Date: 1 October 2022
For the purpose of this Policy the definitions below will have the following meaning:
● „Personal Data Controller“ means a natural person or a legal entity who will determine the personal data processing purpose and tools independently or together with other persons;
● „Company“ is the Administrator of the platform “Contiant” Ltd;
● „Personal Data“ means any information, related to an identified natural person or a natural person, that could be identified („You“, „You“, „Data Subject“ or „User/s“);
● „Processing“ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data;
● „Personal Data Processor” means any natural person or legal entity, public authority, agency or any other structure that is processing Personal Data on behalf of the Controller;
● „Recipient“ means any natural person or legal entity , public authority, agency or any other structure, to which the personal data are disclosed, whether a third party or not;
● „Personal data breach“ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data transmitted, stored or otherwise processed.
● “Account Information” means information relating to payment accounts.
● “Partner” means a third party, as bank, credit institution or other service provider, which requires Your Account Information via Contiant Account Information API to provide You services.
3. Personal Data Controller
The Company shall process the Personal Data of the Website Users in the capacity of an independent Controller.
4. What Personal Data do we collect?
Depending on the services that You use we may collect and process the following information:
● Full name;
● Date of birth;
● Contact phone number
● Information on company You work for
● Other data, collected when You use a contact form. In the course of use of our website we may collect and process:
●username and password;
● digital address, data regarding the activity in the profile;
● other information, voluntarily shared by You.
5. Purpose of the processing Your Persona Data
Contiant will processes Your Personal Data for no other purposes than for the one it is collected. Those purposes are exclusively related to our core activities – access and overview of account information; access Contiant’s open Banking API in accordance with the API Documentation to retrieve information about the Partner's End Users' accounts for the purpose of providing the Partner's services to End Users.
Those purposes are in particular:
● To provide Services;
● User administration;
● To carry out customer support and Service maintenance
● Application and request processing;
● To conduct any due diligence required for us to provide You Services;
● Management, assessment and improvement of our activity;
● To contact You;
● Providing efficient communication;
● Providing safety.
6. Legal basis
In the greatest number of cases, we request Your personal data and we process it (alternatively) based on the execution and performance of a contract, in order to comply with the legal requirements or to protect our legitimate interest. Clearly, for some of the services You provide such information to us by yourself, whereas You elect and agree for it to be processed. Without such data, we would not be able to provide the respective services.
The legal basis for processing is also related to our core activities – providing account information and access to Contiant’s open Banking API.
● Processing of the data, necessary for the conclusion and the performance of contracts in order to execute obligations from concluded contracts for providing the Services; Providing comprehensive services and administration;
● Processing of the data that we need in order to comply with legal obligation, including regulatory requirements that we are subject to.
● Processing of data based on Your consent – data transfer beyond the EU borders; direct marketing.
● Processing of data in order to protect our legitimate interest in ensuring that we can provide You with the Services.
● Disclosure of Your information:
Contiant involves third parties in order to support some of its contractual activities or to comply with some statutory obligation. We do not disclose any of Your Personal Data to third parties, until we have that all technical and organizational measures have been taken in order to protect this Personal Data, and we aim to keep strict control in order to reach this goal. We may supply data to accounting offices, to the IT companies that maintain our Website, etc.
In some cases, the disclosure of Personal Data is mandatory in order to comply with our legal requirements and in this regard, we deliver information to regulatory and investigation bodies upon request and for inspection;
7. Automated algorithms
We do not use any automated decision-making tools.
8. What methods of Personal Data collection do we apply?
Contiant collects Personal Data from various sources – through our Website or by registering and using the Services. The listed Personal Data is collected and processed only for the purposes that it was initially collected for. If we change the purpose or the way of processing, we will contact you with additional information about the legal basis, the purpose and the tools for processing Your personal data.
9. Data storage
Contiant may transfer Your personal data beyond the EU borders to Partners, but only with Your explicit written consent or in the conditions of derogation and compliance with a contract.
