Beratungs- & Orga-Control AG, Zug (Switzerland)
Fiduciary office founded in 1979
I. PROTECTION OF PERSONAL DATA
"Beratungs- & Orga-Control AG (BOC)" collects and uses information for the purposes of:
- direct marketing;
- performance of its contractual obligations to Users.
The site may be used by a User who has accepted these Terms and Conditions. The meaning of a statement of acceptance of these Terms and Conditions and commitment to their observance have the following actions of the User:
- Any action on the Site after loading of the title page, except for the opening of the Terms of Service:
-The user agrees to process his or her personal data for the purpose of direct marketing by tagging a check box.
-The user can give up at any time the given consent by sending an email to 
-The Consumer's personal data is stored for a period of 5 years.
II. CONSUMER RIGHTS
Each User of the site enjoys all rights to protection of personal data in accordance with Bulgarian and European Union law. Each User is entitled to:
• Awareness (in connection with the processing of his or her personal data by the administrator);
• Access to their own personal data;
• Correction (if data is inaccurate);
• Restriction of processing by the administrator or the processor of personal data;
• Portability of personal data between individual administrators;
• Opposition to the processing of his or her personal data;
• The data subject may also not be the subject of a decision based solely on automated processing involving profiling that produces legal consequences for the data subject or similarly affects him or her significantly;
• Entitlement to judicial or administrative redress if the rights of the data subject have been violated.;
The user may request deletion if one of the following conditions is true:
• Personal data are no longer necessary for the purposes for which they were collected or otherwise processed;
• The consumer withdraws his consent on which the processing of the data is based and no other legal basis for the processing;
• Personal data has been tampered with;
• Personal data must be deleted in order to comply with a legal obligation under Union law or the law of a Member State applicable to the controller;
The user is entitled to restrict the processing of his personal data by the controller when:
•It challenges the accuracy of personal data. In this case, the limitation of the processing is for a period that allows the controller to verify the accuracy of the personal data;
• Processing is unlawful, but the User does not want personal data to be deleted but instead requires a limitation of their use;
• The Administrator no longer needs personal data for the purposes of processing, but the User requires them to establish, exercise or protect legal claims;
• opposes the processing pending verification that the legal grounds of the controller have an advantage over the User's interests.
III.Right of portability.
The data subject has the right to receive the personal data that concerns him and which he has provided to an administrator in a structured, widely used and machine readable format and has the right to transfer this data to another administrator without hindrance by the administrator to whom the personal data is provided when the processing is based on consent or a contractual obligation and the processing is done in an automated manner.When exercising its right to data portability, the data subject is also entitled to receive a direct transfer of personal data from one administrator to another when technically feasible.
IV. Right of objection.
Users have the right to object to the controller against the processing of their personal data. The Personal Data Administrator is required to discontinue the processing unless he can prove that there are convincing legal grounds for the processing that take precedence over the interests, rights and freedoms of the data subject or for the establishment, exercise or protection of legal claims. In case of objection to the processing of personal data for the purposes of direct marketing, the processing should be terminated immediately.
V. Appeal to the supervisory authority.
Each User has the right to file a complaint against the unlawful processing of his personal data with the Personal Data Protection Commission or the competent court.
VI. DUTIES OF THE DATA CONTROLLER:
The Personal Data Administrator has the following obligations:
- Processes the data in accordance with the data protection principles set out in the Regulation and is able to prove this (accountability);
- Provides data protection at the design stage and defaults;
- Notify the supervisor and the data subject in the event of a personal data breach, as well as documentation of any breaches of personal data security, incl. the facts relating to the infringement, the consequences thereof, the actions taken to deal with the infringement;
- Performs an impact assessment on data protection;
- Apply appropriate technical and organizational measures to ensure data security, such as:
- Pseudonymization;
- Encryption;
- Ensure continued confidentiality, integrity, availability and sustainability of processing systems and services;
- Timely restoration of availability and access to personal data in the event of a physical or technical incident;
- Regular testing, assessment and evaluation of the effectiveness of technical and organizational measures;
- Cooperation with the Data Protection Supervisor in the performance of the obligations arising from the Regulation;
- Prepares and applies internal procedures for receiving, reviewing and responding within one month to requests from Users for the exercise of their rights as data subjects.;
VII. KEEP A REGISTRY:
BOC keeps a record of the processing activities for which it responds. This registry contains all of the following information:
the name and contact details of the administrator;
the purposes of processing;
a description of the categories of data subjects and categories of personal data;
the categories of recipients to whom personal data are or will be disclosed, including recipients in third countries or international organizations;
where applicable, the transfer of personal data to a third State or to an international organization, including the identification of that third country or international organization and, in the case of the transmission of data referred to in the second subparagraph of Article 49 (1), appropriate safeguards documentation;
where possible, the deadlines for deleting the different categories of data;
where possible, a general description of the technical and organizational security measures;
The Personal Data Administrator uses the services of a personal data processor - OVH SAS (a hosting provider), the servers being located in France.
In connection with the execution of the previously concluded between BOC and the User contract , the personal data of the User may also be processed by personal data processing partners, partners of « Beratungs-und Orga-Control AG à Zug, Suisse »
1. Beratungs-und Orga-Control Bulgaria
2. Beratungs- & Orga-Control Ltd, at Port-Victoria (Seychelles)
3.Beratungs- & Orga-Control at Vanuatu (Pacific) Ltd.
For the purposes of the execution of the previously concluded contract , «Beratungs-und Orga-Control AG» may also grant to other persons, upon prior written or prior written permission.
The processor does not include any other processing data without the prior specific or general written permission of the administrator. In the case of a general written authorization , the processor always informs the controller of any planned changes to include or replace other data processors, thereby enabling the administrator to challenge these changes.
