I. GENERAL INFORMATION

The platform "scoutaround.io" is owned by Scout Around Ltd., registered in the Commercial Register of the Republic of Bulgaria with UIC 205438905 with registered office and management address: Sofia p.k. 1408 Triaditsa district, Ivan Vazov, 1 "Yanko Zabunov" St.

Scout Around Ltd. is the Controller of your personal data within the meaning of art. 4 item 7 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and as such is responsible for the processing and storage of your data in a fair, transparent, and secure way, as required by the Regulation and national legislation.

The current policy is intended to inform you about all aspects of the processing of your personal data by the Company and the rights you have in relation to this processing.

Our contact details are:
Scout Around Ltd.
E-mail: privacy@scoutaround.io
Website: scoutaround.io

II. DEFINITION AND TYPES OF PERSONAL DATA

Pursuant to Article 4 of EU Regulation 2016/679, "personal data" means any information relating to an identified natural person or an identifiable natural person, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

We collect and process the following categories of personal data:

User data (email, name, etc.)
The data is collected for the purpose of: contacting the user and sending information to the user, registering the user on the website, emails with informational content and new locations, sending a response to an inquiry via the form on our website.

Customer data (names, phone, address, email address, type of legal registration, and registered office (where applicable), social media contacts, websites, statistics on your purchases, etc.)
The data is collected for the purpose of: fulfilling the platform's obligations under the property lease agreement for use, filming of films, television, and other types of creative productions. Creation and management of profiles for identification and facilitated communication.

Marketing data
Includes data relating to your preferences for receiving marketing information from us and third parties and your preferred method of communication. We process this data to enable us to provide you with relevant and personalised content and advertisements, and to understand the effectiveness of those advertisements accordingly.

Data regarding the rented-out location
The information may include the location’s address, square footage, etc. This data may not have explicit characteristics of “personal data” as per GDPR, but are collected regarding the functionality of the platform.

• Your IP address and the page from which you were referred to our website;
• Information about your stay on our website and the sections you have visited;
• Information about your browser and operating system;
• Other types of technical information as required by the technical requirements of the information system.

Confidential data
We do not collect confidential data relating to your racial or ethnic origin, political, religious, or philosophical beliefs, or trade union membership, genetic and biometric data, health data, or data about your sex life or sexual orientation.

Please note - where we are required to collect personal data by law or under the terms of a contract between us and you do not provide this data to us on request, we may not be able to perform the contract (provide you with a property to rent, or connect you with a respective renter). If you do not provide us with the requested data, we may have to cancel either providing the location you have requested or listing a provided location and you will be notified in due course.

III. PURPOSES OF DATA PROCESSING

We collect and process the personal data you provide to us in connection with your use of the scoutaround.io platform and the conclusion of a contract, including for the following purposes:

• Creating an account and administering it on the platform
• Business development and marketing strategy
• Individualization of the contracting party
• Accounting and statistical purposes
• Information security protection
• Record keeping and prosecuting or defending legal claims
• Sending newsletters and emails with special offers (subject to your consent)
• Answering queries made via the feedback form on the online platform

Additionally, in accordance with the law while carrying out its activity Scout Around Ltd.. may process and store personal data in order to protect the following legitimate interests:

• Performance of its obligations to the National Revenue Agency, the Ministry of the Interior and other state and municipal authorities in the Republic of Bulgaria and the European Union.

When you visit the website and click on the button "I declare that I have read and accept the Terms and Conditions and the Privacy Policy", you give your consent for us to collect and process your personal data in accordance with this policy and current legislation.

IV. STORAGE PERIOD

Personal data is retained for the purpose of communication with users or until a written request for deletion of personal data is provided. Otherwise, your personal data shall be kept for a period not exceeding six months from the achievement of the purposes of their processing.

V. LEGAL BASIS FOR PERSONAL DATA PROCESSING

We collect your data:

• On a contractual basis
• When you have given your consent to their processing (Art. 6(1)(a) of the Regulation)
• If duly requested to do so by a competent governmental or judicial authority
• In performance of our obligations to maintain the Website
• To comply with a legal obligation
• For the purposes of the legitimate interests of the Controller or of a third party

VI. PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA

The Controller guarantees that your personal data shall be:

• (a) Processed lawfully, fairly, and in a transparent manner in relation to the data subject (‘lawfulness, fairness, and transparency’);
• (b) Collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes shall, in accordance with Article 89(1) of the Regulation, not be considered to be incompatible with the initial purposes (‘purpose limitation’);
• (c) Adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed (‘data minimization’);
• (d) Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
• (e) Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes in accordance with Article 89(1) of the Regulation, subject to implementation of the appropriate technical and organizational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);
• (f) Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures (‘integrity and confidentiality’).

VII. TECHNICAL SECURITY REGARDING THE PROTECTION OF PERSONAL DATA

The Controller has implemented all technical and organizational measures necessary for the processing and protection of personal data in accordance with EU Regulation 2016/679 and applicable Bulgarian law.

The measures taken correspond to the specific risks associated with the processing and storage of the personal data provided. Organizational and technical safeguards are in place to protect your data from loss, alteration, theft or unauthorized access by third parties.

VIII. OTHER PERSONS RECEIVING YOUR DATA

In certain cases, the Controller may disclose certain personal data to partners or subcontractors who work with the Controller, through the provision of services related to the Controller's activities or assist the Controller in its activities.

The Controller may disclose your personal data to third parties, including such third parties located outside the European Union, subject to the requirements of the Regulation, such as:

• Third parties with whom the Controller has a contractual relationship for the use of Virtual Private Servers (VPS) and providers of server and cloud services related to the maintenance of the Website;
• Third parties providing services to improve the advertising targeting of the Controller's services;
• Generally recognized service providers that have publicly declared compliance with GDPR and e-privacy policies, such as Google and Facebook. Consent also includes the placement and use of marking unique depersonalized identifiers, including with the use of cookies, localStorage, or other appropriate generally accepted web technology;
• Third parties providing services to the Controller, such as accountants, auditors, lawyers, notaries, advertising and PR agencies, or companies engaged in data system administration.

The Controller will share personal data with third parties only after explicitly securing the technical and legal mechanisms under which the processing of the shared personal data will take place in accordance with the requirements of Regulation 679/2016 and Bulgarian legislation.

Third parties and partners of the Provider undertake to take all actions to ensure the legitimate processing of personal data in accordance with the privacy requirements set out in this Policy.

IX. YOUR DATA PROTECTION RIGHTS

At your request, you have the right to access the personal data stored about you. You also have the right to request a copy of the personal data undergoing processing.

You have the right to request the rectification of incorrect, inaccurate, or incomplete personal data. Depending on the purposes of the processing, you may have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

You have the right to request that personal data be deleted when it is no longer needed or if its processing is unlawful. Please note that Article 17 of the Regulation outlines the cases in which we are obliged to delete your data. We may be obliged to retain your data, even if deletion is required (for example, to comply with a legal obligation that requires processing under Union or Bulgarian law).

Under certain circumstances, you may have the right to ask us for the restriction of processing your personal data. For example, you can exercise this right when we no longer need your personal data for processing purposes, but at the same time we need to store it in our systems so that we can use it in situations such as exercising rights or defending claims.

In certain circumstances, you may have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format (i.e. in digital form) and you may have the right to request the transmission of this data to another person without hindrance from us if such transmission is technically feasible.

In certain circumstances, you may have the right to object to the processing of your personal data and we may be obliged not to process it in the future. You can exercise this right, for example, if we use your email address for direct marketing purposes – in which case, once you object, we will no longer be able to send you marketing materials.

Where the processing of your personal data is based on your consent, you may withdraw your consent at any time without giving any reason to us. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

To exercise your rights, you can contact us by writing to privacy@scoutaround.io. We will respond to your questions and requests without undue delay and within 1 month at the latest. You may be asked to provide information to confirm your identity in order to exercise your rights.

If for any reason you are not satisfied with our handling of your personal data, we ask you to first inform us so that we can understand what causes the problem and try to resolve it. We will carefully consider your request and answer all your questions. If you believe that you have not received adequate assistance from Information Security and Project Management Academy or that there has been a violation of your rights, you have the right to file a complaint with a supervisory authority. This body in the Republic of Bulgaria is:

Commission for Personal Data Protection:
Address: Sofia 1592, bul. "Prof. Tsvetan Lazarov" No 2
Phone: 02/915 35 18
E-mail: kzld@cpdp.bg
Website: www.cpdp.bg

X. PRIVACY POLICY UPDATE

In order to keep this Privacy Policy up to date, it may be changed in whole or in part at any time without special notice, in which case your consent to the policy will be deemed to be given for any subsequent amendment unless you expressly withdraw your consent to it.

Please check this Policy periodically for updates and the date of the last update will be indicated.

The current policy was adopted on 26.09.2024 and its latest amendment was published on 26.09.2024.