PlanDelta
Privacy Policy

I. PURPOSE

The purpose of this Privacy Policy is to describe what information we at PlanDelta collect, use and sometimes share about you through our online interfaces (e.g., websites and email) owned and controlled by us, including plandelta.com and all subdomains (collectively referred to herein as the “Site”).

At PlanDelta, we believe that you should have control of your data. Control starts with information. This is why you should know what data we collect from you and how we use it.

II. WHO ARE WE

PlanDelta is a Bulgarian company (“PlanDelta” OOD, EIK 206543275, VAT number: BG206543275), company registered under the Laws of Republic of Bulgaria with headquarters in 1404 Sofia, Bulgaria, company address: 109 Bulgaria Boulevard, Manastirski Livadi. (herein referred to as “PlanDelta”, “we”, “us”, “our”).

III. ABOUT THIS PRIVACY POLICY

This Privacy Policy (“Privacy Policy”/ „Policy“) describes how we collect and use your personal data in relation to the provision of our Services as defined in our Terms of Use (“Agreement” / “Platform Agreement”) and what are your rights as data subjects.

At PlanDelta, we value your privacy and your rights under the Data Protection Legislation (incl. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (”the GDPR”), the UK-GDPR and any other local data protection law of the countries where PlanDelta operates). In that regard, we recommend that you carefully read the present Privacy Policy, as it describes why and how we process your personal data at PlanDelta.This Privacy Policy applies to personal data we collect about you when you use:
  • our website “https://PlanDelta.com/” (the “Website”);
  • the PlanDelta platform;
  • when we contact you to promote our products and services.
  • A separate agreement governs (i) delivery, type, access and use of our Services (the “Terms of Use”) and (ii) processing of any information, files, and personal data provided to us by our Clients or other content collected and uploaded by the Clients in the PlanDelta Account in their capacity as Data Controllers (the Data Processing Addendum/ “DPA”).
  • our website “https://PlanDelta.com/” (the “Website”);

IV. DEFINITIONS

“Personal data” means any information relating to an identified or identifiable natural person. *For ex.
your names, your IP address, your address, your passport number, etc. *

“Processing of personal data” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means. For ex. when we collect your IP address, we are processing your data.

“Controller” means the legal entity, which is responsible for the processing of your personal data. For ex. PlanDelta OOD is the Controller of your personal data for the processing activities, mentioned in this Privacy Policy.

“Processor” means the legal entity that processes your personal data on behalf of the Controller of your data. For ex. PlanDelta’s service providers (sub-contractors) are sometimes Processors of your personal data on our behalf.

“Data subject” means the natural person, whose data is being processed by the Controller and/or the
Processor. *For ex. you are considered the data subject, when we process your personal data for the purposes listed in this Privacy Policy. *

“PlanDelta Client(s)” or “Client(s)” or “Company” means legal entities that have accepted our Terms of Use and have successfully opened a PlanDelta Account.

“User” means a person who has been granted access to a PlanDelta account. For ex. employees of PlanDelta Clients are designated by them as Users.

“Admin” means a User with exclusive rights over the PlanDelta account, such as uploading and editing data, managing access, etc.

All other terms used in this Privacy Policy shall have the meaning set out in the Agreement, and if they have not been defined there, they shall have the meaning set out in the GDPR or the other applicable legislative acts.

We, the aforementioned controllers, are responsible for processing your personal data for the purposes under this Policy and have therefore concluded a specific and separate data processing agreement in accordance with the requirements of the GDPR.

V. OUR DATA PROTECTION OFFICER

At PlanDelta we have appointed a Data Protection Officer (“DPO”), who shall be responsible to oversee our data protection compliance, answer your concerns and assist you in exercising your rights under the GDPR. Our DPO is available to contact at:

Address: 109 Bulgaria blvd, 1404 Sofia, Bulgaria

E-mail: dpo@PlanDelta.com

Contact person: Laska Hristova

VI. PERSONAL DATA WE PROCESS ABOUT YOU

At PlanDelta we shall collect your personal data when you:
  • register as a user on our website;
  • submit an application to open a PlanDelta account;
  • use the PlanDelta platform;
  • participate in conversations with us;
  • participate in surveys related to our products and services;
  • communicate with our Sales or Customer Success teams;
  • we contact you to promote our products and services;
  • participate in our webinars and/or podcasts.
Categories of personal data

