PRIVACY POLICY

 

  1. INTRODUCTION

 

Welcome to https://www.opsystems.bg ("the Website" or "the Website"), which has been developed for the benefit of and on behalf of OP SYSTEMS Ltd, with UIC: 204112283, registered office and registered address. with registered office and registered address at 3 Mladost Blvd. 384, inc. 1, floor 2, app. 1, contact phone.

BY USING THIS WEBSITE YOU AGREE TO THE TERMS AND CONDITIONS REGARDING THE COLLECTION, USE AND DISCLOSURE OF YOUR PERSONAL INFORMATION IN ACCORDANCE WITH THIS PRIVACY POLICY.

PLEASE READ THIS PRIVACY POLICY CAREFULLY BEFORE USING THIS WEBSITE AND IF YOU HAVE ANY QUESTIONS ABOUT THIS PRIVACY POLICY, PLEASE CONTACT US ON 02/4442626 OR AT OFFICE@OPSYSTEMS.BG IF YOU DO NOT AGREE WITH ANY OF THE TERMS CONTAINED IN THIS PRIVACY POLICY, YOU MUST NOT USE THIS WEBSITE.

 

PERSONAL DATA CONTROLLER

 

"OP SYSTEMS" Ltd (hereinafter referred to as the "Administrator") is a Limited Liability Company, with UIC: 204112283, with registered office and management address. Registered office and registered address: Sofia, Sofia, Sofia with registered office and registered address: Sofia City Council, Mladost 3, bl. 384, entry. 1, fl. 2, app. 1, contact telephone.

SUPERVISORY AUTHORITY:

 

Data Protection Commission

Address: Sofia, p.k. 1592, Sofia Blvd. "Proff. Tsvetan Lazarov" 2

Contact details: 02/915 35 18; 02/915 35 15; 02/915 35 19;  kzld@cpdp.bgwww.cpdp.bg

 

  1. OBJECTIVES AND SCOPE OF THE PRIVACY POLICY

 

1.1 The controller understands the privacy concerns of visitors to this website and is committed to protecting their personal data by applying all data protection standards under Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. With this Privacy Policy, the Controller respects the privacy of natural persons and makes all reasonable efforts to protect the personal data of natural persons against unlawful processing by implementing technical and organisational measures to safeguard personal data, which measures are fully in line with modern technological developments and ensure a level of protection that is appropriate to the risks associated with the processing and the nature of the data to be protected.

 

1.2 With this Privacy Policy and in compliance with the requirements of Regulation (EU) 2016/679, the Controller provides information about:

- the objectives and scope of the privacy policy;

- personal data collected and processed by the Controller;

- the purposes of the processing of personal data;

- storage period of personal data;

- the mandatory and voluntary nature of the provision of personal data;

- processing of personal data;

- data protection;

- the recipients or categories of recipients to whom the data may be disclosed;

- rights of individuals;

- procedure for the exercise of rights;

- right to object;

- buttons, tools and content from other companies;

- privacy policy changes.

III. DEFINITIONS

 

2.1 For the purposes of Regulation (EU) 2016/679 and this Policy, the following terms have the following meanings:

  1. Personal data means any information relating to an identified natural person or an identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
  2. Processing of personal data means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automatic means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  3. Restriction of processingmeans marking stored personal data in order to restrict its processing in the future.
  4. Profilingmeans any form of automated processing of personal data consisting in the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to the performance of that natural person's professional duties, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
  5. Administratormeans a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its determination may be laid down in Union or Member State law.
  6. Processor of personal datameans a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
  7. Recipientmeans the natural or legal person, public authority, agency or other body to whom the personal data are disclosed, whether or not it is a third party. At the same time, public authorities which may receive personal data in the framework of a specific investigation in accordance with Union or Member State law shall not be considered as 'recipients'; the processing of those data by those public authorities shall comply with the applicable data protection rules according to the purposes of the processing.
  8. Third countrymeans a natural or legal person, public authority, agency or any other body other than the data subject, the controller, the processor and the persons who, under the direct authority of the controller or the processor, are entitled to process the personal data.
  9. Consent of the data subjectmeans any freely given, specific, informed and unambiguous indication of the data subject's wishes, by means of a statement or a clear affirmative action, which indicates his or her consent to the processing of personal data relating to him or her.
  10. Personal data breachmeans a breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data that is transmitted, stored or otherwise processed.

 

  1. PRINCIPLES FOR PROCESSING PERSONAL DATA

 

3.1 The controller shall follow the following principles when processing personal data about individuals, namely:

  • Personal data are processed lawfully, fairly and in a transparent manner in relation to the data subject ("lawfulness, fairness and transparency");
  • Personal data is collected for specific, explicit and legitimate purposes and is not further processed in a way incompatible with those purposes;
  • The personal data shall be relevant, related to and limited to what is necessary in relation to the purposes for which they are processed ("data minimisation");
  • Personal data is accurate and kept up to date where necessary ("accuracy");
  • The personal data shall be kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed ("storage limitation");
  • Personal data shall be processed in a manner that ensures an adequate level of security of personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, implementing appropriate technical or organisational measures ("integrity and confidentiality").

 

  1. PERSONAL DATA COLLECTED AND PROCESSED BY THE CONTROLLER

 

А. Processing of special categories of personal data ('sensitive data')

 

4.1 The controller shall not collect or process special categories of personal data, such as: personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, genetic data, biometric data for the sole purpose of identifying an individual, data concerning health or data concerning an individual's sex life or sexual orientation. Individuals must not provide such sensitive data to the Controller. In the event that an individual intentionally provides sensitive data to the Controller, the Controller shall promptly delete it.

 

Б. Personal data collected directly from individuals

 

Personal data collected directly from individuals when individuals contact the Controller by telephone

 

5.1 Individuals provide personal data to the Controller when they contact the Controller by telephone. The telephone number for contacting the Controller is provided in the Controller's identification details in this Privacy Policy and, in addition, at the top and bottom right of the website and in the "Contact" menu where the contact details for the Controller are provided. When the individual contacts the Administrator by telephone, the Administrator collects and processes only the name and telephone number of the individual and, in some cases, the e-mail address of the individual. These data are processed for the purpose of communicating with the individual. The processing of this personal data is necessary:

- for the realisation of the legitimate interests of the Controller, which legitimate interests are answering calls received and sending emails in connection with enquiries received by telephone.

- for actions preceding the conclusion of a contract and undertaken at the request of the natural person, namely providing more information the goods and services offered by the Administrator in connection with the possible conclusion of a contract with the natural person.

The Administrator uses the services of a telephone service provider located in the Republic of Bulgaria.

Personal data collected directly from individuals when the individuals contact the Administrator through the contact form on the website to contact the Administrator

 

5.2 Individuals provide personal data to the Administrator when they contact the Administrator by sending a message using the contact form on the Administrator's website, located at: https://www.opsystems.bg/contact. When the individual sends a message to the Administrator using the contact form, the Administrator collects and processes the individual's name, e-mail address, and other information that the individual provides in the message, such as address. This data is processed for the purposes of communication with the individual and record keeping. The processing of this personal data is necessary:

- for the realisation of the legitimate interests of the Controller, which legitimate interests are sending a reply to the received messages and also keeping the received messages.

- for actions preceding the conclusion of a contract and undertaken at the request of the natural person, namely providing more information the goods and services offered by the Administrator in connection with the possible conclusion of a contract with the natural person.

The administrator uses the services of an e-mail service provider to store the received e-mails on the provider's server, which server is located in the Republic of Bulgaria.

Personal data collected directly from individuals when individuals contact the Controller by e-mail

 

5.3 Individuals provide personal data to the Controller when they contact the Controller by email. The Administrator's e-mail address is provided in the Administrator's identification details in this Privacy Policy, as well as in the "Contact" menu where the Administrator's contact details are provided. When the person sends an e-mail to the Administrator, the Administrator collects and processes the e-mail address as well as other information that the person provides in the e-mail sent, such as name, telephone number, address. This data is processed for the purposes of communication with the individual and record keeping. The processing of this personal data is necessary:

- for the realisation of the legitimate interests of the Controller, which legitimate interests are sending a reply to the received messages and also keeping the received messages.

- for actions preceding the conclusion of a contract and undertaken at the request of the natural person, namely providing more information the goods and services offered by the Administrator in connection with the possible conclusion of a contract with the natural person.

The administrator uses the services of an e-mail service provider to store the received e-mails on the provider's server, which server is located in the Republic of Bulgaria.

Personal data collected directly from individuals when individuals contact the Controller by sending a message using the Facebook platform

 

5.4 Individuals provide personal data to the Controller when they contact the Controller by sending a message using the Facebook platform via the Facebook messaging service, accessible via the Controller's Facebook page at: https://www.facebook.com/opsystems.bg. When the individual sends a message to the Controller using the Facebook platform via the Facebook messaging service, the Controller collects and processes the name of the individual as well as the other information that the individual provides in the message sent. This data is processed for the purposes of communication with the individual and record keeping. The processing of this personal data is necessary for the realization of the legitimate interests of the Controller, which legitimate interests are sending a reply to the received messages and also saving the received messages. The Controller uses the services of Facebook, an independent service provider located in the USA, to receive messages via the Facebook platform. This means that the personal data provided will be stored on Facebook's servers in the USA. For the transfer of this personal data outside the European Economic Area, appropriate safeguards must be provided in accordance with Article 46 of Regulation (EU) 2016/679. Facebook certifies that it complies with the principles of the "EU-US Privacy Shield". Facebook has its own Privacy Policy and individuals are advised to familiarise themselves with it to obtain more information. Facebook's Privacy Policy is published at the following address: https://www.facebook.com/policy.php

Personal data collected directly from individuals when individuals contact the Controller by sending a message using the Instagram platform

5.5 Individuals provide personal data to the Controller when they contact the Controller by sending a message using the Instagram platform via the Instagram messaging service accessible via the Controller's Instgram page at: https://www.instagram.com/opsystems. When the individual sends a message to the Administrator through the use of the Instagram platform via the Instagram messaging service, the Administrator collects and processes the individual's name as well as the other information the individual provides in the message sent. This data is processed for the purpose of communicating with the individual. The processing of this personal data is necessary for the realization of the legitimate interests of the Controller, which legitimate interests are sending a reply to the messages received and also saving the messages received. The Controller uses the services of Instagram, an independent service provider located in the United States, to receive messages via the Instagram platform. This means that the personal data provided will be stored on Instagram's servers in the USA. For the transfer of this personal data outside the European Economic Area, appropriate safeguards should be provided in accordance with Article 46 of Regulation (EU) 2016/679, as Instagram provides and requests in detail in its Privacy Policy. Instagram's Privacy Policy is published at the following address: https://help.instagram.com/519522125107875

Personal data collected directly from individuals when individuals contact the Controller by sending a message using the Linkedin platform

5.6 Individuals provide personal data to the Administrator when they contact the Administrator by sending a message using the Linkedin platform through the Linkedin messaging service, accessible through the Administrator's Linkedin page at: https://www.linkedin.com/company/op-systems-ltd. When an individual sends a message to the Administrator using the Linkedin platform through the Linkedin messaging service, the Administrator collects and processes the individual's name as well as other information that the individual provides in the message. This data is processed for the purpose of communicating with the individual. The processing of this personal data is necessary for the realization of the legitimate interests of the Controller, which legitimate interests are sending a reply to the messages received and also saving the messages received. The Controller uses the services of Linkedin, an independent service provider located in the United States, to receive messages via the Linkedin platform. This means that the personal data provided will be stored on Linkedin's servers in the USA. For the transfer of this personal data outside the European Economic Area, appropriate safeguards should be provided in accordance with Article 46 of Regulation (EU) 2016/679, which Linkedin provides and requests in detail in its Privacy Policy. Instagram's Privacy Policy is published at: https://www.linkedin.com/legal/privacy-policy.

 

В. Personal data of individuals provided by third parties

 

6.1 The controller does not normally receive personal data about individuals from third parties. However, in some cases, if the Controller has reasonable grounds to suspect that an individual is infringing intellectual property rights and other similar cases, then the Controller has the right to obtain personal data of the suspected individual from public records, such as: the Trade Register, the Register of Registered Trademarks maintained by the Patent Office of the Republic of Bulgaria and the like. These data may be collected and processed for the purpose of bringing an infringement action against the infringer. The processing of personal data collected from a public register is necessary for the purposes of the legitimate interests of the Controller, which legitimate interests are bringing an infringement claim against the infringer, and also on a statutory basis.

 

Г. Data collected automatically

 

7.1 When visiting the website, the Administrator automatically collects the following data, namely:

  • The Internet Protocol (IP) address of the device from which the individual accesses the platform (typically used to identify the country or city from which the individual accesses the platform);
  • Type of device from which the individual accesses the platform (e.g. computer, mobile phone, tablet, etc.);
  • Type of operating system;
  • Browser type;
  • The specific actions the individual takes, including the pages visited, the frequency and duration of visits to the website;
  • Date and time of visits.

 

  1. BISCUITS

 

8.1 Individuals can get more information about how the Administrator uses cookies by reading the Cookie Policy at: https://www.opsystems.bg/.

 

VII. THE PURPOSES FOR WHICH THE PERSONAL DATA ARE PROCESSED

 

9.1 The Controller collects and processes the personal data of natural persons that are provided directly by them only for the following purposes, namely:

  • in order to provide the services offered by the Administrator;
  • for the sale of goods offered by the Administrator and identification of individuals (prospective and current customers);
  • to contact the individual by e-mail in order for the Administrator to respond to the individual's inquiry;
  • for the performance of obligations under a contract to which the data subject is a party, as well as for actions preceding the conclusion of a contract and undertaken at his or her request;
  • to comply with a statutory obligation of the Data Controller in accordance with applicable law;
  • accounting purposes;
  • statistical purposes.

 

9.2 The Controller collects and processes the personal data of natural persons that are collected automatically for the following purposes, namely:

- improve the efficiency and functionality of the website;

- compiling anonymous statistics on how the website has been used.

 

9.3 The Controller may not use the personal data of individuals for purposes other than those specified in this section of this Privacy Policy.

 

VIII. STORAGE PERIOD OF PERSONAL DATA

 

10.1 Enquiries and correspondence via email, Facebook, Instagram, Linkedin: The controller stores the personal data and the received e-mail messages, Facebook, Instagram and Linkedin for the period necessary to respond to the communication received and to comply with the individual's request, and for a period of one year after the Controller has responded to the communication received.

 

10.2 Personal data of persons who have purchased goods and ordered services: The Administrator shall store the personal data of persons who have purchased goods from the Administrator and ordered a service offered by the Administrator for a period of ten years, which is the statutory period for the storage of customer invoices.

 

Б. Criteria for determining the period for which the personal data will be kept

 

10.3 In other cases not mentioned above, the Controller will store the personal data of the individual for no longer than necessary, taking into account the following criteria, namely: - whether the Controller is obliged to continue processing the personal data of the individual in order to comply with a legal obligation; - the purpose of storing the personal data both currently and in the future; - whether there is a contract between the Controller and the individual and the Controller is obliged to continue processing the personal data in order to fulfil the obligations under the

 

  1. THE MANDATORY AND VOLUNTARY NATURE OF THE PROVISION OF PERSONAL DATA

 

11.1 The personal data required to be provided by individuals is tailored to the services offered by the Controller and is of a mandatory nature. The provision of personal data by individuals is voluntary. In the event that the provision of personal data is refused:

- The Administrator will not be able to receive the email from the user if the latter does not fill in the necessary information in the contact form to settle the subsequent relationship between the Administrator and the individual concerned;

- The administrator will not be able to provide the service requested by the individual.

 

  1. PROCESSING OF PERSONAL DATA

 

12.1 The controller shall process the personal data of natural persons by means of a set of operations which may be carried out by automatic or non-automatic means.

 

12.2 The Data Controller processes the personal data of individuals independently or by assigning a data processor on behalf of the Data Controller, who is the company's accountant based in the Republic of Bulgaria.

 

  1. DATA PROTECTION

 

13.1 The controller shall take the necessary technical and organisational measures to protect personal data against accidental or unlawful destruction or accidental loss, against unauthorised access, alteration or dissemination, and against other unlawful forms of processing, namely:

- all personal information that the individual provides to the Controller is stored on secure and reliable servers and folders;

- upon exercise of the right of access by the natural person, the Administrator shall verify the identity of the natural person before providing the requested information.

13.2 Should you wish to receive detailed information on the technical and organisational arrangements, please do not hesitate to contact us at office@opsystems.bg or on 02/4442626.

XII. RECIPIENTS TO WHOM PERSONAL DATA MAY BE DISCLOSED

 

14.1 The controller has the right to disclose the processed personal data to the following categories of persons, namely:

  • the natural persons to whom the data relate;
  • to persons if provided for in a legal act, e.g. state bodies (NRA, Patent Office, Trade Register, etc.);
  • to processors who provide services for the benefit of the Provider's business activities, such as the Controller's accountants, and who are bound by an obligation of confidentiality and have provided sufficient guarantees for the implementation of appropriate technical and organisational measures in such a way that the processing is carried out in accordance with the requirements of the Regulation and ensures the protection of individuals' rights.

 

14.2 The controller shall not sell personal data provided by the individual to third parties.

 

XIII. RIGHTS OF NATURAL PERSONS

 

RIGHTS OF INDIVIDUALS

 

Right of access

 

15.1 The natural person shall have the right to obtain from the Controller confirmation as to whether personal data relating to him or her are being processed and, if so, to obtain access to the data - the relevant categories of personal data.

 

Right of rectification

 

15.2 The natural person shall have the right to request the Controller to rectify, without undue delay, inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the individual has the right to have the incomplete personal data completed, including by adding a declaration.

 

Right to erasure (right to be forgotten)

 

15.3 The natural person has the right to request from the Controller the erasure of personal data relating to him or her without undue delay, and the Controller has the obligation to erase without undue delay personal data where one of the grounds referred to in Article 17 of Regulation 2016/679 applies..

 

Right to restriction of processing

 

15.4 The natural person shall have the right to request the Controller to restrict processing where one of the conditions set out in Article 18 of Regulation 2016/679 applies. Where processing is restricted, such data shall be processed, with the exception of their storage, only with the consent of the natural person or for the establishment, exercise or defence of legal claims or for the defence of the rights of another natural person or for important reasons of public interest for the Union or a Member State. Where the individual has requested the restriction of processing, the controller shall inform him or her before the restriction of processing is lifted.

 

Right to data portability

 

15.5 The natural person shall have the right to obtain personal data concerning him or her which he or she has provided to a controller in a structured, commonly used and machine-readable format, where the processing is based on consent in accordance with or of a contractual obligation и processing is carried out in an automated manner.

 

Right to object

 

15.6 The individual shall have the right, at any time and on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her. Pursuant to Article 21(4) of Regulation 2016/679, the individual shall be expressly informed of the existence of the right to object, which shall be presented in a clear manner and separately from any other information. To fulfil this obligation, more information on the right to object can be found in the section below entitled "Right to object".

 

Profiling rights

 

15.7 The natural person shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or similarly significantly affects him or her.

 

Right to notification of a personal data breach

 

15.8 Where a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the natural person must be notified, without undue delay, of the personal data breach.

 

Right to judicial and administrative protection

 

Right to lodge a complaint with a supervisory authority

 

15.9 The natural person shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of habitual residence, place of work or place of the alleged infringement, if the natural person considers that processing of personal data concerning him or her infringes the provisions of the Regulation.

 

Right to an effective judicial remedy against a supervisory authority

 

15.10 Every natural and legal person shall have the right to an effective judicial remedy against a binding decision of a supervisory authority. Proceedings against a supervisory authority shall be brought before the courts of the Member State in which the supervisory authority is established.

 

Q: Right to an effective judicial remedy against a controller or processor

 

15.11 Without prejudice to any available administrative or non-judicial remedies, including the right to lodge a complaint with a supervisory authority, an individual shall have the right to an effective judicial remedy where he or she considers that his or her rights under the Regulation have been infringed as a result of processing of his or her personal data which is not in accordance with the Regulation. Proceedings against a controller or processor shall be brought before the courts of the Member State in which the controller or processor is established.

 

Right to compensation for damages

 

15.12 Any person who has suffered material or non-material damage as a result of a breach of the Regulation shall be entitled to obtain compensation from the controller or processor for the damage suffered. Legal proceedings relating to the exercise of the right to compensation shall be brought before the courts of the Member State in which the controller or processor is established.

