Data controller details Muzeiko EOOD is a company incorporated in the Republic of Bulgaria, with UIC 202772419, having its registered office in the city of Sofia, 3, Prof. Boyan Kamenov str. The company has the following website https://muzeiko.bg/bg, email firstname.lastname@example.org and phone number +3592 902 0000 Muzeiko is the first Children's Scientific Center in Bulgaria with more than 130 scientific and game installations and a team of more than 40 professionals in scientific communication for children. Muzeiko EOOD is a data controller who independently specifies the purposes and the means of processing personal data of individuals. You may directly contact our Data Protection Officer at the following email email@example.comOur Privacy NoticeThe General Data Protection Regulation requires that data controllers provide specified information to the individuals regarding the way that their personal data are used (processed). We, at Muzeiko, fulfill this obligation through this Privacy Notice. The Privacy Notice contains information regarding the data controller, details for contact with: Muzeiko, the personal data protection officer and the personal data protection supervisory authority (Personal Data Protection Commission). In this Privacy Notice, you will find information regarding the personal data processing purposes, the data storage time limits, the legal grounds for data processing and where relevant, regarding the data recipients, the transfer of data to third countries, cases of automated decision-making and information regarding your rights as a data subject. Muzeiko EOOD collects, processes and stores personal data in relation to entering into and performance of contracts with employees, job applicants, site visitors, counterparties (customers, partners, suppliers). For your convenience, the Privacy Notice is divided into chapters containing general information as well ones relating to specific categories of subjects.PrinciplesMuzeiko EOOD implements its operations in compliance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), the Personal Data Protection Act as well as the other European Bulgarian legislation on the protection of personal data. Muzeiko EOOD adheres to the following principles in the processing of your personal data:• legality, integrity and transparency;• collection for specified, explicit and legitimate purposes;• minimizing the data collection;• accuracy and timeliness of data;• limitation of the storage period, in order to achieve the objectives;• processing in a way that ensures an adequate level of security of personal data.Legal grounds for processing personal dataFor our personal data processing activities, we rely on the following grounds for their lawful processing:• processing is necessary for compliance with a legal obligation to which the controller is subject (Art. 6 (1), c) of the GDPR);• processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (Art. 6 (1), b) of the GDPR);• the data subject has given consent to the processing of his or her personal data for one or more specific purposes (Art. 6 (1), a) of the GDPR);• processing is necessary for the purposes of the legitimate interests pursued by the controller (Art. 6 (1), f) of the GDPR). Where Muzeiko processes any sensitive data such as health-related data, we comply with the additional requirements of the GDPR. So, in implementing any objectives related to our main function, we process sensitive data when:• processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law (Art. 9 (2), b) of the GDPR);• processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment (Art. 9 (2), h) of the GDPR).Data processorsWhere required, personal data may be shared with one or more third parties, whether related or not, to process the personal information on the basis of appropriate instructions or provisions on the personal data protection. The companies processing personal data may execute instructions relating to the labour medicine, trainings and other activities. They are required by a contract to apply appropriate technical and organisational safety measures to protect the personal information and to process it only in accordance with the instructions received.Security in the personal data processingMuzeiko EOOD takes technical and organisational safety measures to protect the personal data processed against manipulation, loss, destruction and access by unauthorised persons. Our security measures are constantly improved in line with the technological developments.Your rights as subjects of personal dataIn connection with your personal data processed by us you are entitled to:• Access to your personal data.• Correction or erasure of your personal data.• Restricting their processing.• Right to object to the processing of your data.