Bcard e-vouchers
BG
viber

Privacy Policy

INFORMATION ON THE PROCESSING OF PERSONAL DATA

(pursuant to Article 13 and Article 14 of Regulation (EU) 2016/679)

BORICA is a personal data controller and processes personal data of customers in accordance with applicable data protection legislation and in compliance with the rights of their holders, in connection with which it provides the information referred to in Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR). The content and scope of the data processed are determined bythe nature of the products and services that BORICA provides to its customers. BORICA is a provider of certification services registered in the trust list maintained by the Communications Regulation Commission.

BORICA is also a licensed provider of a range of payment services. BORICA holds a number of certifications to various international compliance standards, which customers can view on our website (https://www.borica.bg/documents-and-resources/Sertifikati). All this enables us to provide our customers with innovative and high-tech products and solutions for business, ensuring maximum protection of the information and data that customers entrust to us.

DETAILS OF THE DATA CONTROLLER AND CONTACT DETAILS


BORICA AD, EIC 201230426,

registered office and registered address. registered office and registered address. Tsar Boris III № 41

Data Protection Officer: Ivan Lazarov, e-mail: ilazarov@borica.bg

PURPOSE AND GROUNDS OF PROCESSING OF PERSONAL DATA


BORICA processes personal data on the following lawful grounds:

(i). Legal obligation

To complywith ourlegalobligationsto identifythe customer, and tocarryout identification checks, in accordance with Regulation (EU) No 910/2014 on electronic identification and authentication services;theAnti-MoneyLaundering Measures Act; the Payment Services and Payment Systems Act, etc.

(ii). Performance of contractual relations

Proper identification at the conclusion of a contract and during its performance. The processing is carried out to ensure the lawful use of the contracted product or service, including notification of any important changes in their use.

(iii). Legitimate interest

  • to improve products and services in accordance with customer needs and requirements and to improve customer service;
  • to prevent fraud or money laundering in order to protect our business and to comply with laws applicable to us;
  • in video surveillance to gather evidence when criminal situations arise, and to protect customers and employees;
  • for electronic correspondence and telephone records (e.g. alerts, notification of lost qualified electronic signature certificates; provision of information for contact center enquiries);
  • when sending messages about products and services used via SMS notifications that are not related to marketing purposes;
  • in the event of complaints and to satisfy requests, disputes related to the use of certification or payment services.

(iv). Client's consent

Where we process data on the basis of the customer's explicit consent, the processing will be for the purposesand in relation to thedata in the consent given. Anyconsent given maybe withdrawn at any time.

BORICA processes personal data, provided by the user on website https://www.e-voucher.bg/ or in progressive web application bcard e-voucher, available in mobile application stores. In this regards BORICA set a personal profile to the user and via this profile provides an access to services, related to meal voucher management. 

TYPES OF PERSONAL DATA WE PROCESS and SOURCES OF INFORMATION


According to the statutory definition, "personal data" means any information relating to an identified natural person or an identifiable natural person ("data subject"); "an identifiable natural person is a person who can be identified, directly or indirectly, in particular by an identifier such as a name, an identification number, location data, an online identifier or by one or more factors specific to the physical, physiological, genetic, mental, economic, cultural Or social identity of that individual.

Processing means any operation or set of operations which is performed upon personal data or a set of personal data, whether or not by automatic means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

The personal data we process includes all the data, which is personally filled by the user in the electronic forms during the registration process on website https://www.e-voucher.bg/ or in the progressive web application bcard e-voucher. Data scope includes name of the user, e-mail address of the user, number of the meal voucher and ID. Data scope could be amended based on further development and implementation of additional services. In such cases the user will be informed and kindly asked to provide additional personal data. 

We process data that we have obtained on legal and legitimate grounds from institutional registers: the Bulgarian Identity Documents Register (BIDR); registers maintained by the Registry Agency; published official lists of persons subject to sanctions.

DATA PROTECTION AND SECURITY


Protecting customer information and data is a top priority for BORICA. The Company continuously implements and updates technical and organizational measures to ensure the protection of customer data.

