Personal Data
Mandatory information about data subjects' rights (Privacy notice)
General Information
On 25 May 2018 the EU General Data Protection Regulation (GDPR) came into force. It aims to guarantee the protection of personal data of individuals in all EU member states and to unify the regulations for its processing.
As a personal data controller providing hosting services, The Origami Corporation Ltd. meets all requirements of the regulation, collecting only the data necessary for providing the service and keeping it responsibly and lawfully.
Data Controller
- Name: The Origami Corporation Ltd.
- UIC/BULSTAT: 205075707
- Registered office: Sofia 1700, Studentski Grad, bl. 41A, ap. 121, Bulgaria
- Correspondence: Sofia 1700, Studentski Grad, bl. 41A, ap. 121, Bulgaria
- E-mail: [email protected]
- Phone: (+359) 88 454 7132
Competent Supervisory Authority
- Name: Commission for Personal Data Protection (Bulgaria)
- Address: 2 Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria
- Phone: +359 2 915 3 518
- E-mail: [email protected]
- Website: www.cpdp.bg
Grounds for Collecting and Processing Your Personal Data
The Origami Corporation collects and processes your personal data in connection with providing hosting services, domain registration, virtual and dedicated servers, and concluding contracts, on the grounds of Art. 6(1) of Regulation (EU) 2016/679, specifically:
- Explicit consent obtained from you as a client;
- Performance of the company's obligations under a contract with you;
- Compliance with a legal obligation applicable to the company;
- The legitimate interest of the company.
Purposes and Principles of Processing
The company collects and processes the personal data you provide for the following purposes:
- Creating an account and providing full functionality of our services;
- Identifying a party to the contract;
- Accounting and statistical purposes;
- Information security;
- Securing performance of the service contract;
- Sending service messages, change notifications and recommendations;
- Providing technical support via ticket system or call center.
What Personal Data We Collect
The company processes the following categories of personal data:
- Identifying data: first and last name, e-mail, country, phone;
- Additional data you provide: address and technical contact e-mail;
- IP address when visiting the website or your account;
- Personal ID number — only when an invoice to an individual is explicitly requested;
- Blog user data: names, e-mail, website.
Data We Do NOT Collect
The company does not collect or process personal data that:
- Reveals racial or ethnic origin;
- Reveals political, religious or philosophical beliefs, or trade union membership;
- Genetic and biometric data, health data, or data concerning sex life or sexual orientation.
Retention Period
The company stores your personal data for no longer than your account exists on the website. After that period we take due care to delete and destroy all your data without undue delay.
Data based on consent is stored until its explicit withdrawal. Data the company must keep under applicable law is stored for the respective statutory period.
Your Rights
As a data subject you have the following rights, exercisable through your account or by written request:
- Withdraw consent to processing at any time;
- Access your personal data and information about its processing;
- Rectify or complete inaccurate or incomplete data;
- Erasure ("right to be forgotten") when the grounds for processing no longer apply;
- Restriction of processing;
- Data portability — download or transfer your data to another controller;
- Information about recipients to whom the data has been disclosed;
- Objection, including against profiling or direct marketing;
- Lodge a complaint with the Commission for Personal Data Protection.
Security Breaches
If the company identifies a personal data breach that may pose a high risk to your rights and freedoms, we will notify you without undue delay about the breach and the measures taken or to be taken.
Recipients of Your Personal Data
For registering a domain in or outside the .BG zone, upon your request, the company transfers the necessary information to the respective domain registrar, which processes your data as a controller for the purposes of the requested registration.
The controller does not transfer your data to third countries.
Cookie Policy
The website uses cookies essential for its correct operation. By visiting our site you accept the use of cookies. We use the following types:
- Essential cookies — required for correct operation (language, currency, etc.);
- Analytics cookies — visit statistics via Google Analytics with anonymized IPs (up to 50 months);
- Functional cookies — full functionality, videos, chat and remembering your preferred language;
- Targeting cookies — dynamic cookies of advertising partners (Facebook, Google, etc.), storing no personal information.
Security Measures
The security of any information on our infrastructure, including personal data, is a company priority. We deployed a fully in-house security system across our entire infrastructure that works on several levels and blocks tens of thousands of compromise attempts against client sites and data every day.
We also run a comprehensive DDoS protection system that detects 95% of known DDoS attack types and is continuously updated against newly registered threats.
Last updated: 21 March 2019
