Your personal data

Privacy Policy for Personal Data at "INSTITUTE FOR STRATEGIES AND ANALYSES" Ltd. and the website "EPICENTER" and its subdomains

The privacy policy for personal data covers the "EPICENTER" BG website, its subdomains, the media platform, and the monthly publications of the analyses of the "INSTITUTE FOR STRATEGIES AND ANALYSES", as well as all journalistic activities of the above-mentioned carriers.

The policy is drawn up based on Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC. The policy is effective from 25.05.2018.

Information about the personal data controller:

Name: "INSTITUTE FOR STRATEGIES AND ANALYSES" Ltd.
UIC: 203683119
Address: 1000 Sofia, "Hristo Belchev" St. No.16, fl. 3.
Email: isa.analizi@gmail.com

Information about the supervisory authority:

Name: Commission for Personal Data Protection (CPDP)
Headquarters and address: 1592 Sofia, "Prof. Tsvetan Lazarov" Blvd. No. 2
Correspondence address: 1592 Sofia, "Prof. Tsvetan Lazarov" Blvd. No. 2
Phone: 02 915 3518
Email: kzld@government.bg, kzld@cpdp.bg
Website: www.cpdp.bg

The privacy policy affects personal data that can be shared through our website and its subdomains. It describes the options, choices, and rights you have regarding the personal data we hold and provides the necessary information to contact our team members responsible for privacy and data processing. Such data include email addresses, IP addresses, data collected during website visits, which in combination could identify you, etc.

When creating the privacy policy, we considered the principles and requirements of the General Data Protection Regulation (GDPR). The regulation is adopted by the European Union and is effective from 25.05.2018.

Through the General Regulation (GDPR), better protection of our privacy is guaranteed. It represents a unified set of principles and rules for the European Union, ensuring legal security for businesses and an equal level of data protection for citizens. The regulation provides greater rights for citizens, including: the right to information on the purposes of data processing, the categories of processed personal data, the transfer of data to other companies and third parties, the right to access data, the right "to be forgotten", and others. A new right to data portability allows data subjects to transfer their data from one company to another.

This privacy policy is effective from 25.05.2018. It will be periodically updated on this site if necessary.

Administrator: "INSTITUTE FOR STRATEGIES AND ANALYSES" Ltd.
UIC: 203683119
Address: 1000 Sofia, "Hristo Belchev" St. No.16, fl. 3.
Email: isa.analizi@gmail.com

SUBJECT AND SCOPE OF JOURNALISTIC ACTIVITIES

Not an exhaustive list, we provide the following main online services:

Epicenter.bg is an informational and analytical internet platform. Our focus is on the main problems facing the country, as well as the impact of global events on the fate of Bulgarians. We present comments, analyses, and forecasts by the most authoritative Bulgarian, American, European, and Russian researchers and observers to our readers. Our ambition is for our platform to become a central hub for dialogue, discussions, and seeking solutions to the most pressing issues. We aim to work for national consensus, which should be a common goal for all Bulgarian citizens.

Why do we collect and process data?

The data we collect during registration is used to provide services in their full functionality, in accordance with the terms and other rules of the forums or website where you registered. Your registration allows you to publish publicly visible information, in some cases exchange messages, participate in a rating system, and numerous other options.

We use the data we collect from all users to achieve better quality and security of our services and avoid malicious actions. For example, to prevent the appropriation of another's electronic identity, protect against hacker attacks, and carry out various other processes.

Some data is used for positioning contextually recommended content and contextually targeted advertising.

We use aggregated and anonymized data for statistical and marketing purposes.

For the purpose of selecting appropriate advertisements, for independent statistical measurements, and in some other cases, we allow third parties to receive data from our sites about user behavior (e.g., for advertising: Google, for statistics: Gemius and Google Analytics). These third parties are obliged to adhere to similar privacy policies.

What data do we collect about all users?

On the site we maintain, we collect and store information about all users:

  • IP address (Internet Protocol address). These numbers are usually assigned in blocks by geographical criteria. The IP address can often be used to identify the location from which the device connects to the internet.
  • Data from automatic data collection tools, such as:
    • Tracking sections on the sites you visit;
    • How much time you spend on a given site;
    • Which page or article you have accessed;
  • What data do you provide to us?
    • With each visit, the user grants access to:
      • Use their IP address for generating metric data.
      • Google Analytics bot, collecting metric data from Google.
      • GemiusTraffic and GemiusAudience, measuring the internet audience of epicenter.bg

Epicenter.bg may provide statistical information about site visits and aggregated demographic characteristics of the audience to its partners (clients, advertising agencies).

Do we provide opportunities for third parties to collect data?

Your actions on the pages we maintain can lead to the automatic provision of data to our partners, primarily for advertising and statistical purposes. This happens through cookies.

What automatic data collection tools do we use?

We collect data and provide such an opportunity to third parties through the use of "cookies". A "cookie" is a small file containing a string of characters placed on your computer when you visit a website. When you visit the site again, the "cookie" allows that site to recognize your browser.

Cookies can store user preferences and other information. They are often used in combination with a pixel identifier. Cookies can be temporary (session) and permanent. See more at http://www.allaboutcookies.org.

How to delete or disable cookies?

If you do not want to allow cookies at all or want to use only certain cookies, please check your browser settings. You can use your browser settings to withdraw previously given consent to use cookies and delete already accepted cookies at any time. The Help menu of your browser or the website www.allaboutcookies.org contains detailed information on the process of refusing cookies for different browsers.

Note that by deactivating certain cookies, your access to some features and parts of the content on the sites and forums may be limited.

If you want to opt out of third-party cookies related to interest-based advertising (personalized advertising), visit www.youronlinechoices.eu/bg.

What is a pixel identifier?

A pixel identifier is a transparent graphic image placed on a website or in the main text of an email that allows a server to read certain types of information from your device to track website activity or when emails are opened or accessed, often used in combination with "cookies".

When do we use pixel identifiers?

We use and allow selected third parties to use pixel identifiers, usually in combination with cookies, to aggregate information about the use of our websites, measure effectiveness, and offer appropriate content and advertisements.

How do we protect your data?

Access to information that can identify you is limited to employees working under the control of "Institute for Strategies and Analyses" Ltd. and is refined physically, electronically, and procedurally to the necessary extent to fulfill their work commitments. When subcontractors are used, they and their employees are bound by strict contractual obligations to maintain confidentiality and work under the control of "Institute for Strategies and Analyses" Ltd.

We encrypt many of our services via SSL. We review our data collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to systems.

However, it should be clear that no matter what reasonable measures are taken, they are not always sufficient to prevent failures and malicious attacks.

Is it possible to transfer data to other countries?

Some of our partners may transfer data outside the EEA, provided there is an adequate level of protection, for example, in the case of the EU-U.S. Privacy Shield.

How long do we store the information?

For registered users, data arising from the use of provided services is stored from registration for the respective service for the duration of the registration's validity and until the expiration of periods necessary to protect the company and other users against legal claims and to respond to legitimate requests from competent authorities according to applicable law.

For all users, data and activities are stored for the necessary time to guarantee the functionality and security of the provided services.

What rights do you have regarding the data we process?

  • Access to your personal data: We commit to providing access upon request from registered users to the data we hold about them. After contacting us, it may be necessary to clarify additional facts to ensure the data is provided to you.
  • Correction (if the data is inaccurate): Whenever you find or claim inaccuracies in personal data, you can contact us for assistance.
  • Deletion of personal data (right "to be forgotten"): This right is realized under the following scenarios:
    • Personal data is no longer necessary for the purposes for which it was collected or otherwise processed – e.g., the required period for storing IP addresses expires, and they are automatically deleted.
    • When the processing is based on consent – upon withdrawal of consent (such as cookies).
    • When there is no overriding legal basis for the processing (other than consent) – upon withdrawal of consent (such as cookies).
    • When personal data has been unlawfully processed.
  • Objecting to the processing of personal data: If the processing is necessary for the purposes of legitimate interests pursued by the administrator or a third party, except when such interests are overridden by the interests or fundamental rights and freedoms of the data subject.
  • Data portability: When processing is based on consent or a contract and is carried out by automated means, data subjects can receive personal data concerning them, which they have provided to a controller, in a structured, commonly used, and machine-readable format, and have the right to transmit that data to another controller without hindrance.

Requests and complaints:

If you wish to exercise any of the above rights, you can contact us at the provided contact details.

For complaints regarding the processing of your data, you have the right to lodge a complaint with the supervisory authority.

This privacy policy may be updated to reflect changes in our practices or legal requirements. We will notify you of any significant changes.