Administration of personal data
BMAP is a legitimate administrator of personal data, duly registered under the Bulgarian Law on Protection of Personal Data. BMAP is therefore obliged to exercise reasonable care to protect the personal data of the individuals and not to distribute, sell or provide to third parties the personal data, unless sharing data is required for the execution of BMAP’s services, by a competent authority, required by law or the individual has given his/her consent to BMAP.
Rights of individuals
1. Any individual shall be entitled to access to personal data related to him or her, which is stored and processed by BMAP. In the cases when the right of access granted to an individual may lead to disclosure of personal data of third parties as well, BMAP shall provide the relevant individual with access only to that part of the data that relates to himself or herself.
2. When exercising his or her right of access, the individual shall be entitled to request, at any time, from BMAP:
2.1. a confirmation as to whether or not data relating to him are being processed, information as to the purposes of such processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed;
2.2. communication to him, in an intelligible form, containing his or her personal data undergoing processing, and any available information as to their source;
2.3. information concerning the logic involved in any automatic processing of data concerning him, at least in case of automated decisions of BMAP.
3. BMAP shall provide above information free of charge.
4. In case the individual dies, his or her rights above may be exercised by his or her heirs.
5. An individual shall be entitled to require, at any time, from BMAP:
5.1. to remove, rectify or block his or her personal data the processing of which does not comply with the provisions of the applicable EU legislation;
5.2. notify any third parties to whom his or her personal data have been disclosed of any removal, rectification, or blocking carried out in compliance with paragraph (1), unless this is impossible or involves a disproportionate effort.
6. The right of access referred to above shall be exercised by submitting an application in writing to BMAP to the following address: Prostor Str., bl. 4, entrance A, 5th floor, 6400 Dimitrovgrad, Bulgaria.
7. The application may also be submitted in electronic form under the procedure laid down in the Bulgarian Electronic Document and Electronic Signature Act to the following email address: firstname.lastname@example.org.
8. The application shall be filed personally by the individual to whom such data relate or by his or her representative expressly authorised with a power of attorney certified by a notary public.
9. The application shall contain:
9.1. the name, address and other data necessary for identifying the respective individual;
9.2. statement of the request;
9.3. preferred form of provision of the information;
9.4. signature, date of submission of the application and mailing address.
In cases where the application is submitted by a duly authorized person, the application shall enclose the power of attorney certified by a notary public.
10. BMAP may provide the information as a statement orally or in writing, or in the form of a review of the data by the individual concerned or by his or her duly authorized representative.
11. Individuals may request copies of the personal data processed on a preferred carrier or electronically, unless this is prohibited by law.
12. BMAP or a person explicitly authorized by it shall consider the application and shall respond within 14 days from the submission thereof. This term may be reasonably extended by BMAP up to 30 days, where the collection of all requested data objectively requires a longer period and this would place a serious burden on the activities of BMAP.
13. Within 14 days, BMAP shall decide whether to provide full or partial information to the applicant, or to deny the provision thereof stating the reasons for such denial, respectively shall decide and take the relevant action / notify the third parties concerned within 14 days from the submission of the application or shall deny to take action stating the reasons for such denial.
14. BMAP shall notify the applicant in writing of its decision or denial within the relevant time limit. The notice shall be delivered personally against signature or by registered mail. If the application was received via email, the notification shall also be sent via email to the applicant. The absence of notification shall be deemed to constitute a denial.
15. BMAP shall deny access to personal data where such data do not exist or the provision thereof is prohibited by law. BMAP shall deny full or partial access to data to the individual to whom such data relate where such access would jeopardize defense or national security or the protection of classified information and this is stipulated in a special law.
16. The administrator shall refuse the transmission of data, fully or partially, to the individual to whom they relate in the cases where:
16.1. this would hinder the prevention or detection of criminal offences, their prosecution or the execution of criminal penalties;
16.2. this is necessary for protecting:
(a) the national security;
(b) the public order;
(c) the individual to whom the data relate.
