Policy for protection of personal data of individuals – end users

This page discloses the information gathering and dissemination practices for the website: https://serpact.com/.

“SERPACT” Ltd, (the “Company”), UIC: BG 202477340, with registered address at Svilengrad, p.k. 6500, 19 Krayrechna Str., Office 6th, processes your personal data in accordance with the requirements of the General Regulation, hereinafter referred as The Company, on Personal Data Protection (EU Regulation 2016/679) and the Personal Data Protection Act.

In order to comply with the regulatory requirements, with the current privacy policy the Company provides information about your rights, the type of personal data that is being collected and processed, the ground on which the personal data is being processed, the ways in which the Personal data will be stored and used, as well as the cases in which the Personal data may be  provided to third parties..

According to Art. 4 of EU Regulation 2016/679, the term „personal data”  means any type of information that may be used to identify directly or indirectly a separate natural person or a, in particular by an identifying data such as name, identification number, location data, an online identifier or one or more characteristics that may refer in any way to the physical, physiological, genetic, mental, intellectual, economic, cultural or social identity of that individual.

In accordance with our obligations under Regulation 2016/679 of the European Parliament and of the Council (the “General Data Protection Regulation”), the Company ensures that the processing of personal data such as name, address, telephone and email address will always be in accordance with the Regulation. and the applicable Bulgarian legislation in the field of personal data protection.

  1. Collection and use of personal data
    The company collects and process your personal data because you are using the website http:// serpact.bg, and in respect to receiving the Company’s newsletter, for the purposes of any type of marketing activities, providing access and user participation in the “Reviews” section, conducting courses and exams and concluding contracts with the company on the grounds of art. 6, par. 1 and Art. 9, par. 2, Regulation (EU) 2016/679 ( GDPR), and in particular on the following grounds:
  • Explicit consent obtained by You;
  • Fulfillment of the obligations of the Administrator under a specific contract with you or for the purposes of conducting such;
  • Compliance with a legal obligation that applies to the Administrator;
  • For the purposes of the legitimate interests of the Administrator or a third party. 

The Company does not collect personal data other than those necessary for carrying out its activities or those provided by you with your explicit and free consent.

  1. The personal data we process

2.1 . Personally Identifiable Information: We may collect personally identifiable information from you, including your name, email address, phone number, website address when you engage in any of the following activities:

  • Consultation;
  • Sign up to receive promotional materials via mail or email address.
  • Participate in a survey or other type of activity organized by the Company
  • For the purposes of marketing activities

For newsletter and other marketing activities we collect the following personal data:

  • Two names;
  • E-mail address;
  • Other data provided by you in connection with specific marketing purposes for which you have been informed, if any; 

Personal data is being collected on the basis of explicit consent (Article 6, paragraph 1, letter “a” of the Regulation).The Consent is being expressed by entering some of the above data and ticking the box – “I agree that my personal data will be used to receive a newsletter.

  • Technical information

Each time you open the website of https://serpact.com/ and / or the various sections therein, we receive information in the form of an information protocol with the following content:

  • Your IP address and the page from which you are redirected to our site;
  • Information about your stay on our website and the sections you have visited;
  • Information about your browser and operating system;
  • Other type of technical information, according to the technical requirements of the information system; 

Personal data are collected on the basis of explicit consent (Article 6, paragraph 1, letter “a” of the Regulation). Consent is expressed by clicking the “I agree” button in the field “I am familiar with the privacy policy of “Serpact” Ltd. 

  1. Personal data that are not processed
    The company does not collect or process personal data that:
  • reveal the racial or ethnic origin of consumers or other data related to their health or mental condition;
  • disclose political, religious or philosophical beliefs, or trade union membership;
  • disclose genetic or biometric data or data on the sexual orientation of consumers. 
  1. Grounds and objectives for personal data processing by the Company
    The provided personal data is processed in accordance with the stated grounds and purposes in this Privacy Policy.
    The company does not make automated decision-making, and the provided data will not be used for advertising or marketing purposes and will not be provided to third parties, except in certain cases, namely:
  • when provided by law;
  • if duly requested by a competent state or judicial authority;
  • when we have received your explicit consent to do so. 
  1. Term of storage of the provided data
    The company stores your data in accordance with the terms provided by law. The main criteria by which we will determine the duration of processing is the time for which the information is needed.

In cases where no contract is concluded, your personal data will be deleted in a timely manner. Personal data provided for the performance of the contract will be stored for the period of its performance. In cases where we process personal data on the basis of your consent, it will be stored until you withdraw your consent and exercise your right to be forgotten / to delete all personal data that you have provided.

  1. Technical security regarding the protection of personal data
    The company has introduced all technical and organizational measures necessary for the processing and protection of personal data in accordance with EU Regulation 2016/679 and applicable Bulgarian legislation.

The measures taken correspond to the specific risks associated with the processing and storage of personal data provided. Organizationally and technically, the protection of your data from loss, alteration, theft or unauthorized access of unauthorized third parties is ensured.

  1. Sharing and disclosing personal data with third parties
    In certain cases, the Company may disclose certain personal data to our partners or subcontractors who work with us by providing services related to the activities of the Company or assist the Company in its marketing activities.

The Company may disclose your personal data to third parties, including such third parties located outside the European Union, in compliance with the requirements of the Regulation, such as:

  • When organizing games, competitions or promotions, according to the rules of specific games which you have agreed with;
  • Third parties with whom the Company has a contractual relationship for the use of Virtual Servers (VPS );
  • Third parties providing services for improving the advertising targeting of the Company’s services;
  • Universally recognized service providers that have publicly declared compliance with GDPR and e-privacy policies, such as Google and Facebook . The consent also includes the placement and use of marking unique depersonalized identifiers, including the use of cookies , localStorage or other appropriate generally accepted web technology;
  • Providers of server and cloud services relating to order center orders and services;
  • Third parties providing services to the Company such as accountants, auditors, lawyers, notaries, advertising and PR agencies or companies engaged in systematic data administration. 

The company will share personal data with third parties only after the explicit provision of technical and legal mechanisms under which the processing of shared personal data will take place in accordance with the requirements of Regulation 679/2016 and Bulgarian legislation.

The Company undertakes to take all actions to ensure the legitimate processing of personal data in accordance with the requirements of confidentiality set out in this Policy.

  1. Your rights as a data subject

According to the Regulation, each personal data subject has the following rights:

  • Right of access

You have the right to find out for free what personal data we process and whether we process such data.

  • Right of adjustment

In the event of a discrepancy between your data and those we process, you have the right to request that we correct, without undue delay, all data that is stored by us and is inaccurate.

  • Right to limit processing

In certain circumstances, you have the right to request restriction or blocking of the processing of certain data. Such cases are the need to verify the accuracy of your personal data, the grounds for processing or the illegality of their processing.

  • Right to delete

In case the grounds for processing have ceased to exist, you have the right to request the deletion of all data processed by us.

  • Right to data portability

In case you want to use your personal data provided electronically for the same service, but from another provider, you have the right to request their transfer to another provider in a machine-readable format. This right applies only to the data you have provided to us with your consent.

  • Right to object

In case you do not agree with the way we process your personal data, you have the right to state your objection. This right applies only to the data, the processing of which is necessary for the performance of a task of public interest or in the exercise of official powers. , which are provided to the controller, as well as for data the processing of which is necessary for the purposes of the legitimate interests of the controller or of a third party, except where such interests take precedence over the interests of the data subject.

  • Right to withdraw consent

When providing data based on your consent, you have the right at any time to request the withdrawal of consent for the processing of the specific type of personal data.

  • Right to appeal

If you are not satisfied with the way in which the application submitted by you has been administered in connection with any of the above rights or you believe that we do not process your personal data lawfully, you have the right to file a complaint to the Commission for Personal Data Protection. data, which is the supervisory authority responsible for the implementation of EU Regulation 2016/679 and the Personal Data Protection Act.

If you wish to exercise any of the above rights, you can send the relevant application with your exact request to the following email address: info@serpact.com


Sofia 1592, bul. „Prof. Tsvetan Lazarov ”№ 2
Center for information and contacts – tel. 02 / 91-53-518
Reception – working hours 9:00 – 17:30
E-mail: kzld@cpdp.bg
Website: www.cpdp.bg.

In order to update this Privacy Policy, it may be changed in whole or in part at any time without notice. Please check this Policy periodically and the date of the last update will be indicated.

This policy was adopted on 23.02.2021 and was not changed by that time.