Privacy Notice

Information on the processing of personal data in regards to the SMEDATA project

This policy has been prepared in accordance with the requirements of Art. 13 and Art. 14 of the Regulation (EU) 2016/679 – General data protection regulation (GDPR) and aims to inform you about the activities on processing of personal data, the purposes for which the data are processed, the measures and guarantees for the protection of the data processed, your rights and the way you can exercise them in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (referred to as “Regulation 2016/679” or “GDPR”) and other applicable European Union and national laws of all the parties involved in the project.

In details the project ‘Ensuring the Highest Degree of Privacy and Personal Data Protection through Innovative Tools for SMEs and Citizens — SMEDATA’ is a project co-funded by the European Commission under the Rights, Equality and Citizenship 2014-2020 Programme of the European Union that has the overall objective to ensure the effective application of the General Data Protection Regulation through awareness, multiplying training and sustainable capacity building for SMEs and legal professionals.

The information below describes the processing of personal data of participants in SMEDATA events and users visiting the project website ( in compliance with the Regulation (EC) 2016/679.
The information here provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above websites but relate to resources outside the SMEDATA domain.

  2. The data controller is the project Consortium:

    • The Commission for Personal Data Protection of the Republic of Bulgaria (CPDP);
    • The Italian Data Protection Authority (Garante per la protezione dei dati personali, GPDP);
    • APIS Europe JSC;
    • The Union of Bulgarian Jurists (SUB);
    • The European Women Lawyers Association – Bulgaria (EWLA);
    • Ernst and Young Law Partnership (EY);
    • The Law Department of the “Roma Tre” University,

    led by the project Coordinator – the Commission for Personal Data Protection of the Republic of Bulgaria. As such, the Consortium has an obligation to inform you what to expect when processing your personal data.

    Project coordinator contact details:

    Commission for Personal Data Protection

    Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.

    Mobile: +359 876 563 690



    1. We collect and process personal data under contractual obligation (814763 – SMEDATA – REC-AG-2017/REC-RDAT-TRAI-AG-2017) with the European commission, and on legal basis under the Financial regulation applicable to the general budget of the Union in compliance with Article 6, par. 1, letters b) and c) of GDPR,
    2. The SMEDATA project is co-funded by the European Commission under Regulation (EU) no 1381/2013 of the European parliament and of the Council of 17 December 2013 establishing a Rights, Equality and Citizenship Programme for the period 2014 to 2020 (REC Programme) and is subject to the obligations set within the REC Programme, so is thereby processing personal data under legal obligation in compliance with Article 6, par. 1, letter c) of GDPR.
    3. We collect personal data from the users of the SMEDATA website on the basis of the user consent under Article 6 of Regulation (EU) 2016/679 – (GDPR) in order to provide entry to content and services provided from the website for the purpose of meeting the goals laid within the SMEDATA project in order to raise awareness and ensure the effective application of GDPR.
      Consent from the users of the website as well as the participants in the activities set in the project is also required for the dissemination of the project newsletters.
    4. The personal data collected shall be provided to all partners in the project Consortium and the European institutions concerned under contractual obligation in compliance with Article 6, par. 1, letter b) of GDPR.
  5. Personal data collected under the SMEDATA project will be stored for a period no longer than is needed for the completion of the project as well as for audit purposes provided in the Financial Regulation applicable to the general budget of the Union, European or national legislation and the European institutions. Data will be stored for up to 5 years after the end of the project (until the end of 2025).

    1. Data of participants in project events
    2. Registration for the events organized under the SMEDATA project, and the forwarding of the newsletters, requires the collection of a set amount of data from the participants, that may include, three names, place of employment, position within the organization and contacts (e-mail and/or phone number).

    3.  Data communicated by users
    4. Sending messages, on the basis of the user’s free, voluntary, explicit choice, to the CPDP contact addresses, filling in and sending the forms made available on this website entail the acquisition of the sender’s contact information – which is necessary to provide a reply – as well as of any and all the personal data communicated in that manner.

    5. Cookies and other tracking devices
    6. The SMEDATA website uses technically necessary cookies only. The total or partial disabling of these cookies can compromise the use of the site. The SMEDATA website uses the following cookies:

      • a cookie to store the language version of your choice by subsequent visits;
      • a test cookie to test the ability to create and store cookies, which is used by WordPress – the platform on which our site is built.

      You can control and manage the cookies in different ways by using your web browser. Please note that if you delete all cookies, the preferences that you have stored shall be deleted also. For more information how to change the settings of your browser in order to block or filter cookies, please visit:

    7. Mobile Application
    8. The Mobile application (“the App”) collects the following information:

      • The chosen language for the App
      • List of the bookmarked content
      • List of saved documents
      • Text of saved documents.

      This information is stored on your device and there is no option for it to be transferred to the App creators. Therefore, your data connected to the App usage is not processed by any of the partners in the SMEDATA Project.

      Please note that you need to provide permission for the App to access:

      • Your device’s Photos/Media/Files and Storage:
        • read the contents of your USB storage
        • modify or delete the contents of your USB storage.
      • Network information:
        • view network status and connections
        • have full network access.

      This permission is needed for saving the custom settings, downloading and accessing the content resources of the App that are stored online as well as using the Bookmarks and Saved documents features. This information is not send to anyone. Some of the data, such as IP address of your device, is stored on the database server from which the download of the documents is performed. The information is stored 7 days.

      Please note that this Privacy statement does not cover hyperlinks in the App that re-direct you to external sources (e.g. the hyperlinks in section Useful links).

    9. Social media
    10. We use social media platforms in order to promote the events, organised within the scope of the project and to popularise the project result. Each social media platform has own Privacy policy and processes your personal data on legal basis.


      When you visit the Facebook page of SMEDATA project, Facebook (Facebook Inc., 1601 Willow Road, Menlo Park, CA 94025, USA) recognises your profile and makes direct connection between your browser and your Facebook profile, and receives information about the visit of your IP Address. You can read Facebook’s Privacy Policy for more information ( We have an access to anonymised statistics on the actions that are being taken on our Facebook page, that we cannot link to a special profile in no way.


      When you visit the LinkedIn page of SMEDATA project, LinkedIn (LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA) recognises your profile and makes direct connection between your browser and your LinkedIn profile, and receives information about the visit of your IP Address. For more information you can read the Privacy Policy of LinkedIn (

  8. On the basis of legal requirements and under contractual obligation regarding SMEDATA project the personal data collected by the Consortium may be provided to the following entities:

    • European Commission (DG Justice and Consumers)
    • European anti-fraud officer (OLAF)
    • European Court of Auditors
  10. Data subjects have the right to obtain from the project Consortium, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them, and to object to the processing (pursuant to Articles 15 to 22 of the Regulation). Please contact one of the partners to lodge all requests to exercise these rights.

    a)  Right of access – Article 15 GDPR

    The right of access grants the data subject comprehensive insight into the data concerning them and into other important criteria, such as the purposes of the processing or the period for which the data shall be stored.

    b)  Right to rectification – Article 16 GDPR

    The right to rectification implies the possibility for the data subject to have inaccurate personal data concerning the subject rectified.

    c)  Right to erasure – Article 17 GDPR

    The right to erasure entails the possibility for the data subjects to have data erased at the controller. This is, however, only possible if the data concerning them are no longer necessary, if they have been unlawfully processed, or a corresponding consent has been withdrawn.

    d)  Right to restriction of processing – Article 18 GDPR

    The right to restriction of processing includes the possibility for the data subject to prevent for the time being any further processing of personal data concerning them. A restriction mainly occurs at the stage of examining other exercises of rights by the data subject.

    e)  Right to data portability – Article 20 GDPR

    The right to data portability implies the right for the data subject to receive from the controller the personal data concerning them in a commonly used, machine-readable format in order to have them, if necessary, transferred to another controller. In accordance with Art. 20 para. 3 sentence 2 of the GDPR, that right is not available if the data processing serves the purpose of performing public tasks.

    f)  Right to object – Article 21 GDPR

    The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data as far as this processing is justified by the performance of public tasks or of public and private interests.

  12. If a data subject considers that the processing of personal data relating to them infringes the Regulation, they have the right to lodge a complaint with the each of the partners (CPDP, GPDP, APIS Europe, SUB, EWLA, EY, “ROMA TRE” University) pursuant to Article 77 of the Regulation.


We may change this privacy policy. In that case, the “last updated” date at the bottom of this page will also change. Any changes to this privacy policy will apply to you and your data immediately.

Last update: 07.02.2020

The content of this website represents the views of the partners of the SMEDATA project and is their sole responsibility. The European Commission does not accept any responsibility for use that may be made of the information it contains.

eu flagThis project is funded by the Rights, Equality and Citizenship Programme of the European Union