Introduction
Dear Users, please pay attention to the text of this CONFIDENTIALITY AND DATA PROTECTION POLICY of "МЕТТА" Ltd (the "Confidentiality Policy"). The Confidentiality Policy concerns all our clients – both natural persons and legal entities. The idea behind this policy is to be clear about the personal information we collect and process when entering into a contract or accepting a reservation request, the way it is used and the rights you have as a are as a personal data subject.
If you have any questions about the way your personal information is protected, please do not hesitate to contact us at the phone and e-mail provided below.
Information about the personal data administrator
"МЕТТА" Ltd. is a company registered in the Commercial Register and the register for NPOs with UIC 203702459, head and registered office: Sofia 12619, Sofia Municipality -Vitosha Area, 10 Sarnela St, Tel: +359 885 697760; e-mail: smartrentacar@abv.bg
Contact details for the Data Protection Officer
"METTA" Ltd
address: Sofia, 10 sarnela str
e-mail: smartrentacar@abv.bg
Data Protection Officer: Yasen Tchervenkov
Definitions
- "personal data" means any information about an identifiеd natural person, or a natural person that can be identified ('data subject'); an identifiable natural person is a person that can be identified, directly or indirectly, by an identifier in particular, such as name, identification number, location data, online identifier or by one or more marks, specific to the physical, physiological, genetic, psychical, mental, economic, cultural or social identity of that individual;
- "processing" means any operation or set of operations, using personal data or a set of personal data through automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission, dissemination or other means by which data becomes available, arranging or combining, restricting, deleting or destroying;
- "limitation of processing" means the marking of stored personal data in order to limit its processing in the future;
- "administrator" means a natural or legal person, public body, agency or other entity which, alone or jointly with others, defines the purposes and means of data processing;
- "personal data processor" means a natural or legal person, a public authority, an agency or other entity that processes personal data on behalf of the administrator;
- "recipient" means a natural or legal person, public authority, agency, or other entity to which personal data is disclosed, irrespective of whether it is a third party;
- "third party" means a natural or legal person, public authority, agency or other body other than the data subject, who are entitled to data processing under the direct authority of the administrator or the data processor;
- "data subject consent" means any free expression, specific, informed and unambiguous indication of the will of the data subject by means of statement or a clear confirming action, expressing that person’s agreement to have their personal data processed.
Basic principles for the processing of personal data
When collecting and processing your personal data, we are guided entirely by the principles of legality, good faith and conscientiousness, the relevance of data processing to the relevant objectives, accuracy and timeliness of the data processed.
The following personal data is collected and processed for the purpose of concluding contracts for the services we provide and the fulfillment of the obligations assumed under them, as well as for the fulfillment of statutory obligations.
In view of the above, without your personal data as described below, it is not possible to conclude with you a contract for the use of our services.
For what purposes and on what legal basis is your personal data processed:
Regarding performance of contract or in relation to pre-contractual relationships:
We process your credentials and other personal data in order to provide the services you request, to perform our contractual and pre-contractual obligations, and to use the rights under the contracts concluded with you.
The processing of your personal data is done with a view of
- identifying the customer;
- making contact with the client in connection with the services they have requested or in order to fulfill our obligations under a contract concluded with the client;
- managing and executing your requests in connection with the conclusion or performance of a contract for the services we provide;
- preparing and sending invoices for payments due on your requests or contracts;
- ensuring your complete service needs;
- collecting the due amounts for the services used;
- processing by a data processor upon conclusion of a relevant contract with a personal data processor.
With a view of meeting our legal obligations
We process your credentials, invoice and payment details and other personal data in order to comply with our statutory obligations, including but not limited to:
- providing information to the Commission for the Protection of Consumers or Third Parties, provided for in the Consumer Protection Act;
- provision of information to the Commission for the protection of personal data;
- fulfillment of obligations provided for in the Accountancy Act and the Tax and Social Insurance Procedure Code, as well as other related normative acts;
- providing information to the court and third parties, in proceedings before a court, in accordance with the requirements of procedural and substantive legal acts applicable to the proceedings.
To protect the legitimate interest of the Company
We process the data from your identity documents and driving licenses in order to protect our property and to provide information to the law enforcement agencies in case of violations of the Road Traffic Law.
Please note that your personal data is not collected and/or processed for direct marketing purposes.
What kind of data we process:
Identification data
full name, personal number or personal number of a foreigner, permanent address;
Other data
information about the type and content of the contractual relationship, as well as any other information related to the contractual relationship, including:
- personal contact details - contact address, phone number, email;
- credit or debit card information, bank account number or other bank and payment information related to payments under our contracts;
- e-mail and information about user requests, complaints, requests for assistance;
- other feedback we receive from you;
• data provided through our website;
• other personal data provided by you or by a third party upon the conclusion of a contract or during our contractual relations, including but not limited to: full name, personal number or personal identification number of a foreigner, permanent address of a proxy and other data specified in the document on the basis of which the third party is authorized and the contact details of the person concerned.
The Company does not collect and process special categories of personal data, the so-called sensitive data, and does not collect and process personal data of children.
How we protect your personal information
In order to ensure adequate protection of your personal data, we apply all the necessary organizational and technical measures provided for in Regulation 2016/679 of the European Parliament and the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and The Privacy Act. In addition, we have the Data Protection Officer who supports the processes of protecting and safeguarding your data. For the sake of maximum security when processing, transferring and storing your data, we also use additional protection mechanisms such as encryption, pseudonymisation, etc., depending on the specific case.
Personal data storage period
The length of period your personal data is stored depends on the purposes of its processing, in which case the use of your personal data will generally cease by terminating the contractual relationship between you and us. However, your personal data is not deleted directly but is retained with a view to finalizing all financial obligations and the expiry of the statutory data storage obligations, such as, for example, the obligations to store and process accounting data under the Accountancy Act (11 years); the expiry of the limitation periods laid down in the Law on Obligations and Contracts (5 years); the expiry of the time limits for the provision of information to the court, the competent state authorities, and other grounds provided by the applicable legislation (5 years).
Information about the processing of your personal data
The Company collects, stores and processes your personal data on one of the above-mentioned grounds by providing this personal data to data processors, who, on the basis of contracts with us, process your personal data, on our behalf, by way of direct/indirect access to your personal data:
- companies providing accounting advisory services for our correct and accurate accounting;
- transport/courier companies – for sending to your address documents on paper, concerning contracts with you;
- persons who, by our assignment, support the equipment and software used to process your personal data;
- persons providing end-user maintenance services;
- banks processing the payments made by you.
Your rights in connection with your personal data processing:
Rights to access your personal information:
You have the right to request and receive the following information:
- Whether we handle any data that is relevant to you;
- What are the purposes of data processing, what are the categories of personal data we process, which are the recipients or categories of recipients we disclose the collected data to.
The above information shall be comprehensible and shall contain the personal data processed, as well as any available information about its source.
Right to rectification:
You may at any time request to correct incomplete or inaccurate personal data.
Right to delete (right to be forgotten):
Where any of the following grounds apply, you may request that your personal data be deleted if:
- your personal data is no longer needed for the purposes for which it was collected or processed;
- your personal data has been tampered with.
Right to Limit Processing:
You can request to limit the processing of your customizable data if you dispute the correctness of the data. In such a dispute, the use of your data shall be suspended until its accuracy has been verified.
Right to judicial and administrative protection:
If you believe that we are in any way violating the applicable legal framework, please contact us to clarify the issue.
You are entitled to file a complaint with the Personal Data Protection Commission at the following email address: https://www.cpdp.bg/