wellConnected

Privacy Policy

CreateX Ltd. is a company registered in the Commercial Register of the Registry Agency with UIC: 204702686, e-mail: office@createx.bg.

Legal Grounds and Purposes for Processing Your Personal Data

We process your personal data on the following grounds:
  • The General Terms and Conditions for using the Website;
  • Your explicit consent – the purpose is specified in each specific case;
  • A legal obligation prescribed by law;
In the following paragraphs, you will find detailed information regarding the processing of your personal data depending on the grounds on which we process them.

For the Performance of a Contract

We process your personal data to facilitate the use of the Website in accordance with the rules of the general terms and conditions. Processing purposes (where applicable):
  1. To verify your identity;
  2. To provide the functionalities of our website;
On this basis, we only process personal data related to the user profile you have created. The data collected on this basis is deleted 2 years after the termination of the contractual relationship, regardless of whether due to expiration, termination, or other reasons.

With Your Consent

We process your personal data on this basis only after obtaining your explicit, unambiguous, and voluntary consent. We will not impose any adverse consequences on you if you refuse to allow the processing of your personal data. Consent is a separate legal basis for processing your personal data, and the purpose of the processing is specified in the consent itself and is not covered by the purposes listed in this policy. If you provide us with the relevant consent, and until its withdrawal or termination of any contractual relationship with you, we may prepare tailored product/service offers for you by conducting detailed analyses of your primary personal data. Data We Process on This Basis: On this basis, we may process personal data for direct marketing purposes, including website usage data and social media profile data. Sharing Data with Third Parties On this basis, we may share your data with marketing agencies, Facebook, Google, or similar entities. Withdrawal of Consent You may withdraw your consent at any time. Withdrawing consent does not affect the performance of contractual obligations. If you withdraw your consent to process personal data for any or all of the purposes described above, we will no longer use your personal data and information for those purposes. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal. To withdraw your consent, you only need to use our website or contact us. When We Delete Data Collected on This Basis Data collected on this basis is deleted upon request from you or 12 months after its initial collection.

How We Protect Your Personal Data

To ensure adequate protection of company and customer data, we implement all necessary organizational and technical measures provided in the Personal Data Protection Act. The company has established rules to prevent misuse and security breaches, which support the processes of safeguarding and ensuring the security of your data. To maximize security in processing, transmitting, and storing your data, we may use additional protection mechanisms such as encryption, pseudonymization, and others.

User Rights

Every user of the website enjoys all rights to personal data protection under Bulgarian law and European Union law. The user may exercise their rights by sending a message to our email. Each user has the right to:
  • Be informed (regarding the processing of their personal data by the administrator);
  • Access their personal data;
  • Rectification (if the data is incorrect);
  • Erasure of personal data (right “to be forgotten”);
  • Restriction of processing by the administrator or processor;
  • Data portability between different administrators;
  • Object to the processing of their personal data;
  • Not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them;
  • Judicial or administrative protection if their rights have been violated.
The user may request erasure if one of the following conditions applies:
  • The personal data is no longer necessary for the purposes for which it was collected or otherwise processed;
  • The user withdraws their consent on which the processing is based and there is no other legal ground for processing;
  • The user objects to the processing, and there are no overriding legitimate grounds for processing;
  • The personal data has been unlawfully processed;
  • The personal data must be erased to comply with a legal obligation under Union law or the law of a Member State applicable to the administrator;
  • The personal data was collected in connection with the offering of information society services to children, and the consent was given by the holder of parental responsibility over the child.
The user has the right to restrict the processing of their personal data by the administrator when:
  • They contest the accuracy of the personal data. In this case, processing is restricted for a period that allows the administrator to verify the accuracy of the personal data;
  • The processing is unlawful, but the user does not want the personal data to be erased and instead requests restriction of its use;
  • The administrator no longer needs the personal data for processing purposes, but the user requires it for the establishment, exercise, or defense of legal claims;
  • The user has objected to processing pending verification of whether the administrator’s legitimate grounds override those of the user.

Right to Data Portability.
The data subject has the right to receive the personal data concerning them that they have provided to an administrator in a structured, commonly used, and machine-readable format and has the right to transfer those data to another administrator without hindrance from the administrator to whom the personal data were provided, where the processing is based on consent or a contractual obligation and the processing is carried out by automated means. When exercising their right to data portability, the data subject also has the right to have the personal data transmitted directly from one administrator to another, where technically feasible. Right to Object. Users have the right to object to the administrator regarding the processing of their personal data. The personal data administrator must cease processing unless they demonstrate compelling legal grounds for the processing that override the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defense of legal claims. If an objection is made to the processing of personal data for direct marketing purposes, processing must cease immediately. Complaint to the Supervisory Authority Every user has the right to file a complaint against the unlawful processing of their personal data with the Commission for Personal Data Protection or the competent court.