• Data portability (in the case of automated processing and only in the cases of contract and agreement). To exercise any of the above rights, please file an application to the data controller Muzeiko EOOD, at the address: Sofia, 1700, 3, Prof. Boyan Kamenov str. or to email address: firstname.lastname@example.org The application must meet the minimum legal requirements – to be in writing and to contain:1. name, address, personal number or foreigner’s personal number or any other similar identifier, or any other identification data of the natural person as specified by the data controller, in relation to the operation implemented;2. description of the request;3. preferred form of obtaining information within the exercise of the rights;4. signature, date of submission and address for correspondence;5. where the application is filed by an authorised person, the power-of-attorney must be enclosed to the application. Details for contact with the data protection officer - email: email@example.com. Your right to lodge a complaint with a supervisory authority You are entitled to lodge a complaint with the supervisory authority if any of your rights have been violated by the processing of your personal data. The supervisory authority in the Republic of Bulgaria is the Personal Data Protection Commission, city of Sofia 1592, 2, Prof. Tsvetan Lazarov Blvd., phone: +359 2 915 3 518, firstname.lastname@example.org, email@example.com, www.cpdp.bg.I. Information on former and current employeesPurposes and legal grounds of processing The main purposes of processing the personal data of former and current employees of Muzeiko EOOD are:• To ensure the payment of salaries and compensations and any other liabilities under the employment contract or in relation to any liabilities under enforcement proceedings against you.• To maintain an employment record.• To prepare and provide information to public organisations.• To issue a service book.• To maintain contacts with the worker or the employee. The legal grounds serving as a basis for processing your personal data are a contract and the performance of a legal obligation (Art. 6 (1) b) and c) of the GDPR), namely:• The data related to entering into an employment contract are processed pursuant to Ordinance No. 4 of 11.05.1993 on the documents required to enter into an employment contract.• The data relating to health in the course of the employment relationship are processed pursuant to the Labour Code, the Health Act as well as the regulations related to this matter.• For specific positions and specific cases that may occur during the employment relationship, other special requirements of the above legislation and other relevant legislation are also complied with.Data that we processThe main categories of data that we process for you are:1. The data provided by you and collected in the course of your application for the respective position that are stored in your employment record maintained for you.2. Data required for entering into an employment contract, namely:• Physical identity – full name, personal number, address, details of the identity document, place of birth, phone number;• Social identity – education level obtained, specialisation, qualification, competence required for the position, length of service.• Health-related data – under the form of a medical examination document, where required by law.• Contact details – phone number.3. Information collected in the course of the employment relationship:• Physical identity – pictures Economic identity – social security income, remuneration, bank account;• Information relating to the existence, modification and termination of employment;• Health-related data – information from medical certificates, resolution by work incapacity commissions, etc.;• Social identity – education, employment; data regarding any children raised in the case of an attachment on a salary;• Data of existing liabilities – in the case of an attachment on a salary;• Contact details – office phone number, email address;• Data from CCTV.Source of dataThe most part of the information available to us is provided by you in person. Part of the documents certifying the information processed are only accepted for the purpose of collecting the necessary information. We do not collect any copies or originals of documents in case that we do not have any legal ground to do so.To whom do we provide your personal dataAs a rule, we do not provide your personal data to any third parties, except in case referred to herein. Your data is provided to third parties, mainly public authorities, in relation to the requirements of labour legislation in the Republic of Bulgaria. Recipients of information can be: The General Labour Inspectorate, the National Revenue Agency, the Employment Agency, bailiffs, the Ministry of Interior, etc.Transfer of data to third countries or international organisationsAs a rule, we do not provide your personal data to any third parties, except in case referred to herein. Information on you is provided upon business trips only for the purpose of performance of the contracts entered into with you. When transmitting any data, Muzeiko EOOD will check for the existence of adequate data protection in the country to which the data is provided. In the absence of a decision by the European Commission with regard to an adequate level of protection, Muzeiko EOOD will transfer any personal data to a third country or international organisation only if there are appropriate guarantees and provided that applicable rights of the data subjects and effective legal protection are available. In the absence of either condition, a transfer or a set of transfers of personal data to a third country or international organisation will be performed pursuant to any of the grounds specified by Art. 49 (1), a) or b) of the GPDR.Period of storing your personal dataWe will not store your personal data for a period longer than needed to achieve the purposes for which we process them. In determining the appropriate period of storage, we take