Privacy Notice Declaration

„Montessori Bulgaria Ltd. (“Company”, “Administrator”) is aware of the need to apply adequate protection of personal data of data subjects, striving to respect privacy. This Privacy Statement (“Declaration”) is designed to help data subjects understand how and for what purposes the Company processes, uses and protects their personal data.

For the purposes of its activities, the Company processes personal data in strict accordance with Regulation (EU) 2016/679 (“General Data Protection Regulation”, ‘GDPR’), the Personal Data Protection Act and other applicable regulations and the Declaration.

This Declaration provides information on:

DEFINITIONS

Scope of this Declaration

The data that identifies the Administrator and the contact details

Categories of personal data

Data subjects whose personal data are processed

For what purposes is personal data processed

On what legal basis are personal data processed?

Recipients of personal data

The terms for storage of personal data

Rights of data subjects and manner of exercising them

Giving consent and withdrawing consent

Right to appeal to the supervisory authority

Personal data security measures

Definition:

“Personal data” means any information relating to a specific natural person or a natural person who can be directly or indirectly identified.

„Processing” means any operation or set of operations carried out with personal data or a set of personal data by automatic or other means.

„Administrator“ means „Montessori Bulgaria“ LTD, which alone or jointly with others determines the purposes and means for the processing of personal data;

Personal data processor” means a physical or legal person, public authority, agency or any other body which processes personal data on behalf of the controller;

„Recipient“means a natural or legal person, public authority, agency or any other body to which personal data are disclosed, whether a third party or not;

„Customer“means an individual who is a user of the Website and uses the services of the Administrator

Data Subject “means a user of the Website whose personal data is processed by the Administrator;

„Web site“means the web page – LiveDiscovery.io 

Scope of the declaration

This Privacy Statement applies to the relationship between Montessori Bulgaria Ltd. on the one hand and the users of the Website on the other. The declaration aims to inform data subjects about their rights in accordance with Art. 12 et seq. of Regulation (EU) 2016/679.

The data that identifies the Administrator and the contact details

The administrator of the personal data is Montessori Bulgaria OOD with UIC 203785558, with address: Sofia, Vitosha district, residential complex Dragalevtsi, 14 Paprat Str., E-mail: hello@livediscovery.io, tel. +359 885 500 105.

Categories of personal data

The Administrator collects the following categories of personal data directly from the data subjects:

  • When Customer Registers:

The registration on the Website is done for the user to have access to the services offered by the Administrator and to use them. When a data subject registers on the Website, he provides the Administrator with the following categories of personal data: name and surname, e-mail, password.

  • When you request or pay for a service:

Each registered User can request a service and pay for it through the available financial instruments on the Website. When ordering and paying for a service selected by the User, the Administrator processes the following categories of personal data, namely: names and e-mail. The personal data that each user fills in the PayPal application form is processed solely by PayPal. The company receives only confirmation from PayPal for the payment of the requested service, without transmitting personal data from the application form.

  • When you request a gift card:

A User may request and purchase through the Website a gift card for the use of the Company’s services. When making the request, the user provides: names, e-mail and message.

  • Legal Interest:

In case of legal disputes, the Administrator may process the following categories of personal data of data subjects, namely: names, e-mail and other data related to the legal dispute.

When personal data are provided by the data subject to the Personal Data Administrator without legal grounds under Art. 6, paragraph 1 of Regulation (EU) 2016/679 or in contradiction with the principles under Art. 5 of the same regulation, within one month from learning the School returns them, and if this is impossible or requires a disproportionate effort, deletes or destroys them. Deletion and destruction shall be documented.

Data subjects whose personal data are processed

The Administrator processes personal data of the following categories of data subjects:

· Users of the Website.

· AMI Montessori teachers.

What are the personal data stored for?

The company processes personal data for the following purposes:

· For the purposes of purchasing and using a service;

· For the provision of training videos;

· To protect the legitimate interests of the Administrator, including administrative activities such as: legal services and information services.

On what legal basis are personal data processed?

  • The company processes personal data of data subjects on the basis of the following legal grounds:
  • · The processing is necessary for the performance of a contract to which the data subject is a party or for taking steps at the request of the data subject before the conclusion of a contract;
  • · Processing is necessary to comply with a legal obligation that applies to the Administrator. Such an obligation may be upon an explicit request for provision of information by law enforcement bodies such as the Ministry of Interior, the State Agency for National Security, the Ministry of Education and Science, the Prosecutor’s Office and others; The processing is necessary for the purposes of the legitimate interests of the Administrator or of a third party, except when such interests take precedence over the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data.;
  • The data subject has consented to the processing of his or her personal data for one or more specific purposes;

Recipients of personal data:

The school may share personal data of data subjects with the following categories of recipients:

  • State institutions and bodies with authoritative powers, when by law the Administrator is obliged to provide personal data – the Ministry of Interior, the State Agency for National Security, the Ministry of Education and Science, the Prosecutor’s Office and others;
  • · Trading partners who serve the Administrator, in their capacity as processors of personal data, for the maintenance of information security and provision of services related to the website, information systems for training activities, law firms, accounting offices and others;
  • · Employees of the Administrator who process personal data in accordance with the assigned official / labor functions according to job description and employment contract.

The Website includes hyperlinks to third party websites. Clicking on these links does not provide personal data from the Website to the websites of these third parties. When the data subject leaves the Website, he or she should carefully read the privacy statement for each website he or she visits.

The Company shall put in place appropriate technical and organizational safeguards to ensure the rights and freedoms of data subjects in accordance with the principle of “integrity and confidentiality”. In particular, the controller shall select appropriate recipients who have taken the necessary guarantees to protect the personal data provided to them and, in view of the risks involved, to ensure the appropriate level of security, including where appropriate.

· Pseudonymization and encryption of personal data;

· Ability to ensure constant confidentiality, integrity, availability and sustainability of processing systems and services;

· Ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

· A process of regular testing, evaluation, and more evaluation of the effectiveness of technical and organizational measures in order to ensure the security of processing.

The Administrator may provide personal data in countries outside the European Union. The provision of personal data in this case may be made in compliance with the requirements of Chapter V of Regulation (EU) 2016/679 and the applicable international agreements between the European Union and third countries.

Terms for storage of personal data

„ Montessori Bulgaria Ltd. stores personal data in accordance with the principle of “storage restriction”. For the above purposes, the Company will store:

· Personal data contained in accounting documents are stored for the terms specified in the Accounting Act, the Tax-Insurance Procedure Code and other normative acts;

· Personal data in connection with the request for a service are stored in accordance with the 5-year statute of limitations;

Rights of data subjects and manner of exercising them

The data subjects, whose personal data are processed by the Administrator, have:

· Right to access personal data, including to receive a copy of them;

· Right to correct;

· Right to be deleted (“right to be forgotten”);

· Right to limit processing;

· Right to data portability;

· Right to object to the processing.

The above rights can be exercised by sending an application in electronic form to hello@livediscovery.io, signed with a qualified electronic signature. It is also possible to submit a written application on the spot in the office of the Kindergarten at the address: Republic of Bulgaria, Sofia, Vitosha district, residential complex Dragalevtsi, 14 Paprat Street 

Giving consent and withdrawing consent

The Company may request the consent of the data subjects as a lawful basis for processing personal data for one or more purposes. Some of these purposes, for example, may be to receive a newsletter or emails with news about the activities of the Administrator, or others. In these cases, the Company will request the consent of the data subject in order to have a legal basis to process his personal data, for which it will notify him in a timely manner in an appropriate manner. Personal data may include more categories than those listed above, with the consent explicitly specifying the categories of personal data required for processing for the respective purpose.

Consent must be a freely expressed, specific, informed, and unambiguous indication of the will of the data subject. Consent may be withdrawn at any time in the manner described above for the exercise of rights by data subjects.

Right to appeal to the supervisory authority

In accordance with the General Regulation on Data Protection and the Personal Data Protection Act, data subjects have the right to file a complaint to the Commission for Personal Data Protection at the address: Republic of Bulgaria, Sofia,  2 Prof. Tsvetan Lazarov”.

Personal data security measures

The Administrator shall take the necessary measures for the security of personal data. All documents

on paper, containing personal data, are stored in locked cabinets in the office of the Company, and only authorized persons have access to them. Data in electronic form are stored in compliance with the requirements for information security and restriction of access.

 

Sofia, Approved: ____________________________________

Date: 1.10.2020г.                 /Anna-Mariya Yotsova – Manager/

Menu