Navbul.com > Home
GDPR Privacy Notice

Your privacy is important for us. This Privacy Notice explains Navigation Maritime Bulgare JSC (the "Navibulgar") policies and practices regarding its collection and use of your personal data, and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Notice as we undertake new personal data practices or adopt new privacy policies. Please read this Privacy Notice carefully.

This section provides a brief summary. To find out more, please click the link “learn more” on the bottom on the left side of a particular section.


Navibulgar is a company organized and existing under the laws of the Republic of Bulgaria under registration number 103002674. Our registered office is at 1 Primorski Blvd., Odesos District, 9000 Varna, Bulgaria. Your personal data may be shared with associated entities as necessary and appropriate, under the condition that appropriate measures are put in place.
If you have any questions about this Privacy Notice, or if you want to exercise your rights, please contact Navibulgar’s Data Protection Officer, at any time:

  • By email: dpo@navbul.com;
  • By telephone: +359 52 683 292;
  • By post: 1 Primorski Blvd., Odesos District, 9000 Varna, Bulgaria


"Personal data" in this Privacy Notice has the same meaning as in the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) ("GDPR"). In summary, it means information that identifies you, whether directly or indirectly (combined with other data likely to come into our possession), including for example your name, gender, address, email address, phone number, date of birth, provided by you to us or received by us from other sources, online identifiers etc.
We collect and use personal data in order to carry out our main business activities (carriage of goods by sea) as well as other supporting activities. Our purposes and lawful grounds for processing your personal data vary, depending on our relationship with you and on the activity in question. The information we collect and use is limited to what is necessary in relation to the purposes for which your data are processed with minimum intrusion.
The personal data of employees that we collect and use, the lawful grands and purposes for collecting and using such personal data is available in the Navibulagr’s SQMS.
If you are our client or supplier we usually process the following kinds of personal information if you provide it to us, or if your company provides it to us:

  1. Information about you, including your name, job title, address, email and other contact details;
  2. Information about the company you are associated with;
  3. Information you provide to us during communications you have with us and with our staff, for example comments or queries about a particular service or supply.

You may contact our Data Protection Officer at email: dpo@navbul.com in order to receive full information what personal data, related to you we process.
You can find out more information on this by clicking below.

Learn more (What we collect and how we use it) - Information for Business contacts
What we collect and how we use it
BUSINESS CONTACTS
We process some personal data of individuals who are not our clients/contracting parties and do not work for such organisations, but with whom we would like to do business and to develop our business relationship.
  1. Types of personal data we process
    The type of personal data we collect and process usually include the below listed information:
    Identity Data: First name, given name, last name, gender;
    Contact Details: Business address, home address (if you do not work for organisation), telephone, fax number, mobile phone number, email addresses and other contact details as appropriate, communication preferences;
    Employment Information: Organisation name, position/title, professional specialism, qualification, employment history;
    Service Data: Details about services and products you or your organisation have requested or which we have provided to you or to your organisation in the past (if any);
    Preferences and requirements (for participant in business events): food preferences including due to ethnic origin, religious beliefs or health problems, food, allergies disability), accommodation preferences (if we are assisting you to find a suitable stay), transportation preferences and others.
    Other information: Information we receive during the course of communication with you or your organisation (for instance your personal opinions, advices).
    Processing of 'special category' data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation) related our business contacts is not necessary for most of our purposes. Please do not share with us such data unless you participate in an event organized by us.

  2. How is your personal information collected?
    This information is either (a) provided by you, (b) provided by your organisation, (c) obtained from third parties (for instance brokers, managers, your service providers), (d) obtained from public sources (public registers, information available from searching the internet or on business networking sites), (e) created by us in the course of our communication with you.

  3. Purposes and lawful grounds for processing your personal data
    We need to collect and hold information about you for the following purposes:
    • To communicate with you/contact you for the purposes of discussing rendering of services/supply of goods (or others) which may be of interest for you/your organisation in the future;
    • To make suggestions and recommendations to you/your organisation about the services/goods that we offer and to send you market and industry specific information and reports;
    • To respond to your inquiries, requests and other questions or complaints;
    • To update our records and keep personal data up to date;
    • To provide you with suitable food and refreshment and to ensure your comfort (access to premises) and pleasant stay.

