Updated 25.10.2024

 

We care about your personal data protection

Who are we?

Toplofikatsia Sofia EAD, is a commercial company registered in the Commercial register at the Registry Agency under UIC 831609046, with principal office and management address: Sofia 1680, 23B Yastrebets St., and is a personal data controller under the provisions of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) Regulation, and of the Personal Data Protection Act.

 

How to contact us?

Mailing address: Sofia 1680, 23B Yastrebets St.

Contact details of the personal data protection officer of Toplofikatsia Sofia EAD:

Galya Trencheva, Data Protection Officer

Email: dpo@toplo.bg.

Used solely for questions about the processing of your personal data by Toplofikatsia Sofia EAD in its capacity as personal data controller, as well as for exercising your rights under Articles 15-22 of Regulation (EU) 2016/679, subject to the provisions of the Electronic Document and Electronic Authentication Services Act, the e-Government Act and the Electronic Identification Act.

Upon submission of a request on the grounds of Articles 15-22 of Regulation (EU) 2016/679 to email dpo@toplo.bg an automatic response is generated that confirms the receipt of such request and informs the data subject that the request will be considered if it meets the requirements in the Personal Data Protection Act and is sent in accordance with the Electronic Document and Electronic Authentication Services Act, the e-Government Act and the Electronic Identification Act. After receiving your request, which meets the legal requirements, you will receive additional information about the registration number of the request from the personal data protection officer on your email. In this case, the date of application is considered the date of receipt of the application by e-mail within the working hours of Toplofikatsia Sofia EAD.

Actions on consideration of the request in substance are taken only if the submitted request meets the requirements of Article 37b and Article 37c of the Personal Data Protection Act.

For any other question of a general nature concerning the activities of Toplofikatsia Sofia EAD, PLEASE use the email address for customer service: info@toplo.bg.

 

What is the Privacy Policy

This Privacy Policy aims to give you comprehensive information in a clear and accessible language about the processing of the personal data you provide to Toplofikatsia Sofia EAD, including:

-          What personal data do we collect about you?

-          What is the purpose of their collection?

-          For what period do we store your personal data?

-          Whom can we disclose your personal data to?

-          What are your rights regarding your personal data?

-          How do we notify you about changes of our Privacy Policy?

-          What types of cookies do we use for better experience on our website?

With this Privacy Policy Toplofikatsia Sofia EAD declares that it implements all technical and organizational measures to protect the personal data of natural persons/data subjects, which are prescribed by law or other normative act at the national and European level.

 

What is personal data?

Personal data means any information relating to an identified or identifiable natural person (“data subject”) who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Toplofikatsia Sofia EAD processes your personal data in lawful, fair and transparent manner. Where processing of personal data is not grounded on law or contractual relations, the data subject must have given previous consent to the processing of his or her personal data for one or more specific purposes. Processing is lawful where it is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.

 

What personal data does Toplofikatsia Sofia EAD collect about you?

To provide you with effective access to our products/services Toplofikatsia Sofia EAD collects the following information about you:

-          Name, surname, telephone, e-mail, settlement, address, bank account details, customer number, etc. when filling in the various forms on our web page;

-          Last four digits of PIN or UIC, Installation number, Contract account number - when registering in My Portal;

-          Technical data that is automatically sent to us when you use the site;

-          IP address, information about the device from which you are visiting the site;

-          Cookies to identify your browser or device, etc.

 

What are the grounds on which Toplofikatsia Sofia EAD processes your personal data?

The processing of personal data includes the collection, storage, transmission, rectification, updating, deletion, destruction and any other action performed with your personal data.

Toplofikatsia Sofia EAD collects your personal data to fulfil its contractual obligations under contracts concluded with you for the provision of services, i.e. on the grounds of a contract.

Toplofikatsia Sofia EAD collects personal data after receiving from you an explicit, clear, free and unambiguous consent about the purposes of processing. E.g., for marketing purposes and receiving advertising newsletters.

