NeedUs

Data protection notice

Version 1/2020

Data Controller

www.neeedus.eu  – “the website” is owned and operated by NeedUs EOOD as a data controller for the data it collects for its visitors. Our company details are:

  • VAT №BG202029351
  • address: 44 Velcho Atanasov Str., 1505 Sofia, Bulgaria
  • e-mail: info@needus.eu
Contact person for Privacy Matters (Not a DPO)

Mrs. Tsvetina Lungarova, CIPP/E
send an e-mail message

What personal data do we process with regards to www.needus.eu (this website)?

A) Contact information (only if you send us an e-mail message) and any information you provide us within your message

B) Website statistics:

  • date of your visit to the website
  • IP address from which you visit the website
  • referral from which you get to our website (for example: from LinkedIn; Google; etc.)
  • type of: device, operating system and browser you are using when you visit the website
  • pages of the website that you visit
  • the search words you enter in the search field of the website
Purpose of the processing

Except for enabling you to have access to our website, we process your data for the following purposes:

A) Contact information (only if you send us an e-mail message) and any information you provide us within your message: We would use this data to answer you and we will keep any messages we have received/exchanged with you for archiving purposes.

B) Website statistics: We need this data to improve our services. For example: If we know that it is being visited mostly from mobile devices, we would focus on making its design wore user friendly for mobile devices.

Lawful basis for the processing

Our legitimate interest (Article 6(1)(f) GDPR) to be competitive through improving our services and engaging with our customers.

Data retention

A) Contact information (only if you send us an e-mail message) and any information you provide us within your message: 5 (five) years

B) Website statistics: 1 (one) year

Measures we are taking to protect your privacy

A) Contact information (only if you send us an e-mail message) and any information you provide us within your message:

We are using Microsoft 365 for it’s high information security standards and in addition we have implemented “Strong passwords with complexity requirements” policy. All our employees have been trained on data protection and have committed to confidentiality.

B) Website statistics:

  • Anonymize IP Addresses: This option anonymizes the user IP address. For example, 888.888.888.888 > 888.888.888.000.
  • Hash IP Addresses: We are using a feature that is not storing IP addresses in the website database but instead a unique hash so that we will not be able to recover the IP addresses in the future to recover location information.
  • Access to our website database is password protected, allowed only to trusted users on a “need-to-know-basis” who have been trained on data protection and have committed to confidentiality.

Despite the measures we are taking, it still might be technically possible for your IP address to be recovered by specific tools and access that we do not currently have or intend to get in the future in any way.

International transfers

We store your data only at locations in the EU. However, it is still considered a third country transfer if a service provider of ours is registered or is a subsidiary of a company registered outside of EU or EEA. As we are using Microsoft 365 services and Microsoft Corporation is an American company, if you send us an e-mail it is still considered that we transfer your data to the US despite of the fact that our mailboxes are hosted in the EU.

We share your data with

Vendors that are providing various services to us like:

  • Hosting
  • E-mail
  • Software development
Your rights

You have specific rights when it comes to the processing of your personal data by us under Art. 15–22 of Regulation (EU) 2016/679 (GDPR).

How to exercise your data protection rights at NeedUs EOOD
If you would like to exercise your data protection rights, please send us a written request either by e-mail to our office or to Tsvetina Lungarova, or by post in a sealed envelope. In principle, we cannot accept verbal requests (telephone or face-to-face) as we may not be able to deal with your request immediately without first analyzing it and reliably identifying you. Personal data processed in connection with the processing of individual requests will be used only for the purposes of addressing them.

If you think that we have violated your rights in any way, please let us know or you may file a complaint to Commission for Personal Data Protection (Bulgaria) or any other  supervisory authority in the EU.