PRIVACY POLICY TalentVision:


1. INTRODUCTION


1.1. Welcome to https://talentvision.bg/, developed and commissioned by "Talent Vision" Ltd., with company number: 207680355, registered office: Sofia, 1404, Triaditsa district, Gotse Delchev residential complex, 109 Khimitliyski Prohod St., entrance A, floor 2, apartment 4.


1.2. BY USING THIS WEBSITE, YOU AGREE TO THE TERMS RELATED TO THE COLLECTION, USAGE, AND DISCLOSURE OF YOUR PERSONAL DATA IN ACCORDANCE WITH THIS PRIVACY POLICY.


1.3. PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THIS WEBSITE. IF YOU HAVE ANY QUESTIONS REGARDING THIS PRIVACY POLICY, CONTACT US AT CONTACT@TALENTVISION.BG. IF YOU DO NOT AGREE TO ANY TERMS CONTAINED IN THIS PRIVACY POLICY, YOU SHOULD NOT USE THIS WEBSITE.



2. DATA ADMINISTRATOR


2.1. "Talent Vision" Ltd. (hereinafter referred to as the “Administrator”) is a limited liability company, company number: 207680355, registered office: Sofia, 1404, Triaditsa district, Gotse Delchev residential complex, 109 Himitliyski Prohod St., entrance A, floor 2, apartment 4. Contact email: contact@talentvision.bg, website https://talentvision.bg/.



3. SUPERVISORY AUTHORITY:


3.1. Commission for Personal Data Protection

Address:: 1592 Sofia, 2 Prof. Tsvetan Lazarov Blvd.

Contact information: +359 2 915 35 18; +359 2 915 35 15; +359 2 915 35 19; kzld@cpdp.bg, www.cpdp.bg



4. PURPOSE AND SCOPE OF THE PRIVACY POLICY


4.1. The Administrator understands the concerns of visitors to this website regarding personal data protection and is committed to safeguarding their personal data by adhering to all data protection standards in accordance with Regulation (EU) 2016/679 of the European Parliament and Council of April 27, 2016, regarding the protection of natural persons with regard to the processing of personal data and the free movement of such data, and the repeal of Directive 95/46/EC. This Privacy Policy ensures the respect of personal privacy and takes all necessary steps to protect personal data from unlawful processing by applying appropriate technical and organizational measures that align with modern technological advancements and provide a level of protection appropriate to the risks and the nature of the data to be protected.


4.2. Through this Privacy Policy and in compliance with Regulation (EU) 2016/679, the Administrator provides information about:

  • The purposes and scope of the privacy policy;
  • Personal data collected and processed by the Administrator;
  • Purposes of personal data processing;
  • Retention periods for personal data;
  • The mandatory and voluntary nature of providing personal data;
  • Personal data processing;
  • Personal data protection;
  • Recipients or categories of recipients to whom the data may be disclosed;
  • Rights of individuals;
  • Procedures for exercising rights;
  • Right to object;
  • Buttons, tools, and content from other companies;
  • Changes to the privacy policy.


5. DEFINITIONS


5.1. For the purposes of Regulation (EU) 2016/679 and this policy, the following terms have the meanings below:


5.1.1. Personal Data means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.


5.1.2. Processing means any operation or set of operations performed on personal data or on sets of personal data, whether by automated means or otherwise, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.


5.1.3. Restriction of processing means marking stored personal data with the aim of limiting their processing in the future.


5.1.4. Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, particularly to analyze or predict aspects concerning that natural person’s professional performance, economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.


5.1.5. Administrator means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.


5.1.6. Processor means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the Administrator.


5.1.7. Recipient means a natural or legal person, public authority, agency, or another body to whom the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with Union or Member State law are not regarded as "recipients"; the processing of those data by those public authorities must comply with applicable data protection rules according to the purposes of the processing.


5.1.8. Third Partymeans a natural or legal person, public authority, agency, or body other than the data subject, Administrator, Processor, and persons who, under the direct authority of the Administrator or Processor, are authorized to process personal data.


5.1.9. Consent of the Data Subjectmeans any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to them.


5.1.10.Personal Data Breachmeans a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.



6. PRINCIPLES OF PERSONAL DATA PROCESSING


6.1. The Administrator follows these principles when processing personal data concerning individuals:

  • Personal data are processed lawfully, fairly, and transparently concerning the data subject ("lawfulness, fairness, and transparency");
  • Personal data are collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes;
  • Personal data are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed ("data minimization");
  • Personal data are accurate and, where necessary, kept up to date ("accuracy");
  • Personal data are kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ("storage limitation");
  • Personal data are processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures ("integrity and confidentiality").


