Privacy policy
Privacy policy
Amended: 15th of September, 2022 The site ghost.bg is a web-based information page owned and supervised by SHOGT OOD (referred to as “SHOGT”, “us”, and “we” below). We are committed to protecting your privacy. This privacy policy (this “Policy”) sets out how we collect and process personal information about you when you visit our website at https://ghost.bg/ (referred to as “the website” below).
1. What information we collect
SHOGT can collect personal data from you when such is provided via direct contact with us.
You have at your disposal choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide your personal data, we may not be able to fulfil your request.
2. What do we use your information for?
We use the data we collect to operate our website and to make it available to you. We may use the data to communicate with you. We may also use the data to improve the relevance and security of our website and respond to client enquiries.
3. How do we protect your information?
We implement a variety of security measures to maintain the safety of your personal information. We use a secure server, Secure Socket Layer (SSL) technology and encrypt the data into our gateway providers’ database only to be accessible by those authorised with access rights to such systems and are required to keep the information confidential.
4. How do we ensure that our processing systems remain confidential, resilient, and available?
We implement a variety of measures to ensure that our processing systems remain confidential, resilient and available. Specifically, we have implemented processes to help ensure high availability, business continuity and prompt disaster recovery. We commit to maintaining strong physical and logical access controls.
The website utilises properly provisioned servers (e.g., multiple load balancers, web servers, replica databases) in case of failure. We take servers out of operation as part of regular maintenance without impacting availability. We keep encrypted backups of data. In the case of data loss (i.e., primary database loss), we will restore organisational data from these backups. Only designated, authorised operations team members have access to configure the infrastructure on an as-needed basis.
5. Do we use cookies?
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your web browser, which enables the site or service provider’s systems to recognise your browser and capture and remember certain information. You can choose to disable cookies, but if you do, your ability to use or access certain parts of the website may be affected. As of the current revision of this Policy, the website does not use cookies.
6. Links to Other Sites
Our website may contain links to other websites. If you click on a third-party link, you will be directed to that site. Note that these external websites are not operated by us. Therefore, we strongly advise you to review the Privacy Policy of these websites. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.
7. Your rights as a data subject
You have certain guaranteed rights under applicable legislation, and in particular under Regulation EU 2016/679 (General Data Protection Regulation or “GDPR”). You can learn more about the GDPR and your rights by accessing the European Commission’s website.
Right Information and access
You have a right to be informed about the processing of your personal data (and if you did not give it to us, information as to the source), and this Privacy Policy intends to provide the information. Of course, if you have any further questions feel free to contact us.
Right to rectification
You have the right to have any inaccurate personal information about you rectified and to have any incomplete personal information about you completed. You may also request that we restrict the processing of that information. The accuracy of your information is important to us. Contact us if you do not want us to use your personal information in the manner set out in this Privacy Policy, need to advise us of any changes to your personal information, or would like more information about how we collect and use your personal information.
Right to erasure (Right to be ‘forgotten’)
You have the general right to request the erasure of your personal information in the following circumstances: the personal information is no longer necessary for the purpose for which it was collected; you withdraw your consent to consent-based processing, and no other legal justification for processing applies; you object to processing for direct marketing purposes; we unlawfully processed your personal information; erasure is required to comply with a legal obligation that applies to us.
We will proceed to comply with an erasure request without delay unless continued retention is necessary for: exercising the right of freedom of expression and information; complying with a legal obligation under EU or other applicable law; the performance of a task carried out in the public interest; archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; the establishment, exercise, or defence of legal claims.
Right to restrict processing and right to object to processing
You have a right to restrict the processing of your personal information, such as where:
you contest the accuracy of the personal information; where processing is unlawful, you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed personal information;
we no longer need to process your personal information but need to retain your information for the establishment, exercise, or defence of legal claims. You also have the right to object to processing your personal information under certain circumstances, such as where the processing is based on your consent, and you withdraw that consent.
Right to data portability
Where the legal basis for our processing is your consent, or the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract, you have a right to receive the personal information you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another administrator.
Right to freedom from automated decision-making
We do not use automated decision-making, but where any automated decision-making takes place, you have the right in this case to express your point of view and to contest the decision, as well as request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
Right to object to direct marketing (‘opting out’)
You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes unless you have a business relationship with us or you have freely given your prior consent (such as when you sign-up for our newsletter).
Right to request access
You also have a right to access the information we process about you. We will provide you with details of your personal information that we hold or process. To protect your personal information, we follow set storage and disclosure procedures, which means we will require proof of identity from you prior to disclosing such information. You can exercise this right at any time by contacting us.
Right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time by contacting us.
Right to object about how we process your personal data
If you wish to object to how we process your personal data, you can submit a written objection, and we will investigate the matter.
You also have the right to submit a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place if that is based in the EU or EEA.
Right to submit a complaint
In case of an alleged violation of the laws applicable to personal data protection, you can file a complaint to the Lead Supervisory Authority for personal data protection, which is the Bulgarian Commission for Personal Data Protection (CPDP) - https://www.cpdp.bg/en/index.php?p=home&aid=0.
Bulgarian Commission for Personal Data Protection:
Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Republic of Bulgaria Е-mail: kzld@cpdp.bg Telephone number for complaints, signals and questions: +359/2/91-53-519.
8. Data Retention
We may retain your personal data for as long as is necessary to fulfil the purposes outlined in this Policy. We may retain personal information for an additional period as is permitted or required under applicable laws, for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes.
9. Changes to our Privacy Policy
We will update and amend this Policy when necessary to reflect changes to our website and business model. When we post changes to this Privacy policy, we will revise the “Amended” date at the top of the Policy. We encourage you to review this Privacy policy periodically.
- Contact Us
If you have a privacy concern, inquiry, request or objection, please do not hesitate to contact us.
We will respond to inquiries, requests or objections within 30 days. Unless otherwise stated, SHOGT is a data controller for personal data we collect through the website subject to this Privacy policy.