Cookies Policy

Terms and conditions

Cookies policy

Introduction

MY Synergy is a boutique digital transformation consultancy headquartered in Sofia, Bulgaria, established in 2019. MY Synergy is a limited company (LC/Ltd.) and the current registration number (VAT) is BG205647698. We assist companies, NGOs, and governments in their digital transition efforts and aim to increase efficiency, competitiveness, and accessibility by transitioning businesses to digital technology.

Any person, hereinafter referred to as “user,” which is granted access to this website with URL https://mysynergy.bg, hereinafter referred to as “website,” and to the information published on it, hereinafter referred to as “content”, offered by MY Synergy Ltd, hereinafter referred to as “supplier,” or controller accepts their terms and conditions.

With the use of this website, the user is obliged to observe these terms and conditions as well as all other conditions, provided by the legislation of Bulgaria and the international law, even if they are not explicitly mentioned in these terms. Users are obliged, when they do not accept these terms, to suspend the use of this website immediately. The supplier shall not be responsible if the user has not read and understood these terms.

Our registered office address is:
6 Racho Petkov-Kazandzhiyata Str.,
Business Center Matrix Tower, fl. 2, office 1.
Our e-mail: office@mysynergy.bg.

As a data administrator, we at MY Synergy take due care to protect the confidentiality of all categories of personal data that we receive, collect, process and store. We do it in accordance with the applicable legal requirements.

With this privacy policy (The Policy) we inform you about the internal rules established in MY Synergy for processing of personal information, which we receive or collect, also about your rights regarding the protection of your personal data.

We advise you to carefully read this document. When you provide us with your personal data by landing onto our website or through other channels, you agree to and accept defined internal rules for processing and protecting your personal information.

Use of Cookies

As it is common practice for websites, our website uses Cookies. These are small text files, which are stored on your device’s hard drive when using a browser. Cookies are not harmful and cannot access your personal data. We use these Cookies to provide better user experience. We analyze the information traffic, to personalize the services and products we offer, and to optimize the functions of our website.

As with most other commercial websites, we also automatically collect certain information, which is stored in log files. This information includes internet protocol addresses (IP addresses), type of browser used, internet service provider (ISP), reference and end pages, operating system, date and time, data volume transferred and click stream data. Additionally, we use pixel tags (small picture files) that provide information about which areas of the website customers have visited and/or measure the effectiveness of customer search requests on our website.

Some Cookies are stored on your device until you delete them. They enable us to recognize your browser automatically the next time it accesses our website.

If you wish so, you can adjust your browser’s settings to inform you about the placing of Cookies, so that you can allow it in individual cases.

Whilst the deactivation or rejection of cookies may restrict the functionality of our website, it will not stop its functioning.

Data Processing

We collect personal data from you for one or more of the following purposes:

to identify you as user and to provide you with information that you have requested;

to provide you with information that we believe may be relevant to a subject in which you have demonstrated an interest;

to manage any communication between you and MY Synergy.

to fulfil a contract with you or with a company/entity that you represent.

to provide access to a service and/or a product on request.

to ensure the protection and safe operation of our website (and the underlying business infrastructure).

to meet the applicable legal and fiscal compliance requirements related to the services we provide for you (e.g., statistics, taxation, insurance, income management, etc.) for our legitimate interests.

In case we collect personal data from you for our legitimate interest, we shall follow a process of preliminary assessment whether the processing of that data is appropriate. The process has three steps: a) purpose test to verify if there a solid legitimate interest behind the planned processing; b) necessity test to see if the processing is necessary for that purpose c) balancing test to assess if the legitimate interest is overridden, or not, by the individual’s interests, rights, or freedoms.

Communication

We may communicate with you via electronic means (SMS or mail) to provide you with relevant information for products and services in which you have expressed interest or similar to the ones we have provided for you in the past.

If you wish that we discontinue the use of your personal data, please send us a mail to privacycompliance@mysynergy.bg.

Information Disclosure

We undertake not to sell, exchange, or rent out your personal data for use by third parties in any form. The personal data collected is used only for the purposes stated above. We may provide access to your personal information and allow its processing, according to strictly defined purposes, to strictly defined third parties, which in these cases are Processors of personal data on behalf of the Administrator of your personal data – MY Synergy.

The use of tracking technologies by our service providers, technology partners or other 3rd party assets (such as social media links) on the site is not covered by our Privacy Policy. These 3rd parties may use cookies, clear gifs, images, and scripts to help them better manage their content on our site. We do not have access or control over these technologies

These third parties may be:

providers and subcontractors for the performance of a contract concluded with you or for the provision of services requested by you, such as providers of IT, communication, or logistics services, such as providing assistance to patients to competent government organizations.

providers of technical solutions, such as collective e-mail or text messages, that allow us to send you information, including product information, or about the level of customer satisfaction, if you have consented to receive such information.

Social media links (LinkedIn, Facebook, YouTube)

We reserve the right to conduct on-site audits of the methods used by the Personal Data Processors to protect the personal data we provide to them for processing. The processors of personal data are obliged not to obstruct the performance of such audits and to assist in their conduct without undue delay.

If you do not wish us to share your personal information with the said category of third parties for the purposes described above, please contact us by email at privacycompliance@mysynergy.bg, by SMS, or by calling +359 889 500 080.