into consideration the personal data amount and nature, the purposes, for which we process them as well as whether we can achieve these purposes by other means. We also comply with the relevant legal requirements for the storage of specified categories of data (such as the Social Security Code, the Accountancy Act) to perform our statutory or contractual duties as well as to defend our legal rights in a case of an action. According to Art. 5 (7) of the Social Security Code, we store payrolls, employment contracts, additional agreements, employment orders, additional agreements/re-employment orders, orders for unpaid leave used of more than 30 working day in a calendar year, orders for termination of employment or business relationship for 50 years.II. Information for applicants for a job at Muzeiko EOODPurposes of processing and legal groundsYour data are processed within the procedure of recruitment of new employees for the purpose of assessing whether you fit the position you apply for as well as for the purpose of getting in contact with you. The legal ground to process your personal data is:• Taking steps before entering into a contract - Art. 6 (1), b) of the GDPR and with respect to the special categories of personal data, we apply Art. 9 (2) b) and h) of the GDPR in conjunction with the labour legislation of the Republic of Bulgaria;• Your consent – under Art. 6 (1), a) of the GDPR – may be required for storing your personal data as collected within a staff recruitment procedure for a period longer than 6 months.• Data that we process• The main categories of data that we process are:• Personal information – name, date of birth, place of birth as well as contact details – address for correspondence, phone number, email, etc.• Information on educational background – education level, additional qualification, etc.• Information on professional experience – previous or current organisation you have been working in, self-employment, etc. Muzeiko EOOD returns the documents in the same way as submitted.To whom do we provide your personal dataAs a rule, we do not provide your personal data to any third parties, except in cases that are explicitly referred to herein. Information on you may be provided to any third parties if we are legally required to do so.Period of storing your personal dataThe data shall be stored for 6 months from the day of the final completion of the selection procedures. The personal data provided by the non-successful applicants shall be destroyed not later than six months after completion of the selection procedure. A data subject who is not approved for employment may reclaim any submitted originals or notarised copies of documents certifying applicant’s mental and physical fitness, the necessary qualification level and service within 30 days after the final completion of the selection procedure. Muzeiko EOOD shall return the documents in the same way as submitted. Any employer’s selection-related internal documents may be stored for 3 years.III. Information for the visitors of our siteWhen you visit our site, we store and process your personal data. This data is transmitted and stored in the form of small files called "cookies". They are needed to implement the service of purchase of online tickets via the webpage as well as to improve our service to you by retaining your preferences and settings. Some of this data are the minimum necessary in view of the site functioning and the protection against any unlawful acts against you and you cannot refuse to provide them. For others, we have provided the option of management – you may either accept or reject them, these being by default not turned on automatically but in a neutral position. You may find more information and management method in the Cookies section.Data of customers and visitors to MuzeikoAn opportunity for purchasing online tickets is available on our site. The personal data to provide there are email address, surname, name. We may process your personal data or those of your children in relation to any events and games for the purposes of the event implementation and for contact with you in the event of a change, for which we will explicitly ask your consent. The periods of storage of such data are compliant with the relevant purpose and same shall be destroyed within a reasonable period specified by our internal rules.NewsletterWe issue a Newsletter containing news on Muzeiko’s programme and events as well as updated information about new products and discounts related to our services. To receive the Newsletter, you must register on our site www.muzeiko.bg or to indicate a consent for registration for a newsletter in any service orders (birthday party, visits to kindergartens or school groups, events organised by Muzeiko), feedback from visits to school groups or kindergartens or a form for purchase of a seasonal or annual card. We will use the email address provided only for the purposes of delivering the newsletter. You may cancel at any time your subscription to the newsletter by email by stating that by sending an email to firstname.lastname@example.org without having to give any reasons thereof or to use the link for Unsubscribe at the end of any newsletter.IV. Information for counterparties (partners, customers and suppliers)Purposes of processing and legal groundsThe personal identity-related information is used for communication between the parties relating to initiating, performance and/or termination of a contract or within the context of pre-contractual relations; for correspondence between the parties concerning the nature and the content of the contractual relation – examination of offers, negotiations, coordinating the contractual provisions, etc.; for the implementation of any operations relating to the contractual performance: acceptance of the work, reporting, bank transfers, etc. Data that we process Data relating to:• Physical identity – full name, personal number, address, details of the identity document, photos; We use your photos (including by placing them on the webpage and the company profiles in the social networks) or photos of you that have been taken on events organised by the company (team-building event, corporate parties, etc.) as well as photos provided by you for the site or for the brochures of the company.• Health-related data – by voluntary provision of a document certifying a permanent disability, in the cases where the person wishes to benefit from a reduction in such a capacity;• Contact details – business phone number, email address • Economic identity – social security income, remuneration, bank account;• Social identity – education level, employment;• CCTV data – for the purpose of protecting our legitimate interests relating to the security of company’s premises and our staff, visitors, customers and contractors, we collect data from CCTV of specified parts of company’s offices. The records are stored for a period not longer than two months after shooting. Source of data We receive personal data from you in person as well as from the public registers available. To whom do we provide your personal data Information on you may be provided to any third parties if we are legally required to do so. Deadline for processing the personal data of contractors After the expiration of the contract, we suspend the processing of personal data for the purposes relating to the contractual relationship. The period of storage of the data (documentation and correspondence) is determined by the final settlement of all financial obligations or any claims/objections between the parties. The business, technical, financial and reporting information provided is stored in compliance with the statutory deadlines as specified in the Accountancy Act, the Obligations and Contracts Act and other applicable legislation. The period for personal data processing may be extended if necessary for ascertaining, exercising or defending any legal claims that such data are relevant to. In these cases, the indicated data may be processed until final closing/settlement of the legal claims as provided by law.
Last updated: 10 April 2021
This policy refers to the cookies or similar tools on the online pages www.shop.muzeiko.bg, www.muzeiko.bg, www.business.muzeiko.bg, www.mymuzeiko.bg (all of them being hereinafter referred to as the “Site”, the “web page”, the “Website”) serviced by Muzeiko EOOD, uniform identification code 202772419, having its seat and registered address: 3. Prof. Boyan Kamenov str., Sofia, correspondence address: 3. Prof. Boyan Kamenov str., Sofia, contact phone number 02 902 0000, email: email@example.com (hereinafter referred to as “We“).
When you first visit the Site, we will ask you to accept the use of “cookies” in accordance with the conditions of these rules. By the use of our website and acceptance of these rules, You agree to use the “cookies”.
ESSENCE OF THE COOKIES
A cookie is a small file comprising letters and numbers, which is stored on your computer, mobile devices or other equipment, when there is access to internet. The cookie is installed through the request sent from the server of a webpage to the browser (e.g.: Internet Explorer, Chrome) and is completely “passive” (it does not contain software programmes, viruses or spyware and there is no access to the information from the consumer’s hardware).
WHAT PURPOSE ARE COOKIES USED FOR
Cookies make possible the recognition of the user’s device and the presentation of his/her content in the respective way, adapted to the user’s preferences. Cookies ensure that the user’s experience during online surfing is pleasant and help the Site provide goods and services that are appropriate to the consumers, such as – the preference for online confidentiality, in the basket or respective advertisements. They are also used in the preparation of anonymous statistics that help us understand how a consumer prefers to use our webpages, thus allowing us to improve their structure and content, while ruling out the identification of the user’s personality. Due to the cookies, the Site shows correctly the stocks of products that you can add to the buy list in the basket;
WHAT COOKIES DO WE USE
Our site uses several types of cookies – required, session cookies and third parties’ cookies.
They are strictly necessary for the site to be able to perform its functions and are stored as a file on your computer or mobile device for a long period of time, usually for the period determined by the cookies or until manually deleted by the user. We use such cookies for the purpose of verifying the authenticity of our users when they use the site so that we can provide our services or that we can comply with our General Terms and Conditions and maintain the security of our services. We only inform about these cookies and do no ask for your consent to the use thereof.
