Voidless as a Data Processor
In case you are a natural or legal person acting as a DATA CONTROLLER and interested in availing our services as a DATA PROCESSOR, kindly get in touch with us, and we will furnish you with our Data Processing Agreement.
It is essential to note that the overall procedure of how we handle personal data, such as the technical and organizational measures we implement to safeguard personal data, remains identical, irrespective of whether we are acting as a data controller or a data processor on behalf of a data controller.
As an organization established within the European Union, specifically Bulgaria, the primary privacy laws that apply to us in relation to your privacy are as follows:
Together, these laws are referred to as the "Data Protection Laws".
What is personal data?
The term "PERSONAL DATA" denotes any information that pertains to an identifiable individual or identifies you as an individual.
Even when it's not practical or feasible for us to utilize anonymous or anonymized data that doesn't identify any customers of our services or users of the site, we are still dedicated to safeguarding your privacy and securing your Personal Data.
We collect Personal Data through various means, both digitally, via the Site (either through your voluntary provision of specific data or automated means, or via third-party sources) and non-digitally (such as when you complete a physical form to avail one or more of our services).
Personal data that we process
We gather different categories of Personal Data about you, including:
On occasion, we may require additional Personal Data (such as when you are a current or potential client of our services via the Site, an app, or another platform) to ensure your secure identification or for some other legitimate reason.
Although many of the categories of Personal Data mentioned above are obtained directly from you (such as Your Contact Details and Registration Data), we may also gather Personal Data from other sources, including publicly accessible databases, social media platforms, joint marketing partners, and other third parties. In situations where we need to verify your Contact Details, we may also receive Personal Data about you from third parties. If we act as a data controller, we will comply with all legal requirements to inform you about the source and categories of Personal Data we collect and process. However, there are certain instances where we are legally prohibited from disclosing such activity to you (such as when conducting anti-money laundering due diligence).
Voidless processes Personal Data on behalf of one or more data controllers when acting as a data processor. In these instances, it is the data controller's responsibility to provide individuals with the relevant information. If there is any confusion about who the data controller is, please get in touch with us using the contact information provided below.
If you decide to link your social media accounts with our Site, allowing you to share Personal Data through social media platforms, we will receive certain categories of Personal Data associated with your social media account(s).
How and why we collect personal data?
In general, we do not collect any Personal Data that identifies you as an individual when acting as a data controller, unless you choose to provide it to us. This includes data such as Contact Details and Registration Data that you provide when registering on our Site (where available), when reaching out to us with inquiries related to our products and/or services, when subscribing to any service we offer through our Site (such as newsletters), or when subscribing to any promotions offered by us, our affiliates, or corporate partners.
We collect Personal Data only if it is necessary for us to provide you with the goods and/or services you have requested, if we are legally obligated to collect and maintain it for a specified period of time, or if we believe it is necessary for our legitimate business interests. We also implement various controls to ensure the protection of such data. For detailed information on why we process specific categories of Personal Data and the corresponding legal grounds for such processing, please refer to the section titled "Purpose of Processing" below.
Personal data relating to third parties
Purpose of processing
Below, we provide a clear and straightforward description of how we use your Personal Data and the legal grounds we rely on for doing so. Please refer to the section above for definitions of terms like "Contact Details" and "Registration Data" that we use in the tables below to describe various categories of Personal Data we collect about you.
Please note that if we rely on your consent for processing your Personal Data, you can withdraw it at any time. For more information on this, please see the Special Note on Consent section below.
