PRIVACY AND DATA USE POLICY
This document aims explains the investors in our Crowdfunding Platform - individuals , respectively the representatives of investors - legal entities, how Spoti Finance AD (" we ", " us ", " our "), while carrying out our activity as a Crowdfunding Platform Operator, collects, uses or shares the personal data you have provided us with or that we have otherwise received or created, and that are relating to you. It is advisable to take the time to carefully read this document, as well as to review it periodically, because we may change it from time to time.
By registering on the Crowdfunding Platform at www.spotifinance.com (the “ Platform ”) or submiting an Offer for participation in a crowdfunding project when you have already registered in the Platform, you provide us with certain information about yourself - such as names , phone, email, etc. According to the legislation (including Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, in force since 25 May 2018 (" the Regulation ") such information is your personal data and you are its data subject. In turn, we are the controller of your personal data. For more information identifying us as a controller and our contact details, please see below.
This document will provide you with answers to the following:
HOW DO WE PROTECT AND SAFEGUARD YOUR PERSONAL DATA?
By contacting us via the website of our Platform to register, request participation in a Crowdfunding project, ask questions or claim your rights, we may receive directly from you or ask you to provide us with certain information for yourself.
The personal data relating to you that we collect to provide services for the use of the Platform may include:
We collect certain personal information about you and you as representatives of investors - legal entities : names; position in the organization you work for; phone and email (for contact); your personal identification number, etc. For example, we collect personal data directly from you when you provide it to us to register and submit an offer for participation on behalf of the legal entity you represent, as well as from public sources, such as the trade register or other public register to verify your representative powers. We may also receive your personal data from your employer or colleagues, for example when you have been designated as a contact person for the purpose of executing a contract with us.
We do not collect any personal data related to your health and we do not collect any other sensitive personal data (including personal data revealing racial or ethnic origin, political opinion, religious or philosophical beliefs or trade union membership, genetic data, biometric data for the sole purpose of identifying an individual, data on the sexual life or sexual orientation of the individual).
When we process your personal data for the purposes of carrying out our activities as a Platform Operator and for regulatory compliance, such processing is mandatory to fulfill these obligations. Without this data, we would not be able to provide the relevant services. For example, if you do not provide us with your name and personal identification number and identity document details, we would not be able to accept your offer for participation in the project. Upon collecting your personal data for other purposes, we will inform you whether the provision of data is necessary and what are the consequences if you refuse to provide them.
Legal ground for processing data:
We use your personal information for one or more of the following purposes :
In carrying out our activities we need to share your personal data with some of the following persons:
In all cases, we enter into written agreements with the merchants we work with, requiring them to take the necessary measures to ensure the protection of your personal data. We will disclose to these contractors only information they need to provide us with the agreed services, without allowing them to use your information for their own purposes. We will not provide your personal information to third parties to send you unsolicited marketing messages unless you have given the necessary consent. In the event that you receive unsolicited commercial communications from the merchants we work with, please let us know at the contact address or email listed at the end of this document.
We will not transfer your personal data to other persons in another Member State or third country or to international organizations.
We have in place an internal policy determining the period we store your personal information. It is based on (a) the type of information we collect and (b) the purposes for which we collect it. Generally, we store your personal data for no longer than necessary for the purposes for which it was collected and for any other permissible and related purpose or until the expiry of a legally specified period (eg for storage and processing of accounting data and for tax control - 11 years). It is in our legitimate interest to retain certain personal data until the expiration of the limitation period for filing claims (5 years) after expiration or termination of the contract signed between us. Please note that we will not delete or anonymize your personal data if it is required for a pending court or administrative proceedings or if you have lodged a claim against us.
We value and take the protection of personal data we collect and store very seriously.
We have implemented physical, electronic, and organizational measures appropriate to the sensitive nature of data we store to help protect and safeguard your personal data from unauthorized access, use, or disclosure. For example, we use SSL encryption to keep internet connection secure, we have installed firewalls and antivirus programs, access control tools, segregation of duties, etc. We have put in place data protection policies and procedures. We require our providers and partners who have access to your personal data to use appropriate measures to ensure the protection and confidentiality of your personal data. However, you should be aware that you are also responsible for safeguarding your personal information that you transmit to us over the Internet. Unfortunately, the transmission of information over the Internet or by telephone may not be completely secure, despite the measures we have implemented. Therefore, please note that the transmission of your personal information via the Internet or by telephone is at your own risk.
Subject to the Regulation and other applicable legislation, you have certain rights to your personal data processed by us. Occasionally, certain rights may arise and be exercised only upon existence of specific lawful basis for the processing personal data; other rights you have are subject to certain restrictions and exceptions under the law. In order to exercise your rights or ask questions, you should send your request to the email or contact address below.
As provided for in the applicable legislation, you have the following rights :
You have the right to access that data and you may request confirmation as to whether or not personal data concerning you are being processed, the categories of personal data concerned, the purposes of the processing, the recipients to whom we have disclosed them, etc. If you require, we will provide you with a free copy of the personal data undergoing processing. For any further copies requested by you, we may charge a reasonable fee based on administrative costs. Where you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.