The company is certified to ISO/IEC 27001 "Information Security, Cyber Security and Privacy Protection. Information Security Management Systems - Requirements“ which covers the security requirements for information collected and stored for the purpose of fulfilling its contractual obligations, including personal data of customers.
The company receives PCI DSS (Payment Card Industry Data Security Standard) certification annually;
Regular reviews of all procedures and policies for data collection, storage and processing, including physical systems security measures, are performed.

BORICA has right to provide the personal data of the user in the following cases:

  • Checks on Supervisory Authority - the Personal Data Protection Commission
  • Audits of external and internal auditors to demonstrate compliance with standards, laws, regulations, regulations and other regulatory requirements expressly required for the realization of the business processes of BORICA AD
  • Third parties where this is legally and explicitly required.


ACCESS TO DATA


Personal data is obtained and processed by employees, assigned to perform official duties, regulatory compliance and the legitimate interest of the company.

Providers and contractors of BORICA who have undertaken obligations and have responsibility for processing personal data in accordance with current legislation may be granted limited access to data (for example: providers of specialized IT services and telecommunications)

Personal data of user may be provided to government authorities and institutions in order to comply with legal obligations under criminal law, anti-money laundering and anti-terrorist financing measures, for the purposes of the automatic exchange of financial information in the prevention and investigation of fraud, and where it is necessary to protect certain interests of the data holder.

DURATION OF STORAGE OF PERSONAL DATA


The personal data shall be stored by the controller in accordance with the statutory time limits and while preserving the legitimate interests of the data holder and the controller, the time limits depending on the type of service or product used, respectively the legal act that regulates the storage of data related to the respective activity. Certain time limits may be extended in certain circumstances: for example, in the case of litigation, extension of a limitation period due to an interruption, compliance with specific legal provisions and/or requirements of supervisory authorities.

OBLIGATION TO PROVIDE PERSONAL DATA


Each user is obliged to provide personal data that is necessary for the registration process. If the user does not provide the necessary data, the access to the services is inadmissible.

RIGHTS OF CUSTOMERS - HOLDERS OF PERSONAL DATA


Under the EU General Data Protection Regulation (GDPR), the rights of personal data holders include:

  • The right of access to the user's personal information is held by the controller.
  • The user can request access to any personal data we hold about him/her. This is known as a 'subject access request'.

The right to restrict the processing of the user's personal data in the following cases:

  • Unlawful processing has been established, but the user only wishes to restrict the processing of the data instead of having it deleted;
  • To comply with the data subject's rights under EU Regulation 2016/679.

Right to erasure of all personal data from the controller's system

The user may express his/her wish to have all, or part of his/her personal data stored by BORICA deleted. This will not be possible in all cases, as we are required by law to keep a certain category of information for a relevant period. The user has an option to delete a registered meal voucher from the personal profile or the option to delete the whole personal profile in the website https://www.e-voucher.bg/ or in the progressive web application.

Other rights under the GDPR:

If the customer believes that the personal information held is inaccurate, they have the legal right to update it (for example: change contact details).

The customer may object or request to restrict the processing of their personal data if it exceeds the minimum required by law for the provision of certain products or services.

EXERCISE OF RIGHTS BY THE CLIENT


To obtain guidance and assistance in exercising their rights, the Users may contact dpo@borica.bg.

If the User disagrees with the ways in which his/her personal data is managed or used, wishes to obtain additional information regarding his/her personal data orto inform about possible problems in respecting his/her legal rights and freedoms, he/she may submit a request (request, complaint, signal). It should be sent for registration to the email address office@borica.bg. All documents are processed within one calendar month.

If we are unable to resolve the issue to the client's satisfaction, the user may also contact the Personal Data Protection Commission at 1592 Sofia Blvd. "1595 Prof. kzld@cpdp.bg, website www.cpdp.bg.

Lost or stolen card?

Block your lost or stolen card through your profile or contact your operator.

You have additional questions about how to use the e-voucher card, forgotten PIN or more?

Contact your operator
BORICA AD
41 Tsar Boris III Blvd., 1612 Sofia