Privacy Policy

 

PRIVACY POLICY

 

Thank you for visiting our website. The protection and confidentiality of your personal data is of particular importance for Chaos Software Ltd.

In this document we will inform you about the processing of personal data in connection with the products and services we offer at www.chaosgroup.com and other websites or apps (collectively referred to as “Platforms”) that incorporate this Data Protection Policy. Personal data comprises all information that relates to an identified or identifiable natural person (Article 4 (1) GDPR). This includes information such as your name, e-mail address, postal address, or telephone number. Information that is not directly associated with your identity, e.g. the number of users of an Internet site, does not fall within this scope.

Chaos Software respects the privacy of all users of our products and services. The present privacy policy describes the ways and the terms under which Chaos and its subsidiaries process and use your personal data. We recommend you to read this privacy policy so that you understand our approach towards the processing and use of your personal data.

Governing law applicable to this Privacy Policy is the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (‘General Data Protection Regulation’ or ‘GDPR’) and the Bulgarian law, and any and all disputes as regards our relationships under this Privacy Policy will be settled as provided for by the governing law.

Who is responsible for the processing of your personal data?

The data controller (hereinafter referred to as “Chaos Software” or “We”) in the sense of the GDPR and other national data protection laws of the member states as well as other data protection regulations is:

Chaos Software Ltd, UIC 131375768, a limited liability company incorporated under the laws of Republic of Bulgaria.
Address: Bulgaria, Sofia 1729, Mladost district, Bld. 548, entr. B, fl. 2
Tel.: +359 2 422 4221
Mail: dpo@chaosgroup.com

In what connection is your personal data collected with?

Your personal data may be collected in relation to the access and use of our website, the licenses acquisition by you for the use of our products, and in relation to the provision of services to you.

We will handle any information collected thereby, with the due care and according to our obligations of a personal data controller.

Special Notice - if you are under 14 years old

Our products are not aimed at children under 14 years old and we will not deliberately collect, use, provide or process in any other form any personal information of children under the age of 14. We therefore also ask you, if you are under 14 years old, please do not send us your personal information (for example, your name, address and email address).

If you are under 14 years old and you nevertheless wish to ask a question or use our products in any way which requires you to submit your personal information, please get your parent or guardian to do so on your behalf.

Privacy Notice

Chaos Software has developed a privacy notice aimed to all users of our products and services providing the following information:

  • the purposes of the processing for which the personal data are intended as well as the legal basis for the processing
  • the recipients or categories of recipients of the personal data
  • the period for which the personal data will be stored or the criteria used to determine that period
  • the existence of the right to request from Chaos Software access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability
  • the right to lodge a complaint with a supervisory authority
  • the existence of automated decision-making, including profiling
  • the contact details of the data protection officer
  • other useful information required by law

Our privacy notice is available on the following link: www.chaosgroup.com/privacy . If you have not read and acknowledged the information in our privacy notice, please do so at your earliest convenience.

Policy for Data Subjects’ Rights

Chaos Software has developed and implemented a policy for data subjects’ rights. If you wish to exercise one of the rights provided by the GDPR and explained in the privacy notice, you should check our policy for data subjects’ rights at: www.chaosgroup.com/privacy. In the policy you shall find useful information about the rules and procedures applied by Chaos Software when a request for exercising of a data subject’s right is received.

Consent

Where the processing of your personal data is based on consent and there is no other legal ground for processing, every user has the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You may withdraw the consent provided by you by contacting us or our data protection officer at the addresses provided in the last section of this privacy policy.

Direct marketing

To optimize our products and services we may wish to use your personal data for direct marketing. As we respect your privacy we will only use your personal data for this purpose when you are aware thereof and if required we will request your consent prior to using your personal data for direct marketing. If at any time you wish us to stop using your information for direct marketing, please contact us as set out below. We will stop the use of your information for such purposes as soon as it is reasonably possible to do so.

Sharing of personal data

Please note that some of our sites, products and services include links to sites, products or services of third parties that have privacy practices different from ours. If you submit personal information to any of those sites or services, your information is governed by the privacy statements of those third parties. In addition, the collected personal data may (occasionally) be transferred to selected third parties, which may be located outside of the Economic European Area (“EEA”) in relation to the services provided to you by us or by our agents and distributors. By way of example, this may happen if any of our servers are from time to time located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA. These third parties will not use your personal information for any other purposes than what we have agreed with them. We request those third parties to implement adequate levels of protection in order to safeguard your personal information. We respect your personal information and therefore, we will take steps to ensure that your privacy rights continue to be protected if we transfer your information outside of the EEA in this way.

