Subject: the use of the online insurance portal 24ins.bg.

Effective as of 20/05/2018.

This website www.24ins.bg www.24ins.bg is owned by Broker Ins Ltd. and is administered by the Company in compliance with the provisions of the Personal Data Protection Act and the related legal framework, including, without limitation, Regulation (EU) 2016/679 (“GDPR”).

This document describes the manner in which Broker Ins Ltd. collects and processes the information collected by users through the website www.24ins.bg and through using the services offered on the website www.24ins.bg. This document refers to the use of all services offered by 24ins. If you do not agree with this policy, please do not accept to use our services or any other aspect of our business.

The updates of this privacy policy reflect the latest changes in the Personal Data Protection Act and aim to provide a clearer idea to the users of how 24ins.bg administers all personal data of the users.

APPLICABILITY

This privacy policy applies to all products and services offered by Broker Ins through 24ins.bg and our mobile applications This privacy policy applies to all products and services offered by Broker Ins through 24ins.bg and our mobile applications

This Privacy Statement does not apply to any third party applications or software that integrate with the Services of 24ins.bg or with other products, services or business of any third parties.

USER DATA COLLECTED AND PROCESSED BY 24ins.bg

Personal information for identification

We collect personal information for identification from users in a variety of ways, including, without limitation, when users visit our websites, register on the websites, and in relation to other activities, services, features, or resources that we provide on our websites. Users may be asked for a name, email address, physical address, or payment information. We collect personal identification information from Users only if they voluntarily provide us with such information. Users may always refuse to provide personal information for identification, except where this may prevent them from performing certain website-related activities. We will never submit any personal information to third parties and will not use your name or company name in any marketing statements without your permission in writing.

Information not defined as personal

We collect information for identification that is not personal, from the users when they interact with our websites. Non-personal information for identification may include the name of the browser, the type of computer and technical information on how users of our sites may use it, such as the used operating system, internet service providers and other similar information.

Other information

Metadata - when users interact with our services, metadata is generated to provide additional information about how users interact with our websites.

Current records (Log data) - Our Services will automatically collect information when users access or use our websites or services and record them in Logs. The log data may include IP address, previously visited web page addresses, browser type and settings, time and date when the services have been used, browser and add-on configurations, data on language and cookies.

Device information – 24ins.bg collects information about your computer, telephone, tablet or other devices that you use to access our services. This device information includes your connection type and settings when you install, access, update or use our services. In addition, we collect information through your device about your operating system, browser type, IP address, URLs of redirect / exit pages, device IDs, and crash data. We use your IP address and / or country preference to approximate your location in order to provide you with a better service. How much of this information we collect depends on the type and settings of the device that you use to access the Services.

Location information – 24ins.bg will receive this information from users during registration, as well as from our partner providers, so that we can approximately find out your location.

Use of cookies

Our websites may use cookies to improve the user experience. The user's web browser places cookies on the hard drive for record-keeping purposes and sometimes for the purposes of tracking information about them. Our websites may use cookies to improve the user experience. The user's web browser places cookies on the hard drive for record-keeping purposes and sometimes for the purposes of tracking information about them. The user can choose to set their web browser to refuse cookies or to warn you when cookies are sent. If you do so, keep in mind that some parts of the website may not work properly.

How 24ins uses the data stored

For customization of the user experience, we may use aggregate information to understand how our users as a group use the services and resources provided on our website. In order to improve our website, we are constantly striving to improve the web services we offer, based on the information and feedback that we receive from users. Improvement of customer service. Your information helps us respond in a more efficient manner to your customer service requests and support needs. To administer content, promotion, research or other function of the website. To send information to users that they agree to receive on topics that we believe will be of interest to them. The email address provided by users will only be used to respond to their inquiries and/or other requests or questions. If the user decides to be included in our mailing list, he/she will receive emails, which may include company news, updates, related information about the product or service, etc. At any time, the user may wish to opt out of receiving further emails, as the unsubscription instructions are at the bottom of each email. If required under a law, legal proceeding or regulation. For billing, account management and other administrative matters. For investigative and preventive measures against misuse of websites. We use information about users from whom we have obtained consent for a specific purpose, which is not specified above. For instance, we may post references or include client stories to promote our services. We will always ask for consent before publishing any information for promotional purposes.

SHARING AND DISCLOSURE OF INFORMATION

24ins.bg will disclose or share information about users for the following purposes only:

• User request: 24ins.bg will share all user data based on the request and instructions of the user.
• Legal compliance: Upon request from an authorized legal body, 24ins.bg may disclose information about a user, which it deems as compliant with or required by the applicable legislation.
• Enforcement: 24ins.bg reserves the right to disclose information about a user in order to investigate, prevent or take action against any illegal activities, suspected fraud or situations that pose a physical threat to individuals.
• Consent: 24ins.bg may share user information with other third parties in cases where we have obtained the consent of the users to do so.
• Third-party service providers and partners: 24ins.bg works with third-party providers and partners to provide website and applications, hosting, maintenance, archiving, storage, virtual infrastructure, payment processing, analysis and other services for the sites, access or use of user information. If a service provider needs to access user information in order to provide services on behalf of 24ins.bg, it shall do so by following the instructions of 24ins.bg, including in compliance with the rules and procedures designed to protect user information. 24ins.bg is aware that our third-party service providers and partners comply with the GDPR. If you have any additional questions about our third-party providers, please email us for further information.
• Services through which users connect to their account: 24ins.bg receives information when users allow services of third parties to integrate with our services. An instance of such a service is the use of Google identification data to log in to your user account in 24ins.bg. 24ins.bg will receive the names and e-mail address of the user, as allowed by the user settings in Google. The information that 24ins.bg receives when users connect or integrate our services with third party services depends on the settings and privacy policy controlled by the third party. We strongly recommend users to check in detail the privacy settings of all services from third parties in order to understand what types of data may be disclosed or shared with 24ins.bg.
• Operational partners: 24ins.bg works with third partners, providing information on payments, invoicing and technical services in order to deliver solutions to users. 24ins.bg may share user information with these third parties in relation to their services.
• Links to third-party websites: The services of 24ins.bg may include links that redirect you to other websites or services whose privacy practices may differ from ours. What you send to these third-party websites is administered by their privacy policy and does not fall within the scope of the privacy policy of 24ins.bg.
• Widgets of third parties: Our services may include widgets and social media features, for instance the Twitter button "tweet". These widgets and features collect your IP address and may set a cookie to allow the feature to function properly. Widgets and social media features are hosted by a third party or are hosted directly on our servers. The interactions of the users with these functions are regulated by the privacy statement of the company that provides them and are not regulated by the privacy statement of 24ins.bg.

The activities of 24ins.bg require our employees to have access to the systems that store and process user data. This is aimed at better service and rectification of any potential problems. For instance, in order to diagnose a problem that users may have with the services of 24ins.bg, our employees may need access to your user data. All employees are prohibited from viewing user data for any reason, unless this proves absolutely necessary.

DATA DELETION

When users delete their accounts, there are different scenarios for how the data will be treated, as described below:

Complete deletion of data will occur after 90 days. Please read "Data Retention" below for further details on data retention for 90 days.

Users may at any time request the deletion of their personal data. If such request is submitted, the data will remain in the archives and operational cycle that we maintain to ensure that we will not store the data in the form of back up copies for a period longer than 90 days. Users may send an email to [email protected] in order to request the deletion of data. However, if Users request deletion of their data, we urge users to delete their account, as this will help initiate the process.

If 24ins.bg deletes an account due to inactivity, the above scenarios will apply.

DATA RETENTION

Storage and security of information 24ins.bg uses hosting service providers in the USA, EU and Bulgaria to store collected information and we apply technical measures to provide all data. Regardless of the overall security measures and precautions that 24ins.bg applies to protect data, no infallible security system exists and due to the nature of the Internet 24ins.bg cannot guarantee absolute security of the data during transmission over the Internet or as long as they are stored in our systems or otherwise under our care. 24ins.bg applies certain policies in the event of such situation and will respond to requests in that regard within a reasonable time.

How long we store the information

How long we store the information we collect from you depends on the type of information, as described in more detail herein below. Afterwards we will do our best to delete the information or, if this is not possible (for instance, because the information has been stored in recovery archives), we will securely store your information and isolate it from any other use until deletion becomes possible.

• User account information: we retain user information for up to 90 days after deleting the account. 24ins.bg maintains this practice for the following reason:
• In the event that the user's account has been compromised and intentionally deleted. 24ins.bg will help maintain and restore the data so as to solve the problem.
• Account incorrectly deleted by users. In such case, 24ins.bg will be able to recover user data.
• Different data storage and backup systems have in place different policies as regards the retention period, retaining the information for a maximum of 90 days. For instance, database recovery archives are encrypted, incremental, and ready for recovery within 30 days. It is not possible to delete user data within 1 minute from precisely encrypted recovery archives.
• If the user has initially requested to cancel his/her account, but has later decided otherwise. The user will be able to recover all data if an account is reactivated within 90 days of the initial deletion
• 24ins.bg may retain some of the user data if required to comply with legal obligations, resolve disputes, enforce our agreements, support business operations and continue to develop and improve our services. When we retain information for the purpose of improvement and development of services, we take steps to remove information that directly identifies specific users and use group user behavior information only, without using personal or private information.

Information on promotions and marketing data

If users have opted for and given their consent to receive marketing, promotional and reminder emails from 24ins.bg, we retain information about the marketing preferences of users, unless we have specifically requested to delete them. 24ins.bg stores information received from cookies and other tracking technologies for a reasonable period of time from the date on which such information was received.

CHILDREN:

We do not collect personal information from children under the age of 14. If we learn that we have collected personal information from a child under the age of 14, we will take steps to delete such information as soon as possible. If parents and/or legal representatives of children find that children under their guardianship have provided their data to 24ins.bg, please contact us at the contact addresses specified in this policy. We will delete the information as soon as possible.

VALIDITY AND UPDATE OF THE POLICY

We may periodically update our Personal Data Protection Policy. In the event of a change in this policy, a notice will be published on our website, as well as the updated Personal Data Protection Policy.

CONTACT DETAILS

IF YOU WISH TO CONTACT US ON ANY ISSUES RELATED TO THIS POLICY OR TO PERSONAL DATA PROTECTION AT 24ins.bg, PLEASE CONTACT US VIA THE FOLLOWING MEANS: email address: [email protected]

DECLARATION OF CONSENT FOR THE COLLECTION, USE AND PROCESSING OF PERSONAL DATA

I HEREBY DECLARE:
I agree to the processor of personal data at Broker Ins Ltd., Sofia, 3 Karnigradska Str., to collect, process, store and provide lawfully, in good faith and in a transparent manner my personal data, in the course of performance of any tasks related to the provision of the insurance intermediation service, in compliance with the requirements of Regulation (EU) 2016/679 and the Personal Data Protection Act.
I am informed by the data controller - Broker Ins Ltd., about my rights as a data subject:
1. I am aware of the data identifying the controller, as well as of his/her contact details.
2. I am aware of the purposes of the processing of my personal data, as well as the legal grounds for processing thereof.
3. I am aware of the time period for which my personal data will be stored, as well as of the criteria used to determine such time period.
4. I am aware/ informed of my right to request from the controller access to correct or delete my personal data or to limit the processing thereof, as well as of my right to object to the processing and of the right to data portability.
5. I have been warned that the provision of my personal data is a mandatory / contractual requirement necessary for the conclusion of a contract, as well as the possible consequences if such data are not provided.
6. I am aware of the possibility of withdrawing my consent at any time, without prejudice to the lawfulness of processing based on consent before the revoking thereof.
7. I am aware of my right to appeal to the supervisory authority in the event of violation of my rights.
8. I am aware of the possibility to exercise my right to data portability to another controller when this is technically feasible.
9. I have been informed of my right to object to the processing of my personal data for the purposes of direct marketing, which includes profiling as far as same is related to direct marketing.
10. I am aware of my right not to be the subject of a decision based solely on automated processing.
11. I have been informed that for the performance of my contract, information related to my personal data may possibly be provided to insurance companies, as well as to third parties, only when this is necessary for the provision of insurance intermediation services.
12. Any change in the requirements will be notified to the controller without delay.

Via mail: Sofia, 3 Karnigradska Str., 24ins.bg, for the Data Protection Officer