PRIVACY POLICY OF THE MAGI PLATFORM
Последна актуализация: [DATE]
Версия: 1.0
1. WHO WE ARE
[COMPANY NAME] EOOD, UIC [UIC], with registered office and management address: [ADDRESS] (“Magi”, “we”, “us”), is a personal data controller within the meaning of Regulation (EU) 2016/679 (GDPR) with regard to the data of its users.
For contact regarding personal data issues:
Имейл: [GDPR CONTACT EMAIL]
Адрес: [COMPANY ADDRESS]
2. WHAT DATA WE COLLECT AND WHY
2.1. Данни при регистрация
| Данни | Purpose | Правно основание |
|---|---|---|
| Пълни имена на потребителя | Identification and communication | Изпълнение на договор |
| Имейл адрес | Достъп до акаунт, известия | Изпълнение на договор |
| Наименование на организацията | Linking the account to the law firm | Изпълнение на договор |
| ЕИК на организацията | Invoicing and verification | Правно задължение |
2.2. Data upon payment
Payments are processed entirely by Stripe, Inc. Magi does not store any bank card data. We only receive confirmation of the transaction and an identifier from Stripe.
For information on how Stripe processes data: stripe.com/privacy
2.3. Данни при ползване на платформата
| Данни | Purpose | Правно основание |
|---|---|---|
| Качени счетоводни файлове | Генериране на SAF-T | Изпълнение на договор |
| Конфигурирани мапирания на кодове | Запазване на настройки | Изпълнение на договор |
| Генерирани SAF-T файлове | Access to history | Изпълнение на договор |
| Логове на активност | Security and diagnostics | Легитимен интерес |
| IP address and browser | Сигурност на акаунта | Легитимен интерес |
2.4. Данни в качени файлове
The accounting files uploaded by the User may contain personal data of third parties — employees, counterparties, natural persons. In such cases, Magi acts as a data processor, not as a controller. These relationships are governed by the Data Processing Agreement (DPA).
2.5. Cookies
Information about the cookies we use is available in our separate Политика за бисквитки.
3. HOW WE STORE THE DATA
3.1. Data is stored on servers hosted by [HOSTING PROVIDER NAME], located in [COUNTRY/REGION — e.g. Germany, EU].
3.2. We apply the following technical security measures:
- Encryption of data in transit (TLS/HTTPS)
- Encryption of data at rest
- Restricted access to data only by authorized personnel
- Regular backups
3.3. In the event of a suspected security breach, Magi undertakes to notify the affected users and the CPDP within 72 hours of its discovery.
4. HOW LONG WE KEEP THE DATA
| Категория данни | Период на съхранение |
|---|---|
| Данни за акаунта | Until termination + 30 days |
| Качени счетоводни файлове | Until termination + 30 days |
| Генерирани SAF-T файлове | Until termination + 30 days |
| Данни за плащания и фактури | 5 years (legal obligation) |
| Дневници за сигурност | [X] месеца |
| Бисквитки | In accordance with the Cookie Policy |
4.1. Upon expiry of the retention period, the data is irreversibly deleted or anonymized.
4.2. The user may request early deletion of their data — see section 6.
5. DO WE SHARE DATA WITH THIRD PARTIES
Magi does not sell or disclose personal data to third parties for marketing purposes.
Data may be shared only with:
| Recipient | Purpose | Държава |
|---|---|---|
| Stripe, Inc. | Обработка на плащания | USA (with appropriate safeguards) |
| [HOSTING PROVIDER NAME] | Hosting of the platform | [COUNTRY] |
| [EMAIL PROVIDER NAME] | Транзакционни имейли | [COUNTRY] |
5.1. When transferring data outside the EU, Magi ensures the existence of appropriate protection mechanisms in accordance with the GDPR (standard contractual clauses or adequacy decision).
5.2. Data may be disclosed to competent authorities only when there is a legal obligation.
6. YOUR RIGHTS
Under the GDPR, you have the following rights regarding your personal data:
| Right | Какво означава това |
|---|---|
| Право на достъп | To receive a copy of the data we process about you |
| Право на коригиране | To correct inaccurate or incomplete data |
| Право на изтриване | To request the deletion of your data (“right to be forgotten”) |
| Право на ограничаване | To restrict processing in certain cases |
| Right to data portability | To receive your data in a machine-readable format |
| Right to object | To object to processing based on legitimate interest |
| Right to withdraw consent | Where processing is based on consent |
6.1. Requests should be sent to: [GDPR CONTACT EMAIL]
6.2. We respond within 30 days from receipt of the request.
6.3. If you believe your rights have been violated, you have the right to lodge a complaint with the Commission for Personal Data Protection (CPDP):
- Уебсайт: kzld.bg
- Address: Sofia, 2 Prof. Tsvetan Lazarov Blvd.
- Имейл: kzld@cpdp.bg
7. CHILDREN
The Magi platform is intended exclusively for professional use by adults. We do not knowingly collect personal data of persons under 18 years of age.
8. CHANGES TO THE POLICY
8.1. Magi may update this Policy in the event of changes in legislation or in the way data is processed.
8.2. In case of material changes, we will notify users by email at least 30 days before they take effect.
8.3. The current version of the Policy is always available at [URL към Политика за поверителност].
9. CONTACT US
For all questions related to the processing of personal data:
- Имейл: [GDPR CONTACT EMAIL]
- Адрес: [COMPANY ADDRESS]
- Working hours: [WORKING HOURS]
This Privacy Policy has been prepared as a working draft and should be reviewed and finalized by a licensed attorney before publication.