Privacy policy

Information about the Data Processing Company:

Name LOGO Market Research & Consulting Ltd.
UIC / BULSTAT 203442146
Headquarters and management address Bulgaria, Sofia 1527, Yanko Sakazov blvd №3, floor 1
Mailing address Bulgaria, Sofia 1527, Yanko Sakazov blvd №3, floor 1
Phone +359 2 452 9011

Data Protection Officer information

Mailing address Bulgaria, Sofia 1527, Yanko Sakazov blvd №3, floor 1

LOGO Market Research & Consulting Ltd. (hereinafter referred to as the “Administrator” or the “Company”) performs its activity in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016, on the protection of physical persons in relation to the processing of personal data and on the free transfers of such data. This information is intended to inform you of all aspects of the processing of your personal data by the Company and the rights you have in relation to such processing.

Reason for collecting, processing and storing your personal data

Art. 1. The administrator collects and processes your personal data in connection with the use of our website and on the grounds of Art. 6, para. 1, EU Regulation 2016/679 (GDPR), and in particular on the following grounds:

  • Your explicit consent;
  • Execution of the obligations of the Administrator under contract;
  • Compliance with a statutory duty applicable to the Administrator;
  • For the legitimate interests of the Administrator or a third party.

Privacy is of utmost importance to us. We do not sell your data to other companies or individuals. If we provide your data to third parties, these are our contractors who process the information on our behalf following our instructions and applying our privacy standard.

Principles of collecting, processing and storing your personal data

Art. 2. (1) We collect and process the personal data you provide to us for the following purposes:

  • usage of our website and;
  • ensuring the execution of a contract for the provision of the services of the Company;
  • statistical objectives;
  • individualisation of a contract party;
  • accounting purposes;
  • information security.

 (2) We comply with the following principles when processing your personal information:

  • legality, good faith and transparency;
  • limitation of the processing goals;
  • relevance to processing goals and minimization of collected data;
  • accuracy and timeliness of the data;
  • restriction of storage in order to achieve the objectives;
  • integrity and confidentiality of the processing, and ensuring an adequate level of security of the personal data.

(3) The Administrator may process and store personal data in order to protect its legitimate interests, related to the Company’s activities, and to fulfill its obligations to the National Revenue Agency, the National Social Security Institute, the Ministry of Interior and other state and municipal authorities.

What kind of personal data collects, processes and stores our company

Art. 3. (1) The Company processes personal data and performs operations with the provided personal data for the following purposes:

  • Participation in surveys and other marketing activities – different types of information including but not limited to name, postal address, telephone number, email address, IP address, age, gender, demographic information, health status (only with explicit consent and special security mode);
  • Signing and execution of a trade deal with a client or partner – the purpose of this operation is to conclude and execute a contract with a trading partner or client as well as its administration;
  • Voice recording of telephone calls initiated by our operator from a contact center and conducting in-depth interviews for the purpose of conducting the main activity of the Company;
  • Video recording when participating in group discussions, prepared with video surveillance equipment for the purpose of carrying out the main activity of the Company and for security purposes in order to provide undisturbed servicing of the employees and visitors in the Company’s office;
  • Registration of a client on the Company’s website to use the site’s functionality – an email address and an IP address, the purpose of which is to create a client’s account to receive real-time information or to demonstrate the capabilities of the marketing tools used by the Company.

(2) The administrator does not collect or process any personal data that pertains to the following:

  • reveal racial or ethnic origin;
  • disclose political, religious or philosophical beliefs, or membership of trade unions;
  • genetic and biometric data or data on sexual life or sexual orientation.

(3) Personal data are collected by the Administrator from the persons to whom they refer.

(4) The administrator does not perform automated decision making using data.

(5) The Company does not collect data for persons under the age of 16 except with the explicit consent of their parent or legal representative.

Art. 4. The Administrator processes the following categories of personal data and information on the following grounds:

(1) Respondent data

Respondents are the most common data subjects in the Company’s business and the processing of their data is based on the following grounds:

  • Consent to data processing

Personal data may be processed after the explicit consent of the data subject. Before giving this consent, the data subject must be informed in accordance with the principle of transparency. For the purposes of the documentation, the declaration of consent must be obtained in writing or electronically. In some circumstances, such as phone studies, consent can be given verbally. The consent must be documented in all cases.

  • Data processing for contractual relations

In addition to their consent, their personal data can be processed, where necessary, in the context of a contract to which data subjects are parties, in order to fulfill their respective obligations and rights.

  • Data processing under legal permission

The processing of personal data is also permitted if national law requires, obliges or allows it. The type and scope of the data processing must be necessary for the legally authorized data processing activity and must be in accordance with the applicable legal provisions.

  • Data processing with legitimate interest

Personal data may also be processed if this is necessary for the legitimate interests of the Company, and where national law provides for such grounds.

  • Processing of special categories of personal data

Special categories of personal data may be processed only if the law requires so, or if the data subject has given its explicit consent. Special categories of personal data may also be processed if they are mandatory for the settlement, enforcement or protection of legal claims.

  • User data and the Internet

If personal data is collected, processed and used by websites or applications, the data subject must be informed of this in a privacy statement, including, if applicable, with cookie information or similar technical measures.

(2) Personal data provided by customers

Customers submit personal data to the Company when providing a sampling. With respect to personal data obtained in this way, the Company is an Administrator and may process such personal data only in accordance with the instructions agreed with or received by the client. These guidelines may include restrictions on sending or transfering to other countries, as well as specific security requirements. Any such restrictions must be met. Regardless of the customer’s requirements, all personal data provided by the customer can only:

(a) be processed for the purpose for which they were provided;

(b) not to be stored for longer than necessary;

(c) be subject to the same security requirements applicable to the Company’s personal data.

(3) Employee data

  • Data processing in relation to employment relationships

In the employment relationship, personal data can be processed when necessary to start, execute and terminate a labor agreement. In an existing employment relationship, data processing must always be related to the purpose of the employment agreement.

  • Data processing under legal permission

Please see Art. 4 (1).

  • Consent to data processing

Employee data may be processed with the consent of the person concerned, and under the explicit consent of employee’s data processing in employment and civil relationships and by third parties (Accounting Office, Occupational Medicine Service).

  • Processing of data by virtue of legitimate interest

Personal data may also be processed if it is necessary to impose the legitimate interest of the Company, where the applicable laws allow the processing of personal data on the basis of legitimate interest. In the context of employment, legitimate interests are usually of a legal or financial nature.

  • Processing of special categories of personal data

Special categories of personal data may be processed only if the law requires so, or if the data subjects have given their explicit consent. These data may also be processed if it is required to defend, enforce or protect legal claims.

  • Telecommunications and the Internet

Telephone equipment, email addresses, intranets, and the Internet, along with internal social networks, are provided by the Company primarily for work-related tasks. They are a tool and resource of the Company. They can be used within the applicable legal provisions and in-house policies, in particular the Information Security Policy and the permissible use of the information. In the case of authorized personal use, the law of the secret of telecommunications and the relevant national telecommunication legislation, if applicable, should be observed.

The company uses web-filtering technology and other law enforcement and protective measures against attacks on the IT infrastructure or individual users. Safeguard measures can be applied to network connections of the Company, by blocking technically harmful content.

Terms of personal data storage

Art. 5. (1) The Administrator keeps personal data for a period of 3 years.

The Administrator makes all necessary efforts to erase and destroy all personal data without undue delay or to anonymize them (i.e. translate them in a form that does not disclose your personality) after that expiration date.

(2) The Administrator shall notify you in case the data retention period is to be extended in order to fulfill a statutory obligation or in view of the legitimate interests of the Administrator or otherwise.

(3) The Administrator shall store the personal data that he needs to keep under the applicable legislation for the respective envisaged term.

(4) The Administrator keeps the personal data of the legal representatives of its trading partners for the duration of the contract, in order to observe the legitimate interests and legal obligations of the Administrator, which may exceed the term of the concluded contract.

Transmission of personal data for processing

Art. 6. (1) The Administrator may, at his own discretion, transmit all or part of your personal data to processors, for the fulfillment of the processing goals you have agreed to, according to the requirements of EU Regulation 2016/679 (GDPR).

(2) The Administrator notifies you if he has an intention to transfer part or all of your personal data to third countries or international organizations.

Withdrawal of consent to process your personal data

Art. 7. (1) If you do not wish all or any of your personal data to continue to be processed by the Company for any particular purpose or at all, you may at any time withdraw your consent to processing by free text request sent to the contact details of our Data Protection Officer.

(2) The Administrator may ask you to certify your identity with the person to whom the data relates.

(3) Withdrawal of consent does not affect the lawfulness of the processing of personal data that the Administrator has performed so far.

Right of access

Art. 8. (1) You have the right to request and obtain from the Administrator a confirmation if your personal data is being processed.

(2) You have the right to access the data relating to you as well as information relating to the collection, processing and storage of your personal data.

(3) The Administrator shall provide you, upon request, with a copy of the processed personal data relating to you, in electronic or other appropriate form.

(4) The provision of access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repeatability or excessive demand.

Right of correction or completion

Art. 9. You may correct or fill in inaccurate or incomplete personal data relating to you by requesting the Administrator’s Personal Data Protection Officer.

