Privacy policy

The protection and security of your Personal Data is important to Coface Companies. The use of our websites is basically possible without any disclosure of Personal Data. However, the use of services provided by us, including through our website, requires the processing of Personal Data.
 
Depending on the purpose for which we process the data, the Personal Data controller will be one or more of the companies of the Coface Group in Bulgaria:
 
COMPAGNIE FRANÇAISE D’ASSURANCE POUR LE COMMERCE EXTÉRIEUR – Branch Bulgaria, UIC 200325896
Telephone number: 359 (2) 821 37 35
Fax.: 359 (2) 920 71 50
e-mail: office-bg@coface.com
 
COFACE BULGARIA CREDIT MANAGEMENT SERVICES EOOD, UIC 831672071
Telephone number: 359 (2) 821 37 35
Fax.: 359 (2) 920 71 50
e-mail: office-bg@coface.com
 
COFACE SERVICE BULGARIA EOOD, UIC 200306885
Telephone number: 359 (2) 821 37 35
Fax.: 359 (2) 920 71 50
e-mail: office-bg@coface.com
Address: All entities have their registered offices at 42 Petar Parchevich str., 1000, Sofia, Bulgaria,
 
.
 
The processing of Personal Data is exclusively in accordance with the General Data Protection Regulation (GDPR 2018) as well as in compliance with the applicable national data protection regulations. This privacy policy is intended to inform the users of the website  about the nature, scope and purpose of Personal Data collected, used and processed by Coface. This should provide information about the existing legal rights of the data subjects. 

I. DEFINITIONS

The Data Protection Policy of Coface uses the terms used by the European regulators in adopting the General Data Protection Regulation (GDPR). In order to make our privacy policy easy to read and understand, we would like to briefly explain the most important terms.
 
    1. 1. Personal Data: All information that allows the identification of a natural person without too much effort. Personal Data includes, but is not limited to:
      1. personal details such as name, date of birth, social security number, bank account details, next of kin, account details on social networks;
      2. contact details such as address and telephone numbers;
      3. employee personal file details such as employment contract terms, training, performance appraisals, promotions, development plans, behavioural and disciplinary details, work location, pay details, bank account details and tax number, and personal identification numbers such as social security number;
      4. employment history/application details such as training and work background;
      5. customer data (orders, address data, account data, etc.);
      6. physical characteristics (gender, skin, hair and eye colour, stature, dress size, etc.).
 
  1. 2.Data Subject: Any identified or identifiable natural person whose Personal Data is processed.
 
  1. 3.Data Controller: A natural or legal person, public authority, institution or other body that, alone or in concert with others, decides on the purposes and means of processing Personal Data.
 
  1. 4.Data Processor: A natural person or legal entity, public authority, institution or other body that processes Personal Data on behalf of the Data Controller.
  2. 5.Processing: The collection, use, recording, organisation, modification, disclosure, destruction or storage of Personal Data in any form. This can be done both manually and by using automated systems, such as information technology systems.
 
  1. 6.Profiling: Automated processing of Personal Data for the purpose of evaluating individual aspects of a natural person, to analyse or predict, for example, the performance, specific decisions or behaviour of this natural person.
 
  1. 7.Consent: Any statement of intent voluntarily given by the data subject in an informed and unambiguous manner in the form of a statement or other unambiguous confirmatory act by the data subject to indicate that he/she agrees to the processing of the Personal Data concerning him/her. 

II. PERSONAL DATA PROCESSED. PURPOSE AND BASIS OF DATA PROCESSING

The Personal Data collected through our website include the Personal Data of the persons who work for or are otherwise engaged by our clients, their affiliates or other third parties in connection with the services provided by Coface. The Personal Data is collected through the contact and compliant forms on the website, and through the different options for registrations for any of the services provided by Coface.
The Personal Data includes the data of the contact persons of the respective companies which are interested and intend to use the service provide by Coface or wish to make complaint in connection with these services, namely: sex, names, position, company, address, telephone, e-mail and any other data, which the data subjects decide to include in their messages to Coface.
  1. 1.     The Personal Data is processed on the following legal grounds and for the following purposes:Fulfilment of contractual obligations (Art. 6 para. 1(b) GDPR)
Personal Data is processed exclusively for the fulfilment of a contract with the Data Subject, the sending of invoices and information material relating to the contract.
 
  1. 2.     Fulfilment of legal obligations (Art. 6 para. 1(c) GDPR)
It may also be necessary to process Personal Data for the fulfilment of various legal obligations, when Coface is legally required to do so for regulatory purposes or for the management and execution of the agreements it enters into (for example such as anti-money laundering and counteracting financing of terrorism).
 