17. BMAP shall not inform the individual to whom the data relate if this is explicitly indicated by the data provider.
18. The individual to whom such data relate shall be entitled:
18.1. to object to BMAP to the processing of his or her personal data on the basis of legitimate grounds; where such objection is justified, the personal data of the relevant individual may no longer be processed;
18.2. to object to the processing of his or her personal data for the purposes of direct marketing;
18.3. to be informed before his or her personal data are disclosed for the first time to third parties or used on their behalf for the purposes set out in subparagraph 18.2., and to be given the opportunity to object to such disclosure or use.
19. BMAP’s decision shall be inadmissible where:
19.1. it engenders legal effects or significantly affects the individual, and
19.2. it is based solely on automated processing of personal data designed to evaluate certain personal aspects of the individual.
20. Above rule shall not apply where the decision is:
20.1. taken in the course of the execution or performance of a contract, provided that the request for the execution or the performance of such contract lodged by the individual concerned has been satisfied, or provided that there are appropriate measures safeguarding his or her legitimate interests;
20.2. is regulated for in a law which also lays down measures to safeguard the individual’s legitimate interests.
21. The individual shall be entitled to request BMAP to review any decision made in breach of the provisions of paragraph 19.
Personal data collection and use
1. The Individual understands and accepts that the Software collects some personal data from its users.
2. The personal data is collected and used only for the purposes of providing the services by BMAP. The personal data collected is for the following purposes and using the following services:
a) Analytics – Google Analytics.
b) Contacting the User – Mailing List / Newsletter. Personal Data: Email. Intercom.
c) Handling payments – Braintree, Freshbooks, Paypal, BMAPs Accounting and Financial/Bank institutions. Personal Data: Various types of data.
d) Interaction with external social networks and platforms – Facebook Like button and social widgets, Twitter Tweet button and social widgets and Google+ +1 button and social widgets. Personal Data: Browsing and usage Data and Cookie.
e) Registration and authentication – Done through the Application. Personal Data: Email and Password.
f) Collaboration Platform – Moxtra. Personal Data: Email
3. By using the BMAP services the individual confirms to have provided voluntarily to BMAP any personal data and gives the permission to BMAP for collecting, processing and storage of personal data, as well as transfer of fractions of this data, when this is necessary for providing the services by BMAP or when it is demanded by applicable law.
4. The individual shall be responsible for entering somebody else’s personal data without due authorization.
5. The Individual shall be obliged to obtain the explicit agreement of all third parties, whose personal data is entered by the Individual or in any way affected by the use of the Software by the Individual, for gathering, processing and storage of their personal data (if any) and to perform the necessary registrations and other activities, in order to legally collect, process, and store such data (if such are required by law). The Individual is responsible for the way he collects, processes and stores the personal data of third parties, as well as for the consents and permissions the Individual gives on behalf of third parties.
6. The Individual agrees that BMAP may collect email addresses for authentication purposes and add them to BMAP mailing list to send updates about new releases and developments through BMAP monthly newsletter. If at any time the Individual or any of its employees would like to unsubscribe from receiving future emails, he or she must follow the instructions on how to unsubscribe at the bottom of BMAP emails.
7. The Individual agrees that BMAP may monitor and analyze cumulative, not individual behavior via the Web-site. BMAP may then use the cumulative data to improve the Website, the Software and the overall BMAP customer service.
9. Although BMAP will take all reasonable precautions to keep personal data safe and secure, BMAP shall not be liable for extraneous circumstances such as theft, communication errors or tampering.
10. The Individual agrees that BMAP will be free to change and integrate any services in the Software, including services provided by third parties. If such change or integration demands transfer of personal data to third parties, BMAP shall notify the administrator of the account (who shall be appointed and authorized by the Individual or his/her Employer) by showing a message within the Software. The administrator shall be given the opportunity to accept or deny the new service/functionality of the Software, as well as the transfer of personal data, if required. If the administrator accepts the new service/functionality and gives his/her consent for the transfer, it shall be considered that the Individual has given his consent for the transfer on behalf of all third parties, whose personal data is affected. Personal data shall be then transferred only after and if BMAP has received the consent of the Individual through his account administrator as described above. If the Individual objects to such transfer, the Individual shall not be able to use those new/integrated services/functionalities.
11. The Individual acknowledges that BMAP does not control the content, entered by the Individual and has no contact with any third parties, whose personal data the Individual may enter in the software. If the third party is not situated in the EU, the rules for personal data transfer shall also apply.
12. Even if the Individual has not objected initially to the transfer, the Individual may at all times inform in writing BMAP that he/she does not want his personal data to be transferred any more to third parties in case of new service integration and BMAP shall not transfer in the future such data after the date on which BMAP has received the communication from the Individual. However, if the Individual has initially accepted such transfer and has not later on informed BMAP in writing about his/her objection, it shall be considered that the Individual has given his consent for data transfers until the date of the objection. If the Individual objects to such transfer, the Individual shall not be able to use those new/integrated services/functionalities anymore.
13. If the Individual is using BMAP Software in his/her capacity of an employee or a contracting party, the Individual understands and agrees that BMAP is responsible for providing services to the Individual’s employer/contracting party. In this case the Individual agrees that it shall be the responsibility of his/her employer/contracting party to obtain all necessary consents for collection, use, storage and transfer of personal data from the Individual. That is why, if the Individual wishes that his/her data will not be collected, used, stored or transferred any more, the Individual shall inform his/her employer/contracting party.
Personal data transfer
1. The Individual understands and agrees that the Software hosting infrastructure is located in (US) East Coast Virginia or (EU) Ireland.
2. The Individual understands and agrees that at initial registration the Individual shall be automatically directed to the hosting infrastructure, located in the USA, outside the EU.
3. The Individual hereby gives his explicit and unambiguous consent that his data may be transferred and stored in the territory of the USA.
4. If the Individual shall enter or store any personal data, protected by the EU legislation (including but not limited to Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and any other applicable legislation), the Individual gives his unambiguous consent that such data may be transferred and stored on the territory of the USA.
5. The Individual shall be also responsible to obtain the unambiguous preliminary consent by any third parties, whose data the Individual may enter or store in the Software, that their data may be transferred and stored on the territory of the USA.
6. The Individual acknowledges that BMAP does not control the content, entered by the Individual, and has no knowledge that the Individual may enter third parties’ personal data in the Software, also BMAP has no contact with such third parties, whose personal data the Individual may enter in the Software. Therefore the Individual accepts that it shall be the Individual’s sole responsibility to take the necessary measures for protection of personal data, entered or stored by the Individual in the Software, according to applicable law.
7. The Individual understands that USA may be considered as a third country lacking adequate protection and shall be responsible for forwarding this information to any third parties, whose information the Individual may enter or store in the Software.
8. If the Individual wishes that his/her data will not be transferred and stored on the territory of the USA any more, the Individual shall inform BMAP and BMAP shall take the necessary steps to direct the hosting of the Individual to Ireland (EU). The Individual understands that such an amendment may cause temporary lack of service (for a period up to 24 hours) and BMAP shall not be liable for any damages or lost profits of the Individual during this period.
9. If the Individual is using BMAP Software in his/her capacity of an employee or a contracting party, the Individual understands and agrees that BMAP is responsible for providing services to the Individual’s employer/contracting party. In this case the Individual agrees that it shall be the responsibility of his/her employer/contracting party to obtain all necessary consents from the Individual, including for any transfers of personal data towards third parties and third countries. That is why, if the Individual wishes that his/her data will not be transferred and stored on the territory of the USA any more, the Individual shall inform his/her employer/contracting party.
10. If the Individual is using BMAP Software in his/her capacity of an employee or a contracting party, the Individual agrees that in this case his/her employer/contracting party shall be liable for any violation of Individual’s rights and the Individual shall hold BMAP harmless against any claims connected with personal data protection.
What if we change our policies?
Terms and Conditions