The Bulgarian Helsinki Committee (BHC) is a non-profit legal entity (association) for public benefit activities, registered in the Register of non-profit legal entities with the Registry Agency with UIC 831091447 and with its headquarter address at: 7 Varbitsa Str., 1504 Sofia, Bulgaria, Tel.: +359 2 944 0670, Fax: +359 2 483 6298, and E-mail address:
Our primary concern when dealing with personal data
BHC processes your personal data in order to improve your use of our website, in order to communicate effectively with you when you contact the organisation, and in order to provide the products and services it has publicised on its website or elsewhere.
The security of the data you entrust to us is very important to us. That is why we protect your data by implementing all appropriate technical and organizational means at our disposal to prevent unauthorized access, unauthorized or malicious use, loss or premature deletion of information. We collect and process personal data only in compliance with the requirements of Bulgarian and European Union legislation. We are aware that the processing of your data is linked to a specific reason and cannot be carried out without restriction.
How and why we use your personal data
For the performance of a contract or in the context of a pre-contractual relationship
We process your identification data, traffic data and other personal data in order to provide the products and services that you have requested and that you wish us to provide to you, as well as to fulfil contractual and pre-contractual obligations and to exercise the rights under the contracts concluded with you.
The processing is carried out with the following purposes:
- identification of the client or person that contacted us;
- management and execution of your orders for products or services, execution of contracts for products and services;
- preparation of a contract proposal;
- performance of processing by a data processor for contract conclusion, award, reporting, acceptance, payment;
- preparing and sending a bill/invoice for the products and/or services you use with us;
- to provide the comprehensive service you require and to collect amounts due for products and services used;
- your account/invoice data is consistent with the original purpose for collecting it and in order to provide an overview of our products and services;
- any assistance in connection with the services provided;
- preparation of proposals for the conclusion of distance and off-premises contracts, dispatch of goods and documents by courier services, as well as servicing transaction cancellations;
- notification of anything related to the products and services you use with us, sending various notices, notification of problems, errors or to respond to your requests, complaints, suggestions;
- to identify and/or prevent unlawful acts or acts contrary to our terms and conditions for the relevant services;
- researching and analysing customer usage of our services, based on anonymous or personalised information, to identify key trends, improve our understanding of customer behaviour and collaborate with third parties to develop new services or improve existing ones for our customers.
For compliance with regulatory obligations
We process your identification data, traffic data, location data and other personal data in order to comply with legal obligations, such as:
- performance of duties provided for in the Law on the Bar;
- fulfilment of obligations in relation to distance selling, off-premises selling provided for in the Consumer Protection Act;
- providing information to the Consumer Protection Commission or third parties provided for in the Consumer Protection Act;
- provision of information to the Commission for Personal Data Protection in relation to obligations under the legal framework for personal data protection - Personal Data Protection Act, Regulation (EU) 2016/679 of 27 April 2016 (GDPR), etc.;
- obligations provided for in the Accounting Act and the Tax and Social Security Procedural Code and other related regulations in connection with the keeping of proper and lawful accounting records;
- provision of information to the court and third parties in court proceedings, in accordance with the requirements of the procedural and substantive legislation applicable to the proceedings;
- age verification when shopping online.
After your consent
In some cases, we process your personal data only with your prior consent. Consent is a separate basis for processing your personal data and the purpose of the processing is set out in it, and does not overlap with the purposes listed in this policy. If you give us the relevant consent and until you withdraw it or terminate any contractual relationship with you:
- we provide free legal aid in the form of consultations;
- we prepare proposals for free legal aid in the form of legal representation before Bulgarian and international institutions appropriate for your case.
Basic personal data include names, gender and age group, address (permanent address).
Network data: data processed on an electronic communications network for the purpose of transmitting, distributing or exchanging the content of electronic communications, including data used to trace and identify the source and destination of the communication, data on the location and type of device, and the date, time, duration and type of communication.
"Detailed analytics" is a method of performing analysis that enables the processing of large volumes of data using statistical models and algorithms and others that involve the use of network and personal data, as well as processes of pseudonymizing and anonymizing the same, in order to extract information about trends and various statistical indicators.
After your consent, we process your personal identification number, three names and permanent address in order to provide legal advice or draw up contracts for free legal assistance.
If you withdraw your consent to the processing of personal data for any or all of the ways described above, BHC will not use your personal data and information for the purposes set out above. Withdrawal of consent does not affect the lawfulness of processing based on consent given prior to its withdrawal.
In order to withdraw your consent, you must inform us via our website or other contacts.
In view of our legitimate interest
We use your personally identifiable information with our legitimate interest to perform a basic analysis of your data in order to tailor our services to your individual needs and to offer you new services that meet them.
We also process your data for the following purposes which constitute our legitimate interest:
- Preparation and storage of statistical information and reports in aggregate form to develop and improve our website.
- Calculating the number of users of our legal aid services.
Processing of anonymised data
We process your traffic data for static purposes, that is, for analyses in which the results are only aggregated and the data is therefore anonymous — for example, to find out how many users have visited our website over a given period of time. It is impossible to identify a specific person from this information.
What data we process about you:
- full name, unique citizenship number or ID number of the foreigner, permanent or current address;
traffic data (network data)
- data processed in electronic communications networks to determine the geographical location of the terminal electronic communications equipment;
- information on the type and content of the contractual relationship and any other information relating to the contractual relationship, including:
- audio recordings of calls made to and from our office to improve service;
- emails, letters, information about your troubleshooting requests, complaints, requests, grievances;
- other feedback we receive from you;
- personal contact details — contact address, phone number and contact information (email, phone number), gender, age group;
- credit or debit card information, bank account number or other banking and payment information in connection with payments made by you to BHC or by BHC to you;
- friend information, like:
- data provided via our website and mobile apps (if available);
- information about the terminal electronic communications device used, the type of device, the operating system used, the IP address when visiting our website;
- other personal data provided by you or by a third party when entering into or during the term of a contract with BHC and in particular: full name, unique nationality number or ID number of a foreigner, permanent address of a proxy as stated in a document in which you have authorized him/her to represent them; social networking account details, contact details, contact person; username, password (when registering on the BHC website or other similar service); data provided when participating in initiatives or campaigns organized by BHC, including — but not limited to — through social networks.
Where we process your basic personal data and traffic data and the other data described for the purposes of providing products and services, for their payment, for fulfilling your requests for services, and in order to comply with our legal obligations, this processing is mandatory for the fulfilment of these purposes. Without this data, we could not provide the relevant services. If you do not provide us with identification data, we would not be able to enter into a product or service contract with you.
BHC does not use automated algorithms.
How we protect your personal data
In order to ensure adequate data protection for the oeganization and its clients, we apply all necessary organizational and technical measures provided for in the Personal Data Protection Act.
In order to maximize the security of the processing, transmission and storage of your data, we may use additional security mechanisms such as encryption, pseudonymization, etc.
When we delete your personal data
As a rule, we stop using your personal data for the purposes related to the contractual relationship after the termination of the contract, but we do not delete it before the expiration of one year from the termination of the contract or until the final settlement of all financial obligations and the expiration of statutory data retention obligations, such as: obligations under the Electronic Communications Act to store and provide information for the purposes of detection and investigation of crime (6 months), obligations under the Accounting Act Please note that we will not delete or anonymise your personal data if it is necessary for a pending judicial, administrative or complaint proceeding before us. BHC retains data necessary for payment within the time limits set by applicable law.
Your data may also be anonymised. Anonymisation is an alternative to data erasure. In the case of anonymisation, all personally identifiable elements are irreversibly deleted. For anonymised data, there is no legal obligation to delete as it does not constitute personal data.
When and why we share personal data with third parties
We provide your personal data to third parties as our main aim is to offer you a quality, fast and comprehensive service by making sure that the products and services we offer you meet your expectations. We do not provide your personal data to third parties until we are satisfied that all technical and organisational measures have been taken to protect that data and we aim to implement strict controls to fulfil this purpose. In this case, we remain responsible for the confidentiality and security of your data.
We provide personal data to the following categories of recipients (data controllers):
Persons processing data on behalf of BHC:
- postal operators with a view to sending parcels containing correspondence with you, contracts, supplementary agreements and other documents and the need to authenticate your identity when delivering them;
- persons who, on assignment, maintain equipment, software and hardware used to process personal data and necessary for the operation of BHC and to perform various reporting services, payment for services and products, etc.;
- persons providing service support for office equipment;
- persons employed on a civilian contract by BHC, assisting in the processes of sales, logistics, delivery, provision of services, etc.;
- volunteers assisting with sales, logistics, shipping, service delivery, etc.;
- banks to service payments made by you;
- security companies licensed to carry out private security activities in connection with the processing of audio and/or video recordings from BHC sites and/or ensuring the access regime at the sites;
- persons providing services for the organisation, preservation, indexing and destruction of paper and/or electronic records;
- persons providing consultancy services in various fields;
- partner organisations, solicitors or law firms where your consent has been obtained for these activities where such consent is required under applicable law.
Persons processing the data on their own behalf
- competent authorities which, by virtue of a legal act, have the power to require the provision of information, including personal data, such as - courts, prosecutor's office, various regulatory authorities such as the Consumer Protection Commission, Personal Data Protection Commission, authorities with powers to protect national security and public order;
- electronic communications operators in view of the need to provide electronic communications services;
- providers of electronic certification services, where a document relating to the provision of a product or service is signed with an electronic signature;
- postal operators when providing postal services.
When BHC also acts as a processor of personal data for the services of its partners
In some situations, we process your personal data for products and services we provide as a partner to third parties. In these cases, BHC acts on the instructions of the relevant partner and processes your data in accordance with its rules and requirements, but while maintaining the organisation's high standards for handling sensitive information and taking all necessary technical and organisational measures to protect the data.
Your rights in relation to the processing of your personal data
Право на информация:
Вие имате право да поискате от нас информация дали и до каква степен обработваме личните данни. За да заявите такава, моля, изтеглете формуляр от тук, попълнете го и ни го изпратете чрез електронна или обикновена поща.
Право на корекция:
В случай че обработваме непълни или сгрешени/грешни данни, Вие имате право, по всяко време, да поискате да ги коригираме или допълним.
Право на изтриване:
Можете да поискате изтриване на личните данни, отнасящи се до Вас, в случай че обработваме тези данни без правно основание. Моля, обърнете внимание, че може да има причини изтриването да не се извърши веднага, поради наличие на нормативно изискване за запазване на данните.
Право на ограничаване на обработването:
Можете да поискате ограничаване на обработващите се персонализиращи данни, ако:
- оспорвате верността на данните, за периода, в който трябва да проверим верността им; или
- обработването на данните е без правно основание, но вместо да ги изтрием, Вие искате тяхното ограничено обработване; или
- повече нямаме нужда от тези данни (за определената цел), но Вие имате нужда от тях за установяването, упражняването или защитата на правни претенции; или
- сте подали възражение за обработването да данните, в очакване на проверка за законните основания на администратора.
Право на преносимост на данни:
Можете да поискате от нас да предоставим личните данни, които сте поверили на нашата грижа в организиран, подреден, структуриран, общоприет електронен формат, ако:
- обработваме данните съгласно договора и базирано на декларацията за съгласие, която може да бъде оттеглена или на договорно задължение;
- обработването се извършва автоматично.
Право на възражение:
В случай че обработваме данни за цели/задачи, задача от обществен интерес или при упражняването на официални правомощия, които са ни предоставени, или сме посочили, че обработване на данните за наш легитимен интерес, можете да възразите срещу обработването на данните.
Право на жалба:
В случай че смятате, че нарушаваме приложимата нормативна уредба, Ви молим да се свържете с нас за изясняване на въпроса и предприемане от наша страна на необходимото за прекратяване на нарушението. Имате също така право да подадете жалба пред Комисията за защита на личните данни. Mожете да подадете жалба и пред регулаторен орган, в рамките на ЕС.
Право на възражение срещу обработка поради наш легитимен интерес:
Когато обработваме лични данни поради наш легитимен интерес, имате право по всяко време да направите възражение срещу обработване на лични данни, отнасящо се до Вас.
Competent data protection authorities:
За жалба имате право да сезирате Комисия за защита на личните данни с адрес 1592 София, бул. „Проф. Цветан Лазаров“ № 2, тел: 02 915 3518 и електронен пощенски адрес: email@example.com в срок от 6 месеца от узнаване на нарушението, но не по-късно от две години от извършването му. При отказ за достъп до лични данни или корекция на същите, имате право да се обърнете към комисията за съдействие при упражняване на правата.
Заявленията за упражняване на правата се подават лично или от изрично упълномощено от Вас лице, като в случаите, когато пълномощникът не е адвокат, пълномощното следва да е нотариално заверено. В случай, че заявлението се подава по пощата или писмено, без сверяване на документ за самоличност от представител на БХК, то заявлението следва да е с нотариална заверка на подписа. Заявление може да бъде отправено и по електронен път, подписано с квалифициран електронен подпис. Заявлението следва да съдържа: а) име, адрес, единен граждански номер или личен номер на чужденец или друг аналогичен идентификатор, или други идентификационни данни на физическото лице; б) описание на искането; в) предпочитана форма за комуникация и действия по чл. 15 – 22 от ОРЗД (Регламент (ЕС) 2016/679); г) подпис, дата на подаване на заявлението и адрес за кореспонденция; д) при подаване на заявление от упълномощено лице към заявлението се прилага и съответното пълномощно.
Personal data breach notification
Когато има вероятност нарушението на сигурността на личните данни да породи висок риск за правата и свободите Ви, БХК Ви изпраща надлежно уведомление за нарушението на сигурността.
Не изпращаме уведомление, ако някое от следните условия е изпълнено:
- предприели сме подходящи технически и организационни мерки за защита на личните Ви данни, засегнати от нарушението на сигурността;
- взели сме впоследствие мерки, които гарантират, че вече няма вероятност да се материализира високият риск за правата и свободите Ви;
- индивидуалното уведомлението изисква усилия, които са непропорционални. В такъв случай правим публично съобщение или вземаме друга подобна мярка, така че да бъдете в еднаква степен ефективно информирани.
Relevance and policy changes