    We rely on the following legal bases to use your personal data:

    • Where it is in our legitimate interests to do so, such as: to conduct our core business activity (carriage of goods by sea) and supporting activities; to improve the operation of our business and business development practices; to develop new products and services and to improve existing products and services; to develop business relationships;
    • Where the processing is necessary for the purposes of your/your organisation/third parties legitimate interests: to conduct a business;
    • We may process personal data also with your consent;
    • Special categories of data may be processed on the basis of your explicit consent, where it is necessary to protect your or other individual vital interests where you are physically or legally incapable of giving consent, where you have made them public or for establishment, exercise or defence of legal claims.

    Where necessary or required we share information with:

    • Your organisation;
    • Owners of vessels managed by us;
    • Professional advisors and consultants;
    • Local and central governmental authorities;
    • Regulatory authorities;
    • Events service providers (staff, premises, catering providers, security staff).

    If we send you marketing messages (for instance invitations to meetings or marketing events) which we may do for the purposes of finding out which service/product will be relevant to you may at any time request us to stop doing that by contacting our Data Protection Officer at: dpo@navbul.com without you/your organisation suffering any negative consequences.


Learn more (What we collect and how we use it) - Information for Clients
What we collect and how we use it
CHARTERERS, CLIENTS AND OTHER CONTRACTING PARTIES
We process personal data of individuals who works for charterers, brokers, lessees, vessels owners (when we render agency services) and contracting entities to which we render services or deliver goods (current and past), for their directors, shareholders and ultimate beneficial owners and for the contracting parties if they are individuals. We may not be able to provide you/your organisation with specific service or product if we do not have enough information.
  1. Types of personal data we process
    The type of personal data we collect and process may include some or all of the below listed depending on our relationships with you:
    Identity Data: First name, given name, last name, gender, date of birth/personal number, passport/i.d. card number and title of contract signatory, in some circumstances identification documents, identity numbers and other identity information (for instance for crew members visiting Bulgarian ports);
    Contact Details: Business address, home address (if the contracting party is an individual), telephone, fax number, mobile phone number, email addresses and other contact details as appropriate, communication preferences;
    Employment Information: Organisation name, position/title, rank (for crew members), professional specialism, qualification, employment history;
    Service Data: Details about services and products you or your organisation have requested or which we have provided to you or to your organisation;
    Financial Data: Where the contracting party is an individual: bank details; transactions history and other as appropriate;
    Other information: Information we receive during the course of our provision of services, existence of our contractual relationships with you or your organisation (for instance your personal opinions, advices, tax residency).
    We usually do not process 'special category' data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation) related to charterers, clients and other contracting parties or their employees. In limited circumstances where we provide agency services we may have access to medical information of organisation’s employees (for instance when request is made for assistance a crew member to visit a doctor, if a crew member need hospitalization or repatriation on medical grounds). In such circumstances the particular organisation that provide us with the medical information should ensure that the latest is processed and shared with us in accordance with the requirements of the GDPR.

  2. How is your personal information collected?
    This information is either (a) provided by you, (b) provided by your organisation, (c) obtained from third parties (for instance brokers, managers, your service providers), (d) obtained from public sources (public registers, information available from searching the internet or on business networking sites) or (e) created by us in the course of your/your organisation relationships with us.

  3. Purposes and lawful grounds for processing your personal data
    We need to collect and hold information about you for the following purposes:
    • To communicate with you for the purposes of discussing rendering of services/supply of goods (or others) to you/your organisation;
    • To confirm your identity for providing some services;
    • For Assessing an application for a product or service, including considering whether or not to offer you the product or service, the price, the risk of doing so, availability of payment method and the terms;
    • To enter into contract with you/your organisation, to provide services/goods to you or your organisation, to manage the service/product you/your organisation has with us;
    • To respond to your inquiries, requests, complaints, claims and others;
    • To analyse our business trends and profiles and to receive feedback form our clients;
    • To process financial transactions (to receive payments and check if payments from you or your organisation are made);
    • To enable our group members to carry out any of the purposes set out above, to enable third parties to carry out any of the purposes set out above on our behalf or to enable provision of services of third parties appointed by you/your organisation;
    • To update our records and for audit purposes;
    • To comply with legal and regulatory obligations, requirements and guidance;
    • To comply with legal obligations and obligations toward third parties on money laundering, terrorist financing, anti-bribery and corruption, to check if you/your organisation/shareholders/ultimate beneficial owners, directors or other persons related to your organisation are included in the list of persons, groups and entities subject to financial sanctions imposed by EU/ USA, other countries or organisations;
    • To make suggestions and recommendations to you/your organisation about the services/goods that we offer and to send you market and industry specific information and reports;
    • To take legal steps against you or your organisation or protect ourselves/ vessels owners against claims raised by you/your organisation.

    We rely on the following legal bases to use your personal data:

    • Where it is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
    • Where it is in our legitimate interests to do so, such as: to conduct our core business activity (carriage of goods by sea), supporting activities, to provide agency services or to comply with our contractual obligations as managers; to perform and/or test the performance of, our products, services and internal processes; for management and audit of our business operations including accounting; for establishment, exercise or defence of legal claims and other claims; to exercise our rights under a contract concluded with you/your organisation; where we need to share your personal information with people or organisations in order to run our business or comply with any legal and/or regulatory obligations; to improve the operation of our business and that of our business partners; to develop new products and services and to improve existing products and services;
    • Where the processing is necessary for the purposes of your/your organisation/third parties legitimate interests: to conduct a business (for instance when you/your organisation have appointed third party to do something on your/its behalf or we process your data for the purposes of enabling vessels owner or a group member to conduct their business);
    • Where the processing is necessary for complying with our legal obligations;
    • We may process personal data also with data subject consent or explicit consent.

    Where necessary or required we share information with:

    • Your organisation;
    • Owners of vessels managed by us;
    • Professional advisors and consultants;
    • Auditors;
    • Debt collectors;
    • Service providers used by us or vessels owners or used by you/your organisation;
    • Local and central governmental authorities (including port authorities, customs and maritime administrations, border authorities);
    • Regulatory authorities;
    • Courts, tribunals and arbitrators;
    • Legal representatives, defence solicitors;
    • Survey organisations;
    • Insurers and P&I clubs.

    We usually do not use your Personal Data (Identity and Contact and Service Data) for direct marketing but if we send you marketing message (for instance invitations to meetings or marketing events) you may at any time request us to stop doing that by contacting our Data protection Officer at dpo@navbul.com without you/your organisation suffering any negative consequences.
    Please note that if your data may be transferred to third countries for which there is no decision of the European Commission for availability of an adequate level of protection. For more information please read the section (‘Transfers to countries without ‘adequate level’ of protection’).

Learn more (What we collect and how we use it) - Information for Suppliers
What we collect and how we use it
SUPPLIERS AND SERVICE PROVIDERS AND THEIR PERSONNEL
We use suppliers and service providers for different purposes (provision of goods and services to our vessels/vessels managed by us, repair and maintenance services, provision of facilities services in our offices, organization of events, rendering of agency and other services and others). We process personal data of individuals who works for such suppliers and service providers and are involved in negotiating or providing of services/goods, for their directors (legal representatives), shareholders, beneficial owners, professional advisors and for the suppliers/service providers if they are individuals.
  1. Types of personal data we process
    The type of personal data we collect and process may include some or all of the below listed depending on the type of services/goods and where they are intended to be carried out/delivered and the particular circumstances:
    Identity Data: First name, given name, last name, gender, date of birth/personal number, passport/i.d. card number and title of contract signatory, in some circumstances (when the services or goods are delivered to vessels/our offices) identification documents, identity numbers, and other identity information collected for visitors (please check the section with the information we collect for visitors to our premises and our vessels);
    Contact Details: Business address, home address (if the supplier/service provider is an individual), telephone, fax number, mobile phone number, email addresses and other contact details as appropriate, communication preferences;
    Employment and Qualification Information: Organisation name, position/title, professional specialism, qualification, certificates and licences (if we require specific services for instance asset evaluation, repair), references, employment history;
    Service Data: Details about services and products we have requested form you or your organisation, or which you or your organization have provided, performance information;
    Financial Data: Where a supplier/service provider is an individual: bank details, information about his/her income and other as appropriate;
    Other information: Information we receive during the course of your provision of services/supply of goods (for instance your personal opinions, advices, insurance information, tax residency etc.).
    We usually do not process 'special category' data (personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation) related to our suppliers/service providers or their employees unless some of the exceptions of Art. 9 (2) of the GDPR applies. Medical information shall be requested and processed for the assessment of the working capacity when the service provider/personnel of service provider shall carry out services on board a vessel. Medical information, as well as food preferences due to ethnic origin, religious beliefs, health problems, food allergies (see the section Information for visitors to our premises and to vessels) can be processed also on the following lawful basis: your explicit consent, fulfillment of obligations and exercising specific rights in the field of employment and social security and social protection law, protection of the vital interests of an individual, establishment, exercise or defense of legal claims and publicity of the data.

  2. How is your personal information collected?
    The information is either (a) provided by you, (b) provided by your organization, (c) obtained from third parties, (d) obtained from public sources (public registers, information available from searching the internet or on business networking sites) (e) created by us in the course of your/your organisation activities for us or thereafter.

  3. Purposes and lawful grounds for processing your personal data
    We need to collect and hold information about you for the following purposes:
    • To asssess your suitability/or your organisation suitability to provide the service/supply goods;
    • To appoint you/your organisation to render services for us or for vessels managed by us, to communicate with you, to ensure that the services are carried out/products are delivered to our/owners satisfaction;
    • To process financial transactions (to make payments and/or receive payments from you or your organization), to make tax deductions and social security contributions (if applicable);
    • To comply with legal and regulatory obligations, requirements and guidance;
    • To provide you or your organisation with references or recommendations;
    • To update our records and for audit purposes;
    • To comply with legal obligations and obligations toward third parties on money laundering, terrorist financing, anti-bribery and corruption, to check if you/your organisation/shareholders/ultimate beneficial owners, directors or other persons related to your organisation are included in the list of persons, groups and entities subject to financial sanctions by EU/ USA, other countries or organisations;
    • To provide you with suitable food and refreshments;
    • To make complaint, to enforce any warranty granted, to take legal steps against you or your organization or protect ourselves/ vessels owners against claims raised by you/your organisation.

    We rely on the following legal bases to use your personal data:

    • Where it is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract (for instance when you need to pay you the agreed fee for the services provided by you);
    • Where it is in our legitimate interests to do so, such as: to appoint suitable supplier/service providers to help us to conduct our business or to fulfill our obligations as managers; to conduct our business (carriage of goods by sea), supporting activities or to comply with our contractual obligations as managers; for management and audit of our business operations including accounting; for establishment, exercise or defence of legal claims and other claims; to exercise our rights under a contract concluded with you/your organisation (for instance to make complaint within the warranty period, to request appointment of surveyor); to evaluate your performance for our business purposes;
    • Where the processing is necessary for the purposes of your/your organisation legitimate interests: to conduct a business (when we process your personal data for the purposes of providing you/your organisation with references);
    • Where the processing is necessary for complying with our legal obligations.

    We may process your personal data also with your consent or explicit consent.



    Where necessary or required we share information with:

    • Your organisation;
    • Owners of vessels managed by us;
    • Professional advisors and consultants;
    • Auditors;
    • Debt collectors;
    • Service providers used by us or vessel’s owners;
    • Local and central governmental authorities (including port authorities, customs and maritime administrations);
    • Regulatory authorities;
    • Courts, tribunals and arbitrators;
    • Legal representatives, defence solicitors;
    • Survey organisations;
    • Insurers.

    Please note that if you carry out services/supply goods on vessel/s your data may be transferred to third countries for which there is no decision of the European Commission for availability of an adequate level of protection. For more information please read the section ("Transfers to countries without 'adequate level' of protection").


Learn more (What we collect and how we use it) - Information for visitors
What we collect and how we use it
VISITORS TO OUR OFFICES
We process the following categories of personal data for visitors to our premises.
  1. Types of personal data we process
    We may collect and process the following categories of personal data, as applicable:
    Identity Data: First name, given name, last name, date of birth, identity number, passport/i.d card data;
    CCTV, HDCVI and IP images;
    Preferences and requirements: food preferences, health data (for instance disability);
    Other information: Information we receive during the course of your visit.

  2. How is your personal information collected?
    This information is either (a) provided by you, (b) provided by your organisation, (c) obtained from public sources (information available from searching the internet or on business networking sites) or (d) obtained from the CCTV, HDCVI and IP cameras in/around our offices.

  3. Purposes and lawful grounds for processing your personal data
    We need to collect and hold information about you for the following purposes:
    • To ensure the security of our buildings, to prevent and detect crimes, terrorism and damages on our property;
    • To comply with our safety procedures and to be able to react in the event of emergency;
    • To confirm your location;
    • To provide you with food, refreshment and for ensuring access and your comfort during your visit;

    We rely on the following legal bases to use your personal data:

    • Where it is in our legitimate/third party interests to do so, such as: to protect our property, to keep our employees and business and the employees and business of our lessees safe, to keep you and other persons in the building safe and to protect them from crimes, damages and intrusions; to develop our business relationships with our clients, suppliers/service providers, business contacts and others;
    • Where it is necessary for protection of your or third party’s vital interest;
    • Where we need to comply with legal obligation to which we are subject;
    • We may process personal data also with your consent.
    • Special categories of data (food preferences due to religious beliefs or ethnical origin or due to health problems, food allergies, disability) may be processed on the basis of your explicit consent, where it is necessary to protect your or other individual vital interests where you are physically or legally incapable of giving consent or where you have made them public or for establishment, exercise or defence of legal claims.

    Where necessary or required we share information with:

    • Your organisation;
    • Professional advisors and consultants;
    • Local and central governmental authorities (including law enforcement authorities);
    • Ambulance, fire and civil protection services;
    • Catering services and other service providers;
    • Insurers;
    • Regulatory authorities.


VISITORS TO VESSELS
We process the following categories of personal data for visitors to vessels:
  1. Types of personal data we process
    We may collect and process the following categories of personal data, as applicable:
    Identity Data: First name, given name, last name, passport/i.d card data (if applicable);
    Employment Information: Organisation name, position/title;
    Preferences and requirements: food preferences;
    Other information: Information we receive during the course of your visit (for instance availability of protective aids and clothing).

  2. How is your personal information collected?
    This information is either (a) provided by you, (b) provided by your organisation or (c) obtained from public sources (information available from searching the internet or on business networking sites).

  3. Purposes and lawful grounds for processing your personal data
    We need to collect and hold information about you for the following purposes:
    • To prevent and detect crimes, terrorism and damages on the vessel, our and third parties property and environment;
    • To prevent incidents and to protect your life and health and life and health of other persons on board;
    • To comply with our safety and security procedures and to be able to react in the event of emergency;
    • To confirm your location;
    • To provide you with food, refreshment;

    We rely on the following legal bases to use your personal data:

    • Where it is in our legitimate/third party interests to do so, such as: to protect the vessel, the cargo, our and third parties property, and our and third parties business safe, to keep you and other persons on board safe and to protect you and them from crimes, damages, intrusions and incidents;
    • Where it is necessary for protection of your or third party’s vital interest;
    • Where we need to comply with legal obligation to which we are subject;
    • We may process personal data also with your consent.
    • Special categories of data (for instance food preferences due to religious beliefs or ethnical origin or due to health problems, food allergies and others) may be processed on the basis of your explicit consent, where it is necessary to protect your or other individual vital interests where you are physically or legally incapable of giving consent, where you have made them public or for establishment, exercise or defence of legal claims.

    Where necessary or required we share information with:

    • Your organisation;
    • Professional advisors and consultants;
    • Local and central governmental authorities (including law enforcement authorities);
    • Ambulance, fire and civil protection services;
    • Insurance companies and P&I Clubs;
    • Regulatory authorities.


Learn more (What we collect and how we use it) - Information for lessees
What we collect and how we use it
LESSEES AND THEIR EMPLOYEES
We process the following categories of personal data for lessees of our offices and their employees.
  1. Types of personal data we process
    We may collect and process the following categories of personal data, as applicable:
    Identity Data: First name, given name, last name, date of birth, identity number, passport/i.d card data;
    CCTV, HDCVI and IP images;
    Photographic image;
    Requirements: health data (for instance disability);
    Other information: Information we receive during the course of your use of our premises.

  2. How is your personal information collected?
    This information is either (a) provided by you, (b) provided by your organisation, (c) obtained from the CCTV, HDCVI and IP cameras in/around our offices, or (d) created by us in the course of your/your organisation use of our premises.

  3. Purposes and lawful grounds for processing your personal data
    We need to collect and hold information about you for the following purposes:
    • To ensure the security of our buildings, to prevent and detect crimes, terrorism and damages on our property;
    • To provide you with access pass for our building/s;
    • To comply with our safety procedures and to be able to react in the event of emergency;
    • To confirm your location;
    • For ensuring your access to our premises (in case of disability);

    We rely on the following legal bases to use your personal data:

    • Where it is in our legitimate/third party interests to do so, such as: to protect our property, to keep our employees and business and the employees and business of our lessees safe, to keep you and other persons in the building safe and to protect them from crimes, damages and intrusions;
    • Where it is necessary for protection of your or third party’s vital interest;
    • Where we need to comply with legal obligation to which we are subject;
    • We may process personal data also with your consent;
    • Special categories of data (disability) may be processed on the basis of your explicit consent, where it is necessary to protect your or other individual vital interests where you are physically or legally incapable of giving consent, where you have made them public or for establishment, exercise or defence of legal claims.

    Where necessary or required we share information with:

    • Your organisation;
    • Professional advisors and consultants;
    • Local and central governmental authorities (including law enforcement authorities);
    • Ambulance, fire and civil protection services;
    • Service providers;
    • Insurers;
    • Regulatory authorities.


We may share your personal data with companies within Navibulgar’s group and with companies controlling Navibulgar and with service providers. We also share data with business partners (for example, financial services institutions, insurers), account beneficiaries, courier companies, notaries, or others who are a part of providing you with products and services/receiving products and services form you or operating our business. We disclose data to governmental and regulatory bodies such as National Revenue Agency, National Social Security Institute, Commission for personal data protection, Maritime Administrations, Port Authorities, when required by law applicable to us or to respond or establish a claim. We share personal information with other organizations and businesses who provide services to us such as debt collectors, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions. We may share personal data also with market research organizations who help us to develop and improve our services. Personal data may be disclosed as part of a corporate transaction such as a merger or sale of assets. Your personal data may be disclose also with your consent, when allowed by law or for protecting or in order protect lives, vital interests, rights or property of Navibulgar or third parties.
The personal data we collect may be transferred to third countries, international organisations or territories outside the EU and European Economic Area ("EEA") (EU countries, Norway, Island and Lichtenstein) for which the European Commission has determined that they offer an adequate level of protection of the personal data. Transfers of personal data to that third country or international organization may take place without the need to obtain any further authorisation. The up-to date list of countries, territories, sectors and international organizations recognized by the European Commission as providing 'adequate level of protection' is available under: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en. For more information regarding transfers of data for commercial purposes to USA based entities who are part of the Privacy Shield, see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.
If your personal data are to be transferred outside the EEA we will endeavour to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Navibulgar and the practices described in this Privacy Notice.
You can find out more information on the mechanism used by us for international transfers by clicking below.

Learn more (Transfers to countries without 'adequate level' of protection).
TRANSFERS TO COUNTRIES WITHOUT 'ADEQUATE LEVEL' OF PROTECTION
The personal data related to you may be transferred to, and stored at, countries and territories outside the European Economic Area ("EEA"). They may be processed by entities belonging to Navibulgar’s or its parent company groups, or by our service providers located outside of the EEA.

Intragroup transfers
We use Standard Contractual Clauses (specific contracts approved by European Commission (for more information see: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en)) where personal data is transferred to companies within our group which are located in the countries not determent by the European Commission as providing 'adequate' protection of the personal data.

Transfers to third parties
Where appropriate, we may (usually on an ‘ad hoc basis’) use service providers located outside the EEA which enable us to provide our service or supply goods (for instance brokers) or your personal data may be disclosed to our professional consultants in such countries or to other organizations.
Where the recipient is located in a country which not been deemed by the European Commission to have adequate laws in place to protect your data, we transfer the personal data using one of the following measures:
  • Where we use regularly do business with such entity or individual, we will seek to put in place the above mentioned Standard Contractual Clauses;
  • Where the transfer is on an “ad hoc basis” or when we couldn’t manage to sign Standard Contractual Clauses, we will only transfer the personal data if:
    • We have explicitly consented to such transfer;
    • The transfer is necessary for the conclusion or performance of a contract in your interest, and we are party to that contract;
    • The transfer is necessary in order to perform a contract between us and you, or the implementation of pre-contractual measures taken at your request,
    • The transfer is necessary for the establishment, exercise or defense of legal claims; or
    • The transfer is made from a register which according to EU or Member State law is intended to provide information to the public and which is open to consultation either by the public in general or by any person who can demonstrate a legitimate interest, but only to the extent that the conditions laid down by EU or Member State law for consultation are fulfilled in the particular case;
    • The transfer is necessary in order to protect yours or other persons vital interests where and you are physically or legally incapable of giving consent;
    • The transfer is necessary for important reasons of public interest.


We will store your personal data in compliance with the requirements of the GDPR. We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected it, to satisfy any legal, accounting or reporting requirements or to protect our legitimate interests. If there is no legal requirement for the period of retention of the personal data we determine the appropriate retention period for personal data by considering the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable limitation periods for claims which might be brought against us or by us against you.
In some circumstances we may anonymise your personal information so that it can no longer be associated with you.
If you would like more detailed information about our retention policy, please, contact the Navibulgar’s Data Protection Officer at (email: dpo@navbul.com).
We aim to ensure that your personal data are secure. In order to prevent unauthorised access, destruction or disclosure of your personal data we have put in place appropriate physical, technical and organisational measures. Our service providers are required to do the same. Some of our security measures may be found here.

Learn more (Data Security)
Data Security
In assessing the appropriate level of security, we take into account in particular the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data collected, stored or otherwise processed. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you, we control the access to systems and networks which allows us to stop people who are not allowed to view your personal information from getting access to it. We train our employees about the importance of confidentiality and maintaining the privacy and security of your information and have put in place appropriate policies and procedures. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.



The GDPR provide certain data protection rights for you including to request access, rectification, restriction, deletion or transferring ("porting") of your data, and to object to our use of your data, including for direct marketing. Our response to your requests may depend on which legal grounds we are using to process the data in question.
You have the right to complain about us to the relevant supervisory authority (in Bulgaria Commission for personal data protection, (Prof. Tsvetan Lazarov Blvd., Sofia 1592, Bulgaria, website: www.cpdp.bg) but if you are concerned that our processing of your personal information is not compliant with the GDPR, please contact us first. For more information about your rights under the GDPR please click

Learn more (Your Rights).
Your rights
In addition to the right to complaint to the relevant supervisory authority a number of rights are available for individuals residing in the EEA under the GDPR.

  • Right of access
    The GDPR gives you the right to find out whether we are processing your personal data and, where that is the case, to receive a copy of the personal data undergoing processing and information on:
    • The purpose/purposes of the processing of personal data (why we are processing it);
    • the categories of personal data, related to you that we process;
    • the recipients or categories of recipient to whom the personal data has been or will be disclosed;
    • where possible, how long we plan to keep your personal data or the criteria we use to determine that period;
    • information on your rights under the GDPR (the right to request from us rectification or erasure of personal data or restriction of processing of personal data or to object to such processing and the right to lodge a complaint with a supervisory authority);
    • where the personal data are not collected from you, any available information as to their source;
    • the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you, and
    • if we transfer your personal data outside of the EEA, details of the appropriate safeguards we have used to protect your personal data and uphold your personal data protection rights.
    The first copy of the personal data undergoing processing is free of charge. Any further copies may be subject to a reasonable administrative fee taking into consideration our administrative expenses. Where providing you with your personal data will infringe the rights of third parties (for instance where your data are inseparable for other individual’s personal information), we reserve the right to redact or withhold it. We may withhold your personal data if permitted by relevant provisions of the law applicable to us. If we process large amount of information about you we may request you to specify the information that you require or processing activities to which your request relates.

  • The right to request amendment
    You have the right to request the amendment of your personal data at any time if it is inaccurate or old, as well as to request incomplete data taking account, taking into account the purposes of processing. We reserve the right not to comply with your request for completion of incomplete data if the additional information is not necessary for the purposes of processing

  • The right to withdraw your consent to the processing of your personal data
    If we process your personal data on the grounds of your consent or explicit consent, you have the right to withdraw your consent at any time. This will not affect the legality of our processing of your personal data up until the point at which you withdraw your consent. Please note that notwithstanding such withdrawal of consent we may still continue to process your personal data on other legal ground/s. The processing of your personal data may as well continue on the grounds of Article 17 (3) of GDPR (for instance for the establishment, exercise or defence of legal claims).

  • The right to object to processing of your personal data
    You have the right to object free of charge to our processing of your personal data if we are using the lawful grounds 'legitimate interest' or the processing in performance of a task carried out in the public interest. When we receive your objection we will assess our legal grounds for processing and will stop processing the personal data if we cannot demonstrate compelling legitimate grounds to continue processing the personal data. Please note that in any case we will not stop processing your personal data if such personal data are processed for the establishment, exercise or defence of legal claims.

  • Right to object to direct marketing
    You have the right to ask us not to process your personal data for marketing purposes, including profiling to the extent that it is related to direct marketing. Within a reasonable time after receipt and consideration of your objection we will no longer process your personal data for direct marketing purposes.

  • The right to request the restriction of your personal data
    You have the right to ask us to restrict our processing of (ie. stop using) your personal data if you think that it is inaccurate, that we are processing it illegally, that we no longer need it for the purposes for which it was collected or when you have objected to processing pursuant to lawful grounds 'legitimate interest' or ‘public interest’. While we consider your request we will stop processing your personal data within a reasonable time from the date we receive your request. We will notify you of our decision and any justifications for continuing to process your personal data in accordance with the internal procedures of Navibulgar and the applicable law.
    Where processing has been restricted at your request, such personal data shall, with the exception of storage, only be processed with your consent. Please note that in any case we will not stop processing your personal data if such personal data are processed for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State

  • The right to erasure ('to be forgotten')
    You have the right to request us to delete your personal data without undue delay where one of the following applies:
    • the personal data is no longer necessary for the purposes for which they were collected or otherwise processed;
    • you withdraw your consent to us for processing your personal data and we have no other legal grounds for processing it;
    • the personal data has been unlawfully processed;
    • the personal data must be erased for compliance with a legal obligation under the EU law or law of the Member state to which we are subject;
    • you have objected to our processing of your personal data if we are using the lawful grounds 'legitimate interest' or that of processing in public interest and there are no overriding legitimate grounds for the processing, or you have objected to the processing for the direct marketing purposes;
    • the personal data relates to a child under 16 and was collected in relation to the offer of social services.

    Please note that the right of erasure is not an absolute right. We will continue to process your personal if the processing is necessary:
    • for exercising the right of freedom of expression and information;
    • for compliance with a legal obligation which requires processing by Union or Member State law to which we are subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
    • for reasons of public interest in the area of public health;
    • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes;
    • for the establishment, exercise or defense of legal claims.

  • The right to personal data portability
    You have the right to receive personal data which you have provided to us in a structured, commonly used and machine-readable and interoperable format and have the right to transmit those personal data to another personal data controller, if we are processing it on the grounds that you have consented to that processing or because it was necessary in order to perform a contract with you, and if we have no other legal bases for processing it and the processing is carried out by automated means.
    If you will be subject to a decision based solely on automated processing, including profiling (‘automated means of decisions’), which produces legal effects concerning you or similarly significantly affects you we will notify you.

    You can exercise your rights at any time by contacting our Data Protection Officer at: dpo@navbul.com
    Any change in the contact details of the Data Protection Officer shall be published on Navibulgar website: http://www.navbul.com.
    We may request additional information (including copies of documents) from you for the purposes of verifying your identity.
    We will respond to your request without undue delay (usually within one month) and will give you our reasons where we do not intend to comply with your requests. If we need more time to respond (particularly due to the complexity of your request or if you have made number of request) we will notify you.
    You may exercise any of your rights without paying a fee to us. However where your requests are manifestly unfounded or excessive, in particular because of their repetitive character, we may either:
    • charge a reasonable fee; or
    • refuse to act on the request.



The Navibulgar website may contain links to the websites of other companies and organizations which may be of interest for you ("Third Party Sites").
These Third Party Sites may place cookies or other files on your computer, collect data or solicit personally identifiable information from you. Third Party Sites are governed by their own privacy policies, we do not exercise control over them therefor we do not accept any responsibility or liability for their policies or processing of your personal information. When accessing Third Party Sites please make sure that you read carefully the applicable privacy policies or statements.
This Privacy Notice is subject to change from time to time. The most current version of the notice will govern our use of your information and will always be at http://www.navbul.com. Where appropriate and feasible or required by GDPR such changes will be notified to you by email.
We may e-mail periodic reminders of our notices and may periodically request by email (if available) updates of your personal information used by us.
Please check back frequently to see any updates or changes to our Privacy Notice.
Thoughts or questions about this Privacy Notice or your rights? Please, let us know by contacting our Data Protection Officer at these contact details:
Data Protection Officer
E-mail: dpo@navbul.com
Post:
1 Primorski Blvd.,
Odesos District, 9000
Varna,
Bulgaria
Attn.: Data Protection Officer.

© 2011 "Navigation Maritime Bulgare". All rights reserved.