1. IntroductionIn this Personal Data Protection Policy MFG, “we”, “us” or “our” shall mean „Management Financial Group” JSC , and “you”, “your” and “user” shall mean visitors to our website – www.managementfinancialgroup.com.
This Personal Data Protection Policy shall explain and govern:
- how and when we collect your personal data, and what information we collect;
- how and why we use your personal data; and
- your rights to control your personal data.
We may amend this Policy from time to time in order to comply with applicable laws and regulations or meet changing business requirements. You are encouraged to periodically review this page for the latest information on our privacy practices and amendments to our Personal Data Protection Policy. Every time we make an amendment to the Policy, we will notify you of possible effects of the amendment without delay and in summary on our website www.managementfinancialgroup.com and at the Company’s office located in the City of Sofia, Lyulin District, 7 Lyulin residential complex, Silver Center, 28 Jawaharlal Nehru Blvd., Floor 2, Office № 40-46.
2. General Information.2.1 Some terms for better understanding of this Policy:
- “Personal Data” – means any information relating to a natural person, which separately or in combination with other information, may result in their identification or may identify them.
- “Data Subject” – means any alive natural person who is identified or identifiable by means of processed personal data.
- “Personal Data Processing” – means any action that we carry out or may carry out with your personal data, including but not limited to their collection, analysis or destruction.
- “Data Controller” – with regard to personal data it controls, this is MFG. We define the purpose of your personal data processing, on any of the legal grounds to this effect; in principle, we also define the methods for such processing – for example, the technical infrastructure and applications used for the processing. We assume the responsibilities with regard to the security and protection of your personal data.
- “Data Processor” – this is a third party that processes your personal data upon our assignment, whereas MFG has strictly defined the purpose and methods of processing and has verified whether the entity meets the requirements of GDPR. For example, such data processor may be an agency, which is responsible for a marketing campaign of MFG in social media and issues reports for its success.
- “Personal Data Breach” means any breach of security, which results in accidental or unauthorized destruction, loss, change, unauthorized disclosure of or access to personal data that are transferred, stored or processed otherwise.
- “Digital Archives” – the website www.managementfinancialgroup.com, all landing pages supported by the Company, web, native and mobile applications accessible to customers.
MFG is a company, whose objects of activities include granting of loans with funds, which have not been raised through public attraction of deposits or other repayable funds, Financial leasing; acquisition of credit claims; provision of investment management services, management, consultancy, including business management consulting, investment and transaction consulting, risk analysis and management, market research, project management, and any other non-lawful activity, acquiring participations in any other financial institution, acquiring loan receivables, carrying out any other financial activity as permitted pursuant to Article 3 of the Credit Institutions.
2.3 How can you contact us?
MFG has its seat and registered office situated in the City of Sofia, Lyulin District, 7 Lyulin residential complex, Silver Center, 28 Jawaharlal Nehru Blvd., Floor 2, Office № 40-44 contact telephone: 0882 659 103. You can contact us by visiting us at the Company’s address specified above and on our website: www.managementfinancialgroup.com.
2.4 Who is the person within the organization responsible for the protection of my personal data and how can I contact him/her?
Data Protection Officer (“DPO”), e-mail:
2.5 Type, purpose and grounds of processing of personal data collected by MFG:
|Name and surname, telephone, e-mail||Making contact on the website of the Company – www.managementfinancialgroup.com;||Conclusion / performance of a contract for service|
Your personal data will be processed by MFG only in accordance with the applicable data protection regulations. When you communicate with us through any of the communication channels, you acknowledge that the data you have provided are accurate, correct and up-to-date.
We should inform you that any consent to processing your personal data may be withdrawn at any time by submitting a request in writing to the Company’s registered office situated in the City of Sofia, Lyulin District, 7 Lyulin residential complex, Silver Center, 28 Jawaharlal Nehru Blvd., Floor 2, Office № 40-46, and by sending an e-mail to:
2.6 For how long will my personal data be stored?
Personal data shall be stored for the time periods required to achieve the purposes for which they have been collected. After achieving the purposes for which personal data have been collected, we will destroy them immediately.
MFG shall take all necessary technical and organizational measures for the destruction of data that are no longer necessary, except in cases where there are legitimate grounds for MFG to process them for a longer period of time; when you make a request for restricting processing in accordance with your rights detailed below; or with a view to or compatible with the original purpose for processing of which you will be informed in a timely manner.
MFG shall store collected personal data within the following periods:
a) where data are processed on the basis of an existing contract for service – depending on the service provided in accordance with applicable laws;
b) where data are processed on the basis of consent – until the consent is expressly withdrawn;
c) where data are processed for the protection of realization of the Company’s rights and interests, which reasonably override the interests of natural persons – until the right is extinguished and/or interest no longer exists.
After the expiration of the said time periods, if there are no other grounds for the processing of the data, they will be erased. For the purpose of obtaining and analyzing information related to the products and services used by you, and improving customer service, the Company may erase only part of the data. In such cases, it shall continue to store such part of the data that does not allow natural persons to be subsequently identified.
