Privacy and Data Protection Policy

Contents

1.      Personal Data Controller.

2.      What types of personal data does the company process?.

2.1.        Personal data processed:

2.2.        Processed technical data that can identify you.

3.      How does the Company collect and process your personal data?

4.      Who will have access to your personal data?

5.      Where will your personal data be processed?

6.      What are your rights in relation to your personal data?

7.      How can you object to the processing of your personal data?

8.      How long does the company keep your personal data?


 

Privacy and data protection policy

 

"PARTNERS GROUP BG" Ltd, UIC: 204779330 (the Company) is active on the Bulgarian market in the provision of financial intermediation services as an insurance broker, credit intermediary, insurance intermediary and tied agent of an investment intermediary. When carrying out commercial activities, the protection of your data is a top priority for us and therefore we process it while minimizing the data to the minimum necessary and limiting the time periods for their storage, applying appropriate technical and organizational measures for their security.

We value the privacy of your life and health and the confidentiality of your data.

This Privacy and Personal Data Protection Policy (the "Policy") is intended to provide you with general information about how and what types of personal data we process (or collect from and about you), why we need it, to whom it may be provided or disclosed, and for how long it will be retained. Familiarize yourself with this Policy and do not hesitate to contact us - in case you have additional questions related to the Company's personal data processing activities or your rights as a data subject.

1.       Personal Data Controller

The person who, alone or jointly with another person, determines the purposes for which personal data will be processed (collected, used and stored) on paper or in electronic form shall have the status of "controller".

The Company acts as the controller of your personal data where there is a basis for processing it, for example in connection with analysing your personal finances and the services provided by the Company and; the fulfilment of your requests, applications, requests and complaints to the Company or relating to its business; the performance of contracts with the Company to which you are a party or are a party's agent; the enforcement of or defence against your claims against the Company; the pursuit of the Company's other lawful/legitimate interests; the provision of information to the Company; the processing of your personal data; the provision of information to the Company; the processing of your personal data in accordance with the Company's law; the processing of your personal data in accordance with the Company's law. In certain cases, the Company may also process your personal data as a joint controller with other data controllers who also process information about you on a lawful basis, and as a processor - where the Company is entrusted with such processing.

2.       What types of personal data does the company process?

2.1.      Personal data processed:

In connection with our activities as an insurance broker, credit intermediary, insurance intermediary and tied agent of an investment intermediary where the Company administers insurance relationships, intermediates credit, pension and investment products, we process only your personal data that is necessary under applicable Bulgarian law. In this regard, we would like to inform you that where the insured/beneficiary of an insurance policy is a minor child (an individual under 14 years of age), we will require the submission of a document certifying the child's parents (such as a birth certificate) and the submission of an identification document from the parents/leave. In certain circumstances, we may also process personal data of your spouse/partner which you have provided to us for the purposes of the relevant legal relationship and consented to its processing. We process more personal data about you:

  • Upon entering into an Assignment Agreement authorizing us to represent you before financial institutions;
  • when completing your financial analysis and insurance application - because we aim to provide you with a better, more affordable and efficient service to enable you to choose the best insurance and credit product;
  • when concluding an insurance contract - because we have to fill in all the data required by the insurer about you as the insurer and/or the insured, which the insurer requires for the purposes of the insurance relationship;
  • when mediating the conclusion of a credit agreement - in order to provide all the data required by the credit institution (bank) about you, your financial / employment situation, which are necessary for the bank for the credit relationship;
  • when mediating the provision of pension insurance services - in order to provide all the data required by the pension insurance company about you, your financial / employment situation, which are necessary for the pension insurance company for the pension insurance relationship;
  • when mediating the provision of investment services - in order to provide all the data required by the investment intermediary about you, your financial situation, which are necessary for the pension insurance company for the pension insurance relationship;
  • when dealing with your complaints/requests/grievances and resolving disputes with you - because it is important for us to deal with your requests and complaints individually and to meet your expectations and needs in the best possible way;
  • when establishing a contractual relationship with you or with a natural or legal person you represent - because it is important for us to identify the person who, by signing the relevant contract or document addressed to us or drawn up in connection with a particular relationship with us and assuming certain rights and obligations for him or for a third party, is actually the person who has representative authority;
  • when making business contacts with you - where you have provided us with contact details in relation to our current or potential future business ventures, or where your contact details have been provided to us by your employer in connection with your employment functions.

