Privacy Policy

Privacy Policy

I. Subject

This Privacy Policy, hereinafter referred to as the “Privacy Policy,” provides information on how HOST and GOST EOOD, hereinafter referred to as the “Provider,” “Administrator,” “we,” and/or “us,” the owner/operator of the website: https://hostigost.com, hereinafter referred to as the “Website,” processes (including but not limited to collects and stores) personal data of data subjects, such as users of the Website and the services of the Provider, hereinafter referred to as “User/s,” “You,” and/or “Your,” as well as regarding their rights in this regard. The term “personal data,” used in the Privacy Policy, has the meaning given to it in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC, hereinafter referred to as the “General Data Protection Regulation” and/or “GDPR,” namely: “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” Below you can find brief information about:

The Provider,
The competent supervisory authority,
The legal basis on which we process personal data,
The purposes for which we use personal data,
Principles of personal data processing,
What personal data we collect,
Storage period of personal data,
Access to and transmission of personal data, and
The rights and guarantees that GDPR provides to data subjects.

II. Information about the Provider

Name: HOST and GOST EOOD, EIK 207083029
Registered office and management address: Biala, Vasil Aprilov Street 47
Tel.: 0888806662, email: office@hostigost.com
Registration in public registers: Commercial Register at the Registry Agency of the Ministry of Justice of the Republic of Bulgaria.

III. Information about the Competent Supervisory Authority

Name: Commission for Personal Data Protection of the Republic of Bulgaria
Address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. 2
Phone: 02 915 3 518
Email: kzld@cpdp.bg
Website: https://www.cpdp.bg/

IV. BASIS FOR COLLECTING, PROCESSING, AND STORING PERSONAL DATA

We process (including, but not limited to: collect and store) your personal data solely in connection with our activities and in accordance with the requirements of applicable legislation, including the Personal Data Protection Act of the Republic of Bulgaria and the General Data Protection Regulation. We process your personal data based on at least one of the following grounds:

User’s consent for the processing of personal data;
Processing of personal data is necessary for the performance of contractual obligations of the Provider to the User;
Processing of personal data is necessary for taking steps at the request of the User before entering into a contract;
Processing of personal data is necessary to comply with legal obligations of the Provider;
Processing of personal data is necessary for the legitimate interests of the Provider in carrying out its activities.

V. PURPOSES FOR COLLECTING, PROCESSING, AND STORING PERSONAL DATA

We collect, process, and store personal data of Users in connection with the provision of services by us and communication related to the use of the website, as well as for the following purposes:

Communication and identification in the performance of a service contract and a purchase-sale contract (including in the performance of the respective contract);
Communication, identification, processing, and execution of requests, orders, reservations, purchases of goods or services (including contract preparation, order acceptance, shipment of goods, resolution of issues related to order cancellations, reservations, return of purchased goods, refund of paid amounts, and others);
Fulfillment of tax and other legal obligations;
Accounting purposes in connection with the use of our services;
Protection of our legitimate interests in fulfilling our obligations to state and municipal authorities (e.g., National Revenue Agency, Ministry of Interior);
Protection of our legitimate interests in storing information for protection against legal or tax claims and for improving the performance of the website;
Protection of the information security of the website;
Statistical information about the use of the website;
Provision of advertising content based on the User’s interests.
If a data subject refuses to provide us with some or all of the personal data necessary for the respective purpose mentioned above, we may not be able to provide the corresponding service (e.g., fulfill a contract entered into with the respective User) or comply with the relevant legal requirements (e.g., enable the data subject to exercise their rights under the GDPR).

VI. PRINCIPLES OF COLLECTING, PROCESSING, AND STORING PERSONAL DATA

We adhere to the following principles when collecting, processing, and storing your personal data:

Legality, fairness, and transparency;
Limitation of the processing purposes;
Limitation of the storage period to achieve the purposes for which the data is processed;
Minimization of the processed data to the necessary minimum;
Accuracy and timeliness of the data;
Integrity and confidentiality in the processing of data and ensuring an appropriate level of security for personal data.

