Privacy policy

This privacy policy describes how we collect, hold and use information about the users visiting our Websites https://tollpass.bg, https://vinetki.bg, https://accounts.itsbulgaria.com and the mobile applications („Platforms“). BY USING THESE PLATFORMS, YOU CONSENT TO THE COLLECTION AND USE OF INFORMATION AS SET FORTH IN THIS PRIVACY POLICY. YOU ALSO ACKNOWLEDGE THAT WE MAY PERIODICALLY CHANGE, MODIFY, ADD OR REMOVE OR OTHERWISE UPDATE THIS PRIVACY POLICY AT OUR DISCRETION, WITHOUT PRIOR NOTIFICATION. It is our intention to post changes to our privacy policy on this page so that you are fully informed concerning the types of information we are gathering, how we use it, and under what circumstances it may be disclosed. The current version of our Privacy Policy is published on the Platforms. We accept the guarantee of the right to protection of personal data as our major commitment, so we will use and make all necessary resources and efforts to process your data in full compliance with Regulation (EC) 2016/679 (General Data Protection Regulation or GDPR) and any other applicable Bulgarian legislation. Since one of the key principles of this legal framework is transparency, we have prepared this document through which we want to inform you about how we collect, use, transfer and protect your personal data when interacting with us about our services through our Platforms.

We reserve the right to periodically update and modify this Privacy Policy to reflect any changes in the way we process your personal data or any changes to our legal requirements. In the event of any such change, we will publish on our Platforms the modified version of the Privacy Policy, so please periodically review the contents of this Privacy Policy.

Who we are and how you can contact us?

Intelligent Trafic Systems AD is a company with headquarters and management address at office 6, Floor 4, EOS Center, 53B Nikola Y. Vaptsarov Blvd., Lozenets district, 1407, Sofia, Bulgaria, with address for correspondence: office 6, Floor 4, EOS Center, 53B Nikola Y. Vaptsarov Blvd., Lozenets district, 1407, Sofia, Bulgaria, UIC 201988199 and VAT identification number: BG201988199 (hereinafter referred to as ITS). For the purposes of data protection legislation, ITS is processor for your personal data processing as ITS is processing your personal data on the name of Road infrastructure agency (“RIA”) according to the Personal data processing and protection policy, approved and published on the following link: http://www.api.bg/index.php/bg/zashita-na-lichnite-danni; as well as on its own name in compliance with the present privacy policy. 

If you have any question about processing of your personal data, please contact the Data Protection Officer by e-mail at info@vinetki.bg or support@tollpass.bg or at the address office 6, Floor 4, EOS Center, 53B Nikola Y. Vaptsarov Blvd., Lozenets district, 1407, Sofia, Bulgaria - by writing the following text: to the attention of the Data Protection Officer at ITS.

Categories of personal data we process

ITS processes your personal data you provide by filling forms, sending inquiries and messages on the Platforms, as well as in making a follow-up contact with us in the course of reviewing your inquiries and messages. The information may include identifying data, contact details (email and phone number) and other information that may be required for further processing of your data in connection with our correspondence.

ITS collects your personal data directly from you, so you decide whether or not to submit it. Part of the information we receive is required when registering to create a user profile on the Platforms of ITS.

ITS collects your personal data in following cases:

• When you create a user profile on the Platforms, you send us your e-mail address, your first name and surname;
• You can add additional information to your user profile from the Platforms, such as: mobile phone number, stationary phone number, etc.;
• If you wish to protect your profile on the Platforms with Two-Factor Authentication in addition to the password, you must also insert additional security code. This code is generated momentarily and can only be used once; it contains a sequence of figures sent by ITS to a mobile number specified by you or accessible on a mobile application pre-configured by you and installed on a mobile device. 
• When you conclude a contract through the Platforms, you provide us with the following information:
  • For individuals who are citizens of the Republic of Bulgaria:
    • Full name;
    • Country of nationality;
  • For Bulgarian citizens:
    • Personal Identification Number;
  • For foreign citizens:
    • Bulgarian personal foreigner’s number or international passport number, or national identity card number or unique citizenship number issued by the country of nationality;
    • Date of birth;
  • For legal entities:
    • Company name (including its legal form);
    • Country of incorporation;
  • For Bulgarian legal entities:
    • UIC of the company;
  • For foreign legal entities:
    • Unique identification number of the company issued by the country in which of incorporation;
    • VAT number issued by a Member State of the European Union, if any;
    • Seat and registered address and/or permanent address.
• Identification data for the purpose of registering a road vehicle (“RV"): Country of registration of the vehicle; State control number; Total technically permissible maximum mass of the vehicle (gross combined weight of the vehicle) in a composition of vehicles; Ecological category; Number of axles of the towing vehicle or total number of drawbar axles of the composition of vehicles (if applicable).
• When you have requested to receive information or assistance by filling in our contact form to send you a personalized reply;
• When you sign up and participate in our programs, activities, initiatives and events for the purpose of their conducting;
• In connection with verification the information you provided to authenticate your identity and to prevent abuse and violation of the rules for using the Platforms;
• In the course of our communication on the projects, initiatives, events and other activities that have published on the Platforms;
• When making comments or providing us with additional information in section in the Platforms that allows you to do this;
• In connection with any section of the Platforms in which you deliberately and voluntarily provide personal data and information;
• In the event that our Platforms allow it, if you use your account on social media platforms such as LinkedIn, Twitter, Facebook, Instagram and other to sign up or otherwise use our Platforms, we will have access to your personal data, which you have made available in your account. You can manage access to this data through your account settings on these social networks;
• Except the specified personal data, ITS can collect and subsequently process certain information about your browsing behavior on our Platforms to personalize your interests and make offers that are tailored to your account. We invite you to learn more about this by reading the section on processing below;
• In our Platforms, we may save and collect information using cookies and similar technologies under the Cookie Policy available on the Platforms, and which please to be aware;
• We do not collect or otherwise process any sensitive data included in special categories of personal data in the General Data Protection Regulation.

What are the purposes and reasons for processing your personal data?

We will use your personal data for the following purposes:

For the purpose of conclusion of agreement and provision of services through the Platforms of ITS

This common purpose may include, as appropriate, the following: 

• When creating and managing a user account on the Platforms of ITS;
• In processing of your changes of the information in the User profile, which includes acceptance and validation of the same;
• In resolving issues related to canceled services or any other issues related to the services;
• In exercising the right of withdrawal in accordance with the legal provisions and the General terms and conditions;
• When reimbursing the value of the services, according to the legal provisions;
• In response to your inquiries;
• When sending information about different functionalities on our Platforms or news;
• In order to inform you about changes in our policies and documentation and to personalize your communication with you;
• When sending letters, invitations to events as well as information on programs, initiatives, activities and projects by e-mail or otherwise; for registration for an event or participation in a program;
• In order to optimize or improve our initiatives and activities and for the purposes of research and development of our business;
• For the purpose of detecting, investigating, and preventing actions that may be in violation of our policies or are illegal;
• Providing a better service.

ITS may collect your personal data when filling out a poll about the satisfaction of the services after the completion of the order or conducted directly or with the help of partners, market research, statistics and surveys.

Direct marketing

If you have agreed to receive commercial messages, ITS will collect and process your personal data in order to provide you with offers about the products/services you are interested in. In this regard, we may send you commercial messages via the channels of electronic communication (e-mail, SMS, etc.) that contain general and thematic information, product information that complements the services and other business communications such as market research and consumer opinion polls, and we can present personalized recommendations on the Platforms. In order to provide you with the information of interest to you, we may use certain information about your behavior (e.g. reviewed services added to the list of desirable services/used services), to create your user profile.

You have the right at any time to withdraw your consent to receive commercial communications in the following manner:

• by changing the settings in your account;
• using the "Unsubscribe" link in the messages you receive from us; or
• by contacting ITS using the contact details above.

What are the grounds for processing your personal data?

Legitimate interest - processing your data is necessary to comply with our obligations under current law. There may be cases in which we use or transmit information to protect our rights and our commercial business. These may include:

• measures to protect the Platforms and users of the Platforms against cyber-attacks;
• measures to prevent and detect fraud attempts, including the provision of information to competent public authorities;
• measures to manage various other risks.

The main reason for this type of processing is our legitimate interest in protecting our business, as we ensure that all measures taken by us ensure a balance between our interests and your fundamental rights and freedoms.

In addition, in some cases, the personal data processing by us is based on legal provisions such as the obligation to protect the services and the values provided by applicable law in this regard.

Contractual interest – we are processing your personal data for the purpose of provision of the services under the concluded agreements in the Platforms.

Your consent - we rely on your consent to send you commercial messages and to inform you and involve you in various initiatives and other events, related to our projects and programs, to share your data with our partners and to notify you about changes in our organization and business.

How long we store your personal data?

As a rule, we store your personal data while you maintain your account at ITS for the period necessary to meet the specific for which they are being processed or which is provided for by law. You can always ask us to delete certain information or delete your account, and we will respond to this request, as retain certain information, even after deleting your account when the applicable law or legitimate interests impose it.

To whom we send your personal data?

As the case may be, we may transfer or provide access to some of your personal data to the following categories of recipients:

• companies in the group of companies to which ITS belongs;
• partners in the Platforms of ITS;
• Representatives or agents of ITS through which are provided the services;
• courier service providers;
• payment/banking services providers;
• marketing/telemarketing services providers;
• market research-related services providers;
• insurance companies;
• IT services providers;
• other companies with whom we can develop joint programs to deliver our services on the market.

Within the limits allowed by law, a person acting on assignment of ITS records telephone conversations (incoming and outgoing) with call centers and lines (telephone numbers) intended for customer service. The recording of telephone conversations and the storage and processing of audio recordings (together with the personal data disclosed during the conversations) are carried out for the purposes of protecting the rights and legitimate interests of ITS and its partners. The ITS contractor shall keep the audio recordings for a period specified in the Privacy Policy of the relevant company making the recording. Recorded by persons acting on assignment of ITS telephone conversations (incoming and outgoing) with call centers and lines (telephone numbers), intended for servicing ITS clients, are stored for a period of 1 (one) month, as of the date of their conducting. For the above purposes, the recording is performed by technical means and systems without functionalities for automated processing of personal data (including biometric ones) of the subjects registered in them, as well as without those for deleting personal data of the subjects in the record or ensuring full identity of the entities in the record and the entities that would claim their right to receive a copy of this record, therefore, and in order to protect the rights of the subjects participating in the record, the prepared records are not provided to third parties, including those that cannot be identified as data subjects, except where there is another legal basis for doing so.

If we are legally bound or if it is necessary to protect our legitimate interests, we may also disclose certain personal data to public authorities.

We guarantee that access to your data by third party private law entity is performed according to legal provisions on data protection and confidentiality of information on the basis of contracts concluded with them. These categories of recipients are legally or contractually obliged to protect the confidentiality and security of any of your personal information and data. They may not use, disclose or modify this information in any way except for the purpose of performing the services we assign to them or if it is required by law.

To which countries do we transmit your personal data?

We currently store and process your personal data in Bulgaria. We do not transmit your personal data outside of the European Union.

However, some of your personal data may be transmitted to entities located within or outside the European Union, including in countries for which the European Commission has not recognized an adequate level of personal data protection.

We will always take measures to ensure that any international transmission of personal data is carefully conducted in order to protect your rights and interests. Data transfers to service providers and other third parties will always be protected by contractual obligations and, where appropriate, by other safeguards, such as standard contract terms issued by the European Commission or certification schemes, such as the Privacy Shelf of personal data transferred from the EU to the United States of America.

You may contact us at any time by using the contact details listed above to find out which countries we are transmitting your data to and what safeguards we apply in connection with these data transmissions.

How do we protect the security of your personal data?

We are committed to ensuring the security of personal data by implementing appropriate technical and organizational measures while complying with industry standards.

We store your data on secure servers by using the latest encryption algorithms and we ensure that the backups are stored.

To make payments, we use the payment processing service BORICA. All billing information is encrypted using SSL technology.

Despite the measures we apply to protect your personal data, we are aware that, in general, the transmission of information over the Internet or other public networks is not completely safe, with the risk that data may be reviewed and used by unauthorized third parties. We cannot take responsibility for these vulnerabilities of systems that are not under our control.

What are your rights?

The General Data Protection Regulation recognizes a number of rights in relation to your personal data. You may request access to your data, correction, deletion, limitation of processing, and/or raise objections to the processing of your personal data. You can also exercise your right to file a complaint to the competent supervisory authority or the court. As the case may be, you may also have the right to request the deletion of your personal data, the right to limit the processing of your data and the right to data portability.

More information on each of these rights can be obtained by looking at the information on all rights below.

Please consider the following if you wish to exercise these rights:

Identity. We are responsible for the confidentiality of all records containing personal data. For this reason, we ask that you send us your requests regarding these records using your e-mail address indicated in your profile at the Platforms of ITS. Otherwise, we reserve the right to verify your identity by requesting additional information to confirm your identity.

Fees. We will not charge a fee for the exercise of any rights with respect to your personal data except when your request for access to information is unreasonable, repeated or redundant, in which case we will charge a reasonable amount. We will inform you about any applicable fees before considering your request.

Deadline for reply. We plan to respond to all valid requests within one month, except when the request is particularly complex or if you have made more requests, in which case we will respond within a maximum of two months. We'll let you know if we'll need more than a month. We may ask you to tell us exactly what you want or what you worry about. This will help us to act faster and reduce the time to respond to your request.

Third-parties rights. We will not need to respond to a request if it affects the rights and freedoms of other data subjects in a negative way.

Right of access and right of rectification

You have the right to receive information about what personal data of yours are being processed, about the data source and the purposes of their use, and about the third parties’ recipients of the data. You are entitled at any time to request rectification of inaccurate or incomplete data.

Right of data erasure (“right to be forgotten”)

You are entitled to request the erasure of your personal data in specific circumstances: (i) personal data are no longer required for the purposes for which they were collected, (ii) the consent on which data processing is based is withdrawn and there are no legal grounds for further processing, (iii) the processing is unlawful, or (iv) the erasure is required for the purposes of fulfillment of a legal obligation, applicable to us. We may not comply with your request, as far as processing is necessary for other purposes, including due to a legal obligation.

You can contact us at the contact details listed above to get more information about deleting your personal data.

Right to object

You have the right to object to the processing of your personal data.

Right to restriction of processing

You may request the processing of personal data to be restricted if (i) you believe your personal data is inaccurate in order for us to verify its accuracy; or (ii) you consider the processing to be unlawful, but you do not want the data to be erased, or (iii) you have objected to data processing for the purposes of our legitimate interests, or (iv) you consider we no longer need your personal data, but you require them to establish, exercise or protect legal claims.

Right of consent withdrawal

If at any time you have given your consent to the processing of your personal data, you may withdraw this consent for future processing to which this consent refers.

You may withdraw at any time your consent to receive our commercial messages or information about our initiatives or projects by contacting us at the above contact details.

Please note that the withdrawal of consent does not affect the lawfulness of processing of your personal data on another valid legal basis and lawfulness of the processing on the basis of the consent given before withdrawal.

Right of data portability

In certain cases, you are entitled to receive your personal data you have provided to us in a structured, commonly used and machine-readable format, and you might request that we transmit this data directly to another processor when technically possible.

Right to lodge a complaint

If you believe that the processing of your personal data is unlawful, you have the right to lodge a complaint with the Personal Data Protection Commission: https://www.cpdp.bg/, having seat and registered address: 2, Prof Tsvetan Lazarov Blvd, 1592, Sofia, address for correspondence: 2, Prof Tsvetan Lazarov Blvd, 1592, Sofia, telephone: 02 915 3 518.

Contact us

We remind you that you can contact the Data Protection Officer at ITS at any time by sending your request to him/her by one of the following ways: by e-mail to info@vinetki.bg or support@tollpass.bg or by registered mail or courier to: office 6, Floor 4, EOS Center, 53B Nikola Y. Vaptsarov Blvd., Lozenets district, 1407, Sofia, Bulgaria - by writing the following text: to the attention of the Data Protection Officer at ITS. If you have any questions or complaints about our compliance with this Privacy Policy, or if you would like to make recommendations or comments about improving the quality of our Privacy Policy, please email us the abovе mentioned contact details.