PRIVACY POLICY
General Information
As of May 25, 2018, a new regulation on the protection of personal data (General Data Protection Regulation) adopted by the European Union comes into effect. The regulation aims to ensure the protection of individuals’ data from all EU member states and to harmonize the regulations for their processing.
In cases where the company acts as a data controller in providing services, it complies with all requirements of the new regulation, collecting only the data of individuals to the extent necessary for providing the service, and storing it responsibly and lawfully.
What You Need to Know
You use the Services without needing to be identified as a data subject by the controller, and when providing the Service, there is no requirement to further verify your identity.
The company uses the data you provide solely for the purposes of the Service provided under this policy and the General Terms of Service of the Company.
The company does not use the data you provide in any way for profiling in the sense described in this policy.
Data that is necessary for providing the Service and may be considered “personal data” within the meaning of REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL includes name, email, phone, and IP address, in general.
For the purposes of this policy, the terms and expressions used will have the following meanings:
– The GPT Interface website (https://gpt-interface.com) is a website owned by “IT Galaxy” Ltd., referred to as THE COMPANY, through which USERS are provided with informational services and resources described in the General Terms;
– “Address” (“IP address”) is a unique identification number associating a device, web page, or user resource in a way that allows its localization in the global Internet network;
– “USER” is any person who uses the informational services and resources provided through the GPT Interface website;
– “User Content” is any video material, image, text, photos, multimedia content, or other material that the USER uploads to the Company’s Server for it to be accessible through the GPT Interface website to all other USERS;
– “personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person;
– “processing” means any operation or set of operations performed on personal data or sets of personal data, whether by automated means or otherwise, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction;
– “restriction of processing” means marking stored personal data with the aim of limiting their processing in the future;
– “profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements;
– “pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person;
– “personal data register” means any structured set of personal data which is accessible according to specific criteria, whether centralized, decentralized, or distributed according to functional or geographical principles;
– “controller” means a natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for its designation may be provided for by Union law or the law of a Member State;
– “data processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller;
– “recipient” means a natural or legal person, public authority, agency, or other body to which the personal data are disclosed, whether a third party or not. Public authorities that may receive personal data in the course of a specific inquiry in accordance with Union law or the law of a Member State are also considered recipients;
– “third party” means a natural or legal person, public authority, agency, or body other than the data subject, the controller, the data processor, and the persons who, under the direct authority of the controller or the data processor, are authorized to process personal data;
– “consent of the data subject” means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes, by a statement or by a clear affirmative action, which signifies agreement to the processing of personal data relating to them;
– “information society service” means a service within the meaning of Article 1(1)(b) of Directive (EU) 2015/1535 of the European Parliament and of the Council (1);
Information about the Data Controller
- Name: “IT Galaxy” Ltd.
- UIC/BULSTAT: 206065163
- Head office and management address: Sofia, 1797, Student District, “Musagenitsa” Blvd. 91-B, Entrance B, Floor 1, Apt. 50
- Address for conducting activities: Sofia, 1797, Student District, “Musagenitsa” Blvd. 91-B, Entrance B, Floor 1, Apt. 50
- Correspondence address: Sofia, 1797, Student District, “Musagenitsa” Blvd. 91-B, Entrance B, Floor 1, Apt. 50
- Email: info@gpt-interface.com
- Phone: +359988962512
Information about the Data Processor
- Name: “SuperHosting.BG” Ltd.
- UIC/BULSTAT: 131449987
- Head office and management address: Sofia, 1797, Izgrev District, East Quarter, “Dr. G. M. Dimitrov” Blvd. No. 36
- Address for conducting activities: Sofia, 1797, Izgrev District, East Quarter, “Dr. G. M. Dimitrov” Blvd. No. 36
- Correspondence address: Sofia, 1797, East Quarter, “Dr. G. M. Dimitrov” Blvd. No. 36
- Email: dpo@superhosting.bg
- Phone: 0700 45 800, 02 81 08 999
- Data Controller Registration Number: 0021684
Information about the Competent Supervisory Authority
- Name: Commission for Personal Data Protection
- Head office and management address: Sofia 1592, “Prof. Tsvetan Lazarov” Blvd. No. 2
- Correspondence address: Sofia 1592, “Prof. Tsvetan Lazarov” Blvd. No. 2
- Phone: 02 915 3 518
- Email: kzld@government.bg, kzld@cpdp.bg
- Website: www.cpdp.bg
The company operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data.
Basis for Collecting, Processing, and Storing Your Personal Data
Art. 1. (1) The company collects and processes your personal data solely in connection with the provision of services, according to the general terms, and specifically based on the following:
1. Explicit consent obtained from you as a client;
2. Fulfillment of the company’s obligations under the agreement concluded with you;
3. Compliance with a legal obligation applicable to the company;
4. For the purposes of the legitimate interest of the company, in connection with the use of our services, including for the following purposes:
4.1. User registration;
4.2. Subscription;
5. Protection of information security;
6. Ensuring the fulfillment of the contract for providing the respective service;
7. Sending informational messages, notifications about changes in the service, recommendations for improving the use of the platform, etc.
Art. 1. (2) The company adheres to the following principles when processing your personal data:
1. Lawfulness, fairness, and transparency;
2. Purpose limitation;
3. Data minimization;
4. Accuracy and up-to-date data;
5. Storage limitation;
6. Integrity and confidentiality of processing and ensuring an appropriate level of security for personal data.
Processed and Stored Data by the Company in Connection with Providing the Services.
Art. 2. (1) Information you provide.
You decide whether and how to use the services provided by the company. In the forms through which data is entered, we clearly indicate the mandatory or voluntary nature of providing the data. The data that is mandatory to fill in are those without which we cannot provide the respective service or part of it.
1. Registration and profile
1.1. Name;
1.2. Surname;
1.3. Country;
1.4. City (locality);
1.5. Address;
1.6. Postal code of the locality;
1.7. Contact email;
1.8. Contact phone;
1.9. Access password;
1.10. Consent to the General Terms;
1.11. Consent to this policy.
2. Profile editing.
2.1. No additional data is required, but there is an option to edit the data provided in item 1.
3. Profile deletion.
3.1. No additional data is required; the data in item 1 will be deleted.
4. You can add data for a legal entity for invoicing.
Art. 2. (2) Automatically stored information.
1. Logs
1.1. We store the IP address, date, time, and information unit that has been manipulated in log files.
1.2. Log files are kept in cases related to security, technical support, and development, for measuring site traffic and usability, etc., as well as in cases where this is required by law.
1.3. The following logs are used on the site:
1.3.1. Upon registration;
1.3.2. Upon login;
1.3.3. Upon sharing;
1.3.4. Upon profile deletion;
2. Cookies
2.1. The use of cookies is necessary for the functioning of the site when logging into the profile.
2.2. Acceptance of this policy and the General Terms for providing the service.
2.3. Cookies are also used for managing advertising banners, without being associated with user accounts.
2.4. The cookies used by the Administrator do not store information (personal data) that would allow the identification of the User as a natural person.
2.5. Cookies may also be installed by third parties for advertising goods and services that may be of interest to you during your visit to the site and other sites. The Administrator has no access to or control over the use of these cookies. These cookies also collect information about how the site is used, such as which site referred you to the site, which web pages you visited on the site, information about your visits to other sites, but do not collect information such as names, email addresses, other contact information, or other personal data that could enable a third party to identify or contact you.
2.6. The Administrator uses analytics systems related to various search engine internet implementations. Google Analytics is a web analytics service of Google Inc. (“Google”). Google Analytics uses a specific cookie that is stored on your computer and allows for the analysis of how you use the site. Google will use the information generated by the cookies on our behalf to evaluate the use of our site, prepare reports on site activity, and provide us with these reports for analysis. Information about their use of cookies can be found on their website (https://www.google.com/policies/privacy/).
2.7. You have the right at any time to disable and/or delete cookies on your device. For more information, please refer to the “Help” section of your browser.
Art. 3. (1) Storage period.
1. Data you provide to us:
1.1. Upon registration, we store them indefinitely until the profile is deleted;
2. Data we collect automatically:
2.1. Log files
2.1.1. Registration – up to one year after the information unit is deleted;
2.1.2. Login – up to one year after the information unit is deleted;
2.1.3. Sharing – up to one year after the information unit is deleted;
2.2. Cookies
2.2.1. For the session within the session or until the “Logout” button is pressed;
2.2.2. For declaring acceptance of this policy and the General Terms, up to the maximum period defined by your browser settings.
Art. 4. (1) Backup.
To ensure the reliability of the Services and to prevent data loss for technical reasons, a data backup policy is applied on the site. The maximum period for updating (including deleting data) all backups is 30 days.
Art. 5. (1) Provision of information to third parties.
The company does not provide your personal data to third parties in any way other than as described in this Policy, the Terms, and the cases provided by law.
Your personal data may be provided to third parties only in the following cases:
- when this is provided for by law;
- if requested in a proper manner by a competent state or judicial authority;
- when this is necessary for the protection of the rights and legitimate interests of the Company and/or other users of the Services.
Art. 6. (1) Right to Information.
This Policy aims to inform you in detail about the processing of your personal data in connection with the services provided.
Art. 7. (1) Right to Rectification.
You have the right and the ability to correct all data you have provided if they are incomplete or inaccurate. You can correct the data you have provided to us at any time through your profile.
Art. 8. (1) Right to Deletion.
You have the right and the ability to delete all data and content you have provided under Art. 2. (1).
1. Profile deletion – you need to log into your profile with the username and password you set during registration. By pressing the “delete” button, all data you provided during registration and communication with the models will be deleted, except for the log files described in Art. 2 and data for completed payments, if any.
After closing the profile, all data that is part of it will be deleted. In connection with our obligations, responsibilities, and legal requirements:
- for a period of up to 1 (one) year, logs are stored for the purpose of resolving possible disputes that arose or became known after the termination of the agreement for using the Services;
- for a period of up to 5 (five) years, data for completed payments for purchasing subscriptions are stored.
The data is deleted after the expiration of the specified period. In the meantime, they may only be provided in the proper manner to the competent state authorities when exercising their supervisory powers or to a competent court in the event of legal proceedings in which they are involved. In the event of a legal dispute or proceedings requiring data retention and/or a request from a competent state authority, it is possible to retain data for longer than the specified periods until the final resolution of the dispute or proceedings before all instances.
Art. 8. (2) Cookie Control in the Browser.
If you wish, you can also use your browser settings to delete and/or block cookies from specific or all sites. You can learn more about this at aboutcookies.org.
Art. 9. (1) Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless the grounds for this are provided for in applicable data protection legislation and appropriate safeguards for the protection of your rights, freedoms, and legitimate interests are provided.
In providing the Services on the Site, technologies falling into this category are not used.
Art. 10. (1) Accuracy of Information.
The company is not responsible for the accuracy of the data you provide, does not perform checks in this regard, and does not guarantee the actual identity of the persons providing the data. In all cases of doubt on your part, established fraud, and/or abuse, please notify us immediately. You are obliged when providing any information on the Site not to violate the rights of others in relation to the protection of their personal data or other rights.