PRIVACY POLICY

of Association of the Gaming Industry in Bulgaria (AGIB)

AGIB is an administrator of personal data that you (the data subject) provide to us. Your privacy and the protection of your personal data are very important to us. With this Policy, we aim to provide you with information about us and to inform you in detail about how and why we process your personal data.

Data for the Administrator

Association of the Gaming Industry in Bulgaria (AGIB)

Registration data: UIC 175228093

Seat and address of management: 7, Kukush Str., Ilinden District, 1345 Sofia,

Representative: Angel Andonov Iribozov

Contact person: Angel Andonov Iribozov 

Correspondence details:

Supervisory body: Commission for Personal Data Protection, address: 2, Prof. Tsvetan Lazarov Blvd., 1592 Sofia, website: www.cpdp.bg 

Normative act regulating the specific activity of the administrator: Non-Profit Legal Entities Act – activity for public benefit.

Personal data we collect

We process the following categories of personal data that relate to you:

Members of AGIB

  • Physical identity data (name, surname), contact data (phone, e-mail), professional employment data (profession, workplace or organization to which the person belongs).

Participants in forums and events of AGIB.

  • Physical identity data (name, surname, date of birth), contact data (phone, e-mail), data on the professional employment (profession, workplace or organization to which the person belongs, role and responsibilities), a photo.

Contractual counterparties

  • Individualization data (name, surname, social security number), contact data (address, phone, e-mail), professional data (entity, profession, workplace, roles and responsibilities), financial information (bank accounts, remuneration).

If the members, participants or counterparties are legal entities, the specified data shall be collected to the extent necessary for the natural persons who are their legal or authorized representatives, and they may also come from public registers.

Why do we need your personal data?

We process your personal data depending on the specific context for the following purposes:

  • correspondence with you relating to your participation in the current activities of the Association;
  • for periodic sending of up-to-date information on the activities (bulletin/newsletter) of the Association;
  • in order to popularize and improve the Association’s activities, including conducting surveys;
  • implementation, reporting and control of the Association’s activities to achieve its goals in accordance with the Statute;
  • in connection with membership in the Association;
  • selection and participation of persons in initiatives and projects of the Association, and reporting of their implementation and promotion;
  • for the purposes of our financial accounting and tax reporting;
  • for archiving and statistics purposes.

Grounds for processing your personal data

In order to process your personal data, there should be valid legal grounds. We process your personal data based on one of the following grounds:

  • Declaration on the processing of personal data. The express consent to provide personal data can be expressed depending on the context and through any active behaviour with which you provide your personal data, after familiarization with this Personal Data Protection Policy;
  • Entering into membership legal relations;
  • Performance of a contract with the relevant natural person, especially when steps to conclude a contract for data processing are necessary;
  • Compliance with obligations imposed by law on the Administrator and in particular related to accounting and tax purposes;
  • The processing is necessary for the realization of the legitimate interests of AGIB, including when carrying out an activity of public benefit, when the processing is proportionate to your basic rights and interests and additional guarantees regarding data protection are applicable for the specific case.

How long do we store your personal data?

Criteria for determining the terms and duration of storage

  • In the event that the purpose of data collection cannot be achieved, the data is deleted within 10 days.
  • In other cases, the provided personal data shall be stored as long as necessary to fulfil the purposes for which they were collected and it is possible to verify their accuracy, as well as to keep them up-to-date, the existence of a membership relationship, participation in an initiative or project, etc.
  • Any information that has exhausted the grounds and purposes for its processing shall be deleted, but only after an assessment in the process of the annual inventory and by a decision of the Management Board of the Association.
  • The processing may continue if there is an obligation for longer storage in accordance with the applicable legislation, which can be for a period of up to 5 years, according to the type of data, the legal obligation or foreseen opportunities to exercise legal claims. In these cases, the Administrator restricts their processing in the future, including by archiving or temporarily moving to another processing system, and they are processed only for the purpose that prevents deletion.
  • Processing may continue for purposes other than those for which the personal data were originally collected, if this is for the original purpose or based on your prior, express and specific consent.
  • When the processing is based on consent, the same can be withdrawn at any time, by means of a written application addressed to AGIB in paper or electronic form. Withdrawal of consent does not render prior processing unlawful.
  • E-mail address data provided specifically for the purposes of communication and receiving a newsletter are processed until you expressly withdraw your consent to this type of processing, by pressing an active button incorporated in the received electronic messages.
  • Upon withdrawal of consent to data processing, part of the activities and communication materials of AGIB may become unavailable to you, to the extent that providing them in the specific case requires disclosure of identity and contact details.