 

XIV. PROCEDURE FOR THE EXERCISE OF RIGHTS

 

16.1 Individuals exercise their right to withdraw consent, right of access, right to erasure, right to rectification, right to restriction of processing, right to data portability, right to object and profiling rights by submitting a written request to the Controller (either by mail to the address indicated in the Controller's identification above in this Privacy Policy or by sending an email), which should contain the following information:

  1. name, address and other identifying data of the natural person concerned;
  2. description of the request;
  3. Signature, date of request and e-mail address.

 

16.2 The request shall be made in person by the individual. The administrator shall record the requests submitted by the natural persons in a separate register.

 

16.3 Once the individual has exercised his or her right of access to personal data concerning him or her, the Controller shall verify the identity of the individual before responding to the request. This is necessary to minimise the risk of unauthorised access to the data and identity theft. In the event that the Controller cannot identify the individual from the personal data collected, then the Controller has the right to request a copy of documents that identify the individual (such as ID card, driver's license, other documents that contain personal data that may identify the individual).

 

16.4 The controller shall examine the request and provide the individual with information on the action taken in relation to the request within two months of receipt of the request. If necessary, this period may be extended by a further month, taking into account the complexity and number of requests.

 

16.5 The controller shall inform the natural person of any such extension within one month of receipt of the request, indicating the reasons for the delay. Where the individual makes a request by electronic means, the information shall, where possible, be provided by electronic means, unless the individual has requested otherwise.

 

16.6 If the Controller does not act on the individual's request, the Controller shall notify the individual without delay and at the latest within one month of receipt of the request of the reasons for not acting and of the possibility of lodging a complaint with a supervisory authority and seeking judicial redress.

 

16.7 The controller shall communicate any rectification, erasure or restriction of processing to any recipient to whom the personal data have been disclosed, unless this is impossible or involves a disproportionate effort. The controller shall inform the natural person of those recipients if the individual so requests.

 

  1. RIGHT TO OBJECT

 

17.1 The individual shall have the right, at any time and on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her. Pursuant to Article 21(4) of Regulation 2016/679, the individual shall be expressly informed of the existence of the right to object, which shall be presented in a clear manner and separately from any other information. To fulfil this obligation, more information on the right to object will be provided in this section of this privacy policy.

 

17.2 The natural person shall have the right, at any time and on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her, where processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller, or processing is necessary for the purposes of the legitimate interests of the Controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the natural person or the data subject. The Controller shall be obliged to cease processing the personal data unless it demonstrates that there are compelling legitimate grounds for the processing which override the interests, rights and freedoms of the natural person or for the establishment, exercise or defence of legal claims. Individuals shall exercise their right to object by submitting a written request to the Controller by mail to the address indicated in the Controller's identification above in this Privacy Policy or by sending an email.

 

17.3 Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for that type of marketing, which shall include profiling insofar as it relates to direct marketing. Where the individual objects to processing for direct marketing purposes, processing of personal data for those purposes shall cease. Individuals shall exercise their right to object by submitting a written request to the Controller by mail to the address indicated in the Controller's identification above in this Privacy Policy or by sending an email indicating that they do not wish to receive advertising communications.

 

XVI. LINKS, TOOLS AND CONTENT FROM OTHER COMPANIES

 

18.1 The website contains buttons, tools or content that link to other companies' services, such as a "Facebook" button, a "Linkedin" button and an "Instagram" button. All sites of such companies that can be accessed through this website are independent and the Administrator accepts no liability whatsoever for any damage or loss incurred as a result of using these sites. Individuals use these sites at their own risk and are advised to read the relevant company's privacy policy for more information.

 

XVII. CHANGES TO THE PRIVACY POLICY

 

19.1 This Privacy Policy may be updated at any time in the future. When that happens, the revised policy will be posted on this Web site with a new "Last Modified" date at the top of this Privacy Policy and will be effective as of the date of posting. It is therefore advisable to check this Privacy Policy periodically to ensure that you are aware of any changes. Your use of the website after the updated Privacy Policy has been posted will be deemed your acceptance of the changes.

 

XVIII.    CONTACT

 

20.1 If you have any further questions about this Privacy Policy, please do not hesitate to contact us at office@opsystems.bg or 02/4442626.