I. Our Policy
Cleves EOOD, UIC 175238696, having its seat in Sofia, Bulgaria and its address of management at 22, San Stefano Street, 1000 Sofia, Bulgaria (“we”, “us”, “our”), is committed to protecting and respecting your privacy.
This Policy sets out the basis on which we process your personal data in our capacity as personal data controller, as defined in the General Data Protection Regulation (EU) 2016/679 (the “GDPR”). Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

II. What personal data do we collect?
We may collect personal data from you when you use our website, when we enter into a services agreement, as a result of your relationship with us or contact with our staff or clients, or otherwise in the course of our business activities.
In the context of provision of our professional services or otherwise in the course of our professional activity we may process the following categories of personal data:
•    General information about you, such as your name, unified civic number (or other personal identification number, as applicable), industry, company data, position, education and/or professional experience, relationship to an organization, power of representation, etc.

•    Contact details, such as your e-mail address, phone number, postal address, Skype / Viber / WhatsApp ID, LinkedIn profile, etc.

•    Information regarding our contractual relationship, including details about received instructions, performance, accounting and payment data

•    Personal data provided by or on behalf of our clients in relation to an assignment

•    Information collected in the course of your usage of our website

•    Any other information that you have provided to us
When we request personal data directly from you, we kindly ask you to provide us with all categories of requested personal data, as otherwise we would be unable to carry out the processing activities outlined in this Privacy Policy (including, we may be unable to provide you with our services).
If you provide us with personal data of other natural persons, we kindly ask you to provide them, prior to such disclosure, with information about the key terms and conditions under which we shall process their personal data in accordance with this Privacy Policy.

III. How we use your personal data?
We collect and otherwise process your personal data for different purposes and in different manners, primarily in relation to the provision of our professional services. In particular, we use personal data:
a)    To provide the services requested from us

b)    To maintain a contractual relationship with you and our clients

c)    To communicate with you and to provide information requested by you

d)    To fulfil our obligations

e)    For the establishment, exercise or defence of claims

f)    To send you news, publications, and event invitations

g)    To provide and improve our website, and to monitor its use

Services
We process personal data in the course of and in relation to the contractual relationships with our clients. We process information on our clients and their representatives in compliance with our “know-your-customer”, accounting, tax and other obligations.

Direct marketing
If you have provided your consent, we may send you non-business communications such as news, publications, and event invitations. We will only process personal data that you have provided to us in the course of our work together or by following a link for subscription to our mailing list. You can always withdraw your consent by writing to bozhidar.zahariev@cleves.bg.

Cookies and usage of our website
Cookies are small text files that are placed on your device when you visit a website. Cookies are widely used by website owners in order to make them work, or to work more efficiently, as well as to provide reporting information.
We use cookies to collect certain information about the visitors to our website for system administration purposes. This includes details of their device’s IP address, operating system and browser type. In addition, our website uses Google Analytics, a website traffic analysis application that provides real-time statistics and analysis of user interaction, and is used to help us improve our services.
You may refuse to accept cookies or withdraw your consent at any time by selecting the appropriate privacy settings on your internet browser. As the ways in which you can do this vary from browser to browser, please visit your browser’s help menu for further details. Please note that if you choose to reject cookies, doing so may impair some of our website functionality. For more information on cookies, including how to manage and delete them, please visit www.allaboutcookies.org
By using our Website without changing your browser privacy settings, you consent to the usage of cookies by us in the manner described above.

IV. What is the basis for using your personal data?
We use your personal data on the following grounds:
a)    To enter into and perform a contract

b)    To comply with our legal obligations

c)    Consent to send you non-business communications

d)    Our legitimate interests, such as to carry our business activities, to improve our website, and to monitor its use

V. Who do we share your personal data with?
We may disclose your personal data to personal data processors acting on our behalf and assisting us with achieving the purposes of processing outlined above, such as providers of certain services (e.g. IT firms or translation agencies, etc.). These entities will be under contractual obligation for protection of your personal data.
We may otherwise disclose your personal data to third parties only if we are under a duty to do so in order to comply with a legal obligation, or if it is required for the establishment, exercise or defence of legal claims in compliance with the applicable laws.

VI. How long do we keep your personal data?
We comply with the principle that the period for which the personal data are stored is limited to a strict minimum and personal data are not kept longer than necessary for achieving the purposes of processing. We will keep your personal data for the duration of the respective services agreement, and for an additional period according to our internal rules and our obligations on data retention. For example, under the applicable accounting and tax legislation, we are obliged to keep information that may be relevant for the purposes of tax control, audit and financial inspections for 10 years, as of 1 January of the year following the termination of a services agreement. Otherwise, we generally apply a 5-year retention rule after the active usage of the respective information stops, in accordance with the general civil statute of limitations period.
We may continue to process your personal data for direct marketing purposes and send you non-business communications until you withdraw your consent.

VII. Your rights
You have the following rights in accordance with the GDPR:
a)    Access to personal data
You have the right to obtain confirmation from us as to whether or not your personal data are being processed and if so, to access the data and information on our processing activities. The right to obtain a copy of your personal data, however, shall not adversely affect the rights and freedoms of others.
b)    Right to rectification
You have the right to obtain from us the rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
c)    Right to erasure (”right to be forgotten”)
You have the right to obtain from us the erasure of your personal data and we have the obligation to erase your personal data without undue delay where certain grounds apply (e.g. when the personal data are no longer necessary in relation to the purposes for which they were collected).
There could be cases, in which your right to erasure could not be exercised and the processing will be necessary:
•    for exercising the right of freedom of expression and information;
•    for compliance with an obligation, which requires processing by European Union or Bulgarian law to which we are subject, or for the performance of a task carried out in the public interest, or in the exercise of official authority vested in us;
•    for the establishment, exercise or defence of claims.

d)    Right to restriction of processing
You have the right to obtain from us restriction of processing where one of the following applies:
•    you contest the accuracy of your personal data for a period enabling us to verify the accuracy of your personal data;
•    the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
•    we no longer need your personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of claims;
•    you have objected to processing pending the verification whether our legitimate grounds override yours.

e)    Right to data portability
You have the right to receive your personal data, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another controller without our hindrance insofar the processing is carried out by automated means and is based on your consent or on a contract.
f)    Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data insofar the processing is based on our legitimate interests. We will no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of claims. Where personal data are processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data concerning him or her for such marketing.
g)    Right to withdraw your consent
You can always withdraw your consent related to direct marketing by writing to bozhidar.zahariev@cleves.bg. The withdrawal of your consent will not affect the lawfulness of processing based on consent before such withdrawal.
h)    Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a supervisory authority if you consider that we have infringed the GDPR in processing your personal data (for Bulgaria the supervisory authority is the Commission on Personal Data Protection – www.cpdp.bg).

VIII. How to exercise of your rights and contact us?
In order to exercise your rights in relation to the processing of your personal data, or if you have any comments, questions and requests related to the processing of your personal data, please contact us at bozhidar.zahariev@cleves.bg or 22, San Stefano Street, 1000 Sofia, Bulgaria.
We will provide information on the action taken based on your requests within 30 days of receipt of your written request. That period may be extended by two months where necessary, taking into account the complexity and number of the requests. In this case, you will be informed of any such extension within one month of receipt of your request, together with the reasons for the delay.

IX. How do we protect your personal data?
We will take all steps reasonably necessary to ensure that your personal data are treated securely and in accordance with the GDPR.
We have implemented sufficient technical and organizational measures to ensure that your personal data will be safe from accidental or unlawful or unauthorised destruction, loss, alteration, disclosure or access.

X. Changes to our Privacy Policy
Any changes we may make to our Privacy Policy in the future will be posted on our website.

Last update: 23 October 2020