share about you through our online interfaces (e.g., websites and email) owned and controlled by us, including
plandelta.com and all subdomains (collectively referred to herein as the “Site”).
At PlanDelta, we believe that you should have control of your data. Control starts with information. This is why
you should know what data we collect from you and how we use it.
II. WHO ARE WE
PlanDelta is a Bulgarian company (“PlanDelta” OOD, EIK 206543275, VAT number: BG206543275), company registered
under the Laws of Republic of Bulgaria with headquarters in 1404 Sofia, Bulgaria, company address: 109 Bulgaria
Boulevard, Manastirski Livadi.
(herein referred to as “PlanDelta”, “we”, “us”, “our”).
your rights as data subjects.
At PlanDelta, we value your privacy and your rights under the Data Protection Legislation (incl. Regulation (EU)
2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with
regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC
(”the GDPR”), the UK-GDPR and any other local data protection law of the countries where PlanDelta operates). In
your personal data at PlanDelta.
- our website “https://PlanDelta.com/” (the “Website”);
- the PlanDelta platform;
- when we contact you to promote our products and services.
processing of any information, files, and personal data provided to us by our Clients or other content collected
and uploaded by the Clients in the PlanDelta Account in their capacity as Data Controllers (the Data Processing
“Personal data” means any information relating to an identified or identifiable natural person. *For ex.
your names, your IP address, your address, your passport number, etc. *
“Processing of personal data” means any operation or set of operations which is performed on personal data
or on sets of personal data, whether or not by automated means. For ex. when we collect your IP address, we are
processing your data.
“Controller” means the legal entity, which is responsible for the processing of your personal data. For ex.
PlanDelta OOD is the Controller of your personal data for the processing activities, mentioned in this Privacy
“Processor” means the legal entity that processes your personal data on behalf of the Controller of your
data. For ex. PlanDelta’s service providers (sub-contractors) are sometimes Processors of your personal data on our
“Data subject” means the natural person, whose data is being processed by the Controller and/or the
Processor. *For ex. you are considered the data subject, when we process your personal data for the purposes listed
and have successfully opened a PlanDelta Account.
“User” means a person who has been granted access to a PlanDelta account. For ex. employees of PlanDelta
Clients are designated by them as Users.
“Admin” means a User with exclusive rights over the PlanDelta account, such as uploading and editing data,
managing access, etc.
been defined there, they shall have the meaning set out in the GDPR or the other applicable legislative acts.
We, the aforementioned controllers, are responsible for
processing your personal data for the purposes under this Policy and have therefore concluded a specific and
separate data processing agreement in accordance with the requirements of the GDPR.
V. OUR DATA PROTECTION OFFICER
At PlanDelta we have appointed a Data Protection Officer (“DPO”), who shall be responsible to oversee our data
protection compliance, answer your concerns and assist you in exercising your rights under the GDPR. Our DPO is
available to contact at:
Address: 109 Bulgaria blvd, 1404 Sofia, Bulgaria
Contact person: Laska Hristova
VI. PERSONAL DATA WE PROCESS ABOUT YOU
At PlanDelta we shall collect your personal data when you:
- register as a user on our website;
- submit an application to open a PlanDelta account;
- use the PlanDelta platform;
- participate in conversations with us;
- participate in surveys related to our products and services;
- communicate with our Sales or Customer Success teams;
- we contact you to promote our products and services;
- participate in our webinars and/or podcasts.
Categories of personal data
At PlanDelta we process the following categories of personal data related to you:
- contact data, such as first name, last name, e-mail address, phone number;
- data about your device (for ex. If you are using a computer or a mobile device);
- your PlanDelta userID (this ID is assigned to you by our systems when you register for the first time on our
- your identification documents, such as your passport, your ID card, your driving license;
- data collected from your device, such as your IP address, your log-in information, version and type of your
browser, version and type of your operational system; your mobile device operational system and version;
- information about your visit, such as your navigation through our platforms, your activity on our platform (for
ex. the pages you visit) and information about the length of your session;
- information stored on your computer or mobile device in the form of “cookies” – for more information on the
- biometric data, such as your video image and/or your voice when you participate in our webinars or contact our
Sales or Customer Success teams by phone;
VII. OUR LEGAL BASIS TO PROCESS YOUR PERSONAL DATA
In order to process your personal data, we must have a legal basis to do so. Below you can find what are our legal
bases to process your personal data in certain situations:
In some cases, PlanDelta has legitimate interest in processing your personal data. Before identifying a legitimate
interest, we perform an assessment to see if the legitimate interest we pursue does not overwrite your rights and
Example: Sometimes, we could process your personal data for establishment, exercise or defense of legal claims
related to PlanDelta’s rights and legal interests, including by legal proceedings.