At PlanDelta we process the following categories of personal data related to you:
  • contact data, such as first name, last name, e-mail address, phone number;
  • data about your device (for ex. If you are using a computer or a mobile device);
  • your PlanDelta userID (this ID is assigned to you by our systems when you register for the first time on our website);
  • your identification documents, such as your passport, your ID card, your driving license;
  • data collected from your device, such as your IP address, your log-in information, version and type of your browser, version and type of your operational system; your mobile device operational system and version;
  • information about your visit, such as your navigation through our platforms, your activity on our platform (for ex. the pages you visit) and information about the length of your session;
  • information stored on your computer or mobile device in the form of “cookies” – for more information on the types of cookies we use, please see our Cookie Policy);
  • biometric data, such as your video image and/or your voice when you participate in our webinars or contact our Sales or Customer Success teams by phone;

VII. OUR LEGAL BASIS TO PROCESS YOUR PERSONAL DATA

In order to process your personal data, we must have a legal basis to do so. Below you can find what are our legal bases to process your personal data in certain situations:

Legitimate interest

In some cases, PlanDelta has legitimate interest in processing your personal data. Before identifying a legitimate interest, we perform an assessment to see if the legitimate interest we pursue does not overwrite your rights and freedoms.Example: Sometimes, we could process your personal data for establishment, exercise or defense of legal claims
related to PlanDelta’s rights and legal interests, including by legal proceedings.

Consent

We can also process your personal data, if you have given us your free, unambiguous, and specific consent to do so.

VIII. CATEGORIES OF DATA SUBJECTS

When providing and/or promoting our Services in accordance with our Terms of Use and this Privacy Policy, we may collect and process your personal data if you are one of the following:
  • an authorized representative (incl. managers, directors, proxies, legal representatives, UBOs, etc.) of a PlanDelta Client;
  • an employee of a PlanDelta Client;
  • someone, who has provided feedback (incl. registered a complaint, submitted a request, asked a question or other type of correspondence in relation to the Services);
  • a visitor on our Website;
  • a prospect we contacted to promote our products and/or services.

IX. PURPOSES FOR PROCESSING YOUR DATA

When registering a PlanDelta Account or registering as a User – To register a PlanDelta Account as an
Administrator or to complete your registration as a User on our website. You shall provide details such as name, email address, phone number, and job title/role in the Company along with details about the Company you are representing/ working for (e.g. company name, company number, VAT number if applicable, registered address, etc.). We clearly indicate in our registration forms whether the provision of the data is mandatory or voluntary to be provided. You can choose not to provide us with certain information, but then you may not be able to register with us or to take advantage of some of our features. In addition to the above information, we process IP addresses and
time of performance of the respective statement/action, relevant for the registration and the conclusion, performance, amendment or termination of the Agreement.

Invitation as User – If you are an employee, contractor, agent or other individual that works for a Company that has a PlanDelta Account, that Company may invite you through its PlanDelta Account to register as a User so as to grant you access to the PlanDelta Account and to authorize you to use the Services on its behalf. To create a new User account in PlanDelta, the following information needs to be submitted: name and email address. To invite you to register as an Administrator of the Company, you need to submit information about your name and email address to the PlanDelta Platform.

Where you act as a Company’s User or Administrator, we may process all or some of the above-specified personal data to perform Company’s registration, maintaining and ensuring access to the PlanDelta Account and activities related to the conclusion, amendment, performance and termination of the Agreement; We also process your information for communication with you, including by email, necessary for the provision of the Services in accordance with the Terms of Use and/or for notifying you about changes in the Services or other relevant for the use of Services issues;

Log information processed for the purposes of security, technical maintenance, development, etc. – PlanDelta Platform uses logs in order to ensure the reliable functioning of the Services, to detect technical problems, to ensure the security of the Services and to detect malicious activities.

Personal data received and collected from correspondence, complaint and signals – For the purposes of administering, managing and responding to complaints, signals, requests, queries and other communications addressed to us through our Website, post, email, phone or through other communication channels, we collect and process the information submitted to us (incl. names, email, telephone, address etc.), as well as details regarding the results from their processing (e.g. responses, further correspondence, related details, etc.).

To ensure the effective and secure functioning of our Services – We will process your personal data for the maintenance and administration of our Services. This includes activities related to detection and prevention of malicious activities; detection and repair of technical or functionality related issues; prevention of unauthorized access to the Services; as well as improvement of the functioning and the quality of the Services.

**For the establishment, exercise or defense of legal claims related to PlanDelta’s rights and legal
interests.** We will process your personal data to protect and exercise the legitimate interests of PlanDelta, the Issuers, the Company, Administrators, Users, or third parties as PlanDelta’s contractors or employees or providers of Integrated Services. Your data may also be processed to assist Issuers, the Company, Administrators, Users, or third parties as PlanDelta’s contractors or employees or providers of Integrated Services for establishment, exercise or defense of legal claims.

We may process your data for the purposes of collection of receivables payable to PlanDelta, including in execution proceedings; as well as debt collection (incl. via third parties such as debt collection companies) and debt assignment.

Personal data received through recorded phone calls with you – for the purposes of improving our services. In order to improve our services and processes, we record the phone calls with the employees of our Clients and/or our Client’s representatives.

Cookies for improving our Service – We may from time to time use cookies. To become aware of what types of cookies we may use, for what purposes and how to control their use, please check our Cookie Policy.

Statistical purposes – We may process your personal data for statistical purposes. Such processing will result in aggregated data, which will help us improve and/or develop the services and functionalities we offer.

To perform our direct marketing activities – We will use your personal data to provide you with information about our products and services that you might be interested in. In cases where you are acting as Company’s User or Administrator or in cases where you have contacted us at first and you have provided us with a means of contacting you and have indicated respective interest, we may process the information provided by you for direct marketing activities such as sending marketing communications, offers and other similar news and updates. In such a case, you clearly and distinctly will be given the opportunity to object, free of charge and in an easy manner, to such use of electronic contact details at the time of their collection and on the occasion of each message in case you have not initially refused such use. Also, if you do not want to receive communications from us, you can indicate your preference at any time by unsubscribing or by sending an email to: dpo@plandelta.com

X. HOW WE COLLECT YOUR PERSONAL DATA

We shall not use any personal data, unless it has been voluntarily provided, entered or uploaded by you personally.You are not allowed to enter third party personal data, including sign up a third party (Users, Administrators, employees, etc.,) without due authorization by such a third party. It is your sole responsibility to provide and guarantee that the processing activities performed by you and the provision of third party personal data are compliant with the requirements of the applicable data protection legislation.

XI. HOW WE PROTECT YOUR PERSONAL DATA

Your personal data is contained behind secured networks and is only accessible by a limited number of persons whohave special access rights to such systems, and are required to keep the information confidential and that they areproperly trained and authorised. We also take appropriate technical and organisational measures to protect yourpersonal data against loss or other forms of unlawful processing.

XII. WHAT WE DO IN THE EVENT OF BREACH?

In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration,
unauthorised disclosure of or access to personal data, the controller shall promptly assess the risk to the data subjects’ rights and freedoms and report the breach to the competent supervisory authority within 72 hours after having become aware of it. We will record all data breaches regardless of their effect in accordance with our Incident Response & Training Plan. If the breach is likely to result in a high risk to data subjects’ rights and freedoms, we shall notify all affected individuals as soon as practically possible that there has been a breach and provide them with more information in a clear and plain language about the likely consequences and the measures that have been taken.

XIII. WHO WE SHARE YOUR PERSONAL DATA WITH?

We may share your personal information with:

The Company and other Company’s Users and Administrators – The data stored into the PlanDelta Account, such as the data about Administrators, Users, Cardholders, requested Services, expenses and other details uploaded or generated within the Company’s PlanDelta Account, are available to that Company and to other Company’s Users and
Administrators who have access to the PlanDelta Account as determined with their access permissions.

Fraud-prevention agencies – we may disclose or share your personal information with fraud prevention agencies or other fraud prevention bodies, who assist us to combat fraud.
Where required by law – We may store and disclose any information that is necessary to comply with applicable law or court order. In such cases we may disclose personal data to competent state and court authorities, auditors or other types of recipients provided by law.

**Where necessary for protection of the rights and legal interests of PlanDelta or for rendering assistance to third parties for protecting their rights and legal interest ** – when your personal data is necessary to enforce or apply our Agreement, to protect the rights, property, or safety of PlanDelta and/or to establish, exercise or defend a legal claim as well as we may disclose your personal data to attorneys and legal consultants; bailiffs; notaries or persons performing similar public functions; competent authorities.

Suppliers and subcontractors – We may use service providers as specialized data centers for reliable and secure colocation of server and network equipment, providers of quality assurance testing services, providers of technical support, cloud service providers, etc. When working with such suppliers and subcontractors, they act as Data Processors on our behalf, and PlanDelta engages into contractual relations with them, which include obligations for the Processors to strictly comply with our instructions, in accordance with this Policy, the Terms of Use and the applicable data protection rules.

Some of our suppliers and service providers that we may share your personal data with act as Data Controllers and determine on their own or by virtue of the applicable law their own purposes to process personal data. For example, such providers are electronic communications service and network providers that are necessary for the Internet connection and communications between us, banks and other payment processing companies that we use to receive payments, postal services, etc. In such cases, we share personal data only to the extent that is necessary for the performance of the data processing purposes specified in this Policy and only as far as we have a respective legal
basis for sharing that personal data.

In other cases, required by law – We might share your personal data in any other cases as required and to the extent permitted under applicable law.

XIV. TRANSFERS OF DATA

PlanDelta applies the storage limitation principle, namely stores personal data in minimal volume and for a period no longer than the necessary for the purposes for which they are processed, ensuring that they are stored securely and in compliance with the applicable legislation.We store the categories of personal data listed above as follows:
Type
Storage Period
Data provided with respect to the registration of PlanDelta Account, invitation and registration of a User; Contractual information, incl. data related to the use of the Services; Instructions and logs of data processing operations; Correspondence related to the use of the Services.
For the period of the duration of the contractual relationship between Company and PlanDelta and up to the elapsing of the limitation period for civil law claims (e.g. at least 5 years following the termination of the Agreement) under the applicable legislation, unless longer retention period applies as per this Privacy Policy or the applicable legislation.
Financial information related to the use of Services (incl. invoices and other accounting details)
For the entire period of maintaining the PlanDelta Account and up to 5 /five/ years from termination of the registration or up to 10 /ten/ years as of the beginning of the year following the one in which payment is due for the respective year (the longer period apply)
Personal data related and gathered in the context of our activities as Agent/Card Distributor
For the entire period of maintaining the PlanDelta Account and up to 5 /five/ years from termination of the registration, unless a longer retention period is established under the applicable legislation.
Correspondence, complaints and signals
For up to 5 /five/ years after the completion of the correspondence and/or the final resolution of the correspondence related case, if there is no applicable contractual relationship.
Logs related to security, technical maintenance, development, etc.
Up to 1 /one/ year, unless such data is determined a different storage period in this Policy.
Notwithstanding the data retention periods set out above, it is possible that:
  • a specific legal dispute or procedure arises (e.g. litigation, arbitration, administrative proceedings, etc.), requiring the data to be retained after the retention periods have elapsed;
  • we receive a mandatory instruction from a competent public authority to preserve certain data/ content.
In such cases, the personal data will be preserved in accordance with the retention periods specified by the competent authority or up to 5 years after the final settlement of the dispute or proceedings before all instances, including the settlement of the respective execution proceedings.

If any law or other legislative act requires the storage of the personal data for a period longer than the one specified above, the legally established longer term shall apply to their storage.

Information uploaded and stored in the PlanDelta Account such as information included in stored documents, signatures is under the control of the Company and shall be available until its deletion by the Company or until the termination of the PlanDelta Account (whichever event is the earlier one). Information regarding statements for payment transactions with Cards and balances could be available in the PlanDelta Account only until the termination of the contractual relation between the Company and the Issuer or until the termination of the PlanDelta Account (whichever event is the earlier one).

XVI. PLANDELTA FOR GOOGLE SHEETS INTEGRATION

PlanDelta for Google Sheets App use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

The following permissions are required in order for the app to run:
  • Access your primary Google Account - email address, personal info, including any personal info you've made publicly available and to associate you with your personal info on Google so that we can identify you.
  • See, edit, create and delete all your Google Sheets spreadsheets so that we can create, edit and keep your spreadsheets up to date.
  • Display and run third-party web content in prompts and sidebars inside Google applications to open up a sidebar for you to configure your report filters and settings.
  • Connect to PlanDelta service so we can bring in your PlanDelta account data.

XVII. YOUR RIGHTS

Below you can find your rights regarding the processing of your personal data:

Right of information. This Policy aims to inform you in detail about the processing of your personal data by PlanDelta.

Right of access. You are entitled to receive confirmation whether your personal data is being processed, to receive access to such data, as well as information about the processing and your rights.

Right of rectification. You are entitled to have your data rectified in case it is incomplete or inaccurate. Your data may be rectified by us upon your request.

Right of erasure. You have the right to ask for your data to be erased/deleted when we no longer have a legal basis to keep it in our systems.

Right of restriction of the processing. The GDPR and the UK-GDPR provides for the possibility of restricting your personal data processing in case there are grounds for this as set forth therein.

Right of data portability. You have the right to receive the personal data you have provided, and which is related to you in a structured, commonly used, machine-readable format, and to use such data with another controller at your discretion, if the conditions provided for in the GDPR and the UK-GDPR are present.

The right not to be subject to a decision based solely on automated processing, including profiling which produces legal effects concerning you or similarly significantly affects you unless there are grounds provided for in the applicable data protection legislation, as well as appropriate safeguards to protect your rights, freedoms and legitimate interests.

Right to withdraw consent. You have the right to withdraw at any time your consent for personal data processing that is based on prior given consent. Such withdrawal shall not affect the lawfulness of the processing based on consent before its withdrawal.

Right to object. You have the right to object, in respect to data processed, based on legitimate interest. In the event of such an objection we will examine your request and, if justified, we will comply with it. If we believe there are enough legal grounds for the processing or where necessary for establishing, exercising or defending legal claims we will inform you accordingly. You have an absolute right to object against personal data processing for marketing purposes.

XVIII. HOW TO EXERCISE YOUR RIGHTS

If you wish to access, delete (when applicable) or correct your personal information please, address your requests and complaints to any of the above mentioned Controllers at dpo@PlanDelta.com or at the following addresses:

109 Bulgaria blvd, 1404, Sofia, Bulgaria

Please state clearly in the subject that your request concerns a privacy matter, and more specifically whether it is a request to access, correction, deletion or else. Bear in mind that we may ask for additional information to determine your identity.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort, risk the privacy of others, or would be extremely impractical. Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort.

XIX. SUPERVISORY AUTHORITY

If you think we have infringed your privacy rights, you can lodge a complaint with the supervisory authority:

The Bulgarian Commission for personal data protection:

2, Prof. Tsvetan Lazarov blvd. 1592 Sofia

Tel: +359 2 915 3580 or +359 2 915 3548
Fax: +359 2 915 3525
Email: kzld@cpdp.bg

https://cpdp.bg

You can also lodge your complaint in particular in the country where you live, your place of work or place where you believe we infringed your right(s).

The list of all data protection supervisory authorities for each EU member state is available here: https://edpb.europa.eu/about-edpb/about-edpb/members_en

XX. CHANGES TO THIS POLICY

We’ll post any changes we make to our privacy notice on this page and, if they’re significant changes we’ll let you know by email. We are constantly trying to improve our Services and need to comply with all the changes in the applicable data protection legislation, so we may need to change this Privacy Policy from time to time as well, but we will alert you to changes by placing a notice on: https://PlanDelta.com, by sending you an email, and/or by some other appropriate means.

Privacy Policy last update: June 14, 2024