PRIVACY POLICY AND PERSONAL DATA PROTECTION ON THE WEBSITE www.imotibansko-factor.com

 

This document outlines the Privacy Policy and Personal Data Protection practices for users of the website located at www.imotibansko-factor.com. The purpose of this Privacy Policy is to inform you about how the owner of the website, in its capacity as Data Controller, handles your personal data, as well as how you can control your preferences and settings in relation to this processing.
This Privacy Policy is an integral part of the Terms and Conditions for using the website www.imotibansko-factor.com. All definitions and terms provided in the Terms and Conditions also apply to this Privacy Policy.
This Privacy Policy is effective from May 1, 2025.

DATA CONTROLLER

“FACTOR ESTATE AGENCY” Ltd. is the Data Controller within the meaning of Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter referred to as “GDPR”) and the Personal Data Protection Act (hereinafter referred to as “PDPA”).
In compliance with the applicable personal data protection legislation, the company responsible for the protection of your personal data, as Data Controller, is:

  • Company Name: “FACTOR ESTATE AGENCY” Ltd., EIK: 208000659;
  • Registered Office and Address: Bansko, 2770, Glazne Str. No. 21;
  • Correspondence Address: Bansko, 2770, Glazne Str. No. 21;
  • Service Email for Client Communication: factorestateagency@gmail.com;
  • Service Phone Number for Client Communication: +359894227135;

Supervisory Authorities:
Personal Data Protection Commission


Website: www.cpdp.bg


The Data Controller collects and processes all personal data in compliance with the applicable personal data protection laws in Bulgaria and the European Union.

PRINCIPLES OF PERSONAL DATA PROCESSING

The Data Controller adheres to the following principles when processing personal data:

  1. Personal data is collected only where there is a legal basis, processed fairly, and transparently concerning the data subject – principle of lawfulness, fairness, and transparency.
  2. Personal data is collected for specified, legitimate purposes and is not processed in a manner that is incompatible with those purposes – principle of purpose limitation.
  3. Only the necessary amount and type of personal data is processed, limited to what is necessary for the purposes for which it is processed – principle of data minimization.
  4. Personal data is kept accurate and up to date – principle of accuracy.
  5. Personal data is kept in a form that allows the identification of data subjects for no longer than necessary for the purposes for which the data is processed – principle of storage limitation.
  6. The Data Controller ensures data protection by design and by default, considering technical progress, costs of implementation, nature, scope, context, and purposes of processing, and the risks to the rights and freedoms of individuals, applying appropriate measures to ensure personal data protection and compliance with GDPR.
  7. The Data Controller guarantees an appropriate level of security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, by implementing appropriate technical or organizational measures – principle of integrity and confidentiality.

LEGAL BASIS FOR THE COLLECTION OF PERSONAL DATA

The Data Controller collects and processes your personal data on the following legal bases:

  • Explicit consent given by you as a client/user. Consent for the processing of personal data is voluntary and is provided for each specific case. You may withdraw your consent at any time by submitting a request in free text via email to the Data Controller. The withdrawal of consent will apply from that moment onward and will not affect the lawfulness of the processing of your personal data prior to the withdrawal request.
  • Processing is necessary for the performance of a contract to which the data subject is a party, or for taking steps at the request of the data subject prior to entering into a contract.
  • Processing is necessary for compliance with a legal obligation of the Data Controller.
  • Processing is necessary for the purposes of legitimate interests pursued by the Data Controller or a third party.

WHAT PERSONAL DATA DO WE COLLECT FROM OUR USERS?

Before accessing the services of the website, you must express your explicit consent for us to process your personal data in accordance with this Privacy Policy. We collect personal information that you voluntarily provide when you visit the website, express interest in receiving information about us or our services, participate in activities on the website, or interact with us in other ways.

  1. The Data Controller does not collect or store “sensitive” categories of personal data such as political beliefs, ethnic origin, sexual orientation, health data, religious or philosophical beliefs, etc.
  2. Personal data collected from the data subject when individuals contact the Data Controller via the website’s contact form:

    – When you send a message to the Data Controller using the contact form, the Data Controller collects and stores your name, email address, and the content of the message.
    -Purpose: The data is collected and stored for the purpose of communication with the individual.

  3. Automatically collected personal data:
    – We collect data on all visitors to our website, including:
    -Browser identifier
    -History of visited pages to identify your preferences for certain types of content
    -Search history on our pages
    -Device information (e.g., IP address, proxy server, device identifiers, location, browser type, hardware model, internet service provider, mobile carrier, operating system, and system configuration information).
    – Purpose: This data is collected to improve the security of the services provided and to prevent misuse of the user account by third parties.

  4. Personal data collected from the data subject when registering for the online newsletter:
    -Name and surname
    -Email address
    -Purpose: Data is collected and stored to identify the person and send the online newsletter.

PURPOSES OF PERSONAL DATA PROCESSING

The Data Controller collects and processes the personal data of individuals that are provided directly by them or collected automatically for the following purposes:

  • To ensure the proper functioning of all services on the website.
  • To contact the individual.
  • To provide services available on the website.
  • To improve the effectiveness and functionality of the website.
  • For accounting purposes.
  • For statistical purposes and analysis to improve our services.
  • To protect information security.
  • To ensure that our clients are legitimate and to prevent fraud.

HOW LONG DO WE STORE YOUR INFORMATION?

We will not retain your data for longer than necessary to achieve the purposes for which it was collected. If the legal basis for storing your personal data is no longer applicable (e.g., if we no longer have a legitimate interest in retaining your personal data, or if the statutory retention period has expired, or if you have withdrawn your consent), we will delete or securely destroy your data.
The company stores your personal data collected through the website for no longer than necessary or as required by applicable law. We apply the following retention periods for various types of personal data:

  • For personal data of individuals who have made an inquiry through the website’s contact form:
    -Retained for up to 12 months from the submission of the inquiry, if the user has not become a client of the Data Controller.
  • For personal data collected when registering for the newsletter:
    -Retained until you request to delete your registration or until the website ceases operations.
  • For data related to the contractual relationship between the Data Controller and the User:
    -Retained for five years from the start of the contractual relationship, unless legal provisions require longer retention (e.g., accounting records).

WHERE DO WE STORE YOUR PERSONAL DATA?

Your personal data, which we collect, is stored on servers within the European Economic Area.
We retain your personal data for no longer than necessary to achieve the purposes described above or until the cessation of services and/or the website. The personal data collected through the website will be processed, stored, disclosed, and destroyed in compliance with applicable Bulgarian and EU laws.

SECURITY MEASURES

The Data Controller has implemented a range of technical and organizational measures to protect your personal data against loss or unlawful processing. All our employees are familiar with our security policies as required by the Personal Data Protection Act. Personal information is only accessible to a limited number of qualified employees. We regularly monitor our security systems and processes. While we take reasonable steps to maintain a secure website, electronic communications and databases are subject to errors, fraud, and breaches, and we cannot guarantee that such events will not occur. We do not accept liability for any such events.
Access to personal data is restricted to individually authorized and trained staff. We will keep you informed of any changes to our data privacy and security practices and policies via up-to-date information in this section. You can request information about where, how, and for what purposes your data is stored and protected.
In case your data is compromised, we will notify you and the relevant supervisory authority within 72 hours via email, providing information on the nature of the breach, affected data, any impact on the service, and our corrective actions.

WHOM DO WE SHARE AND DISCLOSE YOUR PERSONAL DATA TO?

We may store some of your data on our servers or send it to third parties. This is done to provide you with the best experience using our services, and sometimes to ensure the availability and accessibility of the service.
Your personal data will not be transferred to third parties unless:

  • You provide explicit, informed, and freely given consent;
  • The third parties provide support under a contract to deliver our products or services;
  • Required by law or by an official act of a public authority;
  • Necessary in relation to the sale of business or assets, which are confidential.

Our employees and partners are duly informed of their confidentiality obligations and are responsible for fulfilling these obligations.
For any other purposes not explicitly mentioned in this Privacy Policy, we will seek your explicit consent, identifying our partners and the purpose of data sharing.