Your data and its security are of utmost importance to us. Therefore, we implement all appropriate technical and organizational means at our disposal to prevent unauthorized access, unauthorized or malicious use, loss or premature deletion of information.
Contiant applies measures for the protection of your personal data from accidental loss unauthorized access, use, modification or publishing. Policies and procedures are applied, intended to protect the information from loss, abuse and unauthorized disclosure. We are taking also further measures for information security, including access control, strong physical protection and reliable practices for the collection, storage and processing of the information.
10. When do we delete your Personal Data?
When the storage period has expired, we launch deletion of all Personal Data and copies available, unless the EU legislation or the legislation of the Republic of Bulgaria regarding the Personal Data protection require that the data remains kept as legal obligations, legal requirements, public investigations, investigations of possible violations of our terms and rules or aiming at preventing damages to the Controller.
Where processing of Personal Data is based on your consent, Personal Data is deleted after you have withdrawn your consent or unsubscribed from receiving the relevant information. You may withdraw your consent at any time by clicking "unsubscribe" where available or sending an email to: email@example.com
11. What are your rights and how can you exercise them?
You have the legal right to:
● To unsubscribe from receiving commercial messages;
● To have access to the personal information that we store for you, in a convenient digital form;
● To edit, add, delete and manage the information in Your profile at any time;
● To require correction of the collected Personal Data, if they are incorrect;
● To receive a copy of your Personal Data in a digital form;
● You are entitled to require deletion of your Personal Data – i.e.. „the right to be forgotten“, however, this right is not absolute (exceptions – the available
Personal Data is necessary for exercising the right of free speech; there is a legal obligation to store this data; from reasons of public interest);
● To receive from us information about our actions with regard to Your Personal
Data, inclusive the purpose of collection and storage, storage period, collection method, etc.;
● To receive Your data and to transfer them to another Personal Data Controller;
● To contact us in case of questions, complaints or other problems, occurred with the processing of Your Personal Data;
● You may submit a complaint to a supervisory body, in particular in the member country of your permanent residence, employment or the location of the presumable violation, if you consider that there is Personal Data breach. The applications for information access or correction are submitted by You in person or by a specially authorized person with a special written Power of Attorney. You can submit the application also digitally by order of the Electronic Document and Electronic Signature Act.
In case of questions or claiming right with regard to the Personal Data Protection you can contact the Contiant staff as follows:
We will reply to all requests, related to the privacy, in the due time and within the
legally defined terms. In case of any unsolved problem with the privacy of your Personal Data processing you can contact the local Personal Data protection body.
12. How and to whom is Your Personal Data shared to?
Every independent Controller must guarantee the safety of the Personal Data, processed by them.
12.1. Information that is shared in order to protect our services and to comply with the
In this regard it is possible that Your Personal Data is shared with third parties – recipients under the following circumstances:
● aiming at compliance with a legal requirement, a court procedure, a court order or a court procedure with regard to a Controller or its branches, subsidiaries, associates;
● aiming at an investigation of a possible crime like an identity theft;
● with public authorities in compliance with their legal obligation to implement their official mission like tax and customs bodies, financial investigation units, independent administrative bodies, etc.;
● with regard to a transformation (fusion, merger, separation and splitting), sale,
purchase, business transformation, termination, liquidation, insolvency of the Controller;
● when we consider that it is necessary to protect the rights, the property or the safety of the Controller or other persons, related to him; or
● when the law requires or allows otherwise, inclusive all contractual obligations of the Controller.
13. Personal Data Protection Policy
This procedure of Personal Data protection may be changed from time to time. Such changes will take effect immediately after being promulgated. Regularly reviewing this page ensures that you will always be aware of what information we collect, how and for what purposes Contiant uses it, and under what circumstances (if any) we will share it with other parties.
14. Supervisory body
The local Supervisory body on the territory of the Republic of Bulgaria in matters, regarding Personal Data, is: