“Netcube" Ltd., UIC-201933296, headquartered in Sofia, 10 “Cherni Lom” str. , floor 5, Mail: firstname.lastname@example.org, hereinafter referred to as "Netcube" or "The company", is an "administrator" handling on its own behalf "personal data" within the meaning of The General Directive of The Data Protection Regulation (EU) 2016/679 of 27.04.2016, in force from 25.05.2018 /the Regulation/ and Directive 2002/58 / EC / Directive of the European Parliament and of the Council; Personal Data Protection Act (PDDA), and the other applicable law of the European Union and the Republic of Bulgaria.
Netcube will apply this policy to the processing and protection of personal data of the subjects – physical entities - present and potential users of the web page https://myhost.io/ - visitors (guests) or persons who have registered a user profile in accordance with the applicable General Conditions published on the same web page.
With this policy Netcube establishes, under the terms of transparency and prior notification, the principles, objectives, rules and rights of the subjects, in the observance and safeguarding of which the company accordingly processes "personal data" of the listed individuals, in accordance with the aforementioned regulations.
"Personal data" means any information related to an identified personal entity that can be identified by the same data; ("Data subject") having been a current or potential user of Netcube goods provided through the myhost.io web pages - visitors or registered users in the same;
"Processing" means any operation or set of operations performed with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission, dissemination or other means by which data becomes available, arranged or combined, restricted, deleted or destroyed;
"Limitation of process" means the marking of stored personal data in order to limit its processing in the future;
"Administrator" means a physical or legal entity, a public body, an agency or other entity that alone or jointly with others determines the purposes and means of processing personal data;
"Personal data processor" means a physical or legal entity, a public authority, an agency or other entity that processes personal data on behalf of the administrator;
"Recipient" means a physical or legal entity, a public authority, an agency or other entity to which personal data is disclosed, whether or not a third party. At the same time, public authorities which may receive personal data in a specific investigation in accordance with Union law or the law of the Republic of Bulgaria shall not be considered as "recipients";
"Third party" means a physical or legal entity, a public authority, an agency or other authority other than the data subject, the administrator, the data processor and the persons directly entitled to process the personal data under the direct authority of the administrator or data processor;
"Data subject's consent" means any free expression, specific, informed and unambiguous indication of the will of the data subject, by means of a statement or clearly confirming action, which expresses his/her consent to processing of personal data related to him/her;
"Child" according to the Regulation any individual under the age of 16, although age may be reduced to 13 because of domestic law. Processing of personal data of a child is legal only if the parent or trustee of said child has given his/her consent. In such cases the Administrator shall make reasonable efforts to verify that the holder of parental responsibility for the child has given or has been authorized to give his/her consent;
"Profiling" means any form of automated processing of personal data consisting use of personal data for the assessment of certain personal aspects related to an individual and, in particular, for the analysis or forecasting of aspects related to his or her personal preferences, interests, behavior, location or movement;
"Privacy breach" means a breach of security that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transmitted, stored or otherwise processed;
"Cookies" means a packet of information sent from the web server of myhost to the internet browser on a computer or other device of the user and then returned from the same browser upon request, when there is internet access to the server that has sent the cookies used by Netcube or a third party;
- name (in your capacity as a natural person-user and/or in the capacity of a legal entity-client of our hosting services); address; e-mail address; phone number; order number;
- Names (in your capacity of a natural person-user and / or in the capacity of a legal entity-client of our hosting services); address; e-mail address; phone number; order number;
- name (in your capacity as a natural person-user and /or in the capacity of a legal entity-client of our hosting services); address; e-mail address; phone number; order number;
- Names (in your capacity of a natural person-user and/or in the capacity of a legal entity-client of our hosting services); address; e-mail address; phone number; order number, IP address;
Netcube stores the personal data on paper and/or in electronic format. Storage as a type of processing is performed by Netcube with implementation of appropriate technical and organizational measures ensuring secure and effective protection of personal data.
However, Netcube will not store personal data for a longer period than established in this policy than is necessary to achieve the established purposes for which data was collected.
In certain cases, Netcube may store data longer than set in this policy, only if personal data is processed for purposes of archiving in the public interest, scientific or historical research and for statistical purposes, and only to perform appropriate technical and organizational measures to safeguard the rights and freedoms of the data subject.
Once the deadlines have expired, personal data will be destroyed by ensuring data protection by applying appropriate technical or organizational measures.
Provision of personal data for the purpose of concluding a remote contract is mandatory. The same is stipulated in the General Terms and Conditions posted on the webpage of the remote contract.
Failure to provide personal data by the entities for the stated purposes will result in the impossibility to provide hosting services and remote contracts with the seller Netcube, respectively the execution of these contracts.