How do we protect your personal data? 

In order to protect and prevent unauthorized access to your personal information, accidental loss, destruction, damage or theft of data, AGIB applies appropriate technical and organizational data protection measures.

The Administrator takes care of the security of the provided information, except in cases of force majeure or accidental event.

Remember that when you visit a third-party site from the website of AGIB, we do not control their privacy policies, so please check before viewing them to ensure you are informed and agree to their terms.

When, regardless of the measures taken by the Administrator, a breach of data security is detected, AGIB shall take measures to limit adverse consequences and inform the data subject and the supervisor body without undue delay 

Do we provide your personal data to third parties?

In order to fulfil our obligations, such as organizing events (trainings, seminars, conferences, etc.), implementing projects and providing information about the current activities of AGIB, your data shall be provided to third parties – our subcontractors (e.g. companies for courier and postal services; hotels where we make reservations for overnight stays when conducting trainings and events); partners (e.g. when jointly organizing conferences, when access to objects with a certain level of security is required); software and IT companies and specialists who maintain our information systems and assist us in the storage of your personal data; legal consultants and lawyers, insofar as this information is necessary for the performance of their contractual obligations. The provision of the data is within the Republic of Bulgaria, the European Union and the European Economic Area, insofar as this is necessary for the fulfilment of our assumed obligations and activities in accordance with the goals of AGIB.

What are your rights? 

Right to information and access to your personal data

You have the right to receive confirmation as to whether we are processing your personal data. If this is the case, you may get access to your personal data and to certain information about the method, purposes and period of processing. For this purpose, you can fill in the corresponding standard access request.

Right to change your personal data 

You have the right to request correction/change of your personal data if it is inaccurate or incomplete.

You are also responsible for the completeness and correctness of the data you provide to us.

If there is a discrepancy between the provided data and the current information, you have the right and obligation to correct the discrepancy or ask the Administrator to do so.

Right to erasure (“Right to be forgotten”)

You have the right to request the deletion of your personal data when they are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in other cases provided for in the applicable legislation (e.g. withdrawn consent, expiration of the storage period, etc.).

Right to restriction of processing

If you dispute the accuracy of your personal data, you may request that the processing of your personal data be restricted for a period that allows us to carry out an investigation. You can request such restriction in other cases provided for by the current legislation.

Right of data portability

You have the right to receive personal data relating to you that you have provided to us in a structured, widely used and machine-readable format and the right to transfer such personal data to another personal data controller where the processing of such personal data is done in an automated way.

When you have exercised your right to portability, you have the right to ask the Administrator to directly transfer your personal data to another administrator, where technically feasible.

Right to object

You have the right, on grounds related to your specific situation, to object to the processing of personal data concerning you, which is based on the legitimate interests of AGIB.

Right to defence

You have the right to the protection of personal data in an administrative procedure with a complaint to supervisory authorities or in a judicial procedure with a complaint to the competent court.

How to exercise your rights? 

If you wish to exercise any of your rights or have questions regarding the processing of your personal data, please contact us at: dpo@agib.bg

You can send a written application to AGIB, which can be submitted by traditional or electronic means, including by mail and through the contact form available on the Association’s website.

Your inquiry shall be processed as quickly as possible, and in the event of a delay of more than one month (30 days), due to the complexity and number of requests, we will promptly inform you of this delay and its reasons.

If you believe that your personal data has not been processed lawfully, you can contact the Commission for Personal Data Protection and file a complaint.

Personal data of children

We do not collect personal information from minors. If you believe that we may have collected information from a minor, please contact us at: dpo@agib.bg

Changes in the Privacy Policy 

AGIB reserves the right to change this Policy in accordance with the normative requirements of the current legislation and the legitimate interests of the Association.

Any changes to this Policy shall be reflected in a timely manner by publication on the website.