Facebook-f Youtube

Privacy Policy

PRIVACY POLICY AND PERSONAL DATA PROTECTION

This Privacy Policy has been prepared in accordance with the applicable Bulgarian legislation in the field of personal data protection and Regulation (GDPR) 2016/679 of the European Parliament and of the Council. Its purpose is to explain how and why “Digital Light Ltd.”, UIC 205414459, processes and protects your personal data when using the website “https://radushev.club” / “Radushev Club” (hereinafter referred to as “the Website”).

This Privacy Policy applies to your personal data if you are an individual or a representative of a legal entity that is our client. It explains what personal information we process when providing our services, for what purposes we use it, and what your rights are as a data subject.

PRINCIPLES

When collecting and processing personal data, we are guided by the following principles: lawfulness; fairness; transparency; purpose limitation; data minimization; accuracy and up-to-dateness; storage limitation in relation to the purposes pursued; confidentiality of processing; and security.

WHO PROCESSES AND IS RESPONSIBLE FOR YOUR PERSONAL DATA?

The controller of your personal data is: “DIGITAL LIGHT Ltd.”, a commercial company registered in the Commercial Register with the Registry Agency under UIC 205414459, which collects, processes, and stores your personal data under the terms of this Privacy Policy, binding corporate rules, and standard contractual clauses, pursuant to Commission Implementing Decision (EU) 2021/915 of 4 June 2021.

You may contact us at:
71 Saedinenie Str., Floor 2,
9700 Shumen, Bulgaria
Phone: +359 892 992 994
Email: [email protected]

Competent supervisory authority for personal data protection:
Commission for Personal Data Protection
Address: 2 Prof. Tsvetan Lazarov Blvd., 1592 Sofia, Bulgaria
Phone: +359 2 915 3 518
Website: www.cpdp.bg

LEGAL DEFINITIONS

The GDPR contains a total of 26 legal definitions, and it is not practical to include all of them in this policy. However, the more important terms are presented below:

“Personal Data”

Any information relating to an identified natural person or a natural person who can be identified (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“Processing”

Any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Personal Data Controller”

A natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

“Processor”

A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

“Third Party”

A natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons authorized to process the personal data under the direct authority of the controller or processor.

“Consent of the Data Subject”

Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which they signify agreement to the processing of personal data relating to them.

“Personal Data Breach”

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

“Profiling”

Any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, such as economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.

“Pseudonymisation”

The processing of personal data in such a manner that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such information is kept separately and subject to technical and organizational measures.

“Personal Data Register”

A set of data maintained and stored by the controller, regardless of the medium.

PERSONAL DATA SUBJECT TO COLLECTION

Depending on the specific purposes, “DIGITAL LIGHT Ltd.” processes the data listed below either individually or in combination.

Personal data provided directly by you when ordering a specific service through the online request form or making inquiries by phone or through the contact form on the website “https://radushev.club” / “Radushev Club”:

We do not knowingly collect personal information from persons under 18 years of age.

METHODS OF COLLECTING YOUR PERSONAL DATA

The collection and processing of your personal data is carried out in several ways: registration on the website; enrollment in free or paid courses and training programs; completing customer surveys; providing feedback on the website; sending messages through chat platforms or email; as well as when you use or browse the website through your browser cookies.

TYPES OF DATA, PURPOSES, AND LEGAL BASIS FOR PROCESSING

5.1 TYPES OF DATA

5.1.1

Personal data provided by you through explicit consent: names, telephone number, and email address. Consent is given in writing or upon creating an account/filling in a form requiring personal data.

5.1.2

Data collected when making payments to “DIGITAL LIGHT Ltd.”

5.1.3

IP address data when visiting our website. This data is collected for security improvement and assurance purposes, as well as for statistical analysis and research.

5.1.4

When connecting your Facebook or Google account or other third-party services (where such functionality is available), we receive information from those profiles (for example, friends or contacts). The information received depends on the settings and privacy policies of those services, therefore each user should review them carefully.

5.1.5

Your name and email address may be used in the provision of various services, including sending commercial messages and direct marketing communications, provided that you have given additional consent.

5.2 PURPOSES OF PROCESSING PERSONAL DATA

In fulfillment of its legal obligations and depending on the specific purposes, “DIGITAL LIGHT Ltd.” processes the data listed below individually or in combination for the following purposes:

5.2.1

Issuing accounting documents;

5.2.2

Carrying out tax and social security control by competent authorities;

5.2.3

Providing information to the Commission for Personal Data Protection in relation to obligations under personal data protection legislation – the Personal Data Protection Act, Regulation (EU) 2016/679 of 27 April 2016, etc.;

5.2.4

Compliance with obligations under the Accounting Act, the Tax and Social Security Procedure Code, and other related legal acts concerning proper and lawful accounting practices;

5.2.5

Providing information regarding customers and their purchases and/or services used upon request/inquiry/inspection by competent authorities;

5.2.6

Technical assistance for creating accounts and recovering forgotten passwords for access to our website;

5.2.7

Providing information and special offers for services we believe may interest you via email, text message in mobile/internet applications, or telephone calls;

5.2.8

Identification of users upon website registration and/or enrollment in services and/or courses;

5.2.9

Updating your personal data or information related to provided services;

5.2.10

Carrying out direct marketing activities by sending offers, invitations, and information about products and services, after obtaining your explicit consent, through electronic communication channels (such as email, SMS, etc.), including marketing activities conducted through the website (such as advertising banners) by “https://radushev.club” and companies within the corporate group to which “DIGITAL LIGHT Ltd.” belongs.

The Controller processes automatically collected data when visiting the website for the following purposes:

The Controller will not process personal data for purposes other than those specified above.

TRANSFER OF PERSONAL DATA TO THIRD PARTIES

“DIGITAL LIGHT Ltd.” has the right, at its discretion, to provide information to other personal data processors for the fulfillment of the processing purposes and in compliance with the requirements of the Regulation. Where explicit consent has been given, the personal data you provide may be shared with partners — companies within the group of companies to which “DIGITAL LIGHT Ltd.” belongs, whose activities include the creation and distribution of educational products and services, provided that they comply with this Privacy Policy regarding the processing and protection of personal data.

For the purposes of fulfilling a concluded contract or for another reason, a situation may arise in which you assign us to process data of a third party. In such a case, we will act as the personal data processor.

DATA SECURITY

In order to prevent unauthorized access, maintain data accuracy, and ensure the proper use of data, we implement reasonable and adequate physical, IT, and organizational security measures for the effective protection of all personal data processed by us. The information you provide through the online platforms will subsequently be transmitted in encrypted form, and the SSL (Secure Socket Layer) protocol is used to prevent misuse of data by third parties. You can identify this by the closed padlock symbol appearing in your browser’s status bar and by the URL beginning with “https”.

In order to improve the measures set out in this Personal Data Protection Policy, we will make every effort to ensure the accuracy, completeness, timeliness, and relevance of the data for the intended use, and any changes will be described in the updated version and will take effect after users of the website have been notified by email.

“DIGITAL LIGHT Ltd.” will periodically test and review the effectiveness of the data protection measures against risks of loss, misuse, unauthorized access, disclosure, alteration, or deletion/destruction without authorization.

The organizational measures undertaken by our organization to ensure the security of the processing of your personal data include the implementation of a procedure for training our own employees and the persons authorized by the Controller, as well as their employees, for the purposes of complying with the GDPR rules and understanding their importance. If personal data is transferred by the Controller to persons authorized by it or to employees, this is carried out under lawful security conditions that meet the necessary safeguards.