VII. PERSONAL DATA

We collect the following categories of personal data from Users for the following purposes and on the following grounds:

Your identifying data (name, surname, telephone number, and email address), as well as other data voluntarily provided by you, for the purpose of processing your inquiries, providing service proposals, and rendering services on your expressed request, including communication with you in this regard, and based on taking steps at your request for the possible conclusion of a contract, performance of a contract to which you are a party, or processing consent provided by you;

Your identifying data (name, surname, telephone number, and email address) and information related to payment and chosen payment methods for the purpose of issuing and sending accounting/tax documents (invoices) in connection with the services used by you, including communication with you in this regard, and based on taking steps at your request for the possible conclusion of a contract, performance of a contract to which you are a party, or our legal obligation;

Your IP address, browser settings, and preferred language, visited pages, as well as actions performed for the purpose of sending Push notifications, upon your expressed desire to receive them;

Your IP address, visited pages, for the purpose of information security protection;

Other data that may be necessary in certain cases or related to the provision of services to Users by us, including those necessary for the performance of contract obligations (e.g., date of birth, signature, personal identification number) or other data that Users decide to voluntarily share with us, and based on the performance of a contract to which you are a party, consent for processing provided by you, or compliance with our legal obligation.

We use “cookies” on the website, which are small files downloaded to your computer to enhance your user experience on the site. You can find more information on our special “cookies” rules page here.

We do not process, and consequently do not collect from Users, special categories of personal data (e.g., data revealing racial or ethnic origin, political opinions, genetic or biometric data, as well as data concerning the data subject’s sex life or sexual orientation).

We do not make decisions based solely on automated processing of data, including profiling.

Usually, we receive personal data directly from the data subject. However, it is not excluded that we may receive personal data from other persons, such as: other employees in the company where the respective data subject works, and from publicly available sources such as the Commercial Register and the register of legal entities with a non-profit purpose at the Registry Agency of the Ministry of Justice of the Republic of Bulgaria.

VIII. STORAGE PERIOD OF PERSONAL DATA

We retain the personal data of Users for a period not exceeding the time necessary for the respective processing purpose or the legally established period, where applicable. For example:

Personal data provided by you when filling out the contact form will be stored until the request is fulfilled or the inquiry is satisfied, in connection with which you contacted us, and a maximum of one year thereafter for statistics and marketing analyses;

Personal data of our clients processed in connection with contracts between us and the respective User will be stored for a period not exceeding ten years, calculated from January 1 of the year following the one in which the contract is accounted for tax purposes;

Personal data of our clients processed in connection with the issuance of tax documents (invoices) will be stored for a period not exceeding ten years, calculated from January 1 of the year following the one in which the document is accounted for tax purposes;

Personal data of our partners/suppliers processed in connection with contracts between us and the respective partner/supplier will be stored for a period not exceeding ten years, calculated from January 1 of the year following the one in which the contract is accounted for tax purposes;

Personal data of participants in recruitment and selection procedures will be stored for a period not exceeding six months, calculated from the moment of the final completion of the recruitment/selection procedure in which the respective data subject participates, or after the expiration of the deadline for appealing the given procedure, unless the data subject has given consent for the storage of their personal data for a longer period, in which case the data subject has the right to withdraw their consent at any time without stating reasons.

The storage period depends, among other things, on the duration of the legal relationships arising between us and the respective User, as well as the purposes for which personal data is processed. When there are indications of potential legal claims or liability, these periods will be correspondingly extended. When processing is based on the User’s consent (e.g., in cases of personal data provided by third parties for direct marketing), we keep this personal data as long as we have valid consent for its processing.

After the expiration of the above periods, we take the necessary measures to delete and/or destroy your personal data without undue delay.

IX. ACCESS TO PERSONAL DATA AND TRANSFER OF PERSONAL DATA TO THIRD PARTIES

In principle, the personal data of Users that we process are accessible to our employees, representatives, and partners who need them to fulfill legal obligations and/or perform contractual obligations (e.g., providing a service under a contract with the User). In this regard, it is possible, at our discretion and in compliance with the requirements of the GDPR, to transfer all or part of your personal data to third parties such as accountants, professional consultants, including lawyers (for financial-accounting and administrative servicing of our activities), cloud data processing/storage platforms (for organizational servicing of our activities, e.g., storing and processing contracts with Users on cloud platforms for greater security), companies providing postal services (for organizational servicing of our activities, e.g., sending contracts in paper form to Users), IT service providers, system administration, marketing services (for providing more reliable and high-quality operation of the website and more secure data processing), providers of foreign information storage services (i.e., hosting companies) (for the performance of contracts with Users).

Based on applicable legislation or at the request of public authorities, all or part of your personal data may be made accessible to public authorities.

We do not intend to transfer your personal data to countries outside the European Economic Area or to international organizations.

X. RIGHTS OF DATA SUBJECTS

At any time while we process your personal data, and in compliance with the limitations imposed by applicable legislation, you, as the data subject, have the following rights:

Right of Access: You have the right to request information about whether we process your personal data and to obtain access to and a copy of such personal data. If you request more than one copy of your personal data, you may be required to pay a corresponding fee for each additional copy.

Right to Rectification/Correction: You have the right to request the correction of your personal data if you believe it is inaccurate or incomplete. We will make such corrections without undue delay.

Right to Erasure/Right to be Forgotten: Under certain circumstances (e.g., your personal data is no longer necessary for the purposes for which it was collected, or you have withdrawn your consent for processing certain personal data for which there is no other legal basis), you may request the deletion of your personal data from our records/database without undue delay. In certain cases, we may refuse to delete such personal data (e.g., when processing is necessary to comply with a legal obligation or to establish, exercise, or defend legal claims).

Right to Restriction of Processing: When certain conditions are met (e.g., the processing of certain of your personal data is unlawful, but you do not want these data to be deleted), you have the right to request restriction of the way your personal data is processed.

Right to Data Portability: When your personal data has been provided to us by you and is processed by automated means, you have the right to request that this personal data be transmitted to you in a structured, commonly used, and machine-readable format, as well as to have it transferred to another data controller, where technically feasible.

Right to Object: You have the right to object, at any time, to the processing of your personal data for certain purposes. In such cases, we will cease to use your personal data for the specific purpose unless we have compelling legitimate grounds for the processing (e.g., if you object to the processing of your personal data for direct marketing purposes, we will stop processing your personal data for those purposes without undue delay).

Right to Object to Automated Decision-Making, including Profiling: You have the right not to be subject to a decision based solely on automated processing of your personal data, including profiling. You also have all the rights arising for you in the event that you are subject to the legal consequences of such processing.

Right to Withdraw Consent: If we process your personal data based on your consent, you have the right to withdraw your consent at any time. The withdrawal will not affect the lawfulness of the processing based on consent before its withdrawal.

If, at the User’s request, we delete their personal data from our database, we will only retain the information that may be necessary to protect our legitimate interests or for public authorities.

You have the right to request information about all recipients to whom your personal data for which correction, deletion, or restriction of processing has been requested has been disclosed. We may refuse to provide this information if it is impossible or requires disproportionate efforts.

If we are required to transmit personal data to another data controller, correct or delete personal data, restrict the processing of personal data, provide information about recipients to whom personal data has been disclosed, or provide access to personal data, and there are concerns about the identity of the User who submitted the request, we may first request additional information to confirm the User’s identity.

Exercising the above-mentioned rights is free of charge for Users, unless the requests made are clearly unfounded or excessive. In such cases, we may either impose a reasonable fee for fulfilling the request or refuse to take action on the request.

Users can exercise the rights mentioned above by contacting us via email at: office@hostigost.com.

XI. COMPLAINT TO THE SUPERVISORY AUTHORITY

If you believe that your personal data is not being processed lawfully or that any of your rights related to the protection of personal data have been violated, you have the right to file a complaint with the competent supervisory authority for the protection of personal data, as indicated in Part III above in the Privacy Policy. You also have the right to seek judicial remedy for the protection of your rights.

If the website contains links to other websites, we recommend that you carefully review the privacy policies of these other websites, as your personal data may be processed by these websites when you visit them, and such processing is not covered by the Privacy Policy.

We reserve the right to change the Privacy Policy at our discretion and as we deem necessary.