For more information on the appropriate or suitable safeguards to international data transfers outside of the EEA please check our privacy notice at: www.chaosgroup.com/privacy

Disclosure of personal data

Except as set out in this privacy policy, we will not disclose any personally identifiable information without your permission unless we are legally entitled or required to do so (for example, if required to do so by legal process or for the purposes of prevention of fraud or other crime), or if we believe that such action is necessary to protect and/or defend our rights, property or personal safety and those of our users/customers or other individuals.

Collection of non-personal information

We may automatically collect non-personal information about you such as your country, OS, screen resolution, type of internet browser you are using and their versions, or the website from which you landed on our website and your interactions with the website such as clicks, scroll, etc. You cannot be identified from this information and it is only used to assist us in providing an effective service on this website.Keeping our records accurate

We aim to keep our information about you as accurate as possible. If you would like to review, change or delete the details you have supplied us with, please contact us as set out below.

Security of your personal data

We have implemented technology and policies with the objective of protecting your privacy from unauthorized access and improper use and will update these measures as new technology becomes available, as appropriate.

Cookies policy

We use the term “cookies” to refer to cookies and other similar technologies covered by the EU Directive on privacy in electronic communications.

What is a cookie?

Cookies are small data files that your browser places on your computer or device. Cookies help your browser navigate a website and the cookies themselves cannot collect any information stored on your computer or your files. When a server uses a web browser to read cookies they can help a website deliver a more user-friendly service. To protect your privacy, your browser only gives a website access to the cookies it has already sent to you.

Why do we use cookies?

We use cookies to learn more about the way you interact with our content and help us to improve your experience when visiting our website. Cookies remember the type of browser you use and which additional browser software you have installed. They also remember your preferences, such as language and region, which remain as your default settings when you revisit the website. Cookies also allow you to rate pages and fill in comment forms. Some of the cookies we use are session cookies and only last until you close your browser, others are persistent cookies which are stored on your computer for longer.

How are third party cookies used?

For some of the functions within our website we use third party suppliers, for example, when you visit a page with embedded videos or links to third party website. These videos or links (and any other content from third party suppliers) may contain third party cookies and you may wish to consult the policies of these third party website for information regarding their use of cookies.

How do I reject and delete cookies?

We will not use cookies to collect personally identifiable information about you. However, should you wish to do so, you can choose to reject or block the cookies set by us or the website of any third party suppliers by changing your browser settings – see the Help function within your browser for further details. Please note that most browsers automatically accept cookies so if you do not wish cookies to be used you may need to actively delete or block the cookies. For information on the use of cookies in mobile phone browsers and for details on how to reject or delete such cookies, please refer to your handset manual. Note, however, that if you reject the use of cookies you will still be able to visit our website but some of the functions may not work correctly.

Privacy Policy for reCAPTCHA

Invisible Captcha, or reCAPTCHA, requires end-users to click a button that says “I’m not a robot” and Google can determine whether to prompt the user with additional question (i.e. select pictures that best describe X) to verify if that person is in fact not a robot.

How “Invisible Captcha” Works - reCAPTCHA collects personal information from users to make this determination of whether they’re human and not a bot.

So, what personal information does the reCAPTCHA collect?
First, the reCAPTCHA algorithm will check to see if there’s any cookie placed on the computer being used.

Then, an additional reCAPTCHA-specific cookie will be added to the user’s browser, and a complete snapshot of the user’s browser window at that moment in time will be captured, pixel by pixel.

Some of the browser and user information collected at this time includes:
All cookies placed over the last 6 months,
How many mouse clicks you’ve made on that screen (or touches if on a touch device),
The CSS information for that page,
The date,
The language your browser is set to,
Any plug-ins you have installed on the browser, and
All Javascript objects
It’s because of this personal information collection that the requirement by CalOPPA is triggered and a Privacy Policy is required when reCAPTCHA is integrated.

EU User Consent Policy

When using our products that incorporate this policy, certain disclosures must be given to and consents obtained from end users in the European Union where EU data protection law requires such disclosures and consents.

You must use commercially reasonable efforts to disclose clearly, and obtain consent to, any data collection, sharing and usage that takes place on any site, app, email publication or other property as a consequence of your use of our products;

You must use commercially reasonable efforts to ensure that an end user is provided with clear and comprehensive information about, and consents to, the storing and accessing of cookies or other information on the end user’s device where such activity occurs in connection with a product to which this policy applies.

