Thank you for choosing AutoPoster!
The Privacy Policy is an integral part of the User Agreement and explains what personal data of Users and their clients are collected and stored by the Administration when using the Platform, as well as when they can be used or transferred to third parties. If you want to use AutoPoster services, you must read and accept the terms of the Privacy Policy and User Agreement.
This Privacy Policy (hereinafter - the Policy, Privacy Policy) is developed in accordance with the requirements of the Law of the Russian Federation and Bulgaria (hereinafter collectively referred to as the Law), adopted and in force in the Administration (hereinafter - the Administration, we).
The document consists of the following sections:
By using our Platform and providing us with personal data, you agree that this personal data will be processed in accordance with this Policy and the Cookie Policy.
If you have any legal questions related to this Policy please contact us: support@auto-poster.online
For general and technical questions - info@auto-poster.online
On issues related to organization of personal data processing and protection - legal@auto-poster.online
This Privacy Policy defines the obligations of the Administration on non-disclosure and protection of confidentiality of personal data, which the User provides at the request of the Administration during registration on the Platform and during further interaction with the Platform.
The Privacy Policy applies to all information that the Platform may collect about the User when using the Platform services. By registering on the Platform, the User agrees to all the terms of the Privacy Policy.
Privacy Policy may be changed by the Administration without prior notice to the User. The current version of the Privacy Policy is always available on the Internet at: https://en.auto-poster.online/privacy/.
The Administration determines for each purpose of personal data processing the categories and list of processed personal data, methods, terms of their processing and storage, the procedure for destruction of personal data upon achievement of the purposes of their processing or upon occurrence of other legal grounds.
The Administration has determined the following purposes of processing the User's personal data:
1) Providing access to the Platform (registration); 2) Ensuring the Platform security and its correct functioning; 3) Restoration of access to the Account (if it has been stolen/lost login and password/error in login during registration/no possibility to use two-factor authentication); 4) Providing access within the framework of paid tariffs when paying by bank card; 5) Ensuring the reliability of the Platform operation and the possibility of data recovery after failures with the help of backup and data recovery technologies; 6) Processing on behalf of the User for the realization of processes automated by the User using the Platform (regulated by the Instruction for Personal Data Processing); 7) Transfer of the User's Personal Data to another Personal Data Operator when the User transfers his/her profile to it.
The Administration processes Personal Data in the manner described below:
Purpose of processing - granting access to the Platform (registration)
Processed personal data
Name; Email; The unique identifier of the User used on the Platform (ID).
Processing is carried out automatically / with the participation of the User:
IP; City/Country (by IP); Browser version; Language; UTM Parameters; Partner Tag; The address of the website page from which the User made the transition to the Platform; Cookie data used to identify the User without the use of technical measures.
Grounds for processing of Personal Data - processing is carried out within the framework of fulfillment of contractual obligations.
Types of processing of personal data:
Collection, recording, systematization, accumulation, storage of personal data; Clarification (update, change) is carried out by the subject of Personal Data through the profile management form, as well as automatically when the User interacts with the Site; Personal Data is depersonalized, blocked, destroyed through the Administrative Panel for user management.
Retention period of the Personal Data - the Personal Data shall be stored during the entire term of the contract/for the periods established by the applicable Bulgarian legislation.
Personal Data Deletion - Personal Data is deleted by the User in myAlpari via the page or automatically at the end of the retention period for the data collected in automatic mode. The fact of deletion is recorded in the Platform logs.
The purpose of processing is to ensure the security of the Platform and its correct functioning
The PII being processed is the cellphone number.
Grounds for processing of Personal Data - processing is carried out within the framework of fulfillment of contractual obligations.
Types of processing of personal data:
Collection, recording, systematization, accumulation, storage; In case of suspicion of fraudulent actions, spam or mass registration, the User provides the Administration with a contact phone number to confirm their independent actions in myAlpari; View, depersonalize, block via the Admin Panel for user management.
Retention period of the Personal Data - the Personal Data shall be stored during the entire term of the contract/for the periods established by the applicable Bulgarian legislation.
Deletion of PII - PII is deleted by the User in the personal account via the page. The fact of deletion is recorded in the Platform logs and stored for the period of time determined by the applicable Bulgarian legislation.
The purpose of processing is to restore access to the Account (if it has been stolen/lost login and password/error in login during registration/no possibility to use two-factor authentication).
Grounds for processing of Personal Data - processing is carried out within the framework of fulfillment of contractual obligations.
Types of processing of personal data:
Collection, recording, accumulation, storage, depersonalization, blocking, deletion; View through the Administration panel to manage users.
Retention period of the Personal Data - the Personal Data shall be stored during the entire term of the Agreement.
Deletion of PII - PII shall be deleted by the Administration after the goal has been achieved.
The purpose of the processing is to ensure the reliability of the Platform operation and the ability to recover data after failures using data backup and recovery technologies.
Processed Personal Data - all data processed by the Administration and listed herein.
Grounds for processing of Personal Data - processing is carried out within the framework of fulfillment of contractual obligations.
Types of processing of personal data:
Storage; Transmission to implement geo-distributed backup storage; Deletion occurs automatically when data backups expire.
Processing is carried out by hosting the Platform on the facilities leased by the Processor in data processing centers provided by partners with whom agreements have been concluded to guarantee the security of the personal data processed by them.
Retention period of the Personal Data - the Personal Data shall be stored during the entire term of the contract/for the periods established by the applicable Bulgarian legislation.
Deletion of PII - PII is deleted automatically when data backups expire, as part of the backup and recovery process in place.
Payment for the Tariff, according to which the User uses the Platform services, is made through the use of payment systems. Payment systems collect and store financial information in accordance with their user agreements and privacy policies.
The administration does not store full card details and does not process payments, receiving from the payment system only a notification of the fact of successful payment.
In the process of receiving payment for the Tariff, the Administration may collect additional information related to the payment made by the User, including, but not limited to, the transaction number, time of the transaction, type and expiration date of the card used for payments, as well as the last four digits of the card number, name of the cardholder, country and city in which the card was debited.
When the User performs actions in the Account, for security purposes and to prevent fraudulent actions, the following activity is logged: date and time of authorization, date and time of creation of projects and pages, date and time of deletion of projects and pages, date and time of change of login and password, date and time of transfer of projects or pages to other Accounts.
The Administration provides the User with the Platform, which can be used by the User to process personal data.
The processing and storage of personal data processed (including collected, stored and published) by Users on websites created by them is carried out legally, for a period of time determined by the User.
The Operator of this data is the User, and the Administration is the Processor to whom the User entrusts the processing of personal data of its customers (according to the terminology defined by the Law). This relationship is regulated by the Order for the processing of personal data. By using the Platform to process personal data, the User expresses his/her consent and accepts the Personal Data Processing Order.
The User must obtain all necessary consents from its clients when processing their personal data, including consent to the transfer of personal data within the group of companies of the Administration, as well as consent to the assignment of the processing of personal data of its clients to third parties (for example, third-party providers of server hosting services, etc.).
The User shall independently decide which services of the Platform to use on its website to process personal data of its customers (collection of applications, orders, etc.).
If the User processes personal data of third parties using the Platform's functionalities and services, the User is solely responsible for compliance with the appropriate measures for the protection of personal data in accordance with the Law and other laws and regulations, including in terms of obtaining the relevant permits, placing the necessary documents and information on the User's Website.
The Administration is not responsible for the User's relations with its clients or for the way the User processes their personal data (even if the User collects it using the functionality and services of the Platform), and the Administration does not and will not provide the User with any legal advice on such matters.
The Administration processes personal data collected by the User on its websites on behalf of the User for the purposes determined by the User.
In case the User uses the site of the payment system, the Administration on behalf of the User may receive partial data (for example, 4 or 6 digits of the payment card number, surname and name of the cardholder and the name of the bank of the card issuer) on the successful processing of the payment to ensure the interaction between the site and the payment system.
