Who we are and how you can contact us?
ITS receives personal data and information from the users of Insurer(s) in its capacity as processor within the meaning of Art. 28 of the General Regulation by virtue of a contract(s) for insurance mediation.
If you have any question about processing of your personal data, please contact the Data Protection Officer by e-mail at firstname.lastname@example.org or email@example.com or at the address Building 6, bl. 42A, ground floor, 109, Opalchenska street, Serdika district, 1233, Sofia, Bulgaria - by writing the following text: to the attention of the Data Protection Officer at ITS.
Categories of personal data we process
ITS processes your personal data you provide by filling forms, sending inquiries and messages on the Platforms, as well as in making a follow-up contact with us in the course of reviewing your inquiries and messages. The information may include identifying data, contact details (email and phone number) and other information that may be required for further processing of your data in connection with our correspondence.
ITS collects your personal data directly from you, so you decide whether or not to submit it. Part of the information we receive is required when registering to create a user profile on the Platforms of ITS.
ITS collects your personal data in following cases:
- When you create a user profile on the Platforms, you send us your e-mail address, your first name and surname;
- You can add additional information to your user profile from the Platforms, such as: mobile phone number, stationary phone number, etc.;
- If you wish to protect your profile on the Platforms with Two-Factor Authentication in addition to the password, you must also insert additional security code. This code is generated momentarily and can only be used once; it contains a sequence of figures sent by ITS to a mobile number specified by you or accessible on a mobile application pre-configured by you and installed on a mobile device.
When you conclude a contract through the Platforms, you provide us with the following information:
For individuals who are citizens of the Republic of Bulgaria:
- Full name;
- Country of nationality;
For Bulgarian citizens:
- Personal Identification Number;
For foreign citizens:
- Bulgarian personal foreigner’s number or international passport number, or national identity card number or unique citizenship number issued by the country of nationality;
- Date of birth;
For legal entities:
- Company name (including its legal form);
- Country of incorporation;
For Bulgarian legal entities:
- UIC of the company;
For foreign legal entities:
- Unique identification number of the company issued by the country in which of incorporation;
- VAT number issued by a Member State of the European Union, if any;
- Seat and registered address and/or permanent address.
- For individuals who are citizens of the Republic of Bulgaria:
- Identification data for the purpose of registering a road vehicle (“RV"): Country of registration of the vehicle; State control number; Total technically permissible maximum mass of the vehicle (gross combined weight of the vehicle) in a composition of vehicles; Ecological category; Number of axles of the towing vehicle or total number of drawbar axles of the composition of vehicles (if applicable).
- When you enter into an Insurance contract, you provide us with personal data - three names, PIN, address, telephone, date of birth, e-mail, property, civil and other, financial status data, and any other information that the Insurers require and which is not in the public domain;
- When you have requested to receive information or assistance by filling in our contact form to send you a personalized reply;
- When you sign up and participate in our programs, activities, initiatives and events for the purpose of their conducting;
- In connection with verification the information you provided to authenticate your identity and to prevent abuse and violation of the rules for using the Platforms;
- In the course of our communication on the projects, initiatives, events and other activities that have published on the Platforms;
- When making comments or providing us with additional information in section in the Platforms that allows you to do this;
- In connection with any section of the Platforms in which you deliberately and voluntarily provide personal data and information;
- In the event that our Platforms allow it, if you use your account on social media platforms such as LinkedIn, Twitter, Facebook, Instagram and other to sign up or otherwise use our Platforms, we will have access to your personal data, which you have made available in your account. You can manage access to this data through your account settings on these social networks;
- Except the specified personal data, ITS can collect and subsequently process certain information about your browsing behavior on our Platforms to personalize your interests and make offers that are tailored to your account. We invite you to learn more about this by reading the section on processing below;
- We do not collect or otherwise process any sensitive data included in special categories of personal data in the General Data Protection Regulation.
What are the purposes and reasons for processing your personal data?
We will use your personal data for the following purposes:
For the purpose of conclusion of agreement and provision of services through the Platforms of ITS
This common purpose may include, as appropriate, the following:
- When creating and managing a user account on the Platforms of ITS;
- In processing of your changes of the information in the User profile, which includes acceptance and validation of the same;
- In resolving issues related to canceled services or any other issues related to the services;
- In exercising the right of withdrawal in accordance with the legal provisions and the General terms and conditions;
- When reimbursing the value of the services, according to the legal provisions;
- In response to your inquiries;
- When sending information about different functionalities on our Platforms or news;
- In order to inform you about changes in our policies and documentation and to personalize your communication with you;
- When sending letters, invitations to events as well as information on programs, initiatives, activities and projects by e-mail or otherwise; for registration for an event or participation in a program;
- In order to optimize or improve our initiatives and activities and for the purposes of research and development of our business;
- For the purpose of detecting, investigating, and preventing actions that may be in violation of our policies or are illegal;
- Providing a better service.
ITS may collect your personal data when filling out a poll about the satisfaction of the services after the completion of the order or conducted directly or with the help of partners, market research, statistics and surveys.
If you have agreed to receive commercial messages, ITS will collect and process your personal data in order to provide you with offers about the products/services you are interested in. In this regard, we may send you commercial messages via the channels of electronic communication (e-mail, SMS, etc.) that contain general and thematic information, product information that complements the services and other business communications such as market research and consumer opinion polls, and we can present personalized recommendations on the Platforms. In order to provide you with the information of interest to you, we may use certain information about your behavior (e.g. reviewed services added to the list of desirable services/used services), to create your user profile.
You have the right at any time to withdraw your consent to receive commercial communications in the following manner:
- by changing the settings in your account;
- using the "Unsubscribe" link in the messages you receive from us; or
- by contacting ITS using the contact details above.
What are the grounds for processing your personal data?
Legitimate interest - processing your data is necessary to comply with our obligations under current law. There may be cases in which we use or transmit information to protect our rights and our commercial business. These may include:
- measures to protect the Platforms and users of the Platforms against cyber-attacks;
- measures to prevent and detect fraud attempts, including the provision of information to competent public authorities;
- measures to manage various other risks.
The main reason for this type of processing is our legitimate interest in protecting our business, as we ensure that all measures taken by us ensure a balance between our interests and your fundamental rights and freedoms.
In addition, in some cases, the personal data processing by us is based on legal provisions such as the obligation to protect the services and the values provided by applicable law in this regard.
Contractual interest – we are processing your personal data for the purpose of provision of the services under the concluded agreements in the Platforms.
Your consent - we rely on your consent to send you commercial messages and to inform you and involve you in various initiatives and other events, related to our projects and programs, to share your data with our partners and to notify you about changes in our organization and business.
How long we store your personal data?
As a rule, we store your personal data while you maintain your account at ITS for the period necessary to meet the specific for which they are being processed or which is provided for by law. You can always ask us to delete certain information or delete your account, and we will respond to this request, as retain certain information, even after deleting your account when the applicable law or legitimate interests impose it.
Personal data collected for the purpose of issuing offers/offers for the conclusion of an Insurance contract, on which no insurance policies have been issued, we keep for up to 6 months from the date of issue of the offer/offer, and personal data collected for the purpose of concluding an Insurance contract we keep for up to 1 year from the date of expiry of the Insurance contract.
To whom we send your personal data?
As the case may be, we may transfer or provide access to some of your personal data to the following categories of recipients:
- companies in the group of companies to which ITS belongs;
- partners in the Platforms of ITS;
- Representatives or agents of ITS through which are provided the services;
- courier service providers;
- payment/banking services providers;
- marketing/telemarketing services providers;
- market research-related services providers;
- insurance companies;
- IT services providers;
- other companies with whom we can develop joint programs to deliver our services on the market.
If we are legally bound or if it is necessary to protect our legitimate interests, we may also disclose certain personal data to public authorities.
We guarantee that access to your data by third party private law entity is performed according to legal provisions on data protection and confidentiality of information on the basis of contracts concluded with them. These categories of recipients are legally or contractually obliged to protect the confidentiality and security of any of your personal information and data. They may not use, disclose or modify this information in any way except for the purpose of performing the services we assign to them or if it is required by law.
To which countries do we transmit your personal data?
We currently store and process your personal data in Bulgaria. We do not transmit your personal data outside of the European Union.
However, some of your personal data may be transmitted to entities located within or outside the European Union, including in countries for which the European Commission has not recognized an adequate level of personal data protection.
We will always take measures to ensure that any international transmission of personal data is carefully conducted in order to protect your rights and interests. Data transfers to service providers and other third parties will always be protected by contractual obligations and, where appropriate, by other safeguards, such as standard contract terms issued by the European Commission or certification schemes, such as the Privacy Shelf of personal data transferred from the EU to the United States of America.
You may contact us at any time by using the contact details listed above to find out which countries we are transmitting your data to and what safeguards we apply in connection with these data transmissions.
How do we protect the security of your personal data?
We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures while complying with industry standards.
We store your data on secure servers by using the latest encryption algorithms and we ensure that the backups are stored.
To make payments, we use the payment processing service BORICA. All billing information is encrypted using SSL technology.
Despite the measures we apply to protect your personal data, we are aware that, in general, the transmission of information over the Internet or other public networks is not completely safe, with the risk that data may be reviewed and used by unauthorized third parties. We cannot take responsibility for these vulnerabilities of systems that are not under our control.
What are your rights?
The General Data Protection Regulation recognizes a number of rights in relation to your personal data. You may request access to your data, correction, deletion, limitation of processing, and/or raise objections to the processing of your personal data. You can also exercise your right to file a complaint to the competent supervisory authority or the court. As the case may be, you may also have the right to request the deletion of your personal data, the right to limit the processing of your data and the right to data portability.
More information on each of these rights can be obtained by looking at the information on all rights below.
Please consider the following if you wish to exercise these rights:
Identity. We are responsible for the confidentiality of all records containing personal data. For this reason, we ask that you send us your requests regarding these records using your e-mail address indicated in your profile at the Platforms of ITS. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.
Fees. We will not charge a fee for the exercise of any rights with respect to your personal data except when your request for access to information is unreasonable, repeated or redundant, in which case we will charge a reasonable amount. We will inform you about any applicable fees before considering your request.
Deadline for reply. We plan to respond to all valid requests within one month, except when the request is particularly complex or if you have made more requests, in which case we will respond within a maximum of two months. We'll let you know if we'll need more than a month. We may ask you to tell us exactly what you want or what you worry about. This will help us to act faster and reduce the time to respond to your request.
Third-parties rights. We will not need to respond to a request if it affects the rights and freedoms of other data subjects in a negative way.
Right of access and right of rectification
You have the right to receive information about what personal data of yours are being processed, about the data source and the purposes of their use, and about the third parties’ recipients of the data. You are entitled at any time to request rectification of inaccurate or incomplete data.
Right of data erasure (“right to be forgotten”)
You are entitled to request the erasure of your personal data in specific circumstances: (i) personal data are no longer required for the purposes for which they were collected, (ii) the consent on which data processing is based is withdrawn and there are no legal grounds for further processing, (iii) the processing is unlawful, or (iv) the erasure is required for the purposes of fulfillment of a legal obligation, applicable to us. We may not comply with your request, as far as processing is necessary for other purposes, including due to a legal obligation.
You can contact us at the contact details listed above to get more information about deleting your personal data.
Right to object
You have the right to object to the processing of your personal data.
Right to restriction of processing
You may request the processing of personal data to be restricted if (i) you believe your personal data is inaccurate in order for us to verify its accuracy; or (ii) you consider the processing to be unlawful, but you do not want the data to be erased, or (iii) you have objected to data processing for the purposes of our legitimate interests, or (iv) you consider we no longer need your personal data, but you require them to establish, exercise or protect legal claims.
Right of consent withdrawal
If at any time you have given your consent to the processing of your personal data, you may withdraw this consent for future processing to which this consent refers.
You may withdraw at any time your consent to receive our commercial messages or information about our initiatives or projects by contacting us at the above contact details.
Please note that the withdrawal of consent does not affect the lawfulness of processing of your personal data on another valid legal basis and lawfulness of the processing on the basis of the consent given before withdrawal.
Right of data portability
In certain cases, you are entitled to receive your personal data you have provided to us in a structured, commonly used and machine-readable format, and you might request that we transmit this data directly to another processor when technically possible.
Right to lodge a complaint
If you believe that the processing of your personal data is unlawful, you have the right to lodge a complaint with the Personal Data Protection Commission: https://www.cpdp.bg/, having seat and registered address: 2, Prof Tsvetan Lazarov Blvd, 1592, Sofia, address for correspondence: 2, Prof Tsvetan Lazarov Blvd, 1592, Sofia, telephone: 02 915 3 518.