Changes to this policy

From time to time we may make changes to this privacy policy. If we make any substantial changes to this privacy policy and the way in which we use your personal data we will post these changes on this page. Please check our privacy policy on a regular basis.

How you can contact us?

If you would like to know more about our privacy policy please contact us using the following email: dpo@chaosgroup.com

Last updated on May 25, 2018

POLICY FOR DATA SUBJECTS’ RIGHTS

 

This Policy (“The Policy”) describes the terms and conditions under which natural persons whose personal data are processed by Chaos Software Ltd. ("Chaos Software ", “The Company”) may exercise their rights under the personal data protection legislation.

Part 1: General Principles

1.1. Chaos Software processes and protects personal data collected throughout its activities transparently, lawfully and according to the purposes for which the personal data were collected.

1.2. The employees who process personal data for the purposes of sale of software products or clients’ support, as well as the employees who processes personal data of other employees or partners (natural persons) of Chaos Software as part of their employment relationship are obliged to adhere to the following principles of data processing:

i) The personal data are processed lawfully and in good faith;

ii) The personal data are collected for specific precise and lawful purposes and are not processed additionally in a manner not compatible with those purposes. 

iii) The personal data which are collected and processed for management of human resources are compatible, related to and limited to the purposes for which they are processed.

iv) The personal data are accurate and, if necessary, updated.

v) The personal data are being deleted or rectified when it is established that they are inaccurate or not limited for the purposes for which they are being processed.

vi) Personal data are maintained in a format, which allows identifying of the respective natural person for a period not longer than the one necessary for the purposes for which the data were collected.

1.3. The employees who process personal data are subject to an initial and periodic data privacy training and are familiarized with the applicable data privacy legislation.

Part 2: Definitions

The terms listed below shall have the following meaning:

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

“Applicable legislation” means the legislation of the European Union (EU) and in particular the legislation of Republic of Bulgaria, which is applicable towards the personal data protection.   

“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

“Data subject” means an individual (natural person) who can be identified directly or indirectly, in particular by an identifier such as name, identification number, location data, online identifier or one or more physical, physiological, genetic, mental, economic, cultural or social identifiers of that individual

“Regulation (EU) 2016/679“ or “GDPR” means Regulation (EU) 2016/679  of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Part 3: Data subjects’ rights

The data subjects shall have the following rights regarding to their personal data processed by Chaos Software:

i) Right of access;

ii) Right of rectification;

iii) Right to data portability;

iv) Right of erasure (‘right to be forgotten’);

v) Right to restriction of processing;

vi) Right to object against the processing of personal data;

vii) Right not to be subject to a decision based solely on automated processing, including profiling.

Right of Access

2.1. When requested Chaos Software shall present to the data subject the following information:

i) information whether Chaos Software processes personal data of the data subject who made the request or not;

ii) copy of the personal data of the person which are processed by Chaos Software and

iii) explanation about the processed personal data

2.2. The explanation under item 2.1. (iii) above shall include the following information about the personal data processed by Chaos Software:

i) purposes of processing;

ii) respective categories of personal data;

iii) recipients or categories of recipients to which personal data is or may be disclosed, in particular recipients in third countries outside of the EU or the European Economic Area;

iv) when it is possible, the envisaged retention period for which the personal data shall be retained and when this is impossible the criteria used for determining such period;

v) the existing of the rights to require correction, rectification, erasure or restriction of processing of personal data related to the data subject as well as the right to object against the processing of personal data; 

vi) the right to file a complaint before the respective authorities;

vii) when the personal data are not collected through the individual full information shall be provided about the source of the collected personal data;

viii) the existence of automated decision making regardless of which this processing includes profiling and information related to the logic as well as the expected consequences from this processing to the data subject;

ix) when personal data is transferred to a third country or to an international organization the data subject shall have the right to be informed about the applicable safeguards to his/hers personal data related to the transfer

2.3. The explanation about the processed personal data contains information which Chaos Software provides to the data subject by presenting a privacy notice.

3.1. Based on a request by the data subject Chaos Software may provide a copy of the personal data, which The Company is processing about the respective data subject.

3.2. When providing a copy of personal data Chaos Software shall not disclose to the subject the following categories of data:

i) personal data of third parties, unless the said parties have given their explicit consent for this;

ii) data which can be qualified as trade secret, intellectual property or confidential information;

iii) other information which is protected under the applicable legislation

3.3. Granting the right of access to data subjects shall not interfere negatively to the rights of third parties or lead to a breach of Chaos Software’s statutory obligation.  

4.1. When the requests for access are being manifestly unfounded or excessive, especially because of their repeatability, Chaos Software may charge a reasonable fee based on the administrative costs of providing the information or refuse to respond to the request for access.

4.2. Chaos Software determines on a case-by-case basis whether a request for access is manifestly unfounded or excessive.

4.3. When refusing access to personal data, Chaos Software issues an official explanation for its refusal and informs the data subject of his right to file a complaint with the Personal Data Protection Commission (CPDP).

Right of rectification

5.1. Data subjects may request that their personal data processed by Chaos Software be corrected if the data are inaccurate or incomplete. 

5.2. Upon a satisfactory request for correcting personal data, Chaos Software shall notify the other recipients to whom personal data have been disclosed (such as government bodies, service providers) so that they can reflect the changes.

Right of erasure (‘right to be forgotten’)

6.1. Upon request, Chaos Software shall erase all personal information of the data subject who made the request in case any of the following grounds apply:

i) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;

ii) he data subject withdraws consent on which the processing is based and where there is no other legal ground for the processing;

iii) the data subject objects to the processing and there are no overriding legitimate grounds for the processing;

iv) the data subject objects to the processing of personal data for the puproses of direct marketing;

v) the personal data have been unlawfully processed;

vi) the personal data must be erased for compliance with a legal obligation in Union or Member State law to which Chaos Software is subject;

vii) the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

6.2. Chaos Software is not obliged to erase and may continue processing the personal data as long as the processing is necessary for one of the following grounds:

i) for exercising of the right of freedom of expression and information;

ii) for compliance with a legal obligation of Chaos Software;

iii) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) as well as Article 9(3) of the GDPR;

iv) or archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing ; or

v) for the establishment, exercise or defense of legal claims.

Right to restriction of processing

7.1. The data subject has the right to request a restriction of processing when one of the following applies:

i) the accuracy of the personal data is contested by the data subject, for a period enabling Chaos Software to verify the accuracy of the personal data;

ii) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;

iii) Chaos Software no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims; 

iv) the data subject has objected to processing based on the legitimate interest of Chaos Software pending the verification whether the legitimate grounds of the controller override those of the data subject;

7.2. Chaos Software may process personal data whose processing is restricted only for the following purposes:

i) storage purposes

ii) if explicit consent is provided by the data subject;

iii) or the establishment, exercise or defense of legal claims;

iv) for the protection of the rights of another natural or legal person ; or

v) or reasons of important public interest of the Union or of a Member State

7.3. When a data subject has requested a restriction of the processing and there is one of the grounds under Art. 7.1. above, Chaos Software informs the data subject before the restriction of the processing is lifted.

Right to data portability

8.1. The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to Chaos Software, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where.

8.2. Upon request, the personal data may be transferred to another administrator designated by the data subject where this is technically feasible.

8.3. The data subject may exercise the right of portability in the following cases:

i) the processing is based on the consent of the data subject;

ii) the processing is based on a contractual obligation;

iii) the processing is carried out by automated means.

8.4. The right of data portability cannot adversely affect the rights and freedoms of others.

Right to object

9.1. The data subject shall have the right to object against the processing of his/hers personal data by Chaos Software if the data are processed based on one of the following grounds:

i) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

ii) processing is necessary for the purposes of the legitimate interests pursued by Chaos Software;

iii) the processing includes profiling

9.2. Chaos Software shall no longer process the personal data when the right to object is exercised by a data subject unless the Company demonstrates compelling legitimate grounds for the processing, which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Right to object against processing for the purposes of direct marketing

10.1. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing.

10.2. Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.

Right of human intervention in the process of automated decision making

11.1. Where Chaos Software uses automated decision making, regardless of whether it includes profiling and this decision making process have legal consequences for, or significantly affect natural persons, in a similar way, such persons may request a review of the decision with human intervention and express their point of view.

11.2. Chaos Software provides information to natural persons subject to automated decision making about the logic as well as the meaning and envisaged consequences of such processing when a request for such information is made.

Part 4: Procedure for exercising the rights of data subjects

12.1. All data subjects may exercise the rights under this Polict by submitting a request for the exercise of the relevant right.

12.2. Requests to exercise the data subjects’ rights shall be made in one of the following manners:

i) By email to the following email address dpo@chaosgroup.com

ii) At the office of Chaos Software

iii) By mail to the following address: 147 Tsarigradsko Shose Blvd., fl. 4, Sofia Bulgaria, 1784.

12.3. The request for the exercise of rights relating to the personal data of the data subject should contain the following information:

  1. Identification of the person - name and personal identification number (where applicable)
  2. Contact details: address, telephone, email
  3. Request - description of the request

12.3. Chaos Software provides information on the actions taken in relation to a request for the exercise of the rights of the data subjects within one month of the receipt of the request.

12.4. That period may be extended by two further months where necessary, taking into account the complexity and number of the requests. Chaos Software shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the delay.

12.5. Chaos Software is not obliged to respond to a request if it is unable to identify the data subject.

12.6. Chaos Software may request the provision of additional information necessary to verify the identity of the data subject when there are reasonable concerns about the identity of the requesting individual.

12.7. Where the data subject makes the request by electronic form means, the information shall be provided by electronic means where possible, unless otherwise requested by the data subject.

 

PRIVACY NOTICE

 

With the following privacy notice Chaos Software (“Chaos Software”, “We”, “The Company”) provides information about the personal data, which may be processed in the course of registration of Chaos ID account, usage of free trials and demo versions of software products, as well as purchasing of software products and services provided by Chaos Software.

This privacy notice is an addition to the Privacy Policy, which stipulates the rules and procedures of data processing regarding the personal data of our clients and users collected through our websites.

This privacy notice aims to help you understand how and why we may use your personal information. The tables and examples listed below are illustrative, non-exhaustive, and not fully representative for any client or user who provides personal data to the Company.

What personal data about you does Chaos Group process?

“Personal data” means any information relating to an identified or identifiable natural person (‘data subject’) including such data, which may be subject to a specific protection under the applicable local and European data protection legislation.

The personal data, which is processed for clients and users of Chaos Software are as follows:

Categories of personal data

Types of personal data

Grounds for processing

Information about you

Name, surname, family name

Performance of a contract / legitimate interest

Identification number

Personal identification number or other identifier used as VAT number for the invoice issued for natural person

Performance of a contract

Contact details

Email, telephone, fax

Performance of a contract / legitimate interest / explicit consent provided by you by filling an optional field

Information about your employer

Name of the company you work for.

Explicit consent provided by you by filling an optional field

Data about your interests

Information about the industrial interest you have in software products (e.g. Film, VFX, Television, etc.)

Explicit consent provided by you by filling an optional field

Data about the country of registration

Data about the country from which your registration is made

Legitimate interest

Bank data

Partial data about your bank account

Performance of a contract

Data about the persons who are eligible for discounts

Copy of documents evidencing that the person is an active student in an university

Performance of a contract / legitimate interest

Internet data

Data about your IP address, location data, cookie data, etc.

Performance of a contract / legitimate interest

Copy of personal communication on our website

Copies of communication you might have with third parties while using our website and our communication system tools

Legitimate interest

Other data

Other data, necessary for the performance of the contractual relationship and the support and maintenance of your Chaos ID account.

 

Performance of a contract / legitimate interest

 

For what purposes are we going to use your personal data?

 The personal data provided by you shall be used for the following purposes, including but not limited to:

  • administration and maintenance of your Chaos ID account;
  • sale and support of products and services, which you decide to purchase or use through your Chaos ID account;
  • usage of aggregated data (not including personal data) about your use of Chaos Software’s products for the purposes of making all our products better;
  • sending of marketing messages for relevant products and services provided by Chaos Software subject to all applicable legal requirements;
  • processing of personal date for compliance with regulatory and other legal requirements;
  • answering to claims and requests sent by our customers / users;
  • processing orders or purchases made by you (our customers / users);
  • performance of rights and obligations related to our products, contractual or pre-contractual relationship with you;
  • anticipating and resolving issues related to our products or services delivered to you;
  • creating products or services that would meet your needs

With whom may we share your personal data?

Chaos Software respects your privacy and keeps your data secured. Subject to statutory requirements, Chaos Software may disclose your personal data to the following persons:

  • Service providers: When we use service providers related to client management systems, technical maintenance and provision of internal IT systems (using the services of Microsoft, Google, ClickDimensions, Mailchimp and Hotjar) and operational support to our activities, Chaos Software may disclose personal data to those service providers. Please be informed that such disclosure shall commence only in case there are legitimate grounds for doing so and only based on a written agreement ensuring that the receiver provides adequate levels of protection for the personal data.
  • Our partners in our distribution network: Chaos Software uses a network of distributors who distribute our products and services in different jurisdictions. Therefore, in order to fulfill our contractual obligations, we may disclose your personal data to a distributor who is in a suitable area with you in order to provide the best quality service.
  • An external company providing services related to card payments: Chaos Software uses an external company administering card payments when purchasing products and services provided by us. The external company providing card payment services is "Adyen Payment Servies" (Adyen), more information about which can be found at https://www.adyen.com/.  
  • State and municipal authorities: In the course of compliance with its legal obligations Chaos Software may be obliged to disclose personal data of its employees/contractors to state or municipal authorities
  • Other companies in the corporate group of Chaos Software: For specific job positions, it is possible that Chaos Software shares selected job applications with other companies within the corporate group of Chaos Software. Such disclosure shall be executed following the applicable Bulgarian and European legislation.

Is your personal data shared in countries outside the European Union and the European Economic Area?

Chaos Software uses Microsoft, Google, ClickDimensions, Mailchimp and Hotjar services to build and run its technical infrastructure. As part of this process, your personal data may be stored on servers owned by Microsoft,Google, ClickDimensions, Mailchimp or Hotjar physically located in the United States.

It is important to know that your personal data may only be stored on those servers for storage purposes as part of the contracts between Chaos Software and Microsoft, Google, ClickDimensions, Mailchimp or Hotjar, which contain clauses guaranteeing an adequate level of protection. Also at the time of introduction to this notification policy as Microsoft, Google, ClickDimensions, Mailchimp and Hotjar are certified under "Privacy Shield Framework" ( "Shield of personal data") which is a mechanism for the protection of personal data, approved by the European Commission Case 12 July 2016 (more information can be found here: http://eur-lex.europa.eu/legal-content/BG/TXT/?uri=CELEX:32016D1250).

Also, some of the companies, part of the corporate group of Chaos Software are established and operate in the US. Your personal data could be disclosed to these companies on the basis of the legitimate interest of Chaos Software only after the companies in question have taken full assurance that they can offer adequate protection of the personal data they have provided.

For what period do we store your personal data?

Chaos Software stores your data for the purposes of maintaining Chaos ID and administering contractual relationships with you as follows:

  • The data associated with you from your Chaos ID account is stored for the entire maintenance period of your account and up to one year from the termination of the registration in order to resolve possible disputes that have arisen or become known after termination of the registration;
  • Your data collected in connection with a specific contract for the purchase of a software license / product or service is kept until the expiry of the deadlines set in the specific contract and up to five years thereafter in order to resolve possible disputes that have arisen or become known after expiry of the terms of the contract.

Your rights with respect to your personal data

Subject to Bulgarian law, you have the following rights to your personal data processed by Chaos Software:

  1. access your personal data that Chaos Software processes and get a copy thereof;
  2. in case of incompleteness or inaccuracy in the data that Chaos Software processes, your personal data will be corrected;
  3. request that your data be deleted when the conditions are met. Such cases are if the purpose for which the data is collected is achieved; you have withdrawn your consent when the processing is based on consent and there is no other legal basis for processing; your data is being processed unlawfully, and others;
  4. in the cases specified by the law, you may require that the processing of your personal data to be limited;
  5. in the cases specified by the law, you may object to the processing of your personal data;
  6. exercise your data portability rights and request that your data be provided in a structured, widely used and machine-readable format;
  7. withdraw your consent when processing your personal data is based on consent.

Detailed information on the terms and conditions under which you can exercise your rights can be found in the Privacy Policy of Chaos Software on our website at www.chaosgroup.com/privacy. You also have the right to file a complaint with the Personal Data Protection Commission when the relevant prerequisites are in place.

How to contact us?

You can contact us at the following address: Bulgaria, Sofia 1784, Bulgaria, Sofia 1784, Mladost, bl. 548, ent. B, floor 2, apt. 201, 202, 203, e-mail: dpo@chaosgroup.com

Our Data Privacy Officer is Mr. Lenko Ressilovski.

Updating the privacy notice

This notice may be updated periodically to reflect changes in the privacy practices of Chaos Software customers. The Company undertakes to notify you of all material changes to this notification.