  1. 3.     Consent (Art 6.Para. 1(a) GDPR)
Processing of Personal Data may also be based on explicit consent – for example for the use of the pictures of participants photographed during the events organized by Coface which pictures are uploaded on the  website. In this case, the processing is exclusively in accordance with the consent given and agreed goals. Consent can be withdrawn at any time with effect for the future. Such a revocation does not affect the legality of the data processing up to the revocation.
 
  1. 4.     Protection of legitimate interests (Art. 6 para. 1(f) GDPR)
Should it be necessary, Personal Data may also be processed in the interest of Coface or a third party for the purpose of safeguarding the legitimate interests of Coface or the third party. This can be the case:
-          replying to information requests received from the Data subjects representing Coface clients and/or relevant third parties as part of the provision of Coface services;
-          for information and business purposes (such as audit, data analysis, improving and developing new Coface products and services, for marketing purposes, including for assessing  the effectiveness of promotional or marketing campaigns, among others);
-          in the context of legal action.
 
Coface credit insurance clients have access to CofaNet  - a  sophisticated, highly secure web-based policy management tool which gives clients the freedom and flexibility to manage customer and supplier portfolios, both domestically and overseas. CofaNet enables each client to view their customer portfolio, apply for credit limits on new customers and submit overdue and claim information. The use of the tool is through registered access by username and password, where your data is processed on the basis of a contract concluded with Coface, which also includes provisons about the Personal Data processed through this platform.Coface ICON Customer Application is web application which is owned and administrated by other company part of the Coface group – Coface Central Europe Holding AG, Austria registered at the commercial register of the commercial court in Vienna under the registration number FN 43204 k, having its registered office in 1030 Vienna, Marxergasse 4c.
Through the application  Coface allows its clients to purchase and use the products and services related to the credit management and particularly business information reports and debt collection services.
 
Coface Central Europe Holding AG, Austria and the Coface Company in Bulgaria are joint Data controllers in regard with the processing of the Personal Data provided by the users of the ICON Customer Application as far as their Personal Data provided in relation with business information and debt collections services concerning companies in Bulgaria is received and processed by the Coface companies in Bulgaria specified above.
Coface shall processed the Personal Data provided through the use of the ICON Customer Application in accordance with the present Policy.
For more details about the processing of the Personal Data by Coface Central Europe Holding AG, Austria you could refer to its Privacy Policy, available here.
 

III. retention period

  1. Coface will retain Personal Data for as long as required or permitted in light of the purpose(s) for which it was obtained. The criteria used to determine our retention periods include: (i) the length of time Coface have an ongoing relationship with our client and provide the Services; (ii) whether there is a legal obligation to which Coface are subject; and (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
     

IV. DATA DISCLOSURE

Coface may provide the Personal Data to the following categories of recipients:
- competent public authorities, is such legal obligation exists;
- third parties, which upon assignment supports the information systems used for personal data collection and/or processing;
-  third parties – services providers providing services such as IT and infrastructure, customer service, email delivery, auditing and other services, to third party experts and advisers including legal counsels, tax advisers or auditors or to any other persons as expressly agreed with you or as required or permitted by any applicable law.
- other companies from the Coface group, including foreign companies, for legitimate purposes related to the flow of data within the group of entrepreneurs.
 
All external data processors are contractually obligated to treat the data confidentially and to process it only within the scope of the contractually agreed obligations.
Upon transfer of the Personal Data to non-EEA countries Coface takes into account if the respective country is recognized by the European Commission as providing an adequate level of data protection according to EEA standards. If this is not the case and in order to ensure an adequate level of protection for your Personal Data transferred to recipients located outside the EU/EEA, Coface enters into agreements with the recipients which include, when applicable, the standard contractual clauses approved by the European Commission pursuant to Article 46(2)(c) of the GDPR. A copy of such agreements can be obtained from Coface’s Data Protection Officer.
 

V. automated decision making

Coface does not use an automated decision making system that includes profiling when processing Your Personal Data.
 
 

VI. rights of data subjects

The Data Subjcts have the following rights:
  1. 1.   Right to information
The Data Subject has the right to be informed about the purpose and the details of the data processing as well as about his rights.
 
  1. 2.   Right to access
Every Data Subject has the right to receive at any time free information from the Data Controller on the Personal Data stored about him/her and receive a copy of this information. This applies in particular to the following information:
  1. the processing purposes,
  2. the categories of Personal Data being processed,
  3. the recipients or categories of recipients to whom the Personal Data have been disclosed or will be disclosed, in particular to recipients in third countries or to international organisations,
  4. if possible, the planned duration for which the Personal Data will be stored or, if this is not possible, the criteria for determining the duration,
  5. the existence of a right to rectification or erasure of the personal data concerning him or of a restriction of the processing by the controller or of a right to object to such processing,
  6. the existence of a right of appeal to a supervisory authority,
  7. if the Personal Data is not collected from the Data Subject: All available information on the source of the data,
  8. the existence of automated decision-making including profiling under Article 22 (1) and (4) of the GDPR and - at least in these cases - meaningful information on the logic involved and the scope and intended impact of such processing on the Data Subject.
 
  1. 3.   Right to rectification
Every Data Subject has the right to demand the immediate rectification of incorrect Personal Data. This right also includes the right to supplement any incomplete Personal Data.
 
  1. 4.   Right to erasure
Every Data Subject has the right to have their Personal Data erased, provided one of the following reasons applies:
  1. the Personal Data has been collected for such purposes, or otherwise processed, for which it is no longer necessary,
  2. the Data Subject revokes the consent on which the processing was based in accordance with Article 6 (1) (a) GDPR or Article 9 (2) (a) GDPR and it now lacks any other legal basis for the processing,
  3. the Data Subject submits an objection to the processing in accordance with Article 21 (1) GDPR, and there are no overriding legitimate reasons for the processing, or the Data Subject objects to the processing in accordance with Article 21 (2)GDPR,
  4. the Personal Data was processed unlawfully,
  5. the erasure of Personal Data is necessary to fulfil a legal obligation under union or national law to which the controller is subject,
  6. the Personal Data was collected in relation to information society services offered in accordance with Article 8 (1) GDPR.
 
  1. 5.   Right to restriction of processing
Every Data Subject has the right to obtain from the data controller restriction of processing where one of the following applies:
  1. the accuracy of the Personal Data is contested by the Data Subject for a period of time that enables the controller to verify the accuracy of the Personal Data,
  2. the processing is unlawful and the Data Subject opposes the erasure of the Personal Data and instead requests the restriction of its use,
  3. the data controller no longer needs the Personal Data for the purposes of processing, but the Data Subject requires itfor the establishment, exercise or defence of legal claims,
  4. the Data Subject has objected to the processing according to Article 21 para. 1 GDPR pending the verification whether the legitimate grounds of the data controller override those of the Data Subject.
 
  1. 6.   Right to data portability
Every Data Subject has the right to have his data transmitted to other service providers on request. This must be done automatically or in a structured form.
 
  1. 7.   Right to object
Every Data Subject has the right to object on grounds relating to his particular situation to the processing of his Personal Data which is based on point (e) or (f) of Article 6 (1) (e) or (f) GDPR at any time.
 
  1. 8.   Right of revocation
Every Data Subject has the right to revoke his consent to the processing of his Personal Data. The revocation will not affect the legality of the processing up to that point.
 
You can exercise all these rights by contacting Mr. Franck Marzilli, Coface’s Data Protection Officer, in charge of our Personal Data Protection service, at the following email address: coface_dpo@coface.com
or at the following address:
Data Protection Office/Group Compliance Department
1, place Costes et Bellonte - 92270 BOIS-COLOMBES, France.
We will respond to your request in accordance with the applicable law.
 
In the event of any irregularities and depending on the concrete case, you have the right to file a complaint with Bulgarian Supervisory Authority:
 
Commission for Personal Data Protection
Address: 2 Prof. Tvetan Lazarov Blvd., 1592 Sofia, Bulgaria;
Phone numner: +359 2 91 53 518
E-mail: kzld@cpdp.bg
 
or, with the Lead Supervisory Authority pursuant to Article 57(1)(f) of GDPR – in case of cross-border processing. Coface Group’s competent Lead Supervisory Authority is:
 
Commission nationale de l'informatique et des libertés
Address : 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07, France
Phone Number : +33 01 53 73 22 22
 

VII. cookies

This website uses cookies. A cookie is a small amount of data that is generated by a website and stored by your web browser. This is to store information about you, similar to a settings file of a software application. Cookies fulfil several functions. Some cookies are indispensable to provide our website and services. Cookies can be “permanent”, i.e. they remain on your computer after you leave the website, or they may be "session cookies" that are deleted after you close your internet browser. You can change your cookie settings in the browser settings. Please note that certain functions may then not work at all or not properly.
 
For more details on the use of the cookies and the possible ways to control their use on your device please refer to our Cookies Policy.
 

VIII. erasure of personal data

Coface processes and stores the Personal Data of the Data Subject only for the period required to achieve the purpose of storage or, if required by any applicable legislation .
If the storage purpose lapses or if a storage period prescribed by the applicable legislation  expires, the Personal Data will be routinely blocked or erased in accordance with the statutory provisions. 
 

Ix. DATA PROTECTION REGULATIONS FOR USE OF TWITTER

Coface uses the so-called social plugins of the social network twitter.com. The operating company of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA.
Those websites of our internet presence that contain Twitter social plugins connect directly to the servers of Twitter through your browser when you open it. The information that is on the page of our internet offer that you accessed is transmitted to Twitter by the social plugin. If you are logged in to Twitter at this time, the accessing our pages and all of your interactions related to the social plugins (e.g. clicking the "Tweet" button) may be allocated to your Twitter profile and stored on Twitter. Even if you do not have a Twitter profile, it cannot be ruled out that Twitter stores your IP address.
Regarding the purpose and extent of the data collection as well as the processing and use of data by Twitter, we refer to the Twitter Privacy Policy. There you will also find an overview of the settings options in your personal Twitter profile for the protection of your privacy and related rights.
In order to prevent Twitter from collecting the above-mentioned information from your visit to our website, log out of Twitter before visiting our site.  
 

IX. DATA PROTECTION REGULATIONS FOR USE OF YOUTUBE

Coface Central Europe Holding AG uses plugins of the Google-powered YouTube page.
The operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
 
When you visit one of our YouTube plug-in-enabled sites, you will be connected to the servers of YouTube. In doing so, the YouTube server is told which of our web pages you have visited.
 
If you're logged into your YouTube account, you enable YouTube to allocate your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account.
 

X. DATA PROTECTION REGULATIONS FOR USE OF youtube

Coface uses plugins of the Google-powered YouTube page.
The operating company is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
When you visit one of our YouTube plug-in-enabled sites, you will be connected to the servers of YouTube. In doing so, the YouTube server is told which of our web pages you have visited.
If you're logged into your YouTube account, you enable YouTube to allocate your browsing behaviour directly to your personal profile. You can prevent this by logging out of your YouTube account. 
 

Xi. DATA PROTECTION REGULATIONS FOR USE OF linkedin

Coface Central Europe Holding AG uses the functions of the LinkedIn network.
Provider is the LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.
Every time you access one of our pages that contains LinkedIn functions, a connection is established to the LinkedIn servers. LinkedIn is informed that you have visited our website with your IP address. If you click LinkedIn’s “recommend button” and are logged in to your LinkedIn account, LinkedIn will be able to allocate your visit to our website to you and your user account. We would point out, that we as the provider of the pages have no knowledge of the content of the data transmitted or their use by LinkedIn. 

XIi. GOOGLE ANALYTICS

Coface uses the Google Analytics service provided by Google Inc. (1600 Amphitheater Parkway Mountain View, CA 94043, USA) to analyze users' website usage. The service uses “cookies”- text files stored on your computer. The information collected by the cookies is as a rule transmitted to a Google server in the US and stored there.
IP anonymization is activated on this website. The IP address of users is shortened within the member states of the EU and the European Economic Area. This shortening deletes the personal reference of your IP address. Under the terms of the agreement, which website operators have entered into with Google Inc., they use the information collected to evaluate website use and activity, and provide internet-related services.
 
You have the option to prevent the storage of cookies on your computer by making the appropriate settings in your browser. There is no guarantee that you will be able to access all the functions of this website if your browser does not allow cookies.
Furthermore, you can use a browser plug-in to prevent the information collected by cookies (including your IP address) from being sent to Google Inc. and used by Google Inc. The following link leads you to the corresponding plugin: https://tools.google.com/dlpage/gaoptout?hl=de
 
Here you can find further information on data use by Google Inc.: https://support.google.com/analytics/answer/6004245?hl=de
 

XIii. changes in the privacy policy

Coface strives at any time to provide maximum protection for the personal data of the users of its website. In this regard Coface undertakes actions in accordance with the up-to-date measures for protection and reserve the right to change the security measures for data protection, if necessary.  In such cases Coface shall change the preset Policy.
The “Last updated” date indicated at the top of this Policy refers to the last time this Privacy Policy was revised and/or updated.
Any changes to this Privacy Policy become effective on the date Coface uploads such revised version on its website. Provision of personal data by you further to any changes to the Privacy Policy acknowledge your acceptance of the revised and/or updated terms of the Policy.
 
 
You may find information how Coface collects, processes, uses, transfers and discloses personal data offline inconnection with the services provided to its corporate clients in Coface Privacy Notice.
 
If you have any additional questions concerning the collection, processing and use of your personal data, you may contact with Coface by using the contact details specified above. Coface shall do its best to answer your questions or fulfil your requests without undue delay.
Top
  • Bulgarian
  • English