PRIVACY POLICY
1. Overview
IP TELECOM BULGARIA LTD. is a company, incorporated under the laws of Republic of Bulgaria, with a company number 201274344, registered in the Commercial Register and Register of Non-Profit Legal Entities of the Republic of Bulgaria, member of the EU.
IP TELECOM BULGARIA LTD. values your privacy. We are committed to safeguarding the privacy of our users, employees or website visitors.
This Privacy Policy have been prepared in order to explain how we collect, use, protect, and disclose information and data when you use IP TELECOM BULGARIA LTD.’s website.
IP TELECOM BULGARIA LTD.’s privacy practices are developed in accordance with applicable legislation relating to privacy and information security. If you have any requests concerning your personal information or any queries with regard to these practices, please do not hesitate to contact us at privacy@iptelecom.bg
2. What Personal Data do we collect?
Under the GDPR (Article 4.1), “Personal Data” is defined as any information relating to an identified or identifiable Individual. It may include obvious identifiers like your name but also identification numbers, online identifiers and/or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
“Special category data” includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and genetic data, biometric data, data concerning health or data concerning a person’s sex life or sexual orientation.
Every time you visit our website, move from page to page, read pages, or download content onto your computer, we learn which pages are visited and what content is downloaded. However, this is measured only in aggregate and not on an individual basis.
When you send us an e-mail or ask us to respond to you by e-mail, we learn your e-mail address and the information that you have included in the email form shown on our website.
We may collect additional information from or about you when you communicate with us, contact our customer support teams or respond to a survey.
When you subscribe for our VoIP services, we collect:
- Names, personal ID number or date of birth, email, address and / or phone number – upon registration;
- Payment details as bank account number, credit and/ or debit card (last 4 digits) – upon payment;
- IP address and cookie address;
- Copy of passport or ID card, sample of handwriting, specimen, photo - in case the applicable legislation requires it;
- Traffic data, as follows:
- in case of a service for voice message:
- the telephone number of the calling person and the identity data of the end user;
- the dialed number (called telephone number) and in case of additional services such as forwarding or transferring the call, number or numbers, to which the call has been routed and data, identifying the end user;
- date and hour of the beginning and end of the connection;
- the type of used voice messages service;
- in case of fixed voice messages service - on the calling and called phone number;
- in case of voice messages service, provided through a mobile terrestrial network - on the calling and called phone number; international identifier of the calling mobile end user – party to a contract under Art. 227 (IMSI); international identifier of the called mobile apparatus (IMSI); international identifier of the calling mobile end electronic communication device (IMEI); international identifier of the called mobile end electronic communication device (IMEI); in case of pre-paid services - date and hour of the first activation of the service and location label - identifier of the cell, from which the service was activated and for identification of the end user;
- in case of internet access, web email and web telephony:
- identifier, specified by the end user, identifier of the end user and telephone number, specified for each message, entering the public telephone network, identity data of the end user, that has been assigned an IP address, identifier of the end user or telephone number at the time of connection;
- identifier of the end user or a telephone number of the recipient(s) of the web phone call, data identifying the end user and identifier of the recipient, to whom the message is intended;
- date and hour of entering and exiting in/from the internet access service, based on a specific time zone, together with the IP address, dynamic or static, designated for the connection by the provider of the internet access service, and identifier of the end user or user, date and hour of entering or exiting to/from the web email or web telephony service based on a certain time zone;
- the used telephone service;
- the calling phone number for dial-up access, digital subscription line (DSL) or other end point of the initiator of the link.
- administrative addresses of cells of mobile terrestrial electronic communication network, from which the call was generated or terminated.
- in case of a service for voice message:
- Location data, if necessary.
3. Purpose and legal basis for collecting and/ or processing Personal Data
We collect and process Personal Data based on one or more of the following legal bases:
- Consent: the individual has given clear consent for us to process their personal data for a specific purpose;
- Contract: the processing is necessary for a contract we have with the individual or their organization, or because they have asked us to take specific steps before entering into a contract;
- Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations);
- Vital interests: the processing is necessary to protect someone’s life.
The purposes for Personal Data processing are:
- conclusion, implementation and termination of a contract; or
- for the purposes of calling and making a connection; or
- localization of a user in case of emergency calls; or
- detection, localization and elimination of malfunctions and software errors in the electronic communication networks; or
- detection and tracking of disturbing calls in case of a request from an affected end user, requiring action by us; or
- protection of legal rights and interests of IP TELECOM BULGARIA LTD. in connection with the provided services, use of the websites or protection against legal claims of third parties; or
- fulfilment of legal obligations under the applicable legislation; or
- direct marketing.
We use the aggregate statistical information to determine how many people visit our website and which sections of the site are visited most frequently. This helps us to know what type of information is most popular so that we can improve our website and make it easier for you to access this information. We record the statistical information on the number of visitors to our website but no information about you in particular is kept or used.
In relation to the data we gain when you email us, we may use your e-mail address to acknowledge your comments and/or reply to your questions and we may store your communication and our reply in case we need to correspond at a later date. We will not provide your e-mail address to anyone.
You can withdraw your consent at any time and free of charge. Please refer to the section on “What are your rights” or “Contact us” for more information on how to do that.