2.7 Will my personal data be accessible to third parties?
The following categories of persons, that may be processors on the grounds of contracts entered into with the Company, may also have access to your personal data, namely:
- persons supporting the information systems of the Company located in the Republic of Bulgaria;
- persons entrusted with the activities related to drawing up, printing, compiling, delivery (including by SMS-messages or by electronic means) of written correspondence sent by the Company to its customers;
MFG does not transfer personal data to a third country or international organization outside the European Union.
2.8 How we protect your personal data?
To ensure adequate protection of the data of the Company and our customers, we apply all necessary organisational and technical measures provided for in the Personal Data Protection Act and the General Data Protection Regulation.
The Company has established structures designated to prevent misuse and security breaches, and has also appointed a Data Protection Officer supporting the processes related to protecting and ensuring the security of your data.
For the purposes of ensuring maximum security when processing, transferring and storing your data, we may use additional protection mechanisms such as encryption, pseudonymization, etc.
2.10 Your rights
As a data subject, whose data are processed by MFG, you shall have rights described in details below.
You should take into consideration that the provision of personal data is voluntary – it is necessary for the conclusion of a contract with the Company. In the event that data are not provided, the Company will not be able to provide a product or service.
MFG shall meet your requests without delay, within 30 calendar days after submitting them. By our decision, we provide or refuse access and/or information requested by the applicant, but we always justify our response. For the purpose of the website of the Company, there is a link to this Policy published on a clearly visible and accessible position.
Applications concerning the exercise of your rights shall be submitted:
- in person or by a proxy who has been expressly authorized by you through a notarized power of attorney at the Company’s registered office situated in the City of Sofia, Lyulin District, 7 Lyulin residential complex, Silver Center, 28 Jawaharlal Nehru Blvd., Floor 2, Office № 40-46
- electronically by sending an e-mail to:
Exceptions to the time period intended for satisfying the rights and the free of charge basis are allowed in cases of requests made by the same customer of data with a frequency greater than 3 times a year and requiring mobilization of a significant administrative resource on part of the Company. In this case, we may charge a reasonable fee with a view to the administrative costs incurred.
Where the data subject submits a request by electronic means, the information shall be provided, where possible, by electronic means, unless the data subject has not requested otherwise.
When the Company has reasonable concerns in relation to the identity of the natural person who makes a request for the exercise of their rights under this section, the directly responsible person shall immediately consult with the Data Protection Officer in view to the identification of the customer.
You should also consider that the withdrawal of consents provided does not affect the lawfulness of the processing of your personal data before such withdrawal. Despite the withdrawn consent, your personal data may be processed by the Company, if there are grounds for processing the data other than those referred to in Section 5.
You shall have the following rights:
10.1.1 Right to be informed
As a data subject, you shall have a right to obtain information on important features of the processing of your personal data, including, but not limited to its purpose, period and grounds, on the recipients and the categories of recipients of the personal data, etc.
In addition to the above information, you should consider that you are not a subject of automated decision making, including profiling.
In accordance with the applicable personal data protection laws, you have the rights specified below, and we are obliged to respond to each of your requests within 1 month of receipt of the request and for no extra charge. In case of any difficulties for the timely fulfillment of such requests, the period may be extended by another 2 months, of which you will be notified within 1 month of receipt of the request.
10.1.2 Right of access
You may request information on what personal data concerning you we process, and whether we process such. You may request access to such data.
We will provide you with a statement of personal data that are being processed. For additional statements we may adopt a reasonable fee on the basis of administrative costs. When you submit a request through electronic means, we will provide the information, where possible, in a widely used electronic form unless you have requested otherwise.
10.1.3 Right to rectification
If we process incomplete or incorrect personal data concerning you, you have the right to have such data rectified and completed at any time.
10.1.4 Right to erasure
You may request to have your personal data erased in the following cases:
- the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- you withdraw your consent on which the processing is based and there is no other legitimate grounds for the processing;
- you consider that the personal data have been unlawfully processed.
10.1.5 Right to restriction of processing
You have the right to obtain restriction of processing, if:
- you contest the accuracy of the personal data for a period enabling us to verify the accuracy of the personal data;
- the processing is unlawful, but you do not want the personal data to be erased and request the restriction of their use instead;
- we no longer need the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims
- you have objected to processing pending the verification whether the legitimate grounds of MFG for processing of the data override your grounds.
10.1.6 Right to data portability
You may request from us to provide you with the personal data concerning you that we process in a structured, commonly used and machine-readable format and which can be transmitted to another financial institution for example. This shall apply, provided that
- the processing of the particular data is based on your consent or is in relation to conclusion and performance of a contract for service; and
- the processing is carried out by automated means.
You have the right, at any time and on grounds relating to your particular situation, to object to processing of your personal data.
When you have given your consent to the processing of data for the purposes of direct marketing, you have the right at any time to object to the processing of personal data without having to specify any grounds.
10.1.8 Right to lodge a complaint
Please contact us if you think that we have violated any applicable law on the protection of personal data in the processing of your data and as a result we have affected your rights. Surely, you also have the right to lodge a complaint with the Personal Data Protection Commission , which is a supervisory authority in respect of personal data protection, to the following address: city of Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd., tel. 02/91-53-518, e-mail: