Information about the Data Processing Company:
|Name||LOGO Market Research & Consulting Ltd.|
|UIC / BULSTAT||203442146|
|Headquarters and management address||Bulgaria, Sofia 1527, Yanko Sakazov blvd №3, floor 1|
|Mailing address||Bulgaria, Sofia 1527, Yanko Sakazov blvd №3, floor 1|
|Phone||+359 2 452 9011|
Data Protection Officer information
|Mailing address||Bulgaria, Sofia 1527, Yanko Sakazov blvd №3, floor 1|
LOGO Market Research & Consulting Ltd. (hereinafter referred to as the “Administrator” or the “Company”) performs its activity in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016, on the protection of physical persons in relation to the processing of personal data and on the free transfers of such data. This information is intended to inform you of all aspects of the processing of your personal data by the Company and the rights you have in relation to such processing.
Reason for collecting, processing and storing your personal data
Art. 1. The administrator collects and processes your personal data in connection with the use of our website www.LOGO-mrc.bg and on the grounds of Art. 6, para. 1, EU Regulation 2016/679 (GDPR), and in particular on the following grounds:
Privacy is of utmost importance to us. We do not sell your data to other companies or individuals. If we provide your data to third parties, these are our contractors who process the information on our behalf following our instructions and applying our privacy standard.
Principles of collecting, processing and storing your personal data
Art. 2. (1) We collect and process the personal data you provide to us for the following purposes:
(2) We comply with the following principles when processing your personal information:
(3) The Administrator may process and store personal data in order to protect its legitimate interests, related to the Company’s activities, and to fulfill its obligations to the National Revenue Agency, the National Social Security Institute, the Ministry of Interior and other state and municipal authorities.
What kind of personal data collects, processes and stores our company
Art. 3. (1) The Company processes personal data and performs operations with the provided personal data for the following purposes:
(2) The administrator does not collect or process any personal data that pertains to the following:
(3) Personal data are collected by the Administrator from the persons to whom they refer.
(4) The administrator does not perform automated decision making using data.
(5) The Company does not collect data for persons under the age of 16 except with the explicit consent of their parent or legal representative.
Art. 4. The Administrator processes the following categories of personal data and information on the following grounds:
(1) Respondent data
Respondents are the most common data subjects in the Company’s business and the processing of their data is based on the following grounds:
Personal data may be processed after the explicit consent of the data subject. Before giving this consent, the data subject must be informed in accordance with the principle of transparency. For the purposes of the documentation, the declaration of consent must be obtained in writing or electronically. In some circumstances, such as phone studies, consent can be given verbally. The consent must be documented in all cases.
In addition to their consent, their personal data can be processed, where necessary, in the context of a contract to which data subjects are parties, in order to fulfill their respective obligations and rights.
The processing of personal data is also permitted if national law requires, obliges or allows it. The type and scope of the data processing must be necessary for the legally authorized data processing activity and must be in accordance with the applicable legal provisions.
Personal data may also be processed if this is necessary for the legitimate interests of the Company, and where national law provides for such grounds.
Special categories of personal data may be processed only if the law requires so, or if the data subject has given its explicit consent. Special categories of personal data may also be processed if they are mandatory for the settlement, enforcement or protection of legal claims.
If personal data is collected, processed and used by websites or applications, the data subject must be informed of this in a privacy statement, including, if applicable, with cookie information or similar technical measures.
(2) Personal data provided by customers
Customers submit personal data to the Company when providing a sampling. With respect to personal data obtained in this way, the Company is an Administrator and may process such personal data only in accordance with the instructions agreed with or received by the client. These guidelines may include restrictions on sending or transfering to other countries, as well as specific security requirements. Any such restrictions must be met. Regardless of the customer’s requirements, all personal data provided by the customer can only:
(a) be processed for the purpose for which they were provided;
(b) not to be stored for longer than necessary;
(c) be subject to the same security requirements applicable to the Company’s personal data.
(3) Employee data
In the employment relationship, personal data can be processed when necessary to start, execute and terminate a labor agreement. In an existing employment relationship, data processing must always be related to the purpose of the employment agreement.
Please see Art. 4 (1).
Employee data may be processed with the consent of the person concerned, and under the explicit consent of employee’s data processing in employment and civil relationships and by third parties (Accounting Office, Occupational Medicine Service).
Personal data may also be processed if it is necessary to impose the legitimate interest of the Company, where the applicable laws allow the processing of personal data on the basis of legitimate interest. In the context of employment, legitimate interests are usually of a legal or financial nature.
Special categories of personal data may be processed only if the law requires so, or if the data subjects have given their explicit consent. These data may also be processed if it is required to defend, enforce or protect legal claims.
Telephone equipment, email addresses, intranets, and the Internet, along with internal social networks, are provided by the Company primarily for work-related tasks. They are a tool and resource of the Company. They can be used within the applicable legal provisions and in-house policies, in particular the Information Security Policy and the permissible use of the information. In the case of authorized personal use, the law of the secret of telecommunications and the relevant national telecommunication legislation, if applicable, should be observed.
The company uses web-filtering technology and other law enforcement and protective measures against attacks on the IT infrastructure or individual users. Safeguard measures can be applied to network connections of the Company, by blocking technically harmful content.
Terms of personal data storage
Art. 5. (1) The Administrator keeps personal data for a period of 3 years.
The Administrator makes all necessary efforts to erase and destroy all personal data without undue delay or to anonymize them (i.e. translate them in a form that does not disclose your personality) after that expiration date.
(2) The Administrator shall notify you in case the data retention period is to be extended in order to fulfill a statutory obligation or in view of the legitimate interests of the Administrator or otherwise.
(3) The Administrator shall store the personal data that he needs to keep under the applicable legislation for the respective envisaged term.
(4) The Administrator keeps the personal data of the legal representatives of its trading partners for the duration of the contract, in order to observe the legitimate interests and legal obligations of the Administrator, which may exceed the term of the concluded contract.
Transmission of personal data for processing
Art. 6. (1) The Administrator may, at his own discretion, transmit all or part of your personal data to processors, for the fulfillment of the processing goals you have agreed to, according to the requirements of EU Regulation 2016/679 (GDPR).
(2) The Administrator notifies you if he has an intention to transfer part or all of your personal data to third countries or international organizations.
Withdrawal of consent to process your personal data
Art. 7. (1) If you do not wish all or any of your personal data to continue to be processed by the Company for any particular purpose or at all, you may at any time withdraw your consent to processing by free text request sent to the contact details of our Data Protection Officer.
(2) The Administrator may ask you to certify your identity with the person to whom the data relates.
(3) Withdrawal of consent does not affect the lawfulness of the processing of personal data that the Administrator has performed so far.
Right of access
Art. 8. (1) You have the right to request and obtain from the Administrator a confirmation if your personal data is being processed.
(2) You have the right to access the data relating to you as well as information relating to the collection, processing and storage of your personal data.
(3) The Administrator shall provide you, upon request, with a copy of the processed personal data relating to you, in electronic or other appropriate form.
(4) The provision of access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of repeatability or excessive demand.
Right of correction or completion
Art. 9. You may correct or fill in inaccurate or incomplete personal data relating to you by requesting the Administrator’s Personal Data Protection Officer.
Right to be deleted (“to be forgotten”)
Art. 10. (1) You have the right to request from the Administrator the deletion of some or all personal data related to you, and the Administrator has the obligation to delete it without undue delay, when any of the following reasons exists:
(2) The Administrator is not obliged to delete the personal data if he keeps it and processes it:
(3) If you chose to be forgotten, the Company will delete all your data, excluding the information needed to verify the fulfillment of your right to be deleted – your e-mail and IP address.
(4) To enforce your right to be forgotten, you need to take the following steps:
(5) Once we have verified the identity of the requesting person and the person to whom the data relates, in accordance to the steps outlined above, we will delete all data we process for you in accordance with par. 3.
(6) The Administrator does not erase the data he has a legal obligation to store, including for defense against claims brought against him or proof of his rights.
Right of limitation
Art. 11. (1) You have the right to require the Administrator to restrict the processing of your related data when:
(2) If you enforce your right of limitation, the Company will cease processing your data.
Right of portability
Art. 12. (1) If you have consented to the processing of your personal data or the processing is necessary for the execution of the agreement with the Administrator, or if your data is processed in an automated manner, you may, after you have identified yourself before the Administrator:
(2) You can at any time download or receive, in a computer-readable format, the data that is stored and processed for you, by an e-mail request.
Right to receive information
Art. 13. You may request the Administrator to inform you of all recipients, whose personal data has been disclosed when a correction, deletion, or limitation of the processing has been requested. The Administrator may refuse to provide this information if this would not be possible or would require disproportionate effort.
Right of objection
Art. 14. You may at any time object to the processing of personal data by the Administrator that pertains to it, including processing for profiling or direct marketing purposes.
Your rights when a violation of your personal information security happens
Art. 15. (1) If the Administrator detects a breach of security of your personal data that may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the violation as well as of the measures taken or to be taken.
(2) The administrator is not required to notify you if:
Art. 16. The Administrator does not transfer your data to third countries.
Art. 17. In case of violation of your rights under the above or applicable data protection laws, you have the right to file a complaint with the Personal Data Protection Commission:
|Name||Personal Data Protection Commission|
|Headquarters and management address||Sofia 1592, Prof. Cvetan Lazarov blvd № 2|
|Mailing address||Sofia 1592, Prof. Cvetan Lazarov blvd № 2|
|Phone||+359 2 915 3 518|
Art. 18. General measures
In relation to its activities, Logo Research complies with the ICC/ESOMAR International Code of Conduct for Market Research, Public Opinion and Social Data Analysis, and the Esomar Data Protection Survey.
– Cookies needed to run your search, which allow you to use the basic features such as maintaining a possible identification throughout the search;
– Custom cookies that allow you to visit the website in a customized way, based on your previous visits and preferences.
“LOGO Research” is not responsible if the Internet browser you are using does not support the usage control or fails to reject the storing or to delete saved cookies. In case you disable the storing of cookies or delete already saved ones depending on their type, the site may be malfunctioning.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.