Where we, in our capacity as Controller, cooperate with another controller in the processing of personal data, we ensure that an agreement on the processing of personal data is concluded legally and transparently, the content of which explains in detail the disclosure of personal data to the other controller, and all of this is carried out under conditions that guarantee the protection of the processing of your personal data.

We store your data on our own server purchased from Plesk, which is protected by multiple proven methods. CloudFlare is responsible for data transmission; it does not have direct access to your personal data and only carries out its transmission by means of encryption. Data Processing Agreement for the processing of your personal data through CloudFlare: https://www.cloudflare.com/cloudflare-customer-dpa/. Data Processing Agreement for the processing of your personal data through Plesk: https://central.plesk.com/legal/privacy-policy/.

PROCESSING PERIOD

The duration of storage of your personal data depends on the purposes of processing for which it was collected:

Personal data processed for the purpose of completed purchases and requested services is stored and processed for as long as it is needed in view of achieving the purposes or fulfilling the last service requested by you, as well as for 5 years thereafter in view of the legitimate interests of the Controller. Where a legal act provides for a longer data retention period, we store the data in accordance with that period.

Personal data processed for the purpose of issuing accounting/financial documents for the implementation of tax and social security control, including but not limited to invoices, debit notes, and credit notes, is stored for at least 5 years after the expiration of the limitation period for the extinguishment of the public claim, unless the applicable legislation provides for a longer period.

YOUR RIGHTS

9.1 Right of Access

As a data subject, you have the right to obtain access to the data and the following information:

1.1 the purposes of the processing;

1.2 the relevant categories of personal data;

1.3 the recipients or categories of recipients to whom your personal data has been or will be disclosed.

For this purpose, you may contact us at the email address: [email protected].

9.2 Right to Withdraw Consent

If you have given your consent to the use of data on legal grounds based on your consent, you may withdraw it at any time without stating reasons. For this purpose, it is sufficient to send an email to [email protected]. This will not affect the processing of your data up to that moment, which will remain a lawful and valid process.

9.3 Right to Rectification

You have the right to request that the Controller correct inaccurate personal data relating to you. Taking into account the purposes of the processing, you have the right to request that incomplete personal data be completed, including by means of providing a supplementary statement.

9.4 Right to Erasure

You have the right to obtain from “DIGITAL LIGHT Ltd.” the erasure of your data, which may be exercised under certain circumstances provided for by applicable legislation, including:

The erasure of your personal data may be carried out at any time upon request, using the methods already specified or our general contact details for each project/service. Usually, your data is deleted immediately, but no later than one month after the request to exercise this right. If erasure conflicts with obligations to retain data established by law, contract, or regulations, respectively for commercial or other legal reasons, your data may only be blocked instead of deleted. If this is the case with your customer account, you will receive a notification from us in this regard. After your data has been deleted, it will no longer be possible for you to receive information.

9.5 Right to Object

You have the right to object to the processing of data under the conditions and in the cases provided for by applicable legislation (situations including, for example, data processing for direct marketing purposes), at any time and without stating reasons. In addition, we inform you that if you refuse all data processing operations, the performance of the contract regarding the services used and the development of customer programs may be limited or may no longer be possible. Therefore, we ask you to carefully consider such requests before submitting them.

9.6 Right to Lodge a Complaint

As a data subject, in the event of a violation of your rights, you have the right to refer the matter to the Commission for Personal Data Protection, in its capacity as the national supervisory authority for the processing of personal data, within 6 months of becoming aware of the violation, but no later than two years from the date of its occurrence.

QUESTIONS REGARDING DATA PROTECTION

Questions related to all data processing may be addressed to us at any time at: 71 Saedinenie Str., Floor 2, 9700 Shumen, Bulgaria, by phone at +359 892 992 994, or by email at [email protected].

This Privacy Policy may be updated and supplemented without prior notice in the event of updates to legislation or changes to our personal data processing policy. The new update will take effect from the date of the latest change indicated at the top of the Privacy Policy. Use of the website after the publication of the update means that you agree to the changes made.