PERSONAL DATA PROTECTION POLICY

General Information

As of May 25, 2018, a new regulation for the protection of personal data (General Data Protection Regulation) adopted by the European Union comes into force. The regulation aims to guarantee the protection of the data of individuals from all EU member states and to unify the regulations for their processing.

In cases where the company acts as a personal data administrator in the provision of services, it meets all the requirements of the new regulation, collecting only the data of individuals as much as necessary for the provision of the service, and keeps them responsibly and legally.

What is important to know

You use the Services without needing to be identified as a data subject by the administrator and when providing the Service you are not required to additionally verify your identity.

The company uses the data provided by you only for the purposes of the Service, provided in accordance with this policy and the General Terms and Conditions for the provision of the Service by the Company.

The company does not use in any way the data provided by you for the purpose of profiling in the sense described in this policy.

Data necessary for the provision of the Service and may be considered as “personal data” within the meaning of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL are name, e-mail, telephone and IP address, in general.

For the purposes of this policy, the terms and expressions used will have the following meaning:

– The GPT Interface website (https://gpt-interface.com) is a website owned by “IT Galaxy” Ltd., called the COMPANY, through which the USERS are provided with information services and resources described in the General Terms and Conditions;

– “Address” (“IP address”) is a unique identification number associating a device, Internet page or user resource in a way that allows its localization in the global Internet network;

– “USER” is any person who uses the information services and resources provided through the GPT Interface website;

– “User Content” is any video material, image, text, photos, multimedia content or other material that the USER places on the Company’s Server in order for it to be accessible through the GPT Interface website to all other USERS;

– “personal data” means any information related to an identified natural person or a natural person who can be identified (“data subject”); a natural person who can be identified is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, identification number, location data, online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

– “processing” means any operation or set of operations performed on personal data or a set of personal data by automatic or other means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

– “restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future;

– “profiling” means any form of automated processing of personal data consisting in the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

– “pseudonymization” means the processing of personal data in such a way that the personal data can no longer be associated with a specific data subject without the use of additional information, provided that it is kept separately and is subject to technical and organizational measures to ensure that the personal data are not associated with an identified or identifiable natural person;

– “personal data filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis;

– “controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

– “processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller;

– “recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. At the same time, public authorities that may receive personal data in the course of a specific investigation in accordance with Union law or the law of 4.5.2016 L 119/33 Official Journal of the European Union BG;

– “third party” means a natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or processor, are authorized to process personal data;

– “data subject’s consent” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by way of a statement or by a clear affirmative action, expressing his or her consent to the processing of personal data relating to him or her;

– “information society service” means a service as defined in Article 1, paragraph 1, point b) of Directive (EU) 2015/1535 of the European Parliament and of the Council (1);

Personal Data Administrator Information

  • Name: “IT Galaxy” Ltd.
  • EIK/BULSTAT: 206065163
  • Headquarters and management address: Sofia, 1797, Student district, “Musagenitsa” bl.91-B, ent. V, fl.1, ap.50
  • Address for conducting the activity: Sofia, 1797, Student district, “Musagenitsa” bl.91-B, ent. V, fl.1, ap.50
  • Correspondence data: Sofia, 1797, Student district, “Musagenitsa” bl.91-B, ent. V, fl.1, ap.50
  • E-mail: info@gpt-interface.com
  • Phone: +359988962512

Personal Data Operator Information

  • Name: “SuperHosting.BG” Ltd.
  • EIK/BULSTAT: 131449987
  • Headquarters and management address: Sofia, 1797, Izgrev district, Izgrev blvd. “Dr. G. M. Dimitrov” No. 36
  • Address for conducting the activity: Sofia, 1797, Izgrev district, Izgrev blvd. “Dr. G. M. Dimitrov” No. 36
  • Correspondence data: Sofia, 1797, Izgrev district, Izgrev blvd. “Dr. G. M. Dimitrov” No. 36
  • E-mail: dpo@superhosting.bg
  • Phone: 0700 45 800, 02 81 08 999
  • Personal data administrator certificate number No. 0021684

Information about the competent supervisory authority

  • Name: Commission for Personal Data Protection
  • Headquarters and management address: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2
  • Correspondence data: Sofia 1592, Prof. Tsvetan Lazarov Blvd. No. 2
  • Phone: 02 915 3 518
  • Email: kzld@government.bg, kzld@cpdp.bg
  • Website: www.cpdp.bg

The company carries out its activities in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

Basis for collecting, processing and storing your personal data

Art. 1. (1) The Company collects and processes your personal data only in connection with the provision of services, according to the general terms and conditions, and in particular on the basis of the following:
1. Explicitly obtained consent from you as a customer;
2. Fulfillment of the Company’s obligations under the agreement concluded with you;
3. Compliance with a legal obligation applicable to the Company;
4. For the purposes of the legitimate interest of the Company, in connection with the use of our services, including for the following purposes:
4.1. User registration;
4.2. Subscription;
5. Protection of information security;
6. Ensuring the performance of the contract for the provision of the respective service;
7. Sending informational messages, messages about changes in the service, recommendations for improving the use of the platform, etc.

Art. 1. (2) The Company adheres to the following principles in processing your personal data:
1. Legality, good faith and transparency;
2. Limitation of the purposes of processing;
3. Proportionality with the purposes of processing and minimization of collected data;
4. Accuracy and timeliness of data;
5. Limitation of storage in order to achieve the goals;
6. Integrity and confidentiality of processing and ensuring an appropriate level of security of personal data.

