MLytica LTD’s current privacy policy covers the issues related to the collecting and processing of your personal data, through websites, devices, products, services, online stores, and applications.
MLytica LTD has the capacity of Personal Data Administrator according to General Data Protection Regulation(EU) 2016/679 (hereinafter referred to as “Regulation”) and the Bulgarian Personal Data Protection Act.
Administrator identification: MLytica LTD
Headquarters and address of management: Sofia 1729, Mladost district, Alexander Malinov, No 31
UIC: 207482892
MLytica LTD treats as personal data any information that identifies a particular individual or that relates to an individual through which the same can be identified.
MLytica LTD does not sell products or services to children. If you are under 18, you may use our products or services only with the involvement of a parent or guardian. We do not knowingly collect personal information from children under the age of 13 without the consent of the child's parent or guardian.
We collect personal data after the explicit consent of the person to whom it relates. When you register on our site or use any of the forms, you voluntarily provide us with certain information, which we process and store. This information may include names, date of birth, phone number, e-mail address, address, company details and any other information you provide to us. You may choose to share information about your location or photos with us, as well as any other available information from social accounts like Google, Facebook, Apple, etc., if you signed up with it.
We may prefer to reduce the amount of data we store and process according to the purpose of the processing.
In case you decide to purchase a product or order a particular service, we collect contact information (address, e-mail, company details and telephone number) and details of the product or the service you have ordered. The payment information will be collected directly by Stripe and MLytica will only have access to parts of the detail as last 4 digits of the card, expiration date, CVC, billing address, etc. We will just access this data by requesting such information from Stripe whenever we need to, e.g. when displaying saved card(s).
When connecting your account to your Google, Facebook or Apple account(s) or other third-party services, we may also receive information from those accounts (such as friends or contacts). The information we receive from these services depends on the settings and privacy statements, so each person should check what they are.
Also, we receive technical information when you use our website. Each time you use the site, mobile application or other internet services, the system automatically creates and records certain information, like: a) Log data, including Device information - when you use the website, our servers record information (“log data”), including information that your browser automatically sends when you visit a website or your mobile application automatically send when you use it (if you would like to receive more details about the information we collect – contact us via the contact form. To learn more about what information your device makes available to us, please also check the policies of the device manufacturer or the software vendor); b) Cookie data - we also use cookies (small text files sent from your device each time you visit our website) or similar data capture technologies (for more information on how we use cookies, please see our Cookie Policy).
MLytica LTD processes and stores the above-mentioned personal data solely to fulfil our obligations and more accurately to provide the services for our clients and customers, including, but not limited to contacting them if necessary, to filter fraudulent activities and accounts, for events and promotions, etc.
The data is stored and processed while the user account is active and one year after its deactivation or deletion, as well as until it is needed to provide our services. In case the person makes a request, the information shall be destroyed immediately, unless there is a legal or other legitimate reason for retaining it.
We may use third-party services that are processing personal data for the above processing purposes, e.g. payment services or services for analysing personal data to improve our services. These individuals process the personal data at our discretion and are obliged to comply with the applicable data protection provisions. These individuals are carefully selected by us and have access only to the information they need to provide the services they are committed to and within the scope of our agreement. If these persons are outside the EU and do not meet the required GDPR requirements, based on their statutory status, we will take measures for the protection of personal data through contractual or other legal instruments. Also, personal data may be provided to state or municipal authorities that exercise different types of control within the law.
Security We have taken numerous technical, legal and organisational measures to protect the personal data of each person. To prevent unauthorised access, we are implementing encryption procedures in some areas.
Declaration In the process of processing personal data, MLytica LTD complies with the principles of the European and national legislation in regards to the protection of the personal data of individuals. By implementing a package of organisational, technical and legal measures, we aim to guarantee a high level of personal data security, and protection against unauthorised processing, destruction or damage.
All rights shall be exercised and the relevant requests and notifications regarding the rights of the data subjects shall be deposited by e-mail to the management address listed below in Section IV. The requests shall be drafted in such a way that allows identifying the identity of the applicant. In any case, the administrator should respond to the request or comment on the declared right to the e-mail provided in the contact form within one month of receipt.
According to the General Data Protection Regulation, the data subject has the following rights:
• Withdraw of the consent. When your data is processed based on your explicit consent, you have the right to withdraw that consent at any time.
• Awareness (regarding the processing of personal data by the administrator); When there is a risk of a breach of your personal data security, the administrator is obliged to inform you of the nature of the breach and what measures have been taken to rectify it and whether the supervisory authority was notified of the breach.
• Access to your own personal data. As a personal data subject, you have the right to request confirmation if your personal data is being processed and, if so, to have access to your data and the following information: the purpose processing the data, the kind of personal data that is processed, data recipients, processing time. The requests for access must be made in electronic form and addressed to the administrator.
• Correction(if the data is incorrect). As a personal data subject, you have the right to request corrections of your personal data that are inaccurate/out of date. Some of your personal data can be modified on your profile after logging in. However, for some of your personal data, it may be that you must submit a separate request modification. Your request will be answered by the administrator in the following way – in written form, at the email address provided.
• Deletion of personal data (right to “be forgotten”). As a personal data subject, you have the right to “be forgotten”, i.e. to request that your personal data be deleted without unnecessary delay. The administrator may refuse to delete the personal data on the grounds set out in the Regulation – when the processing of specific data is to exercise the right of freedom of expression and information; fulfil a legal obligation or task of public interest or exercise of public authority; for public health purposes; archiving for public interest purposes, scientific historical research or statistical purposes; or the establishment, exercise or defence of legal claims.
• Restriction of processing by the administrator or the processor of personal data. As a personal data subject, you have the right to ask your personal data administrator to restrict their processing. The restriction is allowed in the following cases: - when you consider that your personal data are incorrect, in which case the restriction is for the time required for the administrator to verify the accuracy; - when the processing of your personal data is unlawful but you do not want to delete them but only want to restrict their use; - when the administrator no longer needs your personal data for processing purposes, but you, as a data subject, require it to establish, exercise or defend legal claims; - when you objected to processing in pending review of whether the legitimate grounds of the administrator take precedence over your interest. For this purpose, in the presence of any of the above conditions, you should submit a request.
• Portability of personal data, including between separate administrators. The subject of data has the right of portability – to receive the personal data concerning him and which he has provided to the administrator in a structured, widely used and machine-readable format and to have the right to transfer this data to another administrator without hindrance from the administrator, to whom the personal data is provided when processing is based on consent or contractual obligation and processing is carried out in an automated manner. When exercising his data portability right, the data subject has the right to receive and directly transfer his personal data from one administrator to another, when technically feasible.
• Objection of the processing of his personal data. As a personal data subject, you have the right to object to the processing of your personal data at any time, including when it comes to direct marketing purposes. The administrator should justify whether he accepts the objection, respectively why he continues to process your personal data if he rejects the objections.
• The data subject is entitled not to be subject to a decision based solely on automated processing involving profiling which has legal effects on the data subject or similarly significantly affects him. The data subject has the right to challenge the automated decision at any time.
• The right of protection by the court or administrative order in case the data subject’s rights have been violated. As a data subject, you have the right to file a complaint against the processing of your personal data or a violation of your rights regarding the protection of personal data to the competent supervisory authority – Commission for Protection of Personal Data, address: Sofia 1592, blvd “Prof. Cvetan Lazarov” № 2 (www.cpdp.bg). In addition, a person who has suffered material or immaterial damages as a result of a violation has the right to receive compensation from the administrator or the processor of personal data for the damage suffered.
Your claims for the exercise of any of the above rights may be submitted to MLytica LTD in free text at your discretion.
Please send your requests and any other questions to the contact point mentioned in the Contacts section.
MLytica LTD has the right to refuse the fulfilment of some of your requests when exercising your rights to protect your personal data on the grounds provided in the applicable legislation.
For questionsregarding this Privacy Policy or the processing of your data, please contact:
MLytica LTD
Address: Sofia 1729, Mladost district, Alexander Malinov No31
Е-mail: contact@mlytica.com
Updating the Data Protection Rules of MLytica LTD.
In connection with the expected legislative changes regarding the protection of personal data, MLytica LTD will periodically update and publish its Privacy Policy.