Each person provides personal data voluntarily, and such data are collected by Toplofikatsia Sofia EAD in fulfilment of a legal obligation, in connection with the conclusion of a contract and/or the fulfilment of the obligations under a concluded contract under the provisions of the Energy Act, the Condominiums Management Act, the Public Procurements Act, the Commercial Act, the Obligations and Contracts Act, the Value Added Tax Act, etc., and the Terms and Conditions specified in the contract with the respective customer by means of: paper - written documents (including powers of attorney, contracts, lien notices, bank information, etc.); by e-mail - provided in connection with the execution of the contract and/or by filling out a registration form.

Toplofikatsia Sofia EAD also processes personal data in fulfilment of its legal obligations, as well as if necessary to protect the life and health of the natural person to whom the data refer.

Toplofikatsia Sofia EAD may also process personal data if there are legal (legitimate) interests, unless the interests of the natural person to whom the data refer override these interests.

 

For what purposes do we collect your personal data?

Your personal data will be used to enable us to fulfil our obligations to you and to help you to exercise your rights, including but not limited to:

-          To provide you the services/products offered by Toplofikatsia Sofia EAD;

-          To provide access to our website by showing you content that is relevant, customized and limited to your criteria;

-          To respond to your inquiries, opinions and recommendations;

-          To send you information about our special campaigns and new products and services.

Moreover, we have a legitimate interest to collect your personal data, since we cannot provide the service/product you are interested in without such data. Also for the fulfilment of legal obligations and the protection of legitimate interests, unless the interests of the natural person override these interests.

 

How do we process your personal data?

To provide products and services Toplofikatsia Sofia EAD processes your personal data related to the physical, economic, social and family identity in the following ways:

-          you fill out forms and declarations provided to you by employees of Toplofikatsia Sofia EAD. Forms are available and filled out at our offices when you request the provision of services;

-          by visiting the web portal to use the services on our web page;

-          when updating data at your request and filling out a paper or electronic update form.

 

How long is your data kept and processed before we destroy it?

The terms for keeping personal data depend on the grounds for personal data processing.

Personal data are kept until the termination of the legal grounds for their processing under Article 6 of Regulation (EU) 679/2016. The keeping terms are in line with the Bulgarian law, as well as the Nomenclature of the cases with keeping terms at Toplofikatsia Sofia EAD, which is maintained under the National Archive Fund Act. Data are not stored longer than necessary.

According to the principles promulgated in Regulation (EU) 2016/679 and, in particular, Article 5(1)(b)(e) personal data may be lawfully retained in a form allowing identification of the data subject for a period that is not longer than is necessary (principle of limitation of the storing).

 

Whom can we disclose your personal data to?

Toplofikatsia Sofia EAD undertakes to not provide your personal data to third parties without your explicit consent, unless where necessary to fulfil contractual obligations towards you.

In fulfilling its existing contractual and/or pre-contractual obligations towards you Toplofikatsia Sofia EAD may disclose your personal data to the following persons:

-          Companies providing courier services;

-          Share distribution companies;

-          Collector companies;

-          The company maintaining the call centre.

Disclosure of your personal data is possible only in cases where the information is requested by state authorities or officials authorized by law to request and collect information containing personal data, and in compliance with the legal procedure.

Toplofikatsia Sofia EAD does not transfer your personal data to third countries (outside the European Union) or international organizations.

 

Are there other cases where we may disclose your personal data?

Your personal data is disclosed to third parties also in the following cases:

-          At the request of the natural person who has provided the data and is the data subject;

-          At the request of competent authorities under the current law of the Republic of Bulgaria and the European Union.

In all such cases, the persons to whom we disclose your personal data have declared that they provide an adequate level of protection of your personal data, including the foreign companies operating in the European Union and the European Economic Area.

 

What are your rights regarding your personal data?

According to Article 15 – Article 22 of Regulation (EU) 2016/679 regarding the protection of personal data, you may exercise the following rights:

-          Right to access to your personal data processed by Toplofikatsia Sofia EAD  and to have a copy of them;

-          Right to request that Toplofikatsia Sofia EAD rectified your personal data if you find inaccuracies or the need to update;

-          Right to deletion (“right to be forgotten”) of personal data that is processed unlawfully or on terminated legal grounds (expired keeping term, withdrawn consent, fulfilled initial purpose for which they were collected, etc.);

-          Right to request restriction of the processing of the personal data in the cases specified by the Regulation and by law:

-          Right to object – at any time and on grounds relating to the particular situation of the individual provided that there are no compelling legal grounds for the processing that take precedence over your interests, rights and freedoms, or during a legal case;

-          Right of portability of your personal data in a structured, commonly used and machine-readable form;

-          The right to lodge a complaint for the protection of your rights with the competent authority for the protection of personal data, that is, the Commission for Personal Data Protection of the Republic of Bulgaria, if there are prerequisites for this.