Session cookies are temporary files that remain in your device for the period of your visit to our website and are active until the end of your user session or until closing of the application (web browser), and then they are deleted. We may also use session cookies, e.g.:
● in order to allow you to move from page to page across our site without need to log in again;
● in order to recognise you when you return to our site to use our services;
Cookies and technologies, including third parties’ pixels
We also use certain third parties’ cookies as a part of our services. These cookies are managed by the respective sites and are not controlled by us. You should be aware that a part of these third parties’ technologies are offered by our partners or third parties, such as Bitrix24 Inc., Altamira Softworks, s. r. o. (www.eucookie.eu) and Ecwid,Inc. Herein below, you will find a list of the third parties’ cookies that we use, some of which can be turned off from the general settings of your browser or by your individual choice, and an option to do so is given to you by the Site when you first visit it. As concerns others, you need to visit the respective sites of the technology or browser provider and follow the provided instructions. These service providers may collect your IP address and information that does not allow personal information about your visits to our site. A part of these advertising cookies allow showing our ads while you visit other websites. This information, which is not personal identification, is anonymous according to these third parties’ Privacy Policies and does not include your name, address, email or other personal information, but your IP address may be collected. The anonymous information is collected by the use of web beacons (known also as “cookies” and action tags), which is a standard technology used by most big websites. These cookies and technologies are frequently referred to as targeting cookies and are used for provision of advertising that is more appropriate to you and your interests; restriction of the number of times when you see an ad; measurement of the effectiveness of the advertising campaign; tracking of the behaviour of the people after they see an ad. They are usually installed on behalf of advertising networks with the permission of the site operator. They remember that you have visited a site and they will quite frequently be connected with the site functionality provided by the other organisation.
We use an integration tool (a plug-in or widget code integration) of Altamira Softworks, s. r. o. (www.eucookie.eu), whereby we require your consent to some of the cookies and the technologies that the Site uses or requires your consent to use. The conditions of our partner may be found HERE.
We use Facebook Pixel – it makes possible tracking the activities of users after they saw or opened an ad in Facebook. This allows us to track down the effectiveness of Facebook ads and to collect data for statistical purposes. The data collected in this way are anonymous for us; we do not receive information about the users’ identity. Nevertheless, the data from Facebook is stored and processed so a connection to the user’s profile concerned is possible and Facebook can use the information for own advertising purposes, in accordance with the data policy of Facebook.
We use Google Analytics, Google Tag Manager, Google Maps, all being products of Google – in order to generate statistics for the site traffic and the sources of traffic, as well as to optimise our performance.
We use web beacons, which do not however place information on your device but they can work together with the “cookies”, in order to monitor the activity on the website.
If you are concerned about the ad cookies to third parties generated by advertisers, you can turn them off here: Your Online Choices site.
LINKS TO OTHER SITES
The Site contains references (the so called “links”), which can, if you click on them, take you to websites of other companies and organisations. E.g, if you click on a Facebook “Like” button or you log in by this social media to our Site, You share data with such third parties. We bear no liability for their content and data protection strategies. Such other websites, services and applications may set their own “cookies” on the users’ computers, collect data or require personal information.
DO COOKIES CONTAIN PERSONAL DATA
ARE COOKIES SUBJECT TO BLOCKING AND HOW ARE THEY BLOCKED
Most browsers allow you to refuse accepting cookies; e.g.:
● in Internet Explorer (version 10) you can block “the cookies” from “Settings”, “Internet options”, “Privacy” and then “Advanced”;
● in Firefox (version 24) you can block all “cookies”, by clicking on “Tools”, “Options”, “Privacy”, select “Use customized settings for history” from the drop-down menu and remove “ ”;
● in Chrome (version 29) you can block all “cookies” by opening the “Customize and control” menu, and click on “Settings”, “Advanced” and “Content settings”
Blocking all “cookies” will have a negative impact on the usability of many websites. If you block the “cookies”, you will not be able to use all functions of our website too.
You can delete “cookies” that are already stored on your computer; e.g.:
● in Internet Explorer (version 10), you must manually delete the files with “cookies” (you can find instructions how to do this HERE;
● in Firefox (version 24) you can delete the cookies by clicking on “Tools”, “Options” and “Privacy” and then choose “Use customized settings for history”, click on “Show the cookies” Cookies";
● in Chrome (version 29) you can delete all “cookies” by opening the “Customize and control” menu and click on “Settings”, “Advanced” and “Clear browsing data” and other site and plugin data” before you click on “Clear browsing data”.
