1. General information

This information is provided to inform visitors and users of the website about the types, scope, and purposes of personal data processing when accessing the site or using its services. We also explain the rights individuals have regarding the processing of their data. You can visit the website without us collecting any personal data. However, to access certain services on the site, processing personal data may be necessary. This processing is carried out in accordance with legal authorization, in line with the General Data Protection Regulation (EU) 2016/679.

2. Owner of the Application

The owner of the CMRhub application, registered in the territory of the Republic of Bulgaria (“Owner”), is Infosystems International JSC – UIC 203773538, with its headquarters at g.k. Druzhba 2, Boulevard “Professor Tsvetan Lazarov” 105А, fl. 3, 1582 Sofia, tel .: +359 2 967 67 99

3. Administrator and Processor of Personal Data

For the purposes of providing the CMRhub services, the administrator and the processor of personal data (“Administrator”) is the owner of the application – Infosystems International JSC – UIC 203773538, Headquarters address: g.k. Druzhba 2, Boulevard “Professor Tsvetan Lazarov” 105А, fl. 3, 1582 Sofia, tel .: +359 2 967 67 99

4. Data Collection and Information

When using CMRhub’s services, general data and information are collected and stored in log files on our server. This includes details such as the browser type and version, the operating system used to access the website, the referring website, the pages accessed, the date and time of access, the IP address, the Internet service provider, and other similar data that helps protect our IT systems. No personal conclusions are drawn from this data. It is primarily used to ensure that the website’s content is displayed correctly. All data is collected anonymously and stored in compliance with applicable data protection laws.

4.1. Registration

Visitors and users have the option to register on the website. The type, scope, and content of the data collected during registration are determined by the registration form. Any data collected is used solely for our purposes, specifically to carry out operations initiated by the visitor.

When registering, we store the IP address, along with the date and time of registration. This is done to prevent misuse of our services and to take appropriate action if necessary. Generally, the data is not shared with third parties. However, data may be disclosed if required by law or for criminal prosecution purposes.

Users can modify or update the data collected during registration at any time. Data can also be deleted upon request.

Registered users have the right to request information about the data stored about them at any time. Additionally, they can request corrections or deletions of their data. If the data must be retained due to legal requirements, it will be blocked until the retention period expires. During this period, no further processing will occur, and the data will only be accessible for the specific legal purpose for which it must be retained.

4.2. Contact via the Website

Visitors and users have the option to contact us through the website. When you use our contact form or reach out via email, the personal data you provide is automatically stored. The data is processed solely for the purpose of handling the contact request and is generally not shared with third parties unless sharing is necessary to process the inquiry.

4.3. Routine Deletion and Blocking of Personal Data

Personal data is stored only for as long as necessary to fulfill the purpose of processing or as required by law.

Once the purpose has been achieved or the legal retention period has expired, the personal data is routinely deleted in accordance with the legal regulations. If the intended purpose of the processing has been fulfilled but the data cannot yet be deleted due to legal requirements, it will be blocked instead.

5. Right to Access and Correction

Individuals whose data is being processed have the legal right to request information, correction, and deletion of their personal data. These rights can be exercised at any time by submitting a request via our contact form or by sending an email to info@cmrhub.bg.

5.1. Right to Erasure

If an erasure request is made, personal data must be deleted immediately if any of the following apply:

• The data was collected or processed for purposes that are no longer necessary.
• The data was collected based solely on the individual’s consent, which has since been withdrawn.
• The individual has objected to processing under Article 21 of the GDPR, and there are no overriding legitimate grounds for continuing the processing.
• The personal data was processed illegally.
• Deletion is required by law.

If the data in question has been made public, appropriate measures will be taken to inform third parties who are processing the data about the deletion request, in accordance with Article 17(1) of the GDPR.

5.2. Right to Restrict Processing

The data subject has the legal right to request the restriction of processing if:

• The individual disputes the accuracy of personal data.
• The individual has objected to processing under Article 21(1) of the GDPR.

In these cases, processing must be restricted for the necessary period to verify the accuracy of the data or to determine whether there are valid reasons for continuing the processing that outweigh the individual’s interests. Processing should also be restricted if the data is no longer necessary for the purpose it was originally collected, but it must still be retained for legal claims.

5.3. Right to Object

Data subjects have the legal right to object to the processing of their data at any time.

If an objection is raised, the data will no longer be processed unless there are demonstrable, valid legitimate reasons for continuing the processing that outweighs the rights, interests, and freedoms of the individual, or if the processing is necessary for the establishment, exercise, or defense of legal claims.

In the case of objections to processing for marketing purposes, the objection will generally take precedence. The data will no longer be used for these purposes.

5.4. Right to Withdraw Consent

Individuals have the right to withdraw their consent for data processing at any time.

6. Collection and Storage of Personal Data, and Their Purpose

Съхраняваме вашите лични данни само толкова дълго, колкото е необходимо за изпълнение на целите, за които са били предоставени, или както се изисква от закона. След като целта бъде постигната и/или законовият срок за съхранение изтече, ние ще изтрием или блокираме данните.

6.1. When Visiting the Website

When you visit our website, the browser on your device automatically sends certain information to the server of our site. This information is temporarily stored in a log file. The following data is collected without your input and stored until it is automatically deleted:

• IP address
• Date and time of access

This data is processed for the following purposes:

• Evaluating system security and stability
• Error analysis
• Other administrative purposes

Data that allows identification, such as your IP address, is deleted after a short period of time. If we retain the data beyond this period, it is anonymized so that it can no longer be linked to you.

The legal basis for processing this data is Article 6(1) of the GDPR. Our legitimate interest lies in the purposes listed above. Under no circumstances do we use this data to draw conclusions about your identity.

6.2. Contact Form / Email Contact

We offer a contact form on our website, allowing you to reach out to us at any time. To use the contact form, you must provide a name and a valid email address (so we know who the request is from and can respond accordingly).

When you submit inquiries via the contact form, the information provided, including your contact details and IP address, will be processed under Articles 6(1)(b) and (f) of the GDPR.

Alternatively, you are welcome to contact us via email using the address provided on our website. In this case, we will store and process your email address and the content of your message according to Articles 6(1)(b) and (f) of the GDPR, in order to respond to your inquiry.

Inquiries and related data will be deleted shortly after unless further retention is required for an ongoing contractual relationship.

7. Transfer of Personal Data

The transfer of personal data also falls under the definition of processing. However, we would like to specifically address the issue of sharing data with third parties. Protecting your data is extremely important to us, and we are very careful when it comes to sharing your information with others.
We only share personal data with third parties when there is a legal basis for doing so. For example, we may share data with individuals or companies who work with us as data processors under Article 28 of the GDPR. A processor is anyone who processes personal data on our behalf, typically within a relationship where we provide instructions and oversight.
In line with GDPR requirements, we get into contracts with all our processors, ensuring they comply with data protection regulations to safeguard your data.

8. Storage Period and Deletion

We only store your personal data for as long as necessary to fulfill the purposes for which it was provided, or as required by law. Once the purpose has been achieved and/or the legal retention period has expired, we will delete or block the data.

9. SSL Encryption

This website uses SSL encryption for security purposes to protect the transmission of confidential information, such as the requests you send to us as the website operator. You can identify an encrypted connection by the address bar changing from “http://” to “https://” and by the lock icon that appears in the address bar in your browser.

When SSL encryption is enabled, any data you send to us cannot be accessed by third parties.

10. Use of Analytics Tools, Tracking Tools, and Other Services

The website may use components from various third-party providers to collect and analyze information about visitors and their browsing behavior, sometimes in real-time. These interactions are statistically recorded and processed to gain insights into the online activities of website visitors and users.

The purpose of using these components is to optimize marketing efforts for the online services offered, enhancing the effectiveness of advertising on the website. Additionally, these tools help identify and address technical or other types of issues.

These components are software solutions from third-party companies. If such components are used, the type, content, scope, and purpose of the data processing will be explained in detail below.

The components use various types of cookies. These are also explained below. Cookies can be prevented from being set in the settings in the Internet browser. This prevents personal data from being collected by the components used. In addition, the visitor must consent to the use of cookies via the settings in the cookie banner. Details of this are shown above under “Cookies”.

In addition, provider companies often provide an option to centrally object to the collection of data by their components. If this is possible, this is also explained below.

10.1. Analytics and Tracking Tools

We use the analytics and tracking tools listed below on our website to continuously optimize and tailor it to meet user needs.

These activities are considered legitimate interests under Article 6(1)(f) of the GDPR. The specific purposes of data processing and the relevant data categories can be found in the details of each tool.

a) Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; hereafter referred to as “Google”).

Google Analytics uses cookies to collect data. The information generated by these cookies about your use of the website includes:

• Browser name and version
• Operating system of your device
• The website you came from (referrer URL)
• IP address of the device requesting access
• Time of the server request

This information is typically transferred to a Google server in the USA and stored there.

On our behalf, Google uses this information to analyze your use of our website, generate reports on website activity, and provide us with additional services related to website performance and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be combined with other data from Google.

You can prevent cookies from being stored by adjusting your browser settings. However, please note that this may limit your ability to use all features of our website to their full extent.

b) Google Remarketing

We use Google Analytics’ remarketing feature to target advertising campaigns, including Google Ads campaigns, to visitors to our website.

Based on your previous visits to our site, you may see relevant ads when you browse other websites within the Google Display Network. The DoubleClick cookie enables Google to show us and other third parties targeted ads based on the interests gathered from your past visits to our site and/or other websites. These ads may appear on Google’s own sites or other sites within the Google advertising network. Additionally, we use Google Analytics advertising features to assess the effectiveness of our advertising campaigns.

You can adjust your Google ad settings and opt out of interest-based ads. In this case, the cookie ID from the DoubleClick cookie (which is unique for each cookie) will be overwritten and can no longer be linked to a specific browser.

If you delete all cookies from your device, a new DoubleClick cookie may be placed. If that happens, you may need to reset your opt-out preferences. You can opt out of third-party cookies used for online advertising via the following website: https://www.youronlinechoices.com/.

If you’ve agreed in your Google account to link your web and app browsing history with your Google account and use that information for personalized ads, Google will combine your data with Google Analytics data to create target audience lists for cross-device remarketing. To do this, Google Analytics first records Google-authenticated IDs linked to your Google account while you’re on our website. It then temporarily associates these IDs with Google Analytics data to optimize our target audience.

For more information on Google’s data protection practices, click here: https://support.google.com/analytics/answer/6004245

c) Google Ads

We use Google Ads, formerly known as Google AdWords, an online advertising platform from Google LLC, on our website, including its conversion tracking feature.

With this tool, Google Ads places a cookie on your device when you visit our site after clicking on a Google ad. This cookie is valid for 30 days and is not used for personal tracking. If you visit our website while the cookie is still active, both we and Google can see that you clicked on the ad and were redirected to our site. Each Google Ads customer is assigned a unique cookie, and these cookies cannot be tracked across different Google Ads customers’ websites.

The data collected through conversion cookies is used to generate conversion statistics for Google Ads customers. As Google Ads clients, we can see the total number of users who clicked on our ad and were redirected to a website with a conversion tracking tag. However, we do not receive any information that could personally identify you.

If you wish to opt out of the tracking process, you can disable the Google conversion tracking cookie through your internet browser settings. For further assistance, you can refer to your browser’s help function. You can also read more about Google’s privacy policy here: https://policies.google.com/privacy.

10.2 Cookies

More information about cookies can be found on the “Cookies” page.

11. CMRhub App

The CMRhub App’s main purpose is to collect and share transport-related data, including location and time-sensitive information, between the driver, consignor, consignee, and other stakeholders in the logistics chain.

During transport, the driver’s app continuously shares location data with the carrier and consignee company, even when the driver isn’t actively using the app. Permission to collect and share location data is requested explicitly before using the app. Users are notified about location tracking through a notification.

App users can opt out of location tracking at any time. All location data is stored within the context of the provided services and is only accessible to accounts with access to those services. This data is not reused or shared with third parties for any other purpose.

12. System Logs and Maintenance

For operation and maintenance purposes, CRMhub and all third-party services may collect files that record interaction with this application (system logs).

13. Renewal

We periodically revise and update this declaration to ensure it remains clear, accurate, and transparent, reflecting any changes that may have occurred.

Last updated: January 2025.

14. Information on the Competent Supervisory Authority

If you believe that our processing of your data violates the provisions on personal data protection or that your rights under these provisions have been violated in any way, you can contact the competent administrative authority. In the Republic of Bulgaria, this is the Commission for Personal Data Protection.

15. Information not Contained in This Policy

The collection and processing of personal data complies with the provisions of Regulation (EU) 2016/679, as well as the legislation of the Republic of Bulgaria in the field of personal data protection.

Title: Commission for Personal Data Protection

Headquarters and address of management: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov” № 2

Correspondence data: Sofia 1592, Blvd. “Prof. Tsvetan Lazarov” № 2

Phone: +359 2 915 3 518

Email: kzld@government.bg, kzld@cpdp.bg

Website: www.cpdp.bg.