We can also process your personal data, if you have given us your free, unambiguous, and specific consent to do so.
VIII. CATEGORIES OF DATA SUBJECTS
collect and process your personal data if you are one of the following:
- an authorized representative (incl. managers, directors, proxies, legal representatives, UBOs, etc.) of a
- an employee of a PlanDelta Client;
- someone, who has provided feedback (incl. registered a complaint, submitted a request, asked a question or other
type of correspondence in relation to the Services);
- a visitor on our Website.
- a prospect we contacted to promote our products and/or services.
IX. PURPOSES FOR PROCESSING YOUR DATA
When registering a PlanDelta Account or registering as a User – To register a PlanDelta Account as an
Administrator or to complete your registration as a User on our website. You shall provide details such as name,
email address, phone number, and job title/role in the Company along with details about the Company you are
representing/ working for (e.g. company name, company number, VAT number if applicable, registered address, etc.).
We clearly indicate in our registration forms whether the provision of the data is mandatory or voluntary to be
provided. You can choose not to provide us with certain information, but then you may not be able to register with
us or to take advantage of some of our features. In addition to the above information, we process IP addresses and
time of performance of the respective statement/action, relevant for the registration and the conclusion,
performance, amendment or termination of the Agreement.
Invitation as User – If you are an employee, contractor, agent or other individual that works for a Company
that has a PlanDelta Account, that Company may invite you through its PlanDelta Account to register as a User so as
to grant you access to the PlanDelta Account and to authorize you to use the Services on its behalf. To create a new
User account in PlanDelta, the following information needs to be submitted: name and email address. To invite you to
register as an Administrator of the Company, you need to submit information about your name and email address to the
Where you act as a Company’s User or Administrator, we may process all or some of the above-specified
personal data to perform Company’s registration, maintaining and ensuring access to the PlanDelta Account and
activities related to the conclusion, amendment, performance and termination of the Agreement; We also process your
information for communication with you, including by email, necessary for the provision of the Services in
use of Services issues;
Log information processed for the purposes of security, technical maintenance, development, etc. – PlanDelta
Platform uses logs in order to ensure the reliable functioning of the Services, to detect technical problems, to
ensure the security of the Services and to detect malicious activities.
Personal data received and collected from correspondence, complaint and signals – For the purposes of
administering, managing and responding to complaints, signals, requests, queries and other communications addressed
to us through our Website, post, email, phone or through other communication channels, we collect and process the
information submitted to us (incl. names, email, telephone, address etc.), as well as details regarding the results
from their processing (e.g. responses, further correspondence, related details, etc.).
To ensure the effective and secure functioning of our Services – We will process your personal data for the
maintenance and administration of our Services. This includes activities related to detection and prevention of
malicious activities; detection and repair of technical or functionality related issues; prevention of unauthorized
access to the Services; as well as improvement of the functioning and the quality of the Services.
**For the establishment, exercise or defense of legal claims related to PlanDelta’s rights and legal
interests.** We will process your personal data to protect and exercise the legitimate interests of PlanDelta,
the Issuers, the Company, Administrators, Users, or third parties as PlanDelta’s contractors or employees or
providers of Integrated Services. Your data may also be processed to assist Issuers, the Company, Administrators,
Users, or third parties as PlanDelta’s contractors or employees or providers of Integrated Services for
establishment, exercise or defense of legal claims.
We may process your data for the purposes of collection of receivables payable to PlanDelta, including in
execution proceedings; as well as debt collection (incl. via third parties such as debt collection companies) and
Personal data received through recorded phone calls with you – for the purposes of improving our services.
In order to improve our services and processes, we record the phone calls with the employees of our Clients and/or
our Client’s representatives.
Statistical purposes – We may process your personal data for statistical purposes. Such processing will
result in aggregated data, which will help us improve and/or develop the services and functionalities we offer.
To perform our direct marketing activities – We will use your personal data to provide you with information
about our products and services that you might be interested in. In cases where you are acting as Company’s User or
Administrator or in cases where you have contacted us at first and you have provided us with a means of contacting
you and have indicated respective interest, we may process the information provided by you for direct marketing
activities such as sending marketing communications, offers and other similar news and updates. In such a case, you
clearly and distinctly will be given the opportunity to object, free of charge and in an easy manner, to such use of
electronic contact details at the time of their collection and on the occasion of each message in case you have not
initially refused such use. Also, if you do not want to receive communications from us, you can indicate your
preference at any time by unsubscribing or by sending an email to: dpo@PlanDelta.com
X. HOW WE COLLECT YOUR PERSONAL DATA
We shall not use any personal data, unless it has been voluntarily provided, entered or uploaded by you personally.
You are not allowed to enter third party personal data, including sign up a third party (Users, Administrators,
employees, etc.,) without due authorization by such a third party. It is your sole responsibility to provide and
guarantee that the processing activities performed by you and the provision of third party personal data are
compliant with the requirements of the applicable data protection legislation.
XI. HOW WE PROTECT YOUR PERSONAL DATA
Your personal data is contained behind secured networks and is only accessible by a limited number of persons who
have special access rights to such systems, and are required to keep the information confidential and that they are
properly trained and authorised. We also take appropriate technical and organisational measures to protect your
personal data against loss or other forms of unlawful processing.
XII. WHAT WE DO IN THE EVENT OF BREACH?
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration,
unauthorised disclosure of or access to personal data, the controller shall promptly assess the risk to the data
subjects’ rights and freedoms and report the breach to the competent supervisory authority within 72 hours after
having become aware of it. We will record all data breaches regardless of their effect in accordance with our
Incident Response & Training Plan. If the breach is likely to result in a high risk to data subjects’ rights and
freedoms, we shall notify all affected individuals as soon as practically possible that there has been a breach and
provide them with more information in a clear and plain language about the likely consequences and the measures that
have been taken.
XIII. WHO WE SHARE YOUR PERSONAL DATA WITH?
We may share your personal information with:
The Company and other Company’s Users and Administrators – The data stored into the PlanDelta Account, such
as the data about Administrators, Users, Cardholders, requested Services, expenses and other details uploaded or
generated within the Company’s PlanDelta Account, are available to that Company and to other Company’s Users and
Administrators who have access to the PlanDelta Account as determined with their access permissions.
Fraud-prevention agencies – we may disclose or share your personal information with fraud prevention
agencies or other fraud prevention bodies, who assist us to combat fraud.
Where required by law – We may store and disclose any information that is necessary to comply with applicable law or
court order. In such cases we may disclose personal data to competent state and court authorities, auditors or other
types of recipients provided by law.
**Where necessary for protection of the rights and legal interests of PlanDelta or for rendering assistance to
third parties for protecting their rights and legal interest ** – when your personal data is necessary to enforce or
apply our Agreement, to protect the rights, property, or safety of PlanDelta and/or to establish, exercise or defend
a legal claim as well as we may disclose your personal data to attorneys and legal consultants; bailiffs; notaries
or persons performing similar public functions; competent authorities.
Suppliers and subcontractors – We may use service providers as specialized data centers for reliable and
secure colocation of server and network equipment, providers of quality assurance testing services, providers of
technical support, cloud service providers, etc. When working with such suppliers and subcontractors, they act as
Data Processors on our behalf, and PlanDelta engages into contractual relations with them, which include obligations
the applicable data protection rules.
Some of our suppliers and service providers that we may share your personal data with act as Data Controllers and
determine on their own or by virtue of the applicable law their own purposes to process personal data. For example,
such providers are electronic communications service and network providers that are necessary for the Internet
connection and communications between us, banks and other payment processing companies that we use to receive
payments, postal services, etc. In such cases, we share personal data only to the extent that is necessary for the
performance of the data processing purposes specified in this Policy and only as far as we have a respective legal
basis for sharing that personal data.
In other cases, required by law – We might share your personal data in any other cases as required and to
the extent permitted under applicable law.
XIV. TRANSFERS OF DATA
We might transfer data we collect from you somewhere to persons (‘Recipients’) outside the European Economic Area
(‘EEA’) and UK. When we do such transfers to third countries, we do so in accordance with the terms of this Privacy
Policy, the UK and the EU data protection rules, in particular with the GDPR and the UK-GDPR. This may include (i)
the transfer of data to Recipients located in countries, territories or part of specified sectors within such
countries that are recognized as ensuring an adequate level of protection of the natural persons concerned; (ii)
transfers pursuant to data transfer agreements that incorporate the Standard Contractual Clauses (‘SCCs’) approved
by the EU Commission/Commissioner from the 4th of June 2021; (iii) derogations for specific situations provided for
in the UK and the EU data protection law, etc.
XV. HOW LONG WE STORE YOUR PERSONAL DATA
PlanDelta applies the storage limitation principle, namely stores personal data in minimal volume and for a period
no longer than the necessary for the purposes for which they are processed, ensuring that they are stored securely
and in compliance with the applicable legislation.
