities, IT services or data processing services;
- Third parties who assist us in the provision and management of our internal IT systems. For example, information technology providers, cloud service providers, identity management, website hosting and management, data analytics, data backup, security and storage services. The servers that power and facilitate this cloud infrastructure are located in secure data centers around the world, and personal data can be stored in any of them;
- Third parties/organisations that assist us in providing services or information in other ways;
- Auditors and other professional advisers;
- Law enforcement authorities, other governmental and regulatory agencies or other third parties as required by and in accordance with applicable law;
Art.17. With respect to personal data regulated by EU law, please note that cross-border transfers may involve countries outside the European Economic Area (EEA) and countries that do not have laws providing specific protection for personal data. We have taken steps to ensure that all personal data has the necessary protection and that all transfers of personal data outside the EEA are carried out lawfully. Where we transfer personal data outside the EEA to a country that is not designated by the European Commission as providing an adequate level of protection for personal data, transfers will be made in accordance with an agreement that follows EU requirements for the transfer of personal data outside the EEA – such as the standard contractual clauses approved by the European Commission. You can read more about these clauses here.
VIII. RIGHTS OF DATA SUBJECTS
Art.18. The Regulation provides for the following rights:
- Right to information .
This Policy aims to inform you in detail about the processing of your personal data in connection with the Services provided.
- Right of access .
You have the right to confirm whether your personal data is being processed, to access it and to obtain information about its processing and your rights in relation to it. You can access it at any time.
- Right of rectification .
You have the right to correct your personal data if it is incomplete or inaccurate.
You have the opportunity to correct your data at any time by requesting Us.
- Right to erasure .
You have the right to request the erasure of data, except where there is a substantial ground for processing and/or a legal obligation.
The data shall be deleted after the specified period. In the meantime, they may be made available only and exclusively in due course to the competent public authorities in the exercise of their supervisory powers or to a competent court in the event of legal proceedings in which they are involved. In the event of a legal dispute or proceeding requiring the retention of data and/or a request from a competent government authority, it is possible to retain data for longer than the specified periods until the final conclusion of the dispute or proceeding before all instances.
- Right to restriction of processing.
The Regulation provides for the possibility to restrict the processing of your personal data if there are grounds for doing so set out in the Regulation.
- Right to notify third parties .
Where applicable, you have the right to request the Data Controller to notify third parties, where he has provided your data, regarding the rectification, erasure or restriction of the processing of your personal data.
It is important to note that Flexible Bit is not an intermediary in the relationship between you and others.
- Right to data portability .
You have the right to obtain your personal data in a structured, commonly used, machine-readable format and to use this data for another controller at your discretion.
- Automated decision making .
You have the right not to be subject to automated decision-making involving profiling that produces legal effects for you or similarly significantly affects you, unless there are grounds for doing so under applicable data protection law and appropriate safeguards are in place to protect your rights, freedoms and legitimate interests.
The Website and App do not use any technologies that fall into this category.
- Right to withdraw consent .
You have the right, at any time, to withdraw your consent to the processing of personal data, which is based on your consent. Such withdrawal shall not affect the lawfulness of the processing on the basis of the consent given up to the time of withdrawal.
In the case of services such as subscriptions to email advertisements, subscription to which is based on your wish (consent), there is an option to terminate the subscription at any time (withdrawal of consent)
- Right to object .
You have the right to object to the processing of your personal data based on public interest, official authority or legitimate interest.
In the event that such an objection is received, We will consider Your request and, if justified, comply with it. If we believe that there are compelling legitimate grounds for the processing or that it is necessary for the establishment, exercise or defence of legal claims, we will inform you of this.
- Right of appeal.
You have the right to lodge a complaint with a supervisory or judicial authority if you believe that the processing of personal data relating to you violates applicable data protection law. The supervisory authority in the Republic of Bulgaria is the Commission for Personal Data Protection, with address. Sofia 1592, 1592 Sofia Blvd. “1595 Prof. Tsvetan Lazarov” № 2.
IX. ACCURACY OF INFORMATION.
Art.19. Flexible Bit is not responsible for the accuracy of the data provided by you, does not carry out checks in this regard and does not guarantee the true identity of the individuals who provided the data. In all cases of suspected fraud and/or abuse, please notify us immediately. You undertake that in providing any information on the App and Website you will not infringe the rights of others in relation to the protection of their personal data or their other rights.
This Policy shall come into effect from 1st November 2023.