Prospective clients and users of the website
|Reason to process||Data category||Legal basis|
|To establish and investigate any suspicious behaviour in order to protect Our business from any risk and fraud||Registration details such as name and address, and Contact details such as phone number and email address||Legitimate interest based on the need to detect and prevent fraud|
|To manage our relationship with you||Registration details such as name and address, and Contact details such as phone number and email address||Legitimate interest based on the need to maintain our relationship with you|
|To register users (directly or through third-party social signups)||Registration details such as name and address||Contractual necessity and legitimate interest based on the need to verify user identity and protect our business|
|To be able to provide you with marketing and promotional offers that you may have requested from us or that we may be authorized at law to provide to you||Marketing data such as your preferences and Tracking data such as your activity on our site||Consent or legitimate interests based on our need to provide you with relevant offers and our business interests|
|Subscribing to a newsletter or mailing list||Registration details such as name and address, and Contact details such as phone number and email address||Consent|
|Send you text messages and push notifications||Contact details such as phone number and Registration data such as your preferences||Contractual necessity or consent based on your communication preferences|
|Reason to process||Data category||Legal basis|
|Recording your responses to surveys, feedback requests, feature demonstrations, polls or discussions on our digital properties||Registration information|
|Maintaining accurate records on our systems||Registration information|
Legitimate interest (ensuring accurate records)
|Continuing to manage our relationship with you||Registration information|
Compliance with legal obligations
|Processing and managing payment transactions (where applicable)||Financial information||Contractual necessity|
|Providing you with some or all of our services||Registration information|
|Complying with legal and regulatory obligations||Registration information|
|Establishing and investigating suspicious behavior to protect our business from risk and fraud||Registration information|
|Legitimate interest (fraud prevention and detection)|
|Subscribing to our newsletter or mailing list||Registration information|
|Providing you with marketing material you requested from us or that we are authorized to provide by law||Marketing data|
|Consent (where necessary)|
Legitimate interest (where not necessary)
|Sending you text messages and push notifications||Contact information|
If in the future we need to process your data for a new purpose that is not related to the ones mentioned above, we will let you know about it beforehand. You have the right to exercise your relevant rights (explained below) regarding such processing. Please keep in mind that if we don't have access to certain personal data related to you, we might not be able to provide some or all of the services you expect from us, or ensure the full functionality of our site.
Special note on consent
To make it clear, we want to emphasize that in rare instances where we cannot or choose not to use another legal basis, we will process your Personal Data based on your consent. If we need your explicit consent, such as in the case of processing sensitive data like health or racial information for a credit application, we will ask for it clearly and directly.
As the data controller, we will never assume your consent and you have the right to withdraw it at any time. If you do decide to withdraw your consent, we will assess if there are any alternative legal bases available for processing your data and inform you accordingly.
Although you have the right to decline providing us with Personal Data, if it is necessary for us to provide the services you request, we may not be able to do so if we don't have that information (especially if consent is the only legal ground). Please note that consent is not the only legal basis we use for processing your Personal Data, as we explained in the preceding section.
Ensuring the correctness of personal information
We strive to maintain the accuracy of any Personal Data we have about you by making reasonable efforts to keep it up-to-date. You can verify and update the information we hold about you by accessing and editing your account information on the Voidless platform. Alternatively, you may contact us using the information provided below. If you discover any inaccuracies in your information, we will rectify them and delete them as needed.
We only send marketing-related mail, messages, and other communications when it is allowed by law. Generally, we rely on your consent, especially for electronic communications. If you no longer want to receive direct marketing communications from us, you can use the "unsubscribe" or "opt-out" link in the marketing emails we send you, update your preferences on our website or mobile apps, or contact us at the details provided below.
In the case of direct marketing sent through electronic communications, we will provide an easy way to opt-out of such communications if we are legally authorized to send them.
Please be aware that even if you withdraw your consent or object to receiving direct marketing material from us, we may still need to send you important communications that you cannot opt-out of.
Transfer to third countries
In general, we store and process the data we collect about you through our website, apps, or other means within the European Union/European Economic Area (EU/EEA) or in non-EEA countries that the European Commission has determined to have adequate data protection standards (also known as "white-listed" countries listed on our site).
However, in some cases, it may be necessary for us to transfer your personal data to a non-EEA country that the European Commission has not deemed to have adequate data protection standards. For instance, we may need to disclose your personal data to other payment processors located outside the EEA to facilitate your desired transaction.
In such cases, we take appropriate safeguards to protect your personal data and have implemented additional measures, such as ensuring that the recipient is bound by the EU Standard Contractual Clauses (EU Model Clauses), which are designed to protect your personal data as if it were an intra-EEA transfer. You can request a copy of these measures by contacting us using the information provided below.
Please note that the transmission of data through the Internet may involve crossing international borders, even when the sender and recipient are located in the same country. We cannot be held accountable for any actions or omissions performed by You or any third party in connection with any Personal Data prior to its receipt by Us, including any transfer of Personal Data from You to Us through a country with a lower level of data protection than that in place in the European Union, using any technological means (such as WhatsApp, Skype, Dropbox, etc.).
Furthermore, unless explicitly provided by Bulgarian law, We assume no responsibility or liability for the security of Your data during its transmission over the internet.
In the interest of full transparency, we reserve the right to disclose and process any relevant personal data pertaining to you that we may be processing to authorized third parties within or outside the EU/EEA, as permitted by the Data Protection Laws. This applies regardless of whether or not you have provided consent. These third parties may include but are not limited to:
Sharing of personal data with other categories of recipients
All authorised disclosures will comply with Data Protection laws and regulations. Our processors are contractually obliged to adhere to Data Protection Laws, including maintaining confidentiality of any information received and ensuring their personnel are also bound by similar obligations. They are also obligated to comply with Article 28 of the GDPR.
We will not share Your Personal Data with third parties for marketing purposes unless You have given Your consent.
A list of third parties with whom we may share or disclose Your Personal Data is available upon request.
We take the security of your personal information seriously, and it will be held securely in accordance with our internal security policy and the law. Our technical, physical, and managerial procedures are regularly reviewed and updated to safeguard the confidentiality of your data and protect it from unauthorized access, use, modification, destruction, or loss. We have implemented security policies, rules, and measures to ensure that the personal data we process is protected. All our staff and data processors are obligated to respect the confidentiality of your personal data and comply with the Data Protection Laws.
However, we cannot guarantee that data transmission or storage systems will always be 100% secure. We require authorized third parties and external service providers who may have access to your information to apply appropriate technical and organizational security measures to safeguard your data from unauthorized or accidental disclosure, loss, or destruction, and from any unlawful processing. These service providers are also bound by obligations under the Data Protection Laws, particularly Article 28 of the GDPR. If you have any questions about our security measures, please contact us as described below.
We will not keep your Personal Data for longer than necessary, considering the original purpose for which it was obtained. The duration of the necessary retention period depends on the specific relationship we have with you and the particular Personal Data involved.
Our usual approach is to identify any relevant EU or Maltese laws that permit or require us to retain certain Personal Data for a specific period of time. In such cases, we will keep the Personal Data for the maximum period required by the applicable law, such as ten years for accounting records.
We will also consider whether any laws or contractual provisions could be invoked against us by you or third parties and the time limits for such actions, which are typically five years. If we need to defend ourselves against any claims, challenges, or actions by you or third parties, we will keep any necessary Personal Data for as long as required.
If we no longer need your Personal Data, we will securely delete or anonymize it.
Processing for statistical reasons
We conduct research and gather statistics using User or client information solely for the purpose of understanding their needs and enhancing Our services and activities. Prior to conducting such research, We will obtain any legally required consent from You. Additionally, We will take all necessary measures to implement appropriate safeguards.
Links to third party sources
We clearly label links to third-party websites, but we do not take any responsibility for the content of those websites, including their privacy policies and data processing activities. We do not endorse these websites in any way. We recommend that you review the privacy policies of any third-party websites you visit.
Our Site and services are designed for users aged thirteen (13) and above, and we will not knowingly collect any Personal Data from individuals under that age. If you are under the age of consent, please seek permission from your parent or legal guardian before using Our Site and services.
In the event that We receive any Personal Data from individuals under the age of thirteen (13), We will assume that such data was provided with proper authorization and request that the sender demonstrate such authorization upon Our request.
IO Era Ltd. is a company registered in Bulgaria with company registration number 203683101 and whose registered office address is at ul. Iskar 72, 1738, Sofia, Bulgaria. For any queries or requests regarding privacy or the exercise of your individual rights, please feel free to contact us at the following email address: [email protected].