Your personal information may be shared with the competent authorities if we are obliged to fulfil a legal obligation, to protect our rights or property, or to ensure the safety of our users or others.

Data storage and retention period

All personal data provided by you or gathered for you is stored in dedicated protected environment in specialized Data Center in our country. Access to the data have only our employees on need-to-know basis. All our staff is ISMS trained. The company managing the Data Center has independently implemented an ISO/EN 27001 certified ISMS.
We will take all steps that are reasonably necessary to ensure that the personal data provided by you is stored and processed safely, in accordance with the conditions set out in this Privacy Policy and in accordance with the applicable regulations.
If a need arises to transfer your personal data to a third party for processing, which falls within the scope of the predefined and agreed with you purposes, we shall request your approval accordingly. No transfer takes place before we have obtained your explicit confirmation.

We store personal data so long as it is necessary for the business relationship or required under law. Access to our website as well as files found on the website is logged. The storage of data in our internal system is strictly business-related. It may also be done for statistical purposes and is carried out following internal retention periods. The following information is logged: name of the accessed file, data, and time of access, transferred data amount, notice of successful access, web browser and IP address of the inquiring computer. The activities of all persons that access the site are also logged. This information may be accessible for our partners. The data may also be used for the improvement of the website as well as for targeting communication with clients to improve their satisfaction with the products and services we provide.
By providing your personal data, you agree to the conditions described in this Policy for their storage, processing, or transfer to third parties.

Due Care

Unfortunately, as we all know, the transmission of information over the Internet is not completely secure. While we do our best to protect your personal information, we cannot guarantee its security at the stage of transferring it over the Internet to our site. Once received on our site, your personal information will be protected through strict policies, procedures, and security features to try to prevent unauthorized access, modification, or unauthorized deletion.

Protection of your rights

You have the right to access the information that applies to you. You may request to be informed if and how your personal data is being processed. We will perform an in-depth inspection and will inform you in writing on your preferred contact channel.

You may also request that your processed personal data be corrected to keep it up to date. When updating your personal data, you should send us verified information. We undertake to enter it in the relevant registers without changes. It will be your responsibility if the data processed after the change turns out to be inaccurate.

You have the right at any time to ask us to suspend for a period of time or permanently the processing of your personal data for one or more purposes within the scope of the purposes stated in this Policy. You have the right to request your personal data processed in MY Synergy to be deleted.

Your requests to exercise your rights listed above should be communicated to us by email at privacycompliance@mysynergy.bg, by SMS, or by calling +359 889 500 080.

Upon receipt of a request for deletion of your processed personal data, we undertake, within the statutory deadlines, to make a thorough inspection and delete all available personal data, except those – if any – which we are obliged to keep in force of a regulatory requirement. In some cases, we may need to temporarily retain as much of your personal information as it is necessary to protect our interest in resolving disputes and resolving issues, as well as to take other actions permitted by law.

Should such a situation arise, as in all other cases related to the management of your personal data processed by us, you will be promptly notified in writing via your preferred contact channel.

Objections and complaints

We shall readily accept any questions, comments, objections, complaints, and requests for clarifications on the management of personal data of data subjects in MY Synergy. The same applies to this Privacy Policy. You may contact us on these issues by email at office@mysynergy.bg or privacycompliance@mysynergy.bg, by calling or SMS at +359 889 500 080.

The Commission for Personal Data Protection (CPDP) is the authorized body for monitoring the application of the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council (of Europe) of 27 April 2016. Contact with it can be established at: Blvd. “Prof. Tsvetan Lazarov” 2, 1592 Sofia, by fax on (02)9153525 and electronically at the email of the CPDP (kzld@cpdp.bg) with an electronic document signed with a qualified electronic signature.

This Policy is subject to update in the event of changes in the applicable legislation or changes in the processes managed in MY Synergy. Updated versions of the Policy will be made available on the Company’s website.

Note:

For the purposes of this policy, the terms “personal data” and “personal information” are used interchangeably to avoid the emerging tautology in several texts.

Definitions

“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

“processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Additional Definitions

“Biometric data” means personal data resulting from specific technical processing relating to the physical, physiological, or behavioral characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopy data.

“consent” of the data subject means any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

“controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.

“Data concerning health” means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status.

“Filing system” means any structured set of personal data which are accessible according to specific criteria, whether centralized, decentralized or dispersed on a functional or geographical basis.

“Genetic data” means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question.

“Personal data breach” means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored, or otherwise processed.

“processor” means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

“profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.

“pseudonymization” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

“recipient” means a natural or legal person, public authority, agency, or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

“Restriction of processing” means the marking of stored personal data with the aim of limiting their processing in the future.

“Third party” means a natural or legal person, public authority, agency, or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.

Updates Of This Policy

We may update this privacy policy to reflect changes to our information practices. If we make any material changes, a notice will be posted on this page along with the updated Privacy Policy prior to the change becoming effective. We encourage you to review this page periodically for the latest information on our privacy practices.

If you have any questions regarding our Privacy Policy, you can either contact us by submitting your questions through our Contact web form, located here(link), or via traditional mail using the information below.

Mailing Address
Attn: Krasimir Georgiev
MY Synergy Ltd.
6 Racho Petkov-Kazandzhiyata Str.
Business Center Matrix Tower, fl. 2, office 1
1766, Sofia, Bulgaria
office@mysynergy.bg
+359 885 615 359

Updated: May 31, 2021