Privacy policy

INFORMATION BY AMPECO LTD. REGARDING PERSONAL DATA PROCESSING

The privacy of our employees, customers and partners is important to us. In this privacy statement we explain which personal data we collect and process, for what purposes and on what grounds, to whom we provide it, and for how long we store it. This policy also contains information about your rights as a data subject and the manners in which you can exercise them.

AMPECO may update this privacy statement and its most recent version will be available at ampeco.com/privacy-policy. AMPECO will inform you of all material changes to its terms via its website or other communication channels.

About the company

AMPECO LTD. (hereinafter referred to as AMPECO) is registered with Company ID 205394857, at 36 Dragan Tzankov blvd., entr. A, fl. 5., 1113 Sofia, Bulgaria.
For questions related to the processing of personal data, please contact us by e-mail at dataprotection@ampeco.com.

AMPECO in its capacity of Personal Data Controller conducts its activities in strict compliance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, in order to ensure confidentiality and lawful collection and processing of personal data and repealing Directive 95/46/EC (General Data Protection Regulation).
AMPECO is a data controller with respect to the personal data of its employees, customers, partners and counteragents for the purpose of execution of the respective employment or contractual obligations.

AMPECO is also a data processor with respect to the personal data of the users of the AMPECO Electric Vehicle ChargePoint Management Software-as-a-Service solution. All AMPECO Data Processor responsibilities are described in the AMPECO Data Processing Agreement (DPA), part of our SaaS Service Agreement.

What data do we collect? Types of processed personal data

AMPECO processes the following types of personal data:

Identification information:

full name;
e-mail address;
permanent or current address (street, number, zip code, city, country);
ID card’s (passport) data (relevant for our employment or service contracts);
employment history, NSSI (social security and insurance) data, personal identification number, bank account number (relevant for our employment contracts);

Contact information:

mobile/fixed phone number
email address
your job position and employer based on public or subscription-based registers (e.g. LinkedIn)
similar details of contact persons related to you

AMPECO processes public information such as from official public registers, which are responsible for keeping this information legally or purchasing them from companies that are responsible for the lawful collection of personal data. Such public data is processed for the purposes listed in the relevant sections below.

How do we collect your data?

AMPECO collects personal data:

Directly from you via registration forms on our website ampeco.com or via our e-mail platform when you contact us via e-mail;
Directly from you as an AMPECO hiring candidate during our recruitment process via our e-mail system and our HR platform or directy from you as an AMPECO employee via our HR Platform;
Directly from you as a prospective customer during our sales engagement process via our e-mail platform.

How do we process your data?

Personal data is processed by the employees of AMPECO and by our suppliers with whom AMPECO has signed a service contract incl. a Data Protection Agreement (DPA).

Personal Data, collected by AMPECO in its capacity of Personal Data Controller, may be processed for the following purposes:

Employee identification and authentication: necessary for compliance with the legal obligations of AMPECO as employer or to protect your vital interests as data subject;
Reporting to the state and control authorities – National Revenue Agency, National social security institute, etc.: necessary for compliance with the legal obligations of AMPECO as employer;
Drawing up contracts at your request – to enter into contractual obligations with you, as a customer or as a co-contractor AMPECO must have your specific personal data (e.g. name, date of birth, ID card number) as well as your contact details;
Marketing: We use contact information provided directly by you to send you relevant marketing materials (including newsletters) as per the options you have selected via submitting a form on our website. We offer the options to manage your preferences or unsubscribe.
We use cookies according to our cookie policy.
We use contact information to send targeted Sales materials based on your preferences indicated while using our website.
Customer analytics: we process the data you have provided as per the options you have selected (via the use of cookies or directly) to utilize Google Analytics and Google Ads services: we share aggregated data with Google Analytics.
Litigations – Establishment, exercise, and defense of AMPECO‘s rights – AMPECO will process its clients’ data in order to protect its rights in court/ litigation procedures.

How long do we store your data?

AMPECO processes your personal data while a contract governing our relationship is active, and for as long as required by applicable laws. The exact duration of the data processing is listed below:

Personal data of our customers stored in Service contracts – 5 years after service termination;
Employee identification and authentication – for the duration of the employment contractReporting to the state and control authorities – National Revenue Agency, National social security institute, etc. – indefinitely as stipulated by Bulgarian law;
Marketing and Sales: for as long as you remain subscribed.

How to contact the appropriate authority?

The Data protection authority in Bulgaria is the Commission for Personal Data Protection. You may contact them by following the process described in the Lodging complaints and alerts page on their website: https://www.cpdp.bg/.

What are your rights as a Data Subject?

If you are a person whose personal data is processed by AMPECO under the General Personal Data Regulation, effective since 25.05.2018, you have the following rights:

Right to access – Upon your request, as the data subject, AMPECO shall provide information about the categories of the personal data relating to you, which are being collected and processed by us.
Right of rectification, blocking (restriction of processing), and/or erasure (deletion) – Upon your request, AMPECO shall correct, erase or cease the processing of your personal data. In such cases, AMPECO shall notify all third parties to whom your personal data has been disclosed regarding all rectifications and erasures that have been made or all cases of restriction of processing of your personal data.
Right to data portability – you have the right to request to receive your personal data processed by AMPECO, in a structured and commonly used and machine-readable format.
Right to object – As a data subject, you have the right to object to the processing of your personal data when the processing of personal data is based on the AMPECO ‘s legitimate interest. AMPECO shall review your objection and shall provide its opinion in writing within 30 days unless this term needs to be extended, for which we will notify you in due time. After reviewing the objection, AMPECO will generally discontinue the processing of your personal data and will notify all interested parties to whom the personal data have been submitted of the objection received and of the measures taken in this regard. In some cases, however, AMPECO has an indisputable legal basis to continue the processing of your personal data even after receiving your objection (for example, in cases of unsettled contractual relations, lawsuits etc.). In such cases, AMPECO will contact you to clarify the reasons why it will continue to process your personal data.
Right to withdraw the consent given for personal data processing for the purposes outlined in the Declaration of Consent. The withdrawal can be done via a consent withdrawal declaration.
Right to raise a complaint with the Commission for Personal Data Protection (CPDP) – as the data subject, you have the right to raise a complaint with the Commission for Personal Data Protection (CPDP) against the actions of AMPECO in connection with the processing of your personal data. We would, however, appreciate the chance to deal with your concerns before you approach the CPDP so please contact us in the first instance.

In the cases when you are exercising your rights as a data subject, it would be necessary for you to make a detailed description of your request in the application submitted to AMPECO. When exercising your rights, AMPECO will need to verify your identity so as to avoid anyone else trying to impersonate you. For this purpose, we may require an ID card or other identification document when providing you with the information you request.
You may ask in writing various questions about the processing of your personal data by AMPECO, electronically at dataprotection@ampeco.global.
If you do not agree with AMPECO‘s position regarding your inquiry or if you wish to receive more information, please visit the website of the Commission for Personal Data Protection at www.cpdp.bg where you could file a complaint.
In the cases when AMPECO has received your personal data from third parties, e.g. your employer is processing them for its own purposes, you may file a complaint against the actions of these third parties directly to them. In these cases AMPECO is acting in its role as data processor and shall route the data subject’s request to the respective data controller.

The exercise of your rights can not be opposed to the provision of your personal data to the competent authorities for the prevention, investigation, and detection of criminal offenses.

The current version 2.0 is published in Sept 2023.

Past versions

Version 1.0 published Jun 2020

Version 1.1 published Sept 2021

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_131368643_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
CONSENT	16 years 3 months 14 days 11 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_lfa	2 years	This cookie is set by the provider Leadfeeder. This cookie is used for identifying the IP address of devices visiting the website. The cookie collects information such as IP addresses, time spent on website and page requests for the visits.This collected information is used for retargeting of multiple users routing from the same IP address.
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.