Privacy Policy of Goodworky

GOODWORKY LTD.. processes the personal data of the data subjects to provide the maximum range of professional services related to communication and e-Learning. The data subjects are legally capable natural persons.

GOODWORKY LTD. owns and operates the Goodworky.com platform, where users can take e-Learning courses, share news, articles, ideas and topics and/or exchange other information, in which case GOODWORKY LTD. processes the personal data of the data subjects under Article 6 (1) (a) and/or Article 6 (1) (b) of Regulation (EU) 2016/679 of April 27, 2016.

The security of the personal data of the data subjects is a top priority in our work. In order to apply an adequate level of protection of the provided personal data, GOODWORKY LTD. follows the regulatory requirements for ensuring the appropriate technical and organizational measures to guarantee the security in the processing of personal data in accordance with the specified level of risk to the rights and freedoms of the data subjects.

When the legal basis for the processing is Article 6 (1) (a) of Regulation (EU) 2016/679 of 27 April 2016 the data subject gives explicit consent to the processing of his or her personal data for the specific purposes – communication and e-Learning. The data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. The withdrawal of consent shall not affect the execution of the contractual obligations by GOODWORKY LTD.

The personal data we normally process include name, email/username, password (when creating an account on the website of GOODWORKY LTD.), gender, age, address, educational/professional identity, online identifier, etc., as the case may be.

Subscribing to email notifications for activities on Goodworky’s site will be stored until the set criteria are deleted and receiving emails is rejected or the account is deleted.

The account will be deleted if it has not been used for two years.

GOODWORKY LTD. lawfully processes the personal data of the subjects. This processing is necessary to achieve the purposes – prodiding services for e-Learning. Without this data, the relevant services could not be provided by GOODWORKY LTD.

In order to ensure adequate data protection GOODWORKY LTD. applies all necessary organizational and technical measures provided for in the Personal Data Protection Act, Ordinance № 1 dated 30 January 2013 on the minimum level of technical and organizational measures and the admissible type of personal data protection, the guidelines and instructions of The Article 29 Working Party, as well as of the CPDP.

GOODWORKY LTD. has established structures to prevent misuse and security breaches.

For maximum security in the processing of personal data, GOODWORKY LTD. may use additional safeguards, which may include encryption or pseudonymization, etc.

GOODWORKY LTD. shall no longer process the personal data of the subject in accordance with the original purposes – when the processing is based on a contract, the personal data shall no longer be processed after termination of the contract with the subject, but the data will not be deleted before expiration of the regulatory data retention requirement. When the processing is based on the consent of the subject, GOODWORKY LTD. shall no longer process the personal data after withdrawal of consent and the data will be deleted without undue delay after withdrawal of the consent or until the expiration of the statutory data retention requirements. The statutory data retention regulations determining the data retention periods include, but are not limited to: the Electronic Communications Act for storing data for the needs of detection and investigation of crimes, the Accountancy Act (for storage and processing of accounting data), Law of Obligations and Contracts (limitation periods for filing claims), the acts determining the obligations for providing information to the court, competent state bodies and other grounds provided for in the current legislation. Without contradicting the above, deleting or anonymizing personal data is impossible if they are necessary for pending court, administrative proceedings, or proceedings to review a complaint of the data subject.

The data subject shall has the right to obtain:

• information as to whether or not personal data concerning him or her are being processed, the purposes of the processing, the categories of personal data and the recipients or categories of recipients to whom the personal data will be disclosed;
• communication in an easy to understand form about the personal data which are being processed as well as any available information as to their source;

In case we process incomplete or inaccurate personal data, the data subject shall have the right to request without undue delay from GOODWORKY LTD.:

• rectification/restriction/erasure of the personal data provided by the subject which have been unlawfully processed;
• to communicate any erasure, rectification or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The requests for access to or rectification of information shall be made by electronic form means.

GOODWORKY LTD. shall respond to the request within 30 days of submission of the request. That period may be extended to 90 days where necessary, taking into account the collection of all additional information necessary and the data subject shall be informed of any such extension without undue delay. GOODWORKY LTD. shall be obliged to give reasons where the controller does or does not intend to give access to the requested information.

The data subject shall have the right to object, if there is a legal basis, at any time to processing of personal data concerning him or her. If the objection is reasonable, the personal data of the data subject can no longer be processed.

The data subject shall have the right to request restriction of personal data processing if:

• the accuracy of the personal data is contested by the data subject - for a period in which the accuracy of the personal data is verified; or
• the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; or
• GOODWORKY LTD. no longer needs the personal data (for the purposes of the processing), but they are required by the data subject for the establishment, exercise or defense of legal claims; or
• the data subject has objected to processing and there is pending verification whether the legitimate grounds of the controller are legitimate.

The data subject shall have the right to receive from GOODWORKY LTD. the personal data concerning him or her, in an organized, ordered, structured, commonly used electronic form if:

• GOODWORKY LTD. processes the personal data based on consent which can be withdrawn or if the processing is necessary for the performance of a contract; and
• the processing is carried out by automated means.

If the data subject considers that GOODWORKY LTD. infringes the applicable personal data protection regulation the data subject may contact the company to clarify this matter. The data subject shall have the right to lodge a complaint with the competent supervisory authority, namely the Commission for Personal Data Protection in Republic of Bulgaria. After 25 May 2018, such a complaint may be lodged with a supervisory authority within the EU.

At any time the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information about their processing and on his or her rights in this regard.

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where Article 17 of the Regulation (EU) 2016/679 of 27 April 2016 applies.