Without our users’ data, ClaimCompass Ltd. would not be able to function. That’s why we take the privacy of our users’ data very seriously and we have set a privacy protection policy in place that is robust, secure, and is in compliance with all applicable regulations. Below you will find more information on the types of data we collect and how we use it.
ClaimCompass Ltd. is incorporated in the European Union and registered with the Bulgarian Commercial Registry under the unique identifying number 203643295. ClaimCompass is also an authorised and registered data controller and administrator under the Commission on the Protection of Personal Data with a registration number 417505.
Legal basis for processing your personal data
We are processing your personal data based on the following grounds:
- a contractual relationship
- with your explicit consent
- based on obligations by law
- to protect our legal interests
The following paragraphs contain detailed information on the ways we process your personal data based on these grounds.
For the execution of a contract or in the context of pre-contractual relations:
We process your personal data in order to fulfill our contractual and pre-contractual obligations to you.
Objectives of the personal data processing:
- identification purposes
- managing and execution of a query of yours, and fulfillment of a contract
- transferring compensation to your bank account once a compensation is received
- providing customer service and support
- storing details of an order you made or an issue you reported
- in order to notify you of updates on your case in relation to the services we’re providing to you
- establishing and preventing unlawful actions or actions in contradiction to our Terms and Conditions.
Data we process based on these grounds:
Based on the contract concluded between ClaimCompass Ltd.and you, we process data about the type and content of the contractual relationship including:
- Personal contact details: address, e-mail, phone number
- Identification data: full name, identification number or passport number
- Claim processing data: flight number, date of flight, the circumstances around the delay/cancellation of the flight, booking number, ticket number, copy of the booking reference, e-ticket, boarding pass, luggage tag, copies of government-issued IDs in the event they are requested by any institution
- Correspondence in relation to the provided service: e-mails, letters, information on your personal queries, claims, requests, complaints, or feedback that we receive from you
- Credit or debit card information, bank account number or any other banking or payment information in relation to paying the compensation
- Client number, code or identifier created for the purpose of identification
- IP address used to visit our page
- Information about your actions and user activity on our webpage
The processing of the above-listed data is necessary in order to enter into a contract with you and to fulfill it. Without providing the aforementioned data, we wouldn’t be able to perform our contractual obligations.
Providing personal data to third-parties:
We are providing your personal data to third-parties with the main objective to provide quality and efficient service. We are not sharing your personal data to third-parties before we are sure that all technical and organisational measures have been taken in order to protect your data. We are striving to exercise strict control over the execution of this objective and we remain responsible for the confidentiality and safety of your personal data.
We are providing personal data to the following types of recipients (administrators of personal data):
- mail operators and courier companies
- companies responsible for supporting equipment, software and hardware used when processing your personal data
- individuals and companies providing consulting services in various areas including accounting and legal services
Deletion of the data that’s collected based on this objective:
The personal data we collect based on a contractual ground is deleted 5 years after the termination of the contract regardless of the termination reason (expiration of the contract, revocation or for other reasons).
In the event that you contacted our Customer Support representatives and did not end up entering into a contract with ClaimCompass, your personal data will be deleted within 6 months of the inquiry.
Fulfilment of statutory obligations
It is possible that the law requires ClaimCompass to process your personal data. Some of these obligations arise from:
- Laws regarding measures against money laundering
- Consumer protection laws
- Personal data protection laws
- Taxation and accounting laws
- Obligations related to providing information to courts or third-parties during court proceedings
Deletion of data collected on these grounds:
The data that we collect based on an obligation by law is deleted when the obligation for collecting and storage is fulfilled or dropped. For example:
- Bulgarian national provisions for storing and processing accounting documents (such as receipts or invoices) require such documents to be saved for a period of 11 years
- Some courts and national authorities may require such data to be shared up to 5 years after it is collected..
If required by law, we can share your personal data with international and local authorities, courts,and other third-parties.
After giving your consent
We process your personal data on these grounds only after an explicit, unambiguous, and voluntary consent on your part. We will prevent any unfavorable consequences to you in the event you decline the personal data processing.
The consent is a separate permission to process your personal data and the purpose of the processing is specified therein, and it is not covered by the aims listed in this policy. If you provide the respective consent and until its withdrawal or until the termination of any and all contractual relationships with you, we prepare product/service offers which are appropriate for you.
Data we process on these grounds:
On these grounds, we process only the data for which you have given your explicit consent to ClaimCompass. The particular data are specified for every individual case. The data usually consists of an e-mail address and a name.
Provision of data to third-parties:
For marketing purposes, ClaimCompass may provide your personal data to Facebook, Google, or other similar entities.
In connection with the technical securing of our advertising activity, ClaimCompass may provide the data to Microsoft, Mailchimp, Typeform, Unbounce, SendGrid, or other providers of similar services.
