Privacy policy 1.1

Valid until October 2023
See the newest version: https://www.ampeco.com/privacy-policy/

INFORMATION BY AMPECO LTD. REGARDING PERSONAL DATA PROCESSING

Your privacy is important to us. We have taken all the necessary organizational and technical measures in order to process your personal data in a manner that is lawful, appropriate and transparent. In this privacy statement by “AMPECO” LTD., we explain which of your personal data we will process, for what purposes and on what grounds, to whom we could provide them, and for how long we will store them.

We recommend that you read this information carefully so that you know more about the manner of processing of your personal data as a client, potential client, related party to a client of ours, counterparty, contact person, representative of a legal entity, or any other interested party. Regardless of what are the purposes and the grounds on which we process your personal data, AMPECO will treat your data with equal care. This document also contains information about your rights and the manners in which you can exercise them.

AMPECO may update this privacy statement and its most recent version will be available at ampeco.com. „AMPECO” LTD. will inform you of all material changes to its terms via its website or other communication channels.

You will also find more information about the Bulgarian privacy legislation on the website of the Bulgarian Commission for Personal Data Protection at www.cpdp.bg

1. About the company

„AMPECO” LTD. (hereinafter referred to as AMPECO), Company ID 205394857, 2 Nikolay Haytov Str., 1113 Sofia, Bulgaria. For questions, related to the processing of personal data, please contact us by e-mail at dataprotection@ampeco.com.

AMPECO in its capacity of a Personal Data Controller conducts its activities in strict compliance with the requirements of the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, in order to ensure confidentiality and lawful collection and processing of clients’ personal data.

AMPECO is a controller with respect to the personal data of its clients but also a personal data processor of data provided by its counteragents for the purpose of execution of respective contractual obligations, whereas in the second case AMPECO strictly follows the controller’s instructions in carrying out this activity.

2. Definitions

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, a personal identification number, location data, gender, address, telephone number, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing of personal data” is any operation or set of operations which is performed on personal data whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

3. Rights of Data Subjects

If you are a person whose personal data is processed by AMPECO under the General Personal Data Regulation, effective since 25.05.2018, you have the following rights:

Right to access – Upon your request, as the data subject, AMPECO shall provide information about the categories of the personal data relating to you, which are being collected and processed by us, and information about the purposes of the processing, the recipients, or categories of recipients to whom your data are disclosed and the sources of this data, except the cases when the data was collected directly from you.
Right of rectification, blocking (restriction of processing), and/or erasure (deletion) – Upon your request, the AMPECO shall correct, erase or cease the processing of your personal data. In such cases, AMPECO shall notify all third parties to whom your personal data has been disclosed regarding all rectifications and erasures that have been made or all cases of restriction of processing of your personal data.
Right to data portability – As a data subject, you have the right to request to receive the personal data concerning you, which you have provided to AMPECO, in a structured and commonly used and machine-readable format and you have the right to transmit/transfer those data to another Controller without hindrance from AMPECO as personal data controller, to whom the data was provided, where the processing is based on consent or on a contract or the processing of your personal data is carried out by automated means.
Right to object – As a data subject, you have the right to object to the processing of your personal data when the processing of personal data is based on the AMPECO ‘s legitimate interest. AMPECO shall review your objection and shall provide its opinion in writing within 30 days unless this term needs to be extended, for which we will notify you in due time. After reviewing the objection, AMPECO will generally discontinue the processing of your personal data and will notify all interested parties to whom the personal data have been submitted of the objection received and of the measures taken in this regard. In some cases, however, AMPECO has an indisputable legal basis to continue the processing of your personal data even after receiving your objection (for example, in cases of unsettled contractual relations, lawsuits etc.). In such cases, AMPECO will contact you to clarify the reasons why it will continue to process your personal data. If your objection concerns the processing of personal data for direct marketing, the AMPECO will suspend unconditionally the processing of your for that purpose.
Right to withdraw the consent given for personal data processing for the purposes outlined in the Declaration of Consent. The withdrawal can be done via a consent withdrawal declaration.
Right to lodge a complaint with the Commission for Personal Data Protection (CPDP) – as the data subject, you have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP) against the actions of AMPECO in connection with the processing of your personal data. We would, however, appreciate the chance to deal with your concerns before you approach the CPDP so please contact us in the first instance.

In the cases when you are exercising your rights as a data subject, it would be necessary for you to make a detailed description of your request in the application submitted to AMPECO. When exercising your rights, AMPECO will need to verify your identity so as to avoid anyone else trying to impersonate you. For this purpose, we may require an ID card or other identification document when providing you with the information you request.