You can disable cookies, except for functional (necessary) ones, manually, by an option for this purpose that the site offers you the first time you visit it.
Deletion or disabling of cookies will have a negative impact on the usability of lots of websites.
WHY ARE COOKIES IMPORTANT ON THE INTERNET
Cookies are central for the effective functioning online helping for the preparation of a certain model of preferences and interests of every user. The disagreement with or disabling of cookies may render certain sites impossible to use.
The refusal or disabling of cookies does not mean that you will no longer receive online ads but that they will no longer appear in your account as preferred and interesting ones collected through the browsing behaviour.
Examples of important roles of cookies (which do not require certification through an account):
• Content and services adapted to the user’s preferences – categories or products and services.
• Offers adapted to the user’s preferences – remembering passwords.
• Remembering the filters for child protection in terms of online content (family mode option, safe search function).
• Restricting the frequency of use of advertisements – restriction of the displaying of an ad for a certain site user.
• Provision of ads that would be of interest for the user.
• The measurement, optimisation and characteristics from analytics – how to confirm a traffic level on the website, what type of content is visualised and how the user reaches a website (e.g.: search engines, directly, other websites, etc.). The websites develop these analyses and their use for the purpose of improving the site for the benefit of users.
SECURITY AND CONFIDENTIALITY
Cookies are NOT viruses! They use the form of a simple text. They are not composed of parts of codes, so they cannot be executed nor are they executed separately. Hence, they cannot be duplicated or copied to other networks in order to run or be copied again. As they cannot perform these functions, they cannot be regarded as viruses.
Still, cookies can be used for negative purposes. As they store information about preferences, as well as about the user’s browsing history – both on a certain site and on most other sites, cookies can be used as a form of Spyware (spy software). Many antispyware software programmes are not aware of this fact and constantly mark cookies for removal during procedures for removal / scanning / anti-virus / anti-spyware software.
Browsers usually have built-in personal data privacy settings, which ensure various levels of acceptance of cookies, the period of validity and the automatic deletion once the user has visited a site.
Other aspects of security related to cookies:
As the personal data protection is exceptionally important and is a right of every internet user, it is recommended that you are aware of the possible problems that cookies may create. They are used to constantly send information between the browser and the website in both directions, and in case that a hacker or another unauthorised person interferes during the sending of the data, then the information containing cookies may be intercepted.
In infrequent cases this may happen if the browser connects the server by using a non-encrypted network (e.g.: a wireless network not protected by a password).
Another type of attacks based on cookies requires wrong settings of the cookies in the server. If a website does not require from the browser to use only encrypted channels, hackers may use this vulnerability to cheat the browsers in the sending of information through the unprotected channels. Then hackers use the information for the purpose of unauthorised access to certain websites. It is very important that you are careful in the choice of the most appropriate protection of the personal data.
ADVICES FOR SECURE AND RESPONSIBLE COOKIE BASED BROWSING
Disabling cookies will disallow the user’s access to the most popular and used sites, including but not limited to Youtube, Gmail, Yahoo and others.
PERIODS, FOR WHICH WE STORE COOKIES DATA
Questions and requests related to the rights of protection of your personal data may be addresses to us through the contact form available in the Site or by any of the specified forms of contact:
Muzeiko EOOD, uniform identification code 202772419, having its seat and registered address at: 3. Prof. Boyan Kamenov str., Sofia, contact phone number, correspondence address: 3. Prof. Boyan Kamenov str., Sofia, contact phone number 02 902 0000, email: firstname.lastname@example.org
RESPONSIBLE DATA PROTECTION OFFICER
The responsible data protection officer is Toni Valentinov Pachevski
Correspondence address: 3. Prof. Boyan Kamenov str., Sofia
Contact phone: 02 902 0000
© Muzeiko 2020 All rights reserved.