You may exercise any of your rights at any time during the processing of your personal data.

 

What does each of the above rights mean?

Right to access to personal data

This right allows you to obtain confirmation as to whether your personal data is being processed, the purposes of the processing of the personal data, the recipients or categories of recipients to whom the data may be disclosed, in particular the recipients in third countries or international organizations, as well as the right to request from Toplofikatsia Sofia EAD correction or deletion of personal data or limitation of the processing of personal data.

Data are not provided when the natural person to whom they refer already has them or where the law explicitly prohibits their provision.

Right to rectification, erasure (“right to be forgotten”), restriction of processing

Right at any time to request from Toplofikatsia Sofia EAD to rectify, delete or restrict the processing of your personal data that is not compliant with the requirements of the Regulation or of the Personal Data Protection Act.

Right to object

As a data subject, you have the right at any time and on grounds related to a specific situation to object to the processing of your personal data. Toplofikatsia Sofia EAD terminates the processing of personal data unless he can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing. Where you object to processing for direct marketing purposes, the processing of your personal data for such purposes is terminated.

Right of portability

Where the processing of personal data is carried out by automated means, you are allowed to receive personal data concerning you, which you have provided to the controller, in a structured, commonly used, machine-readable and interoperable format, and to transmit it to another controller.

That right should apply where the data subject provided the personal data on the basis of his or her consent or the processing is necessary for the performance of a contract. It should not apply where processing is based on a legal ground other than consent or contract. By its very nature, that right should not be exercised against controllers processing personal data in the exercise of their public duties. It should therefore not apply where the processing of the personal data is necessary for compliance with a legal obligation to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of an official authority vested in the controller. The data subject's right to transmit or receive personal data concerning him or her does not create an obligation for the controllers to adopt or maintain processing systems which are technically compatible. Where, in a certain set of personal data, more than one data subject is concerned, the right to receive the personal data should be without prejudice to the rights and freedoms of other data subjects in accordance with this Regulation.

The rights under Article 15-22 of the Regulation may be exercised personally or by a person explicitly authorized by you by submitting a written request. The request must include:

1. name, address, Personal Identification Number or personal number of a foreigner or other similar identifier, or other identification data of the natural person determined by the personal data controller in connection with the performed activity;

2. description of the request;

3. preferred form of obtaining information when exercising the rights under Articles 15-22 of Regulation (EU) 2016/679;

4. signature, date of submission of the request and address for correspondence.

The Personal Data Protection Act does not require notarization of the power of attorney to exercise the rights under Regulation (EU) 2016/679.

Requests are submitted on paper at the Administrative Service Centre of Toplofikatsia Sofia EAD at: 1680 Sofia, 23B Yastrebets St. (download it here in pdf format) or electronically (the request must be signed with a qualified electronic signature). The sample form for requesting the exercise of rights is only indicative. The rights may be exercised by the data subject also through a written request in free text, which contains sufficient and accurate information in compliance with the requirements specified in Regulation (EU) 2016/679 and the Personal Data Protection Act.

To facilitate the exercise of your rights under Articles 15-22 of Regulation (EU) 2016/679 Toplofikatsia Sofia EAD provides you with paper requests in each of our customer service centres.

Right to approach the Personal Data Protection Commission

If your rights are violated, you may approach the Personal Data Protection Commission within 6 (six) months of becoming aware of the violation, but no later than 2 (two) years after the violation. If your rights are violated, you may appeal actions and acts of the personal data controller in court or before the Supreme Administrative Court. The court cannot be approached if there is a pending proceeding before the Commission for the same violation or if the Personal Data Protection Commission has ruled on the same violation with an effective court ruling.

Contacts of the Personal Data Protection Commission: Sofia 1592, 2 Professor 2 Professor Tsvetan Lazarov Blvd., email: kzld@cpdp.bg, website: www.cpdp.bg .

 

At Toplofikatsia Sofia EAD, video surveillance is carried out for security purposes. The video recordings from the video surveillance cameras contain video images of the movement of employees and visitors around the approaches to the buildings of Toplofikatsia Sofia EAD, and in the common and security areas. Data is stored for 2 (two) months under the Private Security Act. Certain employees have access to the data within the scope of their official duties. The collected data is provided to third parties only in cases where this is provided by law, for example to public authorities, in view of their powers and competence. Toplofikatsia Sofia EAD provides appropriate technical and organizational measures to protect your personal data.

 

The processing of personal data of visitors to Toplofikatsia Sofia EAD is carried out by employees managing the access. The purpose of collecting personal data is identification of natural persons visiting the building of Toplofikatsia Sofia EAD and access control.  Certain employees have access to the data within the scope of their official duties. The collected data is provided to third parties only in cases where this is provided by law, for example to public authorities, in view of their powers and competence. Toplofikatsia Sofia EAD provides appropriate technical and organizational measures to protect your personal data.

 

Toplofikatsia Sofia EAD records telephone conversations (incoming and outgoing) with call centres and lines (telephone numbers) intended for customer service. The recording of telephone conversations and the storage and processing of audio recordings (together with the personal data disclosed within the conversations) is carried out for the purposes of protecting the rights and the legitimate interests of the company. Toplofikatsia Sofia EAD stores the records for a certain period, after which the earliest data are deleted automatically depending on the system settings. If you do not want the phone calls to be recorded, please let us know.

 

Changes of Security Policies - (the Privacy Notice)

We declare that we will notify you about any changes of these Privacy Policies through the company's website.

 

This Privacy Policy may be updated and supplemented without notice due to updates of laws or changes of our personal data processing policy. The new update comes into force from the date of the last change specified in the upper left part of the Privacy Policy. The use of the website after the update is released means that you agree to the changes.

 

            Cookies Policy

GENERAL PROVISIONS

Cookies are small text files that are saved on your computer when you visit our website. If you access this website later, your browser sends back the contents of the cookies and thus allows the re-identification of the terminal device. Reading cookies allows us to design our website optimally for you and facilitates you in its use.

 

DISABLE AND DELETE COOKIES

Your browser allows you to delete all cookies at any time.

 

REQUIRED COOKIES

We require certain cookies to securely provide our services through our website. This category includes:

•         Cookies that identify or authenticate our users;

•         Cookies that temporarily store certain user data (e.g. content of an online form);

•         Cookies that store certain user preferences (e.g. search settings or language settings);

•         Cookies that store data to allow uninterrupted playback of video or audio content.

 

ANALYTICAL COOKIES

We use analytical cookies to record user behaviour (e.g. clicks on banner ads and entered search queries) and to statistically evaluate such actions.

 

ANALYSIS OF THE WEB SPACE

We need statistical information about the use of our website to make it more accessible, to measure reach and to do market research.  For this purpose we use the web analysis tool GOOGLE ANALYTICS. User profiles created by such tools using analytical cookies or by evaluating log files do not contain personal data.

You may object to the collection and processing of your data by downloading and installing a browser plug-in from the following link: http://tools.google.com/dlpage/gaoptout?hl=en

 

THIRD PARTY COOKIES

The website may contain links to other sites or embedded content from third parties (e.g. Facebook, YouTube, etc.).  When you visit such other sites or when you open pages in which third-party content is embedded, there is a possibility that third-party cookies will be placed on your terminal device.

TOPLOFIKATSIA has no control over the generation and management of third-party cookies. For more information about the purpose of using third-party cookies and their content, please find and read the Privacy and Cookies Policies adopted by the relevant third parties.

Most generally available browsing programs (browsers) by default allow the placement of cookies on the terminal device. If you prefer, you may change the settings of your browser to delete the existing cookies or to block automatically the placement of cookies (including third-party cookies). Please note that if you choose to delete or block cookies, this may affect the accessibility or functionality of the website.

More information about cookies, including the options for their management, can be found at: http://www.allaboutcookies.org/manage-cookies.

By visiting our website and portal, you agree to the use of cookies in accordance with the terms and conditions of this Privacy and Personal Data Protection Policy.

The site is protected with Google reCaptcha. You can read their Privacy Notice and Terms and Conditions.