In view of the above, depending on the purposes of the processing, the Company may process (including collect and use) different types of personal data about you, for example:

  • Names
  • Academic title
  • Address (permanent, current)
  • Unique civil number or other identification number
  • Date and place of birth
  • Nationality
  • Gender
  • Health details, details of GP or specialist doctor
  • Copy of identity document
  • Identity document details
  • Telephone numbers
  • E-mail addresses
  • Signature
  • Bank account
  • Workplace/employer details
  • Data on descendants (children)
  • Details of property/financial situation
  • Sports activity
  • Traffic data
  • Data about your location
  • Data about IP addresses
  • Video images
  • Photography on the face
  • Photo ID
  • Photograph of a second identity document
  • Personal data included in signed documents
  • Biometric information (facial recognition)
  • Data required for mandatory identification of a client under the MIPA (information on the office held by a prominent political figure)
  • Information concerning knowledge and experience of the products and services offered by the investment firm, including education and profession, the financial situation of the client, investment objectives and loss-bearing capacity, including the level of risk tolerance, except in statutory cases where such information is permissibly not required

The Company directly and directly applies the principle of minimization of personal data processed. The types of personal data that are processed are determined in accordance with the specific nature of the Company's business and the risks directly related to it, necessitating the Company to take measures to safeguard the interests and legitimate rights of its customers - users of financial services.

The Company does not collect or use personal data revealing racial or ethnic origin[1], religious or philosophical beliefs or trade union membership, or data about an individual's sexual orientation.

2.2.      Processed technical data that can identify you

When you visit our website www.partnersgroup.bg (the Website), the Company collects information about you that may qualify as "personal data" when processed in combination with other information about you collected in connection with the operation of the Website. Such information (data) is information that indicates your user interests and behaviour. This other data is processed in connection with your behaviour as a user of the Website and/or in connection with the functioning of the Website and the adequate provision of the services you have requested, provided through the Website (temporary data (cookies) and other technical data recorded on your device through which you access the browser in which the Website functions). Such other data includes in particular the following information:

  • information about your browser;
  • information obtained from cookies, use of pixel tags and other technologies;
  • demographic information and other information provided by you; and
  • summary information from the use of the website.

This data is used by the Company to improve the performance of the Website, to improve the user experience of the Website, to facilitate page management, to acquire information about user habits and for targeted advertising.

We and our third party service providers may obtain this other data in a variety of ways, including:

-       Through your internet browser: most websites collect certain types of information, such as your IP address (i.e. the address of your computer on the internet), screen resolution, operating system type (Windows or Mac) and version, internet browser type and version, time of visit to the page(s). We use this information for purposes such as calculating the level of traffic to our website, diagnosing server problems and managing the website.

-Use of          cookies: cookies are small text files that are stored on your computer or mobile device when you visit a website. They allow the website to remember your actions and preferences (such as username, language, font size and other display settings) for a set period of time so you don't have to enter them each time you visit the site or move from page to page. The cookie itself does not contain or collect information except when read by a server through a web browser; it may provide information for the purpose of making the service more convenient for the user by logging, along with other other data, and the user's preferences, by identifying errors and/or collecting data for statistical purposes. These files will not harm your computer, but allow us to recognize your computer and collect information such as browser type, time spent on the website, pages visited, language preferences and the respective country of the website.

Below is a description of the cookies we use on our website for the Republic of Bulgaria, what their function is, what data they collect and how we use them.

One of the cookies we collect are session cookies - these are necessary to perform important functions on the Website, such as remembering a repeating form field within a browser session. They also assist in limiting the need to transfer information across the internet. They are not stored on your computer and are deleted when you end your browser session. It is important that you are informed that we cannot guarantee the correct use of the Website without the use of cookies.

You can opt-out of receiving cookies from your browser settings. However, if you do not accept the use of these cookies, you may experience some inconvenience when using the Website and some online services. For more information, see the Website's "Cookie Management Policy". You can also delete any cookies already stored on your computer and you can also set most browsers to block them. However, if you do this, you may have to manually set some parameters each time you visit a Site and, in addition, some services and features may not work.

We also collect personal data about you by you completing our contact forms via our website.

3.       How does the Company collect and process your personal data?

As already stated, the purposes for which the Company processes your personal data are:

  • Analysis of personal finances, the provision of services by the Company and the performance of its contracts;
  • fulfillment of your requests, requests, applications and complaints to the Company or related to its activities;
  • protect the rights and interests of the Company in connection with the performance of contracts to which you are a party or are a party's agent;
  • performance of legal obligations;
  • realization of legal/legitimate interests of the Company related to its commercial activities, business processes;
  • providing information about the services offered by the Company, direct marketing;
  • statistics, reporting and pre-contractual relations with the Company.

To achieve these purposes, the Company collects data in various ways, with the most frequently processed personal data being provided by you personally. There are also other sources from which the Company may obtain information, for example - from our partners; from your representatives; from your employer; from official registers (such as the property register, the commercial register, the central register of pledges, the central credit register, etc.); from databases of state authorities (the National Insurance Institute, the National Revenue Agency, etc.); from our video surveillance devices and/or for information connectivity to the Internet.

The Company processes your personal data through various processing operations (including, but not limited to: collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction) carried out manually and automatically. The type and manner of processing operations depend on the stated purposes of the processing and the business processes related to those purposes. In the course of its processing activities, the Company may use processors in respect of whom it exercises control to ensure that the high level of security and confidentiality of the personal data processed is maintained.

It is important to note that your consent to the processing of personal data is not the only legal basis on which the Company bases its data processing activities. Therefore, the Company will lawfully process information about you even if you do not expressly consent to such processing or, if you have given your consent, you have exercised your right to withdraw your consent to such processing.

In this regard, we would like you to note that, for the purposes set out above, where your consent is not a necessary condition for the processing of your personal data, the Company may request that you provide information or disclose/provide such information to a third party on grounds relating to the realisation of its legitimate/legitimate interests (e.g. to prevent financial/insurance fraud, for the successful implementation of our business activities and strategy, etc.). The security of your data is a priority for us and, notwithstanding the need to realise the Company's legitimate/legal interests, appropriate technical and organisational protection measures will be implemented to protect your data.

The specifics of the Company's business activities require the processing of personal data, and it is therefore important that you take into account the fact that if you are unwilling to provide us with some of the data we have requested, the Company may not be able to offer/provide you with the services you are interested in or the assistance you require, or to make proposals tailored to your specific needs.

4.       Who will have access to your personal data?

The Company guarantees that your personal data will only be processed in accordance with the stated purposes. In connection with these purposes, your data may be provided/disclosed/transmitted to third parties acting as data controllers, for example:

  • State and other public authorities (such as municipalities, internal affairs authorities of the Republic of Bulgaria and of third countries; other control bodies);
  • Courts, prosecutors, notaries, private bailiffs;
  • Our counterparties in connection with the insurance / credit relationship - insurers, banks, reinsurers, other credit / insurance intermediaries.

In connection with the above purposes, we may also provide the data to persons acting as data processors or as joint controllers in respect of whom the Company is the controller, such as:

  • Other companies in our group;
  • technical consultants, lawyers, accountants, as well as companies to which we provide specific activities (e.g. IT support, etc.).

In addition to the above, we may provide your data to third parties:

  • in the event of a planned or actual reorganization of the Company, such as a merger, sale of a business, or any other disposition of any part of our business or assets, including in bankruptcy proceedings;
  • to comply with a legal obligation, including, for example, proceedings initiated by your alert/complaint;
  • to ensure the timely and accurate development of insurance claim handling, loan refinancing, etc.

As stated above, the security of your data is a priority for us and therefore the Company will not disclose/provide/transmit your data to third parties who do not have a reasonable right to know information about you.

5.       Where will your personal data be processed?

Your data is mainly processed on the territory of the Republic of Bulgaria and within the European Union.

Regarding the place of processing of your data, it should be pointed out that the Company may also use "cloud" technologies for the processing of your data. In this respect, we would like you to know that the Company's practice requires the conclusion of a contract with the providers of such technologies, which contains explicit instructions on the data protection and data confidentiality measures that the providers are obliged to comply with. In the event that the processors engaged by the Company use such technologies for the purposes of their activities, the Company shall place requirements on the processors and shall ensure that they also implement and require the providers of cloud technologies to implement a high level of protection for the data processed by such technologies. Notwithstanding the foregoing, it is important to take into account the fact that cloud service and technology providers implement enhanced safeguards by default, providing a significantly high level of data protection.

6.       What are your rights in relation to your personal data?

The practices and methodologies we have adopted to protect data and ensure information security set the parameters for the measures we have established, which are aimed at:

  • ensuring confidentiality of information by implementing a system of approved restrictions on access and disclosure of information;
  • ensuring the integrity of information by protecting against unauthorised modification or deletion of information;
  • Ensuring information availability through reliable and timely access to information;
  • Achieving information accountability - by introducing controls over access and rights to information systems.

As a data subject, under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("General Data Protection Regulation"), you have the following rights:

  • right of access to your data - at your request, we will provide you with information about your data that is being processed;
  • the right to rectification of your data - if you consider that certain of your data that we process is no longer up to date or is incorrect for another reason, you have the right to request rectification of those data that are being processed;
  • the right to erasure of your data (right to be forgotten) - you have the right to request the erasure/deletion of the data we process about you, and we will only grant your request if there is no longer a legal basis for us to process your data. Accordingly, we may also partially grant your request for erasure/deletion;
  • the right to restriction of processing - you have the possibility to exercise this right only when you have contested the accuracy of the processing of your data, and the restriction of processing can only be for the period in which we verify the accuracy of your data; when the processing is unlawful but you object to the erasure of the data; when we no longer need your data for the purposes of processing, but you as the data subject require them for the establishment, exercise or defence of your legal claims; when you are
  • the right to data portability - you may ask us to transfer all or part of your data that is being processed and that you have personally provided to us to you or to another controller in a machine-readable format where the processing of that data is based on your consent or on the performance of a contract and where the processing is carried out by automated means;
  • the right to object to automated processing of your data, to processing by profiling and to processing for direct marketing purposes - we give you the opportunity to exercise this right at any time and free of charge;
  • right to be informed of security breaches - you have the right to be informed promptly of any breach of security of your data and we will comply with our obligation in this respect by posting on the Website information about any such breach, and we may send you information by email where you have provided us with such information and it is correct;
  • right to object to processing for direct marketing purposes - you have the right, at any time and free of charge, to change your marketing preferences and to withdraw consent already given to the processing of your personal data for direct marketing purposes or to object to such processing ;
  • the right to withdraw consent to the processing of personal data - you have the right, at any time and free of charge, to withdraw consent to the processing of personal data that you have already given. We would like you to know that your consent is not the only basis for processing your personal data, therefore we may continue to process your personal data after your consent has been withdrawn.

