SISO CLM Logo SISO CLM

Privacy Policy

Last Updated: January 2025

1. INTRODUCTION

SISO CLM ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our website and services.

2. DATA CONTROLLER

The data controller is:

SISO CLM
Email: hrisimir.iliev@gmail.com
Phone: +359 882 701 710

3. DATA WE COLLECT

3.1. Data you provide to us:

  • First and last name
  • Email address
  • Phone number
  • Company/organization name
  • Messages and communications through the contact form

3.2. Data we collect automatically:

  • IP address
  • Browser type and operating system
  • Device information
  • Service usage data (logs, metadata)
  • Cookies and similar technologies

3.3. Data within the service:

  • Contracts and related documents
  • Financial information (invoices, payments)
  • Project and counterparty information
  • Any other data you enter into the system

4. WHY WE COLLECT DATA

We use your personal data to:

  • Provide and maintain the service
  • Process your requests and communications
  • Improve the service and user experience
  • Send important notifications about the service
  • Ensure security and prevent fraud
  • Comply with legal obligations
  • Marketing purposes (only with your consent)

5. LEGAL BASIS FOR PROCESSING

We process your personal data on the basis of:

  • Contract performance (Article 6(1)(b) GDPR)
  • Your consent (Article 6(1)(a) GDPR)
  • Legal obligations (Article 6(1)(c) GDPR)
  • Legitimate interests (Article 6(1)(f) GDPR)

6. DATA SHARING

We do not sell your personal data. We may share data with:

  • Service providers (hosting, email, analytics) - only for service provision purposes
  • Legal authorities - when required by law
  • Professional advisors (lawyers, accountants) - when necessary

All third parties are obligated to protect your data and use it only for specified purposes.

6.1. Third-Party Service Providers

We use the following third-party service providers who may process your personal data:

  • Hosting Provider: [Your hosting provider name] - Data storage and server infrastructure
  • Email Service: [Your email provider name] - Email delivery and communication
  • Analytics: Google Analytics (Google LLC) - Website usage analytics
  • Cookie Consent: iubenda (iubenda s.r.l.) - Cookie consent management
  • Payment Processing: [Your payment processor name] - Payment processing (if applicable)

All third-party service providers are bound by Data Processing Agreements (DPAs) that ensure they comply with GDPR requirements and protect your data.

7. DATA PROTECTION

We implement appropriate technical and organizational measures:

  • Encryption of data in transit and at rest
  • Regular backups
  • Limited data access (only authorized personnel)
  • Regular security audits
  • Staff training on data protection

8. DATA RETENTION

We retain your data:

  • While you have an active account
  • After account closure - up to 3 years (for legal and accounting purposes)
  • Longer if required by law

8.1. Data Export and Deletion

Upon your request, we will:

  • Provide you with a copy of your data in a machine-readable format (data portability) within 30 days
  • Delete your personal data (right to erasure) within 30 days, unless we have a legal obligation to retain it
  • Export your data in commonly used formats (JSON, CSV, or PDF) as requested

To request data export or deletion, please contact us at: hrisimir.iliev@gmail.com

9. YOUR RIGHTS

Under GDPR, you have the right to:

  • Access your data
  • Rectify inaccurate data
  • Erasure of data ("right to be forgotten")
  • Restrict processing
  • Data portability
  • Object to processing
  • Withdraw consent (when processing is based on consent)

To exercise your rights, please contact us at: hrisimir.iliev@gmail.com

10. COOKIES

We use cookies for:

  • Website functionality
  • Usage analytics
  • Improving user experience

For detailed information about the cookies we use, their purposes, and how to manage them, please see our Cookie Policy. For our terms of service, please see our Terms of Service.

11. THIRD-PARTY DATA

When you process third-party data in our system (clients, suppliers, employees), you are responsible for:

  • Informing these parties about the processing
  • Obtaining necessary consent
  • Complying with applicable legislation

12. INTERNATIONAL TRANSFERS

Your data is stored within the European Union. If transfer outside the EU is necessary, we will ensure appropriate safeguards in accordance with GDPR, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions by the European Commission
  • Other appropriate safeguards as required by GDPR

12.1. Data Processing Agreements (DPAs)

We have Data Processing Agreements (DPAs) in place with all third-party service providers that process your personal data. These agreements ensure that:

  • Third parties only process data for specified purposes
  • Appropriate technical and organizational measures are in place
  • GDPR requirements are met, including data subject rights
  • Data breach notification procedures are established

13. CHILDREN

Our service is not intended for individuals under 18 years of age. We do not knowingly collect data from children.

14. DATA BREACH NOTIFICATION

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority (Commission for Personal Data Protection - CPDP) within 72 hours of becoming aware of the breach, where feasible
  • Notify you without undue delay if the breach is likely to result in a high risk to your rights and freedoms
  • Provide clear information about the nature of the breach, likely consequences, and measures taken or proposed to address it

We maintain incident response procedures and regularly review our security measures to prevent data breaches.

15. POLICY CHANGES

We may update this policy periodically. We will notify you of significant changes via email or notification in the system.

16. CONTACT

For questions about this policy or your data, please contact us:

Email: hrisimir.iliev@gmail.com
Phone: +359 882 701 710

17. SUPERVISORY AUTHORITY

You have the right to file a complaint with the Commission for Personal Data Protection (CPDP):

Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592
Website: www.cpdp.bg
Email: kzld@cpdp.bg