The present document contains the Rules for collecting, processing and protecting users’ personal data while using the services offered by the LIBRe Foundation - a non-profit legal entity, established and operating in accordance with the laws of the Republic of Bulgaria, registered under company file No. 220/2015 as docketed in the Register of Non-Profit Legal Entities by the Sofia City Court, UIC BULSTAT 176860854, with seat and address of management: 64, Dimitar Petkov Str., Ent. B (Б), Floor 3, 1309 Sofia ("The Rules").

The rules regulate the collection, processing and protection of personal data related to users of the services available through the LIBRe Foundation’s website on: http://www.libreresearchgroup.org/, as a data controller.



DEFINITIONS
ARTICLE 1

(1) For the purposes of the application and interpretation of the present Rules, the terms and phrases used shall have the following meaning:

1. „Information system“ – every specific device or combination of devices similar to each other with device or at least one of them is designed to save, send or receive electronic documents.

2. „Electronic reference“ – a hyperlink, identified on a specific webpage, which allows automated forwarding to another webpage, information resource or an object via standardized protocols.

3. „Provider of a third-party information storage service“ – natural person or a legal entity providing shared hosting services.

4. „LIBRe Foundation“ – foundation, non-profit organization, established and operating in accordance with the laws of the Republic of Bulgaria, registered under company file No. 220/2015 as docketed in the Register of Non-Profit Legal Entities by the Sofia City Court, UIC BULSTAT 176860854, with seat and address of management: 64, Dimitar Petkov Str., Ent. B (Б), Floor 3, 1309 Sofia.

5. „User“ – every person who uses the information services or the content offered through the website, administrated by LIBRe Foundation, regardless of the form of the usage.

6. „Random event“ – unforeseeable and unavoidable event of an unusual nature which could not have been foreseen at the time of the conclusion of the contract and which, on its occurrence, makes the provision of services objectively impossible.

7. „Shared hosting services“ – including but not limited to services that provide free disk space, located in the infrastructure of the third parties’ information storage service provider; providing access to admin panels for publications services; processing and administration of information, stored in the provided disk space services; use of email; providing parameters in relation to provided service under a contract between LIBRe Foundation and the third parties’ information storage provider; providing technical support services; providing control panel for management of the subscriptions and the registrations of the users.

8. „Content“ – every text, image, sound, video, multimedia or other audio and/or audio-visual content, electronic reference or other material or information, including expressed opinions and/or positions, published on the LIBRe Foundation’s website and stored on a server owned by the third parties’ information storage service provider, access to which is granted via the website of LIBRe Foundation.

9. „Website“ – a set of webpages, containing text, sound, images, electronic references, computer programs (software) or other materials and sources which are available in the Internet and accessible to unified resource address (URL) in an electronic communications network using the hypertext transfer protocol (http/https).

10. „LIBRe Foundation’s website“ – a website, developed and administrated by LIBRe Foundation and available at http://www.libreresearchgroup.org and which offered the user various information services and content which are subject to the present Rules.

11. „Services“ – the services offered via the website of LIBRe Foundation.

12. „Webpage“ – a hypertext document containing files, images, audio, video and/or audio-visual and other content accessed through a unified resource address (URL).

13. „Unlawful conduct“ – actions and/or inactions which cause damages to individuals using the electronic communication networks and services, including sending of unsolicited commercial communications (spam), channel overflow (flood), cyberbullying and systematic sending of abusive, humiliating, offensive or threatening emails, gaining access to others’ rights or passwords, acquired illegally, use of systems’ flaws in order to gain benefits for the perpetrator or a third party or acquiring information, disturbing the normal work of the other Internet users or the users of other electronic communication networks, perpetration of acts which can be classified as criminal offenses, including but not limited to damaging or destroying property via unlawful access to computer systems or information arrays, computer fraud, introducing a computer virus into a computer program or Trojan Horses type of system, remote control systems, etc. as well as other acts that can be classified under the scope of a delict or administrative offense under the Bulgarian legislation.

(2) In the appropriate cases, the words used in singular shall be regarded as including the plural version of the same words and vice versa.




GENERAL PROVISIONS
ARTICLE 2

The collection, processing and storage of personal data related to the users of the LIBRe Foundation’s website is performed by LIBRe Foundation, which is registered as a controller in the Register of Data Controllers and their registers with the Commission for Personal Data Protection (CPDP) with identification No. 419473.

ARTICLE 3

Processing of personal data is performed in accordance with the requirements of the Bulgarian Personal Data Protection Act and the European Union’s legislation. Personal data is collected, processed and stored lawfully and in good faith only for the purposes of presenting the content and the services offered through the LIBRe Foundation’s website.

ARTICLE 4 The personal data of the LIBRe Foundation’s website users are stored for a period of time no longer than the necessary for LIBRe Foundation in order to provide the content and the services as well as the other purposes, specifically indicated in the general terms and conditions or in a legal act.



CATEGORIES OF PERSONAL DATA AND PURPOSES OF PROCESSING
ARTICLE 5

(1) In order to provide the services, LIBRe Foundation may collect, store and process information voluntarily provided by the user, including but not limited to name, address, email, phone number and other information related to an individual.

(2) The information under paragraph 1 is stored and processed by LIBRe Foundation for the purpose of providing certain services which require processing of personal data, for example, registration for participation in training events, seminars, conferences, competitions, etc., organized by LIBRe foundation, for sending information bulletins via email, etc.

ARTICLE 6

(1) For the purpose of offering services and improving their quality LIBRe Foundation may automatically store certain information which is sent by a computer or another end-user device to the server of the Provider of a third-party information storage service in relation to the user’s activity.

(2) The information under paragraph 1 is stored in log files on the server of the Provider of a third-party information storage service. This information may contain data about:

1. web pages of the LIBRe Foundation’s website accessed by the user; websites that redirected the user towards the website of LIBRe Foundation; electronic references accessed by the user, available on the LIBRe Foundation’s website;

2. date and time of the access under point 1 above;

3. public IP address of the end user’s device;

4. type, name and version of the user’s web browser;

5. key words used by the user for searching information in the website of LIBRe Foundation;

6. number of users who visited certain web page from the website of LIBRe Foundation;

7. number of clicks on electronic references of the LIBRe Foundation’s website, etc.

ARTICLE 7 Except for the cases under Articles 5 and 6 LIBRe Foundation has the right to collect, process and use log files containing, for example, date, time, source of connection - IP addresses, when required by applicable law as well as log files and any other information necessary for the recreation of electronic statements made by the user in the course of using the services or for identifying the use (where applicable) in the event of a legal dispute.
ARTICLE 8

Where applicable, when providing the services, LIBRe Foundation may store information and gain access to information stored on the end user’s device which is processed for the purpose of:

1. ensuring the user’s normal and quality access to services and all their functionalities;

2. verifying the availability of scripts, software apps and settings of the end user’s device, necessary for the normal access and usage of the services and correspondingly informing them about the lack of the such;

3. following and preventing multiple registrations from the same user and committing unlawful actions;

4. visualization or hiding of elements from LIBRe Foundation’s website which have specific requirements, that are compatible or incompatible with specific properties, qualities or settings of the end user’s device such as screen width, resolution, etc.;

5. customizing the services and providing automatic display or hiding of various elements from the LIBRe Foundation’s website in accordance with the user’s preferences and settings;

6. customizing the services and ensuring automatic display or hiding of various elements from the LIBRe Foundation’s website in accordance with the user’s preferences and settings.

ARTICLE 9 The information under Articles 5, 6 and 8 will not be associated with any other information and will not be used to identify the user except in the cases provided for by these rules.
ARTICLE 10 LIBRe Foundation does not in any circumstances require, collect, process, store or disclose information containing personal data about the user in relation to his or her health, sexual life or the human genome; reveal racial or ethnic origin; or reveal political, religious or philosophical beliefs, membership in political parties or organizations, associations with religious, philosophical, political or trade union goals.



CONSENT ON THE PROCESSING OF PERSONAL DATA
ARTICLE 11 By using the services provided through the LIBRe Foundation’s website, the user confirms that they give unambiguously their freely expressed, specific and informed consent to the processing of personal data relating to them under these rules.
ARTICLE 12 The user confirms that they are familiar with the content of the General Terms and Conditions and the present Rules.
ARTICLE 13

The text of the Rues is available in the internet in both Bulgarian and English language at:

http://libreresearchgroup.org/bg/a/privacy-policy

http://libreresearchgroup.org/en/a/privacy-policy

in a format that allows their storage and playback.




LIABILITY
ARTICLE 14 LIBRe Foundation takes due diligence and shall be responsible for the protection of the user’s information that was made available to LIBRe Foundation in relation to the provision of the services.
ARTICLE 15 In the event of force majeure, random event or unlawful acts of third parties, LIBRe Foundation shall not be responsible for the failure to comply with its obligations under these Rules, but shall notify the affected users in writing within one month regarding the possible consequences of the non-compliance with the personal data protection of their information.



TECHNICAL AND ORGANIZATION MEASURES
ARTICLE 16

(1) LIBRe Foundation, acting as data controller, takes the necessary technical and organizational measures in order to protect the user’s data against random or illegal destruction, random loss, unauthorized access or distribution, as well as against other illegal forms of processing. In any processing that involves transmission of personal data by electronic means, LIBRe Foundation takes special measures for protection of the data. Those measure include but are not limited to:

1. technical and organizational measures taken by the third parties’ information storage service provider;

2. using passwords with sufficient length and level of difficulty in order to limit the access of third persons to the content of the LIBRe foundation’s website which is not accessible to the general public;

3. encrypting the connection between the end user’s device and the LIBRe Foundation’s website through SSL certificate.

(2) All the measures under paragraph 1 are in accordance with the state of the art technological advancements and provide a level of protection which corresponds to the risks related to processing the data and its nature that need to be protected.

ARTICLE 17

In any registration and other forms that require user identification, LIBRe Foundation clearly indicates the mandatory or voluntary nature of providing the data under Article 11 and the consequences of the refusal. In order to avoid any doubt, in the relevant registration forms the provision of data that is mandatory is a condition for a successful registration and any failure to provide them constitutes an obstacle for access to services that require registration.




RIGHTS AND OBLIGATIONS OF THE USER
ARTICLE 18

The user may at any time exercise their rights given by the Bulgarian legislation which include but are not limited to:

1. right to access to their personal data processed by LIBRe Foundation;

2. right to correct or update their personal data processed by LIBRe Foundation;

3. right to request that LIBRe Foundation deletes, corrects or blocks the user’s personal data the processing of which do not meet the requirements of the legislation in force;

4. right to request that LIBRe Foundation notifies third parties that received access to the user’s personal data, of every deletion, correction or blocking, with the exception of the cases when this is impossible or it involves great efforts from LIBRe Foundation.

ARTICLE 19 The user is entitled, at all times, to refuse the storage and/or access to information stored on his/her end-user device. Making this refusal and/or the deletion of cookies by the user may result in the user being totally or partially unable to access the LIBRe Foundation's website and/or services for which LIBRe Foundation shall not be held responsible.
ARTICLE 20 The user has the right to receive information from LIBRe Foundation at any given time about data which is stored on their end user device by sending a request to the email address of LIBRe foundation at office@libreresearchgroup.org.
ARTICLE 21

In the event that the user or persons under their control have committed unlawful actions within the meaning of these Rules or have infringed the rights or legitimate interests of third parties, LIBRe Foundation is entitled to provide information about the user to the relevant competent governmental authorities in order for them to take the measures, prescribed by the legislation in force.




RIGHTS AND OBLIGATIONS OF LIBRe FOUNDATION
ARTICLE 22

LIBRe Foundation has the obligation not to disclose personal data of the users and not to present these data to third parties – state authorities, individuals, etc., in accordance with the present Rules regarding the personal data, except in the cases when:

1. this is provided for by the present Rules or when the user has given their explicit consent during the registration or later on;

2. the information is requested by state authorities, judicial authorities or other authorities which are entitled to request and receive such information under the current legislation and following an explicit procedure;

3. the disclosure of personal data is necessary for protection of the rights and legitimate interests of LIBRe Foundation;

4. the data is provided by a data processor on behalf of LIBRe Foundation which ensures the necessary guarantees for the technical and organizational security that need to be followed during the processing. The data processor is obliged to process the data only according to the LIBRe Foundation’s instructions and they are not allowed to process the user’s data in any other way and for other purposes than the ones indicated in the present Rules;

5. other cases provided for in a law or in the General Terms and Conditions.

ARTICLE 23

LIBRe Foundation may store cookies on the user’s computer or another end-user device, in the form of small text files, usually consisting of letters and numbers saved by the device, through which the user can access certain web pages that enable the user information to be restored by recognizing their end device and/or web browser. The cookies used by the LIBRe Foundation do not contain any information that permits the user to be identified. LIBRe Foundation uses the following types of cookies:

1. ‘permanent cookies’, that are stored in the end-user device until they delete them. The permanent cookies can be deleted by the user following the instructions provided by the web browser they use. The cookies used by LIBRe Foundation contain identification number which facilitates the identification of the web browser and/ or end-user device, used by the user;

2. ‘web analytics cookies’, processed by Google via Google Analytics and used for statistical and analytical purposes. For more information regarding this type of cookies, please visit the website of Google Developers (available in English). The service provider does not have access and control over the use of web analytics cookies.

The present Rules are adopted with a decision by the LIBRe Foundation’s director on 21.04.2017 and come into force on 21.04.2017. Any subsequent changes to the Rules shall be effective from the date indicated with the corresponding amendments.

© 2017 LIBRe Foundation