Last revised on January 15, 2022
The present Personal Data Protection Policy has been drawn up in performance of the obligations of Building Bridges LTD, UIC: 206687215/ hereinafter referred to as Building Bridges and/or We /pursuant to Regulation (EU) 2016/679 (General Data Protection Regulation - GDPR) of the European Parliament and of the Council of 27 April 2016 and the Personal Data Protection Act.
The policy is informational in nature and is aimed at explaining what personal data we collect, with what purpose, on what legal grounds, how we process and store such data, as well as when it is necessary to disclose personal data to third parties. By means of this policy, information is also provided in relation to the rights the subjects have with respect to the processing of their personal data and the technical and organizational measures applied for protection in relation to that.
The Policy applies when you are using:
- our website;
- mobile application (including the desktop version);
- our digital products and services (such as our contests or surveys).
Your privacy is important to us, and so is being transparent about how we collect, use, and share information about you. This policy is intended to help you understand:
- Who we are
- Information about our personal data protection officer
- Whom data we collect
- Personal data collected and processed
- Purpose of processing and legal grounds
- Verification of profiles
- How we share your information
- Automated algorithms
- Personal data deletion
- Transfer between countries
- Your rights with respect to the personal data
- How you can exercise your rights
- Updating the personal data protection policy
Who we are
The administrator of the personal data collected and processed is: Building Bridges LTD, UIC: 206687215.
Information about our personal data protection officer
We apply higher care in relation to the storage and processing of personal data and to that end, we have appointed an Officer responsible for the data protection whose function is to be the contact person concerning all issues pertaining to the processing of your personal data, including upon exercising the rights provided for by the legislation.
Whom data we collect
We collect and process your personal data in exercising in business activity as well as during performance of the various types of statutory obligations. To that effect, such personal data may include but not be limited to data:
- of registered users of our website/mobile app;
- of visitors of our website/mobile app;
- of persons taking part in promotional campaigns and games, including in social platforms;
- of persons for the purposes of direct marketing;
- of persons taking part in surveys conducted by us.
Personal data collected and processed
We may possibly collect personal data about you when you register on our website, take part in our surveys, promotion and marketing campaigns, as well as when you use our website/mobile app. In most cases, we process your personal data based on your express and specific consent. Upon other processing, we require your personal data with the purpose of entering into an agreement, to observe a legal obligation or to protect our legitimate interest. Without that data, we could not possibly let you register or provide you our relevant services due to the impossibility to identify you. In all cases, we only process the minimum information necessary to fulfill the specific purpose.
We may collect and process the following information about you.
- Basic account information. These are required and include: email address, first name, date of birth, gender, country.
- Basic profile information. These are optional and include: city, languages spoken, profile photos, relationship status (single, widow, etc), occupation, education level, if you have / want children, if you are willing to travel to meet your partner, and if you are willing to relocate for your partner.
- Physical appearance. These are optional and include: height, weight, physical look, fashion style, ethnicity.
- Lifestyle. These are optional and include: religion, nutrition, drinking, smoking, living.
- Sexuality. These are optional and include: sexual role, gender identity, former experience.
Wherever explicit consent is needed for processing of sensitive data, the latter is obtained by the controller of the data.
Purpose of processing and legal grounds
For the following purposes:
- Registration at our website/mobile app and providing access to our services;
- Maintenance of your profile;
- Providing you access to premium services after purchasing the premium membership;
- Performance of obligations provided for in the Accounting Act and the Code and other related statutory instruments, in relation to keeping correct and legitimate accounting as well as in relation to the compliance with other statutory obligations;
- Performance of obligations to provide information to all government commissions and regulatory bodies;
- Providing information to the court and public order authorities.
Our legal grounds are:
- Processing is necessary for the performance of our contractual obligations towards you.
- Processing is necessary to observe a legal obligation applicable to us.
For the following purposes:
- Verify your identity and prevent fraud and to ensure the safety and security of all users;
- Allow you to create and enhance your profile and log into the app via third party accounts;
- Show you other users near you;
- Carry out research and analysis to help us improve our service;
- Respond to correspondence and queries that you submit to us, including social media queries;
- Investigate and block Users for reported infringements of our Terms and Conditions;
- Start and conduct court proceedings.
- Send you marketing information about our events, offers and services;
- Allow our Partners to serve targeted advertisements on our website/mobile app.
Our legal grounds are:
- The processing is necessary for the purposes of keeping our legitimate interests as data controller.
- Processing takes place on the grounds of your freely expressed, specific, informed and unambiguous consent.
Verification of profiles
For safety and security and to ensure you have the best possible user experience, we may require you to verify your account and might ask for your official document and/or, in some instances, we might also ask that you carry out photo verification. We want to make sure your profile is not misused. We also want to avoid fake accounts and profiles being created which can be used for malicious activities and cybercrime – they threaten the whole community that we are trying to build. This verification might be required by us for the prevention of fraud.
Additional monitoring: we combine our efforts as a team as well as the best technology to monitor and review accounts (including photos and any other information uploaded onto user profiles) and messages for content that indicates breaches of our Terms and Conditions. If an account or message does not meet the requirements of the Terms and Conditions of Use, the relevant account will be subject to a warning and the user’s access restricted and/or blocked.
If you post anything that is inconsistent with our Terms and Conditions of Use, we reserve the right to terminate or restrict access to your Account.
How we share your information
Within the website/mobile app
Please think twice before posting sensitive details about yourself on your profile such as your sexual preferences, religious denomination and health details. While you may voluntarily provide this information to us when you create or manage your profile, there is no obligation to do so. When you upload and choose to tell us sensitive information about yourself, you are explicitly consenting to our processing of this information and making it public to other users and we have no control on that.
Part of the Registration Information such as your name and username and/or sexual preference may be visible to other users who view your profile. We protect your data against abuse and misuse on your profile. Nevertheless, it is up to you to think carefully about the information you disclose about yourself.
With third parties
We do not provide personal data to third parties prior to ensuring that all technical, organizational and legal measures have been taken (by signing agreements) to protect such data. We perform strict control of the accomplishment of this goal. To that end, we may use third parties to assist certain contractual activities. Some of these third parties (service providers) could be:
- Service providers like moderators, law firms and accounting firms, auditors, couriers, carriers, contractors or suppliers with government authorities as well as with other natural persons or legal entities – for example, providers of software and/or hardware solutions and/or infrastructure, external consultants in relation to establishing of rights pursuant to a legal obligation or with a view of their legitimate interest as the case may be;
- Marketing service providers and Advertising Partners – for the purposes of product improvement and market research (for example AWS and Mailgun);
- Billing services / payment processors - to allow you to purchase paid features of our website/mobile app;
- Social platforms - to allow you to create/connect your account with your account(s) on such platforms (for example Facebook);
- Cloud services providers – for example Amazon Web Services.
Providing personal data is obligatory in certain cases in order to observe legal requirements to us and to that effect, we provide information to: public and municipal authorities, ministries, the National Revenue Agency, the National Social Security Institute, the Commission for Protection of Competition, the Commission for Consumer Protection and other regulatory bodies and commissions.
We do not use any automated decision making devices.
The security of the data you have entrusted us with is very important for us. That is why we protect your data by applying all appropriate technical and organizational means we have in order not to allow unauthorized access, unauthorized or malicious use, loss or premature deletion of information.
We undertake measures to protect your personal data against accidental loss or unauthorized access, use, change or disclosure. There are policies and procedures in place intended to protect the information from loss, abuse or illegal disclosure. In addition, we undertake further information security measures, including access control, strict physical protection and reliable practices for collection, storage and processing of information. Part of the measures applied are:
- Protection of the collected personal data against unjustified use and traces of its processing;
- Maintenance of secure computer systems by which personal data is processed. Adequate control mechanisms for data separation and management are applied to our systems;
- Adoption of strict policies and procedures applicable to our staff for minimization of the risks of personal data processing;
- The employees/contractors of Building Bridges are familiar with the applicable rules and are trained to process personal data by applying utmost care and complying with the approved good practices;
- Upon exercising its activity, Building Bridges works only with reputable organizations and avoids working with companies, which we believe may jeopardize the persons’ personal data security;
- Good practices have been adopted in the introduction and administration of the security systems and monitoring of the technological developments in terms of possible risks for the information security in our company;
- Observing the security of computer systems and the personal data contained in them, including the opportunities for access to certain types of personal data by company employees;
- Providing access only to such personal data, which is necessary to perform the work of the relevant employee.
On the other hand, we apply technical measures such as encryption, pseudonymisation and anonymization of the collected personal data where possible.
Personal data deletion
We keep your personal information only as long as we need it for the legal basis relied upon and as permitted by applicable law.
When your Account is deactivated, we take reasonable efforts to make sure it is no longer viewable on the website/mobile app. For up to 3 years it is still possible to restore your Account. After this time, your Account will be automatically deleted.
When your Account is deleted, after 1 year, we begin the process of deleting your personal information from our systems, unless:
- we must keep it to comply with applicable law (for instance, if you make purchases within the App, some personal data may need to be kept for accounting purposes);
- we must keep it to evidence our compliance with applicable law;
- there is an outstanding issue, claim or dispute requiring us to keep the relevant information until it is resolved; or
- the information must be kept for our legitimate business interests, such as fraud prevention and enhancing Users’ safety and security. For example, information may need to be kept to prevent a user who was banned for unsafe behavior or security incidents from opening a new account.
In case of personal data anonymization, the periods mentioned do not apply because we cannot identify you.
You may delete or deactivate your account at any time.
Something important: In case your account/profile was deactivated, copies of that information may still be viewable and/or accessed to the extent such information has been previously shared with others, or copied or stored by others. It is impossible for us to control this, nor do we accept any liability for this. If you have given third party applications or websites access to your personal information, they may retain such information to the extent permitted under their terms of service or privacy policies.
Transfer between countries
In specific situations, we may hand over your data outside the European Union but only if an adequate level of protection or appropriate guarantees and legal grounds thereof have been provided (for example: consent was obtained or the adopted by the EU SCC were used).
Your rights with respect to the personal data
You have the right to information, access and receipt of a copy of your personal data processed by us. If you believe that information about you that we have is inaccurate or incomplete, you can request the editing of your personal data.
In addition, you have the right to:
- objection against the processing of your personal data;
- request destruction/deletion of your personal data when the legal grounds for its processing are dropped off;
- request limitations on the processing of your personal data; and/or
- withdraw your consent when Building Bridges is processing your personal data on the grounds of consent (without such withdrawal affecting the legitimacy of processing performed prior to said withdrawal);
- a complaint to the supervisory body – Commission for Personal Data Protection (Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.)
We will perform requests, withdrawals or objections pursuant to the requirements of the applicable rules for personal data protection but those rules are not absolute: they are not always applicable and exceptions are possible. In response to a request forwarded it is necessary to confirm your personal identity and/or to provide further information to help us better understand your request.
When you have exercised a repeated right to access to information or copy of the data in machine-readable format, Building Bridges may impose a reasonable fee based on the administrative costs necessary for providing those.
How you can exercise your rights
Each of the rights provided by the law can be exercised by filing a request for exercising the relevant right. A request to exercise the rights of the personal data subjects may be filed in electronically to the following email address: firstname.lastname@example.org
The request to exercise rights to personal data should contain the following information:
- Identification of the person – names and personal ID No. /PIN/;
- Contact and feedback details – address, telephone number, e-mail address;
- Request – description of the request.
We provide information regarding the activities undertaken in relation to a request to exercise your rights within a period of one month.
Where necessary, the above period may be extended with two more months taking into account the complexity and number of requests by a specific person. We will inform the person of each such extension within a period of one month from receipt of the request by also specifying the reasons for the delay. The information provided to the subject and each communication and actions of exercising the rights of the data subject are provided free of charge (except in the event of misuse of the rights granted).
We may request providing additional information necessary to confirm your personal identity when there are doubts in relation to the identity of a natural person filing a request. Upon exercising your rights through a proxy, a notarized power of attorney should also be provided to us.
We are not obliged to respond to a request if it is not in the condition to identify the data subject.
Where the request is filed through electronic devices the information is possibly provided with electronic devices unless you have expressly requested otherwise.
We collect or process personal data through cookies and you can find more information about that in the Cookies Policy.
Updating the personal data protection policy
The present policy may be subject to amendment by us, and it has last been updated on 1 January 2022. Any future amendments or additions to the present policy will be duly marked.