You may exercise the rights described by changing the settings of your browser or mobile application, to the extent technically feasible, or by contacting us at the contacts described below, by completing a General Data Protection Regulation Rights Exercise Form, which can be found on our Website (www.partnersgroup.bg) or provided to you at our office, and submitting it to the Company on paper or by post, or by sending it electronically to the Company's email address.

Given the fact that the Company contacts (establishes legal relationships) with different categories of persons and on different occasions (including on the occasion of your actual and indirect participation in certain events), the correct consideration of your application for the exercise of rights is directly related to your accurate identification of the circumstances under which it is necessary for the Company to process your personal data.

In exercising your rights as a data subject, it becomes necessary for the Company to request and process certain of your personal data for the purposes of establishing and verifying your identity. As a personal data controller, the Company is not only obliged to provide a way for you to exercise your rights, but it is also obliged to ensure that these rights are only exercised by the subjects who are the actual holders of the relevant right governed by the General Data Protection Regulation.

Your request for the exercise of rights will be dealt with promptly, in general cases in no more than 30 (thirty) calendar days, unless your request is specific and involves a thorough investigation of information. Our team will make every effort to keep you informed by email in the event of a delay in processing your request. Given the fact that the Company highly appreciates the need for data protection, the same has established and implemented a procedure for handling applications for the exercise of rights under the General Data Protection Regulation, which also spells out the time limits for processing and responding to an application for the exercise of rights by a data subject.

In addition to the above, it is important to be informed that in certain rare circumstances (for example, the death of a data subject) you may also exercise the rights of another data subject. In such a case, you will also have to submit documents certifying your relationship (your relationship) with the data subject whose rights you wish to exercise to the application (General Data Protection Regulation Exercise of Rights Form).

7.       How can you object to the processing of your personal data?

You have the right to object to the processing of your personal data by the Company or to stop the processing (including for direct marketing purposes). Once you have notified us of this wish, we will cease processing your personal data unless the same is permitted or justified in view of the existence of another legal basis for processing. If in the course of processing we have disclosed your personal data to third parties, we will immediately notify these parties of your exercised objection.

8.       How long does the company keep your personal data?

The duration of the processing of your data is also in accordance with the purposes of the processing and the legal requirements for the storage of accounting and tax information. The determination of the specific storage period of your personal data is determined by the type of relationship we have established with you and in connection with which we process personal data. Thus, for example, in connection with our activity of only presenting (introducing) a financial product or providing a sample offer , we do not normally collect and record your personal data (possibly our employees may become familiar with your personal data by you providing them with certain identification documents). Therefore, we will not store personal data about you in these cases. However, if you have requested a personalised offer e.g. for insurance (without having entered into an insurance contract), we will collect and store your personal data in accordance with our financial analysis and delete it after one year from the date of receipt of the data.

The Company has established and implemented a retention schedule for all types of data we process and monitors compliance with it. The Company will not keep your personal data for longer than is necessary and will only keep it in relation to the purposes for which it was collected.

HOW CAN YOU CONTACT US?

"PARTNER GROUP BG LTD                                                                                                                                        

Sofia, 1000, SO-region "Triaditsa " , ul. "Tel.: +359 (2) 907 2190

You can contact our Data Protection Officer by email at info@pgbg.bg or via the enquiry form published at http://www.partnersgroup.bg/kontakti.

With regard to the collection and processing of your personal data, you may also contact the Commission for Personal Data Protection at the following address: 1592 Sofia Blvd. "1595 Proff. 2 Tsvetan Lazarov; www.cpdp.bg.

WHEN IS THIS POLICY UPDATED?

We review this Policy periodically. The current version can be found on our website: http://www.partnersgroup.bg, and we will notify you of any significant changes that may affect you by posting information about the changes. The latest update to this Policy is dated 15.2.2024.



 

[1] The processing of this type of personal data may only be considered if the racial or ethnic origin is apparent from a photograph of the data subject; however, this is not intended processing and the Controller does not process this type of personal data to fulfil the specified purposes of the processing.