Privacy Policy

Kalever Ltd, hereinafter referred to as “the Administrator” or “the Company”, carries out its activity in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council from 27th April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

Please read this Privacy Policy carefully, as it is intended to inform you about all aspects of our practices, regarding any personal information you provide to us or that we otherwise collect in the context of the website https://kalever.net (“personal data”) and the rights you have in connection with its processing.

The Company may update the Privacy Policy by posting a notice on its website.

Commercial Register Information about the company, which processes your data

Kalever Ltd is a limited liability company, registered in the Bulgarian Commercial register and the NPLE Register with UIC 207100820, with registered office and address of management: Bulgaria, Sofia city, Mladost 4 res. area, 1 Business Park Sofia str., Building 1, entr. B, fl.6, studio 1, e-mail: info@kalever.net Website: https://kalever.net

Information about the competent data protection supervisory authority

Commission for Personal Data Protection (CPDP), Sofia, Prof. Tsvetan Lazarov Str. №2, Phone number: 02/91-53-519, E-mail: kzld@cpdp.bg, Website: www.cpdp.bg

Types of personal data collected, processed and stored by the Administrator. Purposes. Grounds.

The Administrator collects and processes personal data in relation to the use of the website https://kalever.net – limited extend of personal data provided by you via the website contact form: name, e-mail address and phone, as well as additional information which does not represent personal data (Company name, general corporate email, general corporate phone etc.) for the purposes and on the legal grounds described below, pursuant to Art. 6, para. 1, Regulation (EU) 2016/679 (GDPR).

We collect and process the personal data you provide to us in connection with the use of the website https://kalever.net and the potential conclusion of a contract with the Company, including for the following purposes:

  • Contacting you, responding to inquiries and sending relevant information following request submitted by you via the contact form. The provided personal data is processed pursuant to your explicit consent received by the Administrator by submitting the request via the contact form – Art. 6, para. 1, letter “a” GDPR.
  • Sending pre-contractual information to take steps at your request prior to the conclusion of a contract with the Company. In case of request for pre-contractual interaction with the Company, the provided personal data is processed to take action at your request before concluding a contract with the Administrator – Art. 6, para. 1, letter “b” GDPR.
  • For the purposes of the legitimate interests of the Administrator, including to ensure the continued security and functioning of the website and to protect against cyber crime, statistical purposes etc. – Art. 6, para. 1, letter “e” GDPR.

The website https://kalever.net is not used for conclusion of online contracts – only the personal data collected via the contact form may be used further for conclusion of a written contract, if applicable.

In case of concluding a written contract, a contractual relationship is created between the Administrator and you and the Administrator collects and processes your personal data in connection with the concluded contract on the following grounds: fulfillment of the Administrator’s obligations under a contract with you (Art. 6, para. 1, letter “b” GDPR), including for order processing, acceptance, validation, delivery and invoicing of the requested services; (ii) compliance with a legal obligation that applies to the Administrator (Art. 6, para. 1, letter “c” GDPR), including to fulfil its obligations to the National Revenue Agency, the Ministry of Interior and other state and municipal authorities; (iii) for the purposes of the legitimate interests of the Administrator or a third party (Art. 6, para. 1, letter “e” GDPR), including for accounting purposes.

Personal data is collected by the Administrator from the people to whom it relates. The Administrator does not perform automated data decision-making. The Company does not collect data on people under 18 years of age.

Term of storage of your personal data

The Administrator stores the collected data for a period not longer than necessary for the purposes for which the personal data is processed. In case of received inquiry and no contract concluded afterward, the Administrator stores the collected data up to 3 months from its initial collection. It is deleted at your request or within the period specified in the previous sentence.

In case of a concluded contract, the Administrator stores your personal data, for the term of the contract and 5 years afterward, for the purpose of fulfilling obligations laid down by law – e.g. accounting documents shall be stored for the relevant statutory period; for protecting the legal interests of the Administrator in court or out of court disputes with clients; we might need your personal data to prove compliance with the statutory requirements before the relevant control authorities, etc.

The Administrator stores the personal data of the legal representatives of its business partners for the term of the contract and 5 years afterward, for observance of the legitimate interests and above legal obligations of the Administrator.

The Administrator notifies you in case the data retention period needs to be extended in order to fulfil a regulatory obligation or in view of the legitimate interests of the Administrator or other.

Transfer of your personal data for processing

The Administrator may transfer some or all of your personal data to personal data processors for the fulfilment of the processing purposes with which you have agreed, subject to the requirements of Regulation (EU) 2016/679 (GDPR).

The Administrator does not transfer your data to third countries. The Administrator notifies you in case he intends to transfer part or all of your personal data to third countries or international organisations.

Right you have when we collect, process and store your personal data

Withdrawal of consent for processing purposes

Where the processing of your personal data is based on consent, you may withdraw your consent at any time. In this case, the Administrator will immediately stop processing data for the relevant purpose, but this will not affect processing on any other basis – for example, where the Administrator have / had a contractual relation with you or have legal obligation to do so.

You can, at any time, withdraw your consent to processing by (i) filling out the form on our website and submitting it via the contact form or via email or by (ii) sending us a request in free text via email. The Administrator may ask you to verify your identity as data subject.

