Privacy Policy

1. INTRODUCTION:

This Privacy Policy describes DIGITAL MARKETING AGENCY LTD.'s (”Company”, ”we”, ”us”) commitment to responsibly collecting, using, storing, and protecting personal data in compliance with applicable European Union laws, including the General Data Protection Regulation (GDPR) and Bulgarian data protection legislation.

The Company is dedicated to handling personal data in a transparent, secure, and lawful manner. We collect minimal personal data, specifically users' full names, email addresses, and company names through our website's contact form. This information is gathered solely to respond to user inquiries and ensure effective communication.

The Company implements industry-standard security and organizational measures to protect the integrity and confidentiality of personal data. Our data handling practices align with best practices and legal requirements, ensuring that data collection, processing, and storage respect user rights and meet the stringent requirements outlined in the GDPR.

This policy explains:

  1. The types of data collected and the purpose of its collection,
  2. How data is securely stored and shared,
  3. User rights regarding access, correction, deletion, and data portability,
  4. Contact details for inquiries related to data privacy.

Our commitment to protecting personal data reflects the Company's adherence to both European regulations and global data protection standards, safeguarding users' privacy and fostering trust.

 

 2. DATA COLLECTION:

The Company collects and processes only the minimum personal data necessary to provide an effective and secure user experience on our website. Specifically, we collect the following types of information:

  1. Contact Information: Through our website's contact form, we gather users' full names, email addresses, position and company names. This data is collected solely to respond to inquiries and maintain communication with individuals interested in our services.
  2. Activity Data: We may collect data related to user interactions on our website, including access dates, pages viewed, and actions taken (e.g., submitting forms). This information helps us improve our website's functionality, user experience, and security.
  3. Device Data: To enhance website performance and secure user interactions, we may automatically collect technical information about the devices used to access our website. This includes device type, browser type, IP address, and operating system. Such data enables us to troubleshoot issues, optimize the website for various devices, and protect against potential security threats.
  4. Third-Party Data: In some cases, we may obtain additional information from third-party providers (e.g., analytics services) to better understand how users engage with our website and to assess the effectiveness of our digital content. This data is used in aggregated form to help improve the quality and relevance of our content and services. All data collection practices are conducted in compliance with GDPR and with strict adherence to privacy and data security standards. This approach ensures that we collect only what is necessary, maintain data integrity, and limit data retention to the purposes outlined in this policy.

Children's Privacy: Our website and services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you are under 16, please do not use our website or provide any personal data. If we become aware that we have collected personal data from a child under 16, we will take steps to delete such information promptly.

3. LEGAL BASIS AND PURPOSE OF DATA PROCESSING:

The Company processes personal data exclusively for legitimate business purposes in accordance with GDPR. We process your personal data on the following legal bases:

Legal Bases:

  1. Consent: You provide explicit consent when you fill out our contact form
  2. Legitimate Interests: We process your data to improve our services and ensure security, provided it does not override your fundamental rights and freedoms
  3. Legal Obligation: When required to comply with applicable laws and regulations

Purposes:

  1. Responding to Inquiries and Communication: The contact information collected (full name, email address, and company name) enables us to effectively respond to user inquiries and maintain communication with individuals or organizations interested in our services.
  2. Enhancing Website Functionality and User Experience: We process activity and device data to analyze user interactions with our website, helping us identify areas for improvement, optimize user experience, and ensure content relevance.
  3. Ensuring Security: We collect technical data, such as IP addresses and browser types, to detect, prevent, and respond to potential security threats. This processing supports the integrity and security of our website and protects both user data and the Company's digital infrastructure.
  4. Compliance with Legal and Regulatory Obligations: The Company may be required to process and retain personal data to comply with legal requirements, such as regulatory mandates, lawful requests from authorities, and obligations under applicable data protection laws.

Our data processing practices are designed to meet privacy standards and legal obligations, ensuring that all personal data is handled responsibly and in the best interests of our users. We do not use personal data for any purposes beyond those specified in this policy, unless consent is obtained or as otherwise required by law.

The Company will only send marketing communications after obtaining explicit consent from individuals, including a clear option to unsubscribe at any time.

4. DATA RETENTION:

The Company retains personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, in compliance with GDPR and Bulgarian data protection laws. Standard retention periods are as follows:

  1. Contact Information: Personal data collected through our website's contact form (such as full name, email address, and company name) is typically retained for a period of up to 3 years from the date of the last interaction. This allows us to respond to follow-up inquiries and maintain records of communications.
  2. Activity and Device Data: Data related to user interactions and technical information collected automatically (e.g., IP addresses, device type) is generally retained for up to 2 years. This data helps us analyze usage patterns, improve functionality, and secure our website.
  3. Extended Retention for Legal Compliance: In specific cases, the Company may be required to retain certain data beyond the standard period to comply with legal or regulatory obligations. For example, records may be held for up to 7 years in accordance with European regulatory requirements, in cases involving potential legal disputes, or to meet financial audit requirements.
  4. Data Deletion and Anonymization: Once personal data is no longer needed for the purposes described or required for legal reasons, it will be securely deleted or anonymized in line with GDPR and industry best practices.
  5. User Rights to Data Deletion: Users have the right to request deletion of their personal data at any time, provided that no legal or regulatory obligation requires us to retain it. We will review and respond to such requests in accordance with applicable laws within 30 days.

These retention periods align with European data protection regulations, ensuring data is maintained only as long as necessary for its intended purpose and securely disposed of afterward.

5. DATA SHARING:

The Company is committed to safeguarding user data and only shares personal information under specific conditions that are consistent with GDPR and European data protection laws. We do not sell or otherwise disclose personal data to third parties for unrelated purposes. Personal data may be shared under the following circumstances:

  1. Legal and Regulatory Compliance: The Company may disclose personal data when required by law, regulation, or valid legal process. This includes sharing information with government authorities, regulatory bodies, or law enforcement in response to lawful requests, for example, to meet legal requirements or as necessary to protect the rights, property, and safety of the Company, its users, or the public.
  2. Corporate Transactions: In the event of a merger, acquisition, reorganization, or sale of assets, the Company may transfer personal data as part of the transaction. Any such transfer will adhere to the terms of this Privacy Policy and comply with applicable data protection regulations. In these cases, users will be notified of the change in data controller and will have the opportunity to exercise their rights prior to the transfer, if desired.
  3. Service Providers: We may share personal data with trusted third-party service providers who assist us in operating our website, conducting our business, or servicing you. These parties are contractually obligated to keep personal data confidential and use it only for the specific purposes we authorize.
  4. Consent-Based Sharing: In situations where we may wish to share personal data for purposes not covered by this policy, we will request explicit consent from users before proceeding. Users will have the option to decline such data sharing requests without impacting their ability to use our website.

The Company ensures that any third party with whom we share personal data adheres to strict data protection standards and is contractually obligated to maintain data confidentiality and security. We take appropriate steps to safeguard personal data at every stage of sharing, in line with GDPR and best practices for data security.

6. INTERNATIONAL DATA TRANSFERS:

As a company located within the European Union (Bulgaria), we primarily process data within the EU. However, some of our service providers may be located outside the EU. When we transfer personal data to countries outside the EU, we ensure adequate protection through:

  1. Standard Contractual Clauses (SCCs) approved by the European Commission
  2. Adequacy decisions by the European Commission
  3. Implementing additional technical and organizational security measures
  4. Ensuring service providers maintain adequate levels of data protection

All international data transfers are conducted in compliance with GDPR requirements and include appropriate safeguards to protect your personal data.

7. YOUR RIGHTS UNDER GDPR:

In accordance with the GDPR, you have the following rights regarding your personal data:

  1. Right of Access: You have the right to request confirmation of whether we process your personal data and obtain a copy of your data in a format that enables you to verify the lawfulness of its processing.
  2. Right to Rectification: You have the right to request correction or update of any inaccurate or incomplete personal data. The Company will promptly make necessary adjustments to ensure data accuracy and completeness.
  3. Right to Erasure ("Right to be Forgotten"): You have the right to request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, or if you withdraw consent (where consent is the basis for processing).
  4. Right to Restrict Processing: You have the right to request restriction of processing of your personal data if you contest its accuracy, if the processing is unlawful, or if the data is no longer needed for processing purposes but is required for legal claims.
  5. Right to Data Portability: You may request to receive a copy of your data in a structured, commonly used, and machine-readable format to transfer it to another data controller if processing is based on consent or a contract.
  6. Right to Object: You have the right to object to data processing based on legitimate interests or for direct marketing purposes.
  7. Right Not to Be Subject to Automated Decision-Making: You have the right to opt out of decisions based solely on automated processing that significantly affect you.
  8. Right to Withdraw Consent: You may withdraw your consent to data processing at any time where processing is based on consent. Withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

Exercising Your Rights: To exercise these rights, please contact us using the details provided in the "Contact Information" section. We are committed to responding to such requests within 30 days, ensuring full compliance with your rights as set forth by the GDPR.

Right to Lodge a Complaint: If you believe your data protection rights have been violated, you have the right to file a complaint with the Bulgarian Personal Data Protection Commission (CPDP) or the supervisory authority in your EU member state.

8. USE OF COOKIES:

Please refer to our separate Cookie Policy available at dmaltd.eu/cookie-policy for detailed information about how we use cookies and similar technologies on our website.

Our Cookie Policy explains:

  1. Types of cookies we use
  2. Purposes of cookie processing
  3. How to manage your cookie preferences
  4. Your rights regarding cookies

9. SECURITY MEASURES:

The Company takes the protection of personal data seriously and implements a range of security measures to safeguard data from unauthorized access, disclosure, alteration, or destruction. In compliance with GDPR and European data protection laws, we employ the following measures:

  1. Encryption: Personal data is encrypted during transmission and storage, ensuring that information remains secure and unreadable to unauthorized parties.
  2. Access Control: Access to personal data is strictly limited to authorized personnel who require it to perform their duties. Our employees and service providers are bound by confidentiality obligations.
  3. Network Security: The Company utilizes firewall protection, intrusion detection systems, and secure networks to prevent unauthorized access and protect our website and internal systems.
  4. Data Minimization: We collect and retain only the data necessary for specified purposes, reducing the risk associated with data storage and processing.
  5. Regular Audits and Assessments: We conduct regular security audits and vulnerability assessments to identify potential risks and ensure our security practices remain effective.
  6. Data Backup and Recovery: We maintain regular data backups and recovery protocols to ensure data integrity and availability in the event of accidental loss or technical failure.
  7. Employee Training: The Company conducts regular training for employees to ensure awareness of data protection practices and GDPR compliance.
  8. Privacy by Design: We implement privacy considerations into our systems and processes from the outset, ensuring data protection is built into our operations.

These measures reflect our commitment to data security and are designed to align with industry best practices and GDPR requirements. However, while we strive to implement and maintain secure systems, no security measures can provide absolute protection against all potential risks.

10. DATA BREACH NOTIFICATION:

In the unlikely event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  1. Notify the Bulgarian Personal Data Protection Commission within 72 hours of becoming aware of the breach
  2. Inform affected individuals without undue delay if the breach is likely to result in a high risk to their rights and freedoms
  3. Provide clear information about the nature of the breach and the measures we are taking to address it

11. PRIVACY POLICY UPDATES:

The Company reserves the right to modify or update this Privacy Policy at any time to reflect changes in our practices, legal requirements, or other operational, legal, or regulatory reasons. Any updates will be posted on our website at dmaltd.eu/privacy-policy, and the revised policy will become effective immediately upon publication.

For significant changes that materially impact how personal data is handled, we will:

  1. Provide advance notice through a prominent notice on our website
  2. Send email notifications where feasible
  3. Give users the opportunity to review and understand the modifications

By continuing to use our website following any changes, you acknowledge and agree to the updated terms.

Users are encouraged to review this Privacy Policy regularly to stay informed about how their personal data is protected and managed.

12. CONTACT INFORMATION:

If you have any questions or concerns regarding this Privacy Policy, the processing of your personal data, or wish to exercise your data protection rights, please contact us:

DIGITAL MARKETING AGENCY LTD.

Bulgaria, Sofia,

1142, rayon "Sredets"

bul. "Vasil Levski", № 38, floor №2

Director: Mr. GEORGI TABAKOV

Tel.: +359 887 97-39-01

Email: info@dmaltd.eu

We are committed to responding promptly to all inquiries and requests related to personal data, typically within 30 days as required by GDPR.

Supervisory Authority:

If you believe your data protection rights have been violated, you may file a complaint with:

Bulgarian Personal Data Protection Commission (CPDP)

Website: https: //www.cpdp.bg/

Address: Sofia 1592, bul. "Prof. Tsvetan Lazarov" № 69