All processing of personal data by this website is carried out in compliance with the data protection principles and rules as set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) and the Bulgarian Personal Data Protection Act. The website’s policies, procedures, website and educational platform are designed to ensure compliance with these principles and rules.
Your privacy is important to us. Your personal data will be processed on need-to-know basis only.
This notice applies to all personal data and information we collect from you when you use this website and/or the website’s educational platform and/or services. You can also find this Privacy Notice by visiting our website or by approaching us via the contact details listed in the contact section of this website.
For the purposes of this Privacy Notice, the data controller is Ex Pay EOOD, registered with the Commercial and NPLE Register under the laws of the Republic of Bulgaria, Unique Identification Code 201882510, having its seat and registered address in Sofia 1000, 27 Moskovska Str., entr. A, floor 1, app 2, Republic of Bulgaria. Contact details can be found in the contact section of this website. This website is owned and managed by the data controller.
Information and personal data we may collect from you
Personal data within the meaning of the GDPR is any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, identification number, location data, online identifier, etc.
We may collect and process the following information, including the following categories of personal data within the meaning of the GDPR, about you:
Information and personal data that you provide to us when registering and requesting access - via password or otherwise - for an educational program at the website, including: names (as appearing on your payment card), names and e-mail as appearing on other social media used to register/login on the website (such as Google or Facebook accounts), payment card details (number, validity, CVV/CVC code, PIN code, if applicable), e-mail address;
Information and personal data that you have to provide to us for the purposes of issuing of invoice(s) for payments made by you for services used via our educational platform (when invoicing is requested or required under applicable law), namely: names, personal ID/tax number, address, e-mail address for invoicing, payment card details (number, validity, CVV/CVC code, PIN code, if applicable);
Information that we obtain or learn, such as information about the browser or device you use to access this website, how you use this website and the pages you visit, including cookies.
We may also ask you for information if you experience problems when using this website. If we have an existing relationship with you, and we are able to identify you from information obtained or provided by your use of the website, we may associate those sets of information, for example to enable us to respond to a query you have submitted.
How we use your information / personal data
We will only process your information and personal data where we have your consent, or we have another legal basis for processing it under the GDPR and the Bulgarian Personal Data Protection Act. Unless we say otherwise below, we will use your personal information and personal data on the basis that it is within our legitimate interests in operating and maintaining the website and providing you with website functionality and related services, including inter alia the educational services. We will process only personal data which is needed for operating and maintaining the website and providing you with website functionality and related services, including inter alia the educational services.
Upon your consent, or in cases when it is permitted by law, we may use your personal data, namely email address and names, for informational and marketing purposes, which include contacting you for provision of information, news about our website and educational services we offer, news about new functionalities on our website, etc. Such consent may be revoked at any time by you, through the functionality (link) provided for in each e-mail.
We will use and process your information and personal data provided or obtained via this website for the following purposes:
To respond to your inquiries (for example, if you have asked a question or submitted a complaint via the website) – in this case your consent to the personal data processing is presumed by sending the respective inquiry/complaint;
To carry out our obligations under contracts entered into between you and us, as well as between us and our partners (if any), including inter alia to provide to you the ordered educational services and to allow registration and login to the website;
To notify you about changes to the website, as well as about educational services, new courses and trainings, projects and functionalities available on the website;
To ensure that the website content is presented in the most effective manner for the device you are accessing it from;
To detect and prevent misuse or abuse of this website or our services, including for anti-money laundering and anti-terrorism financing purposes;
To meet our compliance obligations, to comply with laws and regulations that we are subject to. This may include processing personal data to help detect or prevent crime (including terrorism financing, money laundering and other financial crimes). We will only do this on the basis that it is needed to comply with a legal obligation, it is in our legitimate interests and that of others or to prevent or detect unlawful acts.
Who we will share your information / personal data with
We will not sell your personal data to third parties. Any disclosure of personal data to third parties will be done only to the extent allowed by the GDPR and the Bulgarian Personal Data Protection Act.
We may share your information / personal data in order to provide you with a service you have requested, or if we have a legitimate interest in doing so (e.g. to manage risk, verify your identity, to combat fraud, abuse of our website or services), or where you have given your consent to doing so. We may share your information / personal data with others including with our service providers, anyone else whose products and services you have requested, anyone who we are under an obligation to disclose information to or where it is in the public interest, for example to prevent or detect fraud, abuse of our website or services.
We may collect information about your computer (or mobile device), including where available your IP address, for system security.
Cookies are small files with information sent from the web server and stored in the user's Internet browser (for example, information on the selected language, connection time, visited websites) or on the hard drive, and then returned from the Internet browser to the server whenever access to this server is obtained by visiting the relevant website.
Our website uses only First Party Cookies; we do not use Third Party Cookies. Our website may use from time to time some or all of the following types of First Party Cookies:
Strictly Necessary Cookies
A Cookie falls into this category if it is essential to the operation of this website.
Analytics and Targeting Cookies
It is important for us to understand how users use the website, for example, how efficiently users are able to navigate around it, and what features they use. These Cookies enable us to gather this information, helping to improve the website and the users’ experience of it.
Functionality Cookies enable us to provide additional functions on the website, such as personalization and remembering saved preferences.
Any of the above types of cookies may be a persistent cookie. Persistent cookies are those which remain on the computer or device for a predetermined period and are activated each time the user visits the website. Any of the above types of cookies may be a session cookie. Session cookies are temporary and only remain on the computer or device until the browser is closed. Session cookies are deleted when the browser is closed. Cookies on our website are not permanent and will expire after expiration of 1 (one) month, except for the following Cookies:
(a) Cookies from the cookie address bar, which could be stored for a period of up to 3 years; and
(b) Cookies for the purposes of Google Analytics, which could be stored for a period of up to 2 years according to the functionalities, rules and policies of Google Analytics.
Every user may disable in his/her Internet browser the storing of cookies, as well as may delete the already stored cookies at any moment. Every user who wishes to proceed that way shall make the necessary changes in the settings of his/her browser and/or shall contact the browser’s provider for assistance.
We are not be liable and shall be held harmless in case that the Internet browser used by the user does not allow to control the enabling/disabling of cookies, their blocking or the deletion of already stored cookies. If the user disables the cookies or deletes the already stored ones, then it is possible that the normal functioning of the website is technically disrupted for that user.
How long we will keep your information / personal data
We keep your information / personal data in line with our data retention policy and the applicable laws. We comply with the principle of storing data only for the time necessary for completing the purpose for which such data has been collected, unless the applicable laws require a longer storage period for such data. We will normally keep correspondence on inquiries made by you or other correspondence between us for a period of six months after the correspondence has ceased. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes such as for dealing with inquiries.
We may need to retain your information / personal data for a longer period where we need such information / personal data to comply with regulatory or legal requirements or where we may need it for our legitimate purposes, e.g. to help us respond to inquiries or complaints, fighting fraud, fighting money laundering, fighting terrorism financing and financial crime, responding to requests from regulators, etc. If we do not need to retain information for this period of time, we may destroy, delete or anonymize it more promptly.
Transferring your information / personal data overseas
Your information / personal data may be transferred to or stored in Israel. Please note that the European Commission has recognized Israel as providing adequate personal data protection in accordance with the GDPR (Decision of 31 January 2011 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by the State of Israel with regard to automated processing of personal data). Your information / personal data will not be transferred to or stored in other locations outside the European Economic Area (EEA).
You have a number of rights in relation to the information / personal data that we process about you. These rights include:
the right to access information / personal data we hold about you and to obtain information about how we process it;
when the processing is based on your consent, the right to withdraw your consent to our processing of your information / personal data, which you can do at any time. The withdrawal is without prejudice to the legitimacy of the processing prior to such withdrawal. We may continue to process your information / personal data if we have another legitimate reason for doing so;
in some circumstances, the right to receive certain information / personal data you have provided to us in an electronic format and / or request that we transmit it to a third party;
the right to request that we rectify your information if it is inaccurate or incomplete;
in some circumstances, the right to request that we erase your information. We may continue to retain your information if we are entitled or required to retain it;
the right to object to, and to request that we restrict, our processing of your information / personal data in some circumstances. Again, there may be situations where you object to, or ask us to restrict, our processing of your information but we are entitled to continue processing your information / personal data;
the right to data portability under the conditions provided for in the GDPR.
You can exercise your rights by contacting us using the contacts section of this website.
We may refuse to grant requests for exercising of rights on a grounds provided for in the GDPR and/or the Bulgarian Personal Data Protection Act, including in case of unreasonably repeating requests, requests that require disproportionate efforts and/or costs for us, as well as when the respective request is manifestly unfounded or when such request puts in danger or breaches the confidentiality and rights of others.
You also have the right to file a complaint to the Bulgarian Commission for Personal Data Protection, or to the data protection regulator in the country where you live or work.
The contact details of the Bulgarian Commission for Personal Data Protection are listed below:
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
Telephone: 00359 2 915 3519
How we keep your information and personal data secure
We use a range of technical measures to keep your information and personal safe and secure which may include login interface, 3D secure authentication, encryption and other forms of security.
All our representatives and employees, as well as all our partners, are obliged to keep confidentiality as well as to apply strictly the applicable laws in the field of personal data protection.
When users submit an inquiry, claim, complaint, appeal or other signal to us, we may provide the personal data of such users to: our managing directors and our staff; external consultants with regard to protection of our legitimate interests; public authorities in case of exercising of their functions as well as for the purposes of the respective procedures before such authorities. In the cases where we provide personal data to third parties, we apply mechanisms, including contractual ones, which guarantee that such data is processed and protected in compliance with the applicable data protection laws.
If you would like further information on anything we have said in this Privacy Notice, you may contact us using the contact details listed in the contacts section of this website. This Privacy Notice may be updated from time to time without prior notice, and you will always be able to find the most recent version on this site.