Search icon
8 April 2024, monday

PRIVACY POLICY
Information on the processing of personal data
(pursuant to Article 13 and Article 14 of Regulation (EU) 2016/679)

BORICA is a personal data controller and processes personal data of customers in accordance with applicable data protection legislation and in compliance with the rights of their holders, in connection with which it provides the information referred to in Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR). The content and scope of the data processed are determined by the nature of the products and services that BORICA provides to its customers.  BORICA is a provider of certification services registered in the trust list maintained by the Communications Regulation Commission.

BORICA is also a licensed provider of a range of payment services. BORICA holds a number of certifications to various international compliance standards, which customers can view on our website (https://www.borica.bg/documents-and-resources/Sertifikati). All this enables us to provide our customers with innovative and high-tech products and solutions for business, ensuring maximum protection of the information and data that customers entrust to us.

DETAILS OF THE DATA CONTROLLER AND CONTACT DETAILS

BORICA AD, EIC 201230426
registered office and registered address. registered office and registered address. Tsar Boris III № 41

Data Protection Officer:
Ivan Lazarov, e-mail: dpo@borica.bg

PURPOSE AND GROUNDS OF PROCESSING OF PERSONAL DATA

BORICA processes personal data on the following lawful grounds: 

(i). Legal obligation

To comply with our legal obligations to identify the customer, and to carry out identification checks, in accordance with Regulation (EU) No 910/2014 on electronic identification and authentication services; the Anti-Money Laundering Measures Act; the Payment Services and Payment Systems Act, etc.

(ii). Performance of contractual relations

Proper identification at the conclusion of a contract and during its performance. The processing is carried out to ensure the lawful use of the contracted product or service, including notification of any important changes in their use.

(iii). Legitimate interest

  • to improve products and services in accordance with customer needs and requirements and to improve customer service; 
  • to prevent fraud or money laundering in order to protect our business and to comply with laws applicable to us;
  • in video surveillance to gather evidence when criminal situations arise, and to protect customers and employees;
  •  for electronic correspondence and telephone records (e.g. alerts, notification of lost qualified electronic signature certificates; provision of information for contact center enquiries);
  • when sending messages about products and services used via SMS notifications that are not related to marketing purposes;
  • in the event of complaints and to satisfy requests, disputes related to the use of certification or payment services.

(iv).  Client's consent

Where we process data on the basis of the customer's explicit consent, the processing will be for the purposes and in relation to the data in the consent given. Any consent given may be withdrawn at any time.

TYPES OF PERSONAL DATA WE PROCESS

According to the statutory definition, "personal data" means any information relating to an identified natural person or an identifiable natural person ("data subject"); "an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural Or social identity of that individual.

Processing' means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The general information we process for all products/services includes: personal data (e.g., name, address, date and place of birth, nationality, SSN, email address, phone number); identity verification data (e.g., signature, spelling of names); identity document data.

SOURCES OF INFORMATION

We process the information provided by you at the time of requesting (in person or online) the registration and management of your services in the form of ID, video selfie and other personal data you have provided to us. In some cases, such information may have been provided to us by a third party to whom you have given consent for the relevant information to be shared with us. If the personal data are provided by a representative of the person, the representative must inform and provide the represented person with this notice.

We process data that we have obtained on legal and legitimate grounds from institutional registers: the Bulgarian Identity Documents Register (BIDR); registers maintained by the Registry Agency; published official lists of persons subject to sanctions.

DATA PROTECTION AND SECURITY

Protecting customer information and data is a top priority for BORICA. The Company continuously implements and updates technical and organizational measures to ensure the protection of customer data.

  • The company is certified to ISO/IEC 27001 "Information Security, Cyber Security and Privacy Protection. Information Security Management Systems - Requirements“ which covers the security requirements for information collected and stored for the purpose of fulfilling its contractual obligations, including personal data of customers.
  • The company receives PCI DSS (Payment Card Industry Data Security Standard) certification annually;
  • Regular reviews of all procedures and policies for data collection, storage and processing, including physical systems security measures, are performed.

ACCESS TO DATA

Customer data is obtained and processed by employees charged with contract performance, regulatory compliance and the legitimate interest of the company.

Providers and contractors of BORICA who have undertaken obligations and have responsibility for processing personal data in accordance with current legislation may be granted limited access to data (for example: providers of specialized IT services, telecommunications, other participants in the payment process when providing payment services).

Personal data of customers may be provided to government authorities and institutions in order to comply with legal obligations under criminal law, anti-money laundering and anti-terrorist financing measures, for the purposes of the automatic exchange of financial information in the prevention and investigation of fraud, and where it is necessary to protect certain interests of the data holder.

DURATION OF STORAGE OF PERSONAL DATA

The personal data shall be stored by the controller in accordance with the statutory time limits and while preserving the legitimate interests of the data holder and the controller, the time limits depending on the type of service or product used, respectively the legal act that regulates the storage of data related to the respective activity. Certain time limits may be extended in certain circumstances: for example, in the case of litigation, extension of a limitation period due to an interruption, compliance with specific legal provisions and/or requirements of supervisory authorities.

OBLIGATION TO PROVIDE PERSONAL DATA

Each customer is obliged to provide personal data that is necessary for the conclusion, performance and termination of contractual relations and/or compliance with the provisions of applicable law. If the customer does not provide the necessary data or documents, the establishment of a contractual relationship for certain products or services (certification or payment) is inadmissible.

RIGHTS OF CUSTOMERS - HOLDERS OF PERSONAL DATA

Under the EU General Data Protection Regulation (GDPR), the rights of personal data holders include:

The right of access to the customer's personal information is held by the controller.

You can request access to any personal data we hold about you. This is known as a 'subject access request'.

The right to restrict the processing of the customer's personal data in the following cases:

  • Unlawful processing has been established, but the customer only wishes to restrict the processing of the data instead of having it deleted;
  • To comply with the data subject's rights under EU Regulation 2016/679.

Right to erasure of all personal data from the controller's system

The customer may express his/her wish to have all, or part of his/her personal data stored by BORICA deleted. This will not be possible in all cases, as we are required by law to keep a certain category of information for a relevant period.

Other rights under the GDPR

If the customer believes that the personal information held is inaccurate, they have the legal right to update it (for example: change contact details).
The customer may object or request to restrict the processing of their personal data if it exceeds the minimum required by law for the provision of certain products or services.

EXERCISE OF RIGHTS BY THE CLIENT

To obtain guidance and assistance in exercising their rights, the Customer may contact dpo@borica.bg.

If the Customer disagrees with the ways in which his/her personal data is managed or used, wishes to obtain additional information regarding his/her personal data or to inform about possible problems in respecting his/her legal rights and freedoms, he/she may submit a request (request, complaint, signal). It should be sent for registration to the email address office@borica.bg. All documents are processed within one calendar month.

If we are unable to resolve the issue to the client's satisfaction, the client may also contact the Personal Data Protection Commission at 1592 Sofia Blvd. "1595 Prof. kzld@cpdp.bg, website www.cpdp.bg.

 

Other News

beginner-training-internship
24 March 2025, monday

BORICA introduces "Verification of Payee" service for more secure and trusted payments

The solution will support financial institutions for seamless compliance with European regulations and enhance customer trust in digital payments...

More
Digitalization in healthcare: one step closer with B-Trust and Webflow Dental
14 March 2025, friday

Digitalization in healthcare: one step closer with B-Trust and Webflow Dental

B-Trust brand authentication services digitize workflows in the healthcare sector...

More
BORICA advances Bulgaria’s Cross-Border Instant Payments Interoperability with Montran’s TIPS Connectivity Module
10 March 2025, monday

BORICA advances Bulgaria’s Cross-Border Instant Payments Interoperability with Montran’s TIPS Connectivity Module

The successful implementation of Montran’s TIPS connectivity module with BORICA, the Bulgarian national payment operator...

More

Contact us

Headquarters

41 Tsar Boris III Blvd.
1612 Sofia
e-mail: office

See all offices



Follow us:

Inquiry

Your inquiry was sent successfully!
You have entered invalid data. Please try again!


* All fields are required