POLICY FOR THE PROCESSING AND PROTECTION OF PERSONAL DATA OF PARTNERS AND CONTRACTORS
I. Why should you review our policy for the processing and protection of personal data
„Ангело Екосистем” ЕООД (hereinafter referred to as “the Company”) processes personal data in its capacity as controller of personal data of our clients, partners and counterparties, as well as of our employees. This means that your personal data – such as name, address, phone, contact e-mail, position, qualification and work experience, personal health data, conviction data, etc. – may be stored with us.
As an expression of our commitment to ensure the highest level of protection of your personal data, we have drawn up internal rules and follow strict procedures to control the processing of personal data, which are in line with the requirements of the General Data Protection Regulation (GDPR) and the Personal Data Protection Act. This Policy aims to clarify all basic questions relating to our processing of personal data – for what purposes we process data, on what basis and for what periods. Here you can review what your rights in relation to the personal data we process are, and how to contact us to exercise them.
If you cannot find in this Policy an answer to any of your questions related to the processing of personal data, you can contact us in the manners indicated below.
Address: гр. София, п.к. 1407, р-н Лозенец, ж.к. ПЗ Хладилника,ул. Атанас Дуков № 1, ет. 6
e-mail: grxpay@goldenratio.exchange
II. Why and how the Company processes personal data
The company is duly incorporated crypto-asset service provider. For the purpose of this activity the Company processes data concerning its clients, which guarantees that these clients may be identified, allow the execution of their orders and the provision of the services chosen by them. At the same time, the Company is complying with a strict legislative framework concerning the pretevntion of money laundering, the financing of terrorism, etc. – and the Company is processing data to ensure the compliance with such statutory obligations.
The Company also processes data of its partners and contractors. These data include data used to identify the relevant person and/or its representatives, contact details, data regarding services provided and payments made.
The Company also processes data of its employees for the purposes of concluding employment contracts and fulfilling its obligations under an already concluded employment contract. In this connection, we process data used to identify the employee and contact him/her, bank account data, education and professional experience, qualifications, bank accounts, and criminal record.
When processing the personal data of the specified categories of persons, we observe the highest confidentiality standards that meet and exceed the requirements for storage and protection.
Where necessary to comply with a statutory or contractual obligation, we may need to provide access to your personal data to a limited extent to a third party – such as the team that provides us with software support, service providers concerning prevention of money laundering or fraud prevention, our accounting department. In these cases, we ensure that the third parties engaged by us apply the same high standards for the protection of your personal data, as well as that your personal data is processed on the territory of the European Union. In case the transfer of your data to countries outside of the EU is necessary, this shall happen only under a decision of the European Commission for the adequacy of the level of protection of personal data or after sufficient guarantees for your rights have been negotiated – in which cases you shall be duly informed.
III. Personal data – definition and exceptions
The Company applies its confidentiality standards to all information that comes to our knowledge in the course of our business. Nevertheless, this Policy relates specifically to the protection of personal data – and to guaranteeing the rights of the individuals to whom said data relate.
The personal data that are covered by this Policy include any information relating to a specific natural person, and may include name, address, contact details, qualification and work experience details, personal health details, conviction details, job and employer data. In some cases, the personal data we process may not be sufficient to determine which individual they relate to – for example, data that has been anonymised. We apply to these data the same standards of protection that we apply to all other data, but in order to exercise your rights set out below in relation to such data, you will need to assist us so that we can identify you.
We also process information about visits to our website as personal data, and the information is stored on the terminal devices of registered website users only. You can learn more about our cookie policy at the following link – Cookie Policy.
The contact details of legal entities – name, contact address, office telephone numbers and e-mail addresses, etc. – are not personal data, and the rules set out in point V of this Policy do not apply to these data.
IV. Purposes for which we process personal data
1. In connection with performing our services – the main activity of the Company is the provision of services, related to cryptoassets. For the provision of these services we must provide personal data of our clients – in order toidentify them and maintain contact, respectively to perform our obligations.
In this regard we collect data for the identification of our clients – including names, passport data, address, contact details. Additionally, in the course of our services we collect data, provided by the client, concerning funds or cryptoassets provided by them, respectively operations with them – transfer, exchange, etc.
The Company processes this data for the term of the services contract – after the termination of this contract the processing of data may continue for the purposes of performing statutory obligations of the Company or for protection of the legal interests of the Company, as is indicated below in this Policy.
2. With regard to the use of our website and our mobile/desktop application
For the purpose of functioning, our websites saves certain files – cookies – on your device. This is necessary for the functioning of the website and for the fulfilment of our obligations in this regard. You can find detailed information about the cookies used by our website here: …..
Your consent to the use of cookies is not a condition for the provision of services by us and your refusal to give it will in no way affect your rights or the quality of our services. Also, if you give consent, you can withdraw it at any time by using the forms under this policy. The withdrawal of your consent again will not affect your rights or the quality of our services in any way.
Personal data is gathered also for downloading and installing of our mobile/desktop application – whereas this information is necessary for its functioning. In this cases, this is information about your terminal device, whereas this information is used to guarantee the problem-free use of the application, as well as for your identification when the Company provides services.
The Company processes this data for the term of use of our website, respectively the use of our mobile/desktop application - after that the processing of data may continue for the purposes of performing statutory obligations of the Company or for protection of the legal interests of the Company, as is indicated below in this Policy.
3. For the purposes of performing obligations under concluded employment or other civil contracts
The Company processes data of employees and partners with regard to the performance of the contracts concluded with them. In these cases the Company gathers data concerning the identification of the specific employee or partner, their representatives, address and contact details. With regard to employees, the following data is additionally processes: professional experience and qualification, compliance with labour discipline, their health condition – when relevant to the employment contract, for instance in case of temporary impossibility to work – as well as other information, related to the exercise of their labour rights.
The Company processes this data for the term of the services contract – after the termination of this contract the processing of data may continue for the purposes of performing statutory obligations of the Company or for protection of the legal interests of the Company, as is indicated below in this Policy.
The Company also processes personal data of employment candidates – the Company gathers CVs, containing details for the professional qualification and experience of candidates, as well as information about their identification and contact details. This data is erased for candidates that are not hired – unless they have given their explicit consent the data to be kept with regard to the application for other job positions at the Company in the future.
4. For the performance of statutory obligations
The Company is obliged by law to keep accounts and maintain an archive of documentation (e.g. employment records, etc.). In addition, the Company has obligations under Bulgarian and European legislative acts, such as the Regulation (EU) 2023/1114 on the markets in crypto-assets, the Measures against Money Laundering Act, the Accounting Act, as well as our obligations arising from all legal provisions in force on the territory of the Republic of Bulgaria at the time the processing takes place.
According to the Accountancy Act, all accounting documents must be kept for a minimum of 3 years, starting from 1 January of the tax year following the tax year in which they were drawn up; documents concerning tax and social insurance control – including invoices and others – must be stored for a period of 10 years after 1 January of the tax year following the tax year in which the tax or social insurance liability arose; accounting registers and reports must be kept for a period of 10 years after 1 January of the tax year following the tax year to which they relate; payroll records must be kept for a period of 50 years.
5. To protect the legitimate interests of the Company
We may need your personal data to prove to relevant supervisory authorities or third parties that we are fulfilling our legal obligations, as well as in connection with clarifying claims by or against the company. In this regard, we also process the data provided by our access control systems on the media provided to us, including video surveillance systems, physical access control, etc.
For this purpose, personal data are usually stored for a period of up to 6 years from the occurrence of an event that may give rise to claims; if claims have arisen, the data is stored until these claims are settled.
Additionally, the Company may process personal data for marketing purposes. In these cases the processing shall be immediately ceased upon your objection.
6. On the basis of your express consent
We will explicitly state the purposes for which we will use your personal data when we ask for your consent, and we will ensure that such data will only be used for those purposes. In the rare cases where the processing of your personal data is based on your consent, you can withdraw your consent at any time. In this case, we will immediately stop processing data for the relevant purpose; this will not, however, affect processing on another basis – for example where we have a contractual or legal obligation to do so. You can always object to the processing of your personal data for the purposes of being provided with information by us, in which case we will immediately stop the provision of information in question.
V. Your rights in relation to the personal data processed by us
At any time while we are processing your personal data, you have the right to the following:
1. To receive information about the personal data we process and the purposes of the processing
As a rule, this information will be provided at the start of the provision of our services – i.e. at the time of conclusion of a contract for services (including via our mobile/desktop application), or of a contract with our contractors and employees, but you can make inquiries in this regard at all times.
2. To request that we rectify your personal data that are incorrect or inaccurate
3. To request the erasure of your personal data
When there is no grounds for us to continue processing your personal data, you can at any time ask us to erase all information about you that we store. If the contractual relationship between us has been completed and we have no legal obligation to retain this information, it will be deleted.
4. To request that we store your personal data without processing it in any other way
If there are no grounds for us to continue processing your personal data, but you do not want them to be erased – for example, with a view to future use of our services – you can at any time request that we stop any other form of processing and only store your data. In this case, we will only be able to process your data with your consent or by virtue of the law.
5. To request that we provide your personal data to you
If you would like to receive a copy of any data we process in respect of you, you can always request this. In this case, you must indicate whether we can provide you with the data on paper or electronically in a standard file format (.pdf, .doc).
6. To object to the processing of your personal data
When we process your personal data to protect our interests, you can object to the processing at any time. If we are protecting our legitimate interest with the processing, we will make an assessment as to whether we can stop the processing or not.
In order to exercise any of these rights, please send us on paper or by e-mail the corresponding form completed by you. You can find the forms at the links below this policy.
Even if your request is not sent using the specified form, we will consider it if we can identify you and understand which of the rights you exercise. Please provide your contact details – e-mail and/or phone number – in case we need to clarify something relating to your request.
Your request will be considered within 1 month. If we have difficulties in fulfilling your request, this period can be extended by up to 2 months, and we undertake to notify you of this extension within 1 month of receiving your request.
Your request may be rejected in the following cases:
- if there are no legal grounds for the requested action – or if we have a legal obligation or the right to continue the respective data processing operation;
- if we cannot identify you;
- if we have received a large number of requests from you in a short period of time.
Notwithstanding the foregoing, you may at any time request information about how we store your personal data. For our part, we undertake to provide you with answers to your questions in a short period of time.
Contact with the Bulgarian Personal Data Protection Commission
If you believe that we are infringing your rights, you can file a complaint with the Commission for the Protection of Personal Data which oversees our processing of personal data.
Commission for the Protection of Personal Data
Address: Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd.
Centre for information and contacts – phone 02/91-53-518
Reception – working hours from 9:00 a.m. to 5:30 p.m.
E-mail: kzld@cpdp.bg
Website: www.cpdp.bg