Processed and stored data by the Company in connection with the provision of the Services.

Art. 2. (2) Automatically stored information.
1. Logs
1.1. In log files we keep IP address, date, time and information unit that has been manipulated.
1.2. We keep a log file in cases related to security, technical support and development, for measuring the attendance and usability of the Site and others, as well as in cases where this is required by law.
1.3. The following logs are used on the Site:
1.3.1. Upon registration;
1.3.2. Upon login;
1.3.3. When sharing;
1.3.4. When deleting a profile;
2. Cookies
2.1. The use of cookies is necessary for the operation of the Site when logging into a profile.
2.2. Acceptance of this policy and the General Terms and Conditions for the provision of the Service.
2.3. Cookies are also used to manage advertising banners, without them being associated with user accounts.
2.4. The cookies used by the Administrator do not store information (personal data) that allows the identification of the User as a natural person.
2.5. Cookies can also be installed by third parties, for the purpose of advertising goods and services that may be of interest to you during your visit to the site and other sites. The Administrator does not have access to or control over the use of these cookies. These cookies also collect information about how you use the Site, such as which site referred you to the Site, which web pages you visited on the site, information about your visits to other sites, but do not collect information such as names, email address, other contact information or other personal data that could allow a third party to identify you or contact you.
2.6. The Administrator uses analysis systems related to various search engine internet implementations. Google Analytics is an internet analysis service of Google Inc. (“Google”). Google Analytics uses a specific cookie that is stored on your computer and allows analysis of how you use the site. Google will use the information created by the cookies on our behalf to evaluate the use of our site, prepare reports on site activity, and provide us with these reports for analysis. Information about their use of cookies can be found on their site ( https://www.google.com/policies/privacy/ ).
2.7. You have the right at any time to prohibit and/or delete cookies on your device. For more information, please refer to the “Help” section of your browser.

Art. 3. (1) Retention period.
1. Data you provide to us:
1.1. Upon registration, we store it indefinitely, until the profile is deleted;
2. Data we collect automatically:
2.1. Log files
2.1.1. Registration – up to one year after the information unit is deleted;
2.1.2. Login – up to one year after the information unit is deleted;
2.1.3. Sharing – up to one year after the information unit is deleted;
2.2. Cookies
2.2.1. For the session within the session or until the “Exit” button is pressed;
2.2.2. To declare acceptance of this policy and the Terms and Conditions, up to the maximum period determined by your browser settings.

Art. 4. (1) Backup.
In order to ensure the reliability of the Services and prevent data loss for technical reasons, the Site applies a data backup policy. The maximum period for updating (incl. data deletion) of all backup copies is 30 days.

Art. 5. (1) Provision of information to third parties.
The Company does not provide your personal data to third parties, in any other way than described in this Policy, the Terms and Conditions and the cases provided for by law.
Your personal data may be provided to third parties only in the following cases:

  • when provided for by law;
  • if requested in a proper manner by a competent state or judicial authority;
  • when necessary to protect the rights and legitimate interests of the Company and/or other users of the Services.

Art. 6. (1) Right to information.
This Policy aims to inform you in detail about the processing of your personal data in connection with the Services provided.

Art. 7. (1) Right to rectification.
You have the right and opportunity to correct all data you have provided, in case they are incomplete or inaccurate. You have the opportunity to correct the data you have provided to us, at any time through your profile.

Art. 8. (1) Right to erasure.
You have the right and opportunity to delete all data and content that you have provided under Art. 2. (1).
1. Deleting a profile – you need to log into your profile, with the username and password you have set during registration. By pressing the “delete” button, all data you have provided during registration and communication with the models will be deleted, except for the log files described in Art.2 and the data for payments made, if any.
After closing a profile, all data, part of it, is deleted. In connection with our obligations, responsibilities and legal requirements:

  • for a period of up to 1 /one/ year, logs are kept in order to resolve possible disputes that have arisen or become known after the termination of the agreement for the use of the Services;
  • for a period of up to 5 /five/ years, data on payments made for the purchase of subscriptions are kept.

The data is deleted after the expiration of the specified period. In the meantime, they can be provided only and solely in the proper order to the competent state authorities in the exercise of their control powers or to a competent court in case of a court proceeding in which they are related. In case of a legal dispute or proceeding requiring the retention of data and/or a request from a competent state authority, it is possible to retain data for longer than the specified periods until the final conclusion of the dispute or proceeding before all instances.

Art. 8. (2) Control of cookies in the browser.
If you wish, you can use your browser settings to delete and/or prohibit the receipt of cookies from a specific or all sites. You can learn more about this at aboutcookies.org.

Art. 9. (1) Right not to be subject to a decision based solely on automated processing, including profiling, which has legal effects on you or similarly significantly affects you, unless there are grounds provided for in the applicable data protection legislation for this and appropriate guarantees for the protection of your rights, freedoms and legitimate interests are provided.

Technologies falling into this category are not used in the provision of Services on the Site.

Art. 10. (1) Accuracy of information.
The Company is not responsible for the accuracy of the data you provide, does not perform checks in this regard and does not guarantee the actual identity of the persons who have provided the data. In all cases of doubts on your part, established fraud and/or abuse, please notify us immediately. You undertake not to violate the rights of other persons in connection with the protection of their personal data or other their rights when providing any information on the Site.