Website Privacy Policy

Your privacy​

​

As a data controller for the personal data processed through the website, we deeply believe that protecting your privacy and other fundamental rights and the integrity and confidentiality of your personal data is an integral part of our values and aims. We take special care to comply with the respective regional legislation and to ensure the same level of compliance with all our suppliers via dedicated data protection agreements and regular data protection audits.

​

Your privacy under the EU data protection legislation (applicable for European Union customers only)

​

The General Data Protection Regulation (GDPR), which became applicable in the territory of the European Union since 25th May 2018, aims to protect your basic rights and freedoms as users of the services offered via our website by setting requirements and measures in order to ensure your personal data protection at any given time.

​

One of your rights under EU law is that you must be informed when your personal data - also known as personal information - is processed (collected, used, stored, deleted and so on) by any organisation, including the institutions and bodies of the EU. You also have the right to know the details and purpose of that processing.

 

Some of the services offered through our website require the processing of your personal data. The present document gives you information about the compliance measures we have taken to protect your rights and freedoms while respecting the principles of lawful, transparent, and honest processing of personal data.

​

Here you can find out what kind of personal data we process, for what purposes and under what terms, with whom and under what conditions we share them. You can also read about how you can access your personal data and exercise the full number of rights guaranteed by the General Data Protection Regulation.

​

Here we give you a general overview of some of the ways this website processes your personal data.

​

At any time, you may exercise your right of objection to the processing of personal data relating to you by contacting us directly.

​

If you are a resident of the European Union (EU) or the European Economic Area (EEA) and you would like to exercise your applicable rights under the EU data protection legislation, you can do so by contacting us using the contact details below:

​

Data Protection Office Email: hello@aiprivacyconsulting.eu

​

​

​

The personal data we process

​

• We collect your personal information for the sole purpose of facilitating the provision of services through the website.

• We do not reuse the information for another purpose that is different to the one stated.

• We put in place measures to guarantee that your data are kept up-to-date and processed securely.

• You have the right to access your personal information, to have it corrected and the right to recourse; at any time if you believe your data protection rights have been breached.

• We do not keep your personal information for longer than necessary for the purposes for which we collected it.

​

Personal data processed when visiting our website

​

Every time you visit our website, our system automatically collects data and information from the computer system of the calling computer the following data is collected:

​

• information about the browser type and version used;

• the user's operating system;

• the user’s Internet service provider;

• the user’s IP address;

• date and time of access;

• third-party websites from which the user's system reaches our website;

• third-party websites accessed by the user's system via our website.

• ​

The legal basis we rely on for processing your personal data, when visiting the website, is Art. 6(1)(b) of GDPR (applicable to EU/EEA customers) - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract; and Art. 6(1)(f) of GDPR (applicable to EU/EEA customers) - processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

​

Please see our cookies banner on our website for more information on the cookies we use on our website.

​

Personal data necessary for submitting a request to our support team

​

• We need your email, company name and position within the company to be able to register your support request (processed on the ground of Art. 6(1)(b) of GDPR, applicable to EU/EEA customers).

​

Personal data necessary for provisions of our DPO Services.

​

In providing our outsourced data protection officer (“DPO”) services (“DPO Services”) to clients (“DPO Clients”), we perform our duties accordance with the tasks detailed in GDPR Article 39. In accordance with GDPR Article 38(3), we do cannot receive any instruction from DPO Clients regarding the exercise of those tasks and therefore we perform the DPO role in an independent manner as a data controller.

​

In performing the DPO role, we obtain a range of personal data from the DPO Client relating to individuals connected to that DPO Client, such as shareholders, directors, employees, customers, patients, suppliers, or otherwise.

​

Please note that for our other services, such as our consultancy, representation, software or outsourced appointments, we act as a data processor on behalf of our client. Information about any such processing of personal data shall be contained in the data controller’s privacy statement or policy.

​

​

​

Your Rights

​

You may access the information we hold about you. If you would like to update, correct, modify, or delete from our database any personal data you previously submitted to us, please let us know. Please note that if you request to delete certain information you may not be able to order services in the future without re-submitting such information. We will comply with your request as soon as reasonably practicable. Also, please note that we will maintain personal data in our database whenever we are required to do so by law.

​

Please note that we need to retain certain information for record keeping purposes and/or to complete any transactions that you began prior to requesting such change or deletion (for example, when you initiate a service, you may not be able to change or delete the personal data provided until after the completion of the service). We will retain your personal data for the period necessary to fulfil the purposes outlined in this policy unless a longer retention period is required or permitted by law.

​

Right to access

​

You have the right to ask us for copies of your personal information. This right always applies. You can make a subject access request to find out what data is held and how it is used by using our contact form or at hello@aiprivacyconsulting.eu.  Please identify the following:

​

• what kind personal data you want to access, or would you like to access all the personal data you have for you;

• your name and contact details; and

• if you need the data in a specific format.

• ​

We may refuse your access request if your data includes information about another individual, except where the other individual has agreed to the disclosure, or it is reasonable to provide you with this information without the other individual’s consent.

​

We are going to provide the requested information in the one-month term specified in Article 12(3) of the General Data Protection Regulation.

​

If you are unhappy with the result, please first get back to us so that we can investigate the matter further.

​

Right to erasure

​

You have the right to ask us to erase your personal information in certain circumstances. This is your so called ‘right to be forgotten’. If you want to exercise this right of yours contact us via our contact form or at hello@aiprivacyconsulting.eu and let us know what you want to be erased.

​

This right is not absolute so make sure your case follows under one of the following circumstances:

​

• we do not need your data anymore (example: you do not work for one of our Partners anymore);

• you initially consented to the use of your data, but have now withdrawn your consent (have in mind that this applies only to the personal data we process on the ground of your consent);

• you have objected to the use of your data, and your interests outweigh ours;

• we have a legal obligation to erase your data;

• you suspect we have used your data unlawfully.

• ​

If your request meets one of the above scenarios, we will erase your data. We can refuse to erase your data on one of the grounds in Article 17(3) of the General Data Protection Regulation, namely if your data is necessary for reasons of:

​

• freedom of expression and information;

• legal obligation to keep your data;

• public health;

• establishing, exercising or defending legal claims;

• when erasing your data would prejudice scientific or historical research or archiving that is in the public interest.

• ​

If your request is justified, we are going to erase your data in the one-month term specified in Article 12(3) of the General Data Protection Regulation.

​

If you are unhappy with the result, please first get back to us so that we can investigate the matter further.

​

Right to rectification

​

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

​

If you want to exercise this right of yours contact us via our contact form or at hello@aiprivacyconsulting.eu and let us know what you want data you consider incorrect and how you want it to be amended.

​

When we receive your request, we are going to investigate the issue and either correct it or inform you why we consider the data accurate. We can also refuse on the ground of your request being “manifestly unfounded or excessive” which means it will cost us a significant amount of money or it will take a vast amount of resources.

​

If your request is justified, we are going to erase your data in the one-month term specified in Article 12(3) of the General Data Protection Regulation. In some cases we may need some extra time for investigation up to two more months but we will let you know about the delay in the initial one month period.

​

If you are unhappy with the result, please first get back to us so that we can investigate the matter further.

​

Right to restriction of processing

 

You have the right to ask us to restrict the processing of your information in certain circumstances. It may involve asking us to stop processing your data for a certain period, stop us processing your data in a certain way or even stop us deleting your data. In any circumstances you can exercise your right by using our contact form or at hello@aiprivacyconsulting.eu.

You may ask us to temporarily limit the use of your data when we are considering:

​

• a challenge you have made to the accuracy of your data;

• an objection you have made to the use of your data.

You may also ask us to limit the processing of your data but not deleting it if:

• processed your data unlawfully but you do not want them deleted;

• we no longer need your data, but you want us to keep it in order to create, exercise or defend legal claims.

What we will do to restrict the use of your data may include:

• temporarily moving your data to another system;

• making the data unavailable to users;

• temporarily removing it from the website.

We will securely store your data and not use it unless:

• you give us your consent to do so;

• the data is needed for legal claims;

• the data is used is to protect another person’s rights;

• the data is used is for reasons of important public interest.

• ​

We can refuse your request on the ground of being “manifestly unfounded or excessive” which means it will cost us a significant amount of money or it will take a vast amount of resources. If your request is justified, we are going to erase your data in the one-month term specified in Article 12(3) of the General Data Protection Regulation. In some cases, we may need some extra time for investigation up to two more months, but we will let you know about the delay in the initial one month period.

​

If you are unhappy with the result, please first get back to us so that we can investigate the matter further.

​

Right to object to processing

​

You have the right to object to processing if we process your information on the ground of our legitimate interests.

If you feel we should stop processing your data on this ground, you can contact us and justify your reasons using our contact form or at hello@aiprivacyconsulting.eu.

​

Note, however, that we may continue legitimately use your despite your objection if we can prove we have a strong reason to process your data that overrides your objection.

​

If your request is justified, we are going to stop processing your data in the one-month term specified in Article 12(3) of the General Data Protection Regulation.

​

If you are unhappy with the result, please first get back to us so that we can investigate the matter further.

​

Right to data portability

​

You have the right to get your personal data from us in a way that is accessible and machine-readable. This right may seem similar to your right to access but it is only applicable to

​

• data that is held electronically;

• data you have provided to the organization.

​

Data you have provided does not just mean information you have typed in, such as a username or email address. It may also include such things as website or search usage history or traffic and location data.

​

If you want to exercise this right of yours contact us via our contact form or at hello@aiprivacyconsulting.eu, indicating what kind of data you would like to receive from us in a machine-readable format.

​

Before sending you this data we may need to confirm your identity in order to prevent fraud and other people getting access to your data. Then we will provide it in the required format.

​

If your request is justified, we are going to stop processing your data in the one-month term specified in Article 12(3) of the General Data Protection Regulation.

​

We can refuse your request on the ground of being “manifestly unfounded or excessive” which means it will cost us a significant amount of money or it will take a vast amount of resources. It can happen for example in case of a repetitive requests.

​

If you are unhappy with the result, please first get back to us so that we can investigate the matter further.

​

Exercising your rights under the EU data protection legislation

If you are a resident of the European Union (EU) or the European Economic Area (EEA) and you would like to exercise your applicable rights under the EU data protection legislation, you may contact the Estonian Data Protection Inspectorate and submit your complaint via:

​

Phone:             +359 (0)2/91-53-519

Email:              kzld@cpdp.bg

Website:          https://www.cpdp.bg

​

Nevertheless, we advise you to try and contact us on the matter first.

​

The present Website Privacy Policy is adopted on 09.09.2022.

Any subsequent changes to the Website Privacy Policy shall be effective from the date indicated with the corresponding amendments.