Privacy Policy of Goodworky

Contact information

"GOODWORKY" LTD., IDN 206601522, having its seat and registered office at: Sofia 1000, 13 Vesletz Str., registered under the VAT Act, Tel: +359 2 49180 00, Fax: +359 2 9433886, e-mail: office@goodworky.com

Contact information in Goodworky regarding protection of the personal data of our users: office@goodworky.com

We process personal data for the following purposes:

GOODWORKY LTD.. processes the personal data of the data subjects to provide the maximum range of professional services related to communication and e-Learning. The data subjects are legally capable natural persons.

GOODWORKY LTD. owns and operates the Goodworky.com platform, where users can take e-Learning courses, share news, articles, ideas and topics and/or exchange other information, in which case GOODWORKY LTD. processes the personal data of the data subjects under Article 6 (1) (a) and/or Article 6 (1) (b) of Regulation (EU) 2016/679 of April 27, 2016.

The security of the personal data of the data subjects is a top priority in our work. In order to apply an adequate level of protection of the provided personal data, GOODWORKY LTD. follows the regulatory requirements for ensuring the appropriate technical and organizational measures to guarantee the security in the processing of personal data in accordance with the specified level of risk to the rights and freedoms of the data subjects.

GOODWORKY LTD. processes personal data of the data subjects:

  • in compliance with the Terms of Service of Goodworky;
  • for the purposes of legitimate interests pursued by the company as a provider of e-Learning services and functionalities;
  • on the basis of consent of the data subjects which can be withdrawn at any time in the manner in which it was given;
  • to fulfil a task carried out in the public interest;
  • for the purposes of our legitimate interests, including our interests in providing innovative, personalized, safe and lucrative services to our users and partners, except where such interests are prevailed over by your interests or fundamental rights and freedoms that require the protection of personal data.

The processing of personal data is carried out for the following purposes:

  • to verify the identity of the data subject;
  • managing and provision of requested services, performance of contracts for services;
  • notification of everything related to the services you use, sending various notifications, notification of problems, errors or replying to requests, complaints, suggestions;
  • identify and/or prevent unlawful actions or actions in violation of the Terms of Service and/or this Privacy Policy;

When the legal basis for the processing is Article 6 (1) (a) of Regulation (EU) 2016/679 of 27 April 2016 the data subject gives explicit consent to the processing of his or her personal data for the specific purposes – communication and e-Learning. The data subject has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. The withdrawal of consent shall not affect the execution of the contractual obligations by GOODWORKY LTD.

The personal data we normally process include name, email/username, password (when creating an account on the website of GOODWORKY LTD.), gender, age, address, educational/professional identity, online identifier, etc., as the case may be.

Subscribing to email notifications for activities on Goodworky’s site will be stored until the set criteria are deleted and receiving emails is rejected or the account is deleted.

The account will be deleted if it has not been used for two years.

GOODWORKY LTD. lawfully processes the personal data of the subjects. This processing is necessary to achieve the purposes – prodiding services for e-Learning. Without this data, the relevant services could not be provided by GOODWORKY LTD.

In order to ensure adequate data protection GOODWORKY LTD. applies all necessary organizational and technical measures provided for in the Personal Data Protection Act, Ordinance № 1 dated 30 January 2013 on the minimum level of technical and organizational measures and the admissible type of personal data protection, the guidelines and instructions of The Article 29 Working Party, as well as of the CPDP.

GOODWORKY LTD. has established structures to prevent misuse and security breaches.

For maximum security in the processing of personal data, GOODWORKY LTD. may use additional safeguards, which may include encryption or pseudonymization, etc.

GOODWORKY LTD. shall no longer process the personal data of the subject in accordance with the original purposes – when the processing is based on a contract, the personal data shall no longer be processed after termination of the contract with the subject, but the data will not be deleted before expiration of the regulatory data retention requirement. When the processing is based on the consent of the subject, GOODWORKY LTD. shall no longer process the personal data after withdrawal of consent and the data will be deleted without undue delay after withdrawal of the consent or until the expiration of the statutory data retention requirements. The statutory data retention regulations determining the data retention periods include, but are not limited to: the Electronic Communications Act for storing data for the needs of detection and investigation of crimes, the Accountancy Act (for storage and processing of accounting data), Law of Obligations and Contracts (limitation periods for filing claims), the acts determining the obligations for providing information to the court, competent state bodies and other grounds provided for in the current legislation. Without contradicting the above, deleting or anonymizing personal data is impossible if they are necessary for pending court, administrative proceedings, or proceedings to review a complaint of the data subject.

We provide personal data to the following categories of recipients (personal data controllers):

  • authorities, institutions and persons to whom we are obliged to provide personal data under current legislation;
  • other controllers of personal data, when executing personal data transfer;

Rights of the data subjects:

Right to information:

The data subject shall has the right to obtain:

  • information as to whether or not personal data concerning him or her are being processed, the purposes of the processing, the categories of personal data and the recipients or categories of recipients to whom the personal data will be disclosed;
  • communication in an easy to understand form about the personal data which are being processed as well as any available information as to their source;

Right to rectification:

In case we process incomplete or inaccurate personal data, the data subject shall have the right to request without undue delay from GOODWORKY LTD.:

  • rectification/restriction/erasure of the personal data provided by the subject which have been unlawfully processed;
  • to communicate any erasure, rectification or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort.

The requests for access to or rectification of information shall be made by electronic form means.

GOODWORKY LTD. shall respond to the request within 30 days of submission of the request. That period may be extended to 90 days where necessary, taking into account the collection of all additional information necessary and the data subject shall be informed of any such extension without undue delay. GOODWORKY LTD. shall be obliged to give reasons where the controller does or does not intend to give access to the requested information.

Right to object:

The data subject shall have the right to object, if there is a legal basis, at any time to processing of personal data concerning him or her. If the objection is reasonable, the personal data of the data subject can no longer be processed.

Right to restriction of processing:

The data subject shall have the right to request restriction of personal data processing if:

  • the accuracy of the personal data is contested by the data subject - for a period in which the accuracy of the personal data is verified; or
  • the processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; or
  • GOODWORKY LTD. no longer needs the personal data (for the purposes of the processing), but they are required by the data subject for the establishment, exercise or defense of legal claims; or
  • the data subject has objected to processing and there is pending verification whether the legitimate grounds of the controller are legitimate.

Right to data portability:

The data subject shall have the right to receive from GOODWORKY LTD. the personal data concerning him or her, in an organized, ordered, structured, commonly used electronic form if:

  • GOODWORKY LTD. processes the personal data based on consent which can be withdrawn or if the processing is necessary for the performance of a contract; and
  • the processing is carried out by automated means.

Right to complaint:

If the data subject considers that GOODWORKY LTD. infringes the applicable personal data protection regulation the data subject may contact the company to clarify this matter. The data subject shall have the right to lodge a complaint with the competent supervisory authority, namely the Commission for Personal Data Protection in Republic of Bulgaria. After 25 May 2018, such a complaint may be lodged with a supervisory authority within the EU.

Right of access:

At any time the data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data and information about their processing and on his or her rights in this regard.

Right to erasure (“right to be forgotten”)

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay where Article 17 of the Regulation (EU) 2016/679 of 27 April 2016 applies.