Privacy and Data Protection Policy

Privacy and data protection policy

The company BRANDMARK (hereinafter referred to as “BRANDMARK”) places great importance on the proper management and protection of the personal data it processes.

These terms aim to establish the principles governing the processing of personal data by BRANDMARK.

This policy applies to all data processing activities carried out by BRANDMARK in its capacity as a data controller.

This policy may be amended at any time. In case of changes, the new version will be communicated to the affected individuals in an appropriate manner and will become binding from the moment it is published.

DEFINITIONS

Personal Data—any information relating to an identified or identifiable natural person (“Data Subject”), directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity.

Data Controller – a natural or legal person who determines the purposes and means of processing personal data.

Data Processor – a natural or legal person who processes personal data on behalf of the controller.

Recipient – a natural or legal person to whom personal data are disclosed, whether a third party or not.

Third Party—any person or organization other than the data subject, the controller, the processor, or persons authorized to process the data under the direct authority of the controller or processor.

Consent – any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement, through a statement or clear affirmative action, to the processing of their personal data.

DATA COLLECTED

This policy applies to all personal data processed by BRANDMARK in its capacity as a controller. This may include data related to employees, suppliers, partners, potential clients, and customers.

BRANDMARK may collect the following data:

  • first and last name

  • email address

  • gender

  • phone number

  • postal address

  • age / date of birth

  • billing information

  • marketing inquiry data

  • contact and access information, etc.

MAIN PRINCIPLES

Personal data are processed lawfully, fairly, transparently, and proportionately.

Data are collected for specific, explicit, and legitimate purposes and processed only to the extent necessary to achieve those purposes.

Personal data are stored for no longer than necessary for the purposes of processing.

INFORMATION PROVIDED TO DATA SUBJECTS

When collecting personal data, BRANDMARK provides information regarding:

  • the identity and contact details of the controller

  • the purposes and legal basis for processing

  • the recipients of the data

  • any intention to transfer data outside the EU

  • the retention period

  • the existence of profiling (if applicable)

  • the source of the data (if applicable)

This information is provided at the time of collection or during the first contact with the data subject.

DATA SUBJECT RIGHTS

Data subjects have the right to:

  • access their personal data

  • rectification

  • erasure

  • data portability

  • restriction of processing

  • object to processing

Requests may be sent to:

contacts@brandmark.bg

Each request must be clearly formulated and accompanied by proof of identity.

Complaints may be submitted to:

Commission for Personal Data Protection
2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Phone: +359 (2) 91-53-519
Email: kzld@cpdp.bg
www.cpdp.bg

DATA RECIPIENTS

Data may be processed by authorized employees of BRANDMARK, as well as by subcontractors or partners, only within the scope of the tasks assigned to them.

All partners are required to comply with applicable legislation and guarantee the confidentiality of the data.

Data may be disclosed to public authorities in accordance with the law.

DATA STORAGE

Data are stored in databases of BRANDMARK or its service providers.

In some cases, data may be stored on servers located outside the EU for technical reasons.

DATA SECURITY

BRANDMARK implements appropriate technical, organizational, and physical measures to protect personal data against unauthorized access, loss, or destruction.

These measures may include pseudonymization and encryption.

In the event of a security breach, BRANDMARK will notify the competent authority within 72 hours when applicable.

TRANSFER OUTSIDE THE EUROPEAN ECONOMIC AREA

Personal data may be transferred to countries outside the EEA. In such cases, appropriate contractual and organizational safeguards are applied to ensure data protection in accordance with the requirements of European legislation.

GDPR