Privacy Policy and Personal Data Protection

Privacy Policy and Personal Data Protection

This Privacy Policy has been prepared and is based on the Bulgarian legislation in force on personal data protection and Regulation (EU) 2016/679 of the European Parliament and of the Council from April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation).

Information about us:

BIC Capital Market EOOD (BIC and/or Administrator) is a company registered in the Registry Agency, Commercial Register under Unified Identification Code (BULSTAT): 831927223, with main office and management address: Sofia 1527, 76 Chataldzha Str, tel: 02/980 10 90; fax: 02/981 45 67; e-mail:

What are personal data and their processing?

Under the General Data Protection Regulation:

"Personal data" means any information relating to an identified individual or an individual that can be identified, directly or indirectly, by an identifier such as name, identification number, location data, online identifier or one or more signs specific to the physical, physiological, genetic, psychic, mental, economic, cultural or social identity of that individual.

"Processing" is any operation or set of operations performed with personal data or a set of personal data by automatic or other means such as collecting, recording, organizing, structuring, storing, adapting or modifying, retrieving, consulting, using, disclosing by transmission, distribution, or other means by which data becomes available, arranged or combined, restricted, deleted or destroyed.

What data is processed by BIC Capital Market Ltd.

1. Provided by the customers/users of the Bulgarian Enterprise Information System (BEIS) ( data needed for:

a) identification and execution of subscriptions and queries:

  • names, telephone and/or e-mail, country, address/address for sending an invoice;
  • data collected on payment made to BEIS in the manner specified in the Terms and Conditions at;
  • client profile data to access as a username, query history/subscription;
  • access passwords;
  • data necessary for the production of the invoices and proof of their reliability;
  • information on payment method, made and due payments;
  • IP address when visiting the website.

b) identification and implementation of free limited access to BEIS:

  • names;
  • company, country, telephone, fax, e-mail;
  • access password.

2. Depending on the specific purposes and grounds, BIC also processes public data that is not provided by the subject(s), to which they relate, such as:

  • names of owners, managers and representatives of Bulgarian private and state-owned enterprises, institutions and organizations;
  • capital and shareholding;
  • news and messages related to these subjects.

They are collected through the media and from official public sources of information about traders, associations and foundations, entered in the Commercial Register and the register of non-profit legal entities and subjects of the BULSTAT register.

3. Provided by subscribers of BIC electronic newsletters:

  • names;
  • e-mail.

4. In connection with organizing and conducting basic qualification REFA trainings:

  • names, date of birth, place of birth of course participants;
  • place of work.

Personal data processing purposes:

1. Processing the data that is required for a subscription or execution of a client request.

BIC processes data for the following purposes:

  • Create an account and identify a customer when: signing a BEIS subscription, executing inquiries in BEIS,
  • Providing information on service and subscription explanations, payment of the service;
  • Providing access to BEIS;
  • Updating of personal data or customer service information for data correction/modification of data/services;
  • Check subscription usage on request to protect BEIS customers from fraud and abuse by third parties;
  • Sending a courier shipment with an original invoice for a payment;
  • Technical assistance for creating an account(s) and recovering forgotten passwords to access the BEIS website;
  • Payment of subscription fees and inquiries.

2. Processing of the data of the subscribers of the electronic publications of BIC in order to send the newsletters.

3. When organizing and conducting qualified REFA trainings for the following purposes:

  • Identify the participant;
  • Tax payment;
  • Send a courier shipment with an original invoice for the payment.

4. In fulfillment of legal obligations, BIC processes the data of a client for the following purposes:

  • Issuing of invoices and financial accounting;
  • To carry out tax-insurance control by the respective competent authorities;
  • Implementation of the statutory requirements of the tax legislation: Accountancy Act, Value Added Tax Act, Tax Code, etc.

Categories of third parties accessing and processing personal data:

  • Transport/courier companies in order to fulfill our contractual obligations to deliver contracts and invoices in paper form;
  • Banks, servicing payments made by customers;
  • Competent authorities, which, by virtue of a statutory acts, have the power to request from BIC the provision of information, including personal data: a Bulgarian court or a court of another country, different supervisory/regulatory bodies - the Commission for the Protection of Personal Data, protection of national security and public order.

Term for storing personal data

The duration of the storage of personal data depends on the processing purposes for which it was collected:

  • Registration data (such as names, phone, email address) and information on making the registration and agreeing to the Terms and Conditions (date, time, IP address) are kept for the entire maintenance period and up to 1 (one) year of the registration termination.

Upon a request for report from BEIS, these data are stored until completion of the execution.

When registering for free BEIS services, these data are stored until the service is terminated.

  • Personal data of individuals taken from the Commercial Register (CR) are processed for statistical purposes and stored indefinitely. The publicity of the CR follows from the Commercial Register Act and Ordinance No 1 from February 14, 2007 on keeping, storing and accessing the Commercial Register. This publicity is bound by the legislator with the possibility of free access to facts and circumstances in the absence of the consent of the individual.
  • Personal data processed for the purpose of issuing accounting/financial records for tax and social security controls such as invoices and others shall be kept for at least 5 years after the expiry of the limitation period for the repayment of the public claim, unless the applicable law provides for a longer period.

Rights of BIC users/customers in relation to the processing of personal data

  • Right of access: includes: clear, transparent and comprehensible information about what personal data is being processed and information about the purposes and sources of such processing
  • Right of correction and deletion: if the data processed are incomplete or wrong: to correct and delete personal data, news/messages, processing of which does not meet the requirements of the law
  • Right of objection: at any time to be submitted:

(a) objection to the processing of personal data where there is a legitimate ground for doing so where the objection is justified, the person's personal data can no longer be processed.

  • Right of limitation of processing: limiting the processing of customizable data if:

(a) the accuracy of the data shall be contested for the period during which its accuracy must be verified;

(b) the processing of the data is without legal basis, but instead of being erased, limited processing is required;

(c) where the customer needs them to establish, exercise or protect legal claims;

(d) An objection to the processing of the data was filed, pending verification that the reasons for the administrator are legal.

  • Right to hide (limitation of public access): At the request of the representative of a legal entity/enterprise incorporated in BEIS, access to its data from other customers and users of the system may be restricted.
  • Right to data portability: the user obtains the personal data he has provided and which relates to him/her in a structured, popular format adapted for machine reading, and to use this data for another administrator at his/her discretion.
  • Automated making of individual solutions, including profiling: means that the user is not the subject of a decision based solely on automated processing involving profiling that produces legal consequences unless the applicable data protection legislation grounds for doing so and providing appropriate safeguards to protect your rights, freedoms and legitimate interests. When providing services, BIC does not use technologies that fall into this category.
  • Right to notify third parties. If applicable, request to BIC to notify third parties when it has provided your data with respect to the correction, deletion or limitation of the processing of personal data, except where this is impracticable or relates to excessive effort.
  • Right of withdrawal: At any time to withdraw consent to processing of personal data, based on user consent. Such withdrawal shall not affect the lawfulness of the processing on the basis of the consent given until the withdrawal.
  • Right of appeal: in the case of breaches of the processing of personal data and of the applicable legislation by e-mail: or to the Commission for Personal Data Protection: address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

Applications for the exercise of the stated rights of BIC users/customers in connection with the processing of personal data are filed in person or by an explicit authorized person through a power of attorney. An application may also be made electronically. The adjudication on the request is within 14 days of its submission. If a longer period is objectively necessary - in order to collect all the requested data and this seriously impedes the activity of BIC, this period may be extended to 30 days.

Using cookies

Purpose and use of cookies

BIC installs cookies only to allow the use or enhancement of functionalities and user navigation. In any case, BIC does not use cookies to collect, process, distribute or register personal information.

What does the user has to do if he/she does not want cookies installed on his computer?

Some people find that having a place to store information on a computer or mobile device is somewhat interfering, especially when this information is stored and used by unknown third parties. Blocking some or all cookies or removing cookies already placed on the user's device may result in some functionality being lost. This is done by changing the privacy settings of the browser it uses. Some third-party operators have developed tools to deactivate the collection and use of data from their modules.

The BIC site uses the following cookies:

PHP Session ID: This cookie is used to store navigation information.

language: This cookie is used to store the active language to properly redirect each page request.

The following cookies for Google are used on the BIC site:

__utma: This cookie lets you determine how many times a visitor came to the BIC site

__utmb: This cookie is used to know the duration of the site visit

__utmc: This cookie is used to know the duration of the site visit. Its term expires at the end of the session.

__utmz: This cookie lets you determine where the user came from on the site.

An additional module allows disabling Google Analytics (the page may not be available in the user's language).

This Policy is located at:

BIC reserves the right at any time to amend and/or supplement this Policy. Changes take effect as soon as they are posted to the site. The policy can be updated at any time without specific notification to BEIS users.

BIC is not responsible if a user does not know this policy.

Sofia, May 2018
BIC Capital Market Ltd.