Right to be deleted (“to be forgotten”)

Art. 10. (1) You have the right to request from the Administrator the deletion of some or all personal data related to you, and the Administrator has the obligation to delete it without undue delay, when any of the following reasons exists:

  • personal data is no longer needed for the purposes for which it was collected or otherwise processed;
  • you withdraw your consent on which the processing of the data is based and there is no other legal basis for the processing;
  • you object to the processing of personal data relating to you, and there are no legitimate grounds for processing that have an advantage;
  • personal data has been tampered with;
  • personal data must be deleted to comply with a legal obligation under EU law or the law of a Member State that applies to the Administrator;
  • personal data have been gathered in connection with the provision of information society services.

(2) The Administrator is not obliged to delete the personal data if he keeps it and processes it:

  • in order to enforce the freedom of expression and the right to be informed;
  • to comply with a legal obligation that requires provided treatment under EU law or the law of a Member State that applies to the Administrator, or a public interest task and any official authority;
  • for reasons of public interest in the public health field;
  • for purposes of archiving for the public interest, for scientific or historical research or for statistical purposes;
  • for the establishment, enforcement or protection of legal claims.

(3) If you chose to be forgotten, the Company will delete all your data, excluding the information needed to verify the fulfillment of your right to be deleted – your e-mail and IP address.

(4) To enforce your right to be forgotten, you need to take the following steps:

  • Submit an email request to the Administrator’s Data Protection Officer;
  • Identify yourself by verifying your identity with the person to whom the data relates.

(5) Once we have verified the identity of the requesting person and the person to whom the data relates, in accordance to the steps outlined above, we will delete all data we process for you in accordance with par. 3.

(6) The Administrator does not erase the data he has a legal obligation to store, including for defense against claims brought against him or proof of his rights.

Right of limitation

Art. 11. (1) You have the right to require the Administrator to restrict the processing of your related data when:

  • you contest the accuracy of personal data for a period that allows the Administrator to verify the accuracy of the personal data;
  • the processing is illegal, but you do not want to delete the personal data, only to limit its use;
  • the Administrator no longer requires personal data for the purposes of processing, but you require them to establish, enforce or protect your legal claims;
  • you have reproached the processing, pending verification that the legal grounds of the Administrator have an advantage over your claims.

(2) If you enforce your right of limitation, the Company will cease processing your data.

Right of portability

Art. 12. (1) If you have consented to the processing of your personal data or the processing is necessary for the execution of the agreement with the Administrator, or if your data is processed in an automated manner, you may, after you have identified yourself before the Administrator:

  • ask the Administrator to provide your personal data in a readable format and transfer it to another Administrator;
  • ask the Administrator to transfer your personal data directly to an administrator you provide, when it is technically feasible.

(2) You can at any time download or receive, in a computer-readable format, the data that is stored and processed for you, by an e-mail request.

Right to receive information

Art. 13. You may request the Administrator to inform you of all recipients, whose personal data has been disclosed when a correction, deletion, or limitation of the processing has been requested. The Administrator may refuse to provide this information if this would not be possible or would require disproportionate effort.

Right of objection

Art. 14. You may at any time object to the processing of personal data by the Administrator that pertains to it, including processing for profiling or direct marketing purposes.

Your rights when a violation of your personal information security happens

Art. 15. (1) If the Administrator detects a breach of security of your personal data that may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the violation as well as of the measures taken or to be taken.

(2) The administrator is not required to notify you if:

  • he has taken appropriate technical and organizational measures to protect the data affected by the breach of security;
  • he has subsequently taken measures to ensure that the violation will not lead to a high risk for your rights;
  • notification would require disproportionate efforts.

Art. 16. The Administrator does not transfer your data to third countries.

Art. 17. In case of violation of your rights under the above or applicable data protection laws, you have the right to file a complaint with the Personal Data Protection Commission:

Name Personal Data Protection Commission
Headquarters and management address Sofia 1592, Prof. Cvetan Lazarov blvd № 2
Mailing address Sofia 1592, Prof. Cvetan Lazarov blvd № 2
Phone +359 2 915 3 518

Art. 18. General measures

In relation to its activities, Logo Research complies with the ICC/ESOMAR International Code of Conduct for Market Research, Public Opinion and Social Data Analysis, and the Esomar Data Protection Survey.

Art. 19 Cookie Policy

Our website uses cookies to make your navigation easier. The following cookies are used:

– Cookies needed to run your search, which allow you to use the basic features such as maintaining a possible identification throughout the search;

– Custom cookies that allow you to visit the website in a customized way, based on your previous visits and preferences.

“LOGO Research” is not responsible if the Internet browser you are using does not support the usage control or fails to reject the storing or to delete saved cookies. In case you disable the storing of cookies or delete already saved ones depending on their type, the site may be malfunctioning.

Art. 20. The Company may amend the Privacy Policy by publishing a notice on this site.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.