Privacy Policy

Information about the Personal Data Administrator:

IT Wharf Ltd is a company registered in the Commercial Register of the Registry Agency Bulgaria with UIC: 207861551, e-mail: hello@budgetist.app.

Legal Grounds and Purposes for Using Your Personal Data

We process your personal data on the following grounds:

• The Terms of Use of the Website;
• Your explicit consent – the purpose is specified for each individual case;
• Where there is a legal obligation;

In the following paragraphs, you will find detailed information about the processing of your personal data depending on the grounds on which we process it.

For Contract Performance

We process your personal data for the purposes of using the Website in accordance with the rules of the terms and conditions.

Purposes of processing (where applicable):

1. Identifying you;
2. Providing the functionalities of our website

On this basis, we process only personal data related to the user profile you have created.

Data collected on this basis is deleted 2 years after the termination of the contractual relationship, regardless of whether due to expiration, cancellation, or other grounds.

With Your Consent

We process your personal data on this basis only after your explicit, unambiguous, and voluntary consent. We will not foresee any adverse consequences for you if you refuse the processing of personal data.

Consent is a separate basis for processing your personal data, and the purpose of processing is specified in it and is not covered by the purposes listed in this policy. If you provide us with the relevant consent, and until its withdrawal or the termination of any contractual relationship with you, we will prepare suitable product/service offers for you by performing detailed analyses of your basic personal data.

Data we process on this basis:

On this basis, we may process personal data for the purposes of direct marketing, including data about website usage and social media profile data.

Provision of data to third parties

On this basis, we may provide your data to marketing agencies, Facebook, Google, or similar parties.

Withdrawal of consent

Consents given can be withdrawn at any time. The withdrawal of consent does not affect the performance of contractual obligations. If you withdraw your consent for the processing of personal data for any or all of the ways described above, we will not use your personal data and information for the specified purposes. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To withdraw your consent, you only need to use our website or simply use our contact details.

When do we delete data collected on this basis

Data collected on this basis is deleted upon your request or 12 months after its initial collection.

How We Protect Your Personal Data

To ensure adequate protection of the company’s and its clients’ data, we apply all necessary organizational and technical measures provided by the Personal Data Protection Act.

The company has established rules to prevent abuses and security breaches, which support the processes of safeguarding and securing your data.

For maximum security in the processing, transfer, and storage of your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.

User Rights

Every user of the site enjoys all rights to the protection of personal data under Bulgarian law and European Union law. The user may exercise their rights by sending a message to our email.

Every User has the right to:

• Be informed (regarding the processing of their personal data by the administrator);
• Access their own personal data;
• Rectification (if the data is inaccurate);
• Erasure of personal data (the “right to be forgotten”);
• Restrict processing by the administrator or data processor;
• Data portability between individual administrators;
• Object to the processing of their personal data;
• Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them;
• Seek protection through judicial or administrative proceedings if their data subject rights have been violated.

The user may request erasure if one of the following conditions is met:

• The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
• The user withdraws their consent on which the processing is based and there is no other legal ground for the processing;
• The user objects to the processing and there are no overriding legitimate grounds for the processing;
• The personal data has been unlawfully processed;
• The personal data must be erased to comply with a legal obligation under Union or Member State law applicable to the administrator;
• The personal data has been collected in connection with the offering of information society services to children and consent was given by the holder of parental responsibility for the child.

The user has the right to restrict the processing of their personal data by the administrator when:

• The accuracy of the personal data is contested. In this case, the restriction is for a period enabling the administrator to verify the accuracy of the personal data;
• The processing is unlawful, but the User does not want the personal data to be erased, instead requiring the restriction of its use;
• The administrator no longer needs the personal data for the purposes of processing, but the User requires it for the establishment, exercise, or defense of legal claims;
• The User has objected to processing pending the verification whether the legitimate grounds of the administrator override those of the User.

Right to data portability

The data subject has the right to receive the personal data concerning them, which they have provided to an administrator, in a structured, commonly used, and machine-readable format and has the right to transmit those data to another administrator without hindrance from the administrator to whom the personal data has been provided, where the processing is based on consent or on a contractual obligation and the processing is carried out by automated means. When exercising their right to data portability, the data subject has the right to have the personal data transmitted directly from one administrator to another, where technically feasible.

Right to object

Users have the right to object to the administrator regarding the processing of their personal data. The personal data administrator is obliged to cease processing unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. If an objection is made to the processing of personal data for direct marketing purposes, the processing must be stopped immediately.

Complaint to the supervisory authority

Every User has the right to lodge a complaint against unlawful processing of their personal data with the Commission for Personal Data Protection or with the competent court.

This privacy policy was prepared with the help of https://obshti-uslovia.com