The function of logging and storing partial data on successful payment processing is enabled by default. This function is configured by the User independently in myAlpari. The User may change the data storage period (set it from 1 to 30 days or delete the data immediately after transmission to the data collection services connected by the User) or disable this function.
Data collected on the User's website is stored for a period of time configurable by the User (not more than 30 days, depending on the parameters set by the User).
The User is prohibited from processing special, biometric and other sensitive personal data of its customers due to the fact that the Platform is not intended for their processing.
In case the User processes personal data of third parties, the User is solely responsible for compliance with the appropriate measures to protect personal data in accordance with the Law and other laws and bylaws, including in terms of obtaining appropriate permits, placing the necessary documents and information on the User's Website.
Administration is not authorized to provide legal advice to Users, however, recommends Users who process personal data to place on the site user agreement, privacy policy and add in the data collection form links to these documents and a special field that allows for explicit consent that the user has read and agrees with these rules.
The site created by the User uses cookies by default. If the User does not plan to use this function and work with personal data, he/she should independently disable the use of cookies that are not necessary for the functioning of the Platform in the site settings.
The main ways in which the Administration receives personal data of the User:
1) The User provides personal data directly (e.g. when registering or connecting and using third-party services integrated into the Platform); 2) Personal Data is collected automatically when the User browses or uses the Platform, for example through the use of cookies (more details in the Cookie Policy); 3) Personal data may be obtained from third parties and services integrated into the Platform and used by the User.
In order to use various services of the Platform, the User may be required to provide access to accounts of third-party service providers, including, among others, public file storage, instant messaging, social networks, etc. In this case, the Administration may receive additional personal data from third parties, including, but not limited to, gender, location, user avatar (userpic), etc. All information available through a third-party service provider is processed and stored in accordance with its user agreement and privacy policy.
The User may be asked for personal data and other information by third parties, for example, when it is necessary to make a payment, or to add additional functions using third-party services integrated with the Platform. The User voluntarily transfers personal data and other information. All personal data requested by third parties shall be processed and stored in accordance with the User Agreement and Privacy Policy of said third parties.
The Administration may transfer personal data within the group of companies for the purposes provided for in this Policy, as well as to suppliers who provide services on behalf of the Administration. For example, the Administration may engage third parties to provide support to Users, manage ads on third-party resources, send marketing and other messages on behalf of the Administration (as described in the User Agreement) or assist in data storage. These third parties are prohibited from using personal data of Users for advertising purposes.
The Administration may disclose personal data of the User within the framework of the law or for the protection of rights and interests, if such disclosure is necessary to comply with the law or prevent fraud. In particular, the Administration may disclose the User's personal data in response to official requests from public authorities or in case of receiving a complaint against the User in connection with the violation of the rights of third parties and/or the User Agreement on the grounds provided by law.
The Administration may share personal data with third parties in order to provide the User with targeted advertising, analyze and monitor its effectiveness. For example, the Administration may use an encrypted email address to customize advertising in the social network, so as not to show advertising to persons who are already Users of the Platform.
The Administration may share personal data with third-party vendors who provide services on behalf of the Administration on behalf of the Administration. For example, the Administration engages hosting and server hosting providers, content delivery networks (CDNs), data and cybersecurity providers, payment processors, web analytics providers, service providers for distributing and monitoring electronic communications, content providers, and legal and financial advisors.
In order to host and ensure the functioning of the Platform, the Administration uses the services of data processing center providers that are located in the territory of states that ensure an adequate level of protection of the rights of personal data subjects and with which agreements have been concluded to guarantee the security of personal data processed by them.
In order to provide Users with technical support services and processing of their requests, the Administration may entrust the processing (including collection, recording, accumulation, storage, depersonalization, blocking, deletion, viewing) of all personal data listed in this document, with which the Administration has concluded all necessary agreements that guarantee the security of processed personal data and respect for the rights of Users.
Processing and storage of the User's personal data is carried out legally for the duration of the existence of the User's Account, as well as for the periods established by the current Bulgarian legislation. In case of deletion of the Account, it is possible to retain part of the information to the extent necessary for the fulfillment of legal obligations, settlement of disputes, prevention of fraud and protection of the legitimate interests of the Administration.
In case of loss or disclosure of the User's personal data, the Administration shall notify the User of the fact of loss or disclosure of his personal data.
In order to ensure adequate protection of the User's personal data, the Administration:
1) Appoints the person responsible for the organization of personal data processing (Data Protection Officer); 2) Issue documents defining the Administration's policy on personal data processing, local acts on personal data processing issues, defining for each purpose of personal data processing the categories and list of processed personal data, categories of subjects whose personal data are processed, methods, terms of their processing and storage, the procedure of personal data destruction upon achievement of the purposes of their processing or upon occurrence of other legal grounds, as well as local acts establishing the procedures for processing of personal data, as well as local acts establishing the procedures for processing of personal data. 3) Applies legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions in relation to personal data, necessary to meet the requirements for personal data protection established by the Law; 4) Identifies threats to the security of personal data during their processing in personal data information systems; 5) Evaluates the effectiveness of measures taken to ensure personal data security prior to the commissioning of personal data information systems; 6) Conducts work on detection of facts of unauthorized access to personal data and taking measures, including detection, prevention and liquidation of consequences of computer attacks on information systems of personal data and response to computer incidents in them; 7) Restores personal data modified or destroyed due to unauthorized access to it; 8) Establishes rules of access to personal data processed in personal data information systems, as well as ensures registration and accounting of all actions performed with personal data in personal data information systems; 9) Exercise control over the measures taken to ensure personal data security and the level of protection of personal data information systems; 10) Internal control and (or) audit of compliance of personal data processing with the Law, regulatory legal acts adopted in accordance with it, personal data protection requirements, operator's policy on personal data processing, local acts of the operator; 11) Assesses the harm that may be caused to personal data subjects in case of violation of the Law, the correlation between the said harm and the measures taken by the operator to ensure the fulfillment of the obligations stipulated by the Law.
The administration organizes, including:
1) A system for continuous monitoring of detection of abnormal behavior of information systems with subsequent analysis for unauthorized access or common errors; 2) Providing a secure channel for accessing/processing personal data (HTTPS, TLS1.2+); 3) Introduction of two-factor authorization for both Administration employees and Users; 4) Annual audit of the information system, which is the control over the measures taken to ensure the security of personal data and the level of protection of the personal data information system; 5) A loosely coupled microservice architecture where each microservice processes only the personal data and the minimum necessary for its operation; 6) Storing sensitive data in encrypted form with changeable encryption key; 7) Implementation of a publicly available Bug Bounty vulnerability search program, where each User can report to the Administration about the vulnerabilities they have discovered.
The Administration shall detect facts of unauthorized access to personal data and take measures, including detection, prevention and elimination of consequences of computer attacks on information systems of personal data and response to computer incidents in them.
The Administration has adopted local acts on personal data security issues.
Employees of the Administration having access to personal data are familiarized with this Policy and local acts on personal data security issues.
The User can independently, by authorizing in the Personal Area, update, restrict the use or change the personal data he/she has provided.
In order to revoke personal data and delete the Account, the User should send a corresponding request to the e-mail address legal@auto-poster.online, in response to which the User will receive a letter with a link to the page in myAlpari, where he/she will have to confirm his/her intention to delete personal data and the Account.
The deadline for deletion of personal data is 30 days.
For technical reasons, the information may be deleted not immediately, but with a delay. In this case, the Administration blocks such personal data until their complete deletion from its databases, in connection with which such personal data become inaccessible and their use - impossible.
It should also be taken into account that it is possible to retain part of the information to the extent necessary to fulfill legal obligations, settle disputes, prevent fraud and protect the legitimate interests of the Administration.
Upon final deletion of the data and Account, all personal data and information will be deleted from the Administration's databases (upon expiration of the retention periods established by applicable law). Upon completion of this process, the User will no longer be able to use the Platform services, and the Account and all data will be deleted without the possibility of recovery.
In relation to the Administration, the User provides their personal data and keeps them up to date.
The User independently regulates relations with third parties with whom it interacts through its website regarding the data collected on the User's website and bears responsibility both to third parties and to regulatory authorities.
In accordance with applicable law, the User has the following rights in relation to the personal data processed by the Administration:
1) The right to receive information on the processing of Personal Data by the Administration; 2) The right of access to the processed Personal Data; 3) The right to receive from the Administration the Personal Data processed by it in a generally accepted machine-readable format (right to data portability); 4) The right to clarify and correct Personal Data; 5) The right to stop processing and delete Personal Data (the right to be “forgotten”); 6) The right to restrict processing of Personal Data; 7) The right to restrict decision-making based solely on automated processing of personal data (including the right to refuse profiling); 8) The right to receive information on the restriction or termination of processing of Personal Data at the initiative of the Administration; 9) The right to object to the processing of Personal Data.
To exercise the above rights, the User should contact the Administration, as described in the Contact Us section.
Also according to the applicable law, the user has the right to apply to the state body supervising the processing of Personal Data.
The administration is committed to:
1) Use personal data provided by the User exclusively for the purposes specified in this Privacy Policy; 2) Keep personal data confidential; do not disclose User's personal data without User's prior authorization, except as expressly permitted by law; do not sell, exchange, publish or disclose personal data by any other means, except as specified in this Privacy Policy; 3) Take measures to protect the confidentiality of the User's personal data in accordance with the Administration's internal procedures; 4) Immediately block the User's personal data after receiving a request from the User or his/her legal representative or the relevant authority for the protection of the User's personal data during the verification of this information in case of invalid data or unauthorized actions.
In accordance with applicable law, the Administration may request the User to confirm the existence of legal grounds in relation to the User's processing of personal data processed through the Platform.
The Administration has the right not to respond to the User's request in the following cases:
1) The request is not related to the User's personal data or is excessively repetitive; 2) The request is contrary to judicial procedures or investigations conducted by competent authorities; 3) The request has an adverse impact on the Administration's information security efforts; 4) The request concerns the confidentiality of personal data of third parties who are not Customers of the User; 5) The request conflicts with other legislation to which the Administration is subject.
The administration has the right to continue processing personal data without the Consent of personal data subjects in the following cases:
1) When processing is limited to the storage of personal data; 2) When processing is necessary to initiate or defend in any proceeding involving a claim of rights or legal action, or is related to legal proceedings; 3) If processing is necessary to protect the rights of third parties in accordance with applicable law; 4) When processing is necessary for reasons of protecting the public interest.
In case of failure to fulfill its obligations, the Administration assumes responsibility for any losses, but not more than the cost paid by the User under the current Tariff, incurred by the User as a result of unauthorized use of his personal data, in accordance with the laws of the UAE except in cases where personal data:
1) Were provided to the Bulgarian authorities; 2) Have been disclosed by a third party after they have been disclosed by the Administration with the User's consent; 3) Became public before they were leaked or disclosed; 4) Were obtained from a third party prior to providing them to the Administration; 5) Have been disclosed with the User's consent; 6) Were uncovered as a result of force majeure; 7) Have been disclosed as a result of a valid claim against the User for violation of third party rights and/or the User Agreement.
If you have any questions, comments or complaints about this Privacy Policy, please submit a request to our ticket system if you are an authorized User of the Platform.
In case you are not an authorized User of the Platform, contact us by sending an e-mail to legal@auto-poster.online - for legal issues and support@auto-poster.online - for issues related to the organization of processing and protection of personal data. A response will be sent within the time period established for consideration of appeals.
Current version of the Privacy Policy dated 05.12.2024