You have to accept All or at least the Functionality cookies to be able to use our website. Thank you!
Findilao Ltd (hereinafter referred to as “we”, “us”, “our”, “Findilao” or “the Company”), registered as a Data Controller with the Bulgarian Commission for Personal Data Protection (Data Controller ID: 435974), is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data that we collect, and process depends on the product or service requested and agreed in each case.
For the purposes of this statement, personal data shall mean any information relating to you which identifies or may identify you and which includes, for example, your name, address and other online identifiers (IP address and email).
Findilao is part of the JFD Group. Each entity of the JFD Group has its own separate privacy statement. Such entities maintain their own websites that may be linked to our website. If you are interested in learning about how such entities process your personal data, please refer to their corresponding privacy statements which may be found on their websites. In some cases, personal data will be shared to and processed amongst other companies of the JFD Group.
If you have given us your specific consent for processing (other than for the reasons set out below) then the lawfulness of such processing is based on that consent. You also consent when the Company is transferring your personal information outside the European Economic Area where this is necessary for the Company to fulfil its contractual obligations to you. You have the right to revoke consent at any time. However, any processing of personal data prior to the receipt of your revocation will not be affected.
We are furthermore obligated to collect such personal data not only for the commencement and execution of a business relationship with you but also for the performance of our contractual, regulatory, statutory and legal obligations.
Kindly note that if you do not provide us with the required data, then we will not be allowed to commence or continue our business relationship either to you as an individual or as the authorised representative/agent or beneficial owner of a legal entity.
The Company must receive or collect your information to create your account with us and set you as a client of the Company. Further we collect data to operate, provide, improve, understand, customise and support our services in relation to your account as well as to properly identify and communicate with you in any other relevant occasion. We also have the right and the duty by its area of activity to check the accuracy of the client data contained in the databases by periodically asking you to update and/or correct or confirm the accuracy of the client data provided. We ask, collect from our clients and process, in regard with their use of the Findilao member portal and/or services, the personal data information below:
We may also collect and process personal data which we lawfully obtain not only from you but also from other entities within the JFD Group or other third parties, e.g. public authorities, companies that introduce you to us, companies that process card payments and publicly available sources which we lawfully obtain, and we are permitted to process.
You use and contact us via this website and provide any personal details requested at your own discretion.
As mentioned earlier we are committed to protecting your privacy and handling your data in an open and transparent manner and as such we process your personal data in accordance with the General Data Protection Regulation (GDPR) and the Bulgarian data protection law for one or more of the following reasons:
We process personal data to offer you our e-Services based on contracts with you (the Terms and Conditions) but also to be able to complete our acceptance procedure to enter into a business relationship with you or other prospective customers. The extent of processing personal data depends on whether the customer is a natural or legal entity and to the requirements for each service.
The Company needs to perform its due diligence measures before entering a client relationship in order to prevent actions, such as subscription fraud, and also to perform other duties imposed by law. Therefore, we collect from our clients’ identity and location verification information (such as name, IP address, tax identification number, billing address,) or another authentication information (when applicable). Further to this, the Company can use third parties which carry out identity checks on its behalf.
There are several legal obligations emanating from the relevant laws to which we are subject as well as statutory requirements. There are also various supervisory authorities whose laws and regulations we are subject to. Such obligations and requirements impose on us necessary personal data processing activities for identity verification, compliance with court orders, tax law or other reporting obligations. These include, amongst others, transaction reporting requirements.
We process personal data to safeguard the legitimate interests pursued by us or by a third party. A legitimate interest is when we have a business or commercial reason to use your information. But even then, it must not unfairly go against what is right and best for you. Examples of such processing activities include:
The Company may use client data, such as location, usage or transactions history to deliver any news, analysis, research, reports, campaigns and training opportunities that may interest the client, to their registered email address. You always have the right to change your option if you no longer wish to receive such communications.
Only if having your explicit consent collected via an opt-in functionality, we may use the contact information we collect from you for the following specific purposes:
During the performance of our contractual and statutory obligations, your personal data may be provided to various departments within the Company but also to other companies of the JFD Group. Various service providers and suppliers may also receive your personal data so that we may perform our obligations. Such service providers and suppliers enter into contractual agreements with the Company by which they observe confidentiality and data protection according to the data protection law and GDPR.
It must be noted that we may disclose data about you for any of the reasons set out hereinabove, or if we are legally required to do so, or if we are authorised under our contractual and statutory obligations or if you have given your consent.
Under the circumstances referred to above, recipients of personal data may be:
We may also contractually engage companies for statistical purposes to improve the firm’s marketing and business analytics. As a result, some or all your personal data may be shared on an anonymous (personally non-identifiable) and aggregated basis only.
We may process your personal data to inform you about products, services and offers that may be of interest to you. The personal data that we process for this purpose consists of information you provide to us and data we collect and/or infer when you use our services, such as information on your transactions. We study all such information to form a view on what we think you may need or what may interest you. In some cases, profiling is used, i.e. we process your data automatically with the aim of evaluating certain personal aspects to provide you with targeted marketing information on products.
We can only use your personal data to promote our products and services to you if we have your explicit consent to do so – by clicking on the tick box during the account registration form – or in certain cases, if we consider that it is in our legitimate interest to do so.
Further, you have the option to choose whether you wish to receive marketing related emails (company news, information about campaigns, the company’s newsletter, product newsletters, etc.) to your provided email address by clicking the relevant tick box in a relevant online form.
You have the right to object at any time to the processing of your personal data for marketing purposes or unsubscribe to the provision of marketing related emails by the Company, by clicking on the respective “Unsubscribe” link in the email received or contacting at any time our customer support department at the contact details mentioned in point 13.
The Company will keep your personal data for as long as a business relationship exists with you, either as an individual or in respect of our dealings with a legal entity you are authorised to represent or are beneficial owner. Once the business relationship with you has ended, we must keep your data for a maximum period of five years to meet our regulatory and legal requirements.
If reasonably necessary or required to meet other legal, contractual or regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions, we may also keep for additional three years some of your information as required, even after the above-mentioned period.
When we no longer need personal data, we securely delete or destroy it.
You have the following rights in terms of your personal data we hold about you:
In order to exercise any of your rights, or if you have any other questions about our use of your personal data, please contact us through the ways mentioned in point 13.
In establishing and carrying out a business relationship, we generally do not use any automated decision-making. We may process some of your data automatically, with the goal of assessing certain personal aspects (profiling), to enter into or perform a contract with you for data assessments (including on payment transactions) which are carried out in the context of combating fraud. An account may be detected as being used in a way that is unusual for you or your business. These measures may also serve to protect you. You will always be notified of the results from such automated decisions or profiling and the actions you may undertake in this regard.
As a general rule, the client data is processed within the European Union/European Economic Area (EU/EEA), but in some cases it is transferred to and processed in countries outside the EU/EEA. When you give us your personal data, you agree to us doing this. This exception applies to transfer of client data when it is required by law, e.g. reporting obligation under tax law and other tax treaties.
Processors in third countries are obligated to comply with the European data protection standards and to provide appropriate safeguards in relation to the transfer of your data in accordance with GDPR Article 46.
Upon request, the client may receive further details on client data transfers to countries outside the EU/EEA.
We use appropriate technical, organisational and administrative security measures to protect any information we hold in our records from loss, misuse, and unauthorised access, disclosure, alteration and destruction. Unfortunately, no company or service can guarantee complete security. Unauthorised entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
Among other practices, your account is protected by a password for your privacy and security. You must prevent unauthorised access to your account and personal information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
Transmission of information via regular email exchange is not always completely secure. The Company however exercises all possible actions to protect clients’ personal data, yet it cannot guarantee the security of client data that is transmitted via email; any transmission is at the clients’ own risk. Once the Company has received the client information it will use procedures and security features to prevent unauthorised access.
When you send the Company a message via email or any online messaging feature available, you disclose some personal data, like your name or email address. Such data will be used to respond to your query and verify your identity. Emails are stored on our standard internal contact systems which are secure and cannot be accessed by unauthorised external parties.
If you have exercised any or all of your data protection rights and still feel that your concerns about how we use your personal data have not been adequately addressed by us, you have the right to complain by sending an email to email@example.com. You also have the right to complain to the Bulgarian Commission for Personal Data Protection. Instructions as to how to submit a complaint can be found on its website:https://www.cpdp.bg/en/index.php?p=pages&aid=6.
The Company reserves the right to modify or amend this Privacy Statement unilaterally at any time in accordance with this provision.
If any changes are made to this privacy statement, we shall notify you accordingly. The revision date shown on at the end of this page will also be amended. We do however encourage you to review this privacy statement occasionally so as to always be informed about how we are processing and protecting your personal information.
For any questions you may have or if you want more details about how we use your personal information, you can contact us via the means specified below:
Our website uses small files known as cookies to enhance its functionality and improve your experience. Through such cookies we have enabled and use Google Analytics Advertising Features that are not available through standard Google Analytics implementation and include: