https://mastersconf.com/

PERSONAL DATA PROTECTION POLICY

INTRODUCTORY PROVISIONS

We take due care of your personal data. With this privacy policy, we want to inform you about the personal data we collect, what we use it for, and how we protect it.

The website with the domain MastersCONF.com is managed by “PROSPERAMO GROUP” Ltd., a company registered in Bulgaria under number 204926435, with registered office and management address in Sofia, Lozenets district, postal code 1407, “Viskyar Planina” St. 15-17, floor 2, office 3, operating as part of its commercial activity under the brand ExpandX Marketing and Web, hereinafter referred to as “Prosperamo”.

The personal data controller is responsible for the processing and storage of data collected through the MastersCONF.com website and through other channels in connection with the “MastersCONF” conference, in a fair, transparent, and secure manner, guided by your best interests.

This document has been prepared in accordance with the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council), hereinafter referred to by its English abbreviation “GDPR”.

 

CONTACT DETAILS:

You can address any questions related to your personal data to our team via email: office@expandx.com

 

To exercise your rights under GDPR and for official communication with us, you can write to us at the email address provided or send a letter to our physical address: Sofia, Lozenets district, postal code 1407, “Viskyar Planina” St. 15-17, floor 2, office 3. You can read more on this matter in the section “YOUR DATA PROTECTION RIGHTS” below in the document.

 

SUPERVISORY AUTHORITY

The competent supervisory authority in Bulgaria is the Commission for Personal Data Protection (“CPDP”). The CPDP controls how we handle your personal data. As a data subject, you have the right to lodge a complaint with the CPDP regarding the processing of your personal data – contact details and more about the procedure can be found at the internet address: https://www.cpdp/bg/.

PERSONAL DATA WE COLLECT

Through the ticket purchase form for the MastersCONF conference, we collect the following categories of personal data:

  • First and last name;
  • Email address;
  • Address;
  • Contact phone number;
  • Company you work for
  • Position in the company.

Under no circumstances would we require you to provide us with special categories of data (so-called “sensitive data”).

The card details from the credit or debit card you use for the purchase are not collected by us, but by the payment service providers Stripe Payments Europe / Stripe Technology Europe, and – accordingly, with regard to this category of data, the aforementioned payment service providers directly act as personal data controllers.

Automatic information collection via cookies

We may collect your personal data through “cookies”. For more information, please see our “Cookie Policy”.

PURPOSES OF PROCESSING

The main purposes for which we collect and use the aforementioned information are:

  • To facilitate the sale of tickets for the “MastersCONF” conference
  • For communication with you regarding the conference and the additional services and training included in the different ticket categories
  • For issuing invoices and other accounting documents
  • To send you our newsletters and other advertising/marketing materials related to your participation in the conference, in cases where you would have a legitimate interest in receiving information.

The email address you provided us in the context of purchasing a ticket may be used for the purposes of direct marketing of other similar products or services, in cases where there is a legitimate interest on your part within the meaning of the GDPR.

LEGAL BASIS FOR PROCESSING

We collect your data on grounds provided for in Regulation (EU) 2016/679 – GDPR.

We collect your data on the following grounds:

  1. Consent

If you have subscribed to our newsletters or other informational messages, the necessary personal data will be processed based on your consent, which you can withdraw at any time by sending a short email to office@expandx.com or by clicking the Unsubscribe button in any email you receive from us.

  1. Performance of a contract

We collect, use, and process your personal data to fulfill our obligations to you under the respective contract for the purchase and sale of a MastersCONF ticket, concluded through the website. For the purpose of fulfilling these obligations, in some cases it may be possible to transfer your personal data, entered through the website, to financial institutions / payment processing institutions (such as banks, payment service providers, etc.).

  1. Legitimate interest

After fulfilling our obligations to you, we store your personal data to ensure that this information is available in the event of official proceedings such as civil lawsuits, administrative proceedings and investigations (e.g., inspection or audit by the Revenue Agency), consumer claims and disputes, etc.

The email address you provided us in the context of purchasing a ticket for the MastersCONF conference may be used for the purposes of direct marketing of similar products and services. In these cases, the legal basis for processing is legitimate interest within the meaning of Art. 6, para. 1, letter “f” of the Regulation.

*At the end of each advertising/marketing message, you will be granted the right to object to the processing of your personal data.

  1. Fulfillment of a legal obligation

In the context of our obligations under tax legislation to store certain payment information and to cooperate with tax authorities in cases of inspection, the personal data from invoices and payment agreements between us will be processed by Prosperamo within the terms detailed in the next section.

 

PERIOD FOR WHICH PERSONAL DATA IS STORED

Your contact data, collected through our site and processed for the purposes of electronic correspondence and direct marketing, are stored indefinitely.

Every message you receive from us will provide you with an option to withdraw your consent for data processing OR to object to receiving such messages in the future. In both cases, your actions will be perceived as an unwillingness for such correspondence, and we will delete your data immediately.

Invoice data is stored until the expiration of the legal term under Art. 38 of the Tax and Social Security Procedure Code (TSSPC), i.e., up to 5 years after the expiration of the limitation period for extinguishing the public obligation to which they relate.

The content of correspondence with you as data subjects is stored by the controller until the expiration of the limitation period for filing claims, i.e., generally – up to 5 years from the holding of the respective MastersCONF edition, in connection with which the correspondence was conducted. For this storage, we consider that we have a legitimate interest in defending against / initiating potential legal proceedings. Legitimate interest is the legal basis for the storage of the aforementioned data.

OTHER NATURAL AND LEGAL PERSONS RECEIVING YOUR INFORMATION

The transfer of personal data to other recipients occurs in the following cases:

  1. The data from the completed MastersCONF ticket purchase forms are accessible to “O ES EM EUROPE” Ltd., a company registered in Bulgaria under number 204926435, with registered office and management address in Varna, Primorski district, “Prilep” St. 77. “O ES EM EUROPE” Ltd., which company carries out main activities related to the organization of the event jointly with Prosperamo. The two companies act as joint controllers with respect to this data, and according to the Data Protection Agreement between the two companies, Prosperamo is obliged to respond to applications submitted under Art. 15 of the GDPR, both on its own behalf and on behalf of the joint controller;
  2. Invoice data, along with other personal data contained therein, is transferred to an accounting firm acting as a joint controller. According to our Data Protection Agreement with the accounting firm, Prosperamo is obliged to respond to applications submitted under Art. 15 of the GDPR, both on its own behalf and on behalf of the joint controller;
  3. Invoice data, along with other personal data contained therein, may be disclosed to official authorities in cases of inquiries, inspections, and audits;
  4. When delivering hard copies of documents, names and contact details are provided to courier companies.

On behalf of the controller, personal data is reviewed and otherwise processed by its employees under employment contracts, individuals from the company’s senior management, and partners. The persons mentioned in the preceding sentence have undertaken the necessary confidentiality commitments in writing.

In the event of additional transfers of personal data not mentioned above, you will be explicitly notified. Depending on the specific case, your consent for such data transfer may also be requested.

The card details from the payment cards used for ticket payment are received directly by the respective payment service recipient. Prosperamo does not receive or store this category of data, and its receipt by the payment service provider should not be treated as a transfer of personal data by Prosperamo.

 

YOUR DATA OUTSIDE THE EU

If the recipients of your data are located outside the EU, we will provide appropriate safeguards to ensure that your data is processed with the due care and attention that would be required from an EU-based recipient.

Such transfers will be subject to binding corporate rules, standard data protection clauses adopted by the European Commission, as well as any other data protection mechanism that takes your rights into account.

 

YOUR DATA PROTECTION RIGHTS

According to the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access;
  • Right to rectification;
  • Right to erasure (right “to be forgotten”);
  • Right to restriction of processing;
  • Right to data portability;
  • Right to object to processing;
  • Right to withdraw consent at any time.

 

Right of access

Upon your request, you have the right to access the personal data stored about you; you also have the right to request a copy of the personal data that is being processed.

 

Right to rectification

You have the right to request that incorrect, inaccurate, or incomplete personal data be rectified;

Depending on the purposes of processing, you may have the right to have incomplete personal data completed, including by providing an additional statement.

 

Right to erasure (right “to be forgotten”)

You have the right to request that personal data be erased when it is no longer necessary, or if its processing is unlawful.

Please note that Art. 17 of the GDPR outlines the cases in which we are obliged to erase your data. In some cases, it will be necessary to retain your data, even if erasure is requested (for example, to comply with a legal obligation that requires processing under Union law or Bulgarian legislation).

 

Right to restriction of processing

Under certain circumstances, you may have the right to request from us the restriction of processing of your personal data. For example, you can exercise this right when we no longer need your personal data for the purposes of processing, but at the same time, we must store it in our systems so that we can use it in situations such as exercising rights or defending against legal claims.

 

Right to data portability

Under certain circumstances, you may have the right to receive your personal data, which you have provided to us, in a structured, commonly used, and machine-readable format (i.e., in digital form) and you may have the right to request the transmission of this data to another person without hindrance from us, if such transmission is technically feasible.

 

Right to object

Under certain circumstances, you may have the right to object to the processing of your personal data, and we may be obliged not to process it in the future. You can exercise this right, for example, when we use your email address for direct marketing purposes – in such a case, after you object, we will no longer be able to send you marketing materials.

 

Right to withdraw consent

When the processing of your personal data is based on your consent, you can withdraw your consent at any time, without stating reasons to us. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

How to exercise your rights

 

To exercise your rights, you can contact us with a written request at office@expandx.com or by regular mail at: Sofia, “Viskyar Planina” St. 15-17, floor 2, office 3. You can also send your request to the company’s data protection officer. We will respond to your requests without undue delay and at the latest within 1 month.

 

Your written request under this Section can be submitted on paper or electronically and should include:

  • Your name
  • Email address (not mandatory to provide, but highly recommended);
  • Description of the request
  • Preferred form of communication (e.g., regular mail or email);
  • Signature (in case of paper submission);
  • Date of the request;
  • Correspondence address;
  • Power of attorney – if the request is submitted on behalf of someone else.

 

*You may be asked to provide information to confirm your identity (e.g., by clicking a confirmation link or providing a confirmation code) to exercise your rights.

 

NOTICE OF CHANGE TO THIS PRIVACY POLICY

We will notify you by email of any changes to this Privacy Policy, and you will have the opportunity to object to such changes. Changes may also be communicated to you when you visit our website.