Failure to consent to the use of some of the cookies may result in the webpage being misused or, in particular, not capable to be used in its full functionality.
In other cases, submission of personal data by the data subject is not mandatory and is a voluntary act/a specific decision on the part of the data subject.
Netcube may legitimately provide personally processed data to the entities addressed by this policy to another person outside its organization, a "processor of personal data" to process such personal data on behalf of the administrator.
Netcube will use only third parties - "personal data processors" that provide sufficient guarantees for the application of appropriate technical and organizational measures in such a way that the processing is accordance with the Regulation requirements and the applicable law of the Republic of Bulgaria. Netcube guarantees that personal processing will be done only on the basis of a documented order by the administrator - that is, of Netcube. Relationship between Netcube and "processor of personal data" is governed by a contract or agreement to an existing contract governing: data subjects affected by processing; type and purpose of processing; processing period; types and categories of personal data that are subject to processing; rights, obligations and responsibilities of the administrator and processor as well as other obligations and responsibilities of the parties.
Netcube may provide lawful access to personal data, in its capacity as administrator, to another person outside its organization, the "personal data administrator", that processes the same personal data on its own behalf and on its own account.
Access to personal data in these cases is performed in order to fulfill the administrative obligations of Netcube, fulfillment of its procedural obligation, protection of rights and exercise of procedural rights in connection with it, fulfillment of obligations arising from a legal act of the current law and/or on the basis of a contract.
Netcube, for the fulfillment of the relevant objectives set forth in Section 3 of this policy, collects and stores data primarily from the subjects of the latter, such as: names, address, e-mail address, telephone, IP address, tax identifiers and others; as well as personal data generated by the company itself, such as the number of a particular hosting service request.
However, Netcube may collect personal data, for its legitimate interests and from publicly available sources, for the purpose of exercising judicial protection of its rights or collection of its claims, namely:
In certain cases of personal data processing it is possible to transfer it to recipients processing this data on behalf of Netcube in third countries outside the European Union. Netcube ensures that in such cases, recipients of personal data should be based in economic sectors of countries included in a specific list approved by the European Commission published in the Official Journal of the European Union and/or Netcube whom as an administrator should have concluded an agreement for data processing containing standard data protection clauses approved by the European Commission, ensuring an adequate level of protection.
To date, information generated by the use of Google cookies when providing and using the services of the latter company by Netcube administrator, namely: IP address of user; end device identifier; type of browser and operating system used; information about user behavior and activities; is handled directly by Google, which acts as a processor on behalf of Netcube and is directed to US-based servers. Netcube warrants that it has properly arranged its relationship with Google for this type of data processing and transfer, based on an agreement containing standard data protection clauses approved by the European Commission that ensuring an adequate level of protection; Netcube also ensures that Google is an organization that has joined the EU-US framework and the Privacy Shield Framework program, administered by the US Department of Commerce International Trade Administration, approved by the European Commission as of 12.07.2016, as appropriate to provide a mechanism for companies on both sides of the Atlantic to comply with the requirements of confidentiality and protection data when transferred to the United States.
Netcube will process personal data of the respective entities, assisting in exercising their rights and communicating without undue delay, within the time limits provided by the Regulation or the PDPA.
All listed rights of the data subjects will be exercised by a written application submitted by the entity or its authorized representative to Netcube at the following address: 10 "Cherni Lom" street floor 5, including by electronic mail to the following email: email@example.com, with the minimum content required under the Personal Data Protection Act (PDPA).
Personal data subjects have the following rights guaranteed by the Regulation and domestic law:
The data subject has the right of access to the personal data related to him/her and to receive feedback from Netcube within date of receipt of request and under the terms of the Regulation and PDPA;
The data subject has the right to ask the administrator to correct inaccurate personal data related to him/her and to receive feedback from Netcube for the actions he/she has taken in time of received request and under the terms of the Regulation and PDPA;
- personal data is not necessary for purposes established by the Netcube for which it is assembled or otherwise processed;
- the data subject consent for data processing has been duly withdrawn and at the time of withdrawal there is no other legal basis for data processing by Netcube;
- the data subject opposes processing pursuant to Article 21 (1), (exercising right of objection) as of Regulation (EU) 2016/679 of 27.04.2016, in force of 25.05.2018 (“The Regulation”) and has no legal ground for data processing, or the data subject objects to the processing under Article 21 (2) of that Regulation;
- data subject personal data has been tampered with unlawfully;
- personal data must be erased in order to comply with a legal obligation under Union law or the law of the Republic of Bulgaria, which law applies to the administrator;
personal data have been collected in relation to the information society provision services under Art. 8 (1) of the Regulation;
Netcube shall inform the data subject about the actions taken by it regarding exercise of this right within a period of one month from receipt of request/application and under the terms of the Regulation and of the PDPA.
Netcube informs the data subjects that the right to be forgotten is not an absolute subjective right and the administrator may not allow a deletion request in one of the cases expressly provided for in Article 17 (3) of the Regulation as well as in cases where the administrator may have to prove that he/she is not in a position to identify the data subject who exercised that right;
Data subject has the right to request from Netcube to restrict the processing of personal data when there is one of the following reasons:
- accuracy of personal data is disputed by the data subject for a period that allows Netcube to verify its accuracy;
- processing is illegal, but the data subject does not want the personal data to be deleted, but instead requiring a limitation of its use by Netcube;
- Netcube does not need more personal data for the purposes of processing, but the data subject requires it to identify, exercise or protect legal claims;
- the data subject has objected to Netcube against processing of data under Article 21 (1) of the Regulation pending verification that administrator’s legal grounds have an advantage over the interests of the data subject;
Where processing is limited to exercising the right to restrict processing, such data shall only be processed, with the exception of its storage, only with the consent of the data subject or for the establishment, exercising or protecting legal claims, or for protection of rights of the data subject. another physical entity, or on important grounds of public interest to the Union or a Member State.
When a data subject has requested a limitation of processing, Netcube will inform him/her before revocation of processing restriction is lifted.
In any case, Netcube shall inform the data subject about exercising right of limitation, the actions taken after receipt of request/application, and under the terms of the Regulation and the PDPA.
Data subject shall have the right to withdraw his/her consent if processing is based on Article 6 (1) (a) or Article 9 (2) (a) of the Regulation. Right of withdrawal may be exercised at any time, without prejudice to the lawfulness of processing by consent, before it is withdrawn;
Data subject is entitled to the portability of data, which means that he/she may ask the administrator to obtain the personal data processed by the latter in a structured and machine readable format to be transferred to another administrator or for Netcube to perform direct transfer of data to the other administrator, if technically feasible.
Netcube informs the data subjects that, separately and independently of other listed rights, they are entitled under Article 21 of the Regulation at any time and on grounds relating to their particular situation to object to processing of personal data as based on Article 6 (1) of the Regulation (e), that is to say, "processing is necessary for the performance of a task in the public interest or in exercise of official authority conferred to the administrator"; or point (5/f), i.e., "processing necessary for the purposes of legitimate interests of the administrator or a third party, except where the interests or fundamental rights and freedoms of the data subject that require protection of personal data, in particular where the data subject is a child, including profiling, based on said regulations". When exercising this right in such cases, Netcube will discontinue processing of personal data unless it can prove that there are convincing laws and grounds for processing, that take precedence over the interests, rights and freedoms of the data subject, or for the establishment, exercise or defense of legal claims.
When processing personal data for the purposes of direct marketing, the data subject is entitled at any time to object to the processing of personal data related to him/her for this type of marketing, including profiling insofar as it relates to direct marketing. When the data subject opposes processing for direct marketing purposes, processing of personal data for these purposes is terminated.
In context of information use by the information society, and notwithstanding Directive 2002/58 / EC, the data subject may exercise his/her right of objection by automated means using technical specifications.
Where personal data is processed for the purpose of scientific or historical research or for statistical purposes pursuant to Article 89 (1), the data subject may, on the basis of his or her particular situation, object to processing of personal data relating to him/her other than if processing is necessary for performance of task carried out for reasons of public interest.
The data subject has the right not to be the subject of a decision based solely on automated processing involving profiling which produces legal consequences for him/her or similarly affects him/her significantly.
Netcube shall provide the data subject with information on actions taken in connection with jis/her request to exercise the rights of entities referred to in Articles 15-22 of the Regulation without undue delay and in any case within 30 days of receipt of request unless the PDPA provides longer term.
When the data subject submits a request by electronic means, the information is to be provided, if possible.
Without prejudice to any other administrative or judicial remedy, any data subject shall have the right to appeal to the supervisory authority in the Member State of habitual residence, place of work or place of suspected infringement if the data subject considers that processing of personal data related to it violates the provisions of the General Regulation about protection of personal data.
Competent supervisory authority to which a complaint may be lodged: Personal Data Protection Commission, address: Sofia 1592, "Prof. Tsvetan Lazarov” No. 2, e-mail: firstname.lastname@example.org, website: www.cpdp.bg.
“If you mail us, we respond” – the first “genius” marketing slogan that Misho – senior software engineer – came up with during a brainstorming session. Turns out that was the reason, Misho only got software engineering tasks from that day onward…