Privacy & Cookie Policy

1. General Statement
“Premium WP Support” Ltd. (“We”, “Our”, “Us”) understand and value your privacy. This Privacy & Cookies Policy (“Policy”) contains important information as to the purposes and the methods We use to collect and process personal data when providing our services. For more information about Our services please visit:  https://saasbpm.com/ (“Website”)

2. Definitions

Personal Data: Any information that relates to an identified or identifiable living individual. Different pieces of information, which when collected together, can lead to the identification of a particular person, also constitute personal data.

Client – legal or physical entity that has signed up for Our Services on a subscription-basis or for a free trial period.

Client Data – any information provided by the Client during the use of our Services, related to the Client’s activities, including but not limited to: documents, procedures, technical information, and other materials, which may include Personal Data of employees, contractors, agents, partners, clients of the Client and other individuals. Client Data is exclusive property of the Client, who acts as Data Controller for Client Data and is solely responsible with regards to the processing of such Client Data.

User (“You”, “Your”) – any individual, who accesses and uses Our Services, resources and materials, available on Our Website. 

Services – Our services include, but are not limited, to Our software products and services, maintenance, technical support, and professional services available at or through the Website. 

Data Controller – the natural or legal person, which, alone or jointly with others, determines the purposes and means of the processing of Personal Data;  

Data Processor – a natural or legal person, which processes personal data on behalf of the Data Controller;

Third party processor – an independent third party service provider to whom Personal Data may be disclosed in order to provide parts of the Services.

Cookies – Small files stored on your device (computer or mobile device).

3. Applicable Data Protection Law

This Policy applies to the processing of Personal Data and Client Data of data subjects, located in the EEA or the UK and is in accordance with both the Bulgarian Personal Data Protection Act and the General Data Protection Regulation 2016/679 (“European Data Protection Law”).

Non-European Data Protection Law may also apply to the processing of Personal Data and/or Client Data of data subjects, located outside the EEA or the UK.

Please note that this Policy will apply irrespective of whether European Data Protection Law or Non-European Data Protection Law applies to the processing of Personal Data and/or Client Data.

4. Who are We? 

“Premium WP Support” Ltd. is a company organized and existing under the laws of Bulgaria, with UIC 205888763 and its seat and registered address located at 73 “Cherni vrah” Blvd., floor 3, 1407 Sofia, Bulgaria. 

We may act as either Data Controller or a Data Processor, depending on the context in which You provide Personal Data:

• When a Client uses our Services to store, manage, analyze, organize, utilize, transmit or deal in any other way with Client Data, We will be processing such Client Data on behalf of and under the directions of the Client, who is the Data Controller. Our relationship with the Client is regulated by this Policy and a separate Data Processing Agreement. 
• When a User accesses, browses or uses in any way Our Website or social media platforms, or when a User subscribes to Our Services, We will be collecting and processing their Personal Data as a Data Controller.

If We are processing Your Personal Data only as a Data Processor, You should contact the Data Controller first, should You like to address Your rights with respect to such data. 

Please note that irrespective of whether We manage Your Personal Data as a Data Controller or Data Processor, We are committed to protecting Your Personal Data and will take all necessary measures to secure it from any unauthorized access, use or disclosure.

5. How do We use Personal Data?

5.1. As a Data Controller

You understand that in order for Us to provide You with and improve our Services, We need access to Your Personal Data. In the table below, You can read more about the different categories of Personal Data We collect, the purposes for which We collect it, the legal basis, as well as the time period for which We store and process it:

Purpose	Personal Data	Legal basis	Retention Perod
We process Your Personal Data in order to provide You with information through the functionalities of our Website, including, but not limited to:to notify You about changes to Our Policy and other terms You have agreed to;for research and development purposes.	Name;Email address;Other information.	Necessary for Our legitimate interests – the improvement and provision of our Services.	As long as necessary for the purpose.
We process your Personal Data to provide You with offers, surveys, newsletters or other marketing.	Name;Email address;	Your consent.	Until consent is withdrawn.
We process Personal Data when providing You with customer support (if requested).	Name;Email address.	Necessary for Our legitimate interests – the improvement and provision of our Services.	As long as necessary for the purpose.
We process Personal Data when You:purchase a subscription for Our Services;subscribe to Services for a free trial;make subscription or any other payments.This may involve payment by credit card, debit card and/or third-party online payment services.	We collect information related to the transaction such as:Name;Email;Payment details.	Necessary for the performance of a contract with You.	As long as necessary for the purpose.
To personalize Your experience and to allow Us to deliver the type of content, You are most interested in.	Name;Email address;IP address;Cookie data;Traffic data;Geo-location;Device information;	Your consent.	Until consent is withdrawn.

We will use Your Personal Data only for the purposes outlined above, unless We reasonably believe that We need to use it for another purpose, in which case:

• We will make sure that the new purpose is compatible with the original purpose; and
• We will notify You and get Your consent first.

We may also need access to Your Personal Data so as to comply with Our legal or contractual obligations. We will not be able to deliver Our Services to You if You do not provide Us with the requisite information.

If, while using Our Website or Services, You voluntarily provide Us with data that we did not explicitly ask for, this data will also be treated as Personal Data. Such Personal Data will be protected by Us and the principles of minimization and limitation will also apply.

We may be legally obliged to store certain categories of Personal Data for a specific period of time pursuant to the applicable legislation.

5.2. As a Data Processor

When acting as a Data Processor with regards to Client Data, the Client is solely responsible for the processing of such Client Data in his capacity as Data Controller. As such, the Client remains fully liable before data protection authorities and data subjects for the processing of Client Data.

When providing Services to Our Clients, we enter into Data Processing Agreements, which ensure that:

• We will be processing Client Data in accordance with the Client’s instructions and only to the extent strictly necessary to perform Our obligations under Our legal agreement with the Client; 
• The Client has agreed that its instructions and actions with respect to Client Data have been authorized by the relevant data subjects and are compliant with both European and Non-European Data Protection Laws;
• The Client, as a Data Controller, has obtained the consent and has been authorized by the data subjects to appoint Us as its Data Processor;
• We, as a Data Processor, have undertaken reasonable steps to ensure that Our employees, subcontractors, agents or consultants are bound by confidentiality obligations with respect to Client Data;
• We, as a Data Processor, have implemented and operate adequate technical and organizational measures to protect Client Data;
• We, as a Data Processor, will support the Client with respect to its compliance with European and Non-European Data Protection Laws (unless our legal obligations prevent Us from doing so).

6. How do We protect Personal Data?

Protecting Personal Data is Our priority. We take all necessary technical and organizational security measures to protect Personal Data from accidental or illegal destruction, accidental loss, unauthorized access, amendment or distribution, as well as from other illegal forms. Our security measures include:

• SSL Encryption;
• Internal practices related to data collection, storage, and processing have been put in place;
• We restrict access to Personal Data and share it with employees, contractors and/or agents only on a need-to-know basis and after they have consented in writing to strict contractual confidentiality obligations.

7. Where do We transfer, store, and process Personal Data?

7.1. As a Data Controller

We will not transfer or store Your Personal Data outside the European Economic Area (EEA) or the UK to countries with different data protection laws. To the extent that We transfer and store Your Personal Data to a third country outside the EEA that does not provide an adequate level of protection, We will implement appropriate safeguards to protect such Personal Data.

7.2. As a Data Processor

Client Data is stored with a third-party cloud service provider and its processing is regulated by their privacy policy. It is the responsibility of the Client to ensure that it has a suitable and legally compliant privacy policy in place to cover the transmission, storage, and processing of their Client Data.

Unless We have been instructed by or have received prior written consent by the Data Controller, We will not transfer, access or process any Client Data outside the EEA or the UK.

8. Cookies

Our Website uses Cookies. Cookies do not typically contain any information that personally identifies a User, but Personal Data that We store about You may be linked to the information stored in and obtained from Cookies. 

We use first-party and third-party Cookies. Certain Cookies are required for technical purposes and for the smooth operation of the Website – these are often referred to as “essential” cookies. Other Cookies allow us to track and target our Users’ interests, to enhance the functionalities of our Website, as well as to improve Users’ experience – these Cookies are often referred to as “performance and functionality cookies”. We may also use analytics and statistics Cookies to understand how Users interact with the Website. Occasionally, We may run marketing campaigns, in which case We will use marketing and advertising Cookies.

8.1 How to delete, deactivate, or block Cookies

Every User has the option to accept or decline the use of Cookies by clicking on one of the available options when accessing the Website for the first time: “I accept the use of cookies”/”I decline the use of cookies”. 

Users always have the option to decline the use of Cookies by changing the settings of their browser. For more information on Cookie settings for a specific browser: 

• Cookie settings in Google Chrome         
• Cookie settings in Firefox    
• Cookie settings in Internet Explorer
• Cookie settings in Safari

You should be informed that declining the use of Cookies may result in disruptions in the functionalities and the Services of the Website. 

9. Disclosure of Personal Data 

9.1. As a Data Controller

Your Personal Data will not be disclosed to third parties, unless: 

• We have your express authorization for this;
• the third parties in question provide support to Us, under an agreement, for the supply of our products or the provision of our Services to You;
• it is required by law or when requested by a public authority;
• when this is necessary to protect the rights, property, and security of Users of the Website or other public interest; or 
• in connection with the sale of a business, our company or its assets, subject to confidentiality obligations.

a) Disclosure of Personal Data to employees, contractors, agents, or consultants

Our employees, contractors, agents, or consultants may have access to Your Personal Data for the purposes of managing the Website and the Services or, upon request, when providing technical and support services. We restrict access to Personal Data and share it with employees, contractors, agents, or consultants only on a need-to-know basis and after they have consented in writing to strict contractual confidentiality obligations.

b) Disclosure of Personal Data to Our partners and third party providers

We may share data that does not identify you personally and/or Personal Data with:

• Оur market partners (media, marketing agencies and other business partners, provided they have accepted to be bound by this Policy) for the purpose of providing You with information about products and services, as well as promotions and offers. We will, however, obtain your consent first;
• Our third-party service providers may include, but are not limited to: Digital Ocean, Cloudways, SMTP2GO, WooCommerce Stripe Gateway, European Commission VIES VAT, Buddy Works.

c) Disclosure for compliance purposes

We may disclose your Personal Data where such disclosure is necessary for:

• compliance with a legal obligation to which We are subject; or
• in order to protect Your vital interests or the vital interests of another natural person. 

We may also disclose Your Personal Data where such disclosure is necessary for the establishment, exercise, or defense of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. In the event of disclosing personal data to a public authority in relation to an investigation or proceedings against a User, We are not obliged to notify the said User of this disclosure.

9.2. As a Data Processor

Without the prior written consent by the Data Controller, We will not subcontract Client Data for processing. Provided such written consent is granted, We will take all necessary measures to ensure that Our Third party processors comply with all European and Non-European Data Protection Laws.

10. Third-party links

The Website contains third-party links. Please note that this Policy is applicable only to Clients and Users of Our Services and/ or the Website. This Policy does not apply to social networks, other websites, platforms, or companies, which We do not own or control. We are not responsible for the content of such third parties or their privacy policies. Please read the privacy policies of such third parties before You provide any Personal Data.

11. Minimal age

We do not collect or process Personal Data of children under the age of 18 without the consent of their parents or legal guardians. We will delete all information provided by or regarding children under the age of 18 if We have not received the consent of their parents or legal guardians for the use of the Website, its Services, and content.

12. Your rights as a Data Subject

If We are processing Your Personal Data only as a Data Processor, please contact the Data Controller first, should You like to address Your rights with respect to such data. 

Under European Data Protection Laws, You are entitled to object, at any time and free of charge, to the processing of Your Personal Data by sending Us a written request to contact@saasbpm.com

You are entitled to receive access upon notification to the Personal Data We store about You in a structured, commonly used and machine-readable format by sending Us a written request to contact@saasbpm.com

You are entitled to request the portability of Your Personal Data to another data controller by sending us a written request to contact@saasbpm.com

If any of the data We have about You is incorrect or inaccurate, You may request its correction by sending Us a written request to contact@saasbpm.com

You are also entitled to request the complete erasure of Your Personal Data by sending Us a written request to  …

You may also request a restriction on the processing of Your Personal Data with regard to specific actions on collection, processing or transferring by sending Us a written request to contact@saasbpm.com

You are also entitled to request that third parties are notified about the rectification, erasure or restriction on the processing of Your data so that these third parties comply with the respective request made by You. 

In addition, You are entitled to file a complaint with the controlling authority which in Bulgaria, is the Commission for personal data protection (CPDP) with address: 1592 Sofia, 2 “Tsvetan Lazarov” Blvd., telephone +359 2 915 3580, fax +359 2 915 3525, e-mail: kzld@cpdp.bg.

13. Data Processing Addendum

If you wish to see our full Data Processing Addendum, please visit: https://saasbpm.com/data-processing-addendum/

14. Questions

If you have any questions or complaints with respect to the processing of Your Personal Data by Us, please contact Us on contact@saasbpm.com

We may amend this Policy from time to time. You can find the most recent version on Our Website. In case You disagree with the changes You should seize using Our Services.

You can download this Policy by clicking here.

Last updated on 01.08.2020