You may withdraw your consent to the processing of your personal data for the purposes of direct marketing at any time.

The withdrawal of the consent does not affect the legality of the processing of personal data, which the Administrator has performed so far.

Right to access your data

You have the right to request and receive confirmation from the Administrator whether personal data related to you is being processed.

You have the right to receive access to data related to you, as well as information related to the collection, processing and storage of your personal data. Upon request, the Administrator provides you with a copy of the processed personal data related to you in electronic or other appropriate form. Providing access to the data is free of charge, but the Administrator reserves the right to impose an administrative fee in case of recurrence or excessive requests.

Right for data rectification

You may correct or complete inaccurate or incomplete personal information, related to you, by making a request to the Administrator.

Right to personal data, related to you, to be deleted (“Forget me” request)

You have the right to request from the Administrator to delete part or all of the personal data, related to you, and the Administrator has the obligation to delete it without undue delay, when there is any of the following reasons:

  • the personal data is no longer needed for the purposes for which it was collected or processed otherwise;
  • you withdraw your consent on which the data processing is based and there is no other legal basis for the processing;
  • you object to the processing of personal data, related to you, including for the purposes of direct marketing, and there are no legal grounds for the processing to take precedence;
  • the personal data has been processed illegally;
  • the personal data must be deleted in order to comply with a legal obligation under EU law or the law of a Member State that applies to the Administrator;
  • the personal data has been collected in connection with providing services to the information society.

The Administrator is not obliged to delete personal data if it is stored and processed:

  • to exercise the right of freedom of expression and the right of information;
  • to comply with a legal obligation, which requires processing and is provided in EU law or the law of a Member State, applicable to the Administrator, or for the performance of a task in the public interest, or in exercising of official powers, granted to him;
  • for reasons of public interest in the field of public health;
  • for archiving purposes in the public interest, for scientific or historical research or for statistical purposes;
  • for establishing, exercising or defending legal claims.

The right to delete is exercised by submitting a request via email or via the contact form and identifying yourself. After verifying the identity of the person submitting the application, the Administrator deletes all data that he processes about the data subject, except for the email and address and technical information about the operation of the contact form on the website, which cannot be associated in any way with the data subject’s identity.

The Administrator does not delete the data that he has a legal obligation to keep, including for protection in connection with court claims against the Company or proof of its rights.

Right to limit data processing

You have the right to ask the Administrator to restrict the processing of data related to you when:

  • you challenge the accuracy of personal data for a period that allows the Administrator to verify the accuracy of personal data;
  • the processing is illegal, but you do not want the personal data to be deleted, only its use to be restricted;
  • the Administrator no longer needs the personal data for the purposes of the processing, but you require it for establishing, exercising or protecting your legal claims;
  • you have objected to the processing and there is a pending verification that the legal grounds of the Administrator take precedence over your interests.

In case of exercising your right to limit data processing, the Company will stop processing your data, but will not remove the publications you have made in the website.

Right to transfer data

If you have given your consent for the processing of your personal data or the processing is necessary for the performance of the contract with the Administrator, or if your data is processed in an automated manner, you may, after identifying yourself to the Administrator:

  • ask the Administrator to provide you with your personal data in a readable format and to transfer it to another Administrator;
  • ask the Administrator to directly transfer your personal data to an administrator, specified by you, when this is technically possible.

Right to receive information

You may ask the Administrator to inform you about all recipients to whom the personal data, which was requested to be corrected, deleted or restricted of processing, has been disclosed. The Administrator may refuse to provide this information if this would be impossible or would require a disproportionate effort.

Right to complain

You can object to the processing of personal data by the Administrator at any time.

Your rights in the event of a breach of security, when your personal data is concerned

If the Administrator finds a breach of security, when your personal data is concerned, and which may pose a high risk to your rights and freedoms, he shall notify you without undue delay of the breach, as well as of the measures that have been taken or are to be taken.

The Administrator is not obliged to notify you if:

  • he has taken appropriate technical and organizational protection measures with regard to the data affected by the security breach;
  • he has taken steps afterward to ensure that the breach does not pose a high risk to your rights;
  • notifying you would require a disproportionate effort.

People to whom your personal data is provided

Generally, the Administrator does not provide your personal data to third parties. We may need to provide access to your personal data to a limited extent to a third party – the contractor that provides us with software support for the website, for the purposes of its operation and the servicing accounting company, in case of concluded contract. In these cases, we ensure that the third parties we engage, the latter being personal data processors, apply the same high standards for the protection of your personal data.

Miscellaneous

In the event of a breach of your rights under the stated above or applicable data protection legislation, you have the right to file a complaint with the Commission for Protection of Personal Data.

You can exercise all your rights regarding the protection of your personal data through the forms attached to this policy. Of course, these forms are optional and you can submit your requests in any form that contains a statement about your request and identifies you as the data holder.

This Privacy Policy is effective since 01.01.2024.

 Form for withdrawal of consent for processing purposes – Appendix № 1

“Forget me” Request – to delete personal data, related to me – Appendix № 2

 Request Data – Appendix № 3

 Data Rectification Request – Appendix № 4

Scroll to Top