Mandatory Information on Personal Data Protection Rights
General information
As of 25 May 2018, a new General Data Protection Regulation, Regulation (EU) 2016/679 or the so-called GDPR, adopted by the European Union comes into force. This Regulation aims to ensure the protection of the data of individuals from all EU member states and to unify the data processing regulations.
As a data controller for the provision of intermediary services for the purchase, sale, letting and rental of property, Unique Estates complies with all the requirements of the new Regulation by only collecting personal data insofar as it is necessary for the provision of our services and keeping it responsibly and lawfully.
Data Controller Details:
Name Unique Estates Ltd.
Company Number (UIC):175085752
Headquarters and registered office: 17 Patriarch Evtimiy Blvd., 1142 Sofia, Sredets District
Business address: 17 Patriarch Evtimiy Blvd., 1142 Sofia, Sredets District
Mailing address: 17 Patriarch Evtimiy Blvd., 1142 Sofia, Sredets District
E-mail: office@ues.bg
Phone: 088/260 0600, 02/819 2020
Personal Data Administrator Certificate No. 256538
Data Protection Officer Details:
Officer: Milen Marinov, Legal Advisor
Mailing address: 17 Patriarch Evtimiy Blvd., 1000 Sofia
Phone: 088/481 0989
Email: legal@ues.bg
Competent Supervisory Authority Details:
Name: Personal Data Protection Commission
Headquarters and registered office: 2 Prof. Tsvetan Lazarov Blvd. 1595 Sofia
Mailing address: 2 Prof. Tsvetan Lazarov Blvd. 1595 Sofia
Phone: 02/915 3518
Email: kzld@government.bg, kzld@cpdp.bg
Website: www.cpdp.bg
Unique Estates Ltd. operates in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
Basis for collecting, processing and storing your personal data:
Article 1 (1) Unique Estates collects and processes your personal data for the purposes of providing intermediary services in the purchase, sale, letting and rental of property, for which contracts are concluded with the company on the basis of Article 1, Regulation (EU) 2016/679, in particular on the basis of the following:
- explicit consent obtained from you as a client;
- fulfilment of Unique Estates' obligations under the contract sgned with you;
- Compliance with a statutory obligation that applies to Unique Estates.
*For example: under the Anti-Money Laundering Act (AMLA), under which the Company is an obliged entity;
- For the purposes of the legitimate interest of Unique Estates.
(2) Unique Estates is the data controller in respect of your data as users of our services. With respect to personal data that you process using our services, Unique Estates acts as a data processor.
Purposes and principles of collecting, processing and storing your personal data:
Article 2 (1) Unique Estates collects and processes the personal data that you provide to us in connection with the use of our services and to enter into a contract with our company, as well as to register for participation in our events, including for the following purposes:
- Creating a client account and ensuring full functionality in the provision of our services;
- Individualisation of a contracting party;
- Registration of a participant in an event organised by Unique Estates;
- For accounting purposes;
- For statistical purposes;
- Securing the performance of the contract for the provision of the relevant service;
- Sending information messages, invitations, service change notices, newsletters with information about properties whose characteristics meet the criteria set by the client, etc.
- Improving and personalising the service by offering you relevant offers, events and other products and services that might be of interest to you;
(2) Unique Estates adheres to the following principles in the processing of your personal data:
- lawfulness, good faith and transparency;
- purpose limitation;
- data relevance and minimisation;
- data accuracy and timeliness;
- storage limitation;
- integrity and confidentiality of processing, and ensuring an adeqaute level of security of personal data.
(3) In processing and storing personal data, Unique Estates may process and store personal data in order to protect its legitimate interests as follows:
- Performance of its obligations to the National Revenue Agency, the Ministry of the Interior, the General Directorate for Combating Organized Crime and other state and municipal authorities.
What types of personal data does Unique Estates collect, process and store?
Article 3 (1) Unique Estates performs the following operations involving personal data for the following purposes:
- Registration of a client account for the provision of real estate intermediary services. The purpose of this operation is to create an account linked to the services used, adding information about the demands and offers of the persons to the client account. Impact assessment conclusion: based on the aforesaid impact assessment, the Data Protection Officer considers that the 'Execution of an Intermediary Services Agreement' operation is admissible to carry out and provides sufficient guarantees to protect the rights and legitimate interests of data subjects in accordance with the requirements of the GDPR;
- Conclusion and execution of a business transaction with a client or partner. The purpose of this operation is to execute and perform an agreement with a business partner or client and to administer such agreement;
- Sending notices. The purpose of this operation is to administer the process of sending messages to clients concerning changes in services, terms, rights and obligations, non-performance, according to the intermediary services agreement;
- Sending newsletters. The purpose of this operation is to administer the process of sending newsletters to clients who have indicated that they wish to receive such;
(2) Unique Estates processes the following categories of personal data and information for the following purposes and on the following grounds:
A/ Data: your personal data (given name, surname, personal identification number or place and date of birth for foreign citizens, datails and/or copy of identity document, mailing address, e-mail and telephone)
B/ Purposes for which data is collected:
1) Client registration;
2) Contacting a client and sending information thereto, including, if requested, sending newsletters and advertising messages;
(3) Unique Estates does not collect or process personal data that:
- reveals racial or ethnic origin;
- discloses political, religious or philosophical beliefs, or trade union membership; or
- genetic and biometric data, health, sex life or sexual orientation information.
(4) Unique Estates collects personal data from the individual to whom it relates.
(5 Unique Estates does not perform automated individual decision-making.
Retention period for personal data:
Article 4 (1) Unique Estates stores your personal data for a period no longer than the duration of the agreement made with our company. After the expiration of this period, Unique Estates shall make sure to delete and destroy all your data without undue delay.
(2) Unique Estates will notify you in the event that the data retention period needs to be extended in order to fulfil the purposes, perfom the agreement, or in view of Unique Estates' legitimate interests or otherwise.
(3) Unique Estates shall keep the personal data required by the applicable law for as long as it is so required, which may exceed the duration of your registration.
Transmission of your personal data for processing:
Article 5 (1) Unique Estates may, at its own discretion, transmit any or all of your personal data to data processors for the purposes of processing, subject to the requirements of Regulation (EU) 2016/679.
(2) Unique Estates shall notify you in the event that it intends to transmit any or all of your personal data to third parties or international organisations.
Your rights in the collection, processing and storage of your personal data:
Withdrawal of your consent to processing of your personal data.
Article 6 (1) If you do not wish any or all of your personal data to be further processed by Unique Estates for any or all of the processing purposes, you may withdraw your consent to processing at any time by completing the Notice of Refusal to Exercise Rights in accordance with Regulation (EU) 2016/679 of 27 April 2016, Section 1, Article 12(4).
(2) Unique Estates may ask for your identification to verify your identity as the data subject.
Right of access
Article 7 (1) You have the right to request and obtain from Unique Estates confirmation as to whether any personal data relating to you is being processed.
(2) You have the right to obtain access to your personal data and to any information concerning the collection, processing and storage of your personal data.
(3) Unique Estates shall provide you, upon request, with a copy of your personal data that are being processed, in electronic or other appropriate form, based on a Request for Confirmation and Access to Personal Data in accordance with Regulation (EU) No. 2016/679 of 27 April 2016, Section 2, Article 15.
(4) The provision of access to personal data is free of charge, but Unique Estates reserves the right to charge an administrative fee in the event of repetition or excessive requests.
Right to rectification or completion
Article 8. You may rectify or complete inaccurate or incomplete data concerning you by completing and sending to us a "Request for Rectification of Personal Data in accordance with Regulation (EU) No 2016/679 of 27 April 2016, Section 2, Article 16."
Right to erasure ("to be forgotten")
Article 9.(1) You have the right to request of Unique Estates to erase any personal data relating to you, and Unique Estates is obliged to erase such data without undue delay, where one of the following grounds applies:
- the personal data is no longer needed for the purposes for which it was collected or otherwise processed;
- you withdraw your consent on which the processing is based and there is no other legal basis for the processing;
- You object to the processing of the personal data relating to you, including for direct marketing purposes, and there are no lawful grounds for the processing that override;
- the personal data have been unlawfully processed;
- the personal data must be erased in order to comply with a legal obligation under EU or Member State law to which Unique Estates is subject;
(2) Unique Estates is not obliged to erase your personal data if it stores and processes it:
- to exercise the right to freedom of expression and the right to information;
- to comply with a legal obligation requiring processing under EU or Member State law to which the Controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller;
- for reasons of public interest in the areas of public health;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
- for the establishment, exercise or defence of legal claims.
(3) In order to exercise your right to be forgotten, you must submit a Request for Erasure of Personal Data in accordance with Regulation (EU) No 2016/679 of 27 April 2016, Section 2, Article 17.
(4) Unique Estates does not delete data that it has a legal obligation to store, including for the defense of legal claims made against it or to prove its rights.
Right to restriction of processing
Article 10. You have the right to obtaon from Unique Estates restriction of processing of data relating to you by making a Request for Restriction of Processing of Personal Data in accordance with Regulation (EU) No 2016/679 of 27 April 2016, Section 2, Article 18, where one of the following applies:
- you contest the accuracy of the personal data, for a period that enabling Unique Estates to verify the accuracy of the personal data;
- the processing is unlawful, but you oppose the erasure of the personal data and request the restriction of their use instead;
- Unique Estates no longer needs the personal data for the purposes of the processing, but you require it for the establishment, exercise or defence of legal claims;
- You have objected to the processing pending the verification whether Unique Estates' legitimate grounds override your interests.
Right to data poertability
Article 11 (1) You may at any time retrieve the data stored and processed about you in connection with the Unique Estates' services provide to you by submitting to us a Request for Data Portability or Transfer, in accordance with Regulation (EU) No 2016/679 of 27 April 2016, Section 2, Article 20."
(2) You may request Unique Estates to directly transmit your personal data to a controller designated by you, where this is technically feasible.
Right to receive information
Article 12. You may request Unique Estates to inform you of all recipients to whom the personal data for which rectification, erasure or restriction of processing has been requested has been disclosed by sending us a Request for Notification Regarding Rectification, Erasure or Restriction of Processing of Personal Data in accordance with Regulation (EU) No 2016/679 of 27 April 2016, Section 2, Article 19. Unique Estates may refuse to provide such information when this proves impossible involves disproportionate effort.
Right to object
Article 13. You may object at any time to the processing of personal data relating to you by Unique Estates, including if your personal data is processed for profiling or direct marketing purposes, by sending us an Objection to Processing of Personal Data in accordance with Regulation (EU) No 2016/679 of 27 April 2016, Section 2, Article 21."
Your rights in the event of a personal data breach
Article 14 (1) If Unique Estates becomes aware of a breach of the security of your personal data which may pose a high risk to your rights and freedoms, we shall without undue delay communicate to you this breach as well as the measures that have been or are to be taken in a Personal Data Breach Notice in accordance with Regulation (EU) No 2016/679 of 27 April 2016, Section 2, Article 33(1)."
(2) Unique Estates is not obliged to notify you if:
- the Controller has implemented appropriate technical and organisational protection measures and those measures were applied to the personal data affected by the personal data breach;
- the Controller has taken subsequent measures, which ensure that the high risk to your rights is no longer likely to mterialise;
- it would involve disproportionate effort.
Persons to whom your personal data are disclosed
Article 15. For the keeping of the Company's accounts, in accordance with the legal requirements in the Republic of Bulgaria, in the event of enquiries by the National Revenue Agency, the General Directorate for Combating Organized Crime and other competent authorities, for statistical purposes and in other cases not contrary to the Regulation.
Article 16. The controller shall not transfer your data to third countries.
Other provisions
Article 17. In the event of a violation of your rights under the above or applicable data protection legislation, you have the right to lodge a complaint with the Data Protection Commission, whose correspondence details are first above written.
Article 18. You can exercise all your rights regarding the protection of your personal data using the forms attached to this information. Of course, these forms are optional and you may make your requests in any form that contains a statement to that effect and identifies you as the data subject.
Article 19. If a consent refers to a data transfer, the Controller shall describe the possible risks for the transfer of data to third countries in the absence of an adequate protection solution and appropriate security.
Article 20. When you entrust Unique Estates to process personal data of a third party for using our services, Unique Estates acts as a data processor.
What security measures have we taken at Unique Estates regarding the security of the personal data you store on our infrastructure?
The security of any type of information, including personal data, located on our infrastructure is a priority for us as a company. Security is something we cannot afford to compromise on.
In addition to making every effort to fully comply with the new data protection regulation, three years ago we implemented an entirely new security system developed for us across our entire infrastructure.
Furthemore, three years ago, we implemented a comprehensive system to protect against DDoS attacks. The DDoS protection system detects 95% of the known types of DDoS attacks and is continuously updated for newly reported attacks. With all of these actions, we are able to block any malicious attempts to the information we store on our servers.
Last updated on 24 September 2021.