7. PERSONAL DATA COLLECTED AND PROCESSED BY THE ADMINISTRATOR


7.1. Processing of special categories of personal data ("sensitive data")


The Administrator does not collect or process special categories of personal data, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or membership in trade unions, genetic data, biometric data solely for the identification of an individual, health data, or data concerning an individual’s sexual life or sexual orientation. Individuals should not provide such sensitive data to the Administrator. In the event that an individual deliberately provides sensitive data to the Administrator, the Administrator is obligated to immediately delete it.


7.2. Personal data collected directly from individuals


7.2.1. Personal data collected directly from individuals when they contact the Administrator by phone


Individuals provide personal data to the Administrator when they contact the Administrator by phone. The contact phone number for the Administrator is provided in the Administrator’s identification details in this Privacy Policy. When the individual contacts the Administrator by phone, the Administrator collects and processes only the individual's name and phone number, and in some cases, the individual’s email address. These data are processed for the purpose of communication with the individual. The processing of these personal data is necessary for pre-contractual actions taken at the request of the individual, namely providing more information about the services offered by the Administrator in relation to the possible conclusion of a contract with the individual. The Administrator uses the services of a telecommunications provider based in the Republic of Bulgaria.


7.2.2. Personal data collected directly from individuals when they contact the Administrator via the contact form on the website


Individuals provide personal data to the Administrator when they contact the Administrator by sending a message using the contact form on the Administrator's website, located in the "Contact" section. When the individual sends a message to the Administrator using the contact form, the Administrator collects and processes the individual’s first and last name, email address, as well as any other information the individual provides in the submitted message, such as the reason for contacting the Administrator. These data are processed for the purpose of communication with the individual and for record-keeping purposes. The processing of these personal data is necessary for pre-contractual actions taken at the request of the individual, namely providing more information about the services offered by the Administrator in relation to the possible conclusion of a contract with the individual.


7.2.3. Personal data collected directly from individuals when they contact the Administrator via e-mail


Individuals provide personal data to the Administrator when they contact the Administrator via email. The Administrator's email address is listed in the Administrator’s identification details in this Privacy Policy and in the "Contact" section where the contact details for the Administrator are provided. When the individual sends an email to the Administrator, the Administrator collects and processes the email address as well as any other information the individual provides in the sent email, such as their name, phone number, or address. These data are processed for communication purposes with the individual and for record-keeping purposes. The processing of these personal data is necessary for pre-contractual actions taken at the request of the individual, namely providing more information about the services offered by the Administrator.


7.2.4. Personal data collected directly from individuals when they contact the Administrator by sending a message using the Instagram platform


Individuals provide personal data to the Administrator when they contact the Administrator by sending a message using the Instagram platform through the Instagram messaging service accessible via the Administrator's Instagram page. When the individual sends a message to the Administrator via Instagram, the Administrator collects and processes the individual's name and any other information the individual provides in the sent message. These data are processed for communication purposes with the individual. The processing of these personal data is necessary for pre-contractual actions taken at the request of the individual, namely providing more information about the services offered by the Administrator in relation to the potential conclusion of a contract with the individual. The Administrator uses Instagram, an independent service provider located in the United States, to receive messages via the Instagram platform. This means that the provided personal data will be stored on Instagram servers in the U.S. Instagram’s Privacy Policy can be found at the following link: https://help.instagram.com/519522125107875


7.2.5. Personal data collected directly from individuals when they place a service order


Individuals provide personal data to the Administrator when they place an order for a "subscription plan" service from the Administrator's website. When purchasing a subscription plan from the Administrator's website, the individual provides the following personal data, which the Administrator collects and processes: the individual's first and last name, and payment data. The collection and processing of these personal data are necessary for the following reasons:


  • To conclude or perform a contract for the provision of a subscription service, to which the individual is a party;
  • To comply with a legal obligation that applies to the Administrator for the purpose of issuing invoices.

7.2.6. Personal data collected directly from individuals when they register a user account on the website


Individuals provide personal data to the Administrator when they register a user account on the Administrator's website. When registering a user account, the individual provides the following personal data, which the Administrator collects and processes: the individual’s first and last name or pseudonym, email address, the name of the university where the individual is studying (if still a student), including the graduation year or current class, as well as the last name of their primary instructor, and a PDF copy of their diploma when necessary. The collection and processing of these personal data are necessary:


  • For the conclusion or performance of a contract for the provision of a subscription service, to which the individual is a party;
  • To comply with a legal obligation that applies to the Administrator for the purpose of issuing invoices.

7.3. Personal data of individuals provided by third parties


The Administrator typically does not receive personal data about individuals from third parties. However, in certain cases, if the Administrator has reasonable grounds to suspect that an individual is violating intellectual property rights or in similar situations, the Administrator has the right to obtain personal data about the suspected individual from public registries such as the Commercial Register, the register for registered trademarks maintained by the European Union Intellectual Property Office, and similar sources. These data may be collected and processed for the purpose of filing a claim for infringement against the offender. The processing of personal data collected from a public registry is necessary for the legitimate interests of the Administrator, which include filing a claim for infringement against the offender, as well as on legal grounds.


7.4. Data collected automatically


7.4.1. When visiting the website, the Administrator may automatically collect the following data:

  • The Internet Protocol (IP) address of the device from which the individual accesses the platform (usually used to determine the country or city from which the individual accesses the platform);
  • Type of device used to access the platform (e.g., computer, mobile phone, tablet, etc.);
  • Type of operating system;
  • Type of browser;
  • Specific actions taken by the individual, including visited pages, frequency, and duration of visits to the website;
  • Date and time of visits.

7.4.2. The collection and processing of these personal data are necessary to achieve the legitimate interests of the Administrator, which include facilitating the use of the website and improving the functionality of the website.



8. COOKIES


8.1. Individuals can find more information about how the Administrator uses cookies by reading the Cookie Policy published on the Administrator's website.



9. PURPOSES OF PERSONAL DATA PROCESSING


9.1. The Administrator collects and processes personal data provided directly by individuals solely for the following purposes:


  • To provide the services offered by the Administrator, namely the purchase of a subscription plan and identification of individuals (future and current clients).
  • To contact the individual via email in order to respond to inquiries received from the individual.
  • To fulfill contractual obligations where the individual concerned is a party, as well as for actions preceding the conclusion of a contract and undertaken at their request.
  • To comply with a statutory obligation of the Administrator regarding personal data, in accordance with applicable law.


9.2. The Administrator collects and processes personal data of individuals that is automatically gathered for the following purposes:

  • To improve the efficiency and functionality of the website.
  • To generate anonymous statistical data on how the website has been used.
  • To provide better service.
  • To administer the website.
  • To adapt the website to the preferences of individuals.

9.3. The Administrator is not permitted to use personal data of individuals for purposes other than those specified in this section of the present Personal Data Protection Policy.



10. STORAGE PERIOD OF PERSONAL DATA


10.1. Inquiries and correspondence via email and Instagram: The Administrator retains personal data and received messages through email and Instagram for the period necessary to respond to the received message and satisfy the individual's request, as well as for a period of one year after the Administrator has responded to the received message.


10.2. Personal data of individuals who have purchased a subscription: The Administrator retains the personal data of individuals who have purchased a subscription from the Administrator for as long as necessary for the fulfillment of the subscription service contract, as well as for a period of ten years after the execution of the contract, which is the legally established term.


10.3. Criteria for determining the retention period of personal data: In other cases not specified above, the Administrator will retain personal data of the individual for no longer than necessary, taking into account the following criteria:



  • Whether the Administrator is obliged to continue processing the personal data of the individual to comply with a legal obligation.
  • The purpose of retaining personal data both currently and in the future.
  • Whether there is a contract between the Administrator and the individual that obliges the Administrator to continue processing personal data to fulfill contractual obligations.
  • The purposes for using personal data currently and in the future.
  • Whether it is necessary to contact the individual in the future.
  • Whether the Administrator has a legal basis to continue processing the personal data of the individual.
  • Any other legitimate reasons, such as the nature of the relationship with the individual.

11. MANDATORY AND VOLUNTARY NATURE OF PROVIDING PERSONAL DATA


11.1. The personal data required to be provided by individuals is aligned with the services offered by the Administrator and is mandatory. Providing personal data by individuals is voluntary. If the provision of personal data is refused:

  • The Administrator will not be able to provide the service desired by the individual.
  • The Administrator will not be able to receive the user's email if the latter does not fill in the necessary information in the contact form.
  • The individual will not be able to create a user profile on the website.


12. PROCESSING OF PERSONAL DATA


12.1. The Administrator processes the personal data of individuals through a combination of actions that can be carried out by automated or non-automated means.


12.2. The Administrator processes personal data of individuals either independently or by assigning data processors on behalf of the Administrator, such as providers of accounting services, hosting service providers, marketing service providers, and traffic analysis services for the website.



13. PROTECTION OF PERSONAL DATA


13.1. The Administrator takes the necessary technical and organizational measures to protect personal data from accidental or unlawful destruction, accidental loss, unauthorized access, alteration, or dissemination, as well as from other unlawful forms of processing, namely:

  • ⦁ All personal information provided by the individual to the Administrator is stored on secure and reliable servers and folders.
  • ⦁ When exercising the right of access by the individual, the Administrator verifies the identity of the individual before providing the requested information.
  • ⦁ Web-based information systems have the prefix "https:" instead of "http:". This ensures that your information is protected and not altered or read by third parties. To this end, the Administrator uses an SSL certificate issued by one of the leading global companies in data security and encryption transmitted via the Internet.
  • ⦁ The Administrator provides individuals with a secure link when sending personal data.
  • ⦁ The Administrator provides individuals with a secure connection when logging into the website's user profile.
  • ⦁ The Administrator never sends correspondence, including electronically, requesting the username and password for accessing the individual's user profile.

13.2. If you wish to receive detailed information about the technical and organizational measures, please do not hesitate to contact us atcontact@talentvision.bg.



14. RECIPIENTS TO WHOM PERSONAL DATA MAY BE DISCLOSED


14.1. The Administrator has the right to disclose processed personal data to the following categories of individuals:

  • To the individuals to whom the data relates.
  • To individuals if provided for in a legal act, such as state authorities.
  • To individuals processing personal data who provide services beneficial to the business activities of the Administrator, such as providers of accounting services, hosting services, telephone services, marketing services, and website traffic analysis services. These individuals are bound by confidentiality obligations and have provided sufficient guarantees for the implementation of appropriate technical and organizational measures so that processing occurs in accordance with the requirements of the Regulation and ensures the protection of the rights of individuals.
  • To providers offering electronic and banking payment services.

14.2. The Administrator does not sell personal data provided by individuals to third parties.



15. RIGHTS OF INDIVIDUALS


15.1. Right of Access


The individual has the right to obtain confirmation from the Administrator as to whether personal data concerning them is being processed, and if so, to access the data—namely, the relevant categories of personal data.


15.2. Right to Rectification


The individual has the right to request the Administrator to rectify inaccurate personal data concerning them without undue delay. Considering the purposes of processing, the individual has the right to have incomplete personal data completed, including by means of a declaration.


15.3. Right to Erasure (Right to be Forgotten)


The individual has the right to request the Administrator to erase personal data concerning them without undue delay, and the Administrator is obliged to erase personal data without undue delay when one of the grounds set out in Article 17 of Regulation 2016/679 applies.


15.4. Right to Restriction of Processing


The individual has the right to request the Administrator to restrict processing when one of the conditions set out in Article 18 of Regulation 2016/679 applies. When processing is restricted, such data shall be processed, except for storage, only with the consent of the individual or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another individual or for important grounds of public interest for the Union or a Member State. When the individual has requested restriction of processing, the Administrator shall inform them before lifting the restriction of processing.


15.5. Right to Data Portability


The individual has the right to receive personal data concerning them which they have provided to the Administrator in a structured, commonly used, and machine-readable format when processing is based on consent or contractual obligation and is carried out by automated means.


15.6. Right to Object


The individual has the right, at any time and on grounds relating to their particular situation, to object to the processing of personal data concerning them. According to Article 21, paragraph 4 of Regulation 2016/679, the individual is explicitly informed of the existence of the right to object, which is presented clearly and separately from any other information. For the fulfillment of this obligation, more information about the right to object can be found in the section below entitled "Right to Object."


15.7. Right to Withdraw Consent


The individual has the right to withdraw their consent at any time. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal. The individual may withdraw their consent as indicated in Section XIV of this privacy policy or by selecting the "unsubscribe" option when receiving a newsletter.


15.8. Rights Related to Profiling

The individual has the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.


15.9. Right to Notification of Personal Data Breaches


When a personal data breach is likely to result in a high risk to the rights and freedoms of individuals, the individual must be notified without undue delay about the personal data breach.


15.10. Right to Judicial and Administrative Protection


15.10.1. Right to Lodge a Complaint with a Supervisory Authority

The individual has the right to lodge a complaint with a supervisory authority, particularly in the Member State of their habitual residence, place of work, or place of the alleged infringement if the individual believes that the processing of personal data concerning them violates the provisions of the Regulation.


15.10.2. Right to Effective Judicial Protection Against a Supervisory Authority

Any individual and legal entity has the right to effective judicial protection against a binding decision of a supervisory authority. Proceedings against a supervisory authority shall be initiated before the courts of the Member State in which the supervisory authority is established.


15.10.3. Right to Effective Judicial Protection Against the Administrator or Data Processor

Without prejudice to any available administrative or non-judicial remedies, including the right to lodge a complaint with a supervisory authority, the individual has the right to effective judicial protection when they believe that their rights under the Regulation have been infringed as a result of the processing of personal data relating to them.


15.11. RIGHT TO COMPENSATION FOR DAMAGES


Any individual who has suffered material or non-material damages as a result of a violation of the Regulation has the right to receive compensation from the Administrator or the data processor for the damages incurred. Legal proceedings related to the exercise of the right to compensation are initiated before the courts of the Member State in which the Administrator or the data processor has its establishment.



16. PROCEDURE FOR EXERCISING RIGHTS


16.1. Individuals exercise their rights to withdraw consent, access, deletion, correction, restriction of processing, data portability, objection, and profiling rights by submitting a written request to the Administrator (or by mail to the address specified in the identification of the Administrator above in this privacy policy or by sending an email), which must contain the following information:

  • Name, address, and other identifying details of the individual;
  • Description of the request;
  • Signature, date of submission, and email address.

16.2. The request must be made personally by the individual. The Administrator keeps a register of requests submitted by individuals.


16.3. After the individual exercises their right to access their personal data, the Administrator verifies the identity of the individual before responding to the request. This is necessary to minimize the risk of unauthorized access to the data and identity theft. If the Administrator cannot identify the individual from the collected personal data, the Administrator has the right to request copies of documents that identify the individual (such as an ID card, driver's license, or other documents containing personal data that can identify the individual).


16.4. The Administrator reviews the request and provides the individual with information regarding the actions taken in relation to the request within two months of receiving the request. If necessary, this period may be extended by one more month, taking into account the complexity and number of requests.


16.5. The Administrator informs the individual of any such extension within one month of receiving the request, indicating the reasons for the delay. When the individual submits a request electronically, the information is provided electronically whenever possible, unless the individual requests otherwise.


16.6. If the Administrator does not take action on the individual’s request, the Administrator informs the individual without delay and no later than one month from the receipt of the request, explaining the reasons for not taking action and the possibility of filing a complaint with a supervisory authority and seeking judicial protection.


16.7. The Administrator is obliged to inform every recipient to whom personal data has been disclosed of any correction, deletion, or restriction of processing, unless this is impossible or requires disproportionate effort. The Administrator informs the individual regarding these recipients if the individual requests this information.



17. RIGHT TO OBJECT


17.1. The individual has the right to object at any time and on grounds relating to their specific situation against the processing of personal data concerning them. According to Article 21, paragraph 4 of Regulation 2016/679, the individual is explicitly informed of the existence of the right to object, which is presented clearly and separately from any other information. To fulfill this obligation, more information regarding the right to object will be provided in this section of the privacy policy.


17.2. The individual has the right to object at any time and on grounds relating to their specific situation against the processing of personal data concerning them when the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Administrator, or when the processing is necessary for the purposes of legitimate interests pursued by the Administrator or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the individual requiring protection of personal data, particularly when the individual is a child. The Administrator is obliged to cease processing personal data unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the individual or for the establishment, exercise, or defense of legal claims. Individuals exercise their right to object by submitting a written request to the Administrator by mail to the address specified in the identification of the Administrator above in this privacy policy or by sending an email.


17.3. When personal data is processed for the purposes of direct marketing, the individual has the right at any time to object to the processing of personal data concerning them for this type of marketing, including profiling, insofar as it is related to direct marketing. When the individual objects to processing for the purposes of direct marketing, processing of personal data for these purposes is terminated. Individuals exercise their right to object by submitting a written request to the Administrator by mail to the address specified in the identification of the Administrator above in this privacy policy or by sending an email indicating that they do not wish to receive promotional messages.



18. LINKS, TOOLS, AND CONTENT FROM OTHER COMPANIES


18.1. The website contains buttons, tools, or content that link to services of other companies, such as an “Instagram” button, as well as links to the Administrator's website developer and others. All sites of such companies accessible through this website are independent, and the Administrator does not assume any responsibility for damages or losses arising from the use of these sites. Individuals use these sites at their own risk, and it is advisable to familiarize themselves with the respective Privacy Policy of the relevant company to obtain more information.



19. CHANGES TO THE PRIVACY POLICY


19.1. This Privacy Policy may be updated at any time in the future. When this occurs, the amended policy will be published on this website with a new "Last Updated" date at the top of this Privacy Policy and will take effect from the date of publication. Therefore, it is advisable to periodically check this Privacy Policy to ensure that you are aware of any changes. The use of the website after the publication of the updated Privacy Policy will be deemed as your consent to the changes made.



20. CONTACTS


20.1. If you have any additional questions regarding this Privacy Policy, please do not hesitate to contact us at contact@talentvision.bg.