Privacy Policy

Home > Privacy Policy

Privacy Policy of Workshop for Civic Initiatives Foundation

Workshop for Civic Initiatives Foundation (WCIF) is a not for profit legal entity registered as public interest organization in the registry of the Ministry of Justice under file No 003/16.11.2001., with headquarters: Sofia, Vardar 10 blv., tel.: 02 954 9715, e-mail: office@frgi.bg, web-page: https://frgi.bg.

WCIF encourages different communities to take responsibility and actively work for social development, making full use of local resources. For WCIF, these communities are both geographical and professional or communities of interest. With all of them, WCIF works for local development, as well as to develop and introduce philanthropic practices, offering different ways to implement these ideas in Bulgaria, together with business organizations and individual donors.

In order to achieve its mission WCIF supports development of cooperation among stakeholders in communities as an important tool for achieving social change on the basis of joint responsibility, development and strengthening of non-governmental organizations as an important factor in the process of civil society development, development of local philanthropy as a prerequisite for the development of vibrant civic organizations, because neither the civic society, nor its organizations can exist without the active support of socially responsible people, corporations or institutions.

WCIF is an administrator of personal data following the provisions of the Personal Data Protection Regulation (PDPR), registered by the Commission on protection of personal data (CPPD) and entered in the public registry of personal data.

I. Scope and objectives of Personal Data Protection Policy

  1. WCIF acknowledges the personal integrity and takes respective measures to ensure against improper use and processing of personal data of individuals. In compliance with the GDPR, PDPR and the respective good practices, WCIF is applying the legally required organizational and technical measures to protect personal data.
  2. WCIF aims to inform all interested parties with this Personal Data Protection Policy of the aims of personal data processing, the grounds for their processing, the categories of potential third parties to which the data could be disclosed, the consequences of refusal to present required data, as well as information on the right to access, correct, delete and denounce personal data in compliance with EU GDPR 2016/679 and the PDPR.

II. Personal data processed by WCIF

  1. WCIF, processes personal data in its capacity of personal data administrator. The processed personal data is structured in separate registers, which are declared in the public register of personal data administrators.
  2. WCIF processes personal data, presented personally by the individuals /personal data holders/ in compliance with the legal requirements applied to the administrators of personal data.
  3. WCIF processes personal data provided by the data holders /subjects/, in cases where the data subjects has given consent to processing of their personal data for one or more specific purposes when processing is necessary on the basis of contractual requirements or for the purposes of the legitimate interests of the personal data administrator.
  4. WCIF also processes personal data that have not been obtained from the data holder/subject to whom they relate, and are provided by a third party in connection with the performance of a specific contractual obligation in the implementation and management of programs and projects for gratuitous funding or implementation of activities under other contractual obligations. In these cases, the person/entity providing the data to WCIF undertakes to:
    – present to the holders/subjects of personal data information about the personal data administrator – WCIF
    – inform the holders/subjects of personal data about the objectives, categories of data transferred and the category of data receivers;
    – present information on the right and channels of access and correction of personal data by the subject/holder.
  5. (1) The following categories of personnel data processed by WCIF are defined by the concrete activity or legal requirement related to:
    – physical identity: name, Civil Identity Number, data from identity documents, place of birth, address, telephone number, e-mail;
    – social identity: education, qualification, competence, position, work-internship and professional biography, citizenship, participation in the governing bodies of legal entities;
    – economic identity – Bank Account number (IBAN);
    (2) Compliant to its legal obligations WCIF collects data related to physical and economic identity.
    (3) In the framework of contractual obligation relating to the financing of projects/programs, with the express consent of the person can be requested information related to answering certain requirements for their inclusion (education, belonging to a vulnerable group, ethnicity, etc.)
  6. WCIF provides explicit information about the type of personal data that it collects and processes for the various funding programs and re-granting.

III. Processing of personal data

  1. In its capacity of personal data administrator, WCIF process personal data within a range of activities that could be performed with respect to personal data by automatic or non-automatic means like collection, recording, organizing, storing, adaptation or modification, consultation, usage, blocking, deletion and destruction while observing the following principles:
    – lawfulness of the processing of personal data;
    – proportionality of the processing of personal data;
    – actuality of the processed personal data.
  2. WCIF processes personal data independently. Processing on behalf of WCIF is actually performed by its employees, whose rights and obligations in relation to the processing of personal data of individuals are duly regulated in the internal rules of the organization.

IV. Objective of processing of personal data

  1. The purpose of the processing of personal data is to identify for certain individuals: current and future employees of WCIF, contractors, grants beneficiaries, contacts and invited participants to the events performed and carried out in connection with the implementation WCIF activities. The processing of data is a result of:
    – Fulfilment of legal obligations of the personal data administrator, pursuant from the specificities of the requirement inherent in the legislation regulating financial and accounting accountability, pension, health and social insurance activities and the activities related to HR management;
    – Execution of a contract in which the personal data holder / subject is a party or is about to become a party before the conclusion of the contract;
    – In the event of WCIF implementing activities for one single or more than one concrete objectives with the expressed consent of the holder / subject of personal data; for the purpose of the legitimate interests of the administrator or a third party with the expressed consent of the holder / subject of personal data.

V. Consequences from the refusal to present personal data

  1. Explicit consent of the individuals whose data are being processed is not required if the administrator has a legal basis for the processing of personal data. Such grounds are for example the legal obligation in relation to the requirements of the employment, tax and social security legislation, the Law on obligations and contracts, Law on accounting, Law on measures against money laundering, Law on measures against financing of terrorism, etc.
  2. In the event of refusal of voluntary provision of personal data requested, WCIF will not be able to fulfill its regulatory or contractually established obligations, including not to be able to provide free service or finance to the subjects refusing to provide their personal data and information, who are the beneficiary entity in a grant, program or project implemented by WCIF or a Fund managed by WCIF.

VI. Disclosure of personal data

  1. WCIF as an administrator of personal data have the right to disclose personal data processed only the following categories of person:
    • Physical persons for who the data refers;
    • Persons for whom the right to access such information is legally granted;
    • Persons for whom the right to access ensues from contract.

VII. Rights of the subjects of personal data

  1. Physical persons whose personal data is being processed have the following rights:
    • The right to information concerning the data which identify the administrator, the purposes of processing personal data, the recipients or categories of recipients to whom the data may be disclosed, the mandatory or voluntary nature of providing of personal data and consequences of refusal to provide personal data.
    • The right of access to relevant to the individual’s data. In the case when the right of access is granted to the holder / subject of personal data and that may reveal personal information about a third party, the administrator is required to provide partial access to the data, without revealing details of the third party.
    • The right to correct or add to missing or not precise personal data.
    • The right of deletion of the personal data, the processing of which does not comply with the statutory requirements or with obsolete legal basis (expired storage period, withdrawn consent, performed initial purpose for which the data were collected, etc.), as well as the right to ask for notification of third parties to whom the individual’s personal data have been disclosed, as for any cancellation, correction or blocking, which has been carried out, except in cases when this is impossible or involves a disproportionate effort.
    • The right to object to the administrator to the processing and/or disclosure of personal data of the subject in the presence of a legal basis for this. The right to be informed before personal data are disclosed to third parties in the event of a legal basis for that.
    • The right to protection in front of the Commission on protection of personal data (CPPD) or in due court order.

VIII. Order for exercising the rights

  1. (1) Physical persons exercise their rights by providing a written application to WCIF (on paper or by e-mail), that contains minimum the following information:
    • Name, address, and other identification data of the data holder / subject;
    • Description of the demand;
    • Preferred means of providing the information;
    • Signature, date of filing the application and address for correspondence.
      (2) The entire procedure of exercising the rights of physical persons related to their personal data shall be free of charge for the respective person.
      (3) In order to avoid abuses, on application by the authorized person, the application shall be accompanied by a notarized power of Attorney.
  2. The time limit for the examination of the application and the administrator’s pronouncement on it is 14 days from the day the application is lodged, respectively 30 days, when more time is needed to collect the required data, and in view of the complexity of the request.
  3. WCIF answers in writing and presents its answer to the applicant in person – against signature or by registered mail taking into consideration the preferred by the applicant means of correspondence.
  4. When data, subject of an application do not exists or their disclosure or transmission is prohibited by law, the applicant shall be denied access.
  5. In the event that WCIF does not respond to an applicant within the prescribed period or the applicant is not satisfied with the response received and/or considers that certain rights have been violated, relating to the protection of personal data, s/he shall be entitled to exercise the rights of defence before the competent authorities.

IX. Terminology and definitions used

  1. In the context of this Policy:
    • “Personal data” means any information relating to an identified physical person or a physical person who can be identified, directly or indirectly, in particular by an identifier such as: name, identification number or by one or more specific signs or characteristics.
    • “The processing of personal data” shall mean any operation or set of operations, carried out with personal data or set of personal data, by automated or other means, such as collection, recording, organisation, structure, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise, when data become available, alignment or combination, restriction, deletion or destruction.
    • „The Administrator of personal data“ is WCIF.
    • „Personal data register“ is any structured compilation of personal data, accessible under certain criteria in accordance with the internal rules of WCIF that can be centralized or decentralized and is assigned by a functional principle.

This personal data protection policy of Workshop for Civic Initiatives Foundation was established by order of the Executive Director on 23. 05.2018 and entered into force on the same date.

The present WCIF Personal Data Protection Policy was updated on 13 November 2024.