We store the categories of personal data listed above as follows:
|Data provided with respect to the registration of PlanDelta Account, invitation and registration of a User; Contractual information, incl. data related to the use of the Services; Instructions and logs of data processing operations; Correspondence related to the use of the Services.
|Financial information related to the use of Services (incl. invoices and other accounting details)
||For the entire period of maintaining the PlanDelta Account and up to 5 /five/ years from termination of the registration or up to 10 /ten/ years as of the beginning of the year following the one in which payment is due for the respective year (the longer period apply)
|Personal data related and gathered in the context of our activities as Agent/Card Distributor
||For the entire period of maintaining the PlanDelta Account and up to 5 /five/ years from termination of the registration, unless a longer retention period is established under the applicable legislation.
|Correspondence, complaints and signals
||For up to 5 /five/ years after the completion of the correspondence and/or the final resolution of the correspondence related case, if there is no applicable contractual relationship.
|Logs related to security, technical maintenance, development, etc.
||Up to 1 /one/ year, unless such data is determined a different storage period in this Policy.
Notwithstanding the data retention periods set out above, it is possible that:
- a specific legal dispute or procedure arises (e.g. litigation, arbitration, administrative proceedings, etc.), requiring the data to be retained after the retention periods have elapsed;
- we receive a mandatory instruction from a competent public authority to preserve certain data/ content.
In such cases, the personal data will be preserved in accordance with the retention periods specified by the competent authority or up to 5 years after the final settlement of the dispute or proceedings before all instances, including the settlement of the respective execution proceedings.
If any law or other legislative act requires the storage of the personal data for a period longer than the one specified above, the legally established longer term shall apply to their storage.
Information uploaded and stored in the PlanDelta Account such as information included in stored documents, signatures is under the control of the Company and shall be available until its deletion by the Company or until the termination of the PlanDelta Account (whichever event is the earlier one). Information regarding statements for payment transactions with Cards and balances could be available in the PlanDelta Account only until the termination of the contractual relation between the Company and the Issuer or until the termination of the PlanDelta Account (whichever event is the earlier one).
XVI. YOUR RIGHTS
Below you can find your rights regarding the processing of your personal data:
Right of information. This Policy aims to inform you in detail about the processing of your personal data by PlanDelta.
Right of access. You are entitled to receive confirmation whether your personal data is being processed, to receive access to such data, as well as information about the processing and your rights.
Right of rectification. You are entitled to have your data rectified in case it is incomplete or inaccurate. Your data may be rectified by us upon your request.
Right of erasure. You have the right to ask for your data to be erased/deleted when we no longer have a legal basis to keep it in our systems.
Right of restriction of the processing. The GDPR and the UK-GDPR provides for the possibility of restricting your personal data processing in case there are grounds for this as set forth therein.
Right of data portability. You have the right to receive the personal data you have provided, and which is related to you in a structured, commonly used, machine-readable format, and to use such data with another controller at your discretion, if the conditions provided for in the GDPR and the UK-GDPR are present.
The right not to be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning you or similarly significantly affects you unless there are grounds provided for in the applicable data protection legislation, as well as appropriate safeguards to protect your rights, freedoms and legitimate interests.
Right to withdraw consent. You have the right to withdraw at any time your consent for personal data processing that is based on prior given consent. Such withdrawal shall not affect the lawfulness of the processing based on consent before its withdrawal.
Right to object. You have the right to object, in respect to data processed, based on legitimate interest. In the event of such an objection we will examine your request and, if justified, we will comply with it. If we believe there are enough legal grounds for the processing or where necessary for establishing, exercising or defending legal claims we will inform you accordingly. You have an absolute right to object against personal data processing for marketing purposes.
XVII. HOW TO EXERCISE YOUR RIGHTS
If you wish to access, delete (when applicable) or correct your personal information please, address your requests and complaints to any of the above mentioned Controllers at dpo@PlanDelta.com or at the following addresses:
109 Bulgaria blvd, 1404, Sofia, Bulgaria
Please state clearly in the subject that your request concerns a privacy matter, and more specifically whether it is a request to access, correction, deletion or else. Bear in mind that we may ask for additional information to determine your identity.
We may reject requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or would be extremely impractical. Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.
XVIII. SUPERVISORY AUTHORITY
If you think we have infringed your privacy rights, you can lodge a complaint with the supervisory authority:
The Bulgarian Commission for personal data protection:
2, Prof. Tsvetan Lazarov blvd. 1592 Sofia
Tel: +359 2 915 3580 or +359 2 915 3548
Fax: +359 2 915 3525
You can also lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s).
The list of all data protection supervisory authorities for each EU member state is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en
XIX. CHANGES TO THIS POLICY