You may ask in writing various questions about the processing of your personal data by AMPECO, electronically at the e-mail indicated in item 1 above.

If you do not agree with the AMPECO ‘s position regarding your inquiry or if you wish to receive more information, please visit the website of the Commission for Personal Data Protection at www.cpdp.bg where you could file a complaint.

In the cases when AMPECO has received your personal data from third parties, e.g. your employer is processing them for its own purposes, you may file a complaint against the actions of these third parties directly to them.

The exercise of your rights can not be opposed to the provision of your personal data to the competent authorities for the prevention, investigation, and detection of criminal offences.

4. Types of processed personal data

AMPECO may process different types of personal data related to your physical, social or economic identity. Such data may be obtained from you as the data subject or from third parties.

AMPECO may process some or all of the data categories listed below in order to achieve the purposes described below, only if it has a good reason to do so.

a) to identify you:

full name
permanent address (street, number, zip code, city, country)
current address (street, number, zip code, city, country)
ID card’s (passport) data.

b) to contact you:

phone number – mobile/fixed
email address
address (street, number, zip code, city, country)
your job position in your respective company
similar details of contact persons related to you.

AMPECO sometimes processes public information such as from official public registers, which are responsible for keeping this information legally or purchasing them from companies that are responsible for the lawful collection of personal data.

Such public data may be processed for the purposes listed by AMPECO in this document.

5. Recipients of personal data

Personal data is generally processed by the employees of AMPECO. The processing of personal data may also be carried out by personal data processors with whom AMPECO has signed a contract for this purpose. Where there is a legitimate reason, personal data may be provided to other administrators to use for their legitimate purposes.

In case the recipients mentioned above are established outside the European Economic Area AMPECO shall forward personal data to non-EEA member countries (third countries), provided that an adequate level of personal data protection is ensured in accordance with the local and European laws, and that the personal data provided are sufficiently protected in the third country concerned, and with the approval of the Commission for Personal Data Protection. Your personal data may be transferred to a third country outside the EEA European Economic Area with your explicit and freely given consent. AMPECO will take all the necessary measures to protect your personal data by limiting its availability to third parties in or outside the European Economic Area.

6. Purposes of personal data processing

Personal Data, collected by the AMPECO in its capacity of Personal Data Controller, may be processed for different purposes on a different lawful base, as follows:

6.1. Purposes, where personal data processing is based on legal obligations:

a. Client identification and authentication of personal data pursuant to the Law.

b. Reporting on the state and control authorities – National Revenue Agency, National social security institute, etc.

6.2. Purposes for which the processing of your personal data is performed on the basis of the performance of a contract

a. Drawing up contracts at your request – to enter into contractual obligations with you, as a customer or as a co-contractor AMPECO must have your specific personal data (e.g. name, date of birth, PIN, ID card number) as well as your contact details. It is possible that AMPECO would require additional information, depending on the type of services that are subject to the contract.

b. Execution of commercial contracts concluded with your employer or assignor – AMPECO may process personal data, provided by its counteragents – your employer or assignor for the purpose of execution of specified contractual obligations and rights.

c. Litigations – Establishment, exercise, and defense of AMPECO‘s rights – AMPECO will process its clients’ data in order to protect its rights in court/ litigation procedures, when settling claims with the help of hired solicitors/lawyers, etc. This pertains to situations where your personal data is processed in connection with the administration of information related to litigations, judicial warrants, petitions, and court decisions.

7. Term of storage of personal data

AMPECO shall use your personal data only when AMPECO has a clear purpose in mind. Personal data cannot be kept for longer than it is necessary for the purpose(s) for which such personal data is used.

The grounds for storing your data are rooted in the legal retention period (which is often ten years after the end of the legal relationship). The term may be longer when this is necessary for us to be able to exercise our rights. Where there is no legally defined time limit, the period may be shorter.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.

Cookie	Duration	Description
__hstc	1 year 24 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_131368643_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
_hjAbsoluteSessionInProgress	30 minutes	No description available.
_hjFirstSeen	30 minutes	This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.
_hjid	1 year	This is a Hotjar cookie that is set when the customer first lands on a page using the Hotjar script.
_hjIncludedInPageviewSample	2 minutes	No description available.
_hjTLDTest	session	No description available.
CONSENT	16 years 3 months 14 days 11 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.

Cookie	Duration	Description
_lfa	2 years	This cookie is set by the provider Leadfeeder. This cookie is used for identifying the IP address of devices visiting the website. The cookie collects information such as IP addresses, time spent on website and page requests for the visits.This collected information is used for retargeting of multiple users routing from the same IP address.
AnalyticsSyncHistory	1 month	No description
li_gc	2 years	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.