Privacy Policy
of Metrica LTD

We understand that privacy and security of the personal information you share with us is extremely important. Because of that, our Privacy Policy sets out how we process your data and what are the measures we take to secure it. It also explains where and how we collect your personal information, as well as your rights over any personal information we hold about you.

This Privacy Policy applies to you if you provide us your personal data over the phone (call or SMS), online, through online registration form, via post or courier, social media, corporate or promotional website, through mobile application or other way. This Policy gives effect to our commitment to protect your personal information and has been adopted by all of the companies and businesses in our group (for more information, please look at section “Who are we?”).

1. Who we are?

When we say ‘we’ or ‘us’ in this Policy, we’re generally referring to the separate and distinct legal entities that are part of the group. These include:

• Metrica LTD, registered office: Sofia, 25, Petar Dertliev Blvd., Fl. 2
• Mediapost Hit Mail Bulgaria LTD, registered office: Sofia, 25, Petar Dertliev Blvd., Fl. 2
• Mediapost Hit Mail SRL, registered office: Siriului Street No. 42-46, 3rd floor (Aviatiei Area) Bucharest 1, Postal code: 014354, Romania, CIF RO13351917.
• Create Direct LTD, registered office: Siriului Street No. 42-46, 3rd floor (Aviatiei Area) Bucharest 1, Postal code: 014354, Romania, UIC: 16678558.

It also includes any other businesses we add to this group in the future.

2. What information for you we store and process?

• Information you share with us when you submit request for prices/services on one of our landing pages or our website metrica.bg.
Information you provide to us such as: your name, telephone number, email address, company, position, business sector, any type of feedback or when you communicate with us via post, phone, email or social media.

• Name and email address, when you register and you give us your consent to receive emails with news, useful articles, case studies and other from Metrica.
• Information about any device(s) you use or you have used to access our sites or services (such as your device’s mark and model, operational system, browser or IP address), information collected with “cookie” and similar technologies (more information about this you can find in our Cookies policy) or the way you use our services. For examples, we try to identify which of our sites or apps you use, how and when.
• Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. We want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve the information we are sending.
• Information from other sources such as our partners, specialist companies that provide customer information with their consent, in an explicit or anonymized form (like companies for marketing research, financial institutions, social media etc.) including information that is publicly available.

3. Purposes for which we use the data you are sending to us. Lawful basis of processing.

As a Controller of personal data, and in order to be able to fulfill our obligations under the General Data Protection Regulation, we may use your personal data for one, several or for all purposes listed below:
• In order to send you a response to a request made by you for any of our products or services;
• To send you emails with news and proposals from our company;
• To send you invitations to events we organize – either alone or with our partners;
• For statistical needs and analyzes;
• To help us understand more about you as our customer, about the products and / or services you use, about the way you use them, and to provide you with better service from our employees;
• To send you invitations to participate in surveys – online or in paper form.
• To find ways to improve our products, services, applications, or websites.

The processing of your personal data is based on one of the following lawful basis of processing:

• You have agreed to process your personal data for one or more specific purposes;
• Processing is necessary for the performance of a contract to which you are a party or for taking steps upon your request before entering into a contract between us and you;
• processing is necessary to comply with a legal obligation that applies to us as a data controller;
• processing is necessary to protect your or another individual’s vital interests;
• Processing is necessary for the performance of a task of public interest or in the exercise of the official authority that is provided to us as a data controller;
• processing is necessary for the purposes of our legitimate interest (or a third party’s one), except where such interests impacts your interests or fundamental rights and freedoms that require special protection of your personal data.

4. Who we might share your information with?

4.1. With companies in the group

We may share your personal data with other companies in our group (described in the “Who we are?” section) when we have your consent to that. That’s how we can provide first-class service.

4.2. With our partners and/or providers

We work with partners and providers who can also process your personal data on our behalf but only if they meet our storage, processing and data protection standards! Such partners are:

• Courier or postal companies who have to deliver documents or parcels on our behalf;
• Printing companies who need to prepare customized or personalized materials for you;
• Companies who send mass email when you need to receive an email from us;
• Companies who send SMS when we need to send you one;
• Companies who send applications with which we work every day – for example for email marketing, landing pages, data transfer between systems etc.

We only provide them with information that is necessary to get the relevant product and / or service from us that you have requested or have shown interest for. For example, if you have indicated that you are interested in marketing information from us and / or our partners, you may see advertising messages about our products and / or services on websites you visit.

4.3. Other organisations or individuals:

We may provide your personal data to other organizations in certain cases. For example:

• If we are discussing the sale of all or part of our business, we can share data about you with potential buyers – but only in summary form so that they can assess the potential of the business;
• If we undergo reorganization or our company is sold to another organization, we may transfer your personal data to that company to continue providing you with the relevant products and / or services;
• If required by law, by a state or a private institution, in fulfillment of its statutory obligations (eg. police, NRA, NSSI, CPDP, etc.);
• If we need to share your personal data in order to protect our legitimate interest or exercise our rights as regulated by the law and to protect our customers, our users of our products and / or services, systems and servers; or
• Responding to a request from other individuals (or their representatives) who are trying to protect their statutory rights or the rights of other individuals or organizations.
In any case, we will inform you before providing this information to third parties. If this is not feasible, we will inform you as soon as we have provided your data to third parties.

5. International transfers of your data

If for purposes described in this Privacy Policy we have to transfer your personal data to a third party (another of our group or our supplier and / or partner) whose headquarter is outside the EU or country with adequate level of security, you will be notified of this as well as of the measures with which your personal data will be protected. Your data may be transferred on the basis of a contract between us and the third party, in a manner approved by the relevant regulatory autority, and under an external arrangement approved by the relevant regulatory autority (eg. Data Shield in the Relationship between EU and US – ‘Privacy Shield’ or others).

6. Keeping you informed about our products and services?

When you explicitly agree to this, we will gladly share with you by email or phone our special offers, ideas, products and / or services when we have something to share with you.
If you do not agree or wish to withdraw your consent to receive emails from us, you may do so in one of the following ways:

• via the unsubscribe link included in any email we send you;
• by sending us a unsubscribe email at privacy@metrica.bg.

7. What are your rights related to your personal data and how you can exercise them?

7.1. Right to access and correction of your personal information

You have access to your personal data processed for the purposes outlined above. If we process this data and receive a request from you (or from a third party authorized by you), we will provide this access for free. You may also request a copy of your personal data we process.

Before we provide access to your personal data to you or to a person authorized by you, we may request proof of identity and details of your relationship with us or our partners so we can find the data that relates to you.

If any personal data we store and process for you is inaccurate or obsolete, you are entitled to ask us to correct them, including by adding a statement.

7.2. Right to delete your personal data

You may request to delete your personal details without undue delay if:
• personal data are no longer needed for the purposes for which they were collected;
• when you have withdrawn your consent;
• when you have objected to the treatment if it is unlawful;
• when personal data must be deleted to comply with a legal obligation under Union law or the law of a Member State that applies to us as a data controller;
• when personal data has been gathered in connection with the provision of information society services.

Under certain conditions, we may refuse to delete your personal information in the cases provided for by law.

7.3. Right to data portability and right of appeal

You may obtain the data we process for you in a structured, widely used and machine readable format to transfer your data to another Controller.
You have the right to file a complaint with the local regulator, the Personal Data Protection Commission (CPDP) or the court if you think your rights are being violated. For this purpose, you can visit the CPDP website at https://www.cpdp.bg/, where you will learn more.

7.4. Right of withdrawal of consent

You have the right to withdraw your consent to the processing of your personal data on our behalf at any time by submitting a request to us:
• by sending us a unsubscribe email at privacy@metrica.bg;
• by contacting us by phone on +359 2 434 0841;
• by sending us a written application at: Sofia, 25, Petar Dertliev Blvd., Fl. 2

7.5. Right of objection

You have the right at any time to submit to us an objection to the processing of your personal data for purposes related to direct marketing, including profiling, in so far as it relates to direct marketing. The objection can be made by phone or by e-mail to the contact details listed above in p.7.4.

7.6. Restrict the processing of personal data

You have the right to request that we limit the processing of your personal data when you believe your personal data is inaccurate, the processing of your personal data is improper, we do not need your personal data for processing purposes, or you have objected to the processing of your personal data. In this case, personal data will only be stored but not processed.

7.7. The right not to be subject to an automated solution involving profiling

You have the right not to be subject to a fully automated solution, including profiling, when it generates legal issues for you or affects you considerably.
If you would like to exercise any of the rights described here, please contact us at the contacts listed in p. 7.4.

8. For how long do we store your data?

We store a record of your personal information in order to provide you with high quality and consistency of our services within the group. We always store and process your data in accordance with the law and we never keep it for longer than is necessary. In the massive case, unless otherwise specified, your data is stored for 5 (five) calendar years from the date of receipt or till the consent is withdrawn.

9. Data Security

We treat your personal data as strictly confidential. To protect them, we take a number of measures, including:

• We limit access to the premises where we work only to the people who need to be there (using codes and access cards, passwords, etc., related to restricting access to certain premises);
• We also control access to our information technology systems by means of firewalls, ID validation, logical segmentation and / or physical separation of our systems and information;
• We use methods such as encryption and pseudonymization of information;
• We never ask you to send us your password;
• We advise never to enter an account number, password, or other sensitive information in an email to us.

10. Contact with us

If you wish to exercise any of the rights described in this Privacy Policy, or if you have a question or complaint about this Policy or the way your personal data is processed, please contact us in one of the following ways:

By email: privacy@metrica.bg
By post: To Data Protection Officer of Metrica, SSofia, 25, Petar Dertliev Blvd., Fl. 2
By phone: contact us on +359 2 434 0841 in working hours from 09:00 to 17:30.

11. Policy change

This privacy Policy was most recently updated in 15.09.2020.