The granted consents may be withdrawn at any time. The consent withdrawal has no impact on the fulfillment of contractual obligations. If you withdraw your consent for the personal data processing for any or all ways described above, ClaimCompass will not use your personal data and information for the purposes set out above. The consent withdrawal does not affect the lawfulness of the processing based on a granted consent prior to its withdrawal. In order to withdraw the granted consent, you only need to use our website or simply use our contact information.
When is the data collected deleted on these grounds:
We delete the data collected on these grounds upon a request from youor when 12 months have elapsed from the initial collection of the data. Prior to the expiration of the 12-month period, ClaimCompass will send you information regarding the forthcoming deletion and give you the opportunity to provide your consent for 12 more months. If you decline or do not express an explicit consent, ClaimCompass will delete your data and no longer send messages to you.
Anonymised data processing
ClaimCompass processes user data for statistical purposes, which means for analyses for which the results are only summarised and, as a consequence, the data are anonymous.
The identification of a specific person of such information is impossible.
Your data may also be anonymised. The anonymisation represents an alternative to the deletion of the data. In the event of anonymisation, all personal and identifiable element(s) enabling user identification will be irreversibly deleted. There is no normative obligation for the deletion of anonymised data since they do not represent personal data.
How personal data is protected
For the purpose of ensuring adequate protection of the data of the company and of our clients, ClaimCompass implements all necessary organisational and technical measures set out by the Law for Protection of Personal Data.
The company has set rules for prevention of misuse and security breaches and has designated a Data Protection Officer who supports the processes of protection and ensures the security of your data.
For the purpose of maximum security while processing, transmission, and storage of data, ClaimCompass may use additional protection mechanisms, such as encryption, pseudonymisation, and others.
Every website user enjoys all personal data protection rights as per the Bulgarian Legislation and the laws of the European Union.
The user may exercise their rights through the contact form or by way of sending a message by e-mail to ClaimCompass.
Every user has the right to:
- information (in connection with the processing of their personal data by the controller)
- access to the user’s own personal data
- correction (if the data are incorrect)
- deletion of personal data (right “to be forgotten”)
- restriction of the processing by the controller or the personal data processor
- portability of the personal data between the separate controllers
- objection to the processing of their personal data
- the data subject also has the right not to be subject to a decision based solely on automated processing including profiling and which leads to legal consequences for the data subject or which affects it to a significant degree in a similar way
- right to protection either judicially or administratively, in the event the rights of the data subject have been infringed upon
The user may request deletion if one of the following conditions is met:
- the personal data are no longer needed for the purposes for which they have been collected or processed
- the user withdraws consent on which the data processing is based, and there is no other legal reason for the processing
- the user objects to the processing and there are no overriding legal grounds for the processing
- the personal data have been processed unlawfully
- the personal data are to be deleted for the purpose of compliance with a legal obligation as per the Union law or the law of a member state which applies with respect to the controller
- the personal data have been collected in connection with the provision of services to the information society to children, and the consent was given by the holder of parental responsibility for the child
The user has the right to restrict the processing of its personal data by the controller when:
- it contests the accuracy of the personal data. In this case, the limitation of the processing is for a period enabling the controller to verify the accuracy of the personal data.
- the processing is unlawful but the User does not want the personal data to be erased, but requests a restriction of the use of the data instead
- the controller no longer needs the personal data for the purposes of processing but the user requires the data for the establishment, exercise or defence of legal claims
- it objects to the processing pending the verification whether the legal grounds of the controller override the interests of the user
Right to portability
The data subject is entitled to receive the personal data which concern them and which they have provided to the controller in a structured, commonly used and machine-readable format, and has the right to transfer these data to another controller,without hindrance from the controller to whom the personal data were provided when the processing is based on consent or on a contractual obligation, and the processing is carried out in an automated manner. When exercising the right to portability, the data subject is entitled to receive a direct transfer of the personal data from one controller to another when this is technically feasible.
Right to objection
The users have the right to object to the processing of their personal data by the controller. The data controller is obliged to terminate the processing unless compelling legal grounds for the processing exists and is proven, and which override the interests, rights, and freedoms of the data subject, or for the purpose of establishment, exercise, or defence of legal claims. In the event thef objection to the processing of personal data for the purposes of direct marketing, the processing shall be terminated immediately.
Complaint to the supervising authority
Every user has the right to lodge a complaint against unlawful processing of their personal data with the Commission for Personal Data Protection or with the competent court.
ClaimCompass maintains a register of the processing activities for which they are responsible. This register contains the entire information as set out below:
- the name and contact details of the controller
- the purposes of the processing
- description of categories of data subjects and of the categories of personal data
- the categories of recipients to whom the personal data are or will be disclosed
- the identity of recipients in third countries or international organizations
- when possible, established deadlines for deletion of the different data categories
- when possible, a general description of the technical and organisational security measures