4. Do we share your Personal Data?
We may share your Personal Data or information about you with other parties for IP TELECOM BULGARIA LTD.’s business purposes or as permitted or required by law, including:
- if we need to do so to comply with a law, legal process or regulations; or
- to law enforcement authorities or other government officials, or other third parties pursuant to a subpoena, a court order or other legal process; or
- requirement applicable to IP TELECOM BULGARIA LTD.; or
- if we believe, in our sole discretion, that the disclosure of Personal Data is necessary or appropriate to prevent physical harm or financial loss or in connection with an investigation of suspected or actual illegal activity; or
- to protect the vital interests of a person; or
- to investigate violations of or enforce a user agreement or other legal terms applicable to any service; or
- to protect our property, services and legal rights; or
- to facilitate a purchase or sale of all or part of IP TELECOM BULGARIA LTD.’s business; or
- to help assess and manage risk and prevent fraud against us, our users and fraud involving our Sites or use of our Services, including fraud that occurs at or involves our business partners, strategic ventures, or other individuals, and merchants; or
- to companies that we plan to merge with or be acquired by; or
- to support our audit, compliance, and corporate governance functions.
We may disclose some Personal Information between two or more of our group companies; including companies in other countries, inside the European Union, in order to ensure that we are dedicating the appropriate group resources to Customer requirements, as well as for certain of our business purposes, such as for internal record keeping, accounting and regulatory compliance.
5. Why Do We Retain Personal Data?
We retain Personal Data in an identifiable format for the least amount of time necessary to fulfil our legal or regulatory obligations and for our business purposes.
We may retain Personal Data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law.
Traffic Data is retained only for six months or for a period specified in the applicable legislation.
The cookies we use have defined expiration times; unless you visit our site within that time, the cookies are automatically disabled and retained data is deleted.
6. International Transfers
Our operations are supported by a network of computers, cloud-based servers, and other infrastructure and information technology, including, but not limited to, third-party service providers.
Our partners may be established in jurisdictions other than your own and outside the European Economic Area. These countries do not always afford an equivalent level of privacy protection. We have taken specific steps, in accordance with EEA data protection law, to protect your Personal Data.
7. What are your rights?
Your principal rights under GDPR are:
- the right to access - You have the right to confirmation as to whether or not we process your Personal Data and, where we do, access to the Personal Data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of Personal Data concerned and the recipients of the Personal Data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.
- the right to rectification - You have the right to have any inaccurate Personal Data about you rectified and, taking into account the purposes of the processing, to have any incomplete Personal Data about you completed.
- the right to erasure - In some circumstances you have the right to the erasure of your Personal Data without undue delay. Those circumstances include:
- the Personal Data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the Personal Data have been unlawfully processed. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
- the right to restrict processing - In some circumstances you have the right to restrict the processing of your Personal Data. Those circumstances are:
- you contest the accuracy of the Personal Data; processing is unlawful but you oppose erasure; we no longer need the Personal Data for the purposes of our processing, but you require Personal Data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection.
- the right to object to processing - You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the Personal Information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.
- the right to data portability – In that context you have the right to receive the Personal Data you have provided to IP TELECOM BULGARIA LTD. in a structured, commonly used and machine readable format. It also gives you the right to request that we transmit this data directly to another controller. The right to data portability only applies when:
- our lawful basis for processing this information is consent or for the performance of a contract; and if we are carrying out the processing by automated means (excluding paper files).
- the right to complain to a supervisory authority - If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
- the right to withdraw consent - To the extent that the legal basis for our processing of your personal information is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.
8. Can children use our services?
The site is intended for users who are of legal age within the country they access the site from. We do not knowingly collect Personal Information from minors under the age of 14 or young adults under the age of 18. If we become aware that we have inadvertently received Personal Information from a minor under the age of 14 or a young adult under the age of 18, we will delete such information from our records without any delay.
9. Do we process special categories of Personal Data?
IP TELECOM BULGARIA LTD. does not process any personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, data concerning health or data concerning an individual’s sex life or sexual orientation.
IP TELECOM BULGARIA LTD. may process biometric data from time to time such as biometric photos, sample of handwriting, specimen, for the purpose of identifying an individual, in case the applicable legislation requires it and only to the extent and for the terms required by the applicable legislations or in case the user has given explicit consent to the processing of those personal data, except where Union or Member State law provide that the to process such data on the basis of consent is inadmissible.
10. How do we protect your Personal Data?
We maintain technical, physical, and administrative security measures designed to provide reasonable protection for your Personal Data against loss, misuse, unauthorized access, disclosure, and alteration. The security measures include firewalls, data encryption, physical access controls to our data centers, and information access authorization controls.
We are not responsible for protecting any Personal Data that we share with a third-party based on an account connection that you have authorized.
11. What else should you know?
If we decide to change this Privacy Policy, we will inform you by posting the revised Privacy Policy on the Site. Those changes will become effective on the revision date, shown in the revised Privacy Policy.
12. Contact us
You may contact us at privacy@iptelecom.bg if you have general questions or concerns about this Privacy Policy and supplemental notices or the way in which we handle your Personal Data.
If you want to execute any of your rights, as defined above, do not hesitate to contact us.
13. Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State at your habitual place of residence, place of work or place of the alleged breach, if you consider that the processing of your personal data infringes the provisions of the Regulation or other applicable personal data protection requirements.
The supervisory authority in the Republic of Bulgaria is the Commission for Personal Data Protection, address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., Website: https://www.cpdp.bg/.
14. Changes to the Policy
We may update this Policy from time to time in order to reflect any changes in the processing of your personal data or to comply with changes in current legislation.
All changes which we may further make will be published on the website www.iptelecom.bg