If we do not process your personal data, we will notify you. If we reject your request for a copy of the data, we will set out the reasons for this decision.
The right to access should not adversely affect the rights or freedoms of others, including trade secrets or intellectual property, and in particular the copyright protecting the software. In the event that we consider that there is a reason to anticipate such a negative impact, we may reasonably limit some of the information we will provide to you to avoid it.
Where we process a large quantity of information concerning you, we may request that, before the information is delivered, you specify the information or processing activities to which the request relates This will help us to navigate better and faster, and you will get the data you need sooner.
If you have objected to the processing of your personal data on the basis of a legitimate interest , we may refuse your request to object continue with the processing if we can prove we have compelling legitimate grounds for the processing that take precedence over your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
You can object to the processing of your personal data for direct marketing free of charge and at any time and we will stop processing them by a written statement delivered at our contact addresses and the email listed below in the How to Contact Us section or by returning a free SMS or email according to the instructions in the advertising marketing messages we sent.
When you want us to rectify your personal data, you may also want to communicate and rectification of your personal data to the third parties to whom they have been disclosed, except in cases unless this proves impossible or involves disproportionate effort.
You have the right to request the erasure of your personal data when your data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; when you withdraw your consent on which the processing is based and where there is no other legal ground for the processing; when you object to processing based on a legitimate interest and it does not take precedence over your rights, freedoms and interests; in unlawful processing without legal basis to do so or erasure of your personal data, we have to meet a legal obligation the law of the Republic of Bulgaria or the European Union. Under applicable law, we may be entitled to continue processing despite your request for erasure in order to comply with our legal obligations under the law of the Republic of Bulgaria or the European Union, which require the processing of your personal data or when they are required for the establishment, exercise or defence of legal claims.
In order to exercise the right to restrict processing, the following conditions must be met:
When the processing of your personal data has been restricted, we could still continue to process it in two cases:
The right to data portability exists and can be exercised only when the following two conditions are met : (1) the processing is carried out by automated means (i.e. this right does not apply to the processing of data in the form of paper files) and ( 2) in addition to being automated, the processing of your personal data is carried out on the basis of (a) your consent or (b) on a contract to which you are a party or on a requirement necessary to enter into a contract. You have the right to receive your personal data in a structured, commonly used and machine-readable forma or to have the personal data transmitted directly from one controller to another, where technically feasible.
You should know that when you exercise the right of portability , this does not lead to the erasure of your data from our systems. You will be able to continue to use our services even after the data transfer operation. The portability of the data also does not affect the initial retention period, which refers to the transmitted data. You can exercise your other rights, which are specified in the legislation and we have listed here, while we continue to process the data.
If you believe that we are in breach of applicable law, please contact us to clarify the matter. Of course, you also have the right to lodge a complaint immediately with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. The Bulgarian Data Protection Supervisory is the Personal Data Protection Commission, with address at 2, Tsvetan Lazarov Blvd., 1592 Sofia. You can also seek a judicial remedy.
How to claim your rights? To exercise your rights under the Regulation, you can write to us by e-mail or send us a letter by post to the contact address below.
Applications for exercising rights under Regulation are generally submitted in person or by a person expressly authorized by you. Where there are regulatory procedural rules in relation to the exercise of your rights (the Regulation, the Personal Data Protection Act, etc), they should also be complied with.
Respond to your inquiry We will respond to your inquiry in the manner you have made it - in writing on paper or in electronic form. Where you make the request by electronic means, and unless otherwise requested by you, the information shall be provided in a commonly used electronic form.
How soon will you receive an answer? Within one month of receiving your request, we will provide you with information about the actions we have taken on it. If necessary, this period may be extended by a further two months, considering the complexity and number of requests. If such an extension is necessary, we will notify you within one month of submitting your request, and we will communicate to you the reasons thereof.
Doubts about your identity . Where we have reasonable doubts concerning the identity of the natural person making the request referred, we may request the provision of additional information necessary to confirm the identity of the data subject. If we do not receive such information and are unable to identify the data subject, we may refuse to act on the request to exercise any of the rights set out herein.
Where a citizen makes requests to us which are manifestly unfounded or excessive, in particular because of their repetitive character, we may either: (a) charge a reasonable fee, taking into account the administrative costs of providing the information or communication or taking the requested action , or (b) refuse to take action on the request.
We will periodically update the information in response to the development of our business and the evolving legal requirements. We will notify you in the event that we wish or need to use your personal data for purposes and in a manner significantly different from what we have informed you and, if necessary, we will seek your consent.
We will notify you whenever we make any meaningful change to this policy through our website and, if possible, in another appropriate manner, so that you are always informed of changes to what personal data we collect, how we use them and under what circumstances we share them with others. You may be asked to read and accept these changes before accessing our website.
Your personal data controller is bul. Evlogi and Hristo Georgievi 111, SOFIA, BULGARIA . If you have any questions, request or demands, please contact us at the above address or the following contact details: firstname.lastname@example.org/+ 359 878 12 17 60