Privacy notice

 

General Information

This privacy notice tells you what to expect us to do with your personal information when you contact us.

We will tell you:

  • what purpose we are processing your personal data for;
  • whether you have to provide it to us;
  • how long we store it for;
  • whether there are other recipients of your personal information;
  • whether we intend to transfer it to another country; and
  • whether we do automated decision-making or profiling.

 

Contact details

Ocean Investments is the controller for the personal information we process.

You may contact us at e-mail contacts@ocean.investments.

For matters related to personal data processing you may contact us at dpo@amatas.eu.

 

How do we get information

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • You have made a request, inquiry or complaint to us;
  • You are representing your organization;
  • You wish to attend, or have attended, an event;
  • You provide services to us.

We also may receive personal information indirectly, in the following scenarios:

  • It is included in a public register (ex. information for representatives of a company with which we are in a process of negotiations) or it is provided for a reason related to a contract: contact point, expert capacity etc.;
  • Your personal information is contained in reports or another documentation provided by applicants;
  • We have seized personal information as part of a service provision;
  • From other public authorities, regulatory authorities or law enforcement bodies, under the applicable law;
  • An employee of ours gives your contact details as a contact point.

As part of our activities and statute, we do not plan to process special categories of data and criminal conviction data.

You will be informed for the consequences for not providing necessary information in every single case.

We do not apply automated decision-making or profiling of personal data.

Your data protection rights

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason and grounds for processing your information.

  • Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process for which we will inform you.

  • Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

  • Your right to erasure

You have the right to ask us to erase your personal information that we will perform under certain circumstances.

  • Your right to restriction of processing

You have the right to ask us to restrict the processing of your information under certain circumstances.

  • Your right to object to processing

You have the right to object to processing if we are able to process your information because the process is in our legitimate interests (ex. marketing purpose).

  • Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organization to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

Generally, you are not required to pay any charge for exercising your rights. We have one month to respond to you.

Please contact us at DPO@amatas.eu, if you wish to make a request.

Sharing your information

We will not share your information with any third parties for the purposes of direct marketing.

We may use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organization apart from us unless it is required by law. They will hold it securely and retain it for the period we instruct or applies by law.

In some circumstances we are legally obliged to share information. For example under a court order. In any scenario, we will satisfy ourselves that we have a lawful basis on which to share the information and document our decision making.

We may also share your information in the event of the non-payment of an obligation. If the debt remains outstanding after the specified timeframe for payment, no payment plan is in place or an agreed payment plan is not being adhered to, we may initiate formal proceedings to recover the full amount of the unpaid penalty. As a result Ocean Investments will share personal data with the litigation and recovery specialists it instructs in order for them to identify assets and undertake recovery action through the courts.

We may transfer your personal data in countries outside the European Economic Area (ex. when using the services of providers outside the region) and in this case we will follow the applicable GDPR requirements.

Links to other websites

Where we provide links to websites of other organizations, this privacy notice does not cover how that organization processes personal information. We encourage you to read the privacy notices on the other websites you visit.

Your right to complain

We work to high standards when it comes to processing your personal information. If you have queries or concerns, please contact us at dpo@amatas.eu and we will respond.

If you remain dissatisfied, you can make a complaint about the way we process your personal information to the competent supervisory authority – for Bulgaria: Commission for Personal Data Protection. Please follow this link to see how to do that: https://www.cpdp.bg/?p=pages&aid=5.

Changes to this privacy notice

We may make updates and changes of the information published in this Privacy Notice. Up-to-date information will be published at our website.

Visitors of our websites

  • Analytics

When you visit our website, we may use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behavior patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not directly identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.

If we do collect personal data through our website, we will be upfront about this. We’ll make it clear when we collect personal information and we will explain what we intend to do with it.

  • Cookies

We use a cookies tool on our website to manage the cookies we use.

You can read more about how we use cookies, and how to change your cookies preferences, on our cookie notice.

  • Security and performance

We use a third-party web application firewall to help maintain the security and performance of our website. The service checks that traffic to the site is behaving as would be expected. The service will block traffic that is not using the site as expected. To provide this service, the provider of the service processes the necessary information for security reasons.

  • Purpose and lawful basis for processing

The purpose for implementing the above is to maintain and monitor the performance of our website and to constantly look to improve the site and the services it offers to our users. The lawful basis we rely on to process your personal data is either Art. 6(1)(a) of the GDPR, for example when we require your consent for the optional cookies we use, or Article 6(1)(f) which allows us to process personal data when it is necessary for our legitimate interests (marketing, service improvement etc., security reasons, in order to maintain the integrity of our IT systems and the continuity of our business), etc.

  • What are your rights?

As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on the circumstances, and we will provide you the necessary information.

Visitors to our office

We meet visitors at our head office, including:

  • clients or their representatives;
  • suppliers and tradespeople;
  • stakeholders;
  • another visitors.

If your visit is planned, we will send your name and visit information to reception before your visit – so that we can prepare a pass card for your arrival.

If you arrive without an appointment, you will be given a pass card after providing the necessary data (names and a department that will be visited).

You must wear the pass card throughout your visit and leave it at the reception when you leave the premises.

We may ask all visitors to sign in and out at reception and show a form of ID. The ID is for verification purposes only, we do not record this information.

Closed-circuit television (CCTV) operates inside the building for security purposes. The purpose for processing the relevant information (video images) is for security and safety reasons. The lawful basis we rely on to process your personal data is Art. 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

We have Wi-Fi on site for the use of visitors. We will provide you with the address and password. We record information related to the use of this service necessary for security reasons. We don’t ask you to agree to terms, just to the fact that we have no responsibility or control over your use of the internet while you are on site, and we don’t ask you to provide any of your information to get this service.

The purpose for processing this information is to provide you with access to the internet whilst visiting our site. The lawful basis we rely on to process your personal data is Art. 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of our legitimate interests.

Reasons for contacting us

This section of the privacy notice provides information that is specific to your reason for contacting us.

The below information gives you some of basic details about what we do with your information.

Make a request

  • Purpose and lawful basis for processing

When you contact us to make a request, we collect information, including your personal data, so that we can respond to it and communicate our offer with you. We also process the personal data included in the provided documents and information.

The lawful basis we rely on to process your personal data is Art. 6(1)(b) of the GDPR, which allows us to process personal data when this is necessary to take steps at your request prior to entering into a contract.

  • What we need and why we need it

We need enough information from you to answer your request. If you call the helpline, we won’t make an audio recording of it and we won’t usually need to take any personal information from you. But in certain circumstances we may make notes to provide you with a further service as required.

If you contact us via email or post, we’ll need a return address for response.

  • What we do with it

We will set up a case file on our case management system to record your request and so we can get it to the correct area of the business to be dealt with. We will also keep a record of our responses. We use the information supplied to us to deal with the request and any subsequent issues that may arise, and to check on the level of service we provide.

  • How long we keep it

We process the information as long it is necessary for the specific purpose or under the applicable law requirements.

Attend an event

  • Purpose and lawful basis for processing

Our purpose for collecting this information is so we can facilitate the event and provide you with an acceptable service.

The lawful basis we rely on for processing your personal data is your consent under Art. 6(1)(a) of the GDPR. When we collect any information about dietary or access requirements we also need your consent (under Article 9(2)(a)) as this type of information is classed as special category data.

  • What we need

If you wish to attend one of our events, you will be asked to provide your contact information including your organization’s name and, if offered a place, information about any dietary requirements or access provisions you may need. We may also ask for payment if there is a charge to attend.

  • Why we need it

We use this information to facilitate the event and provide you with an acceptable service. We also need this information so we can respond to you.

  • What we do with it

If you are not successful in securing a place, we will let you know and hold your details on a reserve list in case a place becomes available.

If you are allocated places at an event, we will ask for information about any dietary/access requirements. We don’t share this information in any identifiable way with the venue, and we delete it after the event.

We do not publish delegate lists for events.

  • What are your rights?

We rely on your consent to process the personal data you give us to facilitate the event. This means you have the right to withdraw your consent at any time. If at any point you want to withdraw your consent please email us.  If you do that, we will update our records immediately to reflect your wishes.

Register for a webinar or live broadcast event

  • Purpose and lawful basis for processing

Our purpose for collecting this information is so we can facilitate the video conference, webinar or live broadcast event and provide wider access to its content.

The lawful basis we rely on for processing your personal data is Art. 6(1)(f) – legitimate interest related to the organization of the event.

  • What we need

If you are an attendee or presenter at one of these events we will need a name, email address and another contact data from you.

We record some events and all presenters will have their image and audio captured in the recording. If you are an attendee you may have the option of sharing your image and audio during the session. If you choose to do so, this will also be captured in the recording.

Some events will feature a moderated Q&A. If you choose to interact with the Q&A your comments may be published to others at the event and will also form part of the recording.

If an event is being recorded we will always notify you in advance.

  • What we do with it

We use your contact data to provide you with the event details. For recorded events we will also email you a link to the recording once the event has concluded.

For some events we may publish the recording on our website, YouTube or other channels so this is accessible to a wider audience. If an event recording will be published we will always notify you before the event.

We do not publish delegate lists for video conferences, webinars or live broadcast events but your name and email address may be visible to others in attendance during the event.

  • How long we keep it

We will keep your email address and any recording of the event for up to 12 months.