Privacy Policy
Privacy Policy
With this Privacy Policy (PP) are defined the procedures, rules, and manner according to which Joyful Life Ltd. collects, uses, and stores the personal data of users of the website:
https://annagrozdanova.com/
Before using the services provided through the website, including before providing personal data to the company for processing, the user confirms acceptance of this Privacy Policy and Cookie Policy by checking the relevant section.
Section I – Information about the Controller processing and storing your data
- Company name: Joyful Life Ltd.
- UIC/BULSTAT: 207834084
- Registered office and management address: Sofia, Lozenets district, 75 Tsanko Tserkovski Blvd.
- Correspondence address: Sofia, Lozenets district, 75 Tsanko Tserkovski Blvd.
- Email: info@annagrozdanova.com
- Website: https://anna-grozdanova.webflow.io/
Section II – What data do we collect?
When purchasing a ticket:
You provide us with the following personal data:
- First and last name
- Phone number
- Email address
We need this information in order to complete the sale and deliver your purchased ticket, meaning that this personal data is necessary for the conclusion and execution of the ticket sales contract.
Customers purchasing tickets provide this information without creating a personal account on the website.
Additionally, we process general usage information that helps us understand how you use our services, including:
- Searches and search preferences
- Records of searches made on our website
- Browsing activity
- IP address
- Time of visit
- Pages visited
- Interaction with specific pages
- Limited location information
- User device and software information
- First-time or returning visit information
- Traffic source data
This information is usually collected automatically through the use of cookies.
For more information, please see our Cookie Policy.
Section III – For what purposes do we use your data?
By ordering a ticket through the website, we enter into a ticket sales contract with you, to which our Terms and Conditions apply.
The main purpose for collecting and using the above personal data is to make the execution of this contract possible, including:
- Sending additional information related to the seminar
- Managing your participation in the event
Your contact details may be used by our team in case of:
- Changes to specific events
- Event cancellations
The email address provided in connection with:
- Purchasing a ticket
- Subscribing to a newsletter
- Requesting free videos or educational materials
- Creating an account
may be used for direct marketing purposes.
You have the right to object to such processing, including profiling related to direct marketing, free of charge and at any time.
The phone number provided in connection with:
- Purchasing a ticket
- Subscribing to a newsletter
- Requesting free videos or educational materials
- Creating an account
may also be used for direct marketing purposes.
You have the right to object to such processing at any time.
We use general usage information to:
- Improve your experience on our website
- Improve the quality of our services
- Protect against abuse
Your personal data may also be processed in connection with:
- Pre-trial proceedings
- Judicial proceedings
- Administrative proceedings
- Customer claims
- Ticket fraud investigations
- Similar matters
Section IV – On what legal grounds do we process your personal data?
We collect your data on grounds permitted under European and Bulgarian legislation.
Performance of a contract
We collect your personal data to:
- Confirm payment
- Provide your ticket
- Inform you of event changes
- Inform you of cancellations
- Process refund requests
For fulfilling our obligations, we may transfer your personal data to:
- Courier companies
- Financial institutions
- Payment service providers
- Banks
Legitimate interest
We retain information entered during ticket purchases because we consider this both your and our legitimate interest.
We also have a legitimate interest in:
- Future marketing campaigns
- Informing you about future projects
We analyze statistical and technical website usage data to:
- Improve functionality
- Improve products and services
- Protect against abuse
We may also retain payment and purchase-related data for:
- Legal proceedings
- Tax audits
- Consumer claims
- Ticket fraud investigations
- Similar cases
Consent
If you have not purchased a ticket but subscribed to newsletters or informational communications, your personal data will be processed based on your consent.
You may withdraw your consent at any time by emailing:
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
Section V – Individuals and legal entities receiving your information
The company is committed to maintaining the confidentiality of your information and complying with all legal requirements regarding sharing and disclosure of personal data.
Such disclosure occurs only when there is:
- A valid reason
- Sufficient guarantees for adequate protection
The company may disclose your personal data to:
- Database storage service providers
- Website maintenance providers
- Analytics providers
- Information systems providers
- Technology providers
- Postal service providers
- Courier service providers
- National authorities (e.g. NRA, NSSI)
- Local authorities
- Crime prevention authorities
- Regulatory authorities
- Lawyers
- Consultants
- Auditors
The Controller explicitly informs users that all their data is shared with Delight and Joy Ltd., UIC: 203929453, a long-term partner involved in organizing certain events.
The Controller remains fully responsible and guarantees that this company is bound by the terms of this Privacy Policy through a data sharing and processing agreement.
Your data outside the European Economic Area
Please note that general usage information collected automatically through certain cookies may be transferred to servers in the United States because we use Google LLC Analytics.
We also use social plugins and embedded pixels provided by Meta Platforms, Inc..
These services may transfer your information to servers in the United States.
For more information:
- Google LLC
- Meta Platforms, Inc.
If you do not wish this automatic connection of data, please log out of your social media accounts before visiting our website.
Section VI – Data retention period
We will retain and process your data only as long as necessary for the purposes for which it was collected.
For example:
- Data processed based on consent — until consent is withdrawn
- Data processed based on legitimate interest — only as long as your rights do not outweigh our legitimate interest
- Data processed for contract performance — for the duration of the contractual relationship or applicable legal deadlines
Section VII – How does the Company protect personal data?
The Controller takes all necessary actions and measures to ensure personal data security and prevent:
- Unauthorized access
- Collection
- Use
- Disclosure
- Copying
- Modification
- Deletion
- Misuse
Your personal data rights
You have the following rights:
- Right of access to your personal data
- Right to request correction of inaccurate or incomplete data
- Right to object to automated decision-making and profiling
- Right to request deletion of your personal data
- Right to data portability
- Right to file a complaint with the Bulgarian Commission for Personal Data Protection
Section VIII – How can you exercise your rights?
To exercise any of your rights, you may contact us by:
- Phone
- Postal mail
We will respond to requests within one month.
You may send your request to:
Your written request should include:
- Your name
- Your registered email address
- Preferred communication method
- Signature (if submitted on paper)
- Date of request
- Correspondence address
- Power of attorney (if submitted on behalf of another person)
The company may request additional verification information.
Section IX – Special categories of personal data
The Controller does not collect, process, or store special categories of personal data under Article 9 of GDPR.
This includes data revealing:
- Racial or ethnic origin
- Political opinions
- Religious beliefs
- Trade union membership
- Genetic data
- Biometric data
- Health data
- Sex life or sexual orientation information
Section X – Automated decision-making and profiling
The Controller does not use fully automated decision-making processes, including profiling, under Article 22 of GDPR.
Section XI – Security breach notifications
In the event of a personal data breach, the Controller will:
- Report the breach to the Bulgarian Commission for Personal Data Protection within 72 hours where required
- Notify affected individuals without undue delay where there is high risk
The notification will include:
- Description of the breach
- Categories of affected data
- Contact details
- Potential consequences
- Measures taken
Section XII – Security measures
The Controller applies comprehensive technical and organizational measures to ensure confidentiality and security of processed personal data.
Technical measures include but are not limited to:
- Encryption of personal data in transit and at rest
- Pseudonymization where applicable
- Strict access control
- Regular backups
- Firewalls and anti-malware systems
- Physical access controls
- Video surveillance
Organizational measures include:
- Internal policies and procedures
- Employee training
- Role-based access control
- Risk assessments
- Incident management procedures
- Regular audits
- Penetration testing
The Controller signs confidentiality agreements with all service providers and third parties processing personal data.
Section XIII – Changes to this Privacy Policy
We will notify you of any changes to this Privacy Policy by publishing